Add atomic scanner for pip package manager

atomic_scanners/misc-package-updates/Dockerfile

@@ -0,0 +1,9 @@
+FROM registry.centos.org/centos/centos
+
+LABEL INSTALL='docker run -it --rm --privileged -v /etc/atomic.d:/host/etc/atomic.d/ $IMAGE sh /install.sh'
+
+RUN yum -y update && \
+    yum -y install python-docker-py && \
+    yum clean all
+
+ADD misc-package-updates scanner.py install.sh /

atomic_scanners/misc-package-updates/cccp.yml

@@ -0,0 +1 @@
+job-id: misc-package-managers

atomic_scanners/misc-package-updates/install.sh

@@ -0,0 +1,3 @@
+#/bin/bash
+echo "Copying misc-package-updates scanner configuration file to host filesystem..."
+cp -v /misc-package-updates /host/etc/atomic.d/

atomic_scanners/misc-package-updates/misc-package-updates

@@ -0,0 +1,20 @@
+type: scanner
+scanner_name: misc-package-updates
+image_name: registry.centos.org/pipeline-images/misc-package-updates
+default_scan: pip-updates
+custom_args: ["-v", "/var/run/docker.sock:/var/run/docker.sock", "-e", "IMAGE_NAME=$IMAGE_NAME"]
+scans: [
+  { name: pip-updates,
+    args: ['python', 'scanner.py', 'pip'],
+    description: "Check for updates from pip package managers"
+  },
+  { name: gem-updates,
+    args: ['python', 'scanner.py', 'gem'],
+    description: "Check for updates from gem package managers"
+  },
+  { name: npm-updates,
+    args: ['python', 'scanner.py', 'npm'],
+    description: "Check for updates from npm package managers"
+  }
+
+]

atomic_scanners/misc-package-updates/scanner.py

@@ -0,0 +1,92 @@
+#!/usr/bin/env python
+
+from datetime import datetime
+import docker
+import json
+import os
+import sys
+
+OUTDIR = "/scanout"
+IMAGE_NAME = os.environ.get("IMAGE_NAME")
+
+# Client connecting to Docker socket
+client = docker.Client(base_url="unix:///var/run/docker.sock")
+
+# Argument passed to script. Decides package manager to check for.
+cli_arg = sys.argv[1]
+
+# image UUID
+UUID = client.inspect_image(IMAGE_NAME)["Id"]
+
+
+def template_json_data(scan_type):
+    current_time = datetime.now().strftime('%Y-%m-%d-%H-%M-%S-%f')
+    json_out = {
+        "Start Time": current_time,
+        "Successful": "",
+        "Scan Type": scan_type + "-updates",
+        "UUID": UUID,
+        "CVE Feed Last Updated": "NA",
+        "Scanner": "Misc Package Updates",
+        "Scan Results": {}
+    }
+    return json_out
+
+json_out = template_json_data(cli_arg)
+
+try:
+    # Create the container before starting/running it
+    container = client.create_container(image=IMAGE_NAME,
+                                        command="tail -f /dev/null")
+
+    # Running the container
+    client.start(container.get('Id'))
+
+    # Check for pip updates
+    if cli_arg == "pip":
+        # variable to store info about exec_start
+        exe = client.exec_create(
+            container=container.get("Id"),
+            cmd="pip list --outdated"
+        )
+
+        response = client.exec_start(exe)
+
+    # Check for rubygem updates
+    elif cli_arg == "gem":
+        exe = client.exec_create(
+            container=container.get("Id"),
+            cmd="gem outdated"
+        )
+
+        response = client.exec_start(exe)
+
+    # Check for npm updates
+    elif cli_arg == "npm":
+        exe = client.exec_create(
+            container=container.get("Id"),
+            cmd="npm outdated"
+        )
+
+        response = client.exec_start(exe)
+
+    if 'executable file not found in' in response:
+        json_out["Scan Results"] = \
+            "Could not find {} executable in the image!".format(cli_arg)
+    else:
+        json_out["Scan Results"] = response
+
+    # remove the container
+    client.remove_container(container=container.get("Id"), force=True)
+except Exception as e:
+    pass
+
+output_dir = os.path.join(OUTDIR, UUID)
+os.makedirs(output_dir)
+
+output_file_relative = "image_scan_results.json"
+
+output_file_absoulte = os.path.join(output_dir, output_file_relative)
+
+with open(output_file_absoulte, "w") as f:
+    f.write(json.dumps(json_out, indent=4))