From eea0fd27e7bed6a225bbd6702960bcf394f19536 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= Date: Wed, 24 Jan 2018 17:39:04 +0100 Subject: [PATCH 1/2] Modified the code that temp images are not forgotten. --- utils/oscap_docker_python/oscap_docker_util.py | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/utils/oscap_docker_python/oscap_docker_util.py b/utils/oscap_docker_python/oscap_docker_util.py index b06b6001a..b9a08a99c 100644 --- a/utils/oscap_docker_python/oscap_docker_util.py +++ b/utils/oscap_docker_python/oscap_docker_util.py @@ -155,7 +155,8 @@ def oscap_chroot(self, chroot_path, target, *oscap_args): sys.stderr.write(oscap_stderr.decode("utf-8") + "\n") # Clean up - self._cleanup_by_path(chroot_path) + DM = DockerMount("/tmp") + self._cleanup_by_path(chroot_path, DM) sys.exit(1) @@ -186,18 +187,17 @@ def resolve_image(self, image): # TODO pass - def _cleanup_by_path(self, path): + def _cleanup_by_path(self, path, DM): ''' Cleans up the mounted chroot by umounting it and removing the temporary directory ''' # Sometimes when this def is called, path will have 'rootfs' # appended. If it does, strip it and proceed + _no_rootfs = path + if os.path.basename(path) == 'rootfs': + _no_rootfs = os.path.dirname(path) - _no_rootfs = os.path.dirname(path) if os.path.basename(path) == \ - 'rootfs' else path - - DM = DockerMount("/tmp") # umount chroot DM.unmount_path(_no_rootfs) @@ -206,6 +206,10 @@ def _cleanup_by_path(self, path): os.rmdir(_no_rootfs) +def mount_image_filesystem(): + _tmp_mnt_dir = DM.mount(image) + + class OscapScan(object): def __init__(self, tmp_dir=tempfile.gettempdir(), mnt_dir=None, hours_old=2): @@ -276,7 +280,7 @@ def scan_cve(self, image, scan_args): finally: # Clean up - self.helper._cleanup_by_path(_tmp_mnt_dir) + self.helper._cleanup_by_path(_tmp_mnt_dir, DM) self._remove_mnt_dir(mnt_dir) def scan(self, image, scan_args): @@ -301,5 +305,5 @@ def scan(self, image, scan_args): sys.stdout.write(self.helper._scan(chroot, image, scan_args)) # Clean up - self.helper._cleanup_by_path(_tmp_mnt_dir) + self.helper._cleanup_by_path(_tmp_mnt_dir, DM) self._remove_mnt_dir(mnt_dir) From 432ee1841003b57408e7a1040c6f317cc56a9071 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= Date: Thu, 25 Jan 2018 14:03:48 +0100 Subject: [PATCH 2/2] Refactored error handling during scan. --- utils/oscap_docker_python/oscap_docker_util.py | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/utils/oscap_docker_python/oscap_docker_util.py b/utils/oscap_docker_python/oscap_docker_util.py index b9a08a99c..ca48d5846 100644 --- a/utils/oscap_docker_python/oscap_docker_util.py +++ b/utils/oscap_docker_python/oscap_docker_util.py @@ -154,10 +154,6 @@ def oscap_chroot(self, chroot_path, target, *oscap_args): sys.stderr.write("Command returned exit code {0}.\n".format(oscap_process.returncode)) sys.stderr.write(oscap_stderr.decode("utf-8") + "\n") - # Clean up - DM = DockerMount("/tmp") - self._cleanup_by_path(chroot_path, DM) - sys.exit(1) sys.stderr.write(oscap_stderr.decode("utf-8") + "\n") @@ -207,7 +203,7 @@ def _cleanup_by_path(self, path, DM): def mount_image_filesystem(): - _tmp_mnt_dir = DM.mount(image) + _tmp_mnt_dir = DM.mount(image) class OscapScan(object): @@ -261,9 +257,9 @@ def scan_cve(self, image, scan_args): sys.stderr.write(str(e) + "\n") return None - chroot = self._find_chroot_path(_tmp_mnt_dir) - try: + chroot = self._find_chroot_path(_tmp_mnt_dir) + # Figure out which RHEL dist is in the chroot dist = self.helper._get_dist(chroot, image) @@ -299,11 +295,13 @@ def scan(self, image, scan_args): sys.stderr.write(str(e) + "\n") return None - chroot = self._find_chroot_path(_tmp_mnt_dir) + try: + chroot = self._find_chroot_path(_tmp_mnt_dir) - # Scan the chroot - sys.stdout.write(self.helper._scan(chroot, image, scan_args)) + # Scan the chroot + sys.stdout.write(self.helper._scan(chroot, image, scan_args)) - # Clean up - self.helper._cleanup_by_path(_tmp_mnt_dir, DM) - self._remove_mnt_dir(mnt_dir) + finally: + # Clean up + self.helper._cleanup_by_path(_tmp_mnt_dir, DM) + self._remove_mnt_dir(mnt_dir)