From ef25792f838e93070b1c4dbed49cfdd9789f2366 Mon Sep 17 00:00:00 2001 From: Dinesh Patil Date: Fri, 28 Oct 2022 03:17:41 -0400 Subject: [PATCH 1/4] CMS-12624: csapi version updated --- containerSecurity/validate_image.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containerSecurity/validate_image.sh b/containerSecurity/validate_image.sh index 71300bd..bef4f25 100755 --- a/containerSecurity/validate_image.sh +++ b/containerSecurity/validate_image.sh @@ -113,7 +113,7 @@ else fi echo "Image id belonging to ${IMAGE} is: ${IMAGE_ID}" -GET_IMAGE_VULNS_URL="${QUALYS_API_SERVER}/csapi/v1.1/images/${IMAGE_ID}" +GET_IMAGE_VULNS_URL="${QUALYS_API_SERVER}/csapi/v1.3/images/${IMAGE_ID}" echo ${GET_IMAGE_VULNS_URL} echo "Temporarily tagging image ${IMAGE} with qualys_scan_target:${IMAGE_ID}" From 5b00252e643ff84d5c8cc33170ce2685e6a7d917 Mon Sep 17 00:00:00 2001 From: Dinesh Patil Date: Mon, 7 Nov 2022 06:48:26 -0500 Subject: [PATCH 2/4] CMS-12624: token generation step added for new version of csapi --- containerSecurity/validate_image.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/containerSecurity/validate_image.sh b/containerSecurity/validate_image.sh index bef4f25..13502c9 100755 --- a/containerSecurity/validate_image.sh +++ b/containerSecurity/validate_image.sh @@ -45,6 +45,10 @@ check_command_exists () { hash $1 2>/dev/null || { echo >&2 "This script requires $1 but it's not installed. Aborting."; exit 1; } } +get_token() { + TOKEN="$CURL -X POST ${QUALYS_API_SERVER} -H 'Content-Type: application/x-www-form-urlencoded' -d 'username=${USERNAME}&password=${PASSWORD}&token=true'" +} + get_result () { echo "Getting result for ${IMAGE_ID}" CURL_COMMAND="$CURL -s -X GET ${GET_IMAGE_VULNS_URL} -u ${USERNAME}:${PASSWORD} -L -w\\n%{http_code} -o ${IMAGE_ID}.json" @@ -102,6 +106,8 @@ CURL=$(which curl) JQ=$(which jq) DOCKER=$(which docker) +get_token + check_image_input_type ${IMAGE} if [ "${IMAGE_INPUT_TYPE}" == "NAME" ]; then @@ -113,7 +119,7 @@ else fi echo "Image id belonging to ${IMAGE} is: ${IMAGE_ID}" -GET_IMAGE_VULNS_URL="${QUALYS_API_SERVER}/csapi/v1.3/images/${IMAGE_ID}" +GET_IMAGE_VULNS_URL="${QUALYS_API_SERVER}/csapi/v1.3/images/${IMAGE_ID} -H 'accept: application/json' -H 'Authorization: Bearer ${TOKEN}'" echo ${GET_IMAGE_VULNS_URL} echo "Temporarily tagging image ${IMAGE} with qualys_scan_target:${IMAGE_ID}" From 3f6426fa8bf90c9b736549aabf0beea74f1a6fe4 Mon Sep 17 00:00:00 2001 From: Dinesh Patil Date: Tue, 8 Nov 2022 04:51:01 -0500 Subject: [PATCH 3/4] CMS-12624: token generation command updated --- containerSecurity/validate_image.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containerSecurity/validate_image.sh b/containerSecurity/validate_image.sh index 13502c9..78e5a03 100755 --- a/containerSecurity/validate_image.sh +++ b/containerSecurity/validate_image.sh @@ -46,7 +46,7 @@ check_command_exists () { } get_token() { - TOKEN="$CURL -X POST ${QUALYS_API_SERVER} -H 'Content-Type: application/x-www-form-urlencoded' -d 'username=${USERNAME}&password=${PASSWORD}&token=true'" + TOKEN="$CURL -X POST ${QUALYS_API_SERVER} -H 'Content-Type: application/x-www-form-urlencoded' -d 'username=${USERNAME}&password=${PASSWORD}&token=true&permissions=true'" } get_result () { From 080dfd0e9780d4fa85fdb8c24cf499a17b2cefff Mon Sep 17 00:00:00 2001 From: Dinesh Patil Date: Tue, 6 Dec 2022 07:04:37 -0500 Subject: [PATCH 4/4] [CMS-12624] TOKEN generated for csapi version 1.3 --- containerSecurity/validate_image.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/containerSecurity/validate_image.sh b/containerSecurity/validate_image.sh index 78e5a03..5fe4cb4 100755 --- a/containerSecurity/validate_image.sh +++ b/containerSecurity/validate_image.sh @@ -46,7 +46,7 @@ check_command_exists () { } get_token() { - TOKEN="$CURL -X POST ${QUALYS_API_SERVER} -H 'Content-Type: application/x-www-form-urlencoded' -d 'username=${USERNAME}&password=${PASSWORD}&token=true&permissions=true'" + TOKEN=$($CURL -X POST ${QUALYS_API_SERVER} -H 'Content-Type: application/x-www-form-urlencoded' -d 'username='${USERNAME}'&password='${PASSWORD}'&token=true&permissions=true') } get_result () { @@ -119,7 +119,7 @@ else fi echo "Image id belonging to ${IMAGE} is: ${IMAGE_ID}" -GET_IMAGE_VULNS_URL="${QUALYS_API_SERVER}/csapi/v1.3/images/${IMAGE_ID} -H 'accept: application/json' -H 'Authorization: Bearer ${TOKEN}'" +GET_IMAGE_VULNS_URL="${QUALYS_API_SERVER}/csapi/v1.3/images/${IMAGE_ID} -H 'accept: application/json' -H 'Authorization: Bearer '${TOKEN}" echo ${GET_IMAGE_VULNS_URL} echo "Temporarily tagging image ${IMAGE} with qualys_scan_target:${IMAGE_ID}"