def scan(self):
if (not self.args.images and not self.args.containers and not self.args.all) and len(self.args.scan_targets) == 0:
sys.stderr.write("\nYou must provide a list of containers or images to scan\n")
sys.exit(1)
self.ping()
BUS_NAME = "org.OpenSCAP.daemon"
OBJECT_PATH = "/OpenSCAP/daemon"
INTERFACE = "org.OpenSCAP.daemon.Interface"
input_resolve = {}
if self.args.images:
scan_list = self._get_all_image_ids()
elif self.args.containers:
scan_list = self._get_all_container_ids()
elif self.args.all:
cids = self._get_all_container_ids()
iids = self._get_all_image_ids()
scan_list = cids + iids
else:
scan_list = []
for scan_input in self.args.scan_targets:
docker_id = self.get_input_id(scan_input)
input_resolve[docker_id] = scan_input
scan_list.append(docker_id)
util.writeOut("\nScanning...\n")
bus = dbus.SystemBus()
try:
oscap_d = bus.get_object(BUS_NAME, OBJECT_PATH)
oscap_i = dbus.Interface(oscap_d, INTERFACE)
# Check if the user has asked to override the behaviour of fetching the
# latest CVE input data, as defined in the openscap-daemon conf file
# oscap-daemon a byte of 0 (False), 1 (True), and 2 (no change)
if self.args.fetch_cves is None:
fetch = 2
elif self.args.fetch_cves:
fetch = 1
else:
fetch = 0
scan_return = json.loads(oscap_i.scan_list(scan_list, 4, fetch, timeout=99999))
except dbus.exceptions.DBusException as e:
message = "The openscap-daemon returned: {0}".format(e.get_dbus_message())
if e.get_dbus_name() == 'org.freedesktop.DBus.Error.ServiceUnknown':
message = "Unable to find the openscap-daemon dbus service. "\
"Either start the openscap-daemon service or pull " \
"and run the openscap-daemon image"
sys.stderr.write("\n{0}\n\n".format(message))
sys.exit(1)
if self.args.json:
util.output_json(scan_return)
else:
if not self.args.detail:
clean = util.print_scan_summary(scan_return, input_resolve)
else:
clean = util.print_detail_scan_summary(scan_return,
input_resolve)
if not clean:
sys.exit(1)
def dump(self):
# helper function to dump out known variables/values in pretty-print style
class_vars = dict(vars(self))
foo = {
x: class_vars[x]
for x in class_vars
if not callable(getattr(self, x)) and not x.startswith("__") and not x.endswith("_backend")
}
output_json(foo)
def dump(self):
# helper function to dump out known variables/values in pretty-print style
class_vars = dict(vars(self))
foo = {
x: class_vars[x]
for x in class_vars if not callable(getattr(self, x))
and not x.startswith('__') and not x.endswith('_backend')
}
output_json(foo)
def scan(self):
self.ping()
BUS_NAME = "org.OpenSCAP.daemon"
OBJECT_PATH = "/OpenSCAP/daemon"
INTERFACE = "org.OpenSCAP.daemon.Interface"
input_resolve = {}
if self.args.images:
scan_list = self._get_all_image_ids()
elif self.args.containers:
scan_list = self._get_all_container_ids()
elif self.args.all:
cids = self._get_all_container_ids()
iids = self._get_all_image_ids()
scan_list = cids + iids
else:
scan_list = []
for scan_input in self.args.scan_targets:
docker_id = self.get_input_id(scan_input)
input_resolve[docker_id] = scan_input
scan_list.append(docker_id)
util.writeOut("\nScanning...\n")
bus = dbus.SystemBus()
try:
oscap_d = bus.get_object(BUS_NAME, OBJECT_PATH)
oscap_i = dbus.Interface(oscap_d, INTERFACE)
scan_return = json.loads(oscap_i.scan_list(scan_list, 4))
except dbus.exceptions.DBusException:
error = "Unable to find the openscap-daemon dbus service. "\
"Either start the openscap-daemon service or pull and run"\
" the openscap-daemon image"
sys.stderr.write("\n{0}\n\n".format(error))
sys.exit(1)
if self.args.json:
util.output_json(scan_return)
else:
if not self.args.detail:
clean = util.print_scan_summary(scan_return, input_resolve)
else:
clean = util.print_detail_scan_summary(scan_return,
input_resolve)
if not clean:
sys.exit(1)
def display_all_image_info(self):
def get_col_lengths(_images):
'''
Determine the max length of the repository and tag names
:param _images:
:return: a set with len of repository and tag
If there are no images, return 1, 1
'''
repo_tags = [
y for x in _images if x.repotags for y in x.split_repotags
]
if repo_tags:
return max([len(x[0]) for x in repo_tags]) + 2,\
max([len(x[1]) for x in repo_tags]) + 2
else:
return 1, 1
if self.args.debug:
util.write_out(str(self.args))
_images = self._get_images()
if self.args.json:
util.output_json(self.return_json(_images))
return 0
if len(_images) == 0:
return
_max_repo, _max_tag = get_col_lengths(_images)
if self.args.truncate:
_max_id = 14
else:
_max_id = 65
col_out = "{0:2} {1:" + str(_max_repo) + "} {2:" + str(_max_tag) + \
"} {3:" + str(_max_id) + "} {4:18} {5:14} {6:10}"
if self.args.heading and not self.args.quiet:
util.write_out(
col_out.format(" ", "REPOSITORY", "TAG", "IMAGE ID", "CREATED",
"VIRTUAL SIZE", "TYPE"))
for image in _images:
if self.args.filter:
if not self._filter_include_image(image):
continue
if self.args.quiet:
util.write_out(image.id)
else:
indicator = ""
if image.is_dangling:
indicator += "*"
elif image.used:
indicator += ">"
if image.vulnerable:
space = " " if len(indicator) < 1 else ""
if util.is_python2:
indicator = indicator + self.skull + space
else:
indicator = indicator + str(self.skull,
"utf-8") + space
repo, tag = image.split_repotags[0]
_id = image.short_id if self.args.truncate else image.id
util.write_out(
col_out.format(indicator, repo or "<none>", tag
or "<none>", _id, image.timestamp,
image.virtual_size, image.backend.backend))
util.write_out("")
return
def display_all_image_info(self):
def get_col_lengths(_images):
'''
Determine the max length of the repository and tag names
:param _images:
:return: a set with len of repository and tag
If there are no images, return 1, 1
'''
repo_tags = [y for x in _images if x.repotags for y in x.split_repotags]
if repo_tags:
return max([len(x[0]) for x in repo_tags]) + 2,\
max([len(x[1]) for x in repo_tags]) + 2
else:
return 1, 1
if self.args.debug:
util.write_out(str(self.args))
_images = self._get_images()
for i in _images:
i.repo, i.tag = i.split_repotags[0]
if self.args.filter:
_images = [x for x in _images if self._filter_include_image(x)]
if self.args.json:
util.output_json(self.return_json(_images))
return 0
if len(_images) == 0:
return
_max_repo, _max_tag = get_col_lengths(_images)
if self.args.truncate:
_max_id = 14
else:
_max_id = 65
col_out = "{0:2} {1:" + str(_max_repo) + "} {2:" + str(_max_tag) + \
"} {3:" + str(_max_id) + "} {4:18} {5:14} {6:10}"
if self.args.heading and not self.args.quiet:
util.write_out(col_out.format(" ",
"REPOSITORY",
"TAG",
"IMAGE ID",
"CREATED",
"VIRTUAL SIZE",
"TYPE"))
for image in _images:
if self.args.quiet:
util.write_out(image.id)
else:
indicator = ""
if image.is_dangling:
indicator += "*"
elif image.used:
indicator += ">"
if image.vulnerable:
space = " " if len(indicator) < 1 else ""
if util.is_python2:
indicator = indicator + self.skull + space
else:
indicator = indicator + str(self.skull, "utf-8") + space
_id = image.short_id if self.args.truncate else image.id
util.write_out(col_out.format(indicator, image.repo or "<none>", image.tag or "<none>", _id, image.timestamp,
image.virtual_size, image.backend.backend))
util.write_out("")
return
def scan(self):
if (not self.args.images and not self.args.containers
and not self.args.all) and len(self.args.scan_targets) == 0:
sys.stderr.write(
"\nYou must provide a list of containers or images to scan\n")
sys.exit(1)
self.ping()
BUS_NAME = "org.OpenSCAP.daemon"
OBJECT_PATH = "/OpenSCAP/daemon"
INTERFACE = "org.OpenSCAP.daemon.Interface"
input_resolve = {}
if self.args.images:
scan_list = self._get_all_image_ids()
elif self.args.containers:
scan_list = self._get_all_container_ids()
elif self.args.all:
cids = self._get_all_container_ids()
iids = self._get_all_image_ids()
scan_list = cids + iids
else:
scan_list = []
for scan_input in self.args.scan_targets:
docker_id = self.get_input_id(scan_input)
input_resolve[docker_id] = scan_input
scan_list.append(docker_id)
# Check to make sure none of the docker objects we need to
# scan are already mounted.
for docker_obj in scan_list:
if util.is_dock_obj_mounted(docker_obj):
sys.stderr.write(
"\nThe object {0} is already mounted (in "
"use) and therefore cannot be scanned.\n".format(
docker_obj))
sys.exit(1)
util.writeOut("\nScanning...\n")
bus = dbus.SystemBus()
try:
oscap_d = bus.get_object(BUS_NAME, OBJECT_PATH)
oscap_i = dbus.Interface(oscap_d, INTERFACE)
# Check if the user has asked to override the behaviour of fetching the
# latest CVE input data, as defined in the openscap-daemon conf file
# oscap-daemon a byte of 0 (False), 1 (True), and 2 (no change)
if self.args.fetch_cves is None:
fetch = 2
elif self.args.fetch_cves:
fetch = 1
else:
fetch = 0
scan_return = json.loads(
oscap_i.scan_list(scan_list, 4, fetch, timeout=99999))
except dbus.exceptions.DBusException as e:
message = "The openscap-daemon returned: {0}".format(
e.get_dbus_message())
if e.get_dbus_name(
) == 'org.freedesktop.DBus.Error.ServiceUnknown':
message = "Unable to find the openscap-daemon dbus service. "\
"Either start the openscap-daemon service or pull " \
"and run the openscap-daemon image"
sys.stderr.write("\n{0}\n\n".format(message))
sys.exit(1)
if self.args.json:
util.output_json(scan_return)
else:
if not self.args.detail:
clean = util.print_scan_summary(scan_return, input_resolve)
else:
clean = util.print_detail_scan_summary(scan_return,
input_resolve)
if not clean:
sys.exit(1)
