driver

package

v0.0.19 Latest Latest Go to latest Published: Apr 3, 2020 License: Apache-2.0 Imports: 6 Imported by: 17

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/quay/claircore

Links

Open Source Insights

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

View Source

var Unchanged = errors.New("database contents unchanged")

Unchanged is returned by Fetchers when the database has not changed.

Functions ¶

This section is empty.

Types ¶

type Fetcher ¶

type Fetcher interface {
	Fetch(context.Context, Fingerprint) (io.ReadCloser, Fingerprint, error)
}

Fetcher is an interface which is embedded into the Updater interface.

When called the interface should determine if new security advisory data is available. Fingerprint may be passed into in order for the Fetcher to determine if the contents has changed

If there is new content Fetcher should return a io.ReadCloser where the new content can be read. Optionally a fingerprint can be returned which uniqeually identifies the new content.

If the conent has not change an Unchanged error should be returned.

type Fingerprint ¶

type Fingerprint string

Fingerprint is some identifiying information about a vulnerability database.

type MatchConstraint ¶ added in v0.0.10

type MatchConstraint int

MatchConstraint explains to the caller how a search for a package's vulnerability should be constrained.

for example if sql implementation encounters a DistributionDID constraint it should create a query similar to "SELECT * FROM vulnerabilities WHERE package_name = ? AND distribution_did = ?"

const (

	// should match claircore.Package.Source.Name => claircore.Vulnerability.Package.Name
	PackageSourceName MatchConstraint
	// should match claircore.Package.Name => claircore.Vulnerability.Package.Name
	PackageName
	// should match claircore.Package.Distribution.DID => claircore.Vulnerability.Package.Distribution.DID
	DistributionDID
	// should match claircore.Package.Distribution.Name => claircore.Vulnerability.Package.Distribution.Name
	DistributionName
	// should match claircore.Package.Distribution.Version => claircore.Vulnerability.Package.Distribution.Version
	DistributionVersion
	// should match claircore.Package.Distribution.VersionCodeName => claircore.Vulnerability.Package.Distribution.VersionCodeName
	DistributionVersionCodeName
	// should match claircore.Package.Distribution.VersionID => claircore.Vulnerability.Package.Distribution.VersionID
	DistributionVersionID
	// should match claircore.Package.Distribution.Arch => claircore.Vulnerability.Package.Distribution.Arch
	DistributionArch
	// should match claircore.Package.Distribution.CPE => claircore.Vulnerability.Package.Distribution.CPE
	DistributionCPE
	// should match claircore.Package.Distribution.PrettyName => claircore.Vulnerability.Package.Distribution.PrettyName
	DistributionPrettyName
)

type Matcher ¶

type Matcher interface {
	// a unique name for the matcher
	Name() string
	// Filter informs the Controller if the implemented Matcher is interested in the provided IndexRecord.
	Filter(record *claircore.IndexRecord) bool
	// Query informs the Controller how it should match packages with vulnerabilities.
	// All conditions are logical AND'd together.
	Query() []MatchConstraint
	// Vulnerable informs the Controller if the given package is affected by the given vulnerability.
	// for example checking the "FixedInVersion" field.
	Vulnerable(record *claircore.IndexRecord, vuln *claircore.Vulnerability) bool
}

Matcher is an interface which a Controller uses to query the vulnstore for vulnerabilities.

type Parser ¶

type Parser interface {
	// Parse should take an io.ReadCloser, read the contents, parse the contents
	// into a list of claircore.Vulnerability structs and then return
	// the list. Parse should assume contents are uncompressed and ready for parsing.
	Parse(ctx context.Context, contents io.ReadCloser) ([]*claircore.Vulnerability, error)
}

Parser is an interface which is embedded into the Updater interface.

Parse should be called with an io.ReadCloser struct where the contents of a security advisory databse can be read and parsed into an array of *claircore.Vulnerability

type UpdateDiff ¶ added in v0.0.18

type UpdateDiff struct {
	A       UpdateOperation
	B       UpdateOperation
	Added   []claircore.Vulnerability
	Removed []claircore.Vulnerability
}

UpdateDiff represents added or removed vulnerabilities between update operations

type UpdateOperation ¶ added in v0.0.18

type UpdateOperation struct {
	Ref         uuid.UUID
	Updater     string
	Fingerprint Fingerprint
	Date        time.Time
}

UpdateOperation is a unique update to the vulnstore by an Updater.

type Updater ¶

type Updater interface {
	Name() string
	Fetcher
	Parser
}

Updater is an aggregate interface combining the method set of a Fetcher and a Parser and forces a Name() to be provided

type VersionFilter ¶ added in v0.0.16

type VersionFilter interface {
	VersionFilter()
	// VersionAuthoritative reports whether the Matcher trusts the database-side
	// filtering to be authoritative.
	//
	// A Matcher may return false if it's using a versioning scheme that can't
	// be completely normalized into a claircore.Version.
	VersionAuthoritative() bool
}

VersionFilter is an additional interface that a Matcher can implment to opt-in to using normalized version information in database queries.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL