def load_security_information(self,
manifest_or_legacy_image,
include_vulnerabilities=False):
status = registry_model.get_security_status(manifest_or_legacy_image)
if status is None:
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.UNKNOWN_MANIFEST_OR_IMAGE)
if status == SecurityScanStatus.FAILED:
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.FAILED_TO_INDEX)
if status == SecurityScanStatus.UNSUPPORTED:
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.UNSUPPORTED_FOR_INDEXING)
if status == SecurityScanStatus.QUEUED:
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.NOT_YET_INDEXED)
assert status == SecurityScanStatus.SCANNED
try:
if include_vulnerabilities:
data = self._legacy_secscan_api.get_layer_data(
manifest_or_legacy_image, include_vulnerabilities=True)
else:
data = self._legacy_secscan_api.get_layer_data(
manifest_or_legacy_image, include_features=True)
except APIRequestFailure as arf:
return SecurityInformationLookupResult.for_request_error(str(arf))
if data is None:
# If no data was found but we reached this point, then it indicates we have incorrect security
# status for the manifest or legacy image. Mark the manifest or legacy image as unindexed
# so it automatically gets re-indexed.
if self.app.config.get("REGISTRY_STATE", "normal") == "normal":
registry_model.reset_security_status(manifest_or_legacy_image)
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.NOT_YET_INDEXED)
return SecurityInformationLookupResult.for_data(
SecurityInformation.from_dict(data))
def load_security_information(self,
manifest_or_legacy_image,
include_vulnerabilities=False):
status = registry_model.get_security_status(manifest_or_legacy_image)
if status is None:
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.UNKNOWN_MANIFEST_OR_IMAGE)
if status == SecurityScanStatus.FAILED:
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.FAILED_TO_INDEX)
if status == SecurityScanStatus.UNSUPPORTED:
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.UNSUPPORTED_FOR_INDEXING)
if status == SecurityScanStatus.QUEUED:
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.NOT_YET_INDEXED)
assert status == SecurityScanStatus.SCANNED
try:
if include_vulnerabilities:
data = self._legacy_secscan_api.get_layer_data(
manifest_or_legacy_image, include_vulnerabilities=True)
else:
data = self._legacy_secscan_api.get_layer_data(
manifest_or_legacy_image, include_features=True)
except APIRequestFailure as arf:
return SecurityInformationLookupResult.for_request_error(str(arf))
if data is None:
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.NOT_YET_INDEXED)
return SecurityInformationLookupResult.for_data(
SecurityInformation.from_dict(data))
def _security_info(manifest_or_legacy_image, include_vulnerabilities=True):
""" Returns a dict representing the result of a call to the security status API for the given
manifest or image.
"""
status = registry_model.get_security_status(manifest_or_legacy_image)
if status is None:
raise NotFound()
if status != SecurityScanStatus.SCANNED:
return {
"status": status.value,
}
try:
if include_vulnerabilities:
data = secscan_api.get_layer_data(manifest_or_legacy_image,
include_vulnerabilities=True)
else:
data = secscan_api.get_layer_data(manifest_or_legacy_image,
include_features=True)
except APIRequestFailure as arf:
raise DownstreamIssue(arf.message)
if data is None:
# If no data was found but we reached this point, then it indicates we have incorrect security
# status for the manifest or legacy image. Mark the manifest or legacy image as unindexed
# so it automatically gets re-indexed.
if app.config.get("REGISTRY_STATE", "normal") == "normal":
registry_model.reset_security_status(manifest_or_legacy_image)
return {
"status": SecurityScanStatus.QUEUED.value,
}
return {
"status": status.value,
"data": data,
}