def test_load_security_information_v2_only(repository, v4_whitelist, initialized_db):
app.config["SECURITY_SCANNER_V4_NAMESPACE_WHITELIST"] = v4_whitelist
secscan_model.configure(app, instance_keys, storage)
repo = registry_model.lookup_repository(*repository)
for tag in registry_model.list_all_active_repository_tags(repo):
manifest = registry_model.get_manifest_for_tag(tag)
assert manifest
result = secscan_model.load_security_information(manifest, True)
assert isinstance(result, SecurityInformationLookupResult)
assert result.status == ScanLookupStatus.NOT_YET_INDEXED
def test_load_security_information(repository, v4_whitelist, initialized_db):
app.config["SECURITY_SCANNER_V4_NAMESPACE_WHITELIST"] = v4_whitelist
app.config["SECURITY_SCANNER_V4_ENDPOINT"] = "http://clairv4:6060"
secscan_api = Mock()
with patch("data.secscan_model.secscan_v4_model.ClairSecurityScannerAPI", secscan_api):
secscan_model.configure(app, instance_keys, storage)
repo = registry_model.lookup_repository(*repository)
for tag in registry_model.list_all_active_repository_tags(repo):
manifest = registry_model.get_manifest_for_tag(tag)
assert manifest
result = secscan_model.load_security_information(manifest, True)
assert isinstance(result, SecurityInformationLookupResult)
assert result.status == ScanLookupStatus.NOT_YET_INDEXED
def _security_info(manifest_or_legacy_image, include_vulnerabilities=True):
"""
Returns a dict representing the result of a call to the security status API for the given
manifest or image.
"""
result = secscan_model.load_security_information(
manifest_or_legacy_image,
include_vulnerabilities=include_vulnerabilities)
if result.status == ScanLookupStatus.UNKNOWN_MANIFEST_OR_IMAGE:
raise NotFound()
if result.status == ScanLookupStatus.COULD_NOT_LOAD:
raise DownstreamIssue(result.scanner_request_error)
assert result.status in MAPPED_STATUSES
return {
"status": MAPPED_STATUSES[result.status].value,
"data": result.security_information,
}
def test_load_security_information(indexed_v2, indexed_v4, expected_status,
initialized_db):
secscan_model.configure(app, instance_keys, storage)
repository_ref = registry_model.lookup_repository("devtable", "simple")
tag = registry_model.find_matching_tag(repository_ref, ["latest"])
manifest = registry_model.get_manifest_for_tag(tag)
assert manifest
registry_model.populate_legacy_images_for_testing(manifest, storage)
image = shared.get_legacy_image_for_manifest(manifest._db_id)
if indexed_v2:
image.security_indexed = False
image.security_indexed_engine = 3
image.save()
else:
ManifestLegacyImage.delete().where(
ManifestLegacyImage.manifest == manifest._db_id).execute()
if indexed_v4:
ManifestSecurityStatus.create(
manifest=manifest._db_id,
repository=repository_ref._db_id,
error_json={},
index_status=IndexStatus.MANIFEST_UNSUPPORTED,
indexer_hash="abc",
indexer_version=IndexerVersion.V4,
metadata_json={},
)
result = secscan_model.load_security_information(manifest, True)
assert isinstance(result, SecurityInformationLookupResult)
assert result.status == expected_status