Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var Unchanged = errors.New("database contents unchanged")
Unchanged is returned by Fetchers when the database has not changed.
Functions ¶
This section is empty.
Types ¶
type Fetcher ¶
type Fetcher interface {
Fetch(context.Context, Fingerprint) (io.ReadCloser, Fingerprint, error)
}
Fetcher is an interface which is embedded into the Updater interface.
When called the interface should determine if new security advisory data is available. Fingerprint may be passed into in order for the Fetcher to determine if the contents has changed
If there is new content Fetcher should return a io.ReadCloser where the new content can be read. Optionally a fingerprint can be returned which uniqeually identifies the new content.
If the conent has not change an Unchanged error should be returned.
type Fingerprint ¶
type Fingerprint string
Fingerprint is some identifiying information about a vulnerability database.
type MatchConstraint ¶ added in v0.0.10
type MatchConstraint int
MatchConstraint explains to the caller how a search for a package's vulnerability should be constrained.
for example if sql implementation encounters a DistributionDID constraint it should create a query similar to "SELECT * FROM vulnerabilities WHERE package_name = ? AND distribution_did = ?"
const ( // should match claircore.Package.Source.Name => claircore.Vulnerability.Package.Name PackageSourceName MatchConstraint // should match claircore.Package.Name => claircore.Vulnerability.Package.Name PackageName // should match claircore.Package.Distribution.DID => claircore.Vulnerability.Package.Distribution.DID DistributionDID // should match claircore.Package.Distribution.Name => claircore.Vulnerability.Package.Distribution.Name DistributionName // should match claircore.Package.Distribution.Version => claircore.Vulnerability.Package.Distribution.Version DistributionVersion // should match claircore.Package.Distribution.VersionCodeName => claircore.Vulnerability.Package.Distribution.VersionCodeName DistributionVersionCodeName // should match claircore.Package.Distribution.VersionID => claircore.Vulnerability.Package.Distribution.VersionID DistributionVersionID // should match claircore.Package.Distribution.Arch => claircore.Vulnerability.Package.Distribution.Arch DistributionArch // should match claircore.Package.Distribution.CPE => claircore.Vulnerability.Package.Distribution.CPE DistributionCPE // should match claircore.Package.Distribution.PrettyName => claircore.Vulnerability.Package.Distribution.PrettyName DistributionPrettyName )
type Matcher ¶
type Matcher interface {
// a unique name for the matcher
Name() string
// Filter informs the Controller if the implemented Matcher is interested in the provided IndexRecord.
Filter(record *claircore.IndexRecord) bool
// Query informs the Controller how it should match packages with vulnerabilities.
// All conditions are logical AND'd together.
Query() []MatchConstraint
// Vulnerable informs the Controller if the given package is affected by the given vulnerability.
// for example checking the "FixedInVersion" field.
Vulnerable(record *claircore.IndexRecord, vuln *claircore.Vulnerability) bool
}
Matcher is an interface which a Controller uses to query the vulnstore for vulnerabilities.
type Parser ¶
type Parser interface {
// Parse should take an io.ReadCloser, read the contents, parse the contents
// into a list of claircore.Vulnerability structs and then return
// the list. Parse should assume contents are uncompressed and ready for parsing.
Parse(ctx context.Context, contents io.ReadCloser) ([]*claircore.Vulnerability, error)
}
Parser is an interface which is embedded into the Updater interface.
Parse should be called with an io.ReadCloser struct where the contents of a security advisory databse can be read and parsed into an array of *claircore.Vulnerability
Source Files