Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
A Local Version of VulnerableContainers.org
import csv
import os
import re
import requests
import subprocess
import time
from datetime import timedelta
from more_itertools import unique_everseen
start = time.time()
containers = []
index = []
def _get_containers():
global containers
page = 1
while page <= 1:
params = (
('page_size', '100'),
('page', (page)),
('q', '+'),
('source', 'community'),
('type', 'imgage,bundle'),
('sort', 'popularity'),
)
response = requests.get(
'https://store.docker.com/api/content/v1/products/search',
params=params)
data = response.json()
for summaries in data['summaries']:
containers.append(summaries['name'])
page = page + 1
containers = list(unique_everseen(containers))
max_size = 10
containers = containers[:max_size]
def _pull_containers():
_get_containers()
global containers
for container in containers:
os.system("docker pull %s > /dev/null" % container)
def _add_to_index():
_pull_containers()
global containers
global index
for container in containers:
url = 'https://hub.docker.com/v2/repositories/%s' % container
response = requests.get((url))
data = response.json()
pulls = (data['pull_count'])
pulls = format(pulls, ',')
last_updated = (data['last_updated'])
last_updated = re.sub(r'\s*T.*', '', last_updated)
index.append([container, pulls, last_updated])
def _vuln_scan():
_add_to_index()
global index
indextemp = []
for elem in index:
container, pulls, last_updated, = elem
os.system('trivy --clear-cache -o data/result.json -f json %s \
> /dev/null' % (container))
fileempty = os.stat("data/result.json").st_size == 0
if fileempty is True:
cvecount = ""
containerreport = ""
indextemp.append([container, pulls, last_updated,
cvecount, containerreport])
else:
cvecount = subprocess.check_output(
"cat data/result.json | \
jq -r .[].Vulnerabilities[].VulnerabilityID 2> /dev/null \
| sort -r | uniq | wc -l | tr -d ' ' | tr -d '\n' ",
shell=True)
cvecount = (cvecount).decode('utf-8')
containerreport = container.replace("/", "")
indextemp.append([container, pulls, last_updated,
cvecount, containerreport])
os.system('cp data/result.json results/%s.json' % containerreport)
os.system('rm data/result.json > /dev/null')
index = indextemp
def _write_csv():
global index
with open('data.csv', 'w', newline='') as csvfile:
writer = csv.DictWriter(csvfile,
fieldnames=["Container", "Pulls",
"Last Updated",
"Open Vulnerablities",
"Report"])
writer.writeheader()
writer = csv.writer(csvfile)
writer.writerows(index)
os.system('cp data.csv results/results.csv')
os.system('rm data.csv')
def main():
_vuln_scan()
_write_csv()
elapsed = (time.time() - start)
print("Done In:")
print(str(timedelta(seconds=elapsed)))
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment