Documentation ¶
Index ¶
- Variables
- type ConfigUnmarshaler
- type Configurable
- type ErrExists
- type Fetcher
- type Fingerprint
- type MatchConstraint
- type Matcher
- type MatcherConfigUnmarshaler
- type MatcherConfigurable
- type MatcherFactory
- type MatcherFactoryFunc
- type Parser
- type RemoteMatcher
- type UpdateDiff
- type UpdateKind
- type UpdateOperation
- type Updater
- type UpdaterSet
- type UpdaterSetFactory
- type UpdaterSetFactoryFunc
- type VersionFilter
Constants ¶
This section is empty.
Variables ¶
var Unchanged = errors.New("database contents unchanged")
Unchanged is returned by Fetchers when the database has not changed.
Functions ¶
This section is empty.
Types ¶
type ConfigUnmarshaler ¶
type ConfigUnmarshaler func(interface{}) error
ConfigUnmarshaler can be thought of as an Unmarshal function with the byte slice provided, or a Decode function.
The function should populate a passed struct with any configuration information.
type Configurable ¶
Configurable is an interface that Updaters can implement to opt-in to having their configuration provided dynamically.
type ErrExists ¶
type ErrExists struct {
Updater []string
}
ErrExists is an error returned if the updater already exists in the set.
type Fetcher ¶
type Fetcher interface {
Fetch(context.Context, Fingerprint) (io.ReadCloser, Fingerprint, error)
}
Fetcher is an interface which is embedded into the Updater interface.
When called the interface should determine if new security advisory data is available. Fingerprint may be passed into in order for the Fetcher to determine if the contents has changed
If there is new content Fetcher should return a io.ReadCloser where the new content can be read. Optionally a fingerprint can be returned which uniquely identifies the new content.
If the conent has not change an Unchanged error should be returned.
type Fingerprint ¶
type Fingerprint string
Fingerprint is some identifying information about a vulnerability database.
type MatchConstraint ¶
type MatchConstraint int
MatchConstraint explains to the caller how a search for a package's vulnerability should be constrained.
for example if sql implementation encounters a DistributionDID constraint it should create a query similar to "SELECT * FROM vulnerabilities WHERE package_name = ? AND distribution_did = ?"
const ( // should match claircore.Package.Source.Name => claircore.Vulnerability.Package.Name PackageSourceName MatchConstraint // should match claircore.Package.Name => claircore.Vulnerability.Package.Name PackageName // should match claircore.Package.Module => claircore.Vulnerability.Package.Module PackageModule // should match claircore.Package.Distribution.DID => claircore.Vulnerability.Package.Distribution.DID DistributionDID // should match claircore.Package.Distribution.Name => claircore.Vulnerability.Package.Distribution.Name DistributionName // should match claircore.Package.Distribution.Version => claircore.Vulnerability.Package.Distribution.Version DistributionVersion // should match claircore.Package.Distribution.VersionCodeName => claircore.Vulnerability.Package.Distribution.VersionCodeName DistributionVersionCodeName // should match claircore.Package.Distribution.VersionID => claircore.Vulnerability.Package.Distribution.VersionID DistributionVersionID // should match claircore.Package.Distribution.Arch => claircore.Vulnerability.Package.Distribution.Arch DistributionArch // should match claircore.Package.Distribution.CPE => claircore.Vulnerability.Package.Distribution.CPE DistributionCPE // should match claircore.Package.Distribution.PrettyName => claircore.Vulnerability.Package.Distribution.PrettyName DistributionPrettyName // should match claircore.Package.Repository.Name => claircore.Vulnerability.Package.Repository.Name RepositoryName )
type Matcher ¶
type Matcher interface { // a unique name for the matcher Name() string // Filter informs the Controller if the implemented Matcher is interested in the provided IndexRecord. Filter(record *claircore.IndexRecord) bool // Query informs the Controller how it should match packages with vulnerabilities. // All conditions are logical AND'd together. Query() []MatchConstraint // Vulnerable informs the Controller if the given package is affected by the given vulnerability. // for example checking the "FixedInVersion" field. Vulnerable(ctx context.Context, record *claircore.IndexRecord, vuln *claircore.Vulnerability) (bool, error) }
Matcher is an interface which a Controller uses to query the vulnstore for vulnerabilities.
type MatcherConfigUnmarshaler ¶
type MatcherConfigUnmarshaler func(interface{}) error
MatcherConfigUnmarshaler can be thought of as an Unmarshal function with the byte slice provided, or a Decode function.
The function should populate a passed struct with any configuration information.
type MatcherConfigurable ¶
type MatcherConfigurable interface {
Configure(context.Context, MatcherConfigUnmarshaler, *http.Client) error
}
MatcherConfigurable is an interface that MatcherFactory can implement to opt-in to having their configuration provided dynamically.
type MatcherFactory ¶
MatcherFactory is used to construct matchers at run-time.
func MatcherStatic ¶
func MatcherStatic(s Matcher) MatcherFactory
MatcherStatic creates an MatcherFactoryFunc returning the provided matcher.
type MatcherFactoryFunc ¶
MatcherFactoryFunc would ease the registration of Matchers which don't need Configurability.
type Parser ¶
type Parser interface { // Parse should take an io.ReadCloser, read the contents, parse the contents // into a list of claircore.Vulnerability structs and then return // the list. Parse should assume contents are uncompressed and ready for parsing. Parse(ctx context.Context, contents io.ReadCloser) ([]*claircore.Vulnerability, error) }
Parser is an interface which is embedded into the Updater interface.
Parse should be called with an io.ReadCloser struct where the contents of a security advisory database can be read and parsed into an array of *claircore.Vulnerability
type RemoteMatcher ¶
type RemoteMatcher interface {
QueryRemoteMatcher(ctx context.Context, records []*claircore.IndexRecord) (map[string][]*claircore.Vulnerability, error)
}
The information retrieved from this interface won't be persisted into ClairCore database.
type UpdateDiff ¶
type UpdateDiff struct { Prev UpdateOperation `json:"prev"` Cur UpdateOperation `json:"cur"` Added []claircore.Vulnerability `json:"added"` Removed []claircore.Vulnerability `json:"removed"` }
UpdateDiff represents added or removed vulnerabilities between update operations
type UpdateKind ¶
type UpdateKind string
var EnrichmentKind UpdateKind = "enrichment"
var VulnerabilityKind UpdateKind = "vulnerability"
type UpdateOperation ¶
type UpdateOperation struct { Ref uuid.UUID `json:"ref"` Updater string `json:"updater"` Fingerprint Fingerprint `json:"fingerprint"` Date time.Time `json:"date"` Kind UpdateKind `json:"kind"` }
UpdateOperation is a unique update to the vulnstore by an Updater.
type Updater ¶
Updater is an aggregate interface combining the method set of a Fetcher and a Parser and forces a Name() to be provided
type UpdaterSet ¶
type UpdaterSet struct {
// contains filtered or unexported fields
}
UpdaterSet holds a deduplicated set of updaters.
func NewUpdaterSet ¶
func NewUpdaterSet() UpdaterSet
NewUpdaterSet returns an initialized UpdaterSet.
func (*UpdaterSet) Add ¶
func (s *UpdaterSet) Add(u Updater) error
Add will add an Updater to the set.
An error will be reported if an updater with the same name already exists.
func (*UpdaterSet) Merge ¶
func (s *UpdaterSet) Merge(set UpdaterSet) error
Merge will merge the UpdaterSet provided as argument into the UpdaterSet provided as the function receiver.
If an updater exists in the target set an error specifying which updaters could not be merged is returned.
func (*UpdaterSet) RegexFilter ¶
func (s *UpdaterSet) RegexFilter(regex string) error
RegexFilter will remove any updaters from the set whose reported names do not match the provided regexp string.
func (*UpdaterSet) Updaters ¶
func (s *UpdaterSet) Updaters() []Updater
Updaters returns the updaters within the set as slice.
type UpdaterSetFactory ¶
type UpdaterSetFactory interface {
UpdaterSet(context.Context) (UpdaterSet, error)
}
UpdaterSetFactory is used to construct updaters at run-time.
func StaticSet ¶
func StaticSet(s UpdaterSet) UpdaterSetFactory
StaticSet creates an UpdaterSetFunc returning the provided set.
type UpdaterSetFactoryFunc ¶
type UpdaterSetFactoryFunc func(context.Context) (UpdaterSet, error)
func (UpdaterSetFactoryFunc) UpdaterSet ¶
func (u UpdaterSetFactoryFunc) UpdaterSet(ctx context.Context) (UpdaterSet, error)
type VersionFilter ¶
type VersionFilter interface { VersionFilter() // VersionAuthoritative reports whether the Matcher trusts the database-side // filtering to be authoritative. // // A Matcher may return false if it's using a versioning scheme that can't // be completely normalized into a claircore.Version. VersionAuthoritative() bool }
VersionFilter is an additional interface that a Matcher can implment to opt-in to using normalized version information in database queries.