python研究學習--33--Docker掃描引擎(\ScanTask)
阿新 • • 發佈:2018-12-17
#!/usr/bin/python #-*- coding:utf-8 -*- import os import sys from BaseTask import * from itertools import islice reload(sys) sys.setdefaultencoding('utf-8') # ---------------------------------------------------------- # 報告處理。如果檔名稱重複,則自動在後面新增“_數字”類推 # ---------------------------------------------------------- class Output(object): # 控制檯內容生成txt報告 def __init__(self, check_filename = "default.log"): self.terminal = sys.stdout self.log = open(check_filename, "w") def write(self, message): self.terminal.write(message) self.log.write(message) def flush(self): # 即時更新 pass ''' # 判斷檔名是否存在 def check_filename(filename): n = [2] def check_meta(file_name): file_name_new = file_name if os.path.isfile(file_name): file_name_new = file_name[:file_name.rfind('.')]+'_'+str(n[0])+file_name[file_name.rfind('.'):] n[0] += 1 if os.path.isfile(file_name_new): file_name_new = check_meta(file_name) return file_name_new return_name = check_meta(filename) print return_name return return_name ''' # ---------------------------------------------------------- # 映象掃描 # ---------------------------------------------------------- def ScanTask(DockerImage): # name = check_filename('%s.txt'% DockerImage) sys.stdout = Output('%s.txt'% DockerImage) # print "本次掃描的映象是: %s" % DockerImage # CVE漏洞掃描 cve_scan = "anchore query --image %s cve-scan all" % DockerImage cve = os.popen(cve_scan).readlines() print "CVE漏洞掃描結果:\n------------------------------------------" for line in islice(cve,0,None): cve_data = line.strip() if len(cve_data) != 0: print cve_data # 映象常規分析 analysis = "anchore analyze --image %s --imagetype base" % DockerImage os.popen(analysis).readlines() analysis_scan = "anchore gate --image %s" % DockerImage analysis_result = os.popen(analysis_scan).readlines() print "\n映象常規分析結果:\n------------------------------------------" for line in islice(analysis_result,0,None): analysis_result_data = line.strip() if len(analysis_result_data) != 0: print analysis_result_data # 掃描與純淨映象的區別 pure_scan = "anchore query --image %s show-file-diffs base" % DockerImage pure = os.popen(pure_scan).readlines() print "\n提取與純淨映象的對比區別:\n------------------------------------------" for line in islice(pure,0,None): pure_data = line.strip() if len(pure_data) != 0: print pure_data # 映象特徵提取 feature_scan = "anchore toolbox --image %s show" % DockerImage feature = os.popen(feature_scan).readlines() print "\n映象特徵提取結果:\n------------------------------------------" for line in islice(feature,0,None): feature_data = line.strip() if len(feature_data) != 0: print feature_data if __name__ == "__main__": from ScanAPI import Image image = Image() ScanTask(image.get())