def images_imageDigest_check(request_inputs, imageDigest): user_auth = request_inputs['auth'] method = request_inputs['method'] bodycontent = request_inputs['bodycontent'] params = request_inputs['params'] return_object = {} httpcode = 500 userId, pw = user_auth try: image_records = catalog.get_image(user_auth, imageDigest=imageDigest) for image_record in image_records: if image_record['analysis_status'] != taskstate.complete_state( 'analyze'): httpcode = 404 raise Exception("image is not analyzed - analysis_status: " + str(image_record['analysis_status'])) return_object, httpcode = images_check_impl(request_inputs, image_records) except Exception as err: logger.debug("operation exception: " + str(err)) return_object = anchore_engine.services.common.make_response_error( err, in_httpcode=httpcode) httpcode = return_object['httpcode'] return (return_object, httpcode)
def get_content(request_inputs, content_type, doformat=False): user_auth = request_inputs['auth'] method = request_inputs['method'] bodycontent = request_inputs['bodycontent'] params = request_inputs['params'] return_object = {} httpcode = 500 userId, pw = user_auth try: tag = params.pop('tag', None) imageDigest = params.pop('imageDigest', None) digest = params.pop('digest', None) image_reports = catalog.get_image(user_auth, tag=tag, digest=digest, imageDigest=imageDigest) for image_report in image_reports: if image_report['analysis_status'] != taskstate.complete_state('analyze'): httpcode = 404 raise Exception("image is not analyzed - analysis_status: " + image_report['analysis_status']) imageDigest = image_report['imageDigest'] image_content_data = catalog.get_document(user_auth, 'image_content_data', imageDigest) return_object[imageDigest] = make_response_content(content_type, image_content_data[content_type]) httpcode = 200 except Exception as err: return_object = anchore_engine.services.common.make_response_error(err, in_httpcode=httpcode) httpcode = return_object['httpcode'] return (return_object, httpcode)
def verify_analysis_status(self, image_report): if image_report and image_report[ "analysis_status"] != taskstate.complete_state("analyze"): raise ResourceNotFound( "image is not analyzed - analysis_status: %s" % image_report["analysis_status"], detail=self.get_error_detail(), )
def get_content(request_inputs, content_type, doformat=False): user_auth = request_inputs['auth'] method = request_inputs['method'] bodycontent = request_inputs['bodycontent'] params = request_inputs['params'] return_object = {} httpcode = 500 userId, pw = user_auth try: if content_type not in anchore_engine.services.common.image_content_types: httpcode = 404 raise Exception("content type (" + str(content_type) + ") not available") tag = params.pop('tag', None) imageDigest = params.pop('imageDigest', None) digest = params.pop('digest', None) image_reports = catalog.get_image(user_auth, tag=tag, digest=digest, imageDigest=imageDigest) for image_report in image_reports: if image_report['analysis_status'] != taskstate.complete_state( 'analyze'): httpcode = 404 raise Exception("image is not analyzed - analysis_status: " + image_report['analysis_status']) imageDigest = image_report['imageDigest'] try: image_content_data = catalog.get_document( user_auth, 'image_content_data', imageDigest) except Exception as err: raise anchore_engine.services.common.make_anchore_exception( err, input_message="cannot fetch content data from archive", input_httpcode=500) if content_type not in image_content_data: httpcode = 404 raise Exception( "image content of type (" + str(content_type) + ") was not an available type at analysis time for this image" ) return_object[imageDigest] = make_response_content( content_type, image_content_data[content_type]) httpcode = 200 except Exception as err: return_object = anchore_engine.services.common.make_response_error( err, in_httpcode=httpcode) httpcode = return_object['httpcode'] return (return_object, httpcode)
def vulnerability_query(request_inputs, vulnerability_type, doformat=False): user_auth = request_inputs['auth'] method = request_inputs['method'] bodycontent = request_inputs['bodycontent'] params = request_inputs['params'] return_object = {} httpcode = 500 userId = request_inputs['userId'] localconfig = anchore_engine.configuration.localconfig.get_config() system_user_auth = localconfig['system_user_auth'] verify = localconfig['internal_ssl_verify'] force_refresh = params.get('force_refresh', False) vendor_only = params.get('vendor_only', True) try: if vulnerability_type not in anchore_engine.common.image_vulnerability_types + ['all']: httpcode = 404 raise Exception("content type ("+str(vulnerability_type)+") not available") tag = params.pop('tag', None) imageDigest = params.pop('imageDigest', None) digest = params.pop('digest', None) catalog_client = internal_client_for(CatalogClient, userId) image_reports = catalog_client.get_image(tag=tag, digest=digest, imageDigest=imageDigest) for image_report in image_reports: if image_report['analysis_status'] != taskstate.complete_state('analyze'): httpcode = 404 raise Exception("image is not analyzed - analysis_status: " + image_report['analysis_status']) imageDigest = image_report['imageDigest'] try: image_detail = image_report['image_detail'][0] imageId = image_detail['imageId'] client = internal_client_for(PolicyEngineClient, userId) resp = client.get_image_vulnerabilities(user_id=userId, image_id=imageId, force_refresh=force_refresh, vendor_only=vendor_only) if doformat: ret = make_response_vulnerability(vulnerability_type, resp) return_object[imageDigest] = ret else: return_object[imageDigest] = resp httpcode = 200 except Exception as err: httpcode = 500 raise Exception("could not fetch vulnerabilities - exception: " + str(err)) httpcode = 200 except Exception as err: return_object = anchore_engine.common.helpers.make_response_error(err, in_httpcode=httpcode) httpcode = return_object['httpcode'] return (return_object, httpcode)
def vulnerability_query(request_inputs, vulnerability_type, doformat=False): user_auth = request_inputs['auth'] method = request_inputs['method'] bodycontent = request_inputs['bodycontent'] params = request_inputs['params'] return_object = {} httpcode = 500 userId, pw = user_auth localconfig = anchore_engine.configuration.localconfig.get_config() system_user_auth = localconfig['system_user_auth'] verify = localconfig['internal_ssl_verify'] try: if vulnerability_type not in anchore_engine.services.common.image_vulnerability_types: httpcode = 404 raise Exception("content type ("+str(vulnerability_type)+") not available") tag = params.pop('tag', None) imageDigest = params.pop('imageDigest', None) digest = params.pop('digest', None) image_reports = catalog.get_image(user_auth, tag=tag, digest=digest, imageDigest=imageDigest) for image_report in image_reports: if image_report['analysis_status'] != taskstate.complete_state('analyze'): httpcode = 404 raise Exception("image is not analyzed - analysis_status: " + image_report['analysis_status']) imageDigest = image_report['imageDigest'] try: if vulnerability_type == 'os': image_detail = image_report['image_detail'][0] imageId = image_detail['imageId'] client = anchore_engine.clients.policy_engine.get_client(user=system_user_auth[0], password=system_user_auth[1], verify_ssl=verify) resp = client.get_image_vulnerabilities(user_id=userId, image_id=imageId, force_refresh=False) if doformat: return_object[imageDigest] = make_response_vulnerability(vulnerability_type, resp.to_dict()) else: return_object[imageDigest] = resp.to_dict() else: return_object[imageDigest] = [] httpcode = 200 except Exception as err: httpcode = 500 raise Exception("could not fetch vulnerabilities - exception: " + str(err)) httpcode = 200 except Exception as err: return_object = anchore_engine.services.common.make_response_error(err, in_httpcode=httpcode) httpcode = return_object['httpcode'] return (return_object, httpcode)
def get_image_summary(user_auth, image_record): ret = {} if image_record['analysis_status'] != taskstate.complete_state('analyze'): return (ret) # augment with image summary data, if available try: try: image_summary_data = catalog.get_document( user_auth, 'image_summary_data', image_record['imageDigest']) except: image_summary_data = {} if not image_summary_data: # (re)generate image_content_data document logger.debug("generating image summary data from analysis data") image_data = catalog.get_document(user_auth, 'analysis_data', image_record['imageDigest']) image_content_data = {} for content_type in anchore_engine.services.common.image_content_types: try: image_content_data[ content_type] = anchore_engine.services.common.extract_analyzer_content( image_data, content_type) except: image_content_data[content_type] = {} if image_content_data: logger.debug("adding image content data to archive") rc = catalog.put_document(user_auth, 'image_content_data', image_record['imageDigest'], image_content_data) image_summary_data = {} try: image_summary_data = anchore_engine.services.common.extract_analyzer_content( image_data, 'metadata') except: image_summary_data = {} if image_summary_data: logger.debug("adding image summary data to archive") rc = catalog.put_document(user_auth, 'image_summary_data', image_record['imageDigest'], image_summary_data) image_summary_metadata = copy.deepcopy(image_summary_data) if image_summary_metadata: logger.debug("getting image summary data") summary_record = {} adm = image_summary_metadata['anchore_distro_meta'] summary_record['distro'] = adm.pop('DISTRO', 'N/A') summary_record['distro_version'] = adm.pop('DISTROVERS', 'N/A') air = image_summary_metadata['anchore_image_report'] airm = air.pop('meta', {}) al = air.pop('layers', []) ddata = air.pop('docker_data', {}) summary_record['layer_count'] = str(len(al)) summary_record['dockerfile_mode'] = air.pop( 'dockerfile_mode', 'N/A') summary_record['arch'] = ddata.pop('Architecture', 'N/A') summary_record['image_size'] = str(int(airm.pop('sizebytes', 0))) ret = summary_record except Exception as err: logger.warn("cannot get image summary data for image: " + str(image_record['imageDigest']) + " : " + str(err)) return (ret)
def get_content(request_inputs, content_type, doformat=False): user_auth = request_inputs['auth'] method = request_inputs['method'] bodycontent = request_inputs['bodycontent'] params = request_inputs['params'] return_object = {} httpcode = 500 userId, pw = user_auth try: if content_type not in anchore_engine.services.common.image_content_types + anchore_engine.services.common.image_metadata_types: httpcode = 404 raise Exception("content type (" + str(content_type) + ") not available") tag = params.pop('tag', None) imageDigest = params.pop('imageDigest', None) digest = params.pop('digest', None) image_reports = catalog.get_image(user_auth, tag=tag, digest=digest, imageDigest=imageDigest) for image_report in image_reports: if image_report['analysis_status'] != taskstate.complete_state( 'analyze'): httpcode = 404 raise Exception("image is not analyzed - analysis_status: " + image_report['analysis_status']) imageDigest = image_report['imageDigest'] if content_type == 'manifest': try: image_manifest_data = catalog.get_document( user_auth, 'manifest_data', imageDigest) except Exception as err: raise anchore_engine.services.common.make_anchore_exception( err, input_message="cannot fetch content data {} from archive" .format(content_type), input_httpcode=500) image_content_data = {'manifest': image_manifest_data} else: try: image_content_data = catalog.get_document( user_auth, 'image_content_data', imageDigest) except Exception as err: raise anchore_engine.services.common.make_anchore_exception( err, input_message="cannot fetch content data from archive", input_httpcode=500) # special handler for dockerfile contents from old method to new if content_type == 'dockerfile' and not image_content_data.get( 'dockerfile', None): try: if image_report.get('dockerfile_mode', None) == 'Actual': for image_detail in image_report.get( 'image_detail', []): if image_detail.get('dockerfile', None): logger.debug( "migrating old dockerfile content form into new" ) image_content_data[ 'dockerfile'] = image_detail.get( 'dockerfile', "").decode('base64') catalog.put_document( user_auth, 'image_content_data', imageDigest, image_content_data) break except Exception as err: logger.warn( "cannot fetch/decode dockerfile contents from image_detail - {}" .format(err)) if content_type not in image_content_data: httpcode = 404 raise Exception( "image content of type (" + str(content_type) + ") was not an available type at analysis time for this image" ) return_object[imageDigest] = make_response_content( content_type, image_content_data[content_type]) httpcode = 200 except Exception as err: return_object = anchore_engine.services.common.make_response_error( err, in_httpcode=httpcode) httpcode = return_object['httpcode'] return (return_object, httpcode)