def teardown(): _logger.info("Removing alpine:edge image from anchore") remove_image_resp = http_del( ["images", "by_id", get_image_id(add_image_resp)], query={"force": True}) if remove_image_resp.code != 200: raise RequestFailedError(remove_image_resp.url, remove_image_resp.code, remove_image_resp.body) _logger.info("Removing Archive Rule: rule_id={}".format( archive_rule_resp.body["rule_id"])) remove_rule_resp = http_del( ["archives", "rules", archive_rule_resp.body["rule_id"]]) if remove_rule_resp.code != 200: raise RequestFailedError(remove_rule_resp.url, remove_rule_resp.code, remove_rule_resp.body) delete_archive_image_resp = http_del( ["archives", "images", get_image_digest(add_image_resp)], config=request.param, ) if delete_archive_image_resp.code != 200: raise RequestFailedError( delete_archive_image_resp.url, delete_archive_image_resp.code, delete_archive_image_resp.body, )
def teardown(): _logger.info('Removing alpine:edge image from anchore') remove_image_resp = http_del( ['images', 'by_id', get_image_id(add_image_resp)], query={'force': True}) if remove_image_resp.code != 200: raise RequestFailedError(remove_image_resp.url, remove_image_resp.code, remove_image_resp.body) _logger.info('Removing Archive Rule: rule_id={}'.format( archive_rule_resp.body['rule_id'])) remove_rule_resp = http_del( ['archives', 'rules', archive_rule_resp.body['rule_id']]) if remove_rule_resp.code != 200: raise RequestFailedError(remove_rule_resp.url, remove_rule_resp.code, remove_rule_resp.body) delete_archive_image_resp = http_del( ['archives', 'images', get_image_digest(add_image_resp)], config=request.param) if delete_archive_image_resp.code != 200: raise RequestFailedError(delete_archive_image_resp.url, delete_archive_image_resp.code, delete_archive_image_resp.body)
def test_query_image_by_vuln(self, add_alpine_latest_image): """ These tests seem to always return early because the system needs to be up and running for a while to gather feed data and analyze images. Good candidates for moving to an external test suite where an environment has been running for a while. """ add_resp, api_conf = add_alpine_latest_image # Arbitrarily get the first vuln from the os vuln response try: first_vuln = (get_alpine_latest_image_os_vuln( get_image_id(add_resp), get_image_digest(add_resp), api_conf).body.get("vulnerabilities", [])[0].get("vuln", None)) except IndexError: self._logger.warning( "No vulnerabilities found, cannot test query images by vulnerabilities" ) return assert first_vuln is not None resp = http_get( ["query", "images", "by_vulnerability"], {"vulnerability_id": first_vuln}, config=api_conf, ) assert resp == APIResponse(200)
def create_and_teardown_archive_rule(request): """ In order to interact with the archives API, a rule must be added first, which depends on there being an image added as well: 1. Add node:latest image (this isn't currently depended upon in other tests) 2. Add Archive Rule Note: This appears to only work for the root user ATM, so don't run w/ ft_user """ _logger.info("Adding alpine:edge Image for analysis") add_image_resp = http_post(['images'], {'tag': 'alpine:edge'}, config=request.param) if add_image_resp.code != 200: raise RequestFailedError(add_image_resp.url, add_image_resp.code, add_image_resp.body) wait_for_image_to_analyze(get_image_id(add_image_resp), request.param) archive_rule_json = { "analysis_age_days": 0, "created_at": "2020-08-25T17:15:16.865Z", "last_updated": "2020-08-25T17:15:16.865Z", "selector": { "registry": "docker.io", "repository": "alpine", "tag": "edge" }, "system_global": True, "tag_versions_newer": 0, "transition": "archive" } _logger.info('Adding Archive Rule') archive_rule_resp = http_post(['archives', 'rules'], archive_rule_json, config=request.param) if archive_rule_resp.code != 200: raise RequestFailedError(archive_rule_resp.url, archive_rule_resp.code, archive_rule_resp.body) archive_resp = http_post(['archives', 'images'], [get_image_digest(add_image_resp)], config=request.param) if archive_resp.code != 200: raise RequestFailedError(archive_resp.url, archive_resp.code, archive_resp.body) def teardown(): _logger.info('Removing alpine:edge image from anchore') remove_image_resp = http_del(['images', 'by_id', get_image_id(add_image_resp)], query={'force': True}) if remove_image_resp.code != 200: raise RequestFailedError(remove_image_resp.url, remove_image_resp.code, remove_image_resp.body) _logger.info('Removing Archive Rule: rule_id={}'.format(archive_rule_resp.body['rule_id'])) remove_rule_resp = http_del(['archives', 'rules', archive_rule_resp.body['rule_id']]) if remove_rule_resp.code != 200: raise RequestFailedError(remove_rule_resp.url, remove_rule_resp.code, remove_rule_resp.body) delete_archive_image_resp = http_del(['archives', 'images', get_image_digest(add_image_resp)], config=request.param) if delete_archive_image_resp.code != 200: raise RequestFailedError(delete_archive_image_resp.url, delete_archive_image_resp.code, delete_archive_image_resp.body) request.addfinalizer(teardown) return add_image_resp, archive_rule_resp, archive_resp, request.param
def test_get_archived_images_by_digest(self, create_and_teardown_archive_rule): """ Implicitly tests adding an image to the archive and deleting it """ image_resp, rule_resp, archive_resp, api_conf = create_and_teardown_archive_rule image_digest = get_image_digest(image_resp) resp = http_get(['archives', 'images', image_digest], config=api_conf) assert resp == APIResponse(200)
def test_query_image_by_content(self, add_alpine_latest_image): add_resp, api_conf = add_alpine_latest_image # Arbitrarily get the first package from the os content response first_package = get_alpine_latest_image_os_content(get_image_id(add_resp), get_image_digest(add_resp), api_conf).body.get('content', [])[0].get('package', None) assert first_package is not None resp = http_get(['query', 'images', 'by_package'], {'name': first_package}, config=api_conf) assert resp == APIResponse(200)
def test_get_image_content_java_by_digest(self, add_alpine_latest_image): add_resp, api_conf = add_alpine_latest_image image_id = get_image_id(add_resp) wait_for_image_to_analyze(image_id, api_conf) image_digest = get_image_digest(add_resp) resp = http_get(['images', image_digest, 'content', 'java'], config=api_conf) assert resp == APIResponse(200)
def test_get_image_metadata(self, add_alpine_latest_image): add_resp, api_conf = add_alpine_latest_image image_id = get_image_id(add_resp) wait_for_image_to_analyze(image_id, api_conf) image_digest = get_image_digest(add_resp) resp = http_get(['images', image_digest], config=api_conf) assert resp == APIResponse(200)
def test_get_image_content_types_by_digest(self, add_alpine_latest_image): add_resp, api_conf = add_alpine_latest_image image_id = get_image_id(add_resp) wait_for_image_to_analyze(image_id, api_conf) image_digest = get_image_digest(add_resp) resp = http_get(["images", image_digest, "content"], config=api_conf) assert resp == APIResponse(200)
def test_query_image_by_content(self, add_alpine_latest_image): add_resp, api_conf = add_alpine_latest_image # Arbitrarily get the first package from the os content response first_package = (get_alpine_latest_image_os_content( get_image_id(add_resp), get_image_digest(add_resp), api_conf).body.get("content", [])[0].get("package", None)) assert first_package is not None resp = http_get(["query", "images", "by_package"], {"name": first_package}, config=api_conf) assert resp == APIResponse(200)
def test_query_vuln(self, add_alpine_latest_image): add_resp, api_conf = add_alpine_latest_image # Arbitrarily get the first vuln from the os vuln response for alpine image try: first_vuln = get_alpine_latest_image_os_vuln(get_image_id(add_resp), get_image_digest(add_resp), api_conf).body.get('vulnerabilities', [])[0].get('vuln', None) except IndexError: self._logger.warning('No vulnerabilities found, cannot test query vulnerabilities') return assert first_vuln is not None resp = http_get(['query', 'vulnerabilities'], {'id': first_vuln}, config=api_conf) assert resp == APIResponse(200)
def test_get_image_policy_eval(self, add_alpine_latest_image, query): add_resp, api_conf = add_alpine_latest_image image_id = get_image_id(add_resp) wait_for_image_to_analyze(image_id, api_conf) image_digest = get_image_digest(add_resp) image_tag = get_image_tag(add_resp) query['tag'] = image_tag if query.get('policyId'): query['policyId'] = get_first_policy_id(api_conf) resp = http_get(['images', image_digest, 'check'], query=query, config=api_conf) assert resp == APIResponse(200)
def test_get_image_vulns_all_types_by_digest(self, add_alpine_latest_image, query): add_resp, api_conf = add_alpine_latest_image image_id = get_image_id(add_resp) wait_for_image_to_analyze(image_id, api_conf) image_digest = get_image_digest(add_resp) resp = http_get(['images', image_digest, 'vuln'], config=api_conf) assert resp == APIResponse(200) v_types = resp.body for v_type in v_types: resp = http_get(['images', image_digest, 'vuln', v_type], query=query, config=api_conf) assert resp == APIResponse(200)
def test_get_image_metadata_all_types_by_digest(self, add_alpine_latest_image): add_resp, api_conf = add_alpine_latest_image image_id = get_image_id(add_resp) wait_for_image_to_analyze(image_id, api_conf) image_digest = get_image_digest(add_resp) resp = http_get(['images', image_digest, 'metadata'], config=api_conf) assert resp == APIResponse(200) m_types = resp.body for m_type in m_types: resp = http_get(['images', image_digest, 'metadata', m_type], config=api_conf) assert resp == APIResponse(200)
def test_get_image_file_content_artifacts(self, add_alpine_latest_image): add_resp, api_conf = add_alpine_latest_image api_conf_name = str(api_conf.__name__) if api_conf_name != 'get_api_conf': pytest.skip( 'Image File Content Search Endpoint only works for root user of admin account: currentUserAPIConf={}'.format( api_conf_name)) image_id = get_image_id(add_resp) wait_for_image_to_analyze(image_id, api_conf) image_digest = get_image_digest(add_resp) resp = http_get(['images', image_digest, 'artifacts', 'file_content_search']) assert resp == APIResponse(200)
def test_get_image_secret_search(self, add_alpine_latest_image): add_resp, api_conf = add_alpine_latest_image api_conf_name = str(api_conf.__name__) if api_conf_name != "get_api_conf": pytest.skip( "Image Secret Search Endpoint only works for root user of admin account: currentUserAPIConf={}" .format(api_conf_name)) image_id = get_image_id(add_resp) wait_for_image_to_analyze(image_id, api_conf) image_digest = get_image_digest(add_resp) resp = http_get(["images", image_digest, "artifacts", "secret_search"]) assert resp == APIResponse(200)
def test_get_image_policy_eval(self, add_alpine_latest_image, query): add_resp, api_conf = add_alpine_latest_image image_id = get_image_id(add_resp) wait_for_image_to_analyze(image_id, api_conf) image_digest = get_image_digest(add_resp) image_tag = get_image_tag(add_resp) query["tag"] = image_tag if query.get("policyId"): query["policyId"] = get_first_policy_id(api_conf) resp = http_get(["images", image_digest, "check"], query=query, config=api_conf) assert resp == APIResponse(200)