Documentation ¶
Overview ¶
Package database defines the Clair's models and a common interface for database implementations.
Index ¶
- Variables
- func AcquireLock(datastore Datastore, name, owner string, duration time.Duration) (acquired bool, expiration time.Time)
- func AssertAncestryEqual(t *testing.T, expected, actual *Ancestry) bool
- func AssertAncestryLayerEqual(t *testing.T, expected, actual *AncestryLayer) bool
- func AssertDetectorsEqual(t *testing.T, expected, actual []Detector) bool
- func AssertElementsEqual(t *testing.T, expected, actual []interface{}) bool
- func AssertFeaturesEqual(t *testing.T, expected, actual []Feature) bool
- func AssertIntStringMapEqual(t *testing.T, expected, actual map[int]string) bool
- func AssertLayerEqual(t *testing.T, expected, actual *Layer) bool
- func AssertLayerFeaturesEqual(t *testing.T, expected, actual []LayerFeature) bool
- func AssertLayerNamespacesEqual(t *testing.T, expected, actual []LayerNamespace) bool
- func AssertMetadataMapEqual(t *testing.T, expected, actual MetadataMap) bool
- func AssertNamespacesEqual(t *testing.T, expected, actual []Namespace) bool
- func AssertVulnerabilityEqual(t *testing.T, expected, actual *Vulnerability) bool
- func CacheRelatedVulnerabilityAndCommit(datastore Datastore, features []NamespacedFeature) error
- func ExtendLock(ds Datastore, name, whoami string, desiredLockDuration time.Duration) (bool, time.Time)
- func FindKeyValueAndRollback(datastore Datastore, key string) (value string, ok bool, err error)
- func InsertVulnerabilityNotificationsAndCommit(store Datastore, notifications []VulnerabilityNotification) error
- func MarkNotificationAsReadAndCommit(store Datastore, name string) (bool, error)
- func PersistDetectorsAndCommit(store Datastore, detectors []Detector) error
- func PersistFeaturesAndCommit(datastore Datastore, features []Feature) error
- func PersistNamespacedFeaturesAndCommit(datastore Datastore, features []NamespacedFeature) error
- func PersistNamespacesAndCommit(datastore Datastore, namespaces []Namespace) error
- func PersistPartialLayerAndCommit(datastore Datastore, layer *Layer) error
- func Register(name string, driver Driver)
- func ReleaseLock(datastore Datastore, name, owner string)
- func SerializeDetectors(detectors []Detector) []string
- func UpdateKeyValueAndCommit(store Datastore, key, value string) error
- func UpdateVulnerabilitiesAndCommit(store Datastore, toRemove []VulnerabilityID, toAdd []VulnerabilityWithAffected) error
- func UpsertAncestryAndCommit(datastore Datastore, ancestry *Ancestry) error
- type AffectedFeature
- type AffectedNamespacedFeature
- type Ancestry
- type AncestryFeature
- type AncestryLayer
- type Datastore
- type Detector
- type DetectorType
- type Driver
- type Feature
- func ConvertFeatureSetToFeatures(features mapset.Set) []Feature
- func DeduplicateFeatures(features ...Feature) []Feature
- func NewBinaryPackage(name string, version string, versionFormat string) *Feature
- func NewFeature(name string, version string, versionFormat string, featureType FeatureType) *Feature
- func NewSourcePackage(name string, version string, versionFormat string) *Feature
- type FeatureType
- type Layer
- type LayerFeature
- type LayerNamespace
- type MetadataMap
- type MockDatastore
- type MockSession
- func (ms *MockSession) AcquireLock(name, owner string, duration time.Duration) (bool, time.Time, error)
- func (ms *MockSession) CacheAffectedNamespacedFeatures(namespacedFeatures []NamespacedFeature) error
- func (ms *MockSession) Commit() error
- func (ms *MockSession) DeleteNotification(name string) error
- func (ms *MockSession) DeleteVulnerabilities(VulnerabilityIDs []VulnerabilityID) error
- func (ms *MockSession) ExtendLock(name, owner string, duration time.Duration) (bool, time.Time, error)
- func (ms *MockSession) FindAffectedNamespacedFeatures(features []NamespacedFeature) ([]NullableAffectedNamespacedFeature, error)
- func (ms *MockSession) FindAncestry(name string) (Ancestry, bool, error)
- func (ms *MockSession) FindKeyValue(key string) (string, bool, error)
- func (ms *MockSession) FindLayer(name string) (Layer, bool, error)
- func (ms *MockSession) FindNewNotification(lastNotified time.Time) (NotificationHook, bool, error)
- func (ms *MockSession) FindVulnerabilities(vulnerabilityIDs []VulnerabilityID) ([]NullableVulnerability, error)
- func (ms *MockSession) FindVulnerabilityNotification(name string, limit int, oldPage pagination.Token, newPage pagination.Token) (VulnerabilityNotificationWithVulnerable, bool, error)
- func (ms *MockSession) InsertVulnerabilities(vulnerabilities []VulnerabilityWithAffected) error
- func (ms *MockSession) InsertVulnerabilityNotifications(vulnerabilityNotifications []VulnerabilityNotification) error
- func (ms *MockSession) MarkNotificationAsRead(name string) error
- func (ms *MockSession) PersistDetectors(detectors []Detector) error
- func (ms *MockSession) PersistFeatures(features []Feature) error
- func (ms *MockSession) PersistLayer(hash string, features []LayerFeature, namespaces []LayerNamespace, ...) error
- func (ms *MockSession) PersistNamespacedFeatures(namespacedFeatures []NamespacedFeature) error
- func (ms *MockSession) PersistNamespaces(namespaces []Namespace) error
- func (ms *MockSession) ReleaseLock(name, owner string) error
- func (ms *MockSession) Rollback() error
- func (ms *MockSession) UpdateKeyValue(key, value string) error
- func (ms *MockSession) UpsertAncestry(ancestry Ancestry) error
- type Namespace
- type NamespacedFeature
- type NotificationHook
- type NullableAffectedNamespacedFeature
- type NullableVulnerability
- type PagedVulnerableAncestries
- type RegistrableComponentConfig
- type Session
- type Severity
- type StorageError
- type Vulnerability
- type VulnerabilityID
- type VulnerabilityNotification
- type VulnerabilityNotificationWithVulnerable
- type VulnerabilityWithAffected
- type VulnerabilityWithFixedIn
Constants ¶
This section is empty.
Variables ¶
var ( // ErrBackendException is an error that occurs when the database backend // does not work properly (ie. unreachable). ErrBackendException = NewStorageError("an error occurred when querying the backend") // ErrInconsistent is an error that occurs when a database consistency check // fails (i.e. when an entity which is supposed to be unique is detected // twice) ErrInconsistent = NewStorageError("inconsistent database") // ErrInvalidParameters is an error that occurs when the parameters are not valid. ErrInvalidParameters = NewStorageError("parameters are not valid") // ErrMissingEntities is an error that occurs when an associated immutable // entity doesn't exist in the database. This error can indicate a wrong // implementation or corrupted database. ErrMissingEntities = NewStorageError("associated immutable entities are missing in the database") )
var ( DetectorTypes = []DetectorType{ NamespaceDetectorType, FeatureDetectorType, } // ErrFailedToParseDetectorType is the error returned when a detector type could // not be parsed from a string. ErrFailedToParseDetectorType = errors.New("failed to parse DetectorType from input") // ErrInvalidDetector is the error returned when a detector from database has // invalid name or version or type. ErrInvalidDetector = errors.New("the detector has invalid metadata") )
DetectorTypes contains all detector types.
var DebianReleasesMapping = map[string]string{
"squeeze": "6",
"wheezy": "7",
"jessie": "8",
"stretch": "9",
"buster": "10",
"bullseye": "11",
"sid": "unstable",
"oldoldstable": "8",
"oldstable": "9",
"stable": "10",
"testing": "11",
"unstable": "unstable",
}
DebianReleasesMapping translates Debian code names and class names to version numbers
var ErrFailedToParseSeverity = errors.New("failed to parse Severity from input")
ErrFailedToParseSeverity is the error returned when a severity could not be parsed from a string.
var Severities = []Severity{ UnknownSeverity, NegligibleSeverity, LowSeverity, MediumSeverity, HighSeverity, CriticalSeverity, Defcon1Severity, }
Severities lists all known severities, ordered from lowest to highest.
var UbuntuReleasesMapping = map[string]string{
"precise": "12.04",
"quantal": "12.10",
"raring": "13.04",
"trusty": "14.04",
"utopic": "14.10",
"vivid": "15.04",
"wily": "15.10",
"xenial": "16.04",
"yakkety": "16.10",
"zesty": "17.04",
"artful": "17.10",
"bionic": "18.04",
"cosmic": "18.10",
"disco": "19.04",
}
UbuntuReleasesMapping translates Ubuntu code names to version numbers
Functions ¶
func AcquireLock ¶
func AcquireLock(datastore Datastore, name, owner string, duration time.Duration) (acquired bool, expiration time.Time)
AcquireLock acquires a named global lock for a duration.
func AssertAncestryEqual ¶
AssertAncestryEqual asserts actual ancestry equals to expected ancestry content wise.
func AssertAncestryLayerEqual ¶
func AssertAncestryLayerEqual(t *testing.T, expected, actual *AncestryLayer) bool
AssertAncestryLayerEqual asserts actual ancestry layer equals to expected ancestry layer content wise.
func AssertDetectorsEqual ¶
AssertDetectorsEqual asserts actual detectors are content wise equal to expected detectors regardless of the ordering.
func AssertElementsEqual ¶
AssertElementsEqual asserts that content in actual equals to content in expected array regardless of ordering.
Note: This function uses interface wise comparison.
func AssertFeaturesEqual ¶
AssertFeaturesEqual asserts content in actual equals content in expected regardless of ordering.
func AssertIntStringMapEqual ¶
AssertIntStringMapEqual asserts two maps with integer as key and string as value are equal.
func AssertLayerEqual ¶
AssertLayerEqual asserts actual layer equals to expected layer content wise.
func AssertLayerFeaturesEqual ¶
func AssertLayerFeaturesEqual(t *testing.T, expected, actual []LayerFeature) bool
AssertLayerFeaturesEqual asserts content in actual equals to content in expected regardless of ordering.
func AssertLayerNamespacesEqual ¶
func AssertLayerNamespacesEqual(t *testing.T, expected, actual []LayerNamespace) bool
AssertLayerNamespacesEqual asserts content in actual equals to content in expected regardless of ordering.
func AssertMetadataMapEqual ¶
func AssertMetadataMapEqual(t *testing.T, expected, actual MetadataMap) bool
AssertMetadataMapEqual asserts two metadata maps are equal.
func AssertNamespacesEqual ¶
AssertNamespacesEqual asserts content in actual equals to content in expected regardless of ordering.
func AssertVulnerabilityEqual ¶
func AssertVulnerabilityEqual(t *testing.T, expected, actual *Vulnerability) bool
AssertVulnerabilityEqual asserts two vulnerabilities are equal.
func CacheRelatedVulnerabilityAndCommit ¶
func CacheRelatedVulnerabilityAndCommit(datastore Datastore, features []NamespacedFeature) error
CacheRelatedVulnerabilityAndCommit wraps session CacheAffectedNamespacedFeatures function with begin and commit.
func ExtendLock ¶
func ExtendLock(ds Datastore, name, whoami string, desiredLockDuration time.Duration) (bool, time.Time)
ExtendLock extends the duration of an existing global lock for the given duration.
func FindKeyValueAndRollback ¶
FindKeyValueAndRollback wraps session FindKeyValue function with begin and roll back.
func InsertVulnerabilityNotificationsAndCommit ¶
func InsertVulnerabilityNotificationsAndCommit(store Datastore, notifications []VulnerabilityNotification) error
InsertVulnerabilityNotificationsAndCommit inserts the notifications into db and commit.
func MarkNotificationAsReadAndCommit ¶
MarkNotificationAsReadAndCommit marks a notification as read.
func PersistDetectorsAndCommit ¶
PersistDetectorsAndCommit stores the detectors in the data store.
func PersistFeaturesAndCommit ¶
PersistFeaturesAndCommit wraps session PersistFeaturesAndCommit function with begin and commit.
func PersistNamespacedFeaturesAndCommit ¶
func PersistNamespacedFeaturesAndCommit(datastore Datastore, features []NamespacedFeature) error
PersistNamespacedFeaturesAndCommit wraps session PersistNamespacedFeatures function with begin and commit.
func PersistNamespacesAndCommit ¶
PersistNamespacesAndCommit wraps session PersistNamespaces function with begin and commit.
func PersistPartialLayerAndCommit ¶
PersistPartialLayerAndCommit wraps session PersistLayer function with begin and commit.
func Register ¶
Register makes a Constructor available by the provided name.
If this function is called twice with the same name or if the Constructor is nil, it panics.
func ReleaseLock ¶
ReleaseLock releases a named global lock.
func SerializeDetectors ¶
SerializeDetectors returns the string representation of given detectors.
func UpdateKeyValueAndCommit ¶
UpdateKeyValueAndCommit stores the key value to storage.
func UpdateVulnerabilitiesAndCommit ¶
func UpdateVulnerabilitiesAndCommit(store Datastore, toRemove []VulnerabilityID, toAdd []VulnerabilityWithAffected) error
func UpsertAncestryAndCommit ¶
UpsertAncestryAndCommit wraps session UpsertAncestry function with begin and commit.
Types ¶
type AffectedFeature ¶
type AffectedFeature struct { // FeatureType determines which type of package it affects. FeatureType FeatureType Namespace Namespace FeatureName string // FixedInVersion is known next feature version that's not affected by the // vulnerability. Empty FixedInVersion means the unaffected version is // unknown. FixedInVersion string // AffectedVersion contains the version range to determine whether or not a // feature is affected. AffectedVersion string }
AffectedFeature is used to determine whether a namespaced feature is affected by a Vulnerability. Namespace and Feature Name is unique. Affected Feature is bound to vulnerability.
type AffectedNamespacedFeature ¶
type AffectedNamespacedFeature struct { NamespacedFeature AffectedBy []VulnerabilityWithFixedIn }
AffectedNamespacedFeature is a namespaced feature affected by the vulnerabilities with fixed-in versions for this feature.
type Ancestry ¶
type Ancestry struct { // Name is a globally unique value for a set of layers. This is often the // sha256 digest of an OCI/Docker manifest. Name string `json:"name"` // By contains the processors that are used when computing the // content of this ancestry. By []Detector `json:"by"` // Layers should be ordered and i_th layer is the parent of i+1_th layer in // the slice. Layers []AncestryLayer `json:"layers"` }
Ancestry is a manifest that keeps all layers in an image in order.
func FindAncestryAndRollback ¶
FindAncestryAndRollback wraps session FindAncestry function with begin and rollback.
type AncestryFeature ¶
type AncestryFeature struct { NamespacedFeature `json:"namespacedFeature"` // FeatureBy is the detector that detected the feature. FeatureBy Detector `json:"featureBy"` // NamespaceBy is the detector that detected the namespace. NamespaceBy Detector `json:"namespaceBy"` }
AncestryFeature is a namespaced feature with the detectors used to find this feature.
type AncestryLayer ¶
type AncestryLayer struct { // Hash is the sha-256 tarsum on the layer's blob content. Hash string `json:"hash"` // Features are the features introduced by this layer when it was // processed. Features []AncestryFeature `json:"features"` }
AncestryLayer is a layer with all detected namespaced features.
func (*AncestryLayer) GetFeatures ¶
func (l *AncestryLayer) GetFeatures() []NamespacedFeature
GetFeatures returns the Ancestry's features.
func (*AncestryLayer) Valid ¶
func (l *AncestryLayer) Valid() bool
Valid checks if the Ancestry Layer is compliant to the spec.
type Datastore ¶
type Datastore interface { // Begin starts a session to change. Begin() (Session, error) // Ping returns the health status of the database. Ping() bool // Close closes the database and frees any allocated resource. Close() }
Datastore represents a persistent data store
func Open ¶
func Open(cfg RegistrableComponentConfig) (Datastore, error)
Open opens a Datastore specified by a configuration.
type Detector ¶
type Detector struct { // Name of an extension should be non-empty and uniquely identifies the // extension. Name string `json:"name"` // Version of an extension should be non-empty. Version string `json:"version"` // DType is the type of the extension and should be one of the types in // DetectorTypes. DType DetectorType `json:"dtype"` }
Detector is an versioned Clair extension.
func DiffDetectors ¶
DiffDetectors returns the detectors belongs to d1 but not d2
func IntersectDetectors ¶
IntersectDetectors returns the detectors in both d1 and d2.
func NewFeatureDetector ¶
NewFeatureDetector returns a new feature detector.
func NewNamespaceDetector ¶
NewNamespaceDetector returns a new namespace detector.
type DetectorType ¶
type DetectorType string
DetectorType is the type of a detector.
const ( // NamespaceDetectorType is a type of detector that extracts the namespaces. NamespaceDetectorType DetectorType = "namespace" // FeatureDetectorType is a type of detector that extracts the features. FeatureDetectorType DetectorType = "feature" )
func NewDetectorType ¶
func NewDetectorType(s string) (DetectorType, error)
NewDetectorType attempts to parse a string into a standard DetectorType value.
func (*DetectorType) Scan ¶
func (s *DetectorType) Scan(value interface{}) error
Scan implements the database/sql.Scanner interface.
func (DetectorType) Valid ¶
func (s DetectorType) Valid() bool
Valid checks if a detector type is defined.
type Driver ¶
type Driver func(RegistrableComponentConfig) (Datastore, error)
Driver is a function that opens a Datastore specified by its database driver type and specific configuration.
type Feature ¶
type Feature struct { Name string `json:"name"` Version string `json:"version"` VersionFormat string `json:"versionFormat"` Type FeatureType `json:"type"` }
Feature represents a package detected in a layer but the namespace is not determined.
e.g. Name: Libssl1.0, Version: 1.0, VersionFormat: dpkg, Type: binary dpkg is the version format of the installer package manager, which in this case could be dpkg or apk.
func ConvertFeatureSetToFeatures ¶
func ConvertFeatureSetToFeatures(features mapset.Set) []Feature
ConvertFeatureSetToFeatures converts a feature set to an array of features
func DeduplicateFeatures ¶
DeduplicateFeatures deduplicates a list of list of features.
func NewBinaryPackage ¶
func NewFeature ¶
func NewFeature(name string, version string, versionFormat string, featureType FeatureType) *Feature
type FeatureType ¶
type FeatureType string
FeatureType indicates the type of feature that a vulnerability affects.
const ( SourcePackage FeatureType = "source" BinaryPackage FeatureType = "binary" )
func (*FeatureType) Scan ¶
func (t *FeatureType) Scan(value interface{}) error
Scan implements the database/sql.Scanner interface.
type Layer ¶
type Layer struct { // Hash is the sha-256 tarsum on the layer's blob content. Hash string `json:"hash"` // By contains a list of detectors scanned this Layer. By []Detector `json:"by"` Namespaces []LayerNamespace `json:"namespaces"` Features []LayerFeature `json:"features"` }
Layer is a layer with all the detected features and namespaces.
func FindLayerAndRollback ¶
FindLayerAndRollback wraps session FindLayer function with begin and rollback.
func MergeLayers ¶
MergeLayers merges all content in new layer to l, where the content is updated.
func (*Layer) GetFeatures ¶
func (*Layer) GetNamespaces ¶
type LayerFeature ¶
type LayerFeature struct { Feature `json:"feature"` // By is the detector found the feature. By Detector `json:"by"` PotentialNamespace Namespace `json:"potentialNamespace"` }
LayerFeature is a feature with detection information.
func ConvertFeatureSetToLayerFeatures ¶
func ConvertFeatureSetToLayerFeatures(features mapset.Set) []LayerFeature
type LayerNamespace ¶
type LayerNamespace struct { Namespace `json:"namespace"` // By is the detector found the namespace. By Detector `json:"by"` }
LayerNamespace is a namespace with detection information.
type MetadataMap ¶
type MetadataMap map[string]interface{}
MetadataMap is for storing the metadata returned by vulnerability database.
func (*MetadataMap) Scan ¶
func (mm *MetadataMap) Scan(value interface{}) error
type MockDatastore ¶
MockDatastore implements Datastore and enables overriding each available method. The default behavior of each method is to simply panic.
func (*MockDatastore) Begin ¶
func (mds *MockDatastore) Begin() (Session, error)
func (*MockDatastore) Close ¶
func (mds *MockDatastore) Close()
func (*MockDatastore) Ping ¶
func (mds *MockDatastore) Ping() bool
type MockSession ¶
type MockSession struct { FctCommit func() error FctRollback func() error FctUpsertAncestry func(Ancestry) error FctFindAncestry func(name string) (Ancestry, bool, error) FctFindAffectedNamespacedFeatures func(features []NamespacedFeature) ([]NullableAffectedNamespacedFeature, error) FctPersistNamespaces func([]Namespace) error FctPersistFeatures func([]Feature) error FctPersistDetectors func(detectors []Detector) error FctPersistNamespacedFeatures func([]NamespacedFeature) error FctCacheAffectedNamespacedFeatures func([]NamespacedFeature) error FctPersistLayer func(hash string, features []LayerFeature, namespaces []LayerNamespace, by []Detector) error FctFindLayer func(name string) (Layer, bool, error) FctInsertVulnerabilities func([]VulnerabilityWithAffected) error FctFindVulnerabilities func([]VulnerabilityID) ([]NullableVulnerability, error) FctDeleteVulnerabilities func([]VulnerabilityID) error FctInsertVulnerabilityNotifications func([]VulnerabilityNotification) error FctFindNewNotification func(lastNotified time.Time) (NotificationHook, bool, error) FctFindVulnerabilityNotification func(name string, limit int, oldPage pagination.Token, newPage pagination.Token) ( vuln VulnerabilityNotificationWithVulnerable, ok bool, err error) FctMarkNotificationAsRead func(name string) error FctDeleteNotification func(name string) error FctUpdateKeyValue func(key, value string) error FctFindKeyValue func(key string) (string, bool, error) FctAcquireLock func(name, owner string, duration time.Duration) (bool, time.Time, error) FctExtendLock func(name, owner string, duration time.Duration) (bool, time.Time, error) FctReleaseLock func(name, owner string) error }
MockSession implements Session and enables overriding each available method. The default behavior of each method is to simply panic.
func (*MockSession) AcquireLock ¶
func (*MockSession) CacheAffectedNamespacedFeatures ¶
func (ms *MockSession) CacheAffectedNamespacedFeatures(namespacedFeatures []NamespacedFeature) error
func (*MockSession) Commit ¶
func (ms *MockSession) Commit() error
func (*MockSession) DeleteNotification ¶
func (ms *MockSession) DeleteNotification(name string) error
func (*MockSession) DeleteVulnerabilities ¶
func (ms *MockSession) DeleteVulnerabilities(VulnerabilityIDs []VulnerabilityID) error
func (*MockSession) ExtendLock ¶
func (*MockSession) FindAffectedNamespacedFeatures ¶
func (ms *MockSession) FindAffectedNamespacedFeatures(features []NamespacedFeature) ([]NullableAffectedNamespacedFeature, error)
func (*MockSession) FindAncestry ¶
func (ms *MockSession) FindAncestry(name string) (Ancestry, bool, error)
func (*MockSession) FindKeyValue ¶
func (ms *MockSession) FindKeyValue(key string) (string, bool, error)
func (*MockSession) FindNewNotification ¶
func (ms *MockSession) FindNewNotification(lastNotified time.Time) (NotificationHook, bool, error)
func (*MockSession) FindVulnerabilities ¶
func (ms *MockSession) FindVulnerabilities(vulnerabilityIDs []VulnerabilityID) ([]NullableVulnerability, error)
func (*MockSession) FindVulnerabilityNotification ¶
func (ms *MockSession) FindVulnerabilityNotification(name string, limit int, oldPage pagination.Token, newPage pagination.Token) ( VulnerabilityNotificationWithVulnerable, bool, error)
func (*MockSession) InsertVulnerabilities ¶
func (ms *MockSession) InsertVulnerabilities(vulnerabilities []VulnerabilityWithAffected) error
func (*MockSession) InsertVulnerabilityNotifications ¶
func (ms *MockSession) InsertVulnerabilityNotifications(vulnerabilityNotifications []VulnerabilityNotification) error
func (*MockSession) MarkNotificationAsRead ¶
func (ms *MockSession) MarkNotificationAsRead(name string) error
func (*MockSession) PersistDetectors ¶
func (ms *MockSession) PersistDetectors(detectors []Detector) error
func (*MockSession) PersistFeatures ¶
func (ms *MockSession) PersistFeatures(features []Feature) error
func (*MockSession) PersistLayer ¶
func (ms *MockSession) PersistLayer(hash string, features []LayerFeature, namespaces []LayerNamespace, detectors []Detector) error
func (*MockSession) PersistNamespacedFeatures ¶
func (ms *MockSession) PersistNamespacedFeatures(namespacedFeatures []NamespacedFeature) error
func (*MockSession) PersistNamespaces ¶
func (ms *MockSession) PersistNamespaces(namespaces []Namespace) error
func (*MockSession) ReleaseLock ¶
func (ms *MockSession) ReleaseLock(name, owner string) error
func (*MockSession) Rollback ¶
func (ms *MockSession) Rollback() error
func (*MockSession) UpdateKeyValue ¶
func (ms *MockSession) UpdateKeyValue(key, value string) error
func (*MockSession) UpsertAncestry ¶
func (ms *MockSession) UpsertAncestry(ancestry Ancestry) error
type Namespace ¶
Namespace is the contextual information around features.
e.g. Debian:7, NodeJS.
func DeduplicateNamespaces ¶
DeduplicateNamespaces deduplicates a list of namespaces.
func NewNamespace ¶
type NamespacedFeature ¶
NamespacedFeature is a feature with determined namespace and can be affected by vulnerabilities.
e.g. OpenSSL 1.0 dpkg Debian:7.
func DeduplicateNamespacedFeatures ¶
func DeduplicateNamespacedFeatures(features []NamespacedFeature) []NamespacedFeature
DeduplicateNamespacedFeatures returns a copy of all unique features in the input.
func GetAncestryFeatures ¶
func GetAncestryFeatures(ancestry Ancestry) []NamespacedFeature
GetAncestryFeatures returns a list of unique namespaced features in the ancestry.
func NewNamespacedFeature ¶
func NewNamespacedFeature(namespace *Namespace, feature *Feature) *NamespacedFeature
type NotificationHook ¶
NotificationHook is a message sent to another service to inform of a change to a Vulnerability or the Ancestries affected by a Vulnerability. It contains the name of a notification that should be read and marked as read via the API.
func FindNewNotification ¶
FindNewNotification finds notifications either never notified or notified before the given time.
type NullableAffectedNamespacedFeature ¶
type NullableAffectedNamespacedFeature struct { AffectedNamespacedFeature Valid bool }
NullableAffectedNamespacedFeature is an affectednamespacedfeature with whether it's found in datastore.
func FindAffectedNamespacedFeaturesAndRollback ¶
func FindAffectedNamespacedFeaturesAndRollback(store Datastore, features []NamespacedFeature) ([]NullableAffectedNamespacedFeature, error)
FindAffectedNamespacedFeaturesAndRollback finds the vulnerabilities on each feature.
type NullableVulnerability ¶
type NullableVulnerability struct { VulnerabilityWithAffected Valid bool }
NullableVulnerability is a vulnerability with whether the vulnerability is found in datastore.
func FindVulnerabilitiesAndRollback ¶
func FindVulnerabilitiesAndRollback(store Datastore, ids []VulnerabilityID) ([]NullableVulnerability, error)
FindVulnerabilitiesAndRollback finds the vulnerabilities based on given ids.
type PagedVulnerableAncestries ¶
type PagedVulnerableAncestries struct { Vulnerability // Affected is a map of special indexes to Ancestries, which the pair // should be unique in a stream. Every indexes in the map should be larger // than previous page. Affected map[int]string Limit int Current pagination.Token Next pagination.Token // End signals the end of the pages. End bool }
PagedVulnerableAncestries is a vulnerability with a page of affected ancestries each with a special index attached for streaming purpose. The current page number and next page number are for navigate.
type RegistrableComponentConfig ¶
RegistrableComponentConfig is a configuration block that can be used to determine which registrable component should be initialized and pass custom configuration to it.
type Session ¶
type Session interface { // Commit commits changes to datastore. // // Commit call after Rollback does no-op. Commit() error // Rollback drops changes to datastore. // // Rollback call after Commit does no-op. Rollback() error // UpsertAncestry inserts or replaces an ancestry and its namespaced // features and processors used to scan the ancestry. UpsertAncestry(Ancestry) error // FindAncestry retrieves an ancestry with all detected // namespaced features. If the ancestry is not found, return false. FindAncestry(name string) (ancestry Ancestry, found bool, err error) // PersistDetector inserts a slice of detectors if not in the database. PersistDetectors(detectors []Detector) error // PersistFeatures inserts a set of features if not in the database. PersistFeatures(features []Feature) error // PersistNamespacedFeatures inserts a set of namespaced features if not in // the database. PersistNamespacedFeatures([]NamespacedFeature) error // CacheAffectedNamespacedFeatures relates the namespaced features with the // vulnerabilities affecting these features. // // NOTE(Sida): it's not necessary for every database implementation and so // this function may have a better home. CacheAffectedNamespacedFeatures([]NamespacedFeature) error // FindAffectedNamespacedFeatures retrieves a set of namespaced features // with affecting vulnerabilities. FindAffectedNamespacedFeatures(features []NamespacedFeature) ([]NullableAffectedNamespacedFeature, error) // PersistNamespaces inserts a set of namespaces if not in the database. PersistNamespaces([]Namespace) error // PersistLayer appends a layer's content in the database. // // If any feature, namespace, or detector is not in the database, it returns not found error. PersistLayer(hash string, features []LayerFeature, namespaces []LayerNamespace, detectedBy []Detector) error // FindLayer returns a layer with all detected features and // namespaces. FindLayer(hash string) (layer Layer, found bool, err error) // InsertVulnerabilities inserts a set of UNIQUE vulnerabilities with // affected features into database, assuming that all vulnerabilities // provided are NOT in database and all vulnerabilities' namespaces are // already in the database. InsertVulnerabilities([]VulnerabilityWithAffected) error // FindVulnerability retrieves a set of Vulnerabilities with affected // features. FindVulnerabilities([]VulnerabilityID) ([]NullableVulnerability, error) // DeleteVulnerability removes a set of Vulnerabilities assuming that the // requested vulnerabilities are in the database. DeleteVulnerabilities([]VulnerabilityID) error // InsertVulnerabilityNotifications inserts a set of unique vulnerability // notifications into datastore, assuming that they are not in the database. InsertVulnerabilityNotifications([]VulnerabilityNotification) error // FindNewNotification retrieves a notification, which has never been // notified or notified before a certain time. FindNewNotification(notifiedBefore time.Time) (hook NotificationHook, found bool, err error) // FindVulnerabilityNotification retrieves a vulnerability notification with // affected ancestries affected by old or new vulnerability. // // Because the number of affected ancestries maybe large, they are paginated // and their pages are specified by the pagination token, which should be // considered first page when it's empty. FindVulnerabilityNotification(name string, limit int, oldVulnerabilityPage pagination.Token, newVulnerabilityPage pagination.Token) (noti VulnerabilityNotificationWithVulnerable, found bool, err error) // MarkNotificationAsRead marks a Notification as notified now, assuming // the requested notification is in the database. MarkNotificationAsRead(name string) error // DeleteNotification removes a Notification in the database. DeleteNotification(name string) error // UpdateKeyValue stores or updates a simple key/value pair. UpdateKeyValue(key, value string) error // FindKeyValue retrieves a value from the given key. FindKeyValue(key string) (value string, found bool, err error) // AcquireLock acquires a brand new lock in the database with a given name // for the given duration. // // A lock can only have one owner. // This method should NOT block until a lock is acquired. AcquireLock(name, owner string, duration time.Duration) (acquired bool, expiration time.Time, err error) // ExtendLock extends an existing lock such that the lock will expire at the // current time plus the provided duration. // // This method should return immediately with an error if the lock does not // exist. ExtendLock(name, owner string, duration time.Duration) (extended bool, expiration time.Time, err error) // ReleaseLock releases an existing lock. ReleaseLock(name, owner string) error }
Session contains the required operations on a persistent data store for a Clair deployment.
Session is started by Datastore.Begin and terminated with Commit or Rollback. Besides Commit and Rollback, other functions cannot be called after the session is terminated. Any function is not guaranteed to be called successfully if there's a session failure.
type Severity ¶
type Severity string
Severity defines a standard scale for measuring the severity of a vulnerability.
const ( // UnknownSeverity is either a security problem that has not been assigned to // a priority yet or a priority that our system did not recognize. UnknownSeverity Severity = "Unknown" // NegligibleSeverity is technically a security problem, but is only // theoretical in nature, requires a very special situation, has almost no // install base, or does no real damage. These tend not to get backport from // upstream, and will likely not be included in security updates unless // there is an easy fix and some other issue causes an update. NegligibleSeverity Severity = "Negligible" // LowSeverity is a security problem, but is hard to exploit due to // environment, requires a user-assisted attack, a small install base, or // does very little damage. These tend to be included in security updates // only when higher priority issues require an update, or if many low // priority issues have built up. LowSeverity Severity = "Low" // MediumSeverity is a real security problem, and is exploitable for many // people. Includes network daemon denial of service attacks, cross-site // scripting, and gaining user privileges. Updates should be made soon for // this priority of issue. MediumSeverity Severity = "Medium" // HighSeverity is a real problem, exploitable for many people in a default // installation. Includes serious remote denial of services, local root // privilege escalations, or data loss. HighSeverity Severity = "High" // CriticalSeverity is a world-burning problem, exploitable for nearly all // people in a default installation of Linux. Includes remote root privilege // escalations, or massive data loss. CriticalSeverity Severity = "Critical" // Defcon1Severity is a Critical problem which has been manually highlighted // by the team. It requires an immediate attention. Defcon1Severity Severity = "Defcon1" )
func NewSeverity ¶
NewSeverity attempts to parse a string into a standard Severity value.
func (Severity) Compare ¶
Compare determines the equality of two severities.
If the severities are equal, returns 0. If the receiver is less, returns -1. If the receiver is greater, returns 1.
type StorageError ¶
type StorageError struct {
// contains filtered or unexported fields
}
StorageError is database error
func NewStorageError ¶
func NewStorageError(reason string) *StorageError
NewStorageError creates a new database error
func NewStorageErrorWithInternalError ¶
func NewStorageErrorWithInternalError(reason string, originalError error) *StorageError
NewStorageErrorWithInternalError creates a new database error
func (*StorageError) Error ¶
func (e *StorageError) Error() string
type Vulnerability ¶
type Vulnerability struct { Name string Namespace Namespace Description string Link string Severity Severity Metadata MetadataMap }
Vulnerability represents CVE or similar vulnerability reports.
type VulnerabilityID ¶
VulnerabilityID is an identifier for every vulnerability. Every vulnerability has unique namespace and name.
type VulnerabilityNotification ¶
type VulnerabilityNotification struct { NotificationHook Old *Vulnerability New *Vulnerability }
VulnerabilityNotification is a notification for vulnerability changes.
type VulnerabilityNotificationWithVulnerable ¶
type VulnerabilityNotificationWithVulnerable struct { NotificationHook Old *PagedVulnerableAncestries New *PagedVulnerableAncestries }
VulnerabilityNotificationWithVulnerable is a notification for vulnerability changes with vulnerable ancestries.
func FindVulnerabilityNotificationAndRollback ¶
func FindVulnerabilityNotificationAndRollback(store Datastore, name string, limit int, oldVulnerabilityPage pagination.Token, newVulnerabilityPage pagination.Token) (VulnerabilityNotificationWithVulnerable, bool, error)
FindVulnerabilityNotificationAndRollback finds the vulnerability notification and rollback.
type VulnerabilityWithAffected ¶
type VulnerabilityWithAffected struct { Vulnerability Affected []AffectedFeature }
VulnerabilityWithAffected is a vulnerability with all known affected features.
type VulnerabilityWithFixedIn ¶
type VulnerabilityWithFixedIn struct { Vulnerability FixedInVersion string }
VulnerabilityWithFixedIn is used for AffectedNamespacedFeature to retrieve the affecting vulnerabilities and the fixed-in versions for the feature.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package pgsql implements database.Datastore with PostgreSQL.
|
Package pgsql implements database.Datastore with PostgreSQL. |
migrations
Package migrations regroups every migrations available to the pgsql database backend.
|
Package migrations regroups every migrations available to the pgsql database backend. |