Ejemplo n.º 1
0
    def scan(self):
        if (not self.args.images and not self.args.containers and not self.args.all) and len(self.args.scan_targets) == 0:
            sys.stderr.write("\nYou must provide a list of containers or images to scan\n")
            sys.exit(1)
        self.ping()
        BUS_NAME = "org.OpenSCAP.daemon"
        OBJECT_PATH = "/OpenSCAP/daemon"
        INTERFACE = "org.OpenSCAP.daemon.Interface"
        input_resolve = {}
        if self.args.images:
            scan_list = self._get_all_image_ids()
        elif self.args.containers:
            scan_list = self._get_all_container_ids()
        elif self.args.all:
            cids = self._get_all_container_ids()
            iids = self._get_all_image_ids()
            scan_list = cids + iids
        else:
            scan_list = []
            for scan_input in self.args.scan_targets:
                docker_id = self.get_input_id(scan_input)
                input_resolve[docker_id] = scan_input
                scan_list.append(docker_id)
        util.writeOut("\nScanning...\n")
        bus = dbus.SystemBus()
        try:
            oscap_d = bus.get_object(BUS_NAME, OBJECT_PATH)
            oscap_i = dbus.Interface(oscap_d, INTERFACE)
            # Check if the user has asked to override the behaviour of fetching the
            # latest CVE input data, as defined in the openscap-daemon conf file
            # oscap-daemon a byte of 0 (False), 1 (True), and 2 (no change)

            if self.args.fetch_cves is None:
                fetch = 2
            elif self.args.fetch_cves:
                fetch = 1
            else:
                fetch = 0
            scan_return = json.loads(oscap_i.scan_list(scan_list, 4, fetch, timeout=99999))

        except dbus.exceptions.DBusException as e:
            message = "The openscap-daemon returned: {0}".format(e.get_dbus_message())
            if e.get_dbus_name() == 'org.freedesktop.DBus.Error.ServiceUnknown':
                message = "Unable to find the openscap-daemon dbus service. "\
                          "Either start the openscap-daemon service or pull " \
                          "and run the openscap-daemon image"
            sys.stderr.write("\n{0}\n\n".format(message))
            sys.exit(1)

        if self.args.json:
            util.output_json(scan_return)

        else:
            if not self.args.detail:
                clean = util.print_scan_summary(scan_return, input_resolve)
            else:
                clean = util.print_detail_scan_summary(scan_return,
                                                       input_resolve)
            if not clean:
                sys.exit(1)
Ejemplo n.º 2
0
    def scan(self):
        self.ping()
        BUS_NAME = "org.OpenSCAP.daemon"
        OBJECT_PATH = "/OpenSCAP/daemon"
        INTERFACE = "org.OpenSCAP.daemon.Interface"
        input_resolve = {}

        if self.args.images:
            scan_list = self._get_all_image_ids()
        elif self.args.containers:
            scan_list = self._get_all_container_ids()
        elif self.args.all:
            cids = self._get_all_container_ids()
            iids = self._get_all_image_ids()
            scan_list = cids + iids
        else:
            scan_list = []
            for scan_input in self.args.scan_targets:
                docker_id = self.get_input_id(scan_input)
                input_resolve[docker_id] = scan_input
                scan_list.append(docker_id)
        util.writeOut("\nScanning...\n")
        bus = dbus.SystemBus()
        try:
            oscap_d = bus.get_object(BUS_NAME, OBJECT_PATH)
            oscap_i = dbus.Interface(oscap_d, INTERFACE)
            scan_return = json.loads(oscap_i.scan_list(scan_list, 4))
        except dbus.exceptions.DBusException:
            error = "Unable to find the openscap-daemon dbus service. "\
                    "Either start the openscap-daemon service or pull and run"\
                    " the openscap-daemon image"
            sys.stderr.write("\n{0}\n\n".format(error))
            sys.exit(1)

        if self.args.json:
            util.output_json(scan_return)

        else:
            if not self.args.detail:
                clean = util.print_scan_summary(scan_return, input_resolve)
            else:
                clean = util.print_detail_scan_summary(scan_return,
                                                       input_resolve)
            if not clean:
                sys.exit(1)
Ejemplo n.º 3
0
    def scan(self):
        if (not self.args.images and not self.args.containers
                and not self.args.all) and len(self.args.scan_targets) == 0:
            sys.stderr.write(
                "\nYou must provide a list of containers or images to scan\n")
            sys.exit(1)
        self.ping()
        BUS_NAME = "org.OpenSCAP.daemon"
        OBJECT_PATH = "/OpenSCAP/daemon"
        INTERFACE = "org.OpenSCAP.daemon.Interface"
        input_resolve = {}
        if self.args.images:
            scan_list = self._get_all_image_ids()
        elif self.args.containers:
            scan_list = self._get_all_container_ids()
        elif self.args.all:
            cids = self._get_all_container_ids()
            iids = self._get_all_image_ids()
            scan_list = cids + iids
        else:
            scan_list = []
            for scan_input in self.args.scan_targets:
                docker_id = self.get_input_id(scan_input)
                input_resolve[docker_id] = scan_input
                scan_list.append(docker_id)

        # Check to make sure none of the docker objects we need to
        # scan are already mounted.
        for docker_obj in scan_list:
            if util.is_dock_obj_mounted(docker_obj):
                sys.stderr.write(
                    "\nThe object {0} is already mounted (in  "
                    "use) and therefore cannot be scanned.\n".format(
                        docker_obj))
                sys.exit(1)
        util.writeOut("\nScanning...\n")
        bus = dbus.SystemBus()
        try:
            oscap_d = bus.get_object(BUS_NAME, OBJECT_PATH)
            oscap_i = dbus.Interface(oscap_d, INTERFACE)
            # Check if the user has asked to override the behaviour of fetching the
            # latest CVE input data, as defined in the openscap-daemon conf file
            # oscap-daemon a byte of 0 (False), 1 (True), and 2 (no change)

            if self.args.fetch_cves is None:
                fetch = 2
            elif self.args.fetch_cves:
                fetch = 1
            else:
                fetch = 0
            scan_return = json.loads(
                oscap_i.scan_list(scan_list, 4, fetch, timeout=99999))

        except dbus.exceptions.DBusException as e:
            message = "The openscap-daemon returned: {0}".format(
                e.get_dbus_message())
            if e.get_dbus_name(
            ) == 'org.freedesktop.DBus.Error.ServiceUnknown':
                message = "Unable to find the openscap-daemon dbus service. "\
                          "Either start the openscap-daemon service or pull " \
                          "and run the openscap-daemon image"
            sys.stderr.write("\n{0}\n\n".format(message))
            sys.exit(1)

        if self.args.json:
            util.output_json(scan_return)

        else:
            if not self.args.detail:
                clean = util.print_scan_summary(scan_return, input_resolve)
            else:
                clean = util.print_detail_scan_summary(scan_return,
                                                       input_resolve)
            if not clean:
                sys.exit(1)