This repository was archived by the owner on Jan 3, 2023. It is now read-only.
This repository was archived by the owner on Jan 3, 2023. It is now read-only.
Terminate scanning if the target docker image doesn't exist #101
Description
The oscapd-evalaute scan tracebacks when it tries to read scan results, that looks like too late.
I would expect to terminate with a nice error message and don't attempt to scan at all.
[root@thinkpad openscap-daemon]# oscapd-evaluate scan --targets docker-image://blabla --output /tmp/output
INFO:OpenSCAP Daemon one-off evaluator 0.1.7
INFO:Successfully imported 'docker' and 'Atomic.mount', container scanning enabled.
INFO:Evaluated EvaluationSpec, exit_code=0.
ERROR:Failed to detect CPEs of target 'docker-image://blabla'. Assuming no CPEs...
Traceback (most recent call last):
File "/bin/oscapd-evaluate", line 129, in scan_worker
detect_CPEs_of_target(target, config)
File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 529, in detect_CPEs_of_target
results, stdout, stderr, exit_code = es.evaluate(config)
File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 499, in evaluate
(stdout, stderr, e)
RuntimeError: Failed to read results.xml of EvaluationSpec evaluation.
stdout:
stderr:
blabla did not match any image or container.
exception: [Errno 2] No such file or directory: '/var/lib/oscapd/work_in_progress/TGrGo0/results.xml'
INFO:Evaluated EvaluationSpec, exit_code=0.
ERROR:Failed to scan target 'docker-image://blabla' for vulnerabilities.
Traceback (most recent call last):
File "/bin/oscapd-evaluate", line 143, in scan_worker
es.evaluate(config)
File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 473, in evaluate
wip_result = self.evaluate_into_dir(config)
File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 470, in evaluate_into_dir
return oscap_helpers.evaluate(self, config)
File "/usr/lib/python2.7/site-packages/openscap_daemon/oscap_helpers.py", line 300, in evaluate
args = get_evaluation_args(spec, config)
File "/usr/lib/python2.7/site-packages/openscap_daemon/oscap_helpers.py", line 275, in get_evaluation_args
ret.extend(spec.get_oscap_arguments(config))
File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 444, in get_oscap_arguments
ret.append(config.get_cve_feed(self.get_cpe_ids(config)))
File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 347, in get_cpe_ids
self.target, config
File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 529, in detect_CPEs_of_target
results, stdout, stderr, exit_code = es.evaluate(config)
File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 499, in evaluate
(stdout, stderr, e)
RuntimeError: Failed to read results.xml of EvaluationSpec evaluation.
stdout:
stderr:
blabla did not match any image or container.
exception: [Errno 2] No such file or directory: '/var/lib/oscapd/work_in_progress/u1ANfr/results.xml'
INFO:Evaluated EvaluationSpec, exit_code=0.
ERROR:Failed to scan target 'docker-image://blabla' for standard profile compliance.
Traceback (most recent call last):
File "/bin/oscapd-evaluate", line 172, in scan_worker
es.evaluate(config)
File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 473, in evaluate
wip_result = self.evaluate_into_dir(config)
File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 470, in evaluate_into_dir
return oscap_helpers.evaluate(self, config)
File "/usr/lib/python2.7/site-packages/openscap_daemon/oscap_helpers.py", line 300, in evaluate
args = get_evaluation_args(spec, config)
File "/usr/lib/python2.7/site-packages/openscap_daemon/oscap_helpers.py", line 275, in get_evaluation_args
ret.extend(spec.get_oscap_arguments(config))
File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 462, in get_oscap_arguments
ret.append(config.get_ssg_sds(self.get_cpe_ids(config)))
File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 347, in get_cpe_ids
self.target, config
File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 529, in detect_CPEs_of_target
results, stdout, stderr, exit_code = es.evaluate(config)
File "/usr/lib/python2.7/site-packages/openscap_daemon/evaluation_spec.py", line 499, in evaluate
(stdout, stderr, e)
RuntimeError: Failed to read results.xml of EvaluationSpec evaluation.
stdout:
stderr:
blabla did not match any image or container.
exception: [Errno 2] No such file or directory: '/var/lib/oscapd/work_in_progress/QZwMn0/results.xml'
INFO:[100.00%] Scanned target 'docker-image://blabla'
This might need to be fixed in oscap-docker as well, beacuse the error message blabla did not match any image or container. is coming from oscap-docker, which doesn't exit at that point, but happily continues.