def get_content(request_inputs, content_type, doformat=False):
user_auth = request_inputs['auth']
method = request_inputs['method']
bodycontent = request_inputs['bodycontent']
params = request_inputs['params']
return_object = {}
httpcode = 500
userId, pw = user_auth
try:
tag = params.pop('tag', None)
imageDigest = params.pop('imageDigest', None)
digest = params.pop('digest', None)
image_reports = catalog.get_image(user_auth, tag=tag, digest=digest, imageDigest=imageDigest)
for image_report in image_reports:
if image_report['analysis_status'] != taskstate.complete_state('analyze'):
httpcode = 404
raise Exception("image is not analyzed - analysis_status: " + image_report['analysis_status'])
imageDigest = image_report['imageDigest']
image_content_data = catalog.get_document(user_auth, 'image_content_data', imageDigest)
return_object[imageDigest] = make_response_content(content_type, image_content_data[content_type])
httpcode = 200
except Exception as err:
return_object = anchore_engine.services.common.make_response_error(err, in_httpcode=httpcode)
httpcode = return_object['httpcode']
return (return_object, httpcode)
def _get_content(self, url):
"""
This can be *big*, as in hundreds of MB of data.
Supported url formats:
file://
http(s)://
catalog://<userId>/<bucket>/<name>
:param url:
:return:
"""
split_url = urllib.splittype(url)
if split_url[0] == 'file':
return self._get_file(split_url[1])
elif split_url[0] == 'catalog':
userId, bucket, name = split_url[1][2:].split('/')
# Add auth if necessary
try:
with session_scope() as dbsession:
usr_record = db_users.get(userId, session=dbsession)
if not usr_record:
raise Exception(
'User {} not found, cannot fetch analysis data'.format(
userId))
except:
log.exception(
'Cannot get credentials for user {} fetching the analysis content to load'
.format(userId))
raise
try:
doc = catalog.get_document(
(usr_record['userId'], usr_record['password']), bucket,
name)
return doc
except:
log.exception(
'Error retrieving analysis json from the catalog service')
raise
elif split_url[0].startswith('http'):
retry = 3
while retry > 0:
try:
data_response = requests.get(url=url)
content = data_response.json()
return content
except requests.HTTPError as ex:
log.exception('HTTP exception: {}. Retrying'.format(ex))
retry = retry - 1
time.sleep(retry * 3) # Backoff and retry
except:
log.exception('Non HTTP exception. Retrying')
retry = retry - 1
else:
raise Exception('Cannot get content from url: {}'.format(url))
def get_content(request_inputs, content_type, doformat=False):
user_auth = request_inputs['auth']
method = request_inputs['method']
bodycontent = request_inputs['bodycontent']
params = request_inputs['params']
return_object = {}
httpcode = 500
userId, pw = user_auth
try:
if content_type not in anchore_engine.services.common.image_content_types:
httpcode = 404
raise Exception("content type (" + str(content_type) +
") not available")
tag = params.pop('tag', None)
imageDigest = params.pop('imageDigest', None)
digest = params.pop('digest', None)
image_reports = catalog.get_image(user_auth,
tag=tag,
digest=digest,
imageDigest=imageDigest)
for image_report in image_reports:
if image_report['analysis_status'] != taskstate.complete_state(
'analyze'):
httpcode = 404
raise Exception("image is not analyzed - analysis_status: " +
image_report['analysis_status'])
imageDigest = image_report['imageDigest']
try:
image_content_data = catalog.get_document(
user_auth, 'image_content_data', imageDigest)
except Exception as err:
raise anchore_engine.services.common.make_anchore_exception(
err,
input_message="cannot fetch content data from archive",
input_httpcode=500)
if content_type not in image_content_data:
httpcode = 404
raise Exception(
"image content of type (" + str(content_type) +
") was not an available type at analysis time for this image"
)
return_object[imageDigest] = make_response_content(
content_type, image_content_data[content_type])
httpcode = 200
except Exception as err:
return_object = anchore_engine.services.common.make_response_error(
err, in_httpcode=httpcode)
httpcode = return_object['httpcode']
return (return_object, httpcode)
def make_response_policyeval(user_auth, eval_record, params):
ret = {}
userId, pw = user_auth
try:
tag = eval_record['tag']
ret[tag] = {}
if eval_record['evalId'] and eval_record['policyId']:
ret[tag]['detail'] = {}
if params and 'detail' in params and params['detail']:
eval_data = catalog.get_document(user_auth,
'policy_evaluations',
eval_record['evalId'])
# ret[tag]['detail']['result'] = json.loads(eval_data)
ret[tag]['detail']['result'] = eval_data
bundle_data = catalog.get_document(user_auth, 'policy_bundles',
eval_record['policyId'])
# ret[tag]['detail']['policy'] = json.loads(bundle_data)
ret[tag]['detail']['policy'] = bundle_data
ret[tag]['policyId'] = eval_record['policyId']
if eval_record['final_action'].upper() in ['GO', 'WARN']:
ret[tag]['status'] = 'pass'
else:
ret[tag]['status'] = 'fail'
ret[tag]['last_evaluation'] = datetime.datetime.fromtimestamp(
eval_record['created_at']).isoformat()
else:
ret[tag]['policyId'] = "N/A"
ret[tag]['final_action'] = "fail"
ret[tag]['last_evaluation'] = "N/A"
ret[tag]['detail'] = {}
except Exception as err:
raise Exception("failed to format policy eval response: " + str(err))
return (ret)
def get_image_summary(user_auth, image_record):
ret = {}
if image_record['analysis_status'] != taskstate.complete_state('analyze'):
return (ret)
# augment with image summary data, if available
try:
try:
image_summary_data = catalog.get_document(
user_auth, 'image_summary_data', image_record['imageDigest'])
except:
image_summary_data = {}
if not image_summary_data:
# (re)generate image_content_data document
logger.debug("generating image summary data from analysis data")
image_data = catalog.get_document(user_auth, 'analysis_data',
image_record['imageDigest'])
image_content_data = {}
for content_type in anchore_engine.services.common.image_content_types:
try:
image_content_data[
content_type] = anchore_engine.services.common.extract_analyzer_content(
image_data, content_type)
except:
image_content_data[content_type] = {}
if image_content_data:
logger.debug("adding image content data to archive")
rc = catalog.put_document(user_auth, 'image_content_data',
image_record['imageDigest'],
image_content_data)
image_summary_data = {}
try:
image_summary_data = anchore_engine.services.common.extract_analyzer_content(
image_data, 'metadata')
except:
image_summary_data = {}
if image_summary_data:
logger.debug("adding image summary data to archive")
rc = catalog.put_document(user_auth, 'image_summary_data',
image_record['imageDigest'],
image_summary_data)
image_summary_metadata = copy.deepcopy(image_summary_data)
if image_summary_metadata:
logger.debug("getting image summary data")
summary_record = {}
adm = image_summary_metadata['anchore_distro_meta']
summary_record['distro'] = adm.pop('DISTRO', 'N/A')
summary_record['distro_version'] = adm.pop('DISTROVERS', 'N/A')
air = image_summary_metadata['anchore_image_report']
airm = air.pop('meta', {})
al = air.pop('layers', [])
ddata = air.pop('docker_data', {})
summary_record['layer_count'] = str(len(al))
summary_record['dockerfile_mode'] = air.pop(
'dockerfile_mode', 'N/A')
summary_record['arch'] = ddata.pop('Architecture', 'N/A')
summary_record['image_size'] = str(int(airm.pop('sizebytes', 0)))
ret = summary_record
except Exception as err:
logger.warn("cannot get image summary data for image: " +
str(image_record['imageDigest']) + " : " + str(err))
return (ret)
def get_content(request_inputs, content_type, doformat=False):
user_auth = request_inputs['auth']
method = request_inputs['method']
bodycontent = request_inputs['bodycontent']
params = request_inputs['params']
return_object = {}
httpcode = 500
userId, pw = user_auth
try:
if content_type not in anchore_engine.services.common.image_content_types + anchore_engine.services.common.image_metadata_types:
httpcode = 404
raise Exception("content type (" + str(content_type) +
") not available")
tag = params.pop('tag', None)
imageDigest = params.pop('imageDigest', None)
digest = params.pop('digest', None)
image_reports = catalog.get_image(user_auth,
tag=tag,
digest=digest,
imageDigest=imageDigest)
for image_report in image_reports:
if image_report['analysis_status'] != taskstate.complete_state(
'analyze'):
httpcode = 404
raise Exception("image is not analyzed - analysis_status: " +
image_report['analysis_status'])
imageDigest = image_report['imageDigest']
if content_type == 'manifest':
try:
image_manifest_data = catalog.get_document(
user_auth, 'manifest_data', imageDigest)
except Exception as err:
raise anchore_engine.services.common.make_anchore_exception(
err,
input_message="cannot fetch content data {} from archive"
.format(content_type),
input_httpcode=500)
image_content_data = {'manifest': image_manifest_data}
else:
try:
image_content_data = catalog.get_document(
user_auth, 'image_content_data', imageDigest)
except Exception as err:
raise anchore_engine.services.common.make_anchore_exception(
err,
input_message="cannot fetch content data from archive",
input_httpcode=500)
# special handler for dockerfile contents from old method to new
if content_type == 'dockerfile' and not image_content_data.get(
'dockerfile', None):
try:
if image_report.get('dockerfile_mode',
None) == 'Actual':
for image_detail in image_report.get(
'image_detail', []):
if image_detail.get('dockerfile', None):
logger.debug(
"migrating old dockerfile content form into new"
)
image_content_data[
'dockerfile'] = image_detail.get(
'dockerfile', "").decode('base64')
catalog.put_document(
user_auth, 'image_content_data',
imageDigest, image_content_data)
break
except Exception as err:
logger.warn(
"cannot fetch/decode dockerfile contents from image_detail - {}"
.format(err))
if content_type not in image_content_data:
httpcode = 404
raise Exception(
"image content of type (" + str(content_type) +
") was not an available type at analysis time for this image"
)
return_object[imageDigest] = make_response_content(
content_type, image_content_data[content_type])
httpcode = 200
except Exception as err:
return_object = anchore_engine.services.common.make_response_error(
err, in_httpcode=httpcode)
httpcode = return_object['httpcode']
return (return_object, httpcode)
