def load_security_information(self,
manifest_or_legacy_image,
include_vulnerabilities=False):
if not isinstance(manifest_or_legacy_image, ManifestDataType):
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.UNSUPPORTED_FOR_INDEXING)
status = None
try:
status = ManifestSecurityStatus.get(
manifest=manifest_or_legacy_image._db_id)
except ManifestSecurityStatus.DoesNotExist:
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.NOT_YET_INDEXED)
if status.index_status == IndexStatus.FAILED:
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.FAILED_TO_INDEX)
if status.index_status == IndexStatus.MANIFEST_UNSUPPORTED:
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.UNSUPPORTED_FOR_INDEXING)
if status.index_status == IndexStatus.IN_PROGRESS:
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.NOT_YET_INDEXED)
assert status.index_status == IndexStatus.COMPLETED
try:
report = self._secscan_api.vulnerability_report(
manifest_or_legacy_image.digest)
except APIRequestFailure as arf:
try:
status.delete_instance()
except ReadOnlyModeException:
pass
return SecurityInformationLookupResult.for_request_error(str(arf))
if report is None:
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.NOT_YET_INDEXED)
# TODO(alecmerdler): Provide a way to indicate the current scan is outdated (`report.state != status.indexer_hash`)
return SecurityInformationLookupResult.for_data(
SecurityInformation(
Layer(report["manifest_hash"], "", "", 4,
features_for(report))))
def load_security_information(self,
manifest_or_legacy_image,
include_vulnerabilities=False):
status = registry_model.get_security_status(manifest_or_legacy_image)
if status is None:
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.UNKNOWN_MANIFEST_OR_IMAGE)
if status == SecurityScanStatus.FAILED:
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.FAILED_TO_INDEX)
if status == SecurityScanStatus.UNSUPPORTED:
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.UNSUPPORTED_FOR_INDEXING)
if status == SecurityScanStatus.QUEUED:
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.NOT_YET_INDEXED)
assert status == SecurityScanStatus.SCANNED
try:
if include_vulnerabilities:
data = self._legacy_secscan_api.get_layer_data(
manifest_or_legacy_image, include_vulnerabilities=True)
else:
data = self._legacy_secscan_api.get_layer_data(
manifest_or_legacy_image, include_features=True)
except APIRequestFailure as arf:
return SecurityInformationLookupResult.for_request_error(str(arf))
if data is None:
# If no data was found but we reached this point, then it indicates we have incorrect security
# status for the manifest or legacy image. Mark the manifest or legacy image as unindexed
# so it automatically gets re-indexed.
if self.app.config.get("REGISTRY_STATE", "normal") == "normal":
registry_model.reset_security_status(manifest_or_legacy_image)
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.NOT_YET_INDEXED)
return SecurityInformationLookupResult.for_data(
SecurityInformation.from_dict(data))
def load_security_information(self,
manifest_or_legacy_image,
include_vulnerabilities=False):
status = registry_model.get_security_status(manifest_or_legacy_image)
if status is None:
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.UNKNOWN_MANIFEST_OR_IMAGE)
if status == SecurityScanStatus.FAILED:
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.FAILED_TO_INDEX)
if status == SecurityScanStatus.UNSUPPORTED:
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.UNSUPPORTED_FOR_INDEXING)
if status == SecurityScanStatus.QUEUED:
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.NOT_YET_INDEXED)
assert status == SecurityScanStatus.SCANNED
try:
if include_vulnerabilities:
data = self._legacy_secscan_api.get_layer_data(
manifest_or_legacy_image, include_vulnerabilities=True)
else:
data = self._legacy_secscan_api.get_layer_data(
manifest_or_legacy_image, include_features=True)
except APIRequestFailure as arf:
return SecurityInformationLookupResult.for_request_error(str(arf))
if data is None:
return SecurityInformationLookupResult.with_status(
ScanLookupStatus.NOT_YET_INDEXED)
return SecurityInformationLookupResult.for_data(
SecurityInformation.from_dict(data))
