Documentation ¶
Overview ¶
Package database defines the Clair's models and a common interface for database implementations.
Index ¶
- Variables
- func Register(name string, driver Driver)
- type Datastore
- type Driver
- type Feature
- type FeatureVersion
- type Layer
- type MetadataMap
- type MockDatastore
- func (mds *MockDatastore) Close()
- func (mds *MockDatastore) DeleteLayer(name string) error
- func (mds *MockDatastore) DeleteNotification(name string) error
- func (mds *MockDatastore) DeleteVulnerability(namespaceName, name string) error
- func (mds *MockDatastore) DeleteVulnerabilityFix(vulnerabilityNamespace, vulnerabilityName, featureName string) error
- func (mds *MockDatastore) FindLayer(name string, withFeatures, withVulnerabilities bool) (Layer, error)
- func (mds *MockDatastore) FindLock(name string) (string, time.Time, error)
- func (mds *MockDatastore) FindVulnerability(namespaceName, name string) (Vulnerability, error)
- func (mds *MockDatastore) GetAvailableNotification(renotifyInterval time.Duration) (VulnerabilityNotification, error)
- func (mds *MockDatastore) GetKeyValue(key string) (string, error)
- func (mds *MockDatastore) GetNotification(name string, limit int, page VulnerabilityNotificationPageNumber) (VulnerabilityNotification, VulnerabilityNotificationPageNumber, error)
- func (mds *MockDatastore) InsertKeyValue(key, value string) error
- func (mds *MockDatastore) InsertLayer(layer Layer) error
- func (mds *MockDatastore) InsertVulnerabilities(vulnerabilities []Vulnerability, createNotification bool) error
- func (mds *MockDatastore) InsertVulnerabilityFixes(vulnerabilityNamespace, vulnerabilityName string, fixes []FeatureVersion) error
- func (mds *MockDatastore) ListNamespaces() ([]Namespace, error)
- func (mds *MockDatastore) ListVulnerabilities(namespaceName string, limit int, page int) ([]Vulnerability, int, error)
- func (mds *MockDatastore) Lock(name string, owner string, duration time.Duration, renew bool) (bool, time.Time)
- func (mds *MockDatastore) Ping() bool
- func (mds *MockDatastore) SetNotificationNotified(name string) error
- func (mds *MockDatastore) Unlock(name, owner string)
- type Model
- type Namespace
- type RegistrableComponentConfig
- type Severity
- type Vulnerability
- type VulnerabilityNotification
- type VulnerabilityNotificationPageNumber
Constants ¶
This section is empty.
Variables ¶
var ( // ErrBackendException is an error that occurs when the database backend does // not work properly (ie. unreachable). ErrBackendException = errors.New("database: an error occured when querying the backend") // ErrInconsistent is an error that occurs when a database consistency check // fails (i.e. when an entity which is supposed to be unique is detected // twice) ErrInconsistent = errors.New("database: inconsistent database") )
var DebianReleasesMapping = map[string]string{
"squeeze": "6",
"wheezy": "7",
"jessie": "8",
"stretch": "9",
"sid": "unstable",
"oldstable": "7",
"stable": "8",
"testing": "9",
"unstable": "unstable",
}
DebianReleasesMapping translates Debian code names and class names to version numbers
var ErrFailedToParseSeverity = errors.New("failed to parse Severity from input")
ErrFailedToParseSeverity is the error returned when a severity could not be parsed from a string.
var NoVulnerabilityNotificationPage = VulnerabilityNotificationPageNumber{-1, -1}
var Severities = []Severity{ UnknownSeverity, NegligibleSeverity, LowSeverity, MediumSeverity, HighSeverity, CriticalSeverity, Defcon1Severity, }
Severities lists all known severities, ordered from lowest to highest.
var UbuntuReleasesMapping = map[string]string{
"precise": "12.04",
"quantal": "12.10",
"raring": "13.04",
"trusty": "14.04",
"utopic": "14.10",
"vivid": "15.04",
"wily": "15.10",
"xenial": "16.04",
"yakkety": "16.10",
}
UbuntuReleasesMapping translates Ubuntu code names to version numbers
var VulnerabilityNotificationFirstPage = VulnerabilityNotificationPageNumber{0, 0}
Functions ¶
Types ¶
type Datastore ¶ added in v1.0.0
type Datastore interface { // ListNamespaces returns the entire list of known Namespaces. ListNamespaces() ([]Namespace, error) // InsertLayer stores a Layer in the database. // // A Layer is uniquely identified by its Name. // The Name and EngineVersion fields are mandatory. // If a Parent is specified, it is expected that it has been retrieved using // FindLayer. // If a Layer that already exists is inserted and the EngineVersion of the // given Layer is higher than the stored one, the stored Layer should be // updated. // The function has to be idempotent, inserting a layer that already exists // shouldn't return an error. InsertLayer(Layer) error // FindLayer retrieves a Layer from the database. // // When `withFeatures` is true, the Features field should be filled. // When `withVulnerabilities` is true, the Features field should be filled // and their AffectedBy fields should contain every vulnerabilities that // affect them. FindLayer(name string, withFeatures, withVulnerabilities bool) (Layer, error) // DeleteLayer deletes a Layer from the database and every layers that are // based on it, recursively. DeleteLayer(name string) error // ListVulnerabilities returns the list of vulnerabilities of a particular // Namespace. // // The Limit and page parameters are used to paginate the return list. // The first given page should be 0. // The function should return the next available page. If there are no more // pages, -1 has to be returned. ListVulnerabilities(namespaceName string, limit int, page int) ([]Vulnerability, int, error) // InsertVulnerabilities stores the given Vulnerabilities in the database, // updating them if necessary. // // A vulnerability is uniquely identified by its Namespace and its Name. // The FixedIn field may only contain a partial list of Features that are // affected by the Vulnerability, along with the version in which the // vulnerability is fixed. It is the responsibility of the implementation to // update the list properly. // A version equals to versionfmt.MinVersion means that the given Feature is // not being affected by the Vulnerability at all and thus, should be removed // from the list. // It is important that Features should be unique in the FixedIn list. For // example, it doesn't make sense to have two `openssl` Feature listed as a // Vulnerability can only be fixed in one Version. This is true because // Vulnerabilities and Features are namespaced (i.e. specific to one // operating system). // Each vulnerability insertion or update has to create a Notification that // will contain the old and the updated Vulnerability, unless // createNotification equals to true. InsertVulnerabilities(vulnerabilities []Vulnerability, createNotification bool) error // FindVulnerability retrieves a Vulnerability from the database, including // the FixedIn list. FindVulnerability(namespaceName, name string) (Vulnerability, error) // DeleteVulnerability removes a Vulnerability from the database. // // It has to create a Notification that will contain the old Vulnerability. DeleteVulnerability(namespaceName, name string) error // InsertVulnerabilityFixes adds new FixedIn Feature or update the Versions // of existing ones to the specified Vulnerability in the database. // // It has has to create a Notification that will contain the old and the // updated Vulnerability. InsertVulnerabilityFixes(vulnerabilityNamespace, vulnerabilityName string, fixes []FeatureVersion) error // DeleteVulnerabilityFix removes a FixedIn Feature from the specified // Vulnerability in the database. It can be used to store the fact that a // Vulnerability no longer affects the given Feature in any Version. // // It has has to create a Notification that will contain the old and the // updated Vulnerability. DeleteVulnerabilityFix(vulnerabilityNamespace, vulnerabilityName, featureName string) error // GetAvailableNotification returns the Name, Created, Notified and Deleted // fields of a Notification that should be handled. // // The renotify interval defines how much time after being marked as Notified // by SetNotificationNotified, a Notification that hasn't been deleted should // be returned again by this function. // A Notification for which there is a valid Lock with the same Name should // not be returned. GetAvailableNotification(renotifyInterval time.Duration) (VulnerabilityNotification, error) // GetNotification returns a Notification, including its OldVulnerability and // NewVulnerability fields. // // On these Vulnerabilities, LayersIntroducingVulnerability should be filled // with every Layer that introduces the Vulnerability (i.e. adds at least one // affected FeatureVersion). // The Limit and page parameters are used to paginate // LayersIntroducingVulnerability. The first given page should be // VulnerabilityNotificationFirstPage. The function will then return the next // available page. If there is no more page, NoVulnerabilityNotificationPage // has to be returned. GetNotification(name string, limit int, page VulnerabilityNotificationPageNumber) (VulnerabilityNotification, VulnerabilityNotificationPageNumber, error) // SetNotificationNotified marks a Notification as notified and thus, makes // it unavailable for GetAvailableNotification, until the renotify duration // is elapsed. SetNotificationNotified(name string) error // DeleteNotification marks a Notification as deleted, and thus, makes it // unavailable for GetAvailableNotification. DeleteNotification(name string) error // InsertKeyValue stores or updates a simple key/value pair in the database. InsertKeyValue(key, value string) error // GetKeyValue retrieves a value from the database from the given key. // // It returns an empty string if there is no such key. GetKeyValue(key string) (string, error) // Lock creates or renew a Lock in the database with the given name, owner // and duration. // // After the specified duration, the Lock expires by itself if it hasn't been // unlocked, and thus, let other users create a Lock with the same name. // However, the owner can renew its Lock by setting renew to true. // Lock should not block, it should instead returns whether the Lock has been // successfully acquired/renewed. If it's the case, the expiration time of // that Lock is returned as well. Lock(name string, owner string, duration time.Duration, renew bool) (bool, time.Time) // Unlock releases an existing Lock. Unlock(name, owner string) // FindLock returns the owner of a Lock specified by the name, and its // expiration time if it exists. FindLock(name string) (string, time.Time, error) // Ping returns the health status of the database. Ping() bool // Close closes the database and frees any allocated resource. Close() }
Datastore represents the required operations on a persistent data store for a Clair deployment.
func Open ¶
func Open(cfg RegistrableComponentConfig) (Datastore, error)
Open opens a Datastore specified by a configuration.
type Driver ¶
type Driver func(RegistrableComponentConfig) (Datastore, error)
Driver is a function that opens a Datastore specified by its database driver type and specific configuration.
type FeatureVersion ¶ added in v1.0.0
type FeatureVersion struct { Model Feature Feature Version string AffectedBy []Vulnerability // For output purposes. Only make sense when the feature version is in the context of an image. AddedBy Layer }
type MetadataMap ¶ added in v1.0.0
type MetadataMap map[string]interface{}
func (*MetadataMap) Scan ¶ added in v1.0.0
func (mm *MetadataMap) Scan(value interface{}) error
type MockDatastore ¶
type MockDatastore struct { FctListNamespaces func() ([]Namespace, error) FctInsertLayer func(Layer) error FctFindLayer func(name string, withFeatures, withVulnerabilities bool) (Layer, error) FctDeleteLayer func(name string) error FctListVulnerabilities func(namespaceName string, limit int, page int) ([]Vulnerability, int, error) FctInsertVulnerabilities func(vulnerabilities []Vulnerability, createNotification bool) error FctFindVulnerability func(namespaceName, name string) (Vulnerability, error) FctDeleteVulnerability func(namespaceName, name string) error FctInsertVulnerabilityFixes func(vulnerabilityNamespace, vulnerabilityName string, fixes []FeatureVersion) error FctDeleteVulnerabilityFix func(vulnerabilityNamespace, vulnerabilityName, featureName string) error FctGetAvailableNotification func(renotifyInterval time.Duration) (VulnerabilityNotification, error) FctGetNotification func(name string, limit int, page VulnerabilityNotificationPageNumber) (VulnerabilityNotification, VulnerabilityNotificationPageNumber, error) FctSetNotificationNotified func(name string) error FctDeleteNotification func(name string) error FctInsertKeyValue func(key, value string) error FctGetKeyValue func(key string) (string, error) FctLock func(name string, owner string, duration time.Duration, renew bool) (bool, time.Time) FctUnlock func(name, owner string) FctFindLock func(name string) (string, time.Time, error) FctPing func() bool FctClose func() }
MockDatastore implements Datastore and enables overriding each available method. The default behavior of each method is to simply panic.
func (*MockDatastore) Close ¶
func (mds *MockDatastore) Close()
func (*MockDatastore) DeleteLayer ¶
func (mds *MockDatastore) DeleteLayer(name string) error
func (*MockDatastore) DeleteNotification ¶
func (mds *MockDatastore) DeleteNotification(name string) error
func (*MockDatastore) DeleteVulnerability ¶
func (mds *MockDatastore) DeleteVulnerability(namespaceName, name string) error
func (*MockDatastore) DeleteVulnerabilityFix ¶
func (mds *MockDatastore) DeleteVulnerabilityFix(vulnerabilityNamespace, vulnerabilityName, featureName string) error
func (*MockDatastore) FindLayer ¶
func (mds *MockDatastore) FindLayer(name string, withFeatures, withVulnerabilities bool) (Layer, error)
func (*MockDatastore) FindVulnerability ¶
func (mds *MockDatastore) FindVulnerability(namespaceName, name string) (Vulnerability, error)
func (*MockDatastore) GetAvailableNotification ¶
func (mds *MockDatastore) GetAvailableNotification(renotifyInterval time.Duration) (VulnerabilityNotification, error)
func (*MockDatastore) GetKeyValue ¶
func (mds *MockDatastore) GetKeyValue(key string) (string, error)
func (*MockDatastore) GetNotification ¶
func (mds *MockDatastore) GetNotification(name string, limit int, page VulnerabilityNotificationPageNumber) (VulnerabilityNotification, VulnerabilityNotificationPageNumber, error)
func (*MockDatastore) InsertKeyValue ¶
func (mds *MockDatastore) InsertKeyValue(key, value string) error
func (*MockDatastore) InsertLayer ¶
func (mds *MockDatastore) InsertLayer(layer Layer) error
func (*MockDatastore) InsertVulnerabilities ¶
func (mds *MockDatastore) InsertVulnerabilities(vulnerabilities []Vulnerability, createNotification bool) error
func (*MockDatastore) InsertVulnerabilityFixes ¶
func (mds *MockDatastore) InsertVulnerabilityFixes(vulnerabilityNamespace, vulnerabilityName string, fixes []FeatureVersion) error
func (*MockDatastore) ListNamespaces ¶
func (mds *MockDatastore) ListNamespaces() ([]Namespace, error)
func (*MockDatastore) ListVulnerabilities ¶
func (mds *MockDatastore) ListVulnerabilities(namespaceName string, limit int, page int) ([]Vulnerability, int, error)
func (*MockDatastore) Ping ¶
func (mds *MockDatastore) Ping() bool
func (*MockDatastore) SetNotificationNotified ¶
func (mds *MockDatastore) SetNotificationNotified(name string) error
func (*MockDatastore) Unlock ¶
func (mds *MockDatastore) Unlock(name, owner string)
type Model ¶ added in v1.0.0
type Model struct {
ID int
}
ID is only meant to be used by database implementations and should never be used for anything else.
type RegistrableComponentConfig ¶
RegistrableComponentConfig is a configuration block that can be used to determine which registrable component should be initialized and pass custom configuration to it.
type Severity ¶
type Severity string
Severity defines a standard scale for measuring the severity of a vulnerability.
const ( // UnknownSeverity is either a security problem that has not been assigned to // a priority yet or a priority that our system did not recognize. UnknownSeverity Severity = "Unknown" // NegligibleSeverity is technically a security problem, but is only // theoretical in nature, requires a very special situation, has almost no // install base, or does no real damage. These tend not to get backport from // upstreams, and will likely not be included in security updates unless // there is an easy fix and some other issue causes an update. NegligibleSeverity Severity = "Negligible" // LowSeverity is a security problem, but is hard to exploit due to // environment, requires a user-assisted attack, a small install base, or // does very little damage. These tend to be included in security updates // only when higher priority issues require an update, or if many low // priority issues have built up. LowSeverity Severity = "Low" // MediumSeverity is a real security problem, and is exploitable for many // people. Includes network daemon denial of service attacks, cross-site // scripting, and gaining user privileges. Updates should be made soon for // this priority of issue. MediumSeverity Severity = "Medium" // HighSeverity is a real problem, exploitable for many people in a default // installation. Includes serious remote denial of services, local root // privilege escalations, or data loss. HighSeverity Severity = "High" // CriticalSeverity is a world-burning problem, exploitable for nearly all // people in a default installation of Linux. Includes remote root privilege // escalations, or massive data loss. CriticalSeverity Severity = "Critical" // Defcon1Severity is a Critical problem which has been manually highlighted // by the team. It requires an immediate attention. Defcon1Severity Severity = "Defcon1" )
func NewSeverity ¶
NewSeverity attempts to parse a string into a standard Severity value.
func (Severity) Compare ¶
Compare determines the equality of two severities.
If the severities are equal, returns 0. If the receiever is less, returns -1. If the receiver is greater, returns 1.
type Vulnerability ¶
type Vulnerability struct { Model Name string Namespace Namespace Description string Link string Severity Severity Metadata MetadataMap FixedIn []FeatureVersion LayersIntroducingVulnerability []Layer // For output purposes. Only make sense when the vulnerability // is already about a specific Feature/FeatureVersion. FixedBy string `json:",omitempty"` }
type VulnerabilityNotification ¶ added in v1.0.0
type VulnerabilityNotification struct { Model Name string Created time.Time Notified time.Time Deleted time.Time OldVulnerability *Vulnerability NewVulnerability *Vulnerability }
type VulnerabilityNotificationPageNumber ¶ added in v1.0.0
Directories ¶
Path | Synopsis |
---|---|
Package pgsql implements database.Datastore with PostgreSQL.
|
Package pgsql implements database.Datastore with PostgreSQL. |
migrations
Package migrations regroups every migrations available to the pgsql database backend.
|
Package migrations regroups every migrations available to the pgsql database backend. |