libvuln

package

v0.3.2 Latest Latest Go to latest Published: Mar 17, 2021 License: Apache-2.0 Imports: 32 Imported by: 7

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/quay/claircore

Links

Open Source Insights

Documentation ¶

Overview ¶

Package libvuln is a generated GoMock package.

Index ¶

Constants
func OfflineImport(ctx context.Context, pool *pgxpool.Pool, in io.Reader) error
type HTTP
- func NewHandler(l *Libvuln) *HTTP
type Libvuln
- func New(ctx context.Context, opts *Opts) (*Libvuln, error)
type MockLibvuln
- func NewMockLibvuln(ctrl *gomock.Controller) *MockLibvuln
- func (m *MockLibvuln) EXPECT() *MockLibvulnMockRecorder
- func (m *MockLibvuln) Scan(arg0 context.Context, arg1 *claircore.IndexReport) (*claircore.VulnerabilityReport, error)
type MockLibvulnMockRecorder
- func (mr *MockLibvulnMockRecorder) Scan(arg0, arg1 interface{}) *gomock.Call
type Opts
type UpdateDriver
- func NewOfflineUpdater(config map[string]driver.ConfigUnmarshaler, filter func(string) bool, ...) (*UpdateDriver, error)
- func NewUpdater(pool *pgxpool.Pool, client *http.Client, ...) (*UpdateDriver, error)
- func (d *UpdateDriver) RunUpdaters(ctx context.Context, fs ...driver.UpdaterSetFactory) error
Bugs

Constants ¶

View Source

const (
	DefaultUpdateInterval  = 30 * time.Minute
	DefaultUpdateWorkers   = 10
	DefaultMaxConnPool     = 50
	DefaultUpdateRetention = 2
)

Variables ¶

This section is empty.

Functions ¶

func OfflineImport ¶ added in v0.1.1

func OfflineImport(ctx context.Context, pool *pgxpool.Pool, in io.Reader) error

OfflineImport takes the format written into the io.Writer provided to NewOfflineUpdater and imports the contents into the provided pgxpool.Pool.

Types ¶

type HTTP ¶ added in v0.0.25

type HTTP struct {
	*http.ServeMux
	// contains filtered or unexported fields
}

func NewHandler ¶ added in v0.0.25

func NewHandler(l *Libvuln) *HTTP

func (*HTTP) UpdateDiff ¶ added in v0.0.25

func (h *HTTP) UpdateDiff(w http.ResponseWriter, r *http.Request)

func (*HTTP) UpdateOperations ¶ added in v0.0.25

func (h *HTTP) UpdateOperations(w http.ResponseWriter, r *http.Request)

func (*HTTP) VulnerabilityReport ¶ added in v0.0.25

func (h *HTTP) VulnerabilityReport(w http.ResponseWriter, r *http.Request)

type Libvuln ¶

type Libvuln struct {
	// contains filtered or unexported fields
}

Libvuln exports methods for scanning an IndexReport and created a VulnerabilityReport.

Libvuln also runs background updaters which keep the vulnerability database consistent.

func New ¶

func New(ctx context.Context, opts *Opts) (*Libvuln, error)

New creates a new instance of the Libvuln library

func (*Libvuln) DeleteUpdateOperations ¶ added in v0.0.18

func (l *Libvuln) DeleteUpdateOperations(ctx context.Context, ref ...uuid.UUID) (int64, error)

DeleteUpdateOperations removes UpdateOperations. A call to GC or GCFull must be run after this to garbage collect vulnerabilities associated with the UpdateOperation.

The number of UpdateOperations deleted is returned.

func (*Libvuln) FetchUpdates ¶ added in v0.3.0

func (l *Libvuln) FetchUpdates(ctx context.Context) error

FetchUpdates runs configured updaters.

func (*Libvuln) GC ¶ added in v0.2.0

func (l *Libvuln) GC(ctx context.Context) (int64, error)

GC will cleanup any update operations older then the configured UpdatesRetention value. GC is throttled and ensure its a good citizen to the database.

The returned int is the number of outstanding UpdateOperations not deleted due to throttling. To run GC to completion use the GCFull method.

func (*Libvuln) GCFull ¶ added in v0.2.0

func (l *Libvuln) GCFull(ctx context.Context) (int64, error)

GCFull will run garbage collection until all expired update operations and stale vulnerabilites are removed in accordance with the UpdateRetention value.

GCFull may return an error accompanied by its other return value, the number of oustanding update operations not deleted.

func (*Libvuln) Initialized ¶ added in v0.3.0

func (l *Libvuln) Initialized(ctx context.Context) (bool, error)

Initialized reports whether the backing vulnerability store is initialized.

func (*Libvuln) LatestUpdateOperation ¶ added in v0.0.18

func (l *Libvuln) LatestUpdateOperation(ctx context.Context) (uuid.UUID, error)

LatestUpdateOperation returns a reference to the latest known update.

This can be used by clients to determine if a call to Scan is likely to return new results.

func (*Libvuln) LatestUpdateOperations ¶ added in v0.0.18

func (l *Libvuln) LatestUpdateOperations(ctx context.Context) (map[string][]driver.UpdateOperation, error)

LatestUpdateOperations returns references for the latest update for every known updater.

These references are okay to expose externally.

func (*Libvuln) Scan ¶

func (l *Libvuln) Scan(ctx context.Context, ir *claircore.IndexReport) (*claircore.VulnerabilityReport, error)

Scan creates a VulnerabilityReport given a manifest's IndexReport.

func (*Libvuln) UpdateDiff ¶ added in v0.0.18

func (l *Libvuln) UpdateDiff(ctx context.Context, prev, cur uuid.UUID) (*driver.UpdateDiff, error)

UpdateDiff returns an UpdateDiff describing the changes between prev and cur.

func (*Libvuln) UpdateOperations ¶ added in v0.0.18

func (l *Libvuln) UpdateOperations(ctx context.Context, updaters ...string) (map[string][]driver.UpdateOperation, error)

UpdateOperations returns UpdateOperations in date descending order keyed by the Updater name

type MockLibvuln ¶

type MockLibvuln struct {
	// contains filtered or unexported fields
}

MockLibvuln is a mock of Libvuln interface

func NewMockLibvuln ¶

func NewMockLibvuln(ctrl *gomock.Controller) *MockLibvuln

NewMockLibvuln creates a new mock instance

func (*MockLibvuln) EXPECT ¶

func (m *MockLibvuln) EXPECT() *MockLibvulnMockRecorder

EXPECT returns an object that allows the caller to indicate expected use

func (*MockLibvuln) Scan ¶

func (m *MockLibvuln) Scan(arg0 context.Context, arg1 *claircore.IndexReport) (*claircore.VulnerabilityReport, error)

Scan mocks base method

type MockLibvulnMockRecorder ¶

type MockLibvulnMockRecorder struct {
	// contains filtered or unexported fields
}

MockLibvulnMockRecorder is the mock recorder for MockLibvuln

func (*MockLibvulnMockRecorder) Scan ¶

func (mr *MockLibvulnMockRecorder) Scan(arg0, arg1 interface{}) *gomock.Call

Scan indicates an expected call of Scan

type Opts ¶

type Opts struct {
	// The maximum number of database connections in the
	// connection pool.
	MaxConnPool int32
	// A connection string to the database Libvuln will use.
	ConnString string
	// An interval on which Libvuln will check for new security database
	// updates.
	//
	// This duration will have jitter added to it, to help with smearing load on
	// installations.
	UpdateInterval time.Duration
	// Determines if Libvuln will manage database migrations
	Migrations bool
	// A slice of strings representing which updaters libvuln will create.
	//
	// If nil all default UpdaterSets will be used.
	//
	// The following sets are supported:
	// "alpine"
	// "aws"
	// "debian"
	// "oracle"
	// "photon"
	// "pyupio"
	// "rhel"
	// "suse"
	// "ubuntu"
	UpdaterSets []string
	// A list of out-of-tree updaters to run.
	//
	// This list will be merged with any defined UpdaterSets.
	//
	// If you desire no updaters to run do not add an updater
	// into this slice.
	Updaters []driver.Updater
	// A slice of strings representing which
	// matchers will be used.
	//
	// If nil all default Matchers will be used
	//
	// The following names are supported by default:
	// "alpine"
	// "aws"
	// "debian"
	// "oracle"
	// "photon"
	// "python"
	// "rhel"
	// "suse"
	// "ubuntu"
	// "crda" - remotematcher calls hosted api via RPC.
	MatcherNames []string

	// Config holds configuration blocks for MatcherFactories and Matchers,
	// keyed by name.
	MatcherConfigs map[string]driver.MatcherConfigUnmarshaler

	// A list of out-of-tree matchers you'd like libvuln to
	// use.
	//
	// This list will me merged with the default matchers.
	Matchers []driver.Matcher

	// UpdateWorkers controls the number of update workers running concurrently.
	// If less than or equal to zero, a sensible default will be used.
	UpdateWorkers int

	// UpdateRetention controls the number of updates to retain between
	// garbage collection periods.
	//
	// The lowest possible value is 2 in order to compare updates for notification
	// purposes.
	UpdateRetention int

	// If set to true, there will not be a goroutine launched to periodically
	// run updaters.
	DisableBackgroundUpdates bool

	// UpdaterConfigs is a map of functions for configuration of Updaters.
	UpdaterConfigs map[string]driver.ConfigUnmarshaler

	// Client is an http.Client for use by all updaters. If unset,
	// http.DefaultClient will be used.
	Client *http.Client
}

type UpdateDriver ¶ added in v0.1.0

type UpdateDriver struct {
	// contains filtered or unexported fields
}

func NewOfflineUpdater ¶ added in v0.1.0

func NewOfflineUpdater(config map[string]driver.ConfigUnmarshaler, filter func(string) bool, out io.Writer) (*UpdateDriver, error)

func NewUpdater ¶ added in v0.1.0

func NewUpdater(pool *pgxpool.Pool, client *http.Client, config map[string]driver.ConfigUnmarshaler, workers int, filter func(string) bool) (*UpdateDriver, error)

func (*UpdateDriver) RunUpdaters ¶ added in v0.1.0

func (d *UpdateDriver) RunUpdaters(ctx context.Context, fs ...driver.UpdaterSetFactory) error

Notes ¶

Bugs ¶

The OfflineImport function is a wart, needed to work around some package namespacing issues. It should get refactored if claircore gets merged into clair.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
driver
jsonblob
migrations
updates

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL