Skip to content
This repository has been archived by the owner on Jan 3, 2023. It is now read-only.

Terminate scanning if the target docker image doesn't exist #101

Open
jan-cerny opened this issue May 5, 2017 · 0 comments
Open

Terminate scanning if the target docker image doesn't exist #101

jan-cerny opened this issue May 5, 2017 · 0 comments
Milestone
0.1.11

Comments

@jan-cerny
Copy link
Member

The oscapd-evalaute scan tracebacks when it tries to read scan results, that looks like too late.

I would expect to terminate with a nice error message and don't attempt to scan at all.


[root@thinkpad openscap-daemon]# oscapd-evaluate scan --targets docker-image://blabla --output /tmp/output
INFO:OpenSCAP Daemon one-off evaluator 0.1.7
INFO:Successfully imported 'docker' and 'Atomic.mount', container scanning enabled.
INFO:Evaluated EvaluationSpec, exit_code=0.
ERROR:Failed to detect CPEs of target 'docker-image://blabla'. Assuming no CPEs...
Traceback (most recent call last):
  File "/bin/oscapd-evaluate", line 129, in scan_worker
    detect_CPEs_of_target(target, config)
  File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 529, in detect_CPEs_of_target
    results, stdout, stderr, exit_code = es.evaluate(config)
  File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 499, in evaluate
    (stdout, stderr, e)
RuntimeError: Failed to read results.xml of EvaluationSpec evaluation.
stdout:


stderr:
blabla did not match any image or container.


exception: [Errno 2] No such file or directory: '/var/lib/oscapd/work_in_progress/TGrGo0/results.xml'
INFO:Evaluated EvaluationSpec, exit_code=0.
ERROR:Failed to scan target 'docker-image://blabla' for vulnerabilities.
Traceback (most recent call last):
  File "/bin/oscapd-evaluate", line 143, in scan_worker
    es.evaluate(config)
  File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 473, in evaluate
    wip_result = self.evaluate_into_dir(config)
  File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 470, in evaluate_into_dir
    return oscap_helpers.evaluate(self, config)
  File "/usr/lib/python2.7/site-packages/openscap_daemon/oscap_helpers.py", line 300, in evaluate
    args = get_evaluation_args(spec, config)
  File "/usr/lib/python2.7/site-packages/openscap_daemon/oscap_helpers.py", line 275, in get_evaluation_args
    ret.extend(spec.get_oscap_arguments(config))
  File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 444, in get_oscap_arguments
    ret.append(config.get_cve_feed(self.get_cpe_ids(config)))
  File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 347, in get_cpe_ids
    self.target, config
  File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 529, in detect_CPEs_of_target
    results, stdout, stderr, exit_code = es.evaluate(config)
  File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 499, in evaluate
    (stdout, stderr, e)
RuntimeError: Failed to read results.xml of EvaluationSpec evaluation.
stdout:


stderr:
blabla did not match any image or container.


exception: [Errno 2] No such file or directory: '/var/lib/oscapd/work_in_progress/u1ANfr/results.xml'
INFO:Evaluated EvaluationSpec, exit_code=0.
ERROR:Failed to scan target 'docker-image://blabla' for standard profile compliance.
Traceback (most recent call last):
  File "/bin/oscapd-evaluate", line 172, in scan_worker
    es.evaluate(config)
  File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 473, in evaluate
    wip_result = self.evaluate_into_dir(config)
  File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 470, in evaluate_into_dir
    return oscap_helpers.evaluate(self, config)
  File "/usr/lib/python2.7/site-packages/openscap_daemon/oscap_helpers.py", line 300, in evaluate
    args = get_evaluation_args(spec, config)
  File "/usr/lib/python2.7/site-packages/openscap_daemon/oscap_helpers.py", line 275, in get_evaluation_args
    ret.extend(spec.get_oscap_arguments(config))
  File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 462, in get_oscap_arguments
    ret.append(config.get_ssg_sds(self.get_cpe_ids(config)))
  File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 347, in get_cpe_ids
    self.target, config
  File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 529, in detect_CPEs_of_target
    results, stdout, stderr, exit_code = es.evaluate(config)
  File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 499, in evaluate
    (stdout, stderr, e)
RuntimeError: Failed to read results.xml of EvaluationSpec evaluation.
stdout:


stderr:
blabla did not match any image or container.


exception: [Errno 2] No such file or directory: '/var/lib/oscapd/work_in_progress/QZwMn0/results.xml'
INFO:[100.00%] Scanned target 'docker-image://blabla'

This might need to be fixed in oscap-docker as well, beacuse the error message blabla did not match any image or container. is coming from oscap-docker, which doesn't exit at that point, but happily continues.
@jan-cerny jan-cerny added this to the 0.1.8 milestone Aug 3, 2017
@mpreisler mpreisler modified the milestones: 0.1.8, 0.1.9 Sep 28, 2017
@matejak matejak modified the milestones: 0.1.9, 0.1.10 Jan 16, 2018
@matejak matejak modified the milestones: 0.1.10, 0.1.11 Feb 8, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.1.11
Development

No branches or pull requests
3 participants
@mpreisler @matejak @jan-cerny