Documentation ¶
Overview ¶
Package postgres implements the indexer store interface for a PostgreSQL database.
SQL statements should be arranged in this package such that they're constants in the closest scope possible to where they're used. They should be run through sqlfmt and then checked for correctness, as sqlfmt doesn't fully understand the PostgreSQL dialect. Queries should endeavor to do work database-side, as opposed to making queries to construct further queries.
Index ¶
- Constants
- Variables
- func Connect(ctx context.Context, connString string, applicationName string) (*pgxpool.Pool, error)
- func InitPostgresIndexerStore(_ context.Context, pool *pgxpool.Pool, doMigration bool) (indexer.Store, error)
- func InitPostgresMatcherStore(_ context.Context, pool *pgxpool.Pool, doMigration bool) (datastore.MatcherStore, error)
- type IndexerStore
- func (s *IndexerStore) AffectedManifests(ctx context.Context, v claircore.Vulnerability, ...) ([]claircore.Digest, error)
- func (s *IndexerStore) Close(_ context.Context) error
- func (s *IndexerStore) DeleteManifests(ctx context.Context, d ...claircore.Digest) ([]claircore.Digest, error)
- func (s *IndexerStore) DistributionsByLayer(ctx context.Context, hash claircore.Digest, scnrs indexer.VersionedScanners) ([]*claircore.Distribution, error)
- func (s *IndexerStore) FilesByLayer(ctx context.Context, hash claircore.Digest, scnrs indexer.VersionedScanners) ([]claircore.File, error)
- func (s *IndexerStore) IndexDistributions(ctx context.Context, dists []*claircore.Distribution, layer *claircore.Layer, ...) error
- func (s *IndexerStore) IndexFiles(ctx context.Context, files []claircore.File, layer *claircore.Layer, ...) error
- func (s *IndexerStore) IndexManifest(ctx context.Context, ir *claircore.IndexReport) error
- func (s *IndexerStore) IndexPackages(ctx context.Context, pkgs []*claircore.Package, layer *claircore.Layer, ...) error
- func (s *IndexerStore) IndexReport(ctx context.Context, hash claircore.Digest) (*claircore.IndexReport, bool, error)
- func (s *IndexerStore) IndexRepositories(ctx context.Context, repos []*claircore.Repository, l *claircore.Layer, ...) error
- func (s *IndexerStore) LayerScanned(ctx context.Context, hash claircore.Digest, scnr indexer.VersionedScanner) (bool, error)
- func (s *IndexerStore) ManifestScanned(ctx context.Context, hash claircore.Digest, vs indexer.VersionedScanners) (bool, error)
- func (s *IndexerStore) PackagesByLayer(ctx context.Context, hash claircore.Digest, scnrs indexer.VersionedScanners) ([]*claircore.Package, error)
- func (s *IndexerStore) PersistManifest(ctx context.Context, manifest claircore.Manifest) error
- func (s *IndexerStore) RegisterScanners(ctx context.Context, vs indexer.VersionedScanners) error
- func (s *IndexerStore) RepositoriesByLayer(ctx context.Context, hash claircore.Digest, scnrs indexer.VersionedScanners) ([]*claircore.Repository, error)
- func (s *IndexerStore) SetIndexFinished(ctx context.Context, ir *claircore.IndexReport, ...) error
- func (s *IndexerStore) SetIndexReport(ctx context.Context, ir *claircore.IndexReport) error
- func (s *IndexerStore) SetLayerScanned(ctx context.Context, hash claircore.Digest, vs indexer.VersionedScanner) error
- type MatcherStore
- func (s *MatcherStore) DeleteUpdateOperations(ctx context.Context, id ...uuid.UUID) (int64, error)
- func (s *MatcherStore) GC(ctx context.Context, keep int) (int64, error)
- func (s *MatcherStore) Get(ctx context.Context, records []*claircore.IndexRecord, opts datastore.GetOpts) (map[string][]*claircore.Vulnerability, error)
- func (s *MatcherStore) GetEnrichment(ctx context.Context, name string, tags []string) (res []driver.EnrichmentRecord, err error)
- func (s *MatcherStore) GetLatestUpdateRef(ctx context.Context, kind driver.UpdateKind) (uuid.UUID, error)
- func (s *MatcherStore) GetLatestUpdateRefs(ctx context.Context, kind driver.UpdateKind) (map[string][]driver.UpdateOperation, error)
- func (s *MatcherStore) GetUpdateDiff(ctx context.Context, prev, cur uuid.UUID) (*driver.UpdateDiff, error)
- func (s *MatcherStore) GetUpdateOperations(ctx context.Context, kind driver.UpdateKind, updater ...string) (map[string][]driver.UpdateOperation, error)
- func (s *MatcherStore) Initialized(ctx context.Context) (bool, error)
- func (s *MatcherStore) RecordUpdaterSetStatus(ctx context.Context, updaterSet string, updateTime time.Time) error
- func (s *MatcherStore) RecordUpdaterStatus(ctx context.Context, updaterName string, updateTime time.Time, ...) error
- func (s *MatcherStore) UpdateEnrichments(ctx context.Context, name string, fp driver.Fingerprint, ...) (uuid.UUID, error)
- func (s *MatcherStore) UpdateVulnerabilities(ctx context.Context, updater string, fingerprint driver.Fingerprint, ...) (uuid.UUID, error)
Constants ¶
const ( // GCThrottle sets a limit for the number of deleted update operations // (and subsequent cascade deletes in the uo_vuln table) that can occur in a GC run. GCThrottle = 50 )
Variables ¶
var ( // ErrNotIndexed indicates the vulnerability being queried has a dist or repo not // indexed into the database. ErrNotIndexed = fmt.Errorf("vulnerability containers data not indexed by any scannners") )
Functions ¶
func InitPostgresIndexerStore ¶
func InitPostgresIndexerStore(_ context.Context, pool *pgxpool.Pool, doMigration bool) (indexer.Store, error)
InitPostgresIndexerStore initialize a indexer.Store given the pgxpool.Pool
func InitPostgresMatcherStore ¶
func InitPostgresMatcherStore(_ context.Context, pool *pgxpool.Pool, doMigration bool) (datastore.MatcherStore, error)
InitPostgresMatcherStore initialize a indexer.Store given libindex.Opts
Types ¶
type IndexerStore ¶
type IndexerStore struct {
// contains filtered or unexported fields
}
IndexerStore implements the claircore.Store interface.
All the other exported methods live in their own files.
func NewIndexerStore ¶
func NewIndexerStore(pool *pgxpool.Pool) *IndexerStore
func (*IndexerStore) AffectedManifests ¶
func (s *IndexerStore) AffectedManifests(ctx context.Context, v claircore.Vulnerability, vulnFunc claircore.CheckVulnernableFunc) ([]claircore.Digest, error)
AffectedManifests finds the manifests digests which are affected by the provided vulnerability.
An exhaustive search for all indexed packages of the same name as the vulnerability is performed.
The list of packages is filtered down to only the affected set.
The manifest index is then queried to resolve a list of manifest hashes containing the affected artifacts.
func (*IndexerStore) DeleteManifests ¶
func (*IndexerStore) DistributionsByLayer ¶
func (s *IndexerStore) DistributionsByLayer(ctx context.Context, hash claircore.Digest, scnrs indexer.VersionedScanners) ([]*claircore.Distribution, error)
func (*IndexerStore) FilesByLayer ¶
func (s *IndexerStore) FilesByLayer(ctx context.Context, hash claircore.Digest, scnrs indexer.VersionedScanners) ([]claircore.File, error)
func (*IndexerStore) IndexDistributions ¶
func (s *IndexerStore) IndexDistributions(ctx context.Context, dists []*claircore.Distribution, layer *claircore.Layer, scnr indexer.VersionedScanner) error
func (*IndexerStore) IndexFiles ¶
func (s *IndexerStore) IndexFiles(ctx context.Context, files []claircore.File, layer *claircore.Layer, scnr indexer.VersionedScanner) error
func (*IndexerStore) IndexManifest ¶
func (s *IndexerStore) IndexManifest(ctx context.Context, ir *claircore.IndexReport) error
func (*IndexerStore) IndexPackages ¶
func (s *IndexerStore) IndexPackages(ctx context.Context, pkgs []*claircore.Package, layer *claircore.Layer, scnr indexer.VersionedScanner) error
IndexPackages indexes all provided packages along with creating a scan artifact.
If a source package is nested inside a binary package we index the source package first and then create a relation between the binary package and source package.
Scan artifacts are used to determine if a particular layer has been scanned by a particular scanner. See the LayerScanned method for more details.
func (*IndexerStore) IndexReport ¶
func (s *IndexerStore) IndexReport(ctx context.Context, hash claircore.Digest) (*claircore.IndexReport, bool, error)
func (*IndexerStore) IndexRepositories ¶
func (s *IndexerStore) IndexRepositories(ctx context.Context, repos []*claircore.Repository, l *claircore.Layer, scnr indexer.VersionedScanner) error
func (*IndexerStore) LayerScanned ¶
func (s *IndexerStore) LayerScanned(ctx context.Context, hash claircore.Digest, scnr indexer.VersionedScanner) (bool, error)
func (*IndexerStore) ManifestScanned ¶
func (s *IndexerStore) ManifestScanned(ctx context.Context, hash claircore.Digest, vs indexer.VersionedScanners) (bool, error)
ManifestScanned determines if a manifest has been scanned by ALL the provided scanners.
func (*IndexerStore) PackagesByLayer ¶
func (s *IndexerStore) PackagesByLayer(ctx context.Context, hash claircore.Digest, scnrs indexer.VersionedScanners) ([]*claircore.Package, error)
func (*IndexerStore) PersistManifest ¶
func (*IndexerStore) RegisterScanners ¶
func (s *IndexerStore) RegisterScanners(ctx context.Context, vs indexer.VersionedScanners) error
func (*IndexerStore) RepositoriesByLayer ¶
func (s *IndexerStore) RepositoriesByLayer(ctx context.Context, hash claircore.Digest, scnrs indexer.VersionedScanners) ([]*claircore.Repository, error)
func (*IndexerStore) SetIndexFinished ¶
func (s *IndexerStore) SetIndexFinished(ctx context.Context, ir *claircore.IndexReport, scnrs indexer.VersionedScanners) error
func (*IndexerStore) SetIndexReport ¶
func (s *IndexerStore) SetIndexReport(ctx context.Context, ir *claircore.IndexReport) error
func (*IndexerStore) SetLayerScanned ¶
func (s *IndexerStore) SetLayerScanned(ctx context.Context, hash claircore.Digest, vs indexer.VersionedScanner) error
type MatcherStore ¶
type MatcherStore struct {
// contains filtered or unexported fields
}
MatcherStore implements all interfaces in the vulnstore package
func NewMatcherStore ¶
func NewMatcherStore(pool *pgxpool.Pool) *MatcherStore
func (*MatcherStore) DeleteUpdateOperations ¶
DeleteUpdateOperations implements vulnstore.Updater.
func (*MatcherStore) GC ¶
GC is split into two phases, first it will identify any update operations which are older then the provided keep value and delete these.
Next it will perform updater based deletions of any vulns from the vuln table which are not longer referenced by update operations.
The GC is throttled to not overload the database with cascade deletes. If a full GC is required run this method until the returned int64 value is 0.
func (*MatcherStore) Get ¶
func (s *MatcherStore) Get(ctx context.Context, records []*claircore.IndexRecord, opts datastore.GetOpts) (map[string][]*claircore.Vulnerability, error)
Get implements vulnstore.Vulnerability.
func (*MatcherStore) GetEnrichment ¶
func (s *MatcherStore) GetEnrichment(ctx context.Context, name string, tags []string) (res []driver.EnrichmentRecord, err error)
func (*MatcherStore) GetLatestUpdateRef ¶
func (s *MatcherStore) GetLatestUpdateRef(ctx context.Context, kind driver.UpdateKind) (uuid.UUID, error)
GetLatestUpdateRef implements driver.Updater.
func (*MatcherStore) GetLatestUpdateRefs ¶
func (s *MatcherStore) GetLatestUpdateRefs(ctx context.Context, kind driver.UpdateKind) (map[string][]driver.UpdateOperation, error)
func (*MatcherStore) GetUpdateDiff ¶
func (s *MatcherStore) GetUpdateDiff(ctx context.Context, prev, cur uuid.UUID) (*driver.UpdateDiff, error)
func (*MatcherStore) GetUpdateOperations ¶
func (s *MatcherStore) GetUpdateOperations(ctx context.Context, kind driver.UpdateKind, updater ...string) (map[string][]driver.UpdateOperation, error)
func (*MatcherStore) Initialized ¶
func (s *MatcherStore) Initialized(ctx context.Context) (bool, error)
func (*MatcherStore) RecordUpdaterSetStatus ¶
func (s *MatcherStore) RecordUpdaterSetStatus(ctx context.Context, updaterSet string, updateTime time.Time) error
RecordUpdaterSetStatus records that all updaters from a updater set are up to date with vulnerabilities at this time
func (*MatcherStore) RecordUpdaterStatus ¶
func (s *MatcherStore) RecordUpdaterStatus(ctx context.Context, updaterName string, updateTime time.Time, fingerprint driver.Fingerprint, updaterError error) error
RecordUpdaterStatus records that an updater is up to date with vulnerabilities at this time
func (*MatcherStore) UpdateEnrichments ¶
func (s *MatcherStore) UpdateEnrichments(ctx context.Context, name string, fp driver.Fingerprint, es []driver.EnrichmentRecord) (uuid.UUID, error)
UpdateEnrichments creates a new UpdateOperation, inserts the provided EnrichmentRecord(s), and ensures enrichments from previous updates are not queried by clients.
func (*MatcherStore) UpdateVulnerabilities ¶
func (s *MatcherStore) UpdateVulnerabilities(ctx context.Context, updater string, fingerprint driver.Fingerprint, vulns []*claircore.Vulnerability) (uuid.UUID, error)
UpdateVulnerabilities implements vulnstore.Updater.
It creates a new UpdateOperation for this update call, inserts the provided vulnerabilities and computes a diff comprising the removed and added vulnerabilities for this UpdateOperation.
Source Files ¶
- affectedmanifest.go
- connect.go
- deletemanifests.go
- digest.go
- distributionsbylayer.go
- doc.go
- enrichment.go
- filesbylayer.go
- gc.go
- generate.go
- get.go
- getupdateoperationdiff.go
- getupdateoperations.go
- indexdistributions.go
- indexer_store.go
- indexfiles.go
- indexmanifest.go
- indexpackage.go
- indexreport.go
- indexrepository.go
- initialized.go
- layerscanned.go
- manifestscanned.go
- matcher_store.go
- packagesbylayer.go
- persistmanifest.go
- querybuilder.go
- recordupdatetime.go
- registerscanners.go
- repositoriesbylayer.go
- scan_vulnerability.go
- setindexfinished.go
- setindexreport.go
- setlayerscanned.go
- updatevulnerabilities.go
- valuescan.go