def check_docker_by_container_id(container_id):
# -- Check input
if not container_id:
return json.dumps({'err': 400, 'msg': 'Bad container id'}, sort_keys=True), 400
# -- Retrieves docker image name
try:
image_name = InternalServer.get_docker_driver().get_docker_image_name_by_container_id(container_id)
except Exception as ex:
message = "Unexpected exception of type {0} occurred while getting the docker image name: {1!r}" \
.format(type(ex).__name__, ex.get_message() if type(ex).__name__ == 'DagdaError' else ex.args)
DagdaLogger.get_logger().error(message)
return json.dumps({'err': 404, 'msg': 'Container Id not found'}, sort_keys=True), 404
# -- Process request
data = {}
data['image_name'] = image_name
data['timestamp'] = datetime.datetime.now().timestamp()
data['status'] = 'Analyzing'
id = InternalServer.get_mongodb_driver().insert_docker_image_scan_result_to_history(data)
InternalServer.get_dagda_edn().put({'msg': 'check_container', 'container_id': container_id, '_id': str(id)})
# -- Return
output = {}
output['id'] = str(id)
output['msg'] = 'Accepted the analysis of <' + image_name + '> with id: ' + container_id
return json.dumps(output, sort_keys=True), 202
def check_docker_by_image_name(image_name):
# -- Check input
if not image_name:
return json.dumps({
'err': 400,
'msg': 'Bad image name'
},
sort_keys=True), 400
# -- Docker pull from remote registry if it is necessary
try:
pulled = False
if not InternalServer.get_docker_driver().is_docker_image(image_name):
if ':' in image_name:
tmp = image_name.split(':')[0]
tag = image_name.split(':')[1]
msg = 'Error: image library/' + image_name + ':' + tag + ' not found'
output = InternalServer.get_docker_driver().docker_pull(
tmp, tag=tag)
else:
msg = 'Error: image library/' + image_name + ':latest not found'
output = InternalServer.get_docker_driver().docker_pull(
image_name)
if 'errorDetail' in output:
DagdaLogger.get_logger().error(msg)
raise DagdaError(msg)
pulled = True
except Exception as ex:
message = "Unexpected exception of type {0} occurred while pulling the docker image: {1!r}" \
.format(type(ex).__name__, ex.get_message() if type(ex).__name__ == 'DagdaError' else ex.args)
DagdaLogger.get_logger().error(message)
return json.dumps({
'err': 404,
'msg': 'Image name not found'
},
sort_keys=True), 404
# -- Process request
data = {}
data['image_name'] = image_name
data['timestamp'] = datetime.datetime.now().timestamp()
data['status'] = 'Analyzing'
id = InternalServer.get_mongodb_driver(
).insert_docker_image_scan_result_to_history(data)
InternalServer.get_dagda_edn().put({
'msg': 'check_image',
'image_name': image_name,
'_id': str(id),
'pulled': pulled
})
# -- Return
output = {}
output['id'] = str(id)
output['msg'] = 'Accepted the analysis of <' + image_name + '>'
return json.dumps(output, sort_keys=True), 202
def run(self):
edn_pid = os.fork()
if edn_pid == 0:
try:
while True:
item = InternalServer.get_dagda_edn().get()
if item['msg'] == 'init_db':
self._init_or_update_db()
elif item['msg'] == 'check_image':
self._check_docker_by_image_name(item)
elif item['msg'] == 'check_container':
self._check_docker_by_container_id(item)
except KeyboardInterrupt:
# Pressed CTRL+C to quit, so nothing to do
pass
else:
sysdig_falco_monitor_pid = os.fork()
if sysdig_falco_monitor_pid == 0:
try:
self.sysdig_falco_monitor.pre_check()
self.sysdig_falco_monitor.run()
except DagdaError as e:
DagdaLogger.get_logger().error(e.get_message())
DagdaLogger.get_logger().warning(
'Runtime behaviour monitor disabled.')
except KeyboardInterrupt:
# Pressed CTRL+C to quit
InternalServer.get_docker_driver().docker_stop(
self.sysdig_falco_monitor.get_running_container_id())
InternalServer.get_docker_driver().docker_remove_container(
self.sysdig_falco_monitor.get_running_container_id())
else:
DagdaServer.app.run(debug=False,
host=self.dagda_server_host,
port=self.dagda_server_port)
def run(self):
edn_pid = os.fork()
if edn_pid == 0:
try:
while True:
item = InternalServer.get_dagda_edn().get()
if item['msg'] == 'init_db':
self._init_or_update_db()
elif item['msg'] == 'check_image':
self._check_docker_by_image_name(item)
elif item['msg'] == 'check_container':
self._check_docker_by_container_id(item)
except KeyboardInterrupt:
# Pressed CTRL+C to quit, so nothing to do
None
else:
sysdig_falco_monitor_pid = os.fork()
if sysdig_falco_monitor_pid == 0:
try:
self.sysdig_falco_monitor.pre_check()
self.sysdig_falco_monitor.run()
except KeyboardInterrupt:
# Pressed CTRL+C to quit
InternalServer.get_docker_driver().docker_stop(self.sysdig_falco_monitor.get_running_container_id())
else:
DagdaServer.app.run(debug=False, host=self.dagda_server_host, port=self.dagda_server_port)
def check_docker_by_image_name(image_name):
# -- Check input
if not image_name:
return json.dumps({
'err': 400,
'msg': 'Bad image name'
},
sort_keys=True), 400
# -- Docker pull from remote registry if it is necessary
try:
pulled = False
if not InternalServer.get_docker_driver().is_docker_image(image_name):
output = InternalServer.get_docker_driver().docker_pull(image_name)
if 'errorDetail' in output:
msg = 'Error: image library/' + image_name + ':latest not found'
DagdaLogger.get_logger().error(msg)
raise DagdaError(msg)
pulled = True
except:
return json.dumps({
'err': 404,
'msg': 'Image name not found'
},
sort_keys=True), 404
# -- Process request
data = {}
data['image_name'] = image_name
data['timestamp'] = datetime.datetime.now().timestamp()
data['status'] = 'Analyzing'
id = InternalServer.get_mongodb_driver(
).insert_docker_image_scan_result_to_history(data)
InternalServer.get_dagda_edn().put({
'msg': 'check_image',
'image_name': image_name,
'_id': str(id),
'pulled': pulled
})
# -- Return
output = {}
output['id'] = str(id)
output['msg'] = 'Accepted the analysis of <' + image_name + '>'
return json.dumps(output, sort_keys=True), 202
def check_docker_by_container_id(container_id):
# -- Check input
if not container_id:
return json.dumps({
'err': 400,
'msg': 'Bad container id'
},
sort_keys=True), 400
# -- Retrieves docker image name
try:
image_name = InternalServer.get_docker_driver(
).get_docker_image_name_by_container_id(container_id)
except Exception as ex:
message = "Unexpected exception of type {0} occurred while getting the docker image name: {1!r}" \
.format(type(ex).__name__, ex.get_message() if type(ex).__name__ == 'DagdaError' else ex.args)
DagdaLogger.get_logger().error(message)
return json.dumps({
'err': 404,
'msg': 'Container Id not found'
},
sort_keys=True), 404
# -- Process request
data = {}
data['image_name'] = image_name
data['timestamp'] = datetime.datetime.now().timestamp()
data['status'] = 'Analyzing'
id = InternalServer.get_mongodb_driver(
).insert_docker_image_scan_result_to_history(data)
InternalServer.get_dagda_edn().put({
'msg': 'check_container',
'container_id': container_id,
'_id': str(id)
})
# -- Return
output = {}
output['id'] = str(id)
output[
'msg'] = 'Accepted the analysis of <' + image_name + '> with id: ' + container_id
return json.dumps(output, sort_keys=True), 202
def check_docker_by_image_name(image_name):
# -- Check input
if not image_name:
return json.dumps({'err': 400, 'msg': 'Bad image name'}, sort_keys=True), 400
# -- Docker pull from remote registry if it is necessary
try:
pulled = False
if not InternalServer.get_docker_driver().is_docker_image(image_name):
if ':' in image_name:
tmp = image_name.split(':')[0]
tag = image_name.split(':')[1]
msg = 'Error: image library/' + image_name + ':' + tag + ' not found'
output = InternalServer.get_docker_driver().docker_pull(tmp, tag=tag)
else:
msg = 'Error: image library/' + image_name + ':latest not found'
output = InternalServer.get_docker_driver().docker_pull(image_name)
if 'errorDetail' in output:
DagdaLogger.get_logger().error(msg)
raise DagdaError(msg)
pulled = True
except Exception as ex:
message = "Unexpected exception of type {0} occurred while pulling the docker image: {1!r}" \
.format(type(ex).__name__, ex.get_message() if type(ex).__name__ == 'DagdaError' else ex.args)
DagdaLogger.get_logger().error(message)
return json.dumps({'err': 404, 'msg': 'Image name not found'}, sort_keys=True), 404
# -- Process request
data = {}
data['image_name'] = image_name
data['timestamp'] = datetime.datetime.now().timestamp()
data['status'] = 'Analyzing'
id = InternalServer.get_mongodb_driver().insert_docker_image_scan_result_to_history(data)
InternalServer.get_dagda_edn().put({'msg': 'check_image', 'image_name': image_name, '_id': str(id),
'pulled': pulled})
# -- Return
output = {}
output['id'] = str(id)
output['msg'] = 'Accepted the analysis of <' + image_name + '>'
return json.dumps(output, sort_keys=True), 202
def check_docker_by_container_id(container_id):
# -- Check input
if not container_id:
return json.dumps({
'err': 400,
'msg': 'Bad container id'
},
sort_keys=True), 400
# -- Retrieves docker image name
try:
image_name = InternalServer.get_docker_driver(
).get_docker_image_name_from_container_id(container_id)
except:
return json.dumps({
'err': 404,
'msg': 'Container Id not found'
},
sort_keys=True), 404
# -- Process request
data = {}
data['image_name'] = image_name
data['timestamp'] = datetime.datetime.now().timestamp()
data['status'] = 'Analyzing'
_id = InternalServer.get_mongodb_driver(
).insert_docker_image_scan_result_to_history(data)
InternalServer.get_dagda_edn().put({
'msg': 'check_container',
'container_id': container_id,
'_id': str(_id)
})
# -- Return
output = {}
output['id'] = str(_id)
output[
'msg'] = 'Accepted the analysis of <' + image_name + '> with id: ' + container_id
return json.dumps(output, sort_keys=True), 202
def run(self):
edn_pid = os.fork()
if edn_pid == 0:
try:
while True:
item = InternalServer.get_dagda_edn().get()
if item['msg'] == 'init_db':
self._init_or_update_db()
elif item['msg'] == 'check_image':
self._check_docker_by_image_name(item)
elif item['msg'] == 'check_container':
self._check_docker_by_container_id(item)
except KeyboardInterrupt:
# Pressed CTRL+C to quit, so nothing to do
pass
else:
docker_events_monitor_pid = os.fork()
if docker_events_monitor_pid == 0:
try:
docker_daemon_events_monitor = DockerDaemonEventsMonitor(InternalServer.get_docker_driver(),
InternalServer.get_mongodb_driver())
docker_daemon_events_monitor.run()
except KeyboardInterrupt:
# Pressed CTRL+C to quit, so nothing to do
pass
else:
sysdig_falco_monitor_pid = os.fork()
if sysdig_falco_monitor_pid == 0:
try:
self.sysdig_falco_monitor.pre_check()
self.sysdig_falco_monitor.run()
except DagdaError as e:
DagdaLogger.get_logger().error(e.get_message())
DagdaLogger.get_logger().warning('Runtime behaviour monitor disabled.')
except KeyboardInterrupt:
# Pressed CTRL+C to quit
if not InternalServer.is_external_falco():
InternalServer.get_docker_driver().docker_stop(self.sysdig_falco_monitor.get_running_container_id())
InternalServer.get_docker_driver().docker_remove_container(
self.sysdig_falco_monitor.get_running_container_id())
else:
DagdaServer.app.run(debug=False, host=self.dagda_server_host, port=self.dagda_server_port)
def init_or_update_db():
InternalServer.get_dagda_edn().put({'msg': 'init_db'})
# -- Return
output = {}
output['msg'] = 'Accepted the init db request'
return json.dumps(output, sort_keys=True), 202
