Documentation ¶
Index ¶
- Constants
- func NewEcosystem(ctx context.Context) *indexer.Ecosystem
- func NormalizeSeverity(severity string) claircore.Severity
- type Coalescer
- type DistributionScanner
- type Factory
- type FactoryConfig
- type FactoryOption
- type Matcher
- type Option
- type Release
- type RepoScannerConfig
- type RepositoryScanner
- func (r *RepositoryScanner) Configure(ctx context.Context, f indexer.ConfigDeserializer, c *http.Client) error
- func (*RepositoryScanner) Kind() string
- func (*RepositoryScanner) Name() string
- func (r *RepositoryScanner) Scan(ctx context.Context, l *claircore.Layer) (repositories []*claircore.Repository, err error)
- func (*RepositoryScanner) Version() string
- type Updater
- Bugs
Constants ¶
const ( None = "None" Low = "Low" Moderate = "Moderate" Important = "Important" Critical = "Critical" )
const DefaultContainerAPI = "https://catalog.redhat.com/api/containers/"
DefaultContainerAPI is a default Red Hat's container API URL
const DefaultManifest = `https://www.redhat.com/security/data/oval/v2/PULP_MANIFEST`
DefaultManifest is the url for the Red Hat OVAL pulp repository.
const DefaultRepo2CPEMappingURL = "https://www.redhat.com/security/data/metrics/repository-to-cpe.json"
DefaultRepo2CPEMappingURL is default URL with a mapping file provided by Red Hat
const RedHatRepositoryKey = "rhel-cpe-repository"
RedHatRepositoryKey is a key of Red Hat's CPE based repository
Variables ¶
This section is empty.
Functions ¶
func NewEcosystem ¶
NewEcosystem provides the set of scanners and coalescers for the rhel ecosystem
func NormalizeSeverity ¶
Types ¶
type Coalescer ¶
type Coalescer struct {
// contains filtered or unexported fields
}
Coalescer takes individual layer artifacts and coalesces them to form the final image's package results
func (*Coalescer) Coalesce ¶
func (c *Coalescer) Coalesce(ctx context.Context, artifacts []*indexer.LayerArtifacts) (*claircore.IndexReport, error)
Coalesce coalesces artifacts found in layers and creates a final IndexReport with the final package details found in the image. This method blocks and when its finished the c.ir field will hold the final IndexReport
type DistributionScanner ¶
type DistributionScanner struct{}
DistributionScanner attempts to discover if a layer displays characteristics of a Oracle distribution
func (*DistributionScanner) Kind ¶
func (*DistributionScanner) Kind() string
Kind implements scanner.VersionedScanner.
func (*DistributionScanner) Name ¶
func (*DistributionScanner) Name() string
Name implements scanner.VersionedScanner.
func (*DistributionScanner) Scan ¶
func (ds *DistributionScanner) Scan(ctx context.Context, l *claircore.Layer) ([]*claircore.Distribution, error)
Scan will inspect the layer for an os-release or lsb-release file and perform a regex match for keywords indicating the associated Oracle release
If neither file is found a (nil,nil) is returned. If the files are found but all regexp fail to match an empty slice is returned.
func (*DistributionScanner) Version ¶
func (*DistributionScanner) Version() string
Version implements scanner.VersionedScanner.
type Factory ¶
type Factory struct {
// contains filtered or unexported fields
}
Factory contains the configuration for fetching and parsing a pulp manifest.
func NewFactory ¶
NewFactory creates a Factory making updaters based on the contents of the provided pulp manifest.
func (*Factory) UpdaterSet ¶
UpdaterSet implements driver.UpdaterSetFactory.
type FactoryConfig ¶
type FactoryConfig struct {
URL string `json:"url" yaml:"url"`
}
FactoryConfig is the configuration accepted by the rhel updaters.
By convention, this should be in a map called "rhel".
type FactoryOption ¶
A FactoryOption is used with New to configure a Factory.
func FactoryWithClient ¶
func FactoryWithClient(h *http.Client) FactoryOption
FactoryWithClient sets the http.Client used for fetching the pulp manifest.
func FactoryWithUpdaterOptions ¶
func FactoryWithUpdaterOptions(opts ...Option) FactoryOption
FactoryWithUpdaterOptions provides Options down into created Updaters.
type Matcher ¶
type Matcher struct { }
Matcher implements driver.Matcher.
func (*Matcher) Filter ¶
func (*Matcher) Filter(record *claircore.IndexRecord) bool
Filter implements driver.Matcher.
func (*Matcher) Query ¶
func (*Matcher) Query() []driver.MatchConstraint
Query implements driver.Matcher.
func (*Matcher) Vulnerable ¶
func (m *Matcher) Vulnerable(ctx context.Context, record *claircore.IndexRecord, vuln *claircore.Vulnerability) (bool, error)
Vulnerable implements driver.Matcher.
type Option ¶
Option is a type to configure an Updater.
func WithClient ¶
WithClient sets an http.Client for use with an Updater.
If this Option is not supplied, http.DefaultClient will be used.
type RepoScannerConfig ¶
type RepoScannerConfig struct { Timeout time.Duration `json:"timeout" yaml:"timeout"` API string `json:"api" yaml:"api"` Repo2CPEMappingURL string `json:"repo2cpe_mapping_url" yaml:"repo2cpe_mapping_url"` Repo2CPEMappingFile string `json:"repo2cpe_mapping_file" yaml:"repo2cpe_mapping_file"` }
RepoScannerConfig is the struct that will be passed to (*RepositoryScanner).Configure's ConfigDeserializer argument.
type RepositoryScanner ¶
type RepositoryScanner struct {
// contains filtered or unexported fields
}
RepositoryScanner implements Red Hat repositories
func NewRepositoryScanner ¶
NewRepositoryScanner create new Repo scanner struct and initialize mapping updater
func (*RepositoryScanner) Configure ¶
func (r *RepositoryScanner) Configure(ctx context.Context, f indexer.ConfigDeserializer, c *http.Client) error
Configure implements the RPCScanner interface.
func (*RepositoryScanner) Kind ¶
func (*RepositoryScanner) Kind() string
Kind implements scanner.VersionedScanner.
func (*RepositoryScanner) Name ¶
func (*RepositoryScanner) Name() string
Name implements scanner.Name.
func (*RepositoryScanner) Scan ¶
func (r *RepositoryScanner) Scan(ctx context.Context, l *claircore.Layer) (repositories []*claircore.Repository, err error)
Scan gets Red Hat repositories information.
func (*RepositoryScanner) Version ¶
func (*RepositoryScanner) Version() string
Version implements scanner.VersionedScanner.
type Updater ¶
type Updater struct { ovalutil.Fetcher // fetch method promoted via embed // contains filtered or unexported fields }
Updater fetches and parses RHEL-flavored OVAL databases.
func NewUpdater ¶
NewUpdater returns an Updater.
func (*Updater) Parse ¶
func (u *Updater) Parse(ctx context.Context, r io.ReadCloser) ([]*claircore.Vulnerability, error)
Notes ¶
Bugs ¶
The semantics of the internal filesByRegexp function may be surprising:
Paths have Clean called on them, but may still be absolute.
Symlinks are not considered.
Paths are considered as a string, with no special treatment of separators.