def __init__(self, anchore_config, imagelist, allimages, force=False):
self.config = anchore_config
self.allimages = allimages
if len(imagelist) <= 0:
raise Exception("No images given to evaluate")
self.images = anchore_utils.image_context_add(
imagelist,
allimages,
docker_cli=contexts['docker_cli'],
tmproot=self.config['tmpdir'],
anchore_db=contexts['anchore_db'],
docker_images=contexts['docker_images'],
must_be_analyzed=True,
must_load_all=True)
self.anchoreDB = contexts['anchore_db']
self.default_gatepol = '/'.join(
[self.config.config_dir, "anchore_gate.policy"])
self.default_global_whitelist = os.path.join(
self.config.config_dir, "anchore_global.whitelist")
self.policy_override = None
self.global_whitelist_override = None
self.show_triggerIds = False
def __init__(self, anchore_config, imagelist, allimages, force=False):
self.config = anchore_config
self.allimages = allimages
if len(imagelist) <= 0:
raise Exception("No images given to evaluate")
self.images = anchore_utils.image_context_add(imagelist, allimages, docker_cli=contexts['docker_cli'], tmproot=self.config['tmpdir'], anchore_db=contexts['anchore_db'], docker_images=contexts['docker_images'], must_be_analyzed=True, must_load_all=True)
self.anchoreDB = contexts['anchore_db']
self.default_gatepol = '/'.join([self.config.config_dir, "anchore_gate.policy"])
self.default_global_whitelist = os.path.join(self.config.config_dir, "anchore_global.whitelist")
self.policy_override = None
self.global_whitelist_override = None
self.show_triggerIds = False
def __init__(self, imagename, allimages={}, tmpdirroot="/tmp", dockerfile=None, docker_cli=None, anchore_db=None, docker_images=None, usertype=None):
self._logger.debug("initializing image: " + str(imagename))
# all members
self.allimages = allimages
self.initialized = False
self.docleanup = True
self.tmpdirroot = tmpdirroot
self.tmpdir = '/'.join([self.tmpdirroot, str(random.randint(0, 9999999)) + ".anchoretmp"])
self.dockerfile = dockerfile
self.dockerfile_contents = None
self.dockerfile_mode = None
self.docker_cli = None
self.docker_data = {}
self.docker_history = {}
self.meta = {'imagename': None,
'shortname': None,
'humanname': None,
'imageId': None,
'shortId': None,
'parentId': None,
'shortparentId': None,
'usertype': usertype,
'sizebytes':0}
self.anchore_data = {}
self.anchore_allfiles = {}
self.anchore_allpkgs = {}
self.anchore_familytree = None
self.anchore_layers = None
self.anchore_current_tags = []
self.anchore_all_tags = []
self.anchore_tag_history = []
self.anchore_analyzer_meta = {}
self.anchore_analysis_report = None
self.anchore_gates_report = None
self.anchore_gates_eval_report = None
self.anchore_image_report = None
# some contexts
self.anchore_db = None
self.docker_images = None
self.anchore_config = None
# do some setup
# set up imageId
try:
result = anchore_utils.discover_imageId(imagename)
if not result:
raise Exception("could not locate image named ("+str(imagename)+") in anchore or local container system.")
except Exception as err:
raise Exception("input image name ("+str(imagename)+") is ambiguous. exception - " + str(err))
self.meta['imageId'] = result
if dockerfile and (os.stat(dockerfile).st_size <= 0 or not os.path.exists(dockerfile) or not os.path.isfile(dockerfile)):
raise Exception("input dockerfile ("+str(dockerfile)+") is invalid.")
# set up external contexts
if docker_cli:
self.docker_cli = docker_cli
elif 'docker_cli' in contexts and contexts['docker_cli']:
self.docker_cli = contexts['docker_cli']
else:
try:
self.docker_cli = docker.Client(base_url='unix://var/run/docker.sock', version='auto', timeout=300)
except Exception as err:
self._logger.warn("could not establish connection with docker, some operations (analyze) may fail: exception: " + str(err))
if anchore_db:
self.anchore_db = anchore_db
elif 'anchore_db' in contexts and contexts['anchore_db']:
self.anchore_db = contexts['anchore_db']
if not self.anchore_db:
raise Exception("could not init/connect to anchoreDB")
if docker_images:
self.docker_images = docker_images
elif 'docker_images' in contexts and contexts['docker_images']:
self.docker_images = contexts['docker_images']
else:
self.docker_images = anchore_utils.get_docker_images(self.docker_cli)
if 'anchore_config' in contexts and contexts['anchore_config']:
self.anchore_config = contexts['anchore_config']
# set up metadata about the image from anchoreDB and docker
if not self.load_image(dockerfile):
raise Exception("could not load image information from Docker or AnchoreDB")
# set up image directory structure
try:
self.anchore_db.create_image(self.meta['imageId'])
except Exception as err:
raise err
# set up any additional internal members
self.initialized = True
self.discover_layers()
self.discover_familytree()
self.discover_dockerfile_contents()
newlist = list(self.anchore_familytree)
while self.meta['imageId'] in newlist: newlist.remove(self.meta['imageId'])
anchore_utils.image_context_add(newlist, self.allimages, docker_cli=self.docker_cli, tmproot=self.tmpdirroot, anchore_db=self.anchore_db, docker_images=self.docker_images)
def __init__(self, imagename, anchore_image_datadir, allimages, tmpdirroot="/tmp", dockerfile=None, docker_cli=None, anchore_db=None, usertype=None):
# all members
self.allimages = allimages
self.initialized = False
self.docleanup = True
self.tmpdirroot = tmpdirroot
self.tmpdir = '/'.join([self.tmpdirroot, str(random.randint(0, 9999999)) + ".anchoretmp"])
self.dockerfile = dockerfile
self.dockerfile_contents = None
self.dockerfile_mode = None
self.docker_cli = None
self.docker_data = {}
self.docker_data_json = ""
self.meta = {'imagename': imagename,
'shortname': None,
'humanname': None,
'imageId': None,
'shortId': None,
'parentId': None,
'shortparentId': None,
'usertype': usertype}
self.anchore_image_datadir = None
self.anchore_imagedir = None
self.anchore_data = {}
self.anchore_data_json = ""
self.anchore_allfiles = {}
self.anchore_allpkgs = {}
self.anchore_familytree = None
self.anchore_layers = None
self.anchore_current_tags = []
self.anchore_all_tags = []
self.anchore_tag_history = []
self.anchore_analyzer_meta_json = None
self.anchore_analyzer_meta = None
self.anchore_analysis_report = None
self.anchore_compare_report = None
self.anchore_gates_report = None
self.anchore_gates_eval_report = None
self.anchore_image_report = None
self.anchore_db = None
# do some setup
patt = re.compile('[0-9a-fA-F]+')
if (len(self.meta['imagename']) == 64 and patt.match(self.meta['imagename'])):
# imagename is a docker long uuid
self.meta['shortname'] = self.meta['imagename'][0:12]
else:
# image name is a non-uuid or a short uuid
self.meta['shortname'] = self.meta['imagename']
if docker_cli:
self.docker_cli = docker_cli
else:
self.docker_cli = docker.Client(base_url='unix://var/run/docker.sock')
self.anchore_image_datadir = anchore_image_datadir
if not os.path.exists(self.anchore_image_datadir):
os.makedirs(self.anchore_image_datadir)
if anchore_db:
self.anchore_db = anchore_db
else:
self.anchore_db = anchore_image_db.AnchoreImageDB(imagerootdir=self.anchore_image_datadir)
# set up metadata about the image from anchore and docker
if not self.load_image():
raise Exception("could not load image from Docker or Anchore")
# set up image directory structure
try:
self.outputdirs = {'image': 'image_output', 'analyzer': 'analyzer_output', 'compare': 'compare_output', 'gate': 'gates_output'}
for d in self.outputdirs.keys():
thedir = '/'.join([self.anchore_imagedir, self.outputdirs[d]])
if not os.path.exists(thedir):
os.makedirs(thedir)
except Exception as err:
raise err
# set up any additional internal members
self.initialized = True
self.discover_layers()
self.discover_familytree()
newlist = list(self.anchore_familytree)
while self.meta['imageId'] in newlist: newlist.remove(self.meta['imageId'])
anchore_utils.image_context_add(newlist, self.allimages, docker_cli=self.docker_cli, anchore_datadir=self.anchore_image_datadir, tmproot=self.tmpdirroot, anchore_db=self.anchore_db)
# Dockerfile handling
if self.dockerfile:
shutil.copy(self.dockerfile, self.anchore_imagedir + "/Dockerfile")
if os.path.exists(self.anchore_imagedir + "/Dockerfile"):
self.dockerfile_contents = anchore_utils.read_plainfile_tostr(self.anchore_imagedir + "/Dockerfile")
self.dockerfile_mode = 'Actual'
self.meta['usertype'] = 'user'
elif os.path.exists(self.anchore_imagedir + "/Dockerfile.guessed"):
self.dockerfile_contents = anchore_utils.read_plainfile_tostr(self.anchore_imagedir + "/Dockerfile.guessed")
self.dockerfile_mode = 'Guessed'
else:
self.dockerfile_contents = self.discover_dockerfile_contents()
self.dockerfile_mode = 'Guessed'
def __init__(self,
imagename,
anchore_image_datadir,
allimages,
tmpdirroot="/tmp",
dockerfile=None,
docker_cli=None,
anchore_db=None,
docker_images=None,
usertype=None):
# all members
self.allimages = allimages
self.initialized = False
self.docleanup = True
self.tmpdirroot = tmpdirroot
self.tmpdir = '/'.join(
[self.tmpdirroot,
str(random.randint(0, 9999999)) + ".anchoretmp"])
self.dockerfile = dockerfile
self.dockerfile_contents = None
self.dockerfile_mode = None
self.docker_cli = None
self.docker_data = {}
self.docker_history = {}
#self.docker_data_json = ""
self.meta = {
'imagename': None,
'shortname': None,
'humanname': None,
'imageId': None,
'shortId': None,
'parentId': None,
'shortparentId': None,
'usertype': usertype,
'sizebytes': 0
}
self.anchore_image_datadir = None
self.anchore_imagedir = None
self.anchore_data = {}
self.anchore_allfiles = {}
self.anchore_allpkgs = {}
self.anchore_familytree = None
self.anchore_layers = None
self.anchore_current_tags = []
self.anchore_all_tags = []
self.anchore_tag_history = []
self.anchore_analyzer_meta = {}
self.anchore_analysis_report = None
self.anchore_gates_report = None
self.anchore_gates_eval_report = None
self.anchore_image_report = None
# some contexts
self.anchore_db = None
self.docker_images = None
# do some setup
# set up imageId
result = anchore_utils.discover_imageId(imagename)
if len(result.keys()) <= 0:
raise Exception("could not locate image named (" + str(imagename) +
") in anchore or local container system.")
elif len(result.keys()) > 1:
raise Exception("input image name (" + str(imagename) +
") is ambiguous.")
else:
self.meta['imageId'] = result.keys()[0]
if dockerfile and (os.stat(dockerfile).st_size <= 0
or not os.path.exists(dockerfile)
or not os.path.isfile(dockerfile)):
raise Exception("input dockerfile (" + str(dockerfile) +
") is invalid.")
self.anchore_image_datadir = anchore_image_datadir
self.anchore_imagedir = os.path.join(anchore_image_datadir,
self.meta['imageId'])
# set up external contexts
if docker_cli:
self.docker_cli = docker_cli
else:
self.docker_cli = docker.Client(
base_url='unix://var/run/docker.sock', timeout=300)
if anchore_db:
self.anchore_db = anchore_db
else:
self.anchore_db = anchore_image_db.AnchoreImageDB(
imagerootdir=self.anchore_image_datadir)
if docker_images:
self.docker_images = docker_images
else:
self.docker_images = self.docker_cli.images(all=True)
# set up metadata about the image from anchoreDB and docker
if not self.load_image(dockerfile):
raise Exception(
"could not load image information from Docker or AnchoreDB")
# set up image directory structure
try:
self.anchore_db.create_image(self.meta['imageId'])
except Exception as err:
raise err
# set up any additional internal members
self.initialized = True
self.discover_layers()
self.discover_familytree()
self.discover_dockerfile_contents()
newlist = list(self.anchore_familytree)
while self.meta['imageId'] in newlist:
newlist.remove(self.meta['imageId'])
anchore_utils.image_context_add(
newlist,
self.allimages,
docker_cli=self.docker_cli,
anchore_datadir=self.anchore_image_datadir,
tmproot=self.tmpdirroot,
anchore_db=self.anchore_db,
docker_images=self.docker_images)
def __init__(self, imagename, anchore_image_datadir, allimages, tmpdirroot="/tmp", dockerfile=None, docker_cli=None, anchore_db=None, usertype=None):
# all members
self.allimages = allimages
self.initialized = False
self.docleanup = True
self.tmpdirroot = tmpdirroot
self.tmpdir = '/'.join([self.tmpdirroot, str(random.randint(0, 9999999)) + ".anchoretmp"])
self.dockerfile = dockerfile
self.dockerfile_contents = None
self.dockerfile_mode = None
self.docker_cli = None
self.docker_data = {}
self.docker_data_json = ""
self.meta = {'imagename': imagename,
'shortname': None,
'humanname': None,
'imageId': None,
'shortId': None,
'parentId': None,
'shortparentId': None,
'usertype': usertype}
self.anchore_image_datadir = None
self.anchore_imagedir = None
self.anchore_data = {}
self.anchore_data_json = ""
self.anchore_allfiles = {}
self.anchore_allpkgs = {}
self.anchore_familytree = None
self.anchore_layers = None
self.anchore_current_tags = []
self.anchore_all_tags = []
self.anchore_tag_history = []
self.anchore_analyzer_meta_json = None
self.anchore_analyzer_meta = None
self.anchore_analysis_report = None
self.anchore_compare_report = None
self.anchore_gates_report = None
self.anchore_gates_eval_report = None
self.anchore_image_report = None
self.anchore_db = None
# do some setup
patt = re.compile('[0-9a-fA-F]+')
if (len(self.meta['imagename']) == 64 and patt.match(self.meta['imagename'])):
# imagename is a docker long uuid
self.meta['shortname'] = self.meta['imagename'][0:12]
else:
# image name is a non-uuid or a short uuid
self.meta['shortname'] = self.meta['imagename']
if docker_cli:
self.docker_cli = docker_cli
else:
self.docker_cli = docker.Client(base_url='unix://var/run/docker.sock', timeout=300)
self.anchore_image_datadir = anchore_image_datadir
if not os.path.exists(self.anchore_image_datadir):
os.makedirs(self.anchore_image_datadir)
if anchore_db:
self.anchore_db = anchore_db
else:
self.anchore_db = anchore_image_db.AnchoreImageDB(imagerootdir=self.anchore_image_datadir)
# set up metadata about the image from anchore and docker
if not self.load_image():
raise Exception("could not load image from Docker or Anchore")
# set up image directory structure
try:
self.outputdirs = {'image': 'image_output', 'analyzer': 'analyzer_output', 'compare': 'compare_output', 'gate': 'gates_output'}
for d in self.outputdirs.keys():
thedir = '/'.join([self.anchore_imagedir, self.outputdirs[d]])
if not os.path.exists(thedir):
os.makedirs(thedir)
except Exception as err:
raise err
# set up any additional internal members
self.initialized = True
self.discover_layers()
self.discover_familytree()
newlist = list(self.anchore_familytree)
while self.meta['imageId'] in newlist: newlist.remove(self.meta['imageId'])
anchore_utils.image_context_add(newlist, self.allimages, docker_cli=self.docker_cli, anchore_datadir=self.anchore_image_datadir, tmproot=self.tmpdirroot, anchore_db=self.anchore_db)
# Dockerfile handling
if self.dockerfile:
shutil.copy(self.dockerfile, self.anchore_imagedir + "/Dockerfile")
if os.path.exists(self.anchore_imagedir + "/Dockerfile"):
self.dockerfile_contents = anchore_utils.read_plainfile_tostr(self.anchore_imagedir + "/Dockerfile")
self.dockerfile_mode = 'Actual'
self.meta['usertype'] = 'user'
elif os.path.exists(self.anchore_imagedir + "/Dockerfile.guessed"):
self.dockerfile_contents = anchore_utils.read_plainfile_tostr(self.anchore_imagedir + "/Dockerfile.guessed")
self.dockerfile_mode = 'Guessed'
else:
self.dockerfile_contents = self.discover_dockerfile_contents()
self.dockerfile_mode = 'Guessed'
