From eea0fd27e7bed6a225bbd6702960bcf394f19536 Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>

Date: Wed, 24 Jan 2018 17:39:04 +0100

Subject: [PATCH 1/2] Modified the code that temp images are not forgotten.

---

 utils/oscap_docker_python/oscap_docker_util.py | 20 ++++++++++++--------

 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/utils/oscap_docker_python/oscap_docker_util.py b/utils/oscap_docker_python/oscap_docker_util.py

index b06b6001a..b9a08a99c 100644

--- a/utils/oscap_docker_python/oscap_docker_util.py

+++ b/utils/oscap_docker_python/oscap_docker_util.py

@@ -155,7 +155,8 @@ def oscap_chroot(self, chroot_path, target, *oscap_args):

             sys.stderr.write(oscap_stderr.decode("utf-8") + "\n")

             # Clean up

-            self._cleanup_by_path(chroot_path)

+            DM = DockerMount("/tmp")

+            self._cleanup_by_path(chroot_path, DM)

             sys.exit(1)

@@ -186,18 +187,17 @@ def resolve_image(self, image):

         # TODO

         pass

-    def _cleanup_by_path(self, path):

+    def _cleanup_by_path(self, path, DM):

         '''

         Cleans up the mounted chroot by umounting it and

         removing the temporary directory

         '''

         # Sometimes when this def is called, path will have 'rootfs'

         # appended.  If it does, strip it and proceed

+        _no_rootfs = path

+        if os.path.basename(path) == 'rootfs':

+            _no_rootfs = os.path.dirname(path)

-        _no_rootfs = os.path.dirname(path) if os.path.basename(path) == \

-            'rootfs' else path

-

-        DM = DockerMount("/tmp")

         # umount chroot

         DM.unmount_path(_no_rootfs)

@@ -206,6 +206,10 @@ def _cleanup_by_path(self, path):

         os.rmdir(_no_rootfs)

+def mount_image_filesystem():

+            _tmp_mnt_dir = DM.mount(image)

+

+

 class OscapScan(object):

     def __init__(self, tmp_dir=tempfile.gettempdir(), mnt_dir=None,

                  hours_old=2):

@@ -276,7 +280,7 @@ def scan_cve(self, image, scan_args):

         finally:

             # Clean up

-            self.helper._cleanup_by_path(_tmp_mnt_dir)

+            self.helper._cleanup_by_path(_tmp_mnt_dir, DM)

             self._remove_mnt_dir(mnt_dir)

     def scan(self, image, scan_args):

@@ -301,5 +305,5 @@ def scan(self, image, scan_args):

         sys.stdout.write(self.helper._scan(chroot, image, scan_args))

         # Clean up

-        self.helper._cleanup_by_path(_tmp_mnt_dir)

+        self.helper._cleanup_by_path(_tmp_mnt_dir, DM)

         self._remove_mnt_dir(mnt_dir)

From 432ee1841003b57408e7a1040c6f317cc56a9071 Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>

Date: Thu, 25 Jan 2018 14:03:48 +0100

Subject: [PATCH 2/2] Refactored error handling during scan.

---

 utils/oscap_docker_python/oscap_docker_util.py | 24 +++++++++++-------------

 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/utils/oscap_docker_python/oscap_docker_util.py b/utils/oscap_docker_python/oscap_docker_util.py

index b9a08a99c..ca48d5846 100644

--- a/utils/oscap_docker_python/oscap_docker_util.py

+++ b/utils/oscap_docker_python/oscap_docker_util.py

@@ -154,10 +154,6 @@ def oscap_chroot(self, chroot_path, target, *oscap_args):

             sys.stderr.write("Command returned exit code {0}.\n".format(oscap_process.returncode))

             sys.stderr.write(oscap_stderr.decode("utf-8") + "\n")

-            # Clean up

-            DM = DockerMount("/tmp")

-            self._cleanup_by_path(chroot_path, DM)

-

             sys.exit(1)

         sys.stderr.write(oscap_stderr.decode("utf-8") + "\n")

@@ -207,7 +203,7 @@ def _cleanup_by_path(self, path, DM):

 def mount_image_filesystem():

-            _tmp_mnt_dir = DM.mount(image)

+    _tmp_mnt_dir = DM.mount(image)

 class OscapScan(object):

@@ -261,9 +257,9 @@ def scan_cve(self, image, scan_args):

             sys.stderr.write(str(e) + "\n")

             return None

-        chroot = self._find_chroot_path(_tmp_mnt_dir)

-

         try:

+            chroot = self._find_chroot_path(_tmp_mnt_dir)

+

             # Figure out which RHEL dist is in the chroot

             dist = self.helper._get_dist(chroot, image)

@@ -299,11 +295,13 @@ def scan(self, image, scan_args):

             sys.stderr.write(str(e) + "\n")

             return None

-        chroot = self._find_chroot_path(_tmp_mnt_dir)

+        try:

+            chroot = self._find_chroot_path(_tmp_mnt_dir)

-        # Scan the chroot

-        sys.stdout.write(self.helper._scan(chroot, image, scan_args))

+            # Scan the chroot

+            sys.stdout.write(self.helper._scan(chroot, image, scan_args))

-        # Clean up

-        self.helper._cleanup_by_path(_tmp_mnt_dir, DM)

-        self._remove_mnt_dir(mnt_dir)

+        finally:

+            # Clean up

+            self.helper._cleanup_by_path(_tmp_mnt_dir, DM)

+            self._remove_mnt_dir(mnt_dir)