def images_imageDigest_check(request_inputs, imageDigest):
user_auth = request_inputs['auth']
method = request_inputs['method']
bodycontent = request_inputs['bodycontent']
params = request_inputs['params']
return_object = {}
httpcode = 500
userId, pw = user_auth
try:
image_records = catalog.get_image(user_auth, imageDigest=imageDigest)
for image_record in image_records:
if image_record['analysis_status'] != taskstate.complete_state(
'analyze'):
httpcode = 404
raise Exception("image is not analyzed - analysis_status: " +
str(image_record['analysis_status']))
return_object, httpcode = images_check_impl(request_inputs,
image_records)
except Exception as err:
logger.debug("operation exception: " + str(err))
return_object = anchore_engine.services.common.make_response_error(
err, in_httpcode=httpcode)
httpcode = return_object['httpcode']
return (return_object, httpcode)
def get_content(request_inputs, content_type, doformat=False):
user_auth = request_inputs['auth']
method = request_inputs['method']
bodycontent = request_inputs['bodycontent']
params = request_inputs['params']
return_object = {}
httpcode = 500
userId, pw = user_auth
try:
tag = params.pop('tag', None)
imageDigest = params.pop('imageDigest', None)
digest = params.pop('digest', None)
image_reports = catalog.get_image(user_auth, tag=tag, digest=digest, imageDigest=imageDigest)
for image_report in image_reports:
if image_report['analysis_status'] != taskstate.complete_state('analyze'):
httpcode = 404
raise Exception("image is not analyzed - analysis_status: " + image_report['analysis_status'])
imageDigest = image_report['imageDigest']
image_content_data = catalog.get_document(user_auth, 'image_content_data', imageDigest)
return_object[imageDigest] = make_response_content(content_type, image_content_data[content_type])
httpcode = 200
except Exception as err:
return_object = anchore_engine.services.common.make_response_error(err, in_httpcode=httpcode)
httpcode = return_object['httpcode']
return (return_object, httpcode)
def verify_analysis_status(self, image_report):
if image_report and image_report[
"analysis_status"] != taskstate.complete_state("analyze"):
raise ResourceNotFound(
"image is not analyzed - analysis_status: %s" %
image_report["analysis_status"],
detail=self.get_error_detail(),
)
def get_content(request_inputs, content_type, doformat=False):
user_auth = request_inputs['auth']
method = request_inputs['method']
bodycontent = request_inputs['bodycontent']
params = request_inputs['params']
return_object = {}
httpcode = 500
userId, pw = user_auth
try:
if content_type not in anchore_engine.services.common.image_content_types:
httpcode = 404
raise Exception("content type (" + str(content_type) +
") not available")
tag = params.pop('tag', None)
imageDigest = params.pop('imageDigest', None)
digest = params.pop('digest', None)
image_reports = catalog.get_image(user_auth,
tag=tag,
digest=digest,
imageDigest=imageDigest)
for image_report in image_reports:
if image_report['analysis_status'] != taskstate.complete_state(
'analyze'):
httpcode = 404
raise Exception("image is not analyzed - analysis_status: " +
image_report['analysis_status'])
imageDigest = image_report['imageDigest']
try:
image_content_data = catalog.get_document(
user_auth, 'image_content_data', imageDigest)
except Exception as err:
raise anchore_engine.services.common.make_anchore_exception(
err,
input_message="cannot fetch content data from archive",
input_httpcode=500)
if content_type not in image_content_data:
httpcode = 404
raise Exception(
"image content of type (" + str(content_type) +
") was not an available type at analysis time for this image"
)
return_object[imageDigest] = make_response_content(
content_type, image_content_data[content_type])
httpcode = 200
except Exception as err:
return_object = anchore_engine.services.common.make_response_error(
err, in_httpcode=httpcode)
httpcode = return_object['httpcode']
return (return_object, httpcode)
def vulnerability_query(request_inputs, vulnerability_type, doformat=False):
user_auth = request_inputs['auth']
method = request_inputs['method']
bodycontent = request_inputs['bodycontent']
params = request_inputs['params']
return_object = {}
httpcode = 500
userId = request_inputs['userId']
localconfig = anchore_engine.configuration.localconfig.get_config()
system_user_auth = localconfig['system_user_auth']
verify = localconfig['internal_ssl_verify']
force_refresh = params.get('force_refresh', False)
vendor_only = params.get('vendor_only', True)
try:
if vulnerability_type not in anchore_engine.common.image_vulnerability_types + ['all']:
httpcode = 404
raise Exception("content type ("+str(vulnerability_type)+") not available")
tag = params.pop('tag', None)
imageDigest = params.pop('imageDigest', None)
digest = params.pop('digest', None)
catalog_client = internal_client_for(CatalogClient, userId)
image_reports = catalog_client.get_image(tag=tag, digest=digest, imageDigest=imageDigest)
for image_report in image_reports:
if image_report['analysis_status'] != taskstate.complete_state('analyze'):
httpcode = 404
raise Exception("image is not analyzed - analysis_status: " + image_report['analysis_status'])
imageDigest = image_report['imageDigest']
try:
image_detail = image_report['image_detail'][0]
imageId = image_detail['imageId']
client = internal_client_for(PolicyEngineClient, userId)
resp = client.get_image_vulnerabilities(user_id=userId, image_id=imageId, force_refresh=force_refresh, vendor_only=vendor_only)
if doformat:
ret = make_response_vulnerability(vulnerability_type, resp)
return_object[imageDigest] = ret
else:
return_object[imageDigest] = resp
httpcode = 200
except Exception as err:
httpcode = 500
raise Exception("could not fetch vulnerabilities - exception: " + str(err))
httpcode = 200
except Exception as err:
return_object = anchore_engine.common.helpers.make_response_error(err, in_httpcode=httpcode)
httpcode = return_object['httpcode']
return (return_object, httpcode)
def vulnerability_query(request_inputs, vulnerability_type, doformat=False):
user_auth = request_inputs['auth']
method = request_inputs['method']
bodycontent = request_inputs['bodycontent']
params = request_inputs['params']
return_object = {}
httpcode = 500
userId, pw = user_auth
localconfig = anchore_engine.configuration.localconfig.get_config()
system_user_auth = localconfig['system_user_auth']
verify = localconfig['internal_ssl_verify']
try:
if vulnerability_type not in anchore_engine.services.common.image_vulnerability_types:
httpcode = 404
raise Exception("content type ("+str(vulnerability_type)+") not available")
tag = params.pop('tag', None)
imageDigest = params.pop('imageDigest', None)
digest = params.pop('digest', None)
image_reports = catalog.get_image(user_auth, tag=tag, digest=digest, imageDigest=imageDigest)
for image_report in image_reports:
if image_report['analysis_status'] != taskstate.complete_state('analyze'):
httpcode = 404
raise Exception("image is not analyzed - analysis_status: " + image_report['analysis_status'])
imageDigest = image_report['imageDigest']
try:
if vulnerability_type == 'os':
image_detail = image_report['image_detail'][0]
imageId = image_detail['imageId']
client = anchore_engine.clients.policy_engine.get_client(user=system_user_auth[0], password=system_user_auth[1], verify_ssl=verify)
resp = client.get_image_vulnerabilities(user_id=userId, image_id=imageId, force_refresh=False)
if doformat:
return_object[imageDigest] = make_response_vulnerability(vulnerability_type, resp.to_dict())
else:
return_object[imageDigest] = resp.to_dict()
else:
return_object[imageDigest] = []
httpcode = 200
except Exception as err:
httpcode = 500
raise Exception("could not fetch vulnerabilities - exception: " + str(err))
httpcode = 200
except Exception as err:
return_object = anchore_engine.services.common.make_response_error(err, in_httpcode=httpcode)
httpcode = return_object['httpcode']
return (return_object, httpcode)
def get_image_summary(user_auth, image_record):
ret = {}
if image_record['analysis_status'] != taskstate.complete_state('analyze'):
return (ret)
# augment with image summary data, if available
try:
try:
image_summary_data = catalog.get_document(
user_auth, 'image_summary_data', image_record['imageDigest'])
except:
image_summary_data = {}
if not image_summary_data:
# (re)generate image_content_data document
logger.debug("generating image summary data from analysis data")
image_data = catalog.get_document(user_auth, 'analysis_data',
image_record['imageDigest'])
image_content_data = {}
for content_type in anchore_engine.services.common.image_content_types:
try:
image_content_data[
content_type] = anchore_engine.services.common.extract_analyzer_content(
image_data, content_type)
except:
image_content_data[content_type] = {}
if image_content_data:
logger.debug("adding image content data to archive")
rc = catalog.put_document(user_auth, 'image_content_data',
image_record['imageDigest'],
image_content_data)
image_summary_data = {}
try:
image_summary_data = anchore_engine.services.common.extract_analyzer_content(
image_data, 'metadata')
except:
image_summary_data = {}
if image_summary_data:
logger.debug("adding image summary data to archive")
rc = catalog.put_document(user_auth, 'image_summary_data',
image_record['imageDigest'],
image_summary_data)
image_summary_metadata = copy.deepcopy(image_summary_data)
if image_summary_metadata:
logger.debug("getting image summary data")
summary_record = {}
adm = image_summary_metadata['anchore_distro_meta']
summary_record['distro'] = adm.pop('DISTRO', 'N/A')
summary_record['distro_version'] = adm.pop('DISTROVERS', 'N/A')
air = image_summary_metadata['anchore_image_report']
airm = air.pop('meta', {})
al = air.pop('layers', [])
ddata = air.pop('docker_data', {})
summary_record['layer_count'] = str(len(al))
summary_record['dockerfile_mode'] = air.pop(
'dockerfile_mode', 'N/A')
summary_record['arch'] = ddata.pop('Architecture', 'N/A')
summary_record['image_size'] = str(int(airm.pop('sizebytes', 0)))
ret = summary_record
except Exception as err:
logger.warn("cannot get image summary data for image: " +
str(image_record['imageDigest']) + " : " + str(err))
return (ret)
def get_content(request_inputs, content_type, doformat=False):
user_auth = request_inputs['auth']
method = request_inputs['method']
bodycontent = request_inputs['bodycontent']
params = request_inputs['params']
return_object = {}
httpcode = 500
userId, pw = user_auth
try:
if content_type not in anchore_engine.services.common.image_content_types + anchore_engine.services.common.image_metadata_types:
httpcode = 404
raise Exception("content type (" + str(content_type) +
") not available")
tag = params.pop('tag', None)
imageDigest = params.pop('imageDigest', None)
digest = params.pop('digest', None)
image_reports = catalog.get_image(user_auth,
tag=tag,
digest=digest,
imageDigest=imageDigest)
for image_report in image_reports:
if image_report['analysis_status'] != taskstate.complete_state(
'analyze'):
httpcode = 404
raise Exception("image is not analyzed - analysis_status: " +
image_report['analysis_status'])
imageDigest = image_report['imageDigest']
if content_type == 'manifest':
try:
image_manifest_data = catalog.get_document(
user_auth, 'manifest_data', imageDigest)
except Exception as err:
raise anchore_engine.services.common.make_anchore_exception(
err,
input_message="cannot fetch content data {} from archive"
.format(content_type),
input_httpcode=500)
image_content_data = {'manifest': image_manifest_data}
else:
try:
image_content_data = catalog.get_document(
user_auth, 'image_content_data', imageDigest)
except Exception as err:
raise anchore_engine.services.common.make_anchore_exception(
err,
input_message="cannot fetch content data from archive",
input_httpcode=500)
# special handler for dockerfile contents from old method to new
if content_type == 'dockerfile' and not image_content_data.get(
'dockerfile', None):
try:
if image_report.get('dockerfile_mode',
None) == 'Actual':
for image_detail in image_report.get(
'image_detail', []):
if image_detail.get('dockerfile', None):
logger.debug(
"migrating old dockerfile content form into new"
)
image_content_data[
'dockerfile'] = image_detail.get(
'dockerfile', "").decode('base64')
catalog.put_document(
user_auth, 'image_content_data',
imageDigest, image_content_data)
break
except Exception as err:
logger.warn(
"cannot fetch/decode dockerfile contents from image_detail - {}"
.format(err))
if content_type not in image_content_data:
httpcode = 404
raise Exception(
"image content of type (" + str(content_type) +
") was not an available type at analysis time for this image"
)
return_object[imageDigest] = make_response_content(
content_type, image_content_data[content_type])
httpcode = 200
except Exception as err:
return_object = anchore_engine.services.common.make_response_error(
err, in_httpcode=httpcode)
httpcode = return_object['httpcode']
return (return_object, httpcode)
