From 61935943f2c9f63ffd55a26521e2434f29054034 Mon Sep 17 00:00:00 2001 From: Brent Baude Date: Mon, 6 Feb 2017 16:49:16 -0600 Subject: [PATCH] dbus: Add convenience method for scan results lookup In the case of cockpit, it would be preferable to be able to lookup scan results by a container or image's id. If the container or image has not been scanned, we throw an exception; otherwise we return the resulting json file as a str. One other possible exception can be thrown when attempting to read the desired file from the filesystem. If the file cannot be read, an exception will be thrown. Either way, it is a clear indicator that the object needs to be scanned for fresh results. The following is a simple *python* example: from atomic_dbus_client import AtomicDBus ad = AtomicDBus() results = ad.GetScanResultsById('6858a846fb6b557331e068252fd910b5dc93f8e6341e641400bf4582dc34e10d') Note the use of the full ID. As of now, we only look up against the full id as opposed to the short id form which is often used. --- Atomic/util.py | 6 ++++++ atomic_dbus.py | 13 +++++++++++++ atomic_dbus_client.py | 5 +++++ 3 files changed, 24 insertions(+) diff --git a/Atomic/util.py b/Atomic/util.py index 164a8778..e1e59506 100644 --- a/Atomic/util.py +++ b/Atomic/util.py @@ -790,6 +790,12 @@ def confirm_input(msg): return confirm.strip().lower() in ['y', 'yes'] +def load_scan_result_file(file_name): + """ + Read a specific json file + """ + return json.loads(open(os.path.join(file_name), "r").read()) + class Decompose(object): """ Class for decomposing an input string in its respective parts like registry, diff --git a/atomic_dbus.py b/atomic_dbus.py index 00919845..d571b876 100755 --- a/atomic_dbus.py +++ b/atomic_dbus.py @@ -29,6 +29,7 @@ from Atomic.update import Update from Atomic.uninstall import Uninstall from Atomic.verify import Verify +from Atomic import util DBUS_NAME_FLAG_DO_NOT_QUEUE = 4 DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER = 1 @@ -571,6 +572,18 @@ def ImageVersion(self, image, recurse=False): info.set_args(args) return json.dumps(info.dbus_version()) + @slip.dbus.polkit.require_auth("org.atomic.read") + @dbus.service.method("org.atomic", in_signature='s', out_signature='s') + def GetScanResultsById(self, iid): + vuln_summary = self.atomic.get_all_vulnerable_info() + summary_results = vuln_summary.get(iid, None) + if not summary_results: + raise ValueError("No history for scan of {}".format(iid)) + file_name = summary_results.get('json_file') + return json.dumps(util.load_scan_result_file(file_name)) + + + if __name__ == "__main__": mainloop = GObject.MainLoop() dbus.mainloop.glib.DBusGMainLoop(set_as_default=True) diff --git a/atomic_dbus_client.py b/atomic_dbus_client.py index 79746f0d..5664d9cf 100755 --- a/atomic_dbus_client.py +++ b/atomic_dbus_client.py @@ -196,6 +196,11 @@ def Verify(self, image): def vulnerable(self): return self.dbus_object.VulnerableInfo(dbus_interface="org.atomic") + @polkit.enable_proxy + def GetScanResultsById(self, iid): + return self.dbus_object.GetScanResultsById(iid, dbus_interface="org.atomic") + + #For outputting the list of scanners def print_scan_list(all_scanners): if len(all_scanners) == 0: