def perform_analyze_nodocker(userId, manifest, image_record, registry_creds): ret_analyze = {} ret_query = {} localconfig = anchore_engine.configuration.localconfig.get_config() try: tmpdir = localconfig['tmp_dir'] except Exception as err: logger.warn("could not get tmp_dir from localconfig - exception: " + str(err)) tmpdir = "/tmp" # choose the first TODO possible more complex selection here try: image_detail = image_record['image_detail'][0] registry_manifest = manifest pullstring = image_detail['registry'] + "/" + image_detail['repo'] + "@" + image_detail['imageDigest'] fulltag = image_detail['registry'] + "/" + image_detail['repo'] + ":" + image_detail['tag'] logger.debug("using pullstring ("+str(pullstring)+") and fulltag ("+str(fulltag)+") to pull image data") except Exception as err: image_detail = pullstring = fulltag = None raise Exception("failed to extract requisite information from image_record - exception: " + str(err)) timer = int(time.time()) logger.spew("TIMING MARK0: " + str(int(time.time()) - timer)) logger.info("performing analysis on image: " + str([userId, pullstring, fulltag])) logger.debug("obtaining anchorelock..." + str(pullstring)) with localanchore.get_anchorelock(lockId=pullstring): logger.debug("obtaining anchorelock successful: " + str(pullstring)) analyzed_image_report = localanchore_standalone.analyze_image(userId, registry_manifest, image_record, tmpdir, registry_creds=registry_creds) ret_analyze = analyzed_image_report logger.info("performing analysis on image complete: " + str(pullstring)) return (ret_analyze)
def perform_analyze_localanchore(userId, manifest, image_record, registry_creds, layer_cache_enable=False): ret_analyze = {} localconfig = anchore_engine.configuration.localconfig.get_config() do_docker_cleanup = localconfig['cleanup_images'] try: image_detail = image_record['image_detail'][0] registry_manifest = manifest pullstring = image_detail['registry'] + "/" + image_detail[ 'repo'] + "@" + image_detail['imageDigest'] fulltag = image_detail['registry'] + "/" + image_detail[ 'repo'] + ":" + image_detail['tag'] logger.debug("using pullstring (" + str(pullstring) + ") and fulltag (" + str(fulltag) + ") to pull image data") except Exception as err: image_detail = pullstring = fulltag = None raise Exception( "failed to extract requisite information from image_record - exception: " + str(err)) timer = int(time.time()) logger.spew("TIMING MARK0: " + str(int(time.time()) - timer)) logger.debug("obtaining anchorelock..." + str(pullstring)) with localanchore.get_anchorelock(lockId=pullstring): logger.debug("obtaining anchorelock successful: " + str(pullstring)) logger.spew("TIMING MARK1: " + str(int(time.time()) - timer)) logger.info("performing analysis on image: " + str(pullstring)) # pull the digest, but also any tags associated with the image (that we know of) in order to populate the local docker image try: rc = localanchore.pull(userId, pullstring, image_detail, pulltags=True, registry_creds=registry_creds) if not rc: raise Exception("anchore analyze failed:") pullstring = re.sub("sha256:", "", rc['Id']) image_detail['imageId'] = pullstring except Exception as err: logger.error("error on pull: " + str(err)) raise err logger.spew("TIMING MARK2: " + str(int(time.time()) - timer)) # analyze! try: rc = localanchore.analyze(pullstring, image_detail) if not rc: raise Exception("anchore analyze failed:") except Exception as err: logger.error("error on analyze: " + str(err)) raise err logger.spew("TIMING MARK3: " + str(int(time.time()) - timer)) # get the result from anchore logger.debug("retrieving image data from anchore") try: image_data = localanchore.get_image_export(pullstring, image_detail) if not image_data: raise Exception("anchore image data export failed:") except Exception as err: logger.error("error on image export: " + str(err)) raise err logger.spew("TIMING MARK5: " + str(int(time.time()) - timer)) try: logger.debug("removing image: " + str(pullstring)) rc = localanchore.remove_image(pullstring, docker_remove=do_docker_cleanup, anchore_remove=True) logger.debug("removing image complete: " + str(pullstring)) except Exception as err: raise err logger.spew("TIMING MARK6: " + str(int(time.time()) - timer)) ret_analyze = image_data logger.info("performing analysis on image complete: " + str(pullstring)) return (ret_analyze)
def perform_analyze(userId, pullstring, fulltag, image_detail, registry_creds): ret_analyze = {} ret_query = {} localconfig = anchore_engine.configuration.localconfig.get_config() do_docker_cleanup = localconfig['cleanup_images'] timer = int(time.time()) logger.spew("TIMING MARK0: " + str(int(time.time()) - timer)) logger.debug("obtaining anchorelock..." + str(pullstring)) with localanchore.get_anchorelock(lockId=pullstring): logger.debug("obtaining anchorelock successful: " + str(pullstring)) logger.spew("TIMING MARK1: " + str(int(time.time()) - timer)) logger.info("performing analysis on image: " + str(pullstring)) # pull the digest, but also any tags associated with the image (that we know of) in order to populate the local docker image try: rc = localanchore.pull(userId, pullstring, image_detail, pulltags=True, registry_creds=registry_creds) if not rc: raise Exception("anchore analyze failed:") pullstring = re.sub("sha256:", "", rc['Id']) image_detail['imageId'] = pullstring except Exception as err: logger.error("error on pull: " + str(err)) raise err logger.spew("TIMING MARK2: " + str(int(time.time()) - timer)) # analyze! try: rc = localanchore.analyze(pullstring, image_detail) if not rc: raise Exception("anchore analyze failed:") except Exception as err: logger.error("error on analyze: " + str(err)) raise err logger.spew("TIMING MARK3: " + str(int(time.time()) - timer)) # query! try: query_data = localanchore.run_queries(pullstring, image_detail) if not query_data: raise Exception("anchore queries failed:") except Exception as err: logger.error("error on run_queries: " + str(err)) raise err logger.spew("TIMING MARK4: " + str(int(time.time()) - timer)) # get the result from anchore logger.debug("retrieving image data from anchore") try: image_data = localanchore.get_image_export(pullstring, image_detail) if not image_data: raise Exception("anchore image data export failed:") except Exception as err: logger.error("error on image export: " + str(err)) raise err logger.spew("TIMING MARK5: " + str(int(time.time()) - timer)) try: logger.debug("removing image: " + str(pullstring)) rc = localanchore.remove_image(pullstring, docker_remove=do_docker_cleanup, anchore_remove=True) logger.debug("removing image complete: " + str(pullstring)) except Exception as err: raise err logger.spew("TIMING MARK6: " + str(int(time.time()) - timer)) ret_analyze = image_data ret_query = query_data logger.info("performing analysis on image complete: " + str(pullstring)) return (ret_analyze, ret_query)