11#!@OSCAP_DOCKER_PYTHON@
22
33# Copyright (C) 2015 Brent Baude <
[email protected] >
4- # Copyright (C) 2019 Dominique Blaze <
[email protected] >
4+ # Copyright (C) 2019 Dominique Blaze <
[email protected] >
55#
66# This library is free software; you can redistribute it and/or
77# modify it under the terms of the GNU Lesser General Public
@@ -44,39 +44,40 @@ if __name__ == '__main__':
4444 epilog='See `man oscap` to learn \
4545 more about OSCAP-ARGUMENTS')
4646 parser.add_argument('--oscap', dest='oscap_binary', default='', help='Set the oscap binary to use')
47+ parser.add_argument('--disable-atomic', dest='noatomic', action='store_true', help="Force to use native docker API instead of atomic")
4748 subparser = parser.add_subparsers(help="commands")
4849
4950 # Scan CVEs in image
5051 image_cve = subparser.add_parser('image-cve', help='Scan a docker image \
5152 for known vulnerabilities.')
52- image_cve.set_defaults(func=OscapScan. scan_cve)
53+ image_cve.set_defaults(action=" scan_cve", is_image=True )
5354 image_cve.add_argument('scan_target', help='Container or image to scan')
5455
5556 # Scan an Image
5657 image = subparser.add_parser('image', help='Scan a docker image')
5758 image.add_argument('scan_target',
5859 help='Container or image to scan')
5960
60- image.set_defaults(func=OscapScan. scan)
61+ image.set_defaults(action=" scan", is_image=True )
6162 # Scan a container
6263 container = subparser.add_parser('container', help='Scan a running docker\
6364 container of given name.')
6465 container.add_argument('scan_target',
6566 help='Container or image to scan')
66- container.set_defaults(func=OscapScan. scan)
67+ container.set_defaults(action=" scan", is_image=False )
6768
6869 # Scan CVEs in container
6970 container_cve = subparser.add_parser('container-cve', help='Scan a \
7071 running container for known \
7172 vulnerabilities.')
7273
73- container_cve.set_defaults(func=OscapScan. scan_cve)
74+ container_cve.set_defaults(action=" scan_cve", is_image=False )
7475 container_cve.add_argument('scan_target',
7576 help='Container or image to scan')
7677
7778 args, leftover_args = parser.parse_known_args()
7879
79- if "func " not in args:
80+ if "action " not in args:
8081 parser.print_help()
8182 sys.exit(2)
8283
@@ -88,10 +89,40 @@ if __name__ == '__main__':
8889 sys.exit(1)
8990
9091 try:
91- OS = OscapScan(oscap_binary=args.oscap_binary)
92- rc = args.func(OS, args.scan_target, leftover_args)
92+ if isAtomicLoaded and not args.noatomic:
93+ OS = OscapAtomicScan(oscap_binary=args.oscap_binary)
94+ if args.action == "scan":
95+ rc = OscapAtomicScan.scan(OS, args.scan_target, leftover_args)
96+ elif args.action == "scan_cve":
97+ rc = OscapAtomicScan.scan_cve(OS, args.scan_target, leftover_args)
98+ else:
99+ parser.print_help()
100+ sys.exit(2)
101+
102+ else: # without atomic
103+ if args.noatomic:
104+ print("Running oscap-docker with native docker api instead of atomic ...")
105+
106+ ODS = OscapDockerScan(args.scan_target, args.is_image, args.oscap_binary)
107+ if args.action == "scan":
108+ rc = OscapDockerScan.scan(ODS, leftover_args)
109+ elif args.action == "scan_cve":
110+ print("Scan cve !")
111+ rc = OscapDockerScan.scan_cve(ODS, leftover_args)
112+ else:
113+ parser.print_help()
114+ sys.exit(2)
115+
116+ except ValueError as e:
117+ raise e
118+ sys.exit(255)
119+ except RuntimeError as e:
120+ raise e
121+ sys.exit(255)
93122 except Exception as exc:
123+ traceback.print_exc(file=sys.stdout)
124+ sys.stderr.write("!!! WARNING !!! This software have crash, so you should "
125+ "check that no temporary container is still running\n")
94126 sys.exit(255)
95- raise exc
96127
97128 sys.exit(rc)
0 commit comments