postgres

package
v1.5.33 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 8, 2024 License: Apache-2.0 Imports: 34 Imported by: 1

Documentation

Overview

Package postgres implements the indexer store interface for a PostgreSQL database.

SQL statements should be arranged in this package such that they're constants in the closest scope possible to where they're used. They should be run through sqlfmt and then checked for correctness, as sqlfmt doesn't fully understand the PostgreSQL dialect. Queries should endeavor to do work database-side, as opposed to making queries to construct further queries.

Index

Constants

View Source
const (
	// GCThrottle sets a limit for the number of deleted update operations
	// (and subsequent cascade deletes in the uo_vuln table) that can occur in a GC run.
	GCThrottle = 50
)

Variables

View Source
var (
	// ErrNotIndexed indicates the vulnerability being queried has a dist or repo not
	// indexed into the database.
	ErrNotIndexed = fmt.Errorf("vulnerability containers data not indexed by any scannners")
)

Functions

func Connect

func Connect(ctx context.Context, connString string, applicationName string) (*pgxpool.Pool, error)

Connect initialize a postgres pgxpool.Pool based on the connection string

func InitPostgresIndexerStore

func InitPostgresIndexerStore(_ context.Context, pool *pgxpool.Pool, doMigration bool) (indexer.Store, error)

InitPostgresIndexerStore initialize a indexer.Store given the pgxpool.Pool

func InitPostgresMatcherStore

func InitPostgresMatcherStore(_ context.Context, pool *pgxpool.Pool, doMigration bool) (datastore.MatcherStore, error)

InitPostgresMatcherStore initialize a indexer.Store given libindex.Opts

Types

type IndexerStore

type IndexerStore struct {
	// contains filtered or unexported fields
}

IndexerStore implements the claircore.Store interface.

All the other exported methods live in their own files.

func NewIndexerStore

func NewIndexerStore(pool *pgxpool.Pool) *IndexerStore

func (*IndexerStore) AffectedManifests

AffectedManifests finds the manifests digests which are affected by the provided vulnerability.

An exhaustive search for all indexed packages of the same name as the vulnerability is performed.

The list of packages is filtered down to only the affected set.

The manifest index is then queried to resolve a list of manifest hashes containing the affected artifacts.

func (*IndexerStore) Close

func (s *IndexerStore) Close(_ context.Context) error

func (*IndexerStore) DeleteManifests

func (s *IndexerStore) DeleteManifests(ctx context.Context, ds ...claircore.Digest) ([]claircore.Digest, error)

func (*IndexerStore) DistributionsByLayer

func (s *IndexerStore) DistributionsByLayer(ctx context.Context, hash claircore.Digest, scnrs indexer.VersionedScanners) ([]*claircore.Distribution, error)

func (*IndexerStore) FilesByLayer added in v1.5.1

func (s *IndexerStore) FilesByLayer(ctx context.Context, hash claircore.Digest, scnrs indexer.VersionedScanners) ([]claircore.File, error)

func (*IndexerStore) IndexDistributions

func (s *IndexerStore) IndexDistributions(ctx context.Context, dists []*claircore.Distribution, layer *claircore.Layer, scnr indexer.VersionedScanner) error

func (*IndexerStore) IndexFiles added in v1.5.1

func (s *IndexerStore) IndexFiles(ctx context.Context, files []claircore.File, layer *claircore.Layer, scnr indexer.VersionedScanner) error

func (*IndexerStore) IndexManifest

func (s *IndexerStore) IndexManifest(ctx context.Context, ir *claircore.IndexReport) error

func (*IndexerStore) IndexPackages

func (s *IndexerStore) IndexPackages(ctx context.Context, pkgs []*claircore.Package, layer *claircore.Layer, scnr indexer.VersionedScanner) error

IndexPackages indexes all provided packages along with creating a scan artifact.

If a source package is nested inside a binary package we index the source package first and then create a relation between the binary package and source package.

Scan artifacts are used to determine if a particular layer has been scanned by a particular scanner. See the LayerScanned method for more details.

func (*IndexerStore) IndexReport

func (s *IndexerStore) IndexReport(ctx context.Context, hash claircore.Digest) (*claircore.IndexReport, bool, error)

func (*IndexerStore) IndexRepositories

func (s *IndexerStore) IndexRepositories(ctx context.Context, repos []*claircore.Repository, l *claircore.Layer, scnr indexer.VersionedScanner) error

func (*IndexerStore) LayerScanned

func (s *IndexerStore) LayerScanned(ctx context.Context, hash claircore.Digest, scnr indexer.VersionedScanner) (bool, error)

func (*IndexerStore) ManifestScanned

func (s *IndexerStore) ManifestScanned(ctx context.Context, hash claircore.Digest, vs indexer.VersionedScanners) (bool, error)

ManifestScanned determines if a manifest has been scanned by ALL the provided scanners.

func (*IndexerStore) PackagesByLayer

func (s *IndexerStore) PackagesByLayer(ctx context.Context, hash claircore.Digest, scnrs indexer.VersionedScanners) ([]*claircore.Package, error)

func (*IndexerStore) PersistManifest

func (s *IndexerStore) PersistManifest(ctx context.Context, manifest claircore.Manifest) error

func (*IndexerStore) RegisterScanners

func (s *IndexerStore) RegisterScanners(ctx context.Context, vs indexer.VersionedScanners) error

func (*IndexerStore) RepositoriesByLayer

func (s *IndexerStore) RepositoriesByLayer(ctx context.Context, hash claircore.Digest, scnrs indexer.VersionedScanners) ([]*claircore.Repository, error)

func (*IndexerStore) SetIndexFinished

func (s *IndexerStore) SetIndexFinished(ctx context.Context, ir *claircore.IndexReport, scnrs indexer.VersionedScanners) error

func (*IndexerStore) SetIndexReport

func (s *IndexerStore) SetIndexReport(ctx context.Context, ir *claircore.IndexReport) error

func (*IndexerStore) SetLayerScanned

func (s *IndexerStore) SetLayerScanned(ctx context.Context, hash claircore.Digest, vs indexer.VersionedScanner) error

type MatcherStore

type MatcherStore struct {
	// contains filtered or unexported fields
}

MatcherStore implements all interfaces in the vulnstore package

func NewMatcherStore

func NewMatcherStore(pool *pgxpool.Pool) *MatcherStore

func (*MatcherStore) DeleteUpdateOperations

func (s *MatcherStore) DeleteUpdateOperations(ctx context.Context, id ...uuid.UUID) (int64, error)

DeleteUpdateOperations implements vulnstore.Updater.

func (*MatcherStore) DeltaUpdateVulnerabilities added in v1.5.21

func (s *MatcherStore) DeltaUpdateVulnerabilities(ctx context.Context, updater string, fingerprint driver.Fingerprint, vulns []*claircore.Vulnerability, deletedVulns []string) (uuid.UUID, error)

DeltaUpdateVulnerabilities implements vulnstore.Updater.

It is similar to UpdateVulnerabilities but support processing of partial data as opposed to needing an entire vulnerability database Order of operations:

  • Create a new UpdateOperation
  • Query existing vulnerabilities for the updater
  • Discount and vulnerabilities with newer updates and deleted vulnerabilities
  • Update the associated updateOperation for the remaining existing vulnerabilities
  • Insert the new vulnerabilities
  • Associate new vulnerabilities with new updateOperation

func (*MatcherStore) GC

func (s *MatcherStore) GC(ctx context.Context, keep int) (int64, error)

GC is split into two phases, first it will identify any update operations which are older then the provided keep value and delete these.

Next it will perform updater based deletions of any vulns from the vuln table which are not longer referenced by update operations.

The GC is throttled to not overload the database with cascade deletes. If a full GC is required run this method until the returned int64 value is 0.

func (*MatcherStore) Get

Get implements vulnstore.Vulnerability.

func (*MatcherStore) GetEnrichment

func (s *MatcherStore) GetEnrichment(ctx context.Context, name string, tags []string) (res []driver.EnrichmentRecord, err error)

func (*MatcherStore) GetLatestUpdateRef

func (s *MatcherStore) GetLatestUpdateRef(ctx context.Context, kind driver.UpdateKind) (uuid.UUID, error)

GetLatestUpdateRef implements driver.Updater.

func (*MatcherStore) GetLatestUpdateRefs

func (s *MatcherStore) GetLatestUpdateRefs(ctx context.Context, kind driver.UpdateKind) (map[string][]driver.UpdateOperation, error)

func (*MatcherStore) GetUpdateDiff

func (s *MatcherStore) GetUpdateDiff(ctx context.Context, prev, cur uuid.UUID) (*driver.UpdateDiff, error)

func (*MatcherStore) GetUpdateOperations

func (s *MatcherStore) GetUpdateOperations(ctx context.Context, kind driver.UpdateKind, updater ...string) (map[string][]driver.UpdateOperation, error)

func (*MatcherStore) Initialized

func (s *MatcherStore) Initialized(ctx context.Context) (bool, error)

func (*MatcherStore) RecordUpdaterSetStatus

func (s *MatcherStore) RecordUpdaterSetStatus(ctx context.Context, updaterSet string, updateTime time.Time) error

RecordUpdaterSetStatus records that all updaters from a updater set are up to date with vulnerabilities at this time

func (*MatcherStore) RecordUpdaterStatus

func (s *MatcherStore) RecordUpdaterStatus(ctx context.Context, updaterName string, updateTime time.Time, fingerprint driver.Fingerprint, updaterError error) error

RecordUpdaterStatus records that an updater is up to date with vulnerabilities at this time

func (*MatcherStore) UpdateEnrichments

func (s *MatcherStore) UpdateEnrichments(ctx context.Context, updater string, fp driver.Fingerprint, es []driver.EnrichmentRecord) (uuid.UUID, error)

UpdateEnrichments creates a new UpdateOperation, inserts the provided EnrichmentRecord(s), and ensures enrichments from previous updates are not queried by clients.

func (*MatcherStore) UpdateEnrichmentsIter added in v1.5.28

func (s *MatcherStore) UpdateEnrichmentsIter(ctx context.Context, updater string, fp driver.Fingerprint, it datastore.EnrichmentIter) (uuid.UUID, error)

func (*MatcherStore) UpdateVulnerabilities

func (s *MatcherStore) UpdateVulnerabilities(ctx context.Context, updater string, fp driver.Fingerprint, vulns []*claircore.Vulnerability) (uuid.UUID, error)

UpdateVulnerabilities implements vulnstore.Updater.

It creates a new UpdateOperation for this update call, inserts the provided vulnerabilities and computes a diff comprising the removed and added vulnerabilities for this UpdateOperation.

func (*MatcherStore) UpdateVulnerabilitiesIter added in v1.5.28

func (s *MatcherStore) UpdateVulnerabilitiesIter(ctx context.Context, updater string, fp driver.Fingerprint, it datastore.VulnerabilityIter) (uuid.UUID, error)

UpdateVulnerabilitiesIter implements vulnstore.Updater.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL