quayio-scanner 0.3.2 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 15795d58c96f27ce19472584bd56fecdc49f11c833e2521df12ae54544cdaaec
4
- data.tar.gz: ee7a1307813f90b2631086f55e51f991310329e19a6a12dd22c2badcdf577711
3
+ metadata.gz: 2ab390e409e94c94ca9097786c8ff05a4c94e24b40d0fd78d2621f8bd752c60c
4
+ data.tar.gz: c0c4030b04c344eec2bce1f28e40179c0fed6e7db9660c2d62e514f2ee0a2e56
5
5
  SHA512:
6
- metadata.gz: 8f1f0cff0ea95d5488a32fa52f4c206f8a3674f324319aaeed46fb8545c76d9bda0caeab5dccefc718e596a35e7054bea8d66a5f4cc601695f015baec335a2f2
7
- data.tar.gz: 86d43813af9825fe5f6129e25b1547050e53a8fc493bb05b3fa1045c616f9b9085b50728fd3e3d0ef4fbfea92b324054d5d3e32e2b0c2b8c57e529c90b5757a2
6
+ metadata.gz: 7e4515512e9e08ca58895302fac1cffd954683aba481f2dda77d93c88d7695ecef403373e8314a442c9d8146d98d85e7beb894f195bf59631968933f46bcc489
7
+ data.tar.gz: 67e97c27c4bf9db2a256c7258f983fb9bbfeed980aca6276f9d5b29b37cf4706a5f881327f84af572c47235313932b48b8b38abaa0a1d6519c9d69a3a02d3642
data/.rubocop.yml CHANGED
@@ -1,5 +1,5 @@
1
1
  AllCops:
2
- TargetRubyVersion: 2.3
2
+ TargetRubyVersion: 2.7
3
3
 
4
4
  Lint/RaiseException:
5
5
  Enabled: true
data/Gemfile.lock CHANGED
@@ -1,8 +1,8 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- quayio-scanner (0.3.2)
5
- docker-api (~> 1.33)
4
+ quayio-scanner (0.4.0)
5
+ docker-api (~> 2.4)
6
6
  rest-client (~> 2.1)
7
7
  sensu-plugin (~> 4.0)
8
8
 
@@ -10,63 +10,66 @@ GEM
10
10
  remote: https://rubygems.org/
11
11
  specs:
12
12
  ast (2.4.2)
13
- diff-lcs (1.5.0)
14
- docker-api (1.34.2)
15
- excon (>= 0.47.0)
13
+ diff-lcs (1.5.1)
14
+ docker-api (2.4.0)
15
+ excon (>= 0.64.0)
16
16
  multi_json
17
- domain_name (0.5.20190701)
18
- unf (>= 0.0.5, < 1.0.0)
19
- excon (0.92.3)
17
+ domain_name (0.6.20240107)
18
+ excon (1.2.3)
20
19
  http-accept (1.7.0)
21
- http-cookie (1.0.5)
20
+ http-cookie (1.0.8)
22
21
  domain_name (~> 0.5)
23
- jaro_winkler (1.5.4)
24
- json (2.6.2)
25
- mime-types (3.4.1)
22
+ json (2.9.1)
23
+ logger (1.6.5)
24
+ mime-types (3.6.0)
25
+ logger
26
26
  mime-types-data (~> 3.2015)
27
- mime-types-data (3.2022.0105)
27
+ mime-types-data (3.2025.0204)
28
28
  mixlib-cli (1.7.0)
29
29
  multi_json (1.15.0)
30
30
  netrc (0.11.0)
31
- parallel (1.22.1)
32
- parser (3.1.2.0)
31
+ parallel (1.26.3)
32
+ parser (3.3.7.1)
33
33
  ast (~> 2.4.1)
34
+ racc
35
+ racc (1.8.1)
34
36
  rainbow (3.1.1)
35
- rake (13.0.6)
37
+ rake (13.2.1)
38
+ regexp_parser (2.10.0)
36
39
  rest-client (2.1.0)
37
40
  http-accept (>= 1.7.0, < 2.0)
38
41
  http-cookie (>= 1.0.2, < 2.0)
39
42
  mime-types (>= 1.16, < 4.0)
40
43
  netrc (~> 0.8)
41
- rexml (3.2.5)
42
- rspec (3.11.0)
43
- rspec-core (~> 3.11.0)
44
- rspec-expectations (~> 3.11.0)
45
- rspec-mocks (~> 3.11.0)
46
- rspec-core (3.11.0)
47
- rspec-support (~> 3.11.0)
48
- rspec-expectations (3.11.0)
44
+ rexml (3.4.0)
45
+ rspec (3.13.0)
46
+ rspec-core (~> 3.13.0)
47
+ rspec-expectations (~> 3.13.0)
48
+ rspec-mocks (~> 3.13.0)
49
+ rspec-core (3.13.3)
50
+ rspec-support (~> 3.13.0)
51
+ rspec-expectations (3.13.3)
49
52
  diff-lcs (>= 1.2.0, < 2.0)
50
- rspec-support (~> 3.11.0)
51
- rspec-mocks (3.11.1)
53
+ rspec-support (~> 3.13.0)
54
+ rspec-mocks (3.13.2)
52
55
  diff-lcs (>= 1.2.0, < 2.0)
53
- rspec-support (~> 3.11.0)
54
- rspec-support (3.11.0)
55
- rubocop (0.81.0)
56
- jaro_winkler (~> 1.5.1)
56
+ rspec-support (~> 3.13.0)
57
+ rspec-support (3.13.2)
58
+ rubocop (0.93.1)
57
59
  parallel (~> 1.10)
58
- parser (>= 2.7.0.1)
60
+ parser (>= 2.7.1.5)
59
61
  rainbow (>= 2.2.2, < 4.0)
62
+ regexp_parser (>= 1.8)
60
63
  rexml
64
+ rubocop-ast (>= 0.6.0)
61
65
  ruby-progressbar (~> 1.7)
62
66
  unicode-display_width (>= 1.4.0, < 2.0)
63
- ruby-progressbar (1.11.0)
67
+ rubocop-ast (1.38.0)
68
+ parser (>= 3.3.1.0)
69
+ ruby-progressbar (1.13.0)
64
70
  sensu-plugin (4.0.0)
65
71
  json (< 3.0.0)
66
72
  mixlib-cli (~> 1.5)
67
- unf (0.1.4)
68
- unf_ext
69
- unf_ext (0.0.8.2)
70
73
  unicode-display_width (1.8.0)
71
74
 
72
75
  PLATFORMS
@@ -77,7 +80,7 @@ DEPENDENCIES
77
80
  quayio-scanner!
78
81
  rake (~> 13.0)
79
82
  rspec (~> 3.7)
80
- rubocop (~> 0.49, <= 0.81)
83
+ rubocop (~> 0.93)
81
84
 
82
85
  BUNDLED WITH
83
86
  2.1.4
data/README.md CHANGED
@@ -25,11 +25,12 @@ This plugin attempts to fetch vulnerabilities for all running containers
25
25
 
26
26
  ### Parameters
27
27
 
28
- | Parameter | Description |
29
- |---------------|-------------------------|
30
- | -d URL | Docker URL |
31
- | -t TOKEN | Quay.io oauth token |
32
- | -w WHITELIST | Vulnerability whitelist |
28
+ | Parameter | Description |
29
+ |--------------------------|-----------------------------------------|
30
+ | -d URL | Docker URL |
31
+ | -t TOKEN | Quay.io oauth token |
32
+ | -w WHITELIST[,WHITELIST] | Vulnerability whitelist |
33
+ | -n NAMESPACE[,NAMESPACE] | Namespaces (quay.io scanners) to ignore |
33
34
 
34
35
  ### Example
35
36
 
@@ -44,10 +44,18 @@ class CheckContainerVulnerabilities < Sensu::Plugin::Check::CLI
44
44
  default: '',
45
45
  proc: proc { |w| w.split(',') }
46
46
 
47
+ option :ignore_namespace_names,
48
+ description: 'Namespace names to ignore',
49
+ short: '-n NAMESPACE_NAME[,NAMESPACE_NAME]',
50
+ long: '--ignore-namespace-names NAMESPACE_NAME[,NAMESPACE_NAME]',
51
+ default: '',
52
+ proc: proc { |w| w.split(',') }
53
+
47
54
  def run
48
55
  status, message = Quayio::Scanner::Check.new(config[:docker_url],
49
56
  config[:quayio_token],
50
- config[:whitelist]).run
57
+ config[:whitelist],
58
+ config[:ignore_namespace_names]).run
51
59
 
52
60
  if status == :ok
53
61
  ok message
@@ -2,7 +2,7 @@ require 'docker'
2
2
 
3
3
  module Quayio
4
4
  module Scanner
5
- Check = Struct.new(:docker_url, :quayio_token, :whitelist) do
5
+ Check = Struct.new(:docker_url, :quayio_token, :whitelist, :ignore_namespace_names) do
6
6
  def run
7
7
  Docker.url = docker_url
8
8
 
@@ -27,7 +27,7 @@ module Quayio
27
27
 
28
28
  def vulnerable_images
29
29
  containers
30
- .map { |container| Image.new(container, quayio_token, whitelist) }
30
+ .map { |container| Image.new(container, quayio_token, whitelist, ignore_namespace_names) }
31
31
  .select(&:vulnerable?)
32
32
  .map(&:name)
33
33
  end
@@ -5,11 +5,12 @@ module Quayio
5
5
  QUAY_IO_REPO_NAME =
6
6
  %r{quay.io\/(?<org>[\w-]+)\/(?<repo>[\w-]+):(?<tag>[\w.-]+)}.freeze
7
7
 
8
- attr_reader :name, :whitelist, :repository
8
+ attr_reader :name, :whitelist, :repository, :ignore_namespace_names
9
9
 
10
- def initialize(name, quayio_token, whitelist)
10
+ def initialize(name, quayio_token, whitelist, ignore_namespace_names)
11
11
  @name = name
12
12
  @whitelist = whitelist
13
+ @ignore_namespace_names = ignore_namespace_names
13
14
 
14
15
  @name.match(QUAY_IO_REPO_NAME) do |r|
15
16
  org, repo, tag = r.captures
@@ -36,7 +37,8 @@ module Quayio
36
37
  !raw_scan['data']['Layer']['Features'].detect do |f|
37
38
  f['Vulnerabilities']&.detect do |v|
38
39
  RELEVANT_SEVERITIES.include?(v['Severity']) && \
39
- !whitelist.include?(v['Name'])
40
+ !whitelist.include?(v['Name']) && \
41
+ !ignore_namespace_names.include?(v['NamespaceName'])
40
42
  end
41
43
  end.nil?
42
44
  end
@@ -23,22 +23,20 @@ module Quayio
23
23
 
24
24
  def api_call(uri)
25
25
  (1..Float::INFINITY).each do |attempt|
26
- begin
27
- response = RestClient.get(
28
- "https://quay.io/api/v1/repository/#{org}/#{repo}#{uri}",
29
- authorization: "Bearer #{quayio_token}",
30
- accept: :json,
31
- open_timeout: 15
32
- )
33
- return JSON.parse(response)
34
- rescue RestClient::Exception => e
35
- raise e if attempt >= MAX_ATTEMPTS
36
-
37
- # retry later, if we hit cdn rate limiting or on connection errors
38
- raise e unless e.http_code == 520 || e.http_code.nil?
39
-
40
- sleep(rand(10))
41
- end
26
+ response = RestClient.get(
27
+ "https://quay.io/api/v1/repository/#{org}/#{repo}#{uri}",
28
+ authorization: "Bearer #{quayio_token}",
29
+ accept: :json,
30
+ open_timeout: 15
31
+ )
32
+ return JSON.parse(response)
33
+ rescue RestClient::Exception => e
34
+ raise e if attempt >= MAX_ATTEMPTS
35
+
36
+ # retry later, if we hit cdn rate limiting or on connection errors
37
+ raise e unless e.http_code == 520 || e.http_code.nil?
38
+
39
+ sleep(rand(10))
42
40
  end
43
41
  end
44
42
  end
@@ -1,5 +1,5 @@
1
1
  module Quayio
2
2
  module Scanner
3
- VERSION = '0.3.2'.freeze
3
+ VERSION = '0.4.1'.freeze
4
4
  end
5
5
  end
@@ -13,7 +13,7 @@ Gem::Specification.new do |spec|
13
13
  spec.homepage = 'https://github.com/aboutsource/quayio-scanner'
14
14
  spec.license = 'MIT'
15
15
 
16
- spec.required_ruby_version = '>= 2.3.0'
16
+ spec.required_ruby_version = '>= 2.7.0'
17
17
 
18
18
  spec.files = `git ls-files -z`.split("\x0").reject do |f|
19
19
  f.match(%r{^(test|spec|features)/})
@@ -21,11 +21,11 @@ Gem::Specification.new do |spec|
21
21
  spec.executables = Dir.glob('bin/**/*.rb').map { |f| File.basename(f) }
22
22
  spec.require_paths = ['lib']
23
23
 
24
- spec.add_dependency 'docker-api', '~> 1.33'
24
+ spec.add_dependency 'docker-api', '~> 2.4'
25
25
  spec.add_dependency 'rest-client', '~> 2.1'
26
26
  spec.add_dependency 'sensu-plugin', '~> 4.0'
27
27
  spec.add_development_dependency 'bundler', '~> 2.1'
28
28
  spec.add_development_dependency 'rake', '~> 13.0'
29
29
  spec.add_development_dependency 'rspec', '~> 3.7'
30
- spec.add_development_dependency 'rubocop', '~> 0.49', '<= 0.81'
30
+ spec.add_development_dependency 'rubocop', '~> 0.93'
31
31
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: quayio-scanner
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.2
4
+ version: 0.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Benjamin Meichsner
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-06-02 00:00:00.000000000 Z
11
+ date: 2025-02-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: docker-api
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '1.33'
19
+ version: '2.4'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '1.33'
26
+ version: '2.4'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rest-client
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -100,21 +100,15 @@ dependencies:
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: '0.49'
104
- - - "<="
105
- - !ruby/object:Gem::Version
106
- version: '0.81'
103
+ version: '0.93'
107
104
  type: :development
108
105
  prerelease: false
109
106
  version_requirements: !ruby/object:Gem::Requirement
110
107
  requirements:
111
108
  - - "~>"
112
109
  - !ruby/object:Gem::Version
113
- version: '0.49'
114
- - - "<="
115
- - !ruby/object:Gem::Version
116
- version: '0.81'
117
- description:
110
+ version: '0.93'
111
+ description:
118
112
  email:
119
113
  - benjamin.meichsner@aboutsource.net
120
114
  executables:
@@ -142,7 +136,7 @@ homepage: https://github.com/aboutsource/quayio-scanner
142
136
  licenses:
143
137
  - MIT
144
138
  metadata: {}
145
- post_install_message:
139
+ post_install_message:
146
140
  rdoc_options: []
147
141
  require_paths:
148
142
  - lib
@@ -150,7 +144,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
150
144
  requirements:
151
145
  - - ">="
152
146
  - !ruby/object:Gem::Version
153
- version: 2.3.0
147
+ version: 2.7.0
154
148
  required_rubygems_version: !ruby/object:Gem::Requirement
155
149
  requirements:
156
150
  - - ">="
@@ -158,7 +152,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
158
152
  version: '0'
159
153
  requirements: []
160
154
  rubygems_version: 3.1.2
161
- signing_key:
155
+ signing_key:
162
156
  specification_version: 4
163
157
  summary: Scan quay.io for vulnerabilities in running docker containers.
164
158
  test_files: []