driver

package
v1.4.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 5, 2022 License: Apache-2.0 Imports: 10 Imported by: 17

Documentation

Index

Constants

This section is empty.

Variables

View Source
var Unchanged = errors.New("database contents unchanged")

Unchanged is returned by Fetchers when the database has not changed.

Functions

This section is empty.

Types

type ConfigUnmarshaler added in v0.1.0

type ConfigUnmarshaler func(interface{}) error

ConfigUnmarshaler can be thought of as an Unmarshal function with the byte slice provided, or a Decode function.

The function should populate a passed struct with any configuration information.

type Configurable added in v0.1.0

type Configurable interface {
	Configure(context.Context, ConfigUnmarshaler, *http.Client) error
}

Configurable is an interface that Updaters can implement to opt-in to having their configuration provided dynamically.

type Enricher added in v0.5.0

type Enricher interface {
	// Name is a unique name for this Enricher.
	//
	// The name preferably indicates the vendor who implemented it and matches
	// the corresponding EnrichmentUpdater.
	Name() string
	// Enrich extracts a set of tags from the provided VulnerabilityReport and utilizes
	// the provided EnrichmentGetter to retrieve any Enrichments associated with the query tags.
	//
	// Enrichers may not modify the passed VulnerabilityReport. Doing so may
	// panic the program.
	//
	// The implemented Enricher returns JSON blobs of Enrichment data and a key
	// explaining to the client how to interpret the data.
	Enrich(context.Context, EnrichmentGetter, *claircore.VulnerabilityReport) (string, []json.RawMessage, error)
}

Enricher is the interface for enriching a vulnerability report.

Enrichers are called after the VulnerabilityReport is constructed.

type EnrichmentGetter added in v0.5.0

type EnrichmentGetter interface {
	GetEnrichment(context.Context, []string) ([]EnrichmentRecord, error)
}

EnrichmentGetter is a handle to obtain Enrichments with a given tag.

The implementation provided to an Enricher will make use of the Enricher's name to scope down results.

type EnrichmentRecord added in v0.5.0

type EnrichmentRecord struct {
	Tags       []string
	Enrichment json.RawMessage
}

EnrichmentRecord is a simple container for JSON enrichment data and the tags it will be queried by.

type EnrichmentUpdater added in v0.5.0

type EnrichmentUpdater interface {
	// Name is a unique name for this updater.
	//
	// The name preferably indicates the vendor who implemented it and the
	// enrichment data source it's fetching and interpreting.
	// This must be paired with an Enricher using the same value.
	Name() string
	// FetchEnrichment should use the provided Fingerprint to determine if
	// there's new data to download, and if so return it in an io.ReadCloser and
	// a new Fingerprint.
	//
	// If there's no new data, the method should report Unchanged.
	FetchEnrichment(context.Context, Fingerprint) (io.ReadCloser, Fingerprint, error)
	// ParseEnrichment reads from the provided io.ReadCloser, parses its contents,
	// and returns a slice of EnrichmentRecords or an error.
	ParseEnrichment(context.Context, io.ReadCloser) ([]EnrichmentRecord, error)
}

EnrichmentUpdater fetches an Enrichment data source, parses its contents, and returns individual EnrichmentRecords.

type ErrExists added in v0.0.21

type ErrExists struct {
	Updater []string
}

ErrExists is an error returned if the updater already exists in the set.

func (ErrExists) Error added in v0.0.21

func (e ErrExists) Error() string

type Fetcher

type Fetcher interface {
	Fetch(context.Context, Fingerprint) (io.ReadCloser, Fingerprint, error)
}

Fetcher is an interface which is embedded into the Updater interface.

When called the interface should determine if new security advisory data is available. Fingerprint may be passed into in order for the Fetcher to determine if the contents has changed

If there is new content Fetcher should return a io.ReadCloser where the new content can be read. Optionally a fingerprint can be returned which uniquely identifies the new content.

If the conent has not change an Unchanged error should be returned.

type Fingerprint

type Fingerprint string

Fingerprint is some identifying information about a vulnerability database.

type MatchConstraint added in v0.0.10

type MatchConstraint int

MatchConstraint explains to the caller how a search for a package's vulnerability should be constrained.

for example if sql implementation encounters a DistributionDID constraint it should create a query similar to "SELECT * FROM vulnerabilities WHERE package_name = ? AND distribution_did = ?"

const (

	// should match claircore.Package.Source.Name => claircore.Vulnerability.Package.Name
	PackageSourceName MatchConstraint
	// should match claircore.Package.Name => claircore.Vulnerability.Package.Name
	PackageName
	// should match claircore.Package.Module => claircore.Vulnerability.Package.Module
	PackageModule
	// should match claircore.Package.Distribution.DID => claircore.Vulnerability.Package.Distribution.DID
	DistributionDID
	// should match claircore.Package.Distribution.Name => claircore.Vulnerability.Package.Distribution.Name
	DistributionName
	// should match claircore.Package.Distribution.Version => claircore.Vulnerability.Package.Distribution.Version
	DistributionVersion
	// should match claircore.Package.Distribution.VersionCodeName => claircore.Vulnerability.Package.Distribution.VersionCodeName
	DistributionVersionCodeName
	// should match claircore.Package.Distribution.VersionID => claircore.Vulnerability.Package.Distribution.VersionID
	DistributionVersionID
	// should match claircore.Package.Distribution.Arch => claircore.Vulnerability.Package.Distribution.Arch
	DistributionArch
	// should match claircore.Package.Distribution.CPE => claircore.Vulnerability.Package.Distribution.CPE
	DistributionCPE
	// should match claircore.Package.Distribution.PrettyName => claircore.Vulnerability.Package.Distribution.PrettyName
	DistributionPrettyName
	// should match claircore.Package.Repository.Name => claircore.Vulnerability.Package.Repository.Name
	RepositoryName
)

type Matcher

type Matcher interface {
	// a unique name for the matcher
	Name() string
	// Filter informs the Controller if the implemented Matcher is interested in the provided IndexRecord.
	Filter(record *claircore.IndexRecord) bool
	// Query informs the Controller how it should match packages with vulnerabilities.
	// All conditions are logical AND'd together.
	Query() []MatchConstraint
	// Vulnerable informs the Controller if the given package is affected by the given vulnerability.
	// for example checking the "FixedInVersion" field.
	Vulnerable(ctx context.Context, record *claircore.IndexRecord, vuln *claircore.Vulnerability) (bool, error)
}

Matcher is an interface which a Controller uses to query the vulnstore for vulnerabilities.

type MatcherConfigUnmarshaler added in v0.3.2

type MatcherConfigUnmarshaler func(interface{}) error

MatcherConfigUnmarshaler can be thought of as an Unmarshal function with the byte slice provided, or a Decode function.

The function should populate a passed struct with any configuration information.

type MatcherConfigurable added in v0.3.2

type MatcherConfigurable interface {
	Configure(context.Context, MatcherConfigUnmarshaler, *http.Client) error
}

MatcherConfigurable is an interface that MatcherFactory can implement to opt-in to having their configuration provided dynamically.

type MatcherFactory added in v0.3.2

type MatcherFactory interface {
	Matcher(context.Context) ([]Matcher, error)
}

MatcherFactory is used to construct matchers at run-time.

func MatcherStatic added in v0.3.2

func MatcherStatic(s Matcher) MatcherFactory

MatcherStatic creates an MatcherFactoryFunc returning the provided matcher.

type MatcherFactoryFunc added in v0.3.2

type MatcherFactoryFunc func(context.Context) ([]Matcher, error)

MatcherFactoryFunc would ease the registration of Matchers which don't need Configurability.

func (MatcherFactoryFunc) Matcher added in v0.3.2

func (u MatcherFactoryFunc) Matcher(ctx context.Context) ([]Matcher, error)

type NoopUpdater added in v0.5.0

type NoopUpdater struct{}

NoopUpdater is designed to be embedded into other Updater types so they can be used in the original updater machinery.

This may go away if the Updater interface becomes Vulnerability agnostic in the future.

func (NoopUpdater) Fetch added in v0.5.0

Fetch implements Updater.

func (NoopUpdater) Parse added in v0.5.0

Parse implements Updater.

type Parser

type Parser interface {
	// Parse should take an io.ReadCloser, read the contents, parse the contents
	// into a list of claircore.Vulnerability structs and then return
	// the list. Parse should assume contents are uncompressed and ready for parsing.
	Parse(ctx context.Context, contents io.ReadCloser) ([]*claircore.Vulnerability, error)
}

Parser is an interface which is embedded into the Updater interface.

Parse should be called with an io.ReadCloser struct where the contents of a security advisory database can be read and parsed into an array of *claircore.Vulnerability

type RemoteMatcher added in v0.1.0

type RemoteMatcher interface {
	QueryRemoteMatcher(ctx context.Context, records []*claircore.IndexRecord) (map[string][]*claircore.Vulnerability, error)
}

RemoteMatcher is an additional interface that a Matcher can implement.

When called the interface can invoke the remote matcher using an HTTP API to fetch new vulnerabilities associated with the given IndexRecords.

The information retrieved from this interface won't be persisted into the claircore database.

type UpdateDiff added in v0.0.18

type UpdateDiff struct {
	Prev    UpdateOperation           `json:"prev"`
	Cur     UpdateOperation           `json:"cur"`
	Added   []claircore.Vulnerability `json:"added"`
	Removed []claircore.Vulnerability `json:"removed"`
}

UpdateDiff represents added or removed vulnerabilities between update operations

type UpdateKind added in v0.4.2

type UpdateKind string
var EnrichmentKind UpdateKind = "enrichment"
var VulnerabilityKind UpdateKind = "vulnerability"

type UpdateOperation added in v0.0.18

type UpdateOperation struct {
	Ref         uuid.UUID   `json:"ref"`
	Updater     string      `json:"updater"`
	Fingerprint Fingerprint `json:"fingerprint"`
	Date        time.Time   `json:"date"`
	Kind        UpdateKind  `json:"kind"`
}

UpdateOperation is a unique update to the vulnstore by an Updater.

type Updater

type Updater interface {
	Name() string
	Fetcher
	Parser
}

Updater is an aggregate interface combining the method set of a Fetcher and a Parser and forces a Name() to be provided

type UpdaterSet added in v0.0.21

type UpdaterSet struct {
	// contains filtered or unexported fields
}

UpdaterSet holds a deduplicated set of updaters.

func NewUpdaterSet added in v0.0.21

func NewUpdaterSet() UpdaterSet

NewUpdaterSet returns an initialized UpdaterSet.

func (*UpdaterSet) Add added in v0.0.21

func (s *UpdaterSet) Add(u Updater) error

Add will add an Updater to the set.

An error will be reported if an updater with the same name already exists.

func (*UpdaterSet) Merge added in v0.0.21

func (s *UpdaterSet) Merge(set UpdaterSet) error

Merge will merge the UpdaterSet provided as argument into the UpdaterSet provided as the function receiver.

If an updater exists in the target set an error specifying which updaters could not be merged is returned.

func (*UpdaterSet) RegexFilter added in v0.0.21

func (s *UpdaterSet) RegexFilter(regex string) error

RegexFilter will remove any updaters from the set whose reported names do not match the provided regexp string.

func (*UpdaterSet) Updaters added in v0.0.21

func (s *UpdaterSet) Updaters() []Updater

Updaters returns the updaters within the set as slice.

type UpdaterSetFactory added in v0.1.0

type UpdaterSetFactory interface {
	UpdaterSet(context.Context) (UpdaterSet, error)
}

UpdaterSetFactory is used to construct updaters at run-time.

func StaticSet added in v0.1.0

func StaticSet(s UpdaterSet) UpdaterSetFactory

StaticSet creates an UpdaterSetFunc returning the provided set.

type UpdaterSetFactoryFunc added in v0.1.0

type UpdaterSetFactoryFunc func(context.Context) (UpdaterSet, error)

func (UpdaterSetFactoryFunc) UpdaterSet added in v0.1.0

func (u UpdaterSetFactoryFunc) UpdaterSet(ctx context.Context) (UpdaterSet, error)

type VersionFilter added in v0.0.16

type VersionFilter interface {
	VersionFilter()
	// VersionAuthoritative reports whether the Matcher trusts the database-side
	// filtering to be authoritative.
	//
	// A Matcher may return false if it's using a versioning scheme that can't
	// be completely normalized into a claircore.Version.
	VersionAuthoritative() bool
}

VersionFilter is an additional interface that a Matcher can implment to opt-in to using normalized version information in database queries.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL