Skip to content

Commit

Permalink
Provide scanner with image name and info
Browse files Browse the repository at this point in the history
Issue projectatomic#1190 asks for an enhancement to atomic scan where
the scanner could figure out the image|container inspect
information prior to the scan.  We do this now by writing
a file in the scanout/ dir.  The file is JSON formatted
and could be ingested by a scanner that needed that type
of information.  The path should bexi
/scanout/inspect_info.json.

Signed-off-by: baude <[email protected]>
  • Loading branch information
baude committed Feb 21, 2018
1 parent d36c015 commit 16b1879
Showing 1 changed file with 18 additions and 0 deletions.
18 changes: 18 additions & 0 deletions Atomic/scan.py
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,9 @@ def get_additional_args():
# Create the output directory
os.makedirs(self.results_dir)

# Record target information
self.record_inspect_info()

docker_args = ['docker', 'run', '-t', '--rm', '-v', '/etc/localtime:/etc/localtime',
'-v', '{}:{}'.format(self.chroot_dir, '/scanin'), '-v',
'{}:{}:rw,Z'.format(self.results_dir, '/scanout')]
Expand Down Expand Up @@ -536,3 +539,18 @@ def write_persistent_data(self):

def remediate(self, script, iid, results_dir):
util.check_call([sys.executable, script, '--id', iid, '--results_dir', results_dir])


def record_inspect_info(self):
"""
Writes inspect information for each object passed to the scanner and
stores them in results_dir/inspect_info.json
:return: None
"""

inspect = []
for scan_object in self.scan_list:
inspect.append(scan_object.config)

with open(os.path.join(self.results_dir, 'inspect_info.json'), 'w') as f:
json.dump(inspect, f, indent=4, separators=(',', ': '))

0 comments on commit 16b1879

Please sign in to comment.