Merge pull request #3297 from quay/joseph.schorr/QUAY-1241/secscan-v22-fix
Fix loading of security scan results for OCI-style manifests
This commit is contained in:
commit
cbe151c21d
1 changed files with 22 additions and 5 deletions
|
@ -8,9 +8,9 @@ from urlparse import urljoin
|
||||||
import requests
|
import requests
|
||||||
|
|
||||||
from data import model
|
from data import model
|
||||||
from data.database import CloseForLongOperation, TagManifest, Image
|
from data.database import CloseForLongOperation, TagManifest, Image, Manifest, ManifestLegacyImage
|
||||||
from data.model.storage import get_storage_locations
|
from data.model.storage import get_storage_locations
|
||||||
from data.registry_model.datatypes import Manifest, LegacyImage
|
from data.registry_model.datatypes import Manifest as ManifestDataType, LegacyImage
|
||||||
from util.abchelpers import nooper
|
from util.abchelpers import nooper
|
||||||
from util.failover import failover, FailoverException
|
from util.failover import failover, FailoverException
|
||||||
from util.secscan.validator import SecurityConfigValidator
|
from util.secscan.validator import SecurityConfigValidator
|
||||||
|
@ -63,8 +63,15 @@ _API_METHOD_PING = 'metrics'
|
||||||
def compute_layer_id(layer):
|
def compute_layer_id(layer):
|
||||||
""" Returns the ID for the layer in the security scanner. """
|
""" Returns the ID for the layer in the security scanner. """
|
||||||
# NOTE: this is temporary until we switch to Clair V3.
|
# NOTE: this is temporary until we switch to Clair V3.
|
||||||
if isinstance(layer, Manifest):
|
if isinstance(layer, ManifestDataType):
|
||||||
layer = TagManifest.get(id=layer._db_id).tag.image
|
if layer._is_tag_manifest:
|
||||||
|
layer = TagManifest.get(id=layer._db_id).tag.image
|
||||||
|
else:
|
||||||
|
manifest = Manifest.get(id=layer._db_id)
|
||||||
|
try:
|
||||||
|
layer = ManifestLegacyImage.get(manifest=manifest).image
|
||||||
|
except ManifestLegacyImage.DoesNotExist:
|
||||||
|
return None
|
||||||
elif isinstance(layer, LegacyImage):
|
elif isinstance(layer, LegacyImage):
|
||||||
layer = Image.get(id=layer._db_id)
|
layer = Image.get(id=layer._db_id)
|
||||||
|
|
||||||
|
@ -211,12 +218,16 @@ class ImplementedSecurityScannerAPI(SecurityScannerAPIInterface):
|
||||||
""" Create the request body to submit the given layer for analysis. If the layer's URL cannot
|
""" Create the request body to submit the given layer for analysis. If the layer's URL cannot
|
||||||
be found, returns None.
|
be found, returns None.
|
||||||
"""
|
"""
|
||||||
|
layer_id = compute_layer_id(layer)
|
||||||
|
if layer_id is None:
|
||||||
|
return None
|
||||||
|
|
||||||
url, auth_header = self._get_image_url_and_auth(layer)
|
url, auth_header = self._get_image_url_and_auth(layer)
|
||||||
if url is None:
|
if url is None:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
layer_request = {
|
layer_request = {
|
||||||
'Name': compute_layer_id(layer),
|
'Name': layer_id,
|
||||||
'Path': url,
|
'Path': url,
|
||||||
'Format': 'Docker',
|
'Format': 'Docker',
|
||||||
}
|
}
|
||||||
|
@ -265,6 +276,9 @@ class ImplementedSecurityScannerAPI(SecurityScannerAPIInterface):
|
||||||
its database.
|
its database.
|
||||||
"""
|
"""
|
||||||
layer_id = compute_layer_id(layer)
|
layer_id = compute_layer_id(layer)
|
||||||
|
if layer_id is None:
|
||||||
|
return None
|
||||||
|
|
||||||
try:
|
try:
|
||||||
self._call('DELETE', _API_METHOD_DELETE_LAYER % layer_id)
|
self._call('DELETE', _API_METHOD_DELETE_LAYER % layer_id)
|
||||||
return True
|
return True
|
||||||
|
@ -381,6 +395,9 @@ class ImplementedSecurityScannerAPI(SecurityScannerAPIInterface):
|
||||||
def get_layer_data(self, layer, include_features=False, include_vulnerabilities=False):
|
def get_layer_data(self, layer, include_features=False, include_vulnerabilities=False):
|
||||||
""" Returns the layer data for the specified layer. On error, returns None. """
|
""" Returns the layer data for the specified layer. On error, returns None. """
|
||||||
layer_id = compute_layer_id(layer)
|
layer_id = compute_layer_id(layer)
|
||||||
|
if layer_id is None:
|
||||||
|
return None
|
||||||
|
|
||||||
return self._get_layer_data(layer_id, include_features, include_vulnerabilities)
|
return self._get_layer_data(layer_id, include_features, include_vulnerabilities)
|
||||||
|
|
||||||
def _get_layer_data(self, layer_id, include_features=False, include_vulnerabilities=False):
|
def _get_layer_data(self, layer_id, include_features=False, include_vulnerabilities=False):
|
||||||
|
|
Reference in a new issue