def __init__(self, anchore_config, imagelist, allimages, force=False): self.config = anchore_config self.allimages = allimages if len(imagelist) <= 0: raise Exception("No images given to evaluate") self.images = anchore_utils.image_context_add( imagelist, allimages, docker_cli=contexts['docker_cli'], tmproot=self.config['tmpdir'], anchore_db=contexts['anchore_db'], docker_images=contexts['docker_images'], must_be_analyzed=True, must_load_all=True) self.anchoreDB = contexts['anchore_db'] self.default_gatepol = '/'.join( [self.config.config_dir, "anchore_gate.policy"]) self.default_global_whitelist = os.path.join( self.config.config_dir, "anchore_global.whitelist") self.policy_override = None self.global_whitelist_override = None self.show_triggerIds = False
def __init__(self, anchore_config, imagelist, allimages, force=False): self.config = anchore_config self.allimages = allimages if len(imagelist) <= 0: raise Exception("No images given to evaluate") self.images = anchore_utils.image_context_add(imagelist, allimages, docker_cli=contexts['docker_cli'], tmproot=self.config['tmpdir'], anchore_db=contexts['anchore_db'], docker_images=contexts['docker_images'], must_be_analyzed=True, must_load_all=True) self.anchoreDB = contexts['anchore_db'] self.default_gatepol = '/'.join([self.config.config_dir, "anchore_gate.policy"]) self.default_global_whitelist = os.path.join(self.config.config_dir, "anchore_global.whitelist") self.policy_override = None self.global_whitelist_override = None self.show_triggerIds = False
def __init__(self, imagename, allimages={}, tmpdirroot="/tmp", dockerfile=None, docker_cli=None, anchore_db=None, docker_images=None, usertype=None): self._logger.debug("initializing image: " + str(imagename)) # all members self.allimages = allimages self.initialized = False self.docleanup = True self.tmpdirroot = tmpdirroot self.tmpdir = '/'.join([self.tmpdirroot, str(random.randint(0, 9999999)) + ".anchoretmp"]) self.dockerfile = dockerfile self.dockerfile_contents = None self.dockerfile_mode = None self.docker_cli = None self.docker_data = {} self.docker_history = {} self.meta = {'imagename': None, 'shortname': None, 'humanname': None, 'imageId': None, 'shortId': None, 'parentId': None, 'shortparentId': None, 'usertype': usertype, 'sizebytes':0} self.anchore_data = {} self.anchore_allfiles = {} self.anchore_allpkgs = {} self.anchore_familytree = None self.anchore_layers = None self.anchore_current_tags = [] self.anchore_all_tags = [] self.anchore_tag_history = [] self.anchore_analyzer_meta = {} self.anchore_analysis_report = None self.anchore_gates_report = None self.anchore_gates_eval_report = None self.anchore_image_report = None # some contexts self.anchore_db = None self.docker_images = None self.anchore_config = None # do some setup # set up imageId try: result = anchore_utils.discover_imageId(imagename) if not result: raise Exception("could not locate image named ("+str(imagename)+") in anchore or local container system.") except Exception as err: raise Exception("input image name ("+str(imagename)+") is ambiguous. exception - " + str(err)) self.meta['imageId'] = result if dockerfile and (os.stat(dockerfile).st_size <= 0 or not os.path.exists(dockerfile) or not os.path.isfile(dockerfile)): raise Exception("input dockerfile ("+str(dockerfile)+") is invalid.") # set up external contexts if docker_cli: self.docker_cli = docker_cli elif 'docker_cli' in contexts and contexts['docker_cli']: self.docker_cli = contexts['docker_cli'] else: try: self.docker_cli = docker.Client(base_url='unix://var/run/docker.sock', version='auto', timeout=300) except Exception as err: self._logger.warn("could not establish connection with docker, some operations (analyze) may fail: exception: " + str(err)) if anchore_db: self.anchore_db = anchore_db elif 'anchore_db' in contexts and contexts['anchore_db']: self.anchore_db = contexts['anchore_db'] if not self.anchore_db: raise Exception("could not init/connect to anchoreDB") if docker_images: self.docker_images = docker_images elif 'docker_images' in contexts and contexts['docker_images']: self.docker_images = contexts['docker_images'] else: self.docker_images = anchore_utils.get_docker_images(self.docker_cli) if 'anchore_config' in contexts and contexts['anchore_config']: self.anchore_config = contexts['anchore_config'] # set up metadata about the image from anchoreDB and docker if not self.load_image(dockerfile): raise Exception("could not load image information from Docker or AnchoreDB") # set up image directory structure try: self.anchore_db.create_image(self.meta['imageId']) except Exception as err: raise err # set up any additional internal members self.initialized = True self.discover_layers() self.discover_familytree() self.discover_dockerfile_contents() newlist = list(self.anchore_familytree) while self.meta['imageId'] in newlist: newlist.remove(self.meta['imageId']) anchore_utils.image_context_add(newlist, self.allimages, docker_cli=self.docker_cli, tmproot=self.tmpdirroot, anchore_db=self.anchore_db, docker_images=self.docker_images)
def __init__(self, imagename, anchore_image_datadir, allimages, tmpdirroot="/tmp", dockerfile=None, docker_cli=None, anchore_db=None, usertype=None): # all members self.allimages = allimages self.initialized = False self.docleanup = True self.tmpdirroot = tmpdirroot self.tmpdir = '/'.join([self.tmpdirroot, str(random.randint(0, 9999999)) + ".anchoretmp"]) self.dockerfile = dockerfile self.dockerfile_contents = None self.dockerfile_mode = None self.docker_cli = None self.docker_data = {} self.docker_data_json = "" self.meta = {'imagename': imagename, 'shortname': None, 'humanname': None, 'imageId': None, 'shortId': None, 'parentId': None, 'shortparentId': None, 'usertype': usertype} self.anchore_image_datadir = None self.anchore_imagedir = None self.anchore_data = {} self.anchore_data_json = "" self.anchore_allfiles = {} self.anchore_allpkgs = {} self.anchore_familytree = None self.anchore_layers = None self.anchore_current_tags = [] self.anchore_all_tags = [] self.anchore_tag_history = [] self.anchore_analyzer_meta_json = None self.anchore_analyzer_meta = None self.anchore_analysis_report = None self.anchore_compare_report = None self.anchore_gates_report = None self.anchore_gates_eval_report = None self.anchore_image_report = None self.anchore_db = None # do some setup patt = re.compile('[0-9a-fA-F]+') if (len(self.meta['imagename']) == 64 and patt.match(self.meta['imagename'])): # imagename is a docker long uuid self.meta['shortname'] = self.meta['imagename'][0:12] else: # image name is a non-uuid or a short uuid self.meta['shortname'] = self.meta['imagename'] if docker_cli: self.docker_cli = docker_cli else: self.docker_cli = docker.Client(base_url='unix://var/run/docker.sock') self.anchore_image_datadir = anchore_image_datadir if not os.path.exists(self.anchore_image_datadir): os.makedirs(self.anchore_image_datadir) if anchore_db: self.anchore_db = anchore_db else: self.anchore_db = anchore_image_db.AnchoreImageDB(imagerootdir=self.anchore_image_datadir) # set up metadata about the image from anchore and docker if not self.load_image(): raise Exception("could not load image from Docker or Anchore") # set up image directory structure try: self.outputdirs = {'image': 'image_output', 'analyzer': 'analyzer_output', 'compare': 'compare_output', 'gate': 'gates_output'} for d in self.outputdirs.keys(): thedir = '/'.join([self.anchore_imagedir, self.outputdirs[d]]) if not os.path.exists(thedir): os.makedirs(thedir) except Exception as err: raise err # set up any additional internal members self.initialized = True self.discover_layers() self.discover_familytree() newlist = list(self.anchore_familytree) while self.meta['imageId'] in newlist: newlist.remove(self.meta['imageId']) anchore_utils.image_context_add(newlist, self.allimages, docker_cli=self.docker_cli, anchore_datadir=self.anchore_image_datadir, tmproot=self.tmpdirroot, anchore_db=self.anchore_db) # Dockerfile handling if self.dockerfile: shutil.copy(self.dockerfile, self.anchore_imagedir + "/Dockerfile") if os.path.exists(self.anchore_imagedir + "/Dockerfile"): self.dockerfile_contents = anchore_utils.read_plainfile_tostr(self.anchore_imagedir + "/Dockerfile") self.dockerfile_mode = 'Actual' self.meta['usertype'] = 'user' elif os.path.exists(self.anchore_imagedir + "/Dockerfile.guessed"): self.dockerfile_contents = anchore_utils.read_plainfile_tostr(self.anchore_imagedir + "/Dockerfile.guessed") self.dockerfile_mode = 'Guessed' else: self.dockerfile_contents = self.discover_dockerfile_contents() self.dockerfile_mode = 'Guessed'
def __init__(self, imagename, anchore_image_datadir, allimages, tmpdirroot="/tmp", dockerfile=None, docker_cli=None, anchore_db=None, docker_images=None, usertype=None): # all members self.allimages = allimages self.initialized = False self.docleanup = True self.tmpdirroot = tmpdirroot self.tmpdir = '/'.join( [self.tmpdirroot, str(random.randint(0, 9999999)) + ".anchoretmp"]) self.dockerfile = dockerfile self.dockerfile_contents = None self.dockerfile_mode = None self.docker_cli = None self.docker_data = {} self.docker_history = {} #self.docker_data_json = "" self.meta = { 'imagename': None, 'shortname': None, 'humanname': None, 'imageId': None, 'shortId': None, 'parentId': None, 'shortparentId': None, 'usertype': usertype, 'sizebytes': 0 } self.anchore_image_datadir = None self.anchore_imagedir = None self.anchore_data = {} self.anchore_allfiles = {} self.anchore_allpkgs = {} self.anchore_familytree = None self.anchore_layers = None self.anchore_current_tags = [] self.anchore_all_tags = [] self.anchore_tag_history = [] self.anchore_analyzer_meta = {} self.anchore_analysis_report = None self.anchore_gates_report = None self.anchore_gates_eval_report = None self.anchore_image_report = None # some contexts self.anchore_db = None self.docker_images = None # do some setup # set up imageId result = anchore_utils.discover_imageId(imagename) if len(result.keys()) <= 0: raise Exception("could not locate image named (" + str(imagename) + ") in anchore or local container system.") elif len(result.keys()) > 1: raise Exception("input image name (" + str(imagename) + ") is ambiguous.") else: self.meta['imageId'] = result.keys()[0] if dockerfile and (os.stat(dockerfile).st_size <= 0 or not os.path.exists(dockerfile) or not os.path.isfile(dockerfile)): raise Exception("input dockerfile (" + str(dockerfile) + ") is invalid.") self.anchore_image_datadir = anchore_image_datadir self.anchore_imagedir = os.path.join(anchore_image_datadir, self.meta['imageId']) # set up external contexts if docker_cli: self.docker_cli = docker_cli else: self.docker_cli = docker.Client( base_url='unix://var/run/docker.sock', timeout=300) if anchore_db: self.anchore_db = anchore_db else: self.anchore_db = anchore_image_db.AnchoreImageDB( imagerootdir=self.anchore_image_datadir) if docker_images: self.docker_images = docker_images else: self.docker_images = self.docker_cli.images(all=True) # set up metadata about the image from anchoreDB and docker if not self.load_image(dockerfile): raise Exception( "could not load image information from Docker or AnchoreDB") # set up image directory structure try: self.anchore_db.create_image(self.meta['imageId']) except Exception as err: raise err # set up any additional internal members self.initialized = True self.discover_layers() self.discover_familytree() self.discover_dockerfile_contents() newlist = list(self.anchore_familytree) while self.meta['imageId'] in newlist: newlist.remove(self.meta['imageId']) anchore_utils.image_context_add( newlist, self.allimages, docker_cli=self.docker_cli, anchore_datadir=self.anchore_image_datadir, tmproot=self.tmpdirroot, anchore_db=self.anchore_db, docker_images=self.docker_images)
def __init__(self, imagename, anchore_image_datadir, allimages, tmpdirroot="/tmp", dockerfile=None, docker_cli=None, anchore_db=None, usertype=None): # all members self.allimages = allimages self.initialized = False self.docleanup = True self.tmpdirroot = tmpdirroot self.tmpdir = '/'.join([self.tmpdirroot, str(random.randint(0, 9999999)) + ".anchoretmp"]) self.dockerfile = dockerfile self.dockerfile_contents = None self.dockerfile_mode = None self.docker_cli = None self.docker_data = {} self.docker_data_json = "" self.meta = {'imagename': imagename, 'shortname': None, 'humanname': None, 'imageId': None, 'shortId': None, 'parentId': None, 'shortparentId': None, 'usertype': usertype} self.anchore_image_datadir = None self.anchore_imagedir = None self.anchore_data = {} self.anchore_data_json = "" self.anchore_allfiles = {} self.anchore_allpkgs = {} self.anchore_familytree = None self.anchore_layers = None self.anchore_current_tags = [] self.anchore_all_tags = [] self.anchore_tag_history = [] self.anchore_analyzer_meta_json = None self.anchore_analyzer_meta = None self.anchore_analysis_report = None self.anchore_compare_report = None self.anchore_gates_report = None self.anchore_gates_eval_report = None self.anchore_image_report = None self.anchore_db = None # do some setup patt = re.compile('[0-9a-fA-F]+') if (len(self.meta['imagename']) == 64 and patt.match(self.meta['imagename'])): # imagename is a docker long uuid self.meta['shortname'] = self.meta['imagename'][0:12] else: # image name is a non-uuid or a short uuid self.meta['shortname'] = self.meta['imagename'] if docker_cli: self.docker_cli = docker_cli else: self.docker_cli = docker.Client(base_url='unix://var/run/docker.sock', timeout=300) self.anchore_image_datadir = anchore_image_datadir if not os.path.exists(self.anchore_image_datadir): os.makedirs(self.anchore_image_datadir) if anchore_db: self.anchore_db = anchore_db else: self.anchore_db = anchore_image_db.AnchoreImageDB(imagerootdir=self.anchore_image_datadir) # set up metadata about the image from anchore and docker if not self.load_image(): raise Exception("could not load image from Docker or Anchore") # set up image directory structure try: self.outputdirs = {'image': 'image_output', 'analyzer': 'analyzer_output', 'compare': 'compare_output', 'gate': 'gates_output'} for d in self.outputdirs.keys(): thedir = '/'.join([self.anchore_imagedir, self.outputdirs[d]]) if not os.path.exists(thedir): os.makedirs(thedir) except Exception as err: raise err # set up any additional internal members self.initialized = True self.discover_layers() self.discover_familytree() newlist = list(self.anchore_familytree) while self.meta['imageId'] in newlist: newlist.remove(self.meta['imageId']) anchore_utils.image_context_add(newlist, self.allimages, docker_cli=self.docker_cli, anchore_datadir=self.anchore_image_datadir, tmproot=self.tmpdirroot, anchore_db=self.anchore_db) # Dockerfile handling if self.dockerfile: shutil.copy(self.dockerfile, self.anchore_imagedir + "/Dockerfile") if os.path.exists(self.anchore_imagedir + "/Dockerfile"): self.dockerfile_contents = anchore_utils.read_plainfile_tostr(self.anchore_imagedir + "/Dockerfile") self.dockerfile_mode = 'Actual' self.meta['usertype'] = 'user' elif os.path.exists(self.anchore_imagedir + "/Dockerfile.guessed"): self.dockerfile_contents = anchore_utils.read_plainfile_tostr(self.anchore_imagedir + "/Dockerfile.guessed") self.dockerfile_mode = 'Guessed' else: self.dockerfile_contents = self.discover_dockerfile_contents() self.dockerfile_mode = 'Guessed'