database

package
v3.0.0-pre1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 12, 2019 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package database defines the Clair's models and a common interface for database implementations.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrBackendException is an error that occurs when the database backend
	// does not work properly (ie. unreachable).
	ErrBackendException = NewStorageError("an error occurred when querying the backend")

	// ErrInconsistent is an error that occurs when a database consistency check
	// fails (i.e. when an entity which is supposed to be unique is detected
	// twice)
	ErrInconsistent = NewStorageError("inconsistent database")

	// ErrInvalidParameters is an error that occurs when the parameters are not valid.
	ErrInvalidParameters = NewStorageError("parameters are not valid")

	// ErrMissingEntities is an error that occurs when an associated immutable
	// entity doesn't exist in the database. This error can indicate a wrong
	// implementation or corrupted database.
	ErrMissingEntities = NewStorageError("associated immutable entities are missing in the database")
)
View Source 
var (
	DetectorTypes = []DetectorType{
		NamespaceDetectorType,
		FeatureDetectorType,
	}
	// ErrFailedToParseDetectorType is the error returned when a detector type could
	// not be parsed from a string.
	ErrFailedToParseDetectorType = errors.New("failed to parse DetectorType from input")
	// ErrInvalidDetector is the error returned when a detector from database has
	// invalid name or version or type.
	ErrInvalidDetector = errors.New("the detector has invalid metadata")
)

DetectorTypes contains all detector types.

View Source 
var DebianReleasesMapping = map[string]string{

	"squeeze":  "6",
	"wheezy":   "7",
	"jessie":   "8",
	"stretch":  "9",
	"buster":   "10",
	"bullseye": "11",
	"sid":      "unstable",

	"oldoldstable": "8",
	"oldstable":    "9",
	"stable":       "10",
	"testing":      "11",
	"unstable":     "unstable",
}

DebianReleasesMapping translates Debian code names and class names to version numbers

View Source 
var ErrFailedToParseSeverity = errors.New("failed to parse Severity from input")

ErrFailedToParseSeverity is the error returned when a severity could not be parsed from a string.

View Source 
var Severities = []Severity{
	UnknownSeverity,
	NegligibleSeverity,
	LowSeverity,
	MediumSeverity,
	HighSeverity,
	CriticalSeverity,
	Defcon1Severity,
}

Severities lists all known severities, ordered from lowest to highest.

View Source 
var UbuntuReleasesMapping = map[string]string{
	"precise": "12.04",
	"quantal": "12.10",
	"raring":  "13.04",
	"trusty":  "14.04",
	"utopic":  "14.10",
	"vivid":   "15.04",
	"wily":    "15.10",
	"xenial":  "16.04",
	"yakkety": "16.10",
	"zesty":   "17.04",
	"artful":  "17.10",
	"bionic":  "18.04",
	"cosmic":  "18.10",
	"disco":   "19.04",
	"eoan":    "19.10",
}

UbuntuReleasesMapping translates Ubuntu code names to version numbers

Functions

func AcquireLock 

func AcquireLock(datastore Datastore, name, owner string, duration time.Duration) (acquired bool, expiration time.Time)

AcquireLock acquires a named global lock for a duration.

func AssertAncestryEqual 

func AssertAncestryEqual(t *testing.T, expected, actual *Ancestry) bool

AssertAncestryEqual asserts actual ancestry equals to expected ancestry content wise.

func AssertAncestryLayerEqual 

func AssertAncestryLayerEqual(t *testing.T, expected, actual *AncestryLayer) bool

AssertAncestryLayerEqual asserts actual ancestry layer equals to expected ancestry layer content wise.

func AssertDetectorsEqual 

func AssertDetectorsEqual(t *testing.T, expected, actual []Detector) bool

AssertDetectorsEqual asserts actual detectors are content wise equal to expected detectors regardless of the ordering.

func AssertElementsEqual 

func AssertElementsEqual(t *testing.T, expected, actual []interface{}) bool

AssertElementsEqual asserts that content in actual equals to content in expected array regardless of ordering.

Note: This function uses interface wise comparison.

func AssertFeaturesEqual 

func AssertFeaturesEqual(t *testing.T, expected, actual []Feature) bool

AssertFeaturesEqual asserts content in actual equals content in expected regardless of ordering.

func AssertIntStringMapEqual 

func AssertIntStringMapEqual(t *testing.T, expected, actual map[int]string) bool

AssertIntStringMapEqual asserts two maps with integer as key and string as value are equal.

func AssertLayerEqual 

func AssertLayerEqual(t *testing.T, expected, actual *Layer) bool

AssertLayerEqual asserts actual layer equals to expected layer content wise.

func AssertLayerFeaturesEqual 

func AssertLayerFeaturesEqual(t *testing.T, expected, actual []LayerFeature) bool

AssertLayerFeaturesEqual asserts content in actual equals to content in expected regardless of ordering.

func AssertLayerNamespacesEqual 

func AssertLayerNamespacesEqual(t *testing.T, expected, actual []LayerNamespace) bool

AssertLayerNamespacesEqual asserts content in actual equals to content in expected regardless of ordering.

func AssertMetadataMapEqual 

func AssertMetadataMapEqual(t *testing.T, expected, actual MetadataMap) bool

AssertMetadataMapEqual asserts two metadata maps are equal.

func AssertNamespacesEqual 

func AssertNamespacesEqual(t *testing.T, expected, actual []Namespace) bool

AssertNamespacesEqual asserts content in actual equals to content in expected regardless of ordering.

func AssertVulnerabilityEqual 

func AssertVulnerabilityEqual(t *testing.T, expected, actual *Vulnerability) bool

AssertVulnerabilityEqual asserts two vulnerabilities are equal.

func CacheRelatedVulnerabilityAndCommit 

func CacheRelatedVulnerabilityAndCommit(datastore Datastore, features []NamespacedFeature) error

CacheRelatedVulnerabilityAndCommit wraps session CacheAffectedNamespacedFeatures function with begin and commit.

func ExtendLock 

func ExtendLock(ds Datastore, name, whoami string, desiredLockDuration time.Duration) (bool, time.Time)

ExtendLock extends the duration of an existing global lock for the given duration.

func FindKeyValueAndRollback 

func FindKeyValueAndRollback(datastore Datastore, key string) (value string, ok bool, err error)

FindKeyValueAndRollback wraps session FindKeyValue function with begin and roll back.

func InsertVulnerabilityNotificationsAndCommit 

func InsertVulnerabilityNotificationsAndCommit(store Datastore, notifications []VulnerabilityNotification) error

InsertVulnerabilityNotificationsAndCommit inserts the notifications into db and commit.

func MarkNotificationAsReadAndCommit 

func MarkNotificationAsReadAndCommit(store Datastore, name string) (bool, error)

MarkNotificationAsReadAndCommit marks a notification as read.

func PersistDetectorsAndCommit 

func PersistDetectorsAndCommit(store Datastore, detectors []Detector) error

PersistDetectorsAndCommit stores the detectors in the data store.

func PersistFeaturesAndCommit 

func PersistFeaturesAndCommit(datastore Datastore, features []Feature) error

PersistFeaturesAndCommit wraps session PersistFeaturesAndCommit function with begin and commit.

func PersistNamespacedFeaturesAndCommit 

func PersistNamespacedFeaturesAndCommit(datastore Datastore, features []NamespacedFeature) error

PersistNamespacedFeaturesAndCommit wraps session PersistNamespacedFeatures function with begin and commit.

func PersistNamespacesAndCommit 

func PersistNamespacesAndCommit(datastore Datastore, namespaces []Namespace) error

PersistNamespacesAndCommit wraps session PersistNamespaces function with begin and commit.

func PersistPartialLayerAndCommit 

func PersistPartialLayerAndCommit(datastore Datastore, layer *Layer) error

PersistPartialLayerAndCommit wraps session PersistLayer function with begin and commit.

func Register 

func Register(name string, driver Driver)

Register makes a Constructor available by the provided name.

If this function is called twice with the same name or if the Constructor is nil, it panics.

func ReleaseLock 

func ReleaseLock(datastore Datastore, name, owner string)

ReleaseLock releases a named global lock.

func SerializeDetectors 

func SerializeDetectors(detectors []Detector) []string

SerializeDetectors returns the string representation of given detectors.

func UpdateKeyValueAndCommit 

func UpdateKeyValueAndCommit(store Datastore, key, value string) error

UpdateKeyValueAndCommit stores the key value to storage.

func UpdateVulnerabilitiesAndCommit 

func UpdateVulnerabilitiesAndCommit(store Datastore, toRemove []VulnerabilityID, toAdd []VulnerabilityWithAffected) error

func UpsertAncestryAndCommit 

func UpsertAncestryAndCommit(datastore Datastore, ancestry *Ancestry) error

UpsertAncestryAndCommit wraps session UpsertAncestry function with begin and commit.

Types

type AffectedFeature 

type AffectedFeature struct {
	// FeatureType determines which type of package it affects.
	FeatureType FeatureType
	Namespace   Namespace
	FeatureName string
	// FixedInVersion is known next feature version that's not affected by the
	// vulnerability. Empty FixedInVersion means the unaffected version is
	// unknown.
	FixedInVersion string
	// AffectedVersion contains the version range to determine whether or not a
	// feature is affected.
	AffectedVersion string
}

AffectedFeature is used to determine whether a namespaced feature is affected by a Vulnerability. Namespace and Feature Name is unique. Affected Feature is bound to vulnerability.

type AffectedNamespacedFeature 

type AffectedNamespacedFeature struct {
	NamespacedFeature

	AffectedBy []VulnerabilityWithFixedIn
}

AffectedNamespacedFeature is a namespaced feature affected by the vulnerabilities with fixed-in versions for this feature.

type Ancestry 

type Ancestry struct {
	// Name is a globally unique value for a set of layers. This is often the
	// sha256 digest of an OCI/Docker manifest.
	Name string `json:"name"`
	// By contains the processors that are used when computing the
	// content of this ancestry.
	By []Detector `json:"by"`
	// Layers should be ordered and i_th layer is the parent of i+1_th layer in
	// the slice.
	Layers []AncestryLayer `json:"layers"`
}

Ancestry is a manifest that keeps all layers in an image in order.

func FindAncestryAndRollback 

func FindAncestryAndRollback(datastore Datastore, name string) (Ancestry, bool, error)

FindAncestryAndRollback wraps session FindAncestry function with begin and rollback.

func (*Ancestry) Valid 

func (a *Ancestry) Valid() bool

Valid checks if the ancestry is compliant to spec.

type AncestryFeature 

type AncestryFeature struct {
	NamespacedFeature `json:"namespacedFeature"`

	// FeatureBy is the detector that detected the feature.
	FeatureBy Detector `json:"featureBy"`
	// NamespaceBy is the detector that detected the namespace.
	NamespaceBy Detector `json:"namespaceBy"`
}

AncestryFeature is a namespaced feature with the detectors used to find this feature.

type AncestryLayer 

type AncestryLayer struct {
	// Hash is the sha-256 tarsum on the layer's blob content.
	Hash string `json:"hash"`
	// Features are the features introduced by this layer when it was
	// processed.
	Features []AncestryFeature `json:"features"`
}

AncestryLayer is a layer with all detected namespaced features.

func (*AncestryLayer) GetFeatures 

func (l *AncestryLayer) GetFeatures() []NamespacedFeature

GetFeatures returns the Ancestry's features.

func (*AncestryLayer) Valid 

func (l *AncestryLayer) Valid() bool

Valid checks if the Ancestry Layer is compliant to the spec.

type Datastore 

type Datastore interface {
	// Begin starts a session to change.
	Begin() (Session, error)

	// Ping returns the health status of the database.
	Ping() bool

	// Close closes the database and frees any allocated resource.
	Close()
}

Datastore represents a persistent data store

func Open 

func Open(cfg RegistrableComponentConfig) (Datastore, error)

Open opens a Datastore specified by a configuration.

type Detector 

type Detector struct {
	// Name of an extension should be non-empty and uniquely identifies the
	// extension.
	Name string `json:"name"`
	// Version of an extension should be non-empty.
	Version string `json:"version"`
	// DType is the type of the extension and should be one of the types in
	// DetectorTypes.
	DType DetectorType `json:"dtype"`
}

Detector is an versioned Clair extension.

func DiffDetectors 

func DiffDetectors(d1 []Detector, d2 []Detector) []Detector

DiffDetectors returns the detectors belongs to d1 but not d2

func IntersectDetectors 

func IntersectDetectors(d1 []Detector, d2 []Detector) []Detector

IntersectDetectors returns the detectors in both d1 and d2.

func NewFeatureDetector 

func NewFeatureDetector(name, version string) Detector

NewFeatureDetector returns a new feature detector.

func NewNamespaceDetector 

func NewNamespaceDetector(name, version string) Detector

NewNamespaceDetector returns a new namespace detector.

func (Detector) String 

func (d Detector) String() string

String returns a unique string representation of the detector.

func (Detector) Valid 

func (d Detector) Valid() bool

Valid checks if all fields in the detector satisfies the spec.

type DetectorType 

type DetectorType string

DetectorType is the type of a detector. 

const (
	// NamespaceDetectorType is a type of detector that extracts the namespaces.
	NamespaceDetectorType DetectorType = "namespace"
	// FeatureDetectorType is a type of detector that extracts the features.
	FeatureDetectorType DetectorType = "feature"
)

func NewDetectorType 

func NewDetectorType(s string) (DetectorType, error)

NewDetectorType attempts to parse a string into a standard DetectorType value.

func (*DetectorType) Scan 

func (s *DetectorType) Scan(value interface{}) error

Scan implements the database/sql.Scanner interface.

func (DetectorType) Valid 

func (s DetectorType) Valid() bool

Valid checks if a detector type is defined.

func (DetectorType) Value 

func (s DetectorType) Value() (driver.Value, error)

Value implements the database/sql/driver.Valuer interface.

type Driver 

type Driver func(RegistrableComponentConfig) (Datastore, error)

Driver is a function that opens a Datastore specified by its database driver type and specific configuration.

type Feature 

type Feature struct {
	Name          string      `json:"name"`
	Version       string      `json:"version"`
	VersionFormat string      `json:"versionFormat"`
	Type          FeatureType `json:"type"`
}

Feature represents a package detected in a layer but the namespace is not determined.

e.g. Name: Libssl1.0, Version: 1.0, VersionFormat: dpkg, Type: binary dpkg is the version format of the installer package manager, which in this case could be dpkg or apk.

func ConvertFeatureSetToFeatures 

func ConvertFeatureSetToFeatures(features mapset.Set) []Feature

ConvertFeatureSetToFeatures converts a feature set to an array of features

func DeduplicateFeatures 

func DeduplicateFeatures(features ...Feature) []Feature

DeduplicateFeatures deduplicates a list of list of features.

func NewBinaryPackage 

func NewBinaryPackage(name string, version string, versionFormat string) *Feature

func NewFeature 

func NewFeature(name string, version string, versionFormat string, featureType FeatureType) *Feature

func NewSourcePackage 

func NewSourcePackage(name string, version string, versionFormat string) *Feature

type FeatureType 

type FeatureType string

FeatureType indicates the type of feature that a vulnerability affects. 

const (
	SourcePackage FeatureType = "source"
	BinaryPackage FeatureType = "binary"
)

func (*FeatureType) Scan 

func (t *FeatureType) Scan(value interface{}) error

Scan implements the database/sql.Scanner interface.

func (*FeatureType) Value 

func (t *FeatureType) Value() (driver.Value, error)

Value implements the database/sql/driver.Valuer interface.

type Layer 

type Layer struct {
	// Hash is the sha-256 tarsum on the layer's blob content.
	Hash string `json:"hash"`
	// By contains a list of detectors scanned this Layer.
	By         []Detector       `json:"by"`
	Namespaces []LayerNamespace `json:"namespaces"`
	Features   []LayerFeature   `json:"features"`
}

Layer is a layer with all the detected features and namespaces.

func FindLayerAndRollback 

func FindLayerAndRollback(datastore Datastore, hash string) (layer *Layer, ok bool, err error)

FindLayerAndRollback wraps session FindLayer function with begin and rollback.

func MergeLayers 

func MergeLayers(l *Layer, new *Layer) *Layer

MergeLayers merges all content in new layer to l, where the content is updated.

func (*Layer) GetFeatures 

func (l *Layer) GetFeatures() []Feature

func (*Layer) GetNamespaces 

func (l *Layer) GetNamespaces() []Namespace

type LayerFeature 

type LayerFeature struct {
	Feature `json:"feature"`

	// By is the detector found the feature.
	By                 Detector  `json:"by"`
	PotentialNamespace Namespace `json:"potentialNamespace"`
}

LayerFeature is a feature with detection information.

func ConvertFeatureSetToLayerFeatures 

func ConvertFeatureSetToLayerFeatures(features mapset.Set) []LayerFeature

type LayerNamespace 

type LayerNamespace struct {
	Namespace `json:"namespace"`

	// By is the detector found the namespace.
	By Detector `json:"by"`
}

LayerNamespace is a namespace with detection information.

type MetadataMap 

type MetadataMap map[string]interface{}

MetadataMap is for storing the metadata returned by vulnerability database.

func (*MetadataMap) Scan 

func (mm *MetadataMap) Scan(value interface{}) error

func (*MetadataMap) Value 

func (mm *MetadataMap) Value() (driver.Value, error)

type MockDatastore 

type MockDatastore struct {
	FctBegin func() (Session, error)
	FctPing  func() bool
	FctClose func()
}

MockDatastore implements Datastore and enables overriding each available method. The default behavior of each method is to simply panic.

func (*MockDatastore) Begin 

func (mds *MockDatastore) Begin() (Session, error)

func (*MockDatastore) Close 

func (mds *MockDatastore) Close()

func (*MockDatastore) Ping 

func (mds *MockDatastore) Ping() bool

type MockSession 

type MockSession struct {
	FctCommit                           func() error
	FctRollback                         func() error
	FctUpsertAncestry                   func(Ancestry) error
	FctFindAncestry                     func(name string) (Ancestry, bool, error)
	FctFindAffectedNamespacedFeatures   func(features []NamespacedFeature) ([]NullableAffectedNamespacedFeature, error)
	FctPersistNamespaces                func([]Namespace) error
	FctPersistFeatures                  func([]Feature) error
	FctPersistDetectors                 func(detectors []Detector) error
	FctPersistNamespacedFeatures        func([]NamespacedFeature) error
	FctCacheAffectedNamespacedFeatures  func([]NamespacedFeature) error
	FctPersistLayer                     func(hash string, features []LayerFeature, namespaces []LayerNamespace, by []Detector) error
	FctFindLayer                        func(name string) (Layer, bool, error)
	FctInsertVulnerabilities            func([]VulnerabilityWithAffected) error
	FctFindVulnerabilities              func([]VulnerabilityID) ([]NullableVulnerability, error)
	FctDeleteVulnerabilities            func([]VulnerabilityID) error
	FctInsertVulnerabilityNotifications func([]VulnerabilityNotification) error
	FctFindNewNotification              func(lastNotified time.Time) (NotificationHook, bool, error)
	FctFindVulnerabilityNotification    func(name string, limit int, oldPage pagination.Token, newPage pagination.Token) (
		vuln VulnerabilityNotificationWithVulnerable, ok bool, err error)
	FctMarkNotificationAsRead func(name string) error
	FctDeleteNotification     func(name string) error
	FctUpdateKeyValue         func(key, value string) error
	FctFindKeyValue           func(key string) (string, bool, error)
	FctAcquireLock            func(name, owner string, duration time.Duration) (bool, time.Time, error)
	FctExtendLock             func(name, owner string, duration time.Duration) (bool, time.Time, error)
	FctReleaseLock            func(name, owner string) error
}

MockSession implements Session and enables overriding each available method. The default behavior of each method is to simply panic.

func (*MockSession) AcquireLock 

func (ms *MockSession) AcquireLock(name, owner string, duration time.Duration) (bool, time.Time, error)

func (*MockSession) CacheAffectedNamespacedFeatures 

func (ms *MockSession) CacheAffectedNamespacedFeatures(namespacedFeatures []NamespacedFeature) error

func (*MockSession) Commit 

func (ms *MockSession) Commit() error

func (*MockSession) DeleteNotification 

func (ms *MockSession) DeleteNotification(name string) error

func (*MockSession) DeleteVulnerabilities 

func (ms *MockSession) DeleteVulnerabilities(VulnerabilityIDs []VulnerabilityID) error

func (*MockSession) ExtendLock 

func (ms *MockSession) ExtendLock(name, owner string, duration time.Duration) (bool, time.Time, error)

func (*MockSession) FindAffectedNamespacedFeatures 

func (ms *MockSession) FindAffectedNamespacedFeatures(features []NamespacedFeature) ([]NullableAffectedNamespacedFeature, error)

func (*MockSession) FindAncestry 

func (ms *MockSession) FindAncestry(name string) (Ancestry, bool, error)

func (*MockSession) FindKeyValue 

func (ms *MockSession) FindKeyValue(key string) (string, bool, error)

func (*MockSession) FindLayer 

func (ms *MockSession) FindLayer(name string) (Layer, bool, error)

func (*MockSession) FindNewNotification 

func (ms *MockSession) FindNewNotification(lastNotified time.Time) (NotificationHook, bool, error)

func (*MockSession) FindVulnerabilities 

func (ms *MockSession) FindVulnerabilities(vulnerabilityIDs []VulnerabilityID) ([]NullableVulnerability, error)

func (*MockSession) FindVulnerabilityNotification 

func (ms *MockSession) FindVulnerabilityNotification(name string, limit int, oldPage pagination.Token, newPage pagination.Token) (
	VulnerabilityNotificationWithVulnerable, bool, error)

func (*MockSession) InsertVulnerabilities 

func (ms *MockSession) InsertVulnerabilities(vulnerabilities []VulnerabilityWithAffected) error

func (*MockSession) InsertVulnerabilityNotifications 

func (ms *MockSession) InsertVulnerabilityNotifications(vulnerabilityNotifications []VulnerabilityNotification) error

func (*MockSession) MarkNotificationAsRead 

func (ms *MockSession) MarkNotificationAsRead(name string) error

func (*MockSession) PersistDetectors 

func (ms *MockSession) PersistDetectors(detectors []Detector) error

func (*MockSession) PersistFeatures 

func (ms *MockSession) PersistFeatures(features []Feature) error

func (*MockSession) PersistLayer 

func (ms *MockSession) PersistLayer(hash string, features []LayerFeature, namespaces []LayerNamespace, detectors []Detector) error

func (*MockSession) PersistNamespacedFeatures 

func (ms *MockSession) PersistNamespacedFeatures(namespacedFeatures []NamespacedFeature) error

func (*MockSession) PersistNamespaces 

func (ms *MockSession) PersistNamespaces(namespaces []Namespace) error

func (*MockSession) ReleaseLock 

func (ms *MockSession) ReleaseLock(name, owner string) error

func (*MockSession) Rollback 

func (ms *MockSession) Rollback() error

func (*MockSession) UpdateKeyValue 

func (ms *MockSession) UpdateKeyValue(key, value string) error

func (*MockSession) UpsertAncestry 

func (ms *MockSession) UpsertAncestry(ancestry Ancestry) error

type Namespace 

type Namespace struct {
	Name          string `json:"name"`
	VersionFormat string `json:"versionFormat"`
}

Namespace is the contextual information around features.

e.g. Debian:7, NodeJS.

func DeduplicateNamespaces 

func DeduplicateNamespaces(namespaces ...Namespace) []Namespace

DeduplicateNamespaces deduplicates a list of namespaces.

func NewNamespace 

func NewNamespace(name string, versionFormat string) *Namespace

func (*Namespace) Valid 

func (ns *Namespace) Valid() bool

type NamespacedFeature 

type NamespacedFeature struct {
	Feature `json:"feature"`

	Namespace Namespace `json:"namespace"`
}

NamespacedFeature is a feature with determined namespace and can be affected by vulnerabilities.

e.g. OpenSSL 1.0 dpkg Debian:7.

func DeduplicateNamespacedFeatures 

func DeduplicateNamespacedFeatures(features []NamespacedFeature) []NamespacedFeature

DeduplicateNamespacedFeatures returns a copy of all unique features in the input.

func GetAncestryFeatures 

func GetAncestryFeatures(ancestry Ancestry) []NamespacedFeature

GetAncestryFeatures returns a list of unique namespaced features in the ancestry.

func NewNamespacedFeature 

func NewNamespacedFeature(namespace *Namespace, feature *Feature) *NamespacedFeature

type NotificationHook 

type NotificationHook struct {
	Name string

	Created  time.Time
	Notified time.Time
	Deleted  time.Time
}

NotificationHook is a message sent to another service to inform of a change to a Vulnerability or the Ancestries affected by a Vulnerability. It contains the name of a notification that should be read and marked as read via the API.

func FindNewNotification 

func FindNewNotification(store Datastore, notifiedBefore time.Time) (NotificationHook, bool, error)

FindNewNotification finds notifications either never notified or notified before the given time.

type NullableAffectedNamespacedFeature 

type NullableAffectedNamespacedFeature struct {
	AffectedNamespacedFeature

	Valid bool
}

NullableAffectedNamespacedFeature is an affectednamespacedfeature with whether it's found in datastore.

func FindAffectedNamespacedFeaturesAndRollback 

func FindAffectedNamespacedFeaturesAndRollback(store Datastore, features []NamespacedFeature) ([]NullableAffectedNamespacedFeature, error)

FindAffectedNamespacedFeaturesAndRollback finds the vulnerabilities on each feature.

type NullableVulnerability 

type NullableVulnerability struct {
	VulnerabilityWithAffected

	Valid bool
}

NullableVulnerability is a vulnerability with whether the vulnerability is found in datastore.

func FindVulnerabilitiesAndRollback 

func FindVulnerabilitiesAndRollback(store Datastore, ids []VulnerabilityID) ([]NullableVulnerability, error)

FindVulnerabilitiesAndRollback finds the vulnerabilities based on given ids.

type PagedVulnerableAncestries 

type PagedVulnerableAncestries struct {
	Vulnerability

	// Affected is a map of special indexes to Ancestries, which the pair
	// should be unique in a stream. Every indexes in the map should be larger
	// than previous page.
	Affected map[int]string

	Limit   int
	Current pagination.Token
	Next    pagination.Token

	// End signals the end of the pages.
	End bool
}

PagedVulnerableAncestries is a vulnerability with a page of affected ancestries each with a special index attached for streaming purpose. The current page number and next page number are for navigate.

type RegistrableComponentConfig 

type RegistrableComponentConfig struct {
	Type    string
	Options map[string]interface{}
}

RegistrableComponentConfig is a configuration block that can be used to determine which registrable component should be initialized and pass custom configuration to it.

type Session 

type Session interface {
	// Commit commits changes to datastore.
	//
	// Commit call after Rollback does no-op.
	Commit() error

	// Rollback drops changes to datastore.
	//
	// Rollback call after Commit does no-op.
	Rollback() error

	// UpsertAncestry inserts or replaces an ancestry and its namespaced
	// features and processors used to scan the ancestry.
	UpsertAncestry(Ancestry) error

	// FindAncestry retrieves an ancestry with all detected
	// namespaced features. If the ancestry is not found, return false.
	FindAncestry(name string) (ancestry Ancestry, found bool, err error)

	// PersistDetector inserts a slice of detectors if not in the database.
	PersistDetectors(detectors []Detector) error

	// PersistFeatures inserts a set of features if not in the database.
	PersistFeatures(features []Feature) error

	// PersistNamespacedFeatures inserts a set of namespaced features if not in
	// the database.
	PersistNamespacedFeatures([]NamespacedFeature) error

	// CacheAffectedNamespacedFeatures relates the namespaced features with the
	// vulnerabilities affecting these features.
	//
	// NOTE(Sida): it's not necessary for every database implementation and so
	// this function may have a better home.
	CacheAffectedNamespacedFeatures([]NamespacedFeature) error

	// FindAffectedNamespacedFeatures retrieves a set of namespaced features
	// with affecting vulnerabilities.
	FindAffectedNamespacedFeatures(features []NamespacedFeature) ([]NullableAffectedNamespacedFeature, error)

	// PersistNamespaces inserts a set of namespaces if not in the database.
	PersistNamespaces([]Namespace) error

	// PersistLayer appends a layer's content in the database.
	//
	// If any feature, namespace, or detector is not in the database, it returns not found error.
	PersistLayer(hash string, features []LayerFeature, namespaces []LayerNamespace, detectedBy []Detector) error

	// FindLayer returns a layer with all detected features and
	// namespaces.
	FindLayer(hash string) (layer Layer, found bool, err error)

	// InsertVulnerabilities inserts a set of UNIQUE vulnerabilities with
	// affected features into database, assuming that all vulnerabilities
	// provided are NOT in database and all vulnerabilities' namespaces are
	// already in the database.
	InsertVulnerabilities([]VulnerabilityWithAffected) error

	// FindVulnerability retrieves a set of Vulnerabilities with affected
	// features.
	FindVulnerabilities([]VulnerabilityID) ([]NullableVulnerability, error)

	// DeleteVulnerability removes a set of Vulnerabilities assuming that the
	// requested vulnerabilities are in the database.
	DeleteVulnerabilities([]VulnerabilityID) error

	// InsertVulnerabilityNotifications inserts a set of unique vulnerability
	// notifications into datastore, assuming that they are not in the database.
	InsertVulnerabilityNotifications([]VulnerabilityNotification) error

	// FindNewNotification retrieves a notification, which has never been
	// notified or notified before a certain time.
	FindNewNotification(notifiedBefore time.Time) (hook NotificationHook, found bool, err error)

	// FindVulnerabilityNotification retrieves a vulnerability notification with
	// affected ancestries affected by old or new vulnerability.
	//
	// Because the number of affected ancestries maybe large, they are paginated
	// and their pages are specified by the pagination token, which should be
	// considered first page when it's empty.
	FindVulnerabilityNotification(name string, limit int, oldVulnerabilityPage pagination.Token, newVulnerabilityPage pagination.Token) (noti VulnerabilityNotificationWithVulnerable, found bool, err error)

	// MarkNotificationAsRead marks a Notification as notified now, assuming
	// the requested notification is in the database.
	MarkNotificationAsRead(name string) error

	// DeleteNotification removes a Notification in the database.
	DeleteNotification(name string) error

	// UpdateKeyValue stores or updates a simple key/value pair.
	UpdateKeyValue(key, value string) error

	// FindKeyValue retrieves a value from the given key.
	FindKeyValue(key string) (value string, found bool, err error)

	// AcquireLock acquires a brand new lock in the database with a given name
	// for the given duration.
	//
	// A lock can only have one owner.
	// This method should NOT block until a lock is acquired.
	AcquireLock(name, owner string, duration time.Duration) (acquired bool, expiration time.Time, err error)

	// ExtendLock extends an existing lock such that the lock will expire at the
	// current time plus the provided duration.
	//
	// This method should return immediately with an error if the lock does not
	// exist.
	ExtendLock(name, owner string, duration time.Duration) (extended bool, expiration time.Time, err error)

	// ReleaseLock releases an existing lock.
	ReleaseLock(name, owner string) error
}

Session contains the required operations on a persistent data store for a Clair deployment.

Session is started by Datastore.Begin and terminated with Commit or Rollback. Besides Commit and Rollback, other functions cannot be called after the session is terminated. Any function is not guaranteed to be called successfully if there's a session failure.

type Severity 

type Severity string

Severity defines a standard scale for measuring the severity of a vulnerability. 

const (
	// UnknownSeverity is either a security problem that has not been assigned to
	// a priority yet or a priority that our system did not recognize.
	UnknownSeverity Severity = "Unknown"

	// NegligibleSeverity is technically a security problem, but is only
	// theoretical in nature, requires a very special situation, has almost no
	// install base, or does no real damage. These tend not to get backport from
	// upstream, and will likely not be included in security updates unless
	// there is an easy fix and some other issue causes an update.
	NegligibleSeverity Severity = "Negligible"

	// LowSeverity is a security problem, but is hard to exploit due to
	// environment, requires a user-assisted attack, a small install base, or
	// does very little damage.  These tend to be included in security updates
	// only when higher priority issues require an update, or if many low
	// priority issues have built up.
	LowSeverity Severity = "Low"

	// MediumSeverity is a real security problem, and is exploitable for many
	// people.  Includes network daemon denial of service attacks, cross-site
	// scripting, and gaining user privileges.  Updates should be made soon for
	// this priority of issue.
	MediumSeverity Severity = "Medium"

	// HighSeverity is a real problem, exploitable for many people in a default
	// installation. Includes serious remote denial of services, local root
	// privilege escalations, or data loss.
	HighSeverity Severity = "High"

	// CriticalSeverity is a world-burning problem, exploitable for nearly all
	// people in a default installation of Linux. Includes remote root privilege
	// escalations, or massive data loss.
	CriticalSeverity Severity = "Critical"

	// Defcon1Severity is a Critical problem which has been manually highlighted
	// by the team. It requires an immediate attention.
	Defcon1Severity Severity = "Defcon1"
)

func NewSeverity 

func NewSeverity(s string) (Severity, error)

NewSeverity attempts to parse a string into a standard Severity value.

func (Severity) Compare 

func (s Severity) Compare(s2 Severity) int

Compare determines the equality of two severities.

If the severities are equal, returns 0. If the receiver is less, returns -1. If the receiver is greater, returns 1.

func (*Severity) Scan 

func (s *Severity) Scan(value interface{}) error

Scan implements the database/sql.Scanner interface.

func (Severity) Valid 

func (s Severity) Valid() bool

Valid checks if the severity is valid or not.

func (Severity) Value 

func (s Severity) Value() (driver.Value, error)

Value implements the database/sql/driver.Valuer interface.

type StorageError 

type StorageError struct {
	// contains filtered or unexported fields
}

StorageError is database error

func NewStorageError 

func NewStorageError(reason string) *StorageError

NewStorageError creates a new database error

func NewStorageErrorWithInternalError 

func NewStorageErrorWithInternalError(reason string, originalError error) *StorageError

NewStorageErrorWithInternalError creates a new database error

func (*StorageError) Error 

func (e *StorageError) Error() string

type Vulnerability 

type Vulnerability struct {
	Name      string
	Namespace Namespace

	Description string
	Link        string
	Severity    Severity

	Metadata MetadataMap
}

Vulnerability represents CVE or similar vulnerability reports.

type VulnerabilityID 

type VulnerabilityID struct {
	Name      string
	Namespace string
}

VulnerabilityID is an identifier for every vulnerability. Every vulnerability has unique namespace and name.

type VulnerabilityNotification 

type VulnerabilityNotification struct {
	NotificationHook

	Old *Vulnerability
	New *Vulnerability
}

VulnerabilityNotification is a notification for vulnerability changes.

type VulnerabilityNotificationWithVulnerable 

type VulnerabilityNotificationWithVulnerable struct {
	NotificationHook

	Old *PagedVulnerableAncestries
	New *PagedVulnerableAncestries
}

VulnerabilityNotificationWithVulnerable is a notification for vulnerability changes with vulnerable ancestries.

func FindVulnerabilityNotificationAndRollback 

func FindVulnerabilityNotificationAndRollback(store Datastore, name string, limit int, oldVulnerabilityPage pagination.Token, newVulnerabilityPage pagination.Token) (VulnerabilityNotificationWithVulnerable, bool, error)

FindVulnerabilityNotificationAndRollback finds the vulnerability notification and rollback.

type VulnerabilityWithAffected 

type VulnerabilityWithAffected struct {
	Vulnerability

	Affected []AffectedFeature
}

VulnerabilityWithAffected is a vulnerability with all known affected features.

type VulnerabilityWithFixedIn 

type VulnerabilityWithFixedIn struct {
	Vulnerability

	FixedInVersion string
}

VulnerabilityWithFixedIn is used for AffectedNamespacedFeature to retrieve the affecting vulnerabilities and the fixed-in versions for the feature.

Source Files

View all Source files

Directories

Path Synopsis
Package pgsql implements database.Datastore with PostgreSQL.
 Package pgsql implements database.Datastore with PostgreSQL.
ancestry
detector
feature
keyvalue
layer
lock
migrations
Package migrations regroups every migrations available to the pgsql database backend.
 Package migrations regroups every migrations available to the pgsql database backend.
monitoring
namespace
notification
page
testutil
util
vulnerability

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.