From 16b187969411e120a8fbcd48c0bdd4a71c516808 Mon Sep 17 00:00:00 2001 From: baude Date: Wed, 21 Feb 2018 16:00:32 -0600 Subject: [PATCH] Provide scanner with image name and info Issue #1190 asks for an enhancement to atomic scan where the scanner could figure out the image|container inspect information prior to the scan. We do this now by writing a file in the scanout/ dir. The file is JSON formatted and could be ingested by a scanner that needed that type of information. The path should bexi /scanout/inspect_info.json. Signed-off-by: baude --- Atomic/scan.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/Atomic/scan.py b/Atomic/scan.py index 891a6617..17222235 100644 --- a/Atomic/scan.py +++ b/Atomic/scan.py @@ -154,6 +154,9 @@ def get_additional_args(): # Create the output directory os.makedirs(self.results_dir) + # Record target information + self.record_inspect_info() + docker_args = ['docker', 'run', '-t', '--rm', '-v', '/etc/localtime:/etc/localtime', '-v', '{}:{}'.format(self.chroot_dir, '/scanin'), '-v', '{}:{}:rw,Z'.format(self.results_dir, '/scanout')] @@ -536,3 +539,18 @@ def write_persistent_data(self): def remediate(self, script, iid, results_dir): util.check_call([sys.executable, script, '--id', iid, '--results_dir', results_dir]) + + + def record_inspect_info(self): + """ + Writes inspect information for each object passed to the scanner and + stores them in results_dir/inspect_info.json + :return: None + """ + + inspect = [] + for scan_object in self.scan_list: + inspect.append(scan_object.config) + + with open(os.path.join(self.results_dir, 'inspect_info.json'), 'w') as f: + json.dump(inspect, f, indent=4, separators=(',', ': '))