search

optiopay / klar

Integration of Clair and Docker Registry
MIT License
507 stars 140 forks source link

False positive #66

Closed alexppg closed 6 years ago

alexppg commented 6 years ago

I've detected that when clair has a certain problem and can't pull the image layers, klar doesn't detect it as a fail:

DOCKER_USER=AWS DOCKER_PASSWORD=${PASSWORD} CLAIR_ADDR=http://clair.whatever.nope klar $private_registry/$image
Analysing 8 layers
Push layer 0 failed: Can't push layer to Clair: Post http://clair.whatever.nope:6060/v1/layers: dial tcp 10.10.10.10:6060: i/o timeout
Push layer 1 failed: Can't push layer to Clair: Post http://clair.whatever.nope:6060/v1/layers: dial tcp 10.10.10.10:6060: i/o timeout
Push layer 2 failed: Can't push layer to Clair: Post http://clair.whatever.nope:6060/v1/layers: dial tcp 10.10.10.10:6060: i/o timeout
Push layer 3 failed: Can't push layer to Clair: Post http://clair.whatever.nope:6060/v1/layers: dial tcp 10.10.10.10:6060: i/o timeout
Push layer 4 failed: Can't push layer to Clair: Post http://clair.whatever.nope:6060/v1/layers: dial tcp 10.10.10.10:6060: i/o timeout
Push layer 5 failed: Can't push layer to Clair: Post http://clair.whatever.nope:6060/v1/layers: dial tcp 10.10.10.10:6060: i/o timeout
Push layer 6 failed: Can't push layer to Clair: Post http://clair.whatever.nope:6060/v1/layers: dial tcp 10.10.10.10:6060: i/o timeout
Push layer 7 failed: Can't push layer to Clair: Post http://clair.whatever.nope:6060/v1/layers: dial tcp 10.10.10.10:6060: i/o timeout
Analyse image https:/whatever-registry:latest failed: Get http://clair.whatever.nope:6060/v1/layers/7ad37577aa1ca7a2b30e1bb6ffffaasd1236ccee1cce45ff8f33ed1fa2659bc9cabf089e1591dec74d10c3128c063a798d4fc990583a7ab86ff766e11ff599ec4?vulnerabilities: dial tcp 10.10.10.10:6060: i/o timeout
Found 0 vulnerabilities
hashmap commented 6 years ago

Fixed in upcoming 2.0, here is a sample output (No Clair listening): 

CLAIR_ADDR=http://localhost:6065 ./klar skynetservices/skydns
Analysing 7 layers
Failed to analyze using API v1: push image https://registry-1.docker.io/v2/skynetservices/skydns:latest to Clair failed: can't push layer to Clair: Post http://localhost:6065/v1/layers: dial tcp [::1]:6065: getsockopt: connection refused

Failed to analyze using API v3: push image https://registry-1.docker.io/v2/skynetservices/skydns:latest to Clair failed: rpc error: code = Unavailable desc = all SubConns are in TransientFailure

Failed to analyze, exiting
hashmap commented 6 years ago

@alexppg thanks for your report!

alexppg commented 6 years ago

Thanks for your work!

hashmap commented 6 years ago

@alexppg I'm closing this issue as it was fixed in 2.0, feel free to reopen if needed, thanks