fablab-nea/labsync
1
0
Fork 0
Code Issues 11 Pull requests 2 Projects Releases Packages Wiki Activity Actions

Fix security scanner

Browse source
This commit is contained in:
jalr 2019-01-15 21:53:32 +01:00
parent dba60b2917
commit a8851a23d3
7 changed files with 45 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitlab-ci.yml
View file

@ -58,7 +58,7 @@ security_scanner:
script: script:
- set -x - set -x
- export GITLAB_URL="$(echo "$CI_PROJECT_URL" | grep -Eo '^https?://[^/]*')" - export GITLAB_URL="$(echo "$CI_PROJECT_URL" | grep -Eo '^https?://[^/]*')"
- security-scanner $target - python3 -m security_scanner $target
only: only:
refs: refs:
- schedules - schedules

9
security-scanner/Dockerfile
View file

@ -7,13 +7,14 @@ RUN apt-get update \
python3 \ python3 \
python3-apt \ python3-apt \
python3-pip \ python3-pip \
python3-urllib3 \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
COPY requirements.txt /tmp/requirements.txt COPY setup.py /code/setup.py
RUN pip3 install -r /tmp/requirements.txt WORKDIR /code
RUN pip3 install -e .
ADD . /code ADD . /code
RUN (cd /code && python3 setup.py install) RUN python3 setup.py install

8
security-scanner/bin/security-scanner
View file

@ -1,8 +0,0 @@
#!/usr/bin/env python3
import sys
import security_scanner.main
if __name__ == '__main__':
security_scanner.main.main(sys.argv)

2
security-scanner/requirements.txt
View file

@ -1,2 +0,0 @@
python-gitlab==1.4.0
urllib3==1.22

30
security-scanner/security_scanner/main.py → security-scanner/security_scanner/__main__.py
View file

@ -1,9 +1,8 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import os
import sys import sys
import security_scanner
from security_scanner.debian_tracker import DebianTracker from security_scanner.debian_tracker import DebianTracker
from security_scanner.dpkg_list import DpkgList from security_scanner.dpkg_list import DpkgList
from security_scanner.gitlab import GitLab from security_scanner.gitlab import GitLab
@ -28,13 +27,22 @@ def checkDebianDistro(distro):
return result return result
def main(argv): if __name__ == '__main__':
gitlab = GitLab() gitlab_url = os.environ.get('GITLAB_URL')
for distro in argv[1:]: project_id = os.environ.get('CI_PROJECT_ID')
api_token = os.environ.get('PRIVATE_TOKEN')
gitlab = GitLab(gitlab_url, project_id, api_token)
for distro in sys.argv[1:]:
job = gitlab.getLastSuccessfulJob('master', 'squashfs_master') job = gitlab.getLastSuccessfulJob('master', 'squashfs_master')
gitlab.downloadArtifact(job, 'images/debian-' + distro + '.dpkg-list', 'debian-' + distro + '.dpkg-list') if job is not None:
if checkDebianDistro(distro) > 0: gitlab.downloadArtifact(job, 'images/debian-' + distro + '.dpkg-list', 'debian-' + distro + '.dpkg-list')
ref = job.attributes['ref'] if checkDebianDistro(distro) > 0:
print("creating pipeline for reference {}".format(ref)) ref = job.attributes['ref']
pprint(job.attributes) print("creating pipeline for reference {}".format(ref))
gitlab.createPipeline(ref) pprint(job.attributes)
gitlab.createPipeline(ref)
else:
print('last successful job not found')
sys.exit(1)

25
security-scanner/security_scanner/gitlab.py
View file

@ -1,34 +1,31 @@
#!/usr/bin/env python #!/usr/bin/env python
import gitlab import gitlab
import os
from security_scanner.file_writer import FileWriter from security_scanner.file_writer import FileWriter
class GitLab: class GitLab:
def __init__(self): def __init__(self, gitlab_url, project_id, api_token=None):
gitlab_url = os.environ.get('GITLAB_URL') if gitlab_url is None:
api_token = os.environ.get('PRIVATE_TOKEN') raise ValueError('must pass gitlab_url')
project_id = os.environ.get('CI_PROJECT_ID') if project_id is None:
raise ValueError('must pass project_id')
self._gl = gitlab.Gitlab(gitlab_url, private_token=api_token) self._gl = gitlab.Gitlab(gitlab_url, private_token=api_token)
self._project = self._gl.projects.get(project_id) self._project = self._gl.projects.get(project_id)
def getLastSuccessfulJob(self, ref, name): def getLastSuccessfulJob(self, ref, name):
pipelines = self._project.pipelines.list() pipelines = self._project.pipelines.list(ref=ref, status='success')
last_successful_job = None last_successful_job = None
print(pipelines)
for pipeline in pipelines: for pipeline in pipelines:
jobs = pipeline.jobs.list() jobs = pipeline.jobs.list(scope='success')
for job in jobs: for job in jobs:
if job.ref == ref and job.attributes['name'] == name and job.attributes['status'] == 'success': if job.attributes['name'] == name:
if last_successful_job is not None: return job
if job.attributes['id'] > last_successful_job.attributes['id']:
last_successful_job = job
else:
last_successful_job = job
return last_successful_job return None
def downloadArtifact(self, job, sourcePath, destPath): def downloadArtifact(self, job, sourcePath, destPath):
job_id = job.attributes['id'] job_id = job.attributes['id']

22
security-scanner/setup.py
View file

@ -1,15 +1,11 @@
try: import setuptools
from setuptools import setup
except ImportError:
from distutils.core import setup
config = { setuptools.setup(
'name': 'security_scanner', name='security_scanner',
'install_requires': [], version='1.2.0',
'packages': [ packages=setuptools.find_packages(),
'security_scanner', install_requires=[
'python-gitlab==1.7.0',
'urllib3==1.24.1',
], ],
'scripts': ['bin/security-scanner'] )
}
setup(**config)