search

eliasgranderubio / dagda

a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities
Apache License 2.0
1.15k stars 160 forks source link

Dadga shows errors while scanning an untagged image #16

Closed scumfrog closed 7 years ago

scumfrog commented 7 years ago

Hi @eliasgranderubio ,

Analyzing an image (testmonitor:1.0.0.test):

# docker images
REPOSITORY                                       TAG                 IMAGE ID            CREATED             SIZE                                                                  
docker.io/mongo                                  latest              8b2eaf28bb84        4 days ago          359.8 MB                                                              
testmonitor                         1.0.0.test        211f3cc7e563        5 days ago           14.35 MB                                                              
docker.io/sysdig/falco                          latest              de4c13689a8d       2 weeks ago         379 MB

If I launch the scan without the tag (1.0.0.test):

# python3 dagda.py check --docker_image testmonitor

The analysis starts, but dadga show errors in the server output:

Traceback (most recent call last):
  File "/usr/lib/python3.5/site-packages/docker/api/client.py", line 214, in _raise_for_status
    response.raise_for_status()
  File "/usr/lib/python3.5/site-packages/requests/models.py", line 862, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 404 Client Error: Not Found for url: http+docker://localunixsocket/v1.24/containers/create

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "dagda.py", line 130, in <module>
    main(DagdaCLIParser())
  File "dagda.py", line 63, in main
    ds.run()
  File "/home/scumfrog/Descargas/dagda/dagda/api/dagda_server.py", line 76, in run
    self._check_docker_by_image_name(item)
  File "/home/scumfrog/Descargas/dagda/dagda/api/dagda_server.py", line 140, in _check_docker_by_image_name
    evaluated_docker_image = analyzer.evaluate_image(item['image_name'], None)
  File "/home/scumfrog/Descargas/dagda/dagda/analysis/analyzer.py", line 47, in evaluate_image
    os_packages = os_info_extractor.get_soft_from_docker_image(self.dockerDriver, image_name)
  File "/home/scumfrog/Descargas/dagda/dagda/analysis/static/os/os_info_extractor.py", line 28, in get_soft_from_docker_image
    container_id = docker_driver.create_container(image_name, entrypoint='sleep 30')
  File "/home/scumfrog/Descargas/dagda/dagda/driver/docker_driver.py", line 77, in create_container
    host_config=host_config)
  File "/usr/lib/python3.5/site-packages/docker/api/container.py", line 446, in create_container
    return self.create_container_from_config(config, name)
  File "/usr/lib/python3.5/site-packages/docker/api/container.py", line 457, in create_container_from_config
    return self._result(res, True)
  File "/usr/lib/python3.5/site-packages/docker/api/client.py", line 220, in _result
    self._raise_for_status(response)
  File "/usr/lib/python3.5/site-packages/docker/api/client.py", line 216, in _raise_for_status
    raise create_api_error_from_http_exception(e)
  File "/usr/lib/python3.5/site-packages/docker/errors.py", line 30, in create_api_error_from_http_exception
    raise cls(e, response=response, explanation=explanation)
docker.errors.ImageNotFound: 404 Client Error: Not Found for url: http+docker://localunixsocket/v1.24/containers/create ("No such image: testmonitor:latest")

As you can see, automatically uses the "latest" tag, but the scan status is "analyzing". Should not end as "failed"?

    {
        "anomalies": 0,
        "image_name": "testmonitor",
        "libs_vulns": 0,
        "os_vulns": 0,
        "reportid": "58f5c6a508540e553a0bf356",
        "start_date": "2017-04-18 07:56:21.563832",
        "status": "Analyzing"
    }

Instead if you pass the tag, it works correctly without giving the last error in the server output:

    {
        "anomalies": 0,
        "image_name": "testmonitor:1.0.0.test",
        "libs_vulns": 0,
        "os_vulns": 0,
        "reportid": "58f5c6c008540e553a0bf357",
        "start_date": "2017-04-18 07:56:48.285536",
        "status": "Analyzing"
    },
eliasgranderubio commented 7 years ago

Hi @scumfrog,

By default, if you don't specified the tag, Dagda will try to find the docker image with 'latest' tag. Indeed, if Dagda can not find the docker image with 'latest' tag, the analysis will fail.

As you write in this issue, Dagda doesn't control exceptions when this occurs. That is way, I have just improved the error control system for fixing this issue and update the analysis status with the right error message.

Please, check it again and give me your feedback if something is wrong.

scumfrog commented 7 years ago

Hi @eliasgranderubio i tested it and works like a charm, thank you :+1: