def scan(self): if (not self.args.images and not self.args.containers and not self.args.all) and len(self.args.scan_targets) == 0: sys.stderr.write("\nYou must provide a list of containers or images to scan\n") sys.exit(1) self.ping() BUS_NAME = "org.OpenSCAP.daemon" OBJECT_PATH = "/OpenSCAP/daemon" INTERFACE = "org.OpenSCAP.daemon.Interface" input_resolve = {} if self.args.images: scan_list = self._get_all_image_ids() elif self.args.containers: scan_list = self._get_all_container_ids() elif self.args.all: cids = self._get_all_container_ids() iids = self._get_all_image_ids() scan_list = cids + iids else: scan_list = [] for scan_input in self.args.scan_targets: docker_id = self.get_input_id(scan_input) input_resolve[docker_id] = scan_input scan_list.append(docker_id) util.writeOut("\nScanning...\n") bus = dbus.SystemBus() try: oscap_d = bus.get_object(BUS_NAME, OBJECT_PATH) oscap_i = dbus.Interface(oscap_d, INTERFACE) # Check if the user has asked to override the behaviour of fetching the # latest CVE input data, as defined in the openscap-daemon conf file # oscap-daemon a byte of 0 (False), 1 (True), and 2 (no change) if self.args.fetch_cves is None: fetch = 2 elif self.args.fetch_cves: fetch = 1 else: fetch = 0 scan_return = json.loads(oscap_i.scan_list(scan_list, 4, fetch, timeout=99999)) except dbus.exceptions.DBusException as e: message = "The openscap-daemon returned: {0}".format(e.get_dbus_message()) if e.get_dbus_name() == 'org.freedesktop.DBus.Error.ServiceUnknown': message = "Unable to find the openscap-daemon dbus service. "\ "Either start the openscap-daemon service or pull " \ "and run the openscap-daemon image" sys.stderr.write("\n{0}\n\n".format(message)) sys.exit(1) if self.args.json: util.output_json(scan_return) else: if not self.args.detail: clean = util.print_scan_summary(scan_return, input_resolve) else: clean = util.print_detail_scan_summary(scan_return, input_resolve) if not clean: sys.exit(1)
def scan(self): self.ping() BUS_NAME = "org.OpenSCAP.daemon" OBJECT_PATH = "/OpenSCAP/daemon" INTERFACE = "org.OpenSCAP.daemon.Interface" input_resolve = {} if self.args.images: scan_list = self._get_all_image_ids() elif self.args.containers: scan_list = self._get_all_container_ids() elif self.args.all: cids = self._get_all_container_ids() iids = self._get_all_image_ids() scan_list = cids + iids else: scan_list = [] for scan_input in self.args.scan_targets: docker_id = self.get_input_id(scan_input) input_resolve[docker_id] = scan_input scan_list.append(docker_id) util.writeOut("\nScanning...\n") bus = dbus.SystemBus() try: oscap_d = bus.get_object(BUS_NAME, OBJECT_PATH) oscap_i = dbus.Interface(oscap_d, INTERFACE) scan_return = json.loads(oscap_i.scan_list(scan_list, 4)) except dbus.exceptions.DBusException: error = "Unable to find the openscap-daemon dbus service. "\ "Either start the openscap-daemon service or pull and run"\ " the openscap-daemon image" sys.stderr.write("\n{0}\n\n".format(error)) sys.exit(1) if self.args.json: util.output_json(scan_return) else: if not self.args.detail: clean = util.print_scan_summary(scan_return, input_resolve) else: clean = util.print_detail_scan_summary(scan_return, input_resolve) if not clean: sys.exit(1)
def scan(self): if (not self.args.images and not self.args.containers and not self.args.all) and len(self.args.scan_targets) == 0: sys.stderr.write( "\nYou must provide a list of containers or images to scan\n") sys.exit(1) self.ping() BUS_NAME = "org.OpenSCAP.daemon" OBJECT_PATH = "/OpenSCAP/daemon" INTERFACE = "org.OpenSCAP.daemon.Interface" input_resolve = {} if self.args.images: scan_list = self._get_all_image_ids() elif self.args.containers: scan_list = self._get_all_container_ids() elif self.args.all: cids = self._get_all_container_ids() iids = self._get_all_image_ids() scan_list = cids + iids else: scan_list = [] for scan_input in self.args.scan_targets: docker_id = self.get_input_id(scan_input) input_resolve[docker_id] = scan_input scan_list.append(docker_id) # Check to make sure none of the docker objects we need to # scan are already mounted. for docker_obj in scan_list: if util.is_dock_obj_mounted(docker_obj): sys.stderr.write( "\nThe object {0} is already mounted (in " "use) and therefore cannot be scanned.\n".format( docker_obj)) sys.exit(1) util.writeOut("\nScanning...\n") bus = dbus.SystemBus() try: oscap_d = bus.get_object(BUS_NAME, OBJECT_PATH) oscap_i = dbus.Interface(oscap_d, INTERFACE) # Check if the user has asked to override the behaviour of fetching the # latest CVE input data, as defined in the openscap-daemon conf file # oscap-daemon a byte of 0 (False), 1 (True), and 2 (no change) if self.args.fetch_cves is None: fetch = 2 elif self.args.fetch_cves: fetch = 1 else: fetch = 0 scan_return = json.loads( oscap_i.scan_list(scan_list, 4, fetch, timeout=99999)) except dbus.exceptions.DBusException as e: message = "The openscap-daemon returned: {0}".format( e.get_dbus_message()) if e.get_dbus_name( ) == 'org.freedesktop.DBus.Error.ServiceUnknown': message = "Unable to find the openscap-daemon dbus service. "\ "Either start the openscap-daemon service or pull " \ "and run the openscap-daemon image" sys.stderr.write("\n{0}\n\n".format(message)) sys.exit(1) if self.args.json: util.output_json(scan_return) else: if not self.args.detail: clean = util.print_scan_summary(scan_return, input_resolve) else: clean = util.print_detail_scan_summary(scan_return, input_resolve) if not clean: sys.exit(1)