Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var Unchanged = errors.New("database contents unchanged")
Unchanged is returned by Fetchers when the database has not changed.
Functions ¶
This section is empty.
Types ¶
type Fetcher ¶
type Fetcher interface {
// Fetch should retrieve the target vulnerability data and return an io.ReadCloser
// with the contents. Fetch should also return a string which can used to determine
// if these contents should be applied to the vulnerability database. for example
// a sha265 sum of a OVAL xml file.
Fetch() (io.ReadCloser, string, error)
}
Fetcher is an interface which is embedded into the Updater struct. When called the implementaiton should return an io.ReadCloser with contents of the target vulnerability data
type FetcherNG ¶
type FetcherNG interface {
FetchContext(context.Context, Fingerprint) (io.ReadCloser, Fingerprint, error)
}
FetcherNG is an experimental fetcher interface.
This may go away or be renamed without warning.
type Fingerprint ¶
type Fingerprint string
Fingerprint is some identifiying information about a vulnerability database.
type MatchExp ¶
type MatchExp int
MatchExp types allow a caller of vulnstore methods to specify how to match incoming packages with vulnerabilities. Implementors are tasked with how the matching is performed
for example if sql implementation encounters a PackageDistributionDID matcher it should create a query similar to "SELECT * FROM vulnerabilities WHERE package_name = ? AND distribution_did = ?"
const ( // should match claircore.Package.Source.Name => claircore.Vulnerability.Package.Name PackageSourceName MatchExp // should match claircore.Package.Name => claircore.Vulnerability.Package.Name PackageName // should match claircore.Package.Distribution.DID => claircore.Vulnerability.Package.Distribution.DID PackageDistributionDID // should match claircore.Package.Distribution.Name => claircore.Vulnerability.Package.Distribution.Name PackageDistributionName // should match claircore.Package.Distribution.Version => claircore.Vulnerability.Package.Distribution.Version PackageDistributionVersion // should match claircore.Package.Distribution.VersionCodeName => claircore.Vulnerability.Package.Distribution.VersionCodeName PackageDistributionVersionCodeName // should match claircore.Package.Distribution.VersionID => claircore.Vulnerability.Package.Distribution.VersionID PackageDistributionVersionID // should match claircore.Package.Distribution.Arch => claircore.Vulnerability.Package.Distribution.Arch PackageDistributionArch // should match claircore.Package.Distribution.CPE => claircore.Vulnerability.Package.Distribution.CPE PackageDistributionCPE // should match claircore.Package.Distribution.PrettyName => claircore.Vulnerability.Package.Distribution.PrettyName PackageDistributionPrettyName )
type Matcher ¶
type Matcher interface {
// Filter informs the Controller if the implemented Matcher is interested in the provided IndexRecord.
Filter(record *claircore.IndexRecord) bool
// Query informs the Controller how it should match packages with vulnerabilities.
// All conditions are logical AND'd together.
Query() []MatchExp
// Vulnerable informs the Controller if the given package is affected by the given vulnerability.
// for example checking the "FixedInVersion" field.
Vulnerable(record *claircore.IndexRecord, vuln *claircore.Vulnerability) bool
}
Matcher is an interface which a Controller uses to query the vulnstore for vulnerabilities.
type Parser ¶
type Parser interface {
// Parse should take an io.ReadCloser, read the contents, parse the contents
// into a list of claircore.Vulnerability structs and then return
// the list. Parse should assume contents are uncompressed and ready for parsing.
Parse(contents io.ReadCloser) ([]*claircore.Vulnerability, error)
}
Parser is an interface when called with an io.ReadCloser should parse the provided contents and return a list of *claircore.Vulnerabilities
Source Files