def get_content(request_inputs, content_type, doformat=False): user_auth = request_inputs['auth'] method = request_inputs['method'] bodycontent = request_inputs['bodycontent'] params = request_inputs['params'] return_object = {} httpcode = 500 userId, pw = user_auth try: tag = params.pop('tag', None) imageDigest = params.pop('imageDigest', None) digest = params.pop('digest', None) image_reports = catalog.get_image(user_auth, tag=tag, digest=digest, imageDigest=imageDigest) for image_report in image_reports: if image_report['analysis_status'] != taskstate.complete_state('analyze'): httpcode = 404 raise Exception("image is not analyzed - analysis_status: " + image_report['analysis_status']) imageDigest = image_report['imageDigest'] image_content_data = catalog.get_document(user_auth, 'image_content_data', imageDigest) return_object[imageDigest] = make_response_content(content_type, image_content_data[content_type]) httpcode = 200 except Exception as err: return_object = anchore_engine.services.common.make_response_error(err, in_httpcode=httpcode) httpcode = return_object['httpcode'] return (return_object, httpcode)
def _get_content(self, url): """ This can be *big*, as in hundreds of MB of data. Supported url formats: file:// http(s):// catalog://<userId>/<bucket>/<name> :param url: :return: """ split_url = urllib.splittype(url) if split_url[0] == 'file': return self._get_file(split_url[1]) elif split_url[0] == 'catalog': userId, bucket, name = split_url[1][2:].split('/') # Add auth if necessary try: with session_scope() as dbsession: usr_record = db_users.get(userId, session=dbsession) if not usr_record: raise Exception( 'User {} not found, cannot fetch analysis data'.format( userId)) except: log.exception( 'Cannot get credentials for user {} fetching the analysis content to load' .format(userId)) raise try: doc = catalog.get_document( (usr_record['userId'], usr_record['password']), bucket, name) return doc except: log.exception( 'Error retrieving analysis json from the catalog service') raise elif split_url[0].startswith('http'): retry = 3 while retry > 0: try: data_response = requests.get(url=url) content = data_response.json() return content except requests.HTTPError as ex: log.exception('HTTP exception: {}. Retrying'.format(ex)) retry = retry - 1 time.sleep(retry * 3) # Backoff and retry except: log.exception('Non HTTP exception. Retrying') retry = retry - 1 else: raise Exception('Cannot get content from url: {}'.format(url))
def get_content(request_inputs, content_type, doformat=False): user_auth = request_inputs['auth'] method = request_inputs['method'] bodycontent = request_inputs['bodycontent'] params = request_inputs['params'] return_object = {} httpcode = 500 userId, pw = user_auth try: if content_type not in anchore_engine.services.common.image_content_types: httpcode = 404 raise Exception("content type (" + str(content_type) + ") not available") tag = params.pop('tag', None) imageDigest = params.pop('imageDigest', None) digest = params.pop('digest', None) image_reports = catalog.get_image(user_auth, tag=tag, digest=digest, imageDigest=imageDigest) for image_report in image_reports: if image_report['analysis_status'] != taskstate.complete_state( 'analyze'): httpcode = 404 raise Exception("image is not analyzed - analysis_status: " + image_report['analysis_status']) imageDigest = image_report['imageDigest'] try: image_content_data = catalog.get_document( user_auth, 'image_content_data', imageDigest) except Exception as err: raise anchore_engine.services.common.make_anchore_exception( err, input_message="cannot fetch content data from archive", input_httpcode=500) if content_type not in image_content_data: httpcode = 404 raise Exception( "image content of type (" + str(content_type) + ") was not an available type at analysis time for this image" ) return_object[imageDigest] = make_response_content( content_type, image_content_data[content_type]) httpcode = 200 except Exception as err: return_object = anchore_engine.services.common.make_response_error( err, in_httpcode=httpcode) httpcode = return_object['httpcode'] return (return_object, httpcode)
def make_response_policyeval(user_auth, eval_record, params): ret = {} userId, pw = user_auth try: tag = eval_record['tag'] ret[tag] = {} if eval_record['evalId'] and eval_record['policyId']: ret[tag]['detail'] = {} if params and 'detail' in params and params['detail']: eval_data = catalog.get_document(user_auth, 'policy_evaluations', eval_record['evalId']) # ret[tag]['detail']['result'] = json.loads(eval_data) ret[tag]['detail']['result'] = eval_data bundle_data = catalog.get_document(user_auth, 'policy_bundles', eval_record['policyId']) # ret[tag]['detail']['policy'] = json.loads(bundle_data) ret[tag]['detail']['policy'] = bundle_data ret[tag]['policyId'] = eval_record['policyId'] if eval_record['final_action'].upper() in ['GO', 'WARN']: ret[tag]['status'] = 'pass' else: ret[tag]['status'] = 'fail' ret[tag]['last_evaluation'] = datetime.datetime.fromtimestamp( eval_record['created_at']).isoformat() else: ret[tag]['policyId'] = "N/A" ret[tag]['final_action'] = "fail" ret[tag]['last_evaluation'] = "N/A" ret[tag]['detail'] = {} except Exception as err: raise Exception("failed to format policy eval response: " + str(err)) return (ret)
def get_image_summary(user_auth, image_record): ret = {} if image_record['analysis_status'] != taskstate.complete_state('analyze'): return (ret) # augment with image summary data, if available try: try: image_summary_data = catalog.get_document( user_auth, 'image_summary_data', image_record['imageDigest']) except: image_summary_data = {} if not image_summary_data: # (re)generate image_content_data document logger.debug("generating image summary data from analysis data") image_data = catalog.get_document(user_auth, 'analysis_data', image_record['imageDigest']) image_content_data = {} for content_type in anchore_engine.services.common.image_content_types: try: image_content_data[ content_type] = anchore_engine.services.common.extract_analyzer_content( image_data, content_type) except: image_content_data[content_type] = {} if image_content_data: logger.debug("adding image content data to archive") rc = catalog.put_document(user_auth, 'image_content_data', image_record['imageDigest'], image_content_data) image_summary_data = {} try: image_summary_data = anchore_engine.services.common.extract_analyzer_content( image_data, 'metadata') except: image_summary_data = {} if image_summary_data: logger.debug("adding image summary data to archive") rc = catalog.put_document(user_auth, 'image_summary_data', image_record['imageDigest'], image_summary_data) image_summary_metadata = copy.deepcopy(image_summary_data) if image_summary_metadata: logger.debug("getting image summary data") summary_record = {} adm = image_summary_metadata['anchore_distro_meta'] summary_record['distro'] = adm.pop('DISTRO', 'N/A') summary_record['distro_version'] = adm.pop('DISTROVERS', 'N/A') air = image_summary_metadata['anchore_image_report'] airm = air.pop('meta', {}) al = air.pop('layers', []) ddata = air.pop('docker_data', {}) summary_record['layer_count'] = str(len(al)) summary_record['dockerfile_mode'] = air.pop( 'dockerfile_mode', 'N/A') summary_record['arch'] = ddata.pop('Architecture', 'N/A') summary_record['image_size'] = str(int(airm.pop('sizebytes', 0))) ret = summary_record except Exception as err: logger.warn("cannot get image summary data for image: " + str(image_record['imageDigest']) + " : " + str(err)) return (ret)
def get_content(request_inputs, content_type, doformat=False): user_auth = request_inputs['auth'] method = request_inputs['method'] bodycontent = request_inputs['bodycontent'] params = request_inputs['params'] return_object = {} httpcode = 500 userId, pw = user_auth try: if content_type not in anchore_engine.services.common.image_content_types + anchore_engine.services.common.image_metadata_types: httpcode = 404 raise Exception("content type (" + str(content_type) + ") not available") tag = params.pop('tag', None) imageDigest = params.pop('imageDigest', None) digest = params.pop('digest', None) image_reports = catalog.get_image(user_auth, tag=tag, digest=digest, imageDigest=imageDigest) for image_report in image_reports: if image_report['analysis_status'] != taskstate.complete_state( 'analyze'): httpcode = 404 raise Exception("image is not analyzed - analysis_status: " + image_report['analysis_status']) imageDigest = image_report['imageDigest'] if content_type == 'manifest': try: image_manifest_data = catalog.get_document( user_auth, 'manifest_data', imageDigest) except Exception as err: raise anchore_engine.services.common.make_anchore_exception( err, input_message="cannot fetch content data {} from archive" .format(content_type), input_httpcode=500) image_content_data = {'manifest': image_manifest_data} else: try: image_content_data = catalog.get_document( user_auth, 'image_content_data', imageDigest) except Exception as err: raise anchore_engine.services.common.make_anchore_exception( err, input_message="cannot fetch content data from archive", input_httpcode=500) # special handler for dockerfile contents from old method to new if content_type == 'dockerfile' and not image_content_data.get( 'dockerfile', None): try: if image_report.get('dockerfile_mode', None) == 'Actual': for image_detail in image_report.get( 'image_detail', []): if image_detail.get('dockerfile', None): logger.debug( "migrating old dockerfile content form into new" ) image_content_data[ 'dockerfile'] = image_detail.get( 'dockerfile', "").decode('base64') catalog.put_document( user_auth, 'image_content_data', imageDigest, image_content_data) break except Exception as err: logger.warn( "cannot fetch/decode dockerfile contents from image_detail - {}" .format(err)) if content_type not in image_content_data: httpcode = 404 raise Exception( "image content of type (" + str(content_type) + ") was not an available type at analysis time for this image" ) return_object[imageDigest] = make_response_content( content_type, image_content_data[content_type]) httpcode = 200 except Exception as err: return_object = anchore_engine.services.common.make_response_error( err, in_httpcode=httpcode) httpcode = return_object['httpcode'] return (return_object, httpcode)