def scan(self):
if (not self.args.images and not self.args.containers and not self.args.all) and len(self.args.scan_targets) == 0:
sys.stderr.write("\nYou must provide a list of containers or images to scan\n")
sys.exit(1)
self.ping()
BUS_NAME = "org.OpenSCAP.daemon"
OBJECT_PATH = "/OpenSCAP/daemon"
INTERFACE = "org.OpenSCAP.daemon.Interface"
input_resolve = {}
if self.args.images:
scan_list = self._get_all_image_ids()
elif self.args.containers:
scan_list = self._get_all_container_ids()
elif self.args.all:
cids = self._get_all_container_ids()
iids = self._get_all_image_ids()
scan_list = cids + iids
else:
scan_list = []
for scan_input in self.args.scan_targets:
docker_id = self.get_input_id(scan_input)
input_resolve[docker_id] = scan_input
scan_list.append(docker_id)
util.writeOut("\nScanning...\n")
bus = dbus.SystemBus()
try:
oscap_d = bus.get_object(BUS_NAME, OBJECT_PATH)
oscap_i = dbus.Interface(oscap_d, INTERFACE)
# Check if the user has asked to override the behaviour of fetching the
# latest CVE input data, as defined in the openscap-daemon conf file
# oscap-daemon a byte of 0 (False), 1 (True), and 2 (no change)
if self.args.fetch_cves is None:
fetch = 2
elif self.args.fetch_cves:
fetch = 1
else:
fetch = 0
scan_return = json.loads(oscap_i.scan_list(scan_list, 4, fetch, timeout=99999))
except dbus.exceptions.DBusException as e:
message = "The openscap-daemon returned: {0}".format(e.get_dbus_message())
if e.get_dbus_name() == 'org.freedesktop.DBus.Error.ServiceUnknown':
message = "Unable to find the openscap-daemon dbus service. "\
"Either start the openscap-daemon service or pull " \
"and run the openscap-daemon image"
sys.stderr.write("\n{0}\n\n".format(message))
sys.exit(1)
if self.args.json:
util.output_json(scan_return)
else:
if not self.args.detail:
clean = util.print_scan_summary(scan_return, input_resolve)
else:
clean = util.print_detail_scan_summary(scan_return,
input_resolve)
if not clean:
sys.exit(1)
def scan(self):
self.ping()
BUS_NAME = "org.OpenSCAP.daemon"
OBJECT_PATH = "/OpenSCAP/daemon"
INTERFACE = "org.OpenSCAP.daemon.Interface"
input_resolve = {}
if self.args.images:
scan_list = self._get_all_image_ids()
elif self.args.containers:
scan_list = self._get_all_container_ids()
elif self.args.all:
cids = self._get_all_container_ids()
iids = self._get_all_image_ids()
scan_list = cids + iids
else:
scan_list = []
for scan_input in self.args.scan_targets:
docker_id = self.get_input_id(scan_input)
input_resolve[docker_id] = scan_input
scan_list.append(docker_id)
util.writeOut("\nScanning...\n")
bus = dbus.SystemBus()
try:
oscap_d = bus.get_object(BUS_NAME, OBJECT_PATH)
oscap_i = dbus.Interface(oscap_d, INTERFACE)
scan_return = json.loads(oscap_i.scan_list(scan_list, 4))
except dbus.exceptions.DBusException:
error = "Unable to find the openscap-daemon dbus service. "\
"Either start the openscap-daemon service or pull and run"\
" the openscap-daemon image"
sys.stderr.write("\n{0}\n\n".format(error))
sys.exit(1)
if self.args.json:
util.output_json(scan_return)
else:
if not self.args.detail:
clean = util.print_scan_summary(scan_return, input_resolve)
else:
clean = util.print_detail_scan_summary(scan_return,
input_resolve)
if not clean:
sys.exit(1)
def scan(self):
if (not self.args.images and not self.args.containers
and not self.args.all) and len(self.args.scan_targets) == 0:
sys.stderr.write(
"\nYou must provide a list of containers or images to scan\n")
sys.exit(1)
self.ping()
BUS_NAME = "org.OpenSCAP.daemon"
OBJECT_PATH = "/OpenSCAP/daemon"
INTERFACE = "org.OpenSCAP.daemon.Interface"
input_resolve = {}
if self.args.images:
scan_list = self._get_all_image_ids()
elif self.args.containers:
scan_list = self._get_all_container_ids()
elif self.args.all:
cids = self._get_all_container_ids()
iids = self._get_all_image_ids()
scan_list = cids + iids
else:
scan_list = []
for scan_input in self.args.scan_targets:
docker_id = self.get_input_id(scan_input)
input_resolve[docker_id] = scan_input
scan_list.append(docker_id)
# Check to make sure none of the docker objects we need to
# scan are already mounted.
for docker_obj in scan_list:
if util.is_dock_obj_mounted(docker_obj):
sys.stderr.write(
"\nThe object {0} is already mounted (in "
"use) and therefore cannot be scanned.\n".format(
docker_obj))
sys.exit(1)
util.writeOut("\nScanning...\n")
bus = dbus.SystemBus()
try:
oscap_d = bus.get_object(BUS_NAME, OBJECT_PATH)
oscap_i = dbus.Interface(oscap_d, INTERFACE)
# Check if the user has asked to override the behaviour of fetching the
# latest CVE input data, as defined in the openscap-daemon conf file
# oscap-daemon a byte of 0 (False), 1 (True), and 2 (no change)
if self.args.fetch_cves is None:
fetch = 2
elif self.args.fetch_cves:
fetch = 1
else:
fetch = 0
scan_return = json.loads(
oscap_i.scan_list(scan_list, 4, fetch, timeout=99999))
except dbus.exceptions.DBusException as e:
message = "The openscap-daemon returned: {0}".format(
e.get_dbus_message())
if e.get_dbus_name(
) == 'org.freedesktop.DBus.Error.ServiceUnknown':
message = "Unable to find the openscap-daemon dbus service. "\
"Either start the openscap-daemon service or pull " \
"and run the openscap-daemon image"
sys.stderr.write("\n{0}\n\n".format(message))
sys.exit(1)
if self.args.json:
util.output_json(scan_return)
else:
if not self.args.detail:
clean = util.print_scan_summary(scan_return, input_resolve)
else:
clean = util.print_detail_scan_summary(scan_return,
input_resolve)
if not clean:
sys.exit(1)
