database

package
v0.0.0-...-41c8d9c Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 27, 2019 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package database defines the Clair's models and a common interface for database implementations.

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrBackendException is an error that occurs when the database backend
	// does not work properly (ie. unreachable).
	ErrBackendException = NewStorageError("an error occurred when querying the backend")

	// ErrInconsistent is an error that occurs when a database consistency check
	// fails (i.e. when an entity which is supposed to be unique is detected
	// twice)
	ErrInconsistent = NewStorageError("inconsistent database")

	// ErrInvalidParameters is an error that occurs when the parameters are not valid.
	ErrInvalidParameters = NewStorageError("parameters are not valid")

	// ErrMissingEntities is an error that occurs when an associated immutable
	// entity doesn't exist in the database. This error can indicate a wrong
	// implementation or corrupted database.
	ErrMissingEntities = NewStorageError("associated immutable entities are missing in the database")
)
View Source
var (
	DetectorTypes = []DetectorType{
		NamespaceDetectorType,
		FeatureDetectorType,
	}
	// ErrFailedToParseDetectorType is the error returned when a detector type could
	// not be parsed from a string.
	ErrFailedToParseDetectorType = errors.New("failed to parse DetectorType from input")
	// ErrInvalidDetector is the error returned when a detector from database has
	// invalid name or version or type.
	ErrInvalidDetector = errors.New("the detector has invalid metadata")
)

DetectorTypes contains all detector types.

View Source
var DebianReleasesMapping = map[string]string{

	"squeeze":  "6",
	"wheezy":   "7",
	"jessie":   "8",
	"stretch":  "9",
	"buster":   "10",
	"bullseye": "11",
	"sid":      "unstable",

	"oldoldstable": "8",
	"oldstable":    "9",
	"stable":       "10",
	"testing":      "11",
	"unstable":     "unstable",
}

DebianReleasesMapping translates Debian code names and class names to version numbers

View Source
var ErrFailedToParseSeverity = errors.New("failed to parse Severity from input")

ErrFailedToParseSeverity is the error returned when a severity could not be parsed from a string.

Severities lists all known severities, ordered from lowest to highest.

View Source
var UbuntuReleasesMapping = map[string]string{
	"precise": "12.04",
	"quantal": "12.10",
	"raring":  "13.04",
	"trusty":  "14.04",
	"utopic":  "14.10",
	"vivid":   "15.04",
	"wily":    "15.10",
	"xenial":  "16.04",
	"yakkety": "16.10",
	"zesty":   "17.04",
	"artful":  "17.10",
	"bionic":  "18.04",
	"cosmic":  "18.10",
	"disco":   "19.04",
}

UbuntuReleasesMapping translates Ubuntu code names to version numbers

Functions

func AcquireLock

func AcquireLock(datastore Datastore, name, owner string, duration time.Duration) (acquired bool, expiration time.Time)

AcquireLock acquires a named global lock for a duration.

func AssertAncestryEqual

func AssertAncestryEqual(t *testing.T, expected, actual *Ancestry) bool

AssertAncestryEqual asserts actual ancestry equals to expected ancestry content wise.

func AssertAncestryLayerEqual

func AssertAncestryLayerEqual(t *testing.T, expected, actual *AncestryLayer) bool

AssertAncestryLayerEqual asserts actual ancestry layer equals to expected ancestry layer content wise.

func AssertDetectorsEqual

func AssertDetectorsEqual(t *testing.T, expected, actual []Detector) bool

AssertDetectorsEqual asserts actual detectors are content wise equal to expected detectors regardless of the ordering.

func AssertElementsEqual

func AssertElementsEqual(t *testing.T, expected, actual []interface{}) bool

AssertElementsEqual asserts that content in actual equals to content in expected array regardless of ordering.

Note: This function uses interface wise comparison.

func AssertFeaturesEqual

func AssertFeaturesEqual(t *testing.T, expected, actual []Feature) bool

AssertFeaturesEqual asserts content in actual equals content in expected regardless of ordering.

func AssertIntStringMapEqual

func AssertIntStringMapEqual(t *testing.T, expected, actual map[int]string) bool

AssertIntStringMapEqual asserts two maps with integer as key and string as value are equal.

func AssertLayerEqual

func AssertLayerEqual(t *testing.T, expected, actual *Layer) bool

AssertLayerEqual asserts actual layer equals to expected layer content wise.

func AssertLayerFeaturesEqual

func AssertLayerFeaturesEqual(t *testing.T, expected, actual []LayerFeature) bool

AssertLayerFeaturesEqual asserts content in actual equals to content in expected regardless of ordering.

func AssertLayerNamespacesEqual

func AssertLayerNamespacesEqual(t *testing.T, expected, actual []LayerNamespace) bool

AssertLayerNamespacesEqual asserts content in actual equals to content in expected regardless of ordering.

func AssertMetadataMapEqual

func AssertMetadataMapEqual(t *testing.T, expected, actual MetadataMap) bool

AssertMetadataMapEqual asserts two metadata maps are equal.

func AssertNamespacesEqual

func AssertNamespacesEqual(t *testing.T, expected, actual []Namespace) bool

AssertNamespacesEqual asserts content in actual equals to content in expected regardless of ordering.

func AssertVulnerabilityEqual

func AssertVulnerabilityEqual(t *testing.T, expected, actual *Vulnerability) bool

AssertVulnerabilityEqual asserts two vulnerabilities are equal.

func CacheRelatedVulnerabilityAndCommit

func CacheRelatedVulnerabilityAndCommit(datastore Datastore, features []NamespacedFeature) error

CacheRelatedVulnerabilityAndCommit wraps session CacheAffectedNamespacedFeatures function with begin and commit.

func ExtendLock

func ExtendLock(ds Datastore, name, whoami string, desiredLockDuration time.Duration) (bool, time.Time)

ExtendLock extends the duration of an existing global lock for the given duration.

func FindKeyValueAndRollback

func FindKeyValueAndRollback(datastore Datastore, key string) (value string, ok bool, err error)

FindKeyValueAndRollback wraps session FindKeyValue function with begin and roll back.

func InsertVulnerabilityNotificationsAndCommit

func InsertVulnerabilityNotificationsAndCommit(store Datastore, notifications []VulnerabilityNotification) error

InsertVulnerabilityNotificationsAndCommit inserts the notifications into db and commit.

func MarkNotificationAsReadAndCommit

func MarkNotificationAsReadAndCommit(store Datastore, name string) (bool, error)

MarkNotificationAsReadAndCommit marks a notification as read.

func PersistDetectorsAndCommit

func PersistDetectorsAndCommit(store Datastore, detectors []Detector) error

PersistDetectorsAndCommit stores the detectors in the data store.

func PersistFeaturesAndCommit

func PersistFeaturesAndCommit(datastore Datastore, features []Feature) error

PersistFeaturesAndCommit wraps session PersistFeaturesAndCommit function with begin and commit.

func PersistNamespacedFeaturesAndCommit

func PersistNamespacedFeaturesAndCommit(datastore Datastore, features []NamespacedFeature) error

PersistNamespacedFeaturesAndCommit wraps session PersistNamespacedFeatures function with begin and commit.

func PersistNamespacesAndCommit

func PersistNamespacesAndCommit(datastore Datastore, namespaces []Namespace) error

PersistNamespacesAndCommit wraps session PersistNamespaces function with begin and commit.

func PersistPartialLayerAndCommit

func PersistPartialLayerAndCommit(datastore Datastore, layer *Layer) error

PersistPartialLayerAndCommit wraps session PersistLayer function with begin and commit.

func Register

func Register(name string, driver Driver)

Register makes a Constructor available by the provided name.

If this function is called twice with the same name or if the Constructor is nil, it panics.

func ReleaseLock

func ReleaseLock(datastore Datastore, name, owner string)

ReleaseLock releases a named global lock.

func SerializeDetectors

func SerializeDetectors(detectors []Detector) []string

SerializeDetectors returns the string representation of given detectors.

func UpdateKeyValueAndCommit

func UpdateKeyValueAndCommit(store Datastore, key, value string) error

UpdateKeyValueAndCommit stores the key value to storage.

func UpdateVulnerabilitiesAndCommit

func UpdateVulnerabilitiesAndCommit(store Datastore, toRemove []VulnerabilityID, toAdd []VulnerabilityWithAffected) error

func UpsertAncestryAndCommit

func UpsertAncestryAndCommit(datastore Datastore, ancestry *Ancestry) error

UpsertAncestryAndCommit wraps session UpsertAncestry function with begin and commit.

Types

type AffectedFeature

type AffectedFeature struct {
	// FeatureType determines which type of package it affects.
	FeatureType FeatureType
	Namespace   Namespace
	FeatureName string
	// FixedInVersion is known next feature version that's not affected by the
	// vulnerability. Empty FixedInVersion means the unaffected version is
	// unknown.
	FixedInVersion string
	// AffectedVersion contains the version range to determine whether or not a
	// feature is affected.
	AffectedVersion string
}

AffectedFeature is used to determine whether a namespaced feature is affected by a Vulnerability. Namespace and Feature Name is unique. Affected Feature is bound to vulnerability.

type AffectedNamespacedFeature

type AffectedNamespacedFeature struct {
	NamespacedFeature

	AffectedBy []VulnerabilityWithFixedIn
}

AffectedNamespacedFeature is a namespaced feature affected by the vulnerabilities with fixed-in versions for this feature.

type Ancestry

type Ancestry struct {
	// Name is a globally unique value for a set of layers. This is often the
	// sha256 digest of an OCI/Docker manifest.
	Name string `json:"name"`
	// By contains the processors that are used when computing the
	// content of this ancestry.
	By []Detector `json:"by"`
	// Layers should be ordered and i_th layer is the parent of i+1_th layer in
	// the slice.
	Layers []AncestryLayer `json:"layers"`
}

Ancestry is a manifest that keeps all layers in an image in order.

func FindAncestryAndRollback

func FindAncestryAndRollback(datastore Datastore, name string) (Ancestry, bool, error)

FindAncestryAndRollback wraps session FindAncestry function with begin and rollback.

func (*Ancestry) Valid

func (a *Ancestry) Valid() bool

Valid checks if the ancestry is compliant to spec.

type AncestryFeature

type AncestryFeature struct {
	NamespacedFeature `json:"namespacedFeature"`

	// FeatureBy is the detector that detected the feature.
	FeatureBy Detector `json:"featureBy"`
	// NamespaceBy is the detector that detected the namespace.
	NamespaceBy Detector `json:"namespaceBy"`
}

AncestryFeature is a namespaced feature with the detectors used to find this feature.

type AncestryLayer

type AncestryLayer struct {
	// Hash is the sha-256 tarsum on the layer's blob content.
	Hash string `json:"hash"`
	// Features are the features introduced by this layer when it was
	// processed.
	Features []AncestryFeature `json:"features"`
}

AncestryLayer is a layer with all detected namespaced features.

func (*AncestryLayer) GetFeatures

func (l *AncestryLayer) GetFeatures() []NamespacedFeature

GetFeatures returns the Ancestry's features.

func (*AncestryLayer) Valid

func (l *AncestryLayer) Valid() bool

Valid checks if the Ancestry Layer is compliant to the spec.

type Datastore

type Datastore interface {
	// Begin starts a session to change.
	Begin() (Session, error)

	// Ping returns the health status of the database.
	Ping() bool

	// Close closes the database and frees any allocated resource.
	Close()
}

Datastore represents a persistent data store

func Open

Open opens a Datastore specified by a configuration.

type Detector

type Detector struct {
	// Name of an extension should be non-empty and uniquely identifies the
	// extension.
	Name string `json:"name"`
	// Version of an extension should be non-empty.
	Version string `json:"version"`
	// DType is the type of the extension and should be one of the types in
	// DetectorTypes.
	DType DetectorType `json:"dtype"`
}

Detector is an versioned Clair extension.

func DiffDetectors

func DiffDetectors(d1 []Detector, d2 []Detector) []Detector

DiffDetectors returns the detectors belongs to d1 but not d2

func IntersectDetectors

func IntersectDetectors(d1 []Detector, d2 []Detector) []Detector

IntersectDetectors returns the detectors in both d1 and d2.

func NewFeatureDetector

func NewFeatureDetector(name, version string) Detector

NewFeatureDetector returns a new feature detector.

func NewNamespaceDetector

func NewNamespaceDetector(name, version string) Detector

NewNamespaceDetector returns a new namespace detector.

func (Detector) String

func (d Detector) String() string

String returns a unique string representation of the detector.

func (Detector) Valid

func (d Detector) Valid() bool

Valid checks if all fields in the detector satisfies the spec.

type DetectorType

type DetectorType string

DetectorType is the type of a detector.

const (
	// NamespaceDetectorType is a type of detector that extracts the namespaces.
	NamespaceDetectorType DetectorType = "namespace"
	// FeatureDetectorType is a type of detector that extracts the features.
	FeatureDetectorType DetectorType = "feature"
)

func NewDetectorType

func NewDetectorType(s string) (DetectorType, error)

NewDetectorType attempts to parse a string into a standard DetectorType value.

func (*DetectorType) Scan

func (s *DetectorType) Scan(value interface{}) error

Scan implements the database/sql.Scanner interface.

func (DetectorType) Valid

func (s DetectorType) Valid() bool

Valid checks if a detector type is defined.

func (DetectorType) Value

func (s DetectorType) Value() (driver.Value, error)

Value implements the database/sql/driver.Valuer interface.

type Driver

Driver is a function that opens a Datastore specified by its database driver type and specific configuration.

type Feature

type Feature struct {
	Name          string      `json:"name"`
	Version       string      `json:"version"`
	VersionFormat string      `json:"versionFormat"`
	Type          FeatureType `json:"type"`
}

Feature represents a package detected in a layer but the namespace is not determined.

e.g. Name: Libssl1.0, Version: 1.0, VersionFormat: dpkg, Type: binary dpkg is the version format of the installer package manager, which in this case could be dpkg or apk.

func ConvertFeatureSetToFeatures

func ConvertFeatureSetToFeatures(features mapset.Set) []Feature

ConvertFeatureSetToFeatures converts a feature set to an array of features

func DeduplicateFeatures

func DeduplicateFeatures(features ...Feature) []Feature

DeduplicateFeatures deduplicates a list of list of features.

func NewBinaryPackage

func NewBinaryPackage(name string, version string, versionFormat string) *Feature

func NewFeature

func NewFeature(name string, version string, versionFormat string, featureType FeatureType) *Feature

func NewSourcePackage

func NewSourcePackage(name string, version string, versionFormat string) *Feature

type FeatureType

type FeatureType string

FeatureType indicates the type of feature that a vulnerability affects.

const (
	SourcePackage FeatureType = "source"
	BinaryPackage FeatureType = "binary"
)

func (*FeatureType) Scan

func (t *FeatureType) Scan(value interface{}) error

Scan implements the database/sql.Scanner interface.

func (*FeatureType) Value

func (t *FeatureType) Value() (driver.Value, error)

Value implements the database/sql/driver.Valuer interface.

type Layer

type Layer struct {
	// Hash is the sha-256 tarsum on the layer's blob content.
	Hash string `json:"hash"`
	// By contains a list of detectors scanned this Layer.
	By         []Detector       `json:"by"`
	Namespaces []LayerNamespace `json:"namespaces"`
	Features   []LayerFeature   `json:"features"`
}

Layer is a layer with all the detected features and namespaces.

func FindLayerAndRollback

func FindLayerAndRollback(datastore Datastore, hash string) (layer *Layer, ok bool, err error)

FindLayerAndRollback wraps session FindLayer function with begin and rollback.

func MergeLayers

func MergeLayers(l *Layer, new *Layer) *Layer

MergeLayers merges all content in new layer to l, where the content is updated.

func (*Layer) GetFeatures

func (l *Layer) GetFeatures() []Feature

func (*Layer) GetNamespaces

func (l *Layer) GetNamespaces() []Namespace

type LayerFeature

type LayerFeature struct {
	Feature `json:"feature"`

	// By is the detector found the feature.
	By                 Detector  `json:"by"`
	PotentialNamespace Namespace `json:"potentialNamespace"`
}

LayerFeature is a feature with detection information.

func ConvertFeatureSetToLayerFeatures

func ConvertFeatureSetToLayerFeatures(features mapset.Set) []LayerFeature

type LayerNamespace

type LayerNamespace struct {
	Namespace `json:"namespace"`

	// By is the detector found the namespace.
	By Detector `json:"by"`
}

LayerNamespace is a namespace with detection information.

type MetadataMap

type MetadataMap map[string]interface{}

MetadataMap is for storing the metadata returned by vulnerability database.

func (*MetadataMap) Scan

func (mm *MetadataMap) Scan(value interface{}) error

func (*MetadataMap) Value

func (mm *MetadataMap) Value() (driver.Value, error)

type MockDatastore

type MockDatastore struct {
	FctBegin func() (Session, error)
	FctPing  func() bool
	FctClose func()
}

MockDatastore implements Datastore and enables overriding each available method. The default behavior of each method is to simply panic.

func (*MockDatastore) Begin

func (mds *MockDatastore) Begin() (Session, error)

func (*MockDatastore) Close

func (mds *MockDatastore) Close()

func (*MockDatastore) Ping

func (mds *MockDatastore) Ping() bool

type MockSession

type MockSession struct {
	FctCommit                           func() error
	FctRollback                         func() error
	FctUpsertAncestry                   func(Ancestry) error
	FctFindAncestry                     func(name string) (Ancestry, bool, error)
	FctFindAffectedNamespacedFeatures   func(features []NamespacedFeature) ([]NullableAffectedNamespacedFeature, error)
	FctPersistNamespaces                func([]Namespace) error
	FctPersistFeatures                  func([]Feature) error
	FctPersistDetectors                 func(detectors []Detector) error
	FctPersistNamespacedFeatures        func([]NamespacedFeature) error
	FctCacheAffectedNamespacedFeatures  func([]NamespacedFeature) error
	FctPersistLayer                     func(hash string, features []LayerFeature, namespaces []LayerNamespace, by []Detector) error
	FctFindLayer                        func(name string) (Layer, bool, error)
	FctInsertVulnerabilities            func([]VulnerabilityWithAffected) error
	FctFindVulnerabilities              func([]VulnerabilityID) ([]NullableVulnerability, error)
	FctDeleteVulnerabilities            func([]VulnerabilityID) error
	FctInsertVulnerabilityNotifications func([]VulnerabilityNotification) error
	FctFindNewNotification              func(lastNotified time.Time) (NotificationHook, bool, error)
	FctFindVulnerabilityNotification    func(name string, limit int, oldPage pagination.Token, newPage pagination.Token) (
		vuln VulnerabilityNotificationWithVulnerable, ok bool, err error)
	FctMarkNotificationAsRead func(name string) error
	FctDeleteNotification     func(name string) error
	FctUpdateKeyValue         func(key, value string) error
	FctFindKeyValue           func(key string) (string, bool, error)
	FctAcquireLock            func(name, owner string, duration time.Duration) (bool, time.Time, error)
	FctExtendLock             func(name, owner string, duration time.Duration) (bool, time.Time, error)
	FctReleaseLock            func(name, owner string) error
}

MockSession implements Session and enables overriding each available method. The default behavior of each method is to simply panic.

func (*MockSession) AcquireLock

func (ms *MockSession) AcquireLock(name, owner string, duration time.Duration) (bool, time.Time, error)

func (*MockSession) CacheAffectedNamespacedFeatures

func (ms *MockSession) CacheAffectedNamespacedFeatures(namespacedFeatures []NamespacedFeature) error

func (*MockSession) Commit

func (ms *MockSession) Commit() error

func (*MockSession) DeleteNotification

func (ms *MockSession) DeleteNotification(name string) error

func (*MockSession) DeleteVulnerabilities

func (ms *MockSession) DeleteVulnerabilities(VulnerabilityIDs []VulnerabilityID) error

func (*MockSession) ExtendLock

func (ms *MockSession) ExtendLock(name, owner string, duration time.Duration) (bool, time.Time, error)

func (*MockSession) FindAffectedNamespacedFeatures

func (ms *MockSession) FindAffectedNamespacedFeatures(features []NamespacedFeature) ([]NullableAffectedNamespacedFeature, error)

func (*MockSession) FindAncestry

func (ms *MockSession) FindAncestry(name string) (Ancestry, bool, error)

func (*MockSession) FindKeyValue

func (ms *MockSession) FindKeyValue(key string) (string, bool, error)

func (*MockSession) FindLayer

func (ms *MockSession) FindLayer(name string) (Layer, bool, error)

func (*MockSession) FindNewNotification

func (ms *MockSession) FindNewNotification(lastNotified time.Time) (NotificationHook, bool, error)

func (*MockSession) FindVulnerabilities

func (ms *MockSession) FindVulnerabilities(vulnerabilityIDs []VulnerabilityID) ([]NullableVulnerability, error)

func (*MockSession) FindVulnerabilityNotification

func (ms *MockSession) FindVulnerabilityNotification(name string, limit int, oldPage pagination.Token, newPage pagination.Token) (
	VulnerabilityNotificationWithVulnerable, bool, error)

func (*MockSession) InsertVulnerabilities

func (ms *MockSession) InsertVulnerabilities(vulnerabilities []VulnerabilityWithAffected) error

func (*MockSession) InsertVulnerabilityNotifications

func (ms *MockSession) InsertVulnerabilityNotifications(vulnerabilityNotifications []VulnerabilityNotification) error

func (*MockSession) MarkNotificationAsRead

func (ms *MockSession) MarkNotificationAsRead(name string) error

func (*MockSession) PersistDetectors

func (ms *MockSession) PersistDetectors(detectors []Detector) error

func (*MockSession) PersistFeatures

func (ms *MockSession) PersistFeatures(features []Feature) error

func (*MockSession) PersistLayer

func (ms *MockSession) PersistLayer(hash string, features []LayerFeature, namespaces []LayerNamespace, detectors []Detector) error

func (*MockSession) PersistNamespacedFeatures

func (ms *MockSession) PersistNamespacedFeatures(namespacedFeatures []NamespacedFeature) error

func (*MockSession) PersistNamespaces

func (ms *MockSession) PersistNamespaces(namespaces []Namespace) error

func (*MockSession) ReleaseLock

func (ms *MockSession) ReleaseLock(name, owner string) error

func (*MockSession) Rollback

func (ms *MockSession) Rollback() error

func (*MockSession) UpdateKeyValue

func (ms *MockSession) UpdateKeyValue(key, value string) error

func (*MockSession) UpsertAncestry

func (ms *MockSession) UpsertAncestry(ancestry Ancestry) error

type Namespace

type Namespace struct {
	Name          string `json:"name"`
	VersionFormat string `json:"versionFormat"`
}

Namespace is the contextual information around features.

e.g. Debian:7, NodeJS.

func DeduplicateNamespaces

func DeduplicateNamespaces(namespaces ...Namespace) []Namespace

DeduplicateNamespaces deduplicates a list of namespaces.

func NewNamespace

func NewNamespace(name string, versionFormat string) *Namespace

func (*Namespace) Valid

func (ns *Namespace) Valid() bool

type NamespacedFeature

type NamespacedFeature struct {
	Feature `json:"feature"`

	Namespace Namespace `json:"namespace"`
}

NamespacedFeature is a feature with determined namespace and can be affected by vulnerabilities.

e.g. OpenSSL 1.0 dpkg Debian:7.

func DeduplicateNamespacedFeatures

func DeduplicateNamespacedFeatures(features []NamespacedFeature) []NamespacedFeature

DeduplicateNamespacedFeatures returns a copy of all unique features in the input.

func GetAncestryFeatures

func GetAncestryFeatures(ancestry Ancestry) []NamespacedFeature

GetAncestryFeatures returns a list of unique namespaced features in the ancestry.

func NewNamespacedFeature

func NewNamespacedFeature(namespace *Namespace, feature *Feature) *NamespacedFeature

type NotificationHook

type NotificationHook struct {
	Name string

	Created  time.Time
	Notified time.Time
	Deleted  time.Time
}

NotificationHook is a message sent to another service to inform of a change to a Vulnerability or the Ancestries affected by a Vulnerability. It contains the name of a notification that should be read and marked as read via the API.

func FindNewNotification

func FindNewNotification(store Datastore, notifiedBefore time.Time) (NotificationHook, bool, error)

FindNewNotification finds notifications either never notified or notified before the given time.

type NullableAffectedNamespacedFeature

type NullableAffectedNamespacedFeature struct {
	AffectedNamespacedFeature

	Valid bool
}

NullableAffectedNamespacedFeature is an affectednamespacedfeature with whether it's found in datastore.

func FindAffectedNamespacedFeaturesAndRollback

func FindAffectedNamespacedFeaturesAndRollback(store Datastore, features []NamespacedFeature) ([]NullableAffectedNamespacedFeature, error)

FindAffectedNamespacedFeaturesAndRollback finds the vulnerabilities on each feature.

type NullableVulnerability

type NullableVulnerability struct {
	VulnerabilityWithAffected

	Valid bool
}

NullableVulnerability is a vulnerability with whether the vulnerability is found in datastore.

func FindVulnerabilitiesAndRollback

func FindVulnerabilitiesAndRollback(store Datastore, ids []VulnerabilityID) ([]NullableVulnerability, error)

FindVulnerabilitiesAndRollback finds the vulnerabilities based on given ids.

type PagedVulnerableAncestries

type PagedVulnerableAncestries struct {
	Vulnerability

	// Affected is a map of special indexes to Ancestries, which the pair
	// should be unique in a stream. Every indexes in the map should be larger
	// than previous page.
	Affected map[int]string

	Limit   int
	Current pagination.Token
	Next    pagination.Token

	// End signals the end of the pages.
	End bool
}

PagedVulnerableAncestries is a vulnerability with a page of affected ancestries each with a special index attached for streaming purpose. The current page number and next page number are for navigate.

type RegistrableComponentConfig

type RegistrableComponentConfig struct {
	Type    string
	Options map[string]interface{}
}

RegistrableComponentConfig is a configuration block that can be used to determine which registrable component should be initialized and pass custom configuration to it.

type Session

type Session interface {
	// Commit commits changes to datastore.
	//
	// Commit call after Rollback does no-op.
	Commit() error

	// Rollback drops changes to datastore.
	//
	// Rollback call after Commit does no-op.
	Rollback() error

	// UpsertAncestry inserts or replaces an ancestry and its namespaced
	// features and processors used to scan the ancestry.
	UpsertAncestry(Ancestry) error

	// FindAncestry retrieves an ancestry with all detected
	// namespaced features. If the ancestry is not found, return false.
	FindAncestry(name string) (ancestry Ancestry, found bool, err error)

	// PersistDetector inserts a slice of detectors if not in the database.
	PersistDetectors(detectors []Detector) error

	// PersistFeatures inserts a set of features if not in the database.
	PersistFeatures(features []Feature) error

	// PersistNamespacedFeatures inserts a set of namespaced features if not in
	// the database.
	PersistNamespacedFeatures([]NamespacedFeature) error

	// CacheAffectedNamespacedFeatures relates the namespaced features with the
	// vulnerabilities affecting these features.
	//
	// NOTE(Sida): it's not necessary for every database implementation and so
	// this function may have a better home.
	CacheAffectedNamespacedFeatures([]NamespacedFeature) error

	// FindAffectedNamespacedFeatures retrieves a set of namespaced features
	// with affecting vulnerabilities.
	FindAffectedNamespacedFeatures(features []NamespacedFeature) ([]NullableAffectedNamespacedFeature, error)

	// PersistNamespaces inserts a set of namespaces if not in the database.
	PersistNamespaces([]Namespace) error

	// PersistLayer appends a layer's content in the database.
	//
	// If any feature, namespace, or detector is not in the database, it returns not found error.
	PersistLayer(hash string, features []LayerFeature, namespaces []LayerNamespace, detectedBy []Detector) error

	// FindLayer returns a layer with all detected features and
	// namespaces.
	FindLayer(hash string) (layer Layer, found bool, err error)

	// InsertVulnerabilities inserts a set of UNIQUE vulnerabilities with
	// affected features into database, assuming that all vulnerabilities
	// provided are NOT in database and all vulnerabilities' namespaces are
	// already in the database.
	InsertVulnerabilities([]VulnerabilityWithAffected) error

	// FindVulnerability retrieves a set of Vulnerabilities with affected
	// features.
	FindVulnerabilities([]VulnerabilityID) ([]NullableVulnerability, error)

	// DeleteVulnerability removes a set of Vulnerabilities assuming that the
	// requested vulnerabilities are in the database.
	DeleteVulnerabilities([]VulnerabilityID) error

	// InsertVulnerabilityNotifications inserts a set of unique vulnerability
	// notifications into datastore, assuming that they are not in the database.
	InsertVulnerabilityNotifications([]VulnerabilityNotification) error

	// FindNewNotification retrieves a notification, which has never been
	// notified or notified before a certain time.
	FindNewNotification(notifiedBefore time.Time) (hook NotificationHook, found bool, err error)

	// FindVulnerabilityNotification retrieves a vulnerability notification with
	// affected ancestries affected by old or new vulnerability.
	//
	// Because the number of affected ancestries maybe large, they are paginated
	// and their pages are specified by the pagination token, which should be
	// considered first page when it's empty.
	FindVulnerabilityNotification(name string, limit int, oldVulnerabilityPage pagination.Token, newVulnerabilityPage pagination.Token) (noti VulnerabilityNotificationWithVulnerable, found bool, err error)

	// MarkNotificationAsRead marks a Notification as notified now, assuming
	// the requested notification is in the database.
	MarkNotificationAsRead(name string) error

	// DeleteNotification removes a Notification in the database.
	DeleteNotification(name string) error

	// UpdateKeyValue stores or updates a simple key/value pair.
	UpdateKeyValue(key, value string) error

	// FindKeyValue retrieves a value from the given key.
	FindKeyValue(key string) (value string, found bool, err error)

	// AcquireLock acquires a brand new lock in the database with a given name
	// for the given duration.
	//
	// A lock can only have one owner.
	// This method should NOT block until a lock is acquired.
	AcquireLock(name, owner string, duration time.Duration) (acquired bool, expiration time.Time, err error)

	// ExtendLock extends an existing lock such that the lock will expire at the
	// current time plus the provided duration.
	//
	// This method should return immediately with an error if the lock does not
	// exist.
	ExtendLock(name, owner string, duration time.Duration) (extended bool, expiration time.Time, err error)

	// ReleaseLock releases an existing lock.
	ReleaseLock(name, owner string) error
}

Session contains the required operations on a persistent data store for a Clair deployment.

Session is started by Datastore.Begin and terminated with Commit or Rollback. Besides Commit and Rollback, other functions cannot be called after the session is terminated. Any function is not guaranteed to be called successfully if there's a session failure.

type Severity

type Severity string

Severity defines a standard scale for measuring the severity of a vulnerability.

const (
	// UnknownSeverity is either a security problem that has not been assigned to
	// a priority yet or a priority that our system did not recognize.
	UnknownSeverity Severity = "Unknown"

	// NegligibleSeverity is technically a security problem, but is only
	// theoretical in nature, requires a very special situation, has almost no
	// install base, or does no real damage. These tend not to get backport from
	// upstream, and will likely not be included in security updates unless
	// there is an easy fix and some other issue causes an update.
	NegligibleSeverity Severity = "Negligible"

	// LowSeverity is a security problem, but is hard to exploit due to
	// environment, requires a user-assisted attack, a small install base, or
	// does very little damage.  These tend to be included in security updates
	// only when higher priority issues require an update, or if many low
	// priority issues have built up.
	LowSeverity Severity = "Low"

	// MediumSeverity is a real security problem, and is exploitable for many
	// people.  Includes network daemon denial of service attacks, cross-site
	// scripting, and gaining user privileges.  Updates should be made soon for
	// this priority of issue.
	MediumSeverity Severity = "Medium"

	// HighSeverity is a real problem, exploitable for many people in a default
	// installation. Includes serious remote denial of services, local root
	// privilege escalations, or data loss.
	HighSeverity Severity = "High"

	// CriticalSeverity is a world-burning problem, exploitable for nearly all
	// people in a default installation of Linux. Includes remote root privilege
	// escalations, or massive data loss.
	CriticalSeverity Severity = "Critical"

	// Defcon1Severity is a Critical problem which has been manually highlighted
	// by the team. It requires an immediate attention.
	Defcon1Severity Severity = "Defcon1"
)

func NewSeverity

func NewSeverity(s string) (Severity, error)

NewSeverity attempts to parse a string into a standard Severity value.

func (Severity) Compare

func (s Severity) Compare(s2 Severity) int

Compare determines the equality of two severities.

If the severities are equal, returns 0. If the receiver is less, returns -1. If the receiver is greater, returns 1.

func (*Severity) Scan

func (s *Severity) Scan(value interface{}) error

Scan implements the database/sql.Scanner interface.

func (Severity) Valid

func (s Severity) Valid() bool

Valid checks if the severity is valid or not.

func (Severity) Value

func (s Severity) Value() (driver.Value, error)

Value implements the database/sql/driver.Valuer interface.

type StorageError

type StorageError struct {
	// contains filtered or unexported fields
}

StorageError is database error

func NewStorageError

func NewStorageError(reason string) *StorageError

NewStorageError creates a new database error

func NewStorageErrorWithInternalError

func NewStorageErrorWithInternalError(reason string, originalError error) *StorageError

NewStorageErrorWithInternalError creates a new database error

func (*StorageError) Error

func (e *StorageError) Error() string

type Vulnerability

type Vulnerability struct {
	Name      string
	Namespace Namespace

	Description string
	Link        string
	Severity    Severity

	Metadata MetadataMap
}

Vulnerability represents CVE or similar vulnerability reports.

type VulnerabilityID

type VulnerabilityID struct {
	Name      string
	Namespace string
}

VulnerabilityID is an identifier for every vulnerability. Every vulnerability has unique namespace and name.

type VulnerabilityNotification

type VulnerabilityNotification struct {
	NotificationHook

	Old *Vulnerability
	New *Vulnerability
}

VulnerabilityNotification is a notification for vulnerability changes.

type VulnerabilityNotificationWithVulnerable

type VulnerabilityNotificationWithVulnerable struct {
	NotificationHook

	Old *PagedVulnerableAncestries
	New *PagedVulnerableAncestries
}

VulnerabilityNotificationWithVulnerable is a notification for vulnerability changes with vulnerable ancestries.

func FindVulnerabilityNotificationAndRollback

func FindVulnerabilityNotificationAndRollback(store Datastore, name string, limit int, oldVulnerabilityPage pagination.Token, newVulnerabilityPage pagination.Token) (VulnerabilityNotificationWithVulnerable, bool, error)

FindVulnerabilityNotificationAndRollback finds the vulnerability notification and rollback.

type VulnerabilityWithAffected

type VulnerabilityWithAffected struct {
	Vulnerability

	Affected []AffectedFeature
}

VulnerabilityWithAffected is a vulnerability with all known affected features.

type VulnerabilityWithFixedIn

type VulnerabilityWithFixedIn struct {
	Vulnerability

	FixedInVersion string
}

VulnerabilityWithFixedIn is used for AffectedNamespacedFeature to retrieve the affecting vulnerabilities and the fixed-in versions for the feature.

Directories

Path Synopsis
Package pgsql implements database.Datastore with PostgreSQL.
Package pgsql implements database.Datastore with PostgreSQL.
migrations
Package migrations regroups every migrations available to the pgsql database backend.
Package migrations regroups every migrations available to the pgsql database backend.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL