Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-2290

SecurityWorker fails when loading information when a V2 scanner is not configured

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Done
    • None
    • quay-v3.5.5
    • quay
    • None
    • 0

    Description

      If a V2 scanner is not configured, i.e the noop implementation is used, then the noop implementation's load_security_information returns None instead of a valid lookup result. This does not comply to the secscan model interface.

      Instead, the noop should return a lookup result like COULD_NOT_LOAD.

      gunicorn-web stdout | 2021-07-23 03:17:29,466 [223] [ERROR] [gunicorn.error] Error handling request /api/v1/repository/quay/mcdotnet/manifest/sha256:12c6ff34d5295698c9de7a37b06d93ec274ab343d10c0640a710b95e3c06eb9d/security?vulnerabilities=true
      gunicorn-web stdout | Traceback (most recent call last):
      gunicorn-web stdout |   File "/usr/local/lib/python3.8/site-packages/gunicorn/workers/base_async.py", line 55, in handle
      gunicorn-web stdout |     self.handle_request(listener_name, req, client, addr)
      gunicorn-web stdout |   File "/usr/local/lib/python3.8/site-packages/gunicorn/workers/ggevent.py", line 143, in handle_request
      gunicorn-web stdout |     super().handle_request(listener_name, req, sock, addr)
      gunicorn-web stdout |   File "/usr/local/lib/python3.8/site-packages/gunicorn/workers/base_async.py", line 106, in handle_request
      gunicorn-web stdout |     respiter = self.wsgi(environ, resp.start_response)
      gunicorn-web stdout |   File "/usr/local/lib/python3.8/site-packages/flask/app.py", line 2463, in __call__
      gunicorn-web stdout |     return self.wsgi_app(environ, start_response)
      gunicorn-web stdout |   File "/usr/local/lib/python3.8/site-packages/werkzeug/middleware/proxy_fix.py", line 232, in __call__
      gunicorn-web stdout |     return self.app(environ, start_response)
      gunicorn-web stdout |   File "/usr/local/lib/python3.8/site-packages/flask/app.py", line 2449, in wsgi_app
      gunicorn-web stdout |     response = self.handle_exception(e)
      gunicorn-web stdout |   File "/usr/local/lib/python3.8/site-packages/flask_restful/__init__.py", line 269, in error_router
      gunicorn-web stdout |     return original_handler(e)
      gunicorn-web stdout |   File "/usr/local/lib/python3.8/site-packages/flask/app.py", line 1866, in handle_exception
      gunicorn-web stdout |     reraise(exc_type, exc_value, tb)
      gunicorn-web stdout |   File "/usr/local/lib/python3.8/site-packages/flask/_compat.py", line 38, in reraise
      gunicorn-web stdout |     raise value.with_traceback(tb)
      gunicorn-web stdout |   File "/usr/local/lib/python3.8/site-packages/flask/app.py", line 2446, in wsgi_app
      gunicorn-web stdout |     response = self.full_dispatch_request()
      .....
      gunicorn-web stdout |   File "/quay-registry/endpoints/api/secscan.py", line 141, in get
      gunicorn-web stdout |     return _security_info(manifest, parsed_args.vulnerabilities)
      gunicorn-web stdout |   File "/quay-registry/endpoints/api/secscan.py", line 60, in _security_info
      gunicorn-web stdout |     result = secscan_model.load_security_information(
      gunicorn-web stdout |   File "/quay-registry/data/secscan_model/__init__.py", line 55, in load_security_information
      gunicorn-web stdout |     if legacy_info.status != ScanLookupStatus.UNSUPPORTED_FOR_INDEXING:
      gunicorn-web stdout | AttributeError: 'NoneType' object has no attribute 'status'
      gunicorn-web stdout | 2021-07-23 03:17:29,468 [223] [INFO] [gunicorn.access]  - - [23/Jul/2021:03:17:29 +0000] "GET /api/v1/repository/quay/mcdotnet/manifest/sha256:12c6ff34d5295698c9de7a37b06d93ec274ab343d10c0640a710b95e3c06eb9d/security?vulnerabilities=true HTTP/1.0" 500 0 "-" "-"
      securityworker stdout | 2021-07-23 03:17:29,468 [83] [INFO] [util.migrate.allocator] No more work
      nginx stdout | 10.131.3.40 () - - [23/Jul/2021:03:17:29 +0000] "GET /api/v1/repository/quay/mcdotnet/manifest/sha256:12c6ff34d5295698c9de7a37b06d93ec274ab343d10c0640a710b95e3c06eb9d/security?vulnerabilities=true HTTP/2.0" 500 141 "https://quay355-quay-quay354.apps.quay-perf-549.perfscale.devcluster.openshift.com/repository/quay/mcdotnet?tab=tags" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) Gecko/20100101 Firefox/89.0" (0.024 165 0.025)
      

      Attachments

        Issue Links

          Activity

            People

              sleesinc Kenny Lee Sin Cheong
              sleesinc Kenny Lee Sin Cheong
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: