workers.securityworker: small fixes
This change adjusts our batch size to coerce to integer after all floating point math in order to get a more accurate end result. In addition, we handle the scenario when there are no longer any images in the database to be scanned when finding the min id.
This commit is contained in:
Jimmy Zelinskie
parent
123d003d4e
commit
c6f6204630
1 changed files with 35 additions and 16 deletions
|
|
@ -1,7 +1,7 @@
|
|||
import logging.config
|
||||
import time
|
||||
|
||||
from math import floor, log10
|
||||
from math import log10
|
||||
|
||||
import features
|
||||
|
||||
|
|
@ -29,19 +29,16 @@ class SecurityWorker(Worker):
|
|||
def __init__(self):
|
||||
super(SecurityWorker, self).__init__()
|
||||
validator = SecurityConfigValidator(app.config)
|
||||
if validator.valid():
|
||||
self._target_version = app.config.get('SECURITY_SCANNER_ENGINE_VERSION_TARGET', 3)
|
||||
self._analyzer = LayerAnalyzer(app.config, secscan_api)
|
||||
|
||||
# Get the ID of the first image we want to analyze.
|
||||
self._min_id = app.config.get('SECURITY_SCANNER_INDEXING_MIN_ID')
|
||||
if self._min_id is None:
|
||||
self._min_id = get_min_id_for_sec_scan(self._target_version)
|
||||
|
||||
interval = app.config.get('SECURITY_SCANNER_INDEXING_INTERVAL', DEFAULT_INDEXING_INTERVAL)
|
||||
self.add_operation(self._index_images, interval)
|
||||
else:
|
||||
if not validator.valid():
|
||||
logger.warning('Failed to validate security scan configuration')
|
||||
return
|
||||
|
||||
self._target_version = app.config.get('SECURITY_SCANNER_ENGINE_VERSION_TARGET', 3)
|
||||
self._analyzer = LayerAnalyzer(app.config, secscan_api)
|
||||
self._min_id = None
|
||||
|
||||
interval = app.config.get('SECURITY_SCANNER_INDEXING_INTERVAL', DEFAULT_INDEXING_INTERVAL)
|
||||
self.add_operation(self._index_images, interval)
|
||||
|
||||
def _index_images(self):
|
||||
def batch_query():
|
||||
|
|
@ -53,10 +50,14 @@ class SecurityWorker(Worker):
|
|||
if max_id is None:
|
||||
return
|
||||
|
||||
if self.min_id is None or self.min_id > max_id:
|
||||
logger.info('Could not find any available images for scanning.')
|
||||
return
|
||||
|
||||
max_unscanned_images_gauge.Set(max_id)
|
||||
|
||||
# 4^log10(total) gives us a scalable batch size into the billions.
|
||||
batch_size = 4 ** int(floor(log10(max(10, max_id - self._min_id))))
|
||||
batch_size = int(4 ** log10(max(10, max_id - self.min_id)))
|
||||
|
||||
with UseThenDisconnect(app.config):
|
||||
to_scan_generator = yield_random_entries(
|
||||
|
|
@ -64,7 +65,7 @@ class SecurityWorker(Worker):
|
|||
get_image_pk_field(),
|
||||
batch_size,
|
||||
max_id,
|
||||
self._min_id,
|
||||
self.min_id,
|
||||
)
|
||||
for candidate, abt, num_remaining in to_scan_generator:
|
||||
try:
|
||||
|
|
@ -77,7 +78,25 @@ class SecurityWorker(Worker):
|
|||
|
||||
# If we reach this point, we analyzed every images up to max_id, next time the worker runs,
|
||||
# we want to start from the next image.
|
||||
self._min_id = max_id + 1
|
||||
self.min_id = max_id + 1
|
||||
|
||||
|
||||
@property
|
||||
def min_id(self):
|
||||
""" If it hasn't already been determined, finds the ID of the first image to be analyzed.
|
||||
First checks the config, then the database, and returns None if there are no images
|
||||
available for scanning.
|
||||
"""
|
||||
if self._min_id is None:
|
||||
self._min_id = app.config.get('SECURITY_SCANNER_INDEXING_MIN_ID')
|
||||
if self._min_id is None:
|
||||
self._min_id = get_min_id_for_sec_scan(self._target_version)
|
||||
return self._min_id
|
||||
|
||||
@min_id.setter
|
||||
def min_id(self, new_min_id):
|
||||
self._min_id = new_min_id
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
app.register_blueprint(v2_bp, url_prefix='/v2')
|
||||
|
|
|
|||
Reference in a new issue