Esempio n. 1
0
    def test_get_image_vuln_types(self, add_alpine_latest_image):
        add_resp, api_conf = add_alpine_latest_image
        image_id = get_image_id(add_resp)

        resp = http_get(['images', 'by_id', image_id, 'vuln'], config=api_conf)

        assert resp == APIResponse(200)
Esempio n. 2
0
    def teardown():
        _logger.info("Removing alpine:edge image from anchore")
        remove_image_resp = http_del(
            ["images", "by_id",
             get_image_id(add_image_resp)],
            query={"force": True})
        if remove_image_resp.code != 200:
            raise RequestFailedError(remove_image_resp.url,
                                     remove_image_resp.code,
                                     remove_image_resp.body)

        _logger.info("Removing Archive Rule: rule_id={}".format(
            archive_rule_resp.body["rule_id"]))
        remove_rule_resp = http_del(
            ["archives", "rules", archive_rule_resp.body["rule_id"]])
        if remove_rule_resp.code != 200:
            raise RequestFailedError(remove_rule_resp.url,
                                     remove_rule_resp.code,
                                     remove_rule_resp.body)

        delete_archive_image_resp = http_del(
            ["archives", "images",
             get_image_digest(add_image_resp)],
            config=request.param,
        )
        if delete_archive_image_resp.code != 200:
            raise RequestFailedError(
                delete_archive_image_resp.url,
                delete_archive_image_resp.code,
                delete_archive_image_resp.body,
            )
Esempio n. 3
0
def add_alpine_latest_image(request):
    """
    Note: the test_subscriptions depends on this bit...because a subscription won't exist if there is no image added.
    For now, leave this as session scoped (we can make the subscription test create it's own images later)
    TODO: decouple test_subscriptions from this
    """

    resp = http_post(["images"], {"tag": "alpine:latest"}, config=request.param)
    if resp.code != 200:
        raise RequestFailedError(resp.url, resp.code, resp.body)
    image_id = get_image_id(resp)

    def remove_image_by_id():
        remove_resp = http_del(
            ["images", "by_id", image_id], query={"force": True}, config=request.param
        )
        if remove_resp.code != 200:
            if not does_ft_account_exist():
                # Because this is a session fixture, can't guarantee the order it runs against the account cleanup
                # Therefore, I've observed this finalizer running after the account is deleted. It's not the end of
                # the world, shouldn't be a failed test. If I make this fixture autouse=True, it has been generating an
                # extra matrix of tests which is worse than just letting the finalizer skip
                _logger.info(
                    "{} account does not exist, ignoring for teardown".format(
                        FT_ACCOUNT
                    )
                )
                return
            raise RequestFailedError(
                remove_resp.url, remove_resp.code, remove_resp.body
            )

    request.addfinalizer(remove_image_by_id)
    return resp, request.param
Esempio n. 4
0
    def teardown():
        _logger.info('Removing alpine:edge image from anchore')
        remove_image_resp = http_del(
            ['images', 'by_id',
             get_image_id(add_image_resp)],
            query={'force': True})
        if remove_image_resp.code != 200:
            raise RequestFailedError(remove_image_resp.url,
                                     remove_image_resp.code,
                                     remove_image_resp.body)

        _logger.info('Removing Archive Rule: rule_id={}'.format(
            archive_rule_resp.body['rule_id']))
        remove_rule_resp = http_del(
            ['archives', 'rules', archive_rule_resp.body['rule_id']])
        if remove_rule_resp.code != 200:
            raise RequestFailedError(remove_rule_resp.url,
                                     remove_rule_resp.code,
                                     remove_rule_resp.body)

        delete_archive_image_resp = http_del(
            ['archives', 'images',
             get_image_digest(add_image_resp)],
            config=request.param)
        if delete_archive_image_resp.code != 200:
            raise RequestFailedError(delete_archive_image_resp.url,
                                     delete_archive_image_resp.code,
                                     delete_archive_image_resp.body)
Esempio n. 5
0
    def test_get_image_vuln_types(self, add_alpine_latest_image):
        add_resp, api_conf = add_alpine_latest_image
        image_id = get_image_id(add_resp)

        resp = http_get(["images", "by_id", image_id, "vuln"], config=api_conf)

        assert resp == APIResponse(200)
Esempio n. 6
0
    def test_query_image_by_vuln(self, add_alpine_latest_image):
        """
        These tests seem to always return early because the system needs to be up and running for a while to gather
        feed data and analyze images. Good candidates for moving to an external test suite where an environment has
        been running for a while.
        """
        add_resp, api_conf = add_alpine_latest_image
        # Arbitrarily get the first vuln from the os vuln response
        try:
            first_vuln = (get_alpine_latest_image_os_vuln(
                get_image_id(add_resp), get_image_digest(add_resp),
                api_conf).body.get("vulnerabilities", [])[0].get("vuln", None))
        except IndexError:
            self._logger.warning(
                "No vulnerabilities found, cannot test query images by vulnerabilities"
            )
            return

        assert first_vuln is not None
        resp = http_get(
            ["query", "images", "by_vulnerability"],
            {"vulnerability_id": first_vuln},
            config=api_conf,
        )
        assert resp == APIResponse(200)
Esempio n. 7
0
def create_and_teardown_archive_rule(request):
    """
    In order to interact with the archives API, a rule must be added first,
    which depends on there being an image added as well:
    1. Add node:latest image (this isn't currently depended upon in other tests)
    2. Add Archive Rule

    Note: This appears to only work for the root user ATM, so don't run w/ ft_user
    """
    _logger.info("Adding alpine:edge Image for analysis")
    add_image_resp = http_post(['images'], {'tag': 'alpine:edge'}, config=request.param)
    if add_image_resp.code != 200:
        raise RequestFailedError(add_image_resp.url, add_image_resp.code, add_image_resp.body)

    wait_for_image_to_analyze(get_image_id(add_image_resp), request.param)

    archive_rule_json = {
        "analysis_age_days": 0,
        "created_at": "2020-08-25T17:15:16.865Z",
        "last_updated": "2020-08-25T17:15:16.865Z",
        "selector": {
            "registry": "docker.io",
            "repository": "alpine",
            "tag": "edge"
        },
        "system_global": True,
        "tag_versions_newer": 0,
        "transition": "archive"
    }
    _logger.info('Adding Archive Rule')
    archive_rule_resp = http_post(['archives', 'rules'], archive_rule_json, config=request.param)
    if archive_rule_resp.code != 200:
        raise RequestFailedError(archive_rule_resp.url, archive_rule_resp.code, archive_rule_resp.body)

    archive_resp = http_post(['archives', 'images'], [get_image_digest(add_image_resp)], config=request.param)
    if archive_resp.code != 200:
        raise RequestFailedError(archive_resp.url, archive_resp.code, archive_resp.body)

    def teardown():
        _logger.info('Removing alpine:edge image from anchore')
        remove_image_resp = http_del(['images', 'by_id', get_image_id(add_image_resp)], query={'force': True})
        if remove_image_resp.code != 200:
            raise RequestFailedError(remove_image_resp.url, remove_image_resp.code, remove_image_resp.body)

        _logger.info('Removing Archive Rule: rule_id={}'.format(archive_rule_resp.body['rule_id']))
        remove_rule_resp = http_del(['archives', 'rules', archive_rule_resp.body['rule_id']])
        if remove_rule_resp.code != 200:
            raise RequestFailedError(remove_rule_resp.url, remove_rule_resp.code, remove_rule_resp.body)

        delete_archive_image_resp = http_del(['archives', 'images', get_image_digest(add_image_resp)],
                                             config=request.param)
        if delete_archive_image_resp.code != 200:
            raise RequestFailedError(delete_archive_image_resp.url,
                                     delete_archive_image_resp.code,
                                     delete_archive_image_resp.body)

    request.addfinalizer(teardown)

    return add_image_resp, archive_rule_resp, archive_resp, request.param
Esempio n. 8
0
    def test_get_image_content_ctype(self, add_alpine_latest_image):
        add_resp, api_conf = add_alpine_latest_image
        image_id = get_image_id(add_resp)

        wait_for_image_to_analyze(image_id, api_conf)

        resp = http_get(["images", "by_id", image_id, "content", "os"], config=api_conf)

        assert resp == APIResponse(200)
Esempio n. 9
0
    def test_get_image_content_ctype(self, add_alpine_latest_image):
        add_resp, api_conf = add_alpine_latest_image
        image_id = get_image_id(add_resp)

        wait_for_image_to_analyze(image_id, api_conf)

        resp = http_get(['images', 'by_id', image_id, 'content', 'os'], config=api_conf)

        assert resp == APIResponse(200)
Esempio n. 10
0
    def test_query_image_by_content(self, add_alpine_latest_image):
        add_resp, api_conf = add_alpine_latest_image
        # Arbitrarily get the first package from the os content response
        first_package = get_alpine_latest_image_os_content(get_image_id(add_resp),
                                                           get_image_digest(add_resp),
                                                           api_conf).body.get('content', [])[0].get('package', None)

        assert first_package is not None
        resp = http_get(['query', 'images', 'by_package'], {'name': first_package}, config=api_conf)
        assert resp == APIResponse(200)
Esempio n. 11
0
    def test_get_image_content_types_by_digest(self, add_alpine_latest_image):
        add_resp, api_conf = add_alpine_latest_image
        image_id = get_image_id(add_resp)

        wait_for_image_to_analyze(image_id, api_conf)

        image_digest = get_image_digest(add_resp)

        resp = http_get(["images", image_digest, "content"], config=api_conf)

        assert resp == APIResponse(200)
Esempio n. 12
0
    def test_get_image_content_java_by_digest(self, add_alpine_latest_image):
        add_resp, api_conf = add_alpine_latest_image
        image_id = get_image_id(add_resp)

        wait_for_image_to_analyze(image_id, api_conf)

        image_digest = get_image_digest(add_resp)

        resp = http_get(['images', image_digest, 'content', 'java'], config=api_conf)

        assert resp == APIResponse(200)
Esempio n. 13
0
    def test_get_image_metadata(self, add_alpine_latest_image):
        add_resp, api_conf = add_alpine_latest_image
        image_id = get_image_id(add_resp)

        wait_for_image_to_analyze(image_id, api_conf)

        image_digest = get_image_digest(add_resp)

        resp = http_get(['images', image_digest], config=api_conf)

        assert resp == APIResponse(200)
Esempio n. 14
0
    def test_query_image_by_content(self, add_alpine_latest_image):
        add_resp, api_conf = add_alpine_latest_image
        # Arbitrarily get the first package from the os content response
        first_package = (get_alpine_latest_image_os_content(
            get_image_id(add_resp), get_image_digest(add_resp),
            api_conf).body.get("content", [])[0].get("package", None))

        assert first_package is not None
        resp = http_get(["query", "images", "by_package"],
                        {"name": first_package},
                        config=api_conf)
        assert resp == APIResponse(200)
Esempio n. 15
0
    def test_query_vuln(self, add_alpine_latest_image):
        add_resp, api_conf = add_alpine_latest_image
        # Arbitrarily get the first vuln from the os vuln response for alpine image
        try:
            first_vuln = get_alpine_latest_image_os_vuln(get_image_id(add_resp),
                                                         get_image_digest(add_resp),
                                                         api_conf).body.get('vulnerabilities', [])[0].get('vuln', None)
        except IndexError:
            self._logger.warning('No vulnerabilities found, cannot test query vulnerabilities')
            return

        assert first_vuln is not None
        resp = http_get(['query', 'vulnerabilities'], {'id': first_vuln}, config=api_conf)
        assert resp == APIResponse(200)
Esempio n. 16
0
    def test_get_all_image_vulns_by_type(self, add_alpine_latest_image):
        add_resp, api_conf = add_alpine_latest_image
        image_id = get_image_id(add_resp)

        resp = http_get(['images', 'by_id', image_id, 'vuln'], config=api_conf)

        assert resp == APIResponse(200)

        wait_for_image_to_analyze(image_id, api_conf)

        vuln_types = resp.body
        for v_type in vuln_types:
            resp = http_get(['images', 'by_id', image_id, 'vuln', v_type], config=api_conf)
            assert resp == APIResponse(200)
Esempio n. 17
0
    def test_get_image_policy_evaluation(self, add_alpine_latest_image, query):
        add_resp, api_conf = add_alpine_latest_image
        image_id = get_image_id(add_resp)

        wait_for_image_to_analyze(image_id, api_conf)

        image_tag = get_image_tag(add_resp)

        query['tag'] = image_tag
        if query.get('policyId'):
            query['policyId'] = get_first_policy_id(api_conf)

        resp = http_get(['images', 'by_id', image_id, 'check'], {'tag': image_tag}, config=api_conf)
        assert resp == APIResponse(200)
Esempio n. 18
0
    def test_get_image_policy_evaluation(self, add_alpine_latest_image, query):
        add_resp, api_conf = add_alpine_latest_image
        image_id = get_image_id(add_resp)

        wait_for_image_to_analyze(image_id, api_conf)

        image_tag = get_image_tag(add_resp)

        query["tag"] = image_tag
        if query.get("policyId"):
            query["policyId"] = get_first_policy_id(api_conf)

        resp = http_get(
            ["images", "by_id", image_id, "check"], {"tag": image_tag}, config=api_conf
        )
        assert resp == APIResponse(200)
Esempio n. 19
0
    def test_get_image_metadata_all_types_by_digest(self, add_alpine_latest_image):
        add_resp, api_conf = add_alpine_latest_image
        image_id = get_image_id(add_resp)

        wait_for_image_to_analyze(image_id, api_conf)

        image_digest = get_image_digest(add_resp)

        resp = http_get(['images', image_digest, 'metadata'], config=api_conf)

        assert resp == APIResponse(200)

        m_types = resp.body
        for m_type in m_types:
            resp = http_get(['images', image_digest, 'metadata', m_type], config=api_conf)
            assert resp == APIResponse(200)
Esempio n. 20
0
    def test_get_image_vulns_all_types_by_digest(self, add_alpine_latest_image, query):
        add_resp, api_conf = add_alpine_latest_image
        image_id = get_image_id(add_resp)

        wait_for_image_to_analyze(image_id, api_conf)

        image_digest = get_image_digest(add_resp)

        resp = http_get(['images', image_digest, 'vuln'], config=api_conf)

        assert resp == APIResponse(200)

        v_types = resp.body
        for v_type in v_types:
            resp = http_get(['images', image_digest, 'vuln', v_type], query=query, config=api_conf)
            assert resp == APIResponse(200)
Esempio n. 21
0
    def test_get_image_file_content_artifacts(self, add_alpine_latest_image):
        add_resp, api_conf = add_alpine_latest_image

        api_conf_name = str(api_conf.__name__)
        if api_conf_name != 'get_api_conf':
            pytest.skip(
                'Image File Content Search Endpoint only works for root user of admin account: currentUserAPIConf={}'.format(
                    api_conf_name))
        image_id = get_image_id(add_resp)

        wait_for_image_to_analyze(image_id, api_conf)

        image_digest = get_image_digest(add_resp)

        resp = http_get(['images', image_digest, 'artifacts', 'file_content_search'])
        assert resp == APIResponse(200)
Esempio n. 22
0
    def test_get_image_secret_search(self, add_alpine_latest_image):
        add_resp, api_conf = add_alpine_latest_image

        api_conf_name = str(api_conf.__name__)
        if api_conf_name != "get_api_conf":
            pytest.skip(
                "Image Secret Search Endpoint only works for root user of admin account: currentUserAPIConf={}"
                .format(api_conf_name))

        image_id = get_image_id(add_resp)

        wait_for_image_to_analyze(image_id, api_conf)

        image_digest = get_image_digest(add_resp)

        resp = http_get(["images", image_digest, "artifacts", "secret_search"])
        assert resp == APIResponse(200)