Class: Clairmon

Inherits:

Object

• Object
• Clairmon

Defined in:

lib/clairmon.rb

Instance Method Summary

• #createReport(imageName) ⇒ Object
• #getFullStatus ⇒ Object
• #getRunningImages ⇒ Object
• #ignored(imageName) ⇒ Object
• #initialize(tls = true, baseUrl, accesKey, accessSecret, imageIgnoreArray, clairctlBinary, clairctlConfigPath) ⇒ Clairmon constructor

  A new instance of Clairmon.

• #scanImage(imageName) ⇒ Object

Constructor Details

#initialize(tls = true, baseUrl, accesKey, accessSecret, imageIgnoreArray, clairctlBinary, clairctlConfigPath) ⇒ Clairmon

Returns a new instance of Clairmon.

# File 'lib/clairmon.rb', line 7

def initialize(tls=true, baseUrl, accesKey, accessSecret, imageIgnoreArray, clairctlBinary, clairctlConfigPath)
   @TLS                   = tls
   @BASE_URL              = baseUrl
   @ACCESS_KEY            = accesKey
   @ACCESS_SECRET         = accessSecret
   @IMAGE_IGNORE_ARRAY    = imageIgnoreArray
   @CLAIRCTL_CONFIG_PATH  = clairctlConfigPath
   @CLAIRCTL_BINARY       = clairctlBinary
end

Instance Method Details

#createReport(imageName) ⇒ Object

# File 'lib/clairmon.rb', line 58

def createReport(imageName)
  value = %x[#{@CLAIRCTL_BINARY} report #{imageName} --config #{@CLAIRCTL_CONFIG_PATH}]

  return value
end

#getFullStatus ⇒ Object

# File 'lib/clairmon.rb', line 76

def getFullStatus
  runningImagesArray = []
  runningImages = self.getRunningImages

  if runningImages.count > 0
    runningImages.each do |image|
      if self.ignored(image) == false
        vuns = self.scanImage(image)
        runningImagesArray << { 'image' => image, 'vulnerabilities' => vuns }
      end
    end
  end

  return runningImagesArray
end

#getRunningImages ⇒ Object

# File 'lib/clairmon.rb', line 17

def getRunningImages
  if @TLS == false
    uri = URI("http://#{@BASE_URL}/v2-beta/containers")
  else
    uri = URI("https://#{@BASE_URL}/v2-beta/containers")
  end

  req = Net::HTTP::Get.new(uri)
  req.basic_auth @ACCESS_KEY, @ACCESS_SECRET

  res = Net::HTTP.start(uri.hostname, uri.port) {|http|
    http.request(req)
  }

  response_json = JSON.parse(res.body)

  runningImages = []

  response_json["data"].each do |con|
    runningImages << con["imageUuid"].sub("docker:", "")
  end

  return runningImages.uniq
end

#ignored(imageName) ⇒ Object

# File 'lib/clairmon.rb', line 64

def ignored(imageName)
  skip = false
  @IMAGE_IGNORE_ARRAY.each do |imageIgnore|
    if imageName.include? imageIgnore
      skip = true
      break
    end
  end

  return skip
end

#scanImage(imageName) ⇒ Object

# File 'lib/clairmon.rb', line 42

def scanImage(imageName)
  value = %x[#{@CLAIRCTL_BINARY} analyze #{imageName} --config #{@CLAIRCTL_CONFIG_PATH}]
  new_value = value.encode('utf-8', 'binary', :invalid => :replace, :undef => :replace, :replace => '')
  parsedValue     = new_value.encode('UTF-8').split("\n")
  vulnerabilities = 0

  parsedValue.each do |line|
    if line.include? "Analysis"
      splittedLine = line.split(" ").to_a
      vulnerabilities += splittedLine[3].to_i
    end
  end

  return vulnerabilities
end