database

package
v2.0.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 19, 2017 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package database defines the Clair's models and a common interface for database implementations.

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrBackendException is an error that occurs when the database backend does
	// not work properly (ie. unreachable).
	ErrBackendException = errors.New("database: an error occured when querying the backend")

	// ErrInconsistent is an error that occurs when a database consistency check
	// fails (i.e. when an entity which is supposed to be unique is detected
	// twice)
	ErrInconsistent = errors.New("database: inconsistent database")
)
View Source
var DebianReleasesMapping = map[string]string{

	"squeeze": "6",
	"wheezy":  "7",
	"jessie":  "8",
	"stretch": "9",
	"buster":  "10",
	"sid":     "unstable",

	"oldoldstable": "7",
	"oldstable":    "8",
	"stable":       "9",
	"testing":      "10",
	"unstable":     "unstable",
}

DebianReleasesMapping translates Debian code names and class names to version numbers

View Source
var ErrFailedToParseSeverity = errors.New("failed to parse Severity from input")

ErrFailedToParseSeverity is the error returned when a severity could not be parsed from a string.

View Source
var NoVulnerabilityNotificationPage = VulnerabilityNotificationPageNumber{-1, -1}

Severities lists all known severities, ordered from lowest to highest.

View Source
var UbuntuReleasesMapping = map[string]string{
	"precise": "12.04",
	"quantal": "12.10",
	"raring":  "13.04",
	"trusty":  "14.04",
	"utopic":  "14.10",
	"vivid":   "15.04",
	"wily":    "15.10",
	"xenial":  "16.04",
	"yakkety": "16.10",
	"zesty":   "17.04",
	"artful":  "17.10",
}

UbuntuReleasesMapping translates Ubuntu code names to version numbers

View Source
var VulnerabilityNotificationFirstPage = VulnerabilityNotificationPageNumber{0, 0}

Functions

func Register

func Register(name string, driver Driver)

Register makes a Constructor available by the provided name.

If this function is called twice with the same name or if the Constructor is nil, it panics.

Types

type Datastore added in v1.0.0

type Datastore interface {
	// ListNamespaces returns the entire list of known Namespaces.
	ListNamespaces() ([]Namespace, error)

	// InsertLayer stores a Layer in the database.
	//
	// A Layer is uniquely identified by its Name.
	// The Name and EngineVersion fields are mandatory.
	// If a Parent is specified, it is expected that it has been retrieved using
	// FindLayer.
	// If a Layer that already exists is inserted and the EngineVersion of the
	// given Layer is higher than the stored one, the stored Layer should be
	// updated.
	// The function has to be idempotent, inserting a layer that already exists
	// shouldn't return an error.
	InsertLayer(Layer) error

	// FindLayer retrieves a Layer from the database.
	//
	// When `withFeatures` is true, the Features field should be filled.
	// When `withVulnerabilities` is true, the Features field should be filled
	// and their AffectedBy fields should contain every vulnerabilities that
	// affect them.
	FindLayer(name string, withFeatures, withVulnerabilities bool) (Layer, error)

	// DeleteLayer deletes a Layer from the database and every layers that are
	// based on it, recursively.
	DeleteLayer(name string) error

	// ListVulnerabilities returns the list of vulnerabilities of a particular
	// Namespace.
	//
	// The Limit and page parameters are used to paginate the return list.
	// The first given page should be 0.
	// The function should return the next available page. If there are no more
	// pages, -1 has to be returned.
	ListVulnerabilities(namespaceName string, limit int, page int) ([]Vulnerability, int, error)

	// InsertVulnerabilities stores the given Vulnerabilities in the database,
	// updating them if necessary.
	//
	// A vulnerability is uniquely identified by its Namespace and its Name.
	// The FixedIn field may only contain a partial list of Features that are
	// affected by the Vulnerability, along with the version in which the
	// vulnerability is fixed. It is the responsibility of the implementation to
	// update the list properly.
	// A version equals to versionfmt.MinVersion means that the given Feature is
	// not being affected by the Vulnerability at all and thus, should be removed
	// from the list.
	// It is important that Features should be unique in the FixedIn list. For
	// example, it doesn't make sense to have two `openssl` Feature listed as a
	// Vulnerability can only be fixed in one Version. This is true because
	// Vulnerabilities and Features are namespaced (i.e. specific to one
	// operating system).
	// Each vulnerability insertion or update has to create a Notification that
	// will contain the old and the updated Vulnerability, unless
	// createNotification equals to true.
	InsertVulnerabilities(vulnerabilities []Vulnerability, createNotification bool) error

	// FindVulnerability retrieves a Vulnerability from the database, including
	// the FixedIn list.
	FindVulnerability(namespaceName, name string) (Vulnerability, error)

	// DeleteVulnerability removes a Vulnerability from the database.
	//
	// It has to create a Notification that will contain the old Vulnerability.
	DeleteVulnerability(namespaceName, name string) error

	// InsertVulnerabilityFixes adds new FixedIn Feature or update the Versions
	// of existing ones to the specified Vulnerability in the database.
	//
	// It has has to create a Notification that will contain the old and the
	// updated Vulnerability.
	InsertVulnerabilityFixes(vulnerabilityNamespace, vulnerabilityName string, fixes []FeatureVersion) error

	// DeleteVulnerabilityFix removes a FixedIn Feature from the specified
	// Vulnerability in the database. It can be used to store the fact that a
	// Vulnerability no longer affects the given Feature in any Version.
	//
	// It has has to create a Notification that will contain the old and the
	// updated Vulnerability.
	DeleteVulnerabilityFix(vulnerabilityNamespace, vulnerabilityName, featureName string) error

	// GetAvailableNotification returns the Name, Created, Notified and Deleted
	// fields of a Notification that should be handled.
	//
	// The renotify interval defines how much time after being marked as Notified
	// by SetNotificationNotified, a Notification that hasn't been deleted should
	// be returned again by this function.
	// A Notification for which there is a valid Lock with the same Name should
	// not be returned.
	GetAvailableNotification(renotifyInterval time.Duration) (VulnerabilityNotification, error)

	// GetNotification returns a Notification, including its OldVulnerability and
	// NewVulnerability fields.
	//
	// On these Vulnerabilities, LayersIntroducingVulnerability should be filled
	// with every Layer that introduces the Vulnerability (i.e. adds at least one
	// affected FeatureVersion).
	// The Limit and page parameters are used to paginate
	// LayersIntroducingVulnerability. The first given page should be
	// VulnerabilityNotificationFirstPage. The function will then return the next
	// available page. If there is no more page, NoVulnerabilityNotificationPage
	// has to be returned.
	GetNotification(name string, limit int, page VulnerabilityNotificationPageNumber) (VulnerabilityNotification, VulnerabilityNotificationPageNumber, error)

	// SetNotificationNotified marks a Notification as notified and thus, makes
	// it unavailable for GetAvailableNotification, until the renotify duration
	// is elapsed.
	SetNotificationNotified(name string) error

	// DeleteNotification marks a Notification as deleted, and thus, makes it
	// unavailable for GetAvailableNotification.
	DeleteNotification(name string) error

	// InsertKeyValue stores or updates a simple key/value pair in the database.
	InsertKeyValue(key, value string) error

	// GetKeyValue retrieves a value from the database from the given key.
	//
	// It returns an empty string if there is no such key.
	GetKeyValue(key string) (string, error)

	// Lock creates or renew a Lock in the database with the given name, owner
	// and duration.
	//
	// After the specified duration, the Lock expires by itself if it hasn't been
	// unlocked, and thus, let other users create a Lock with the same name.
	// However, the owner can renew its Lock by setting renew to true.
	// Lock should not block, it should instead returns whether the Lock has been
	// successfully acquired/renewed. If it's the case, the expiration time of
	// that Lock is returned as well.
	Lock(name string, owner string, duration time.Duration, renew bool) (bool, time.Time)

	// Unlock releases an existing Lock.
	Unlock(name, owner string)

	// FindLock returns the owner of a Lock specified by the name, and its
	// expiration time if it exists.
	FindLock(name string) (string, time.Time, error)

	// Ping returns the health status of the database.
	Ping() bool

	// Close closes the database and frees any allocated resource.
	Close()
}

Datastore represents the required operations on a persistent data store for a Clair deployment.

func Open

Open opens a Datastore specified by a configuration.

type Driver

Driver is a function that opens a Datastore specified by its database driver type and specific configuration.

type Feature added in v1.0.0

type Feature struct {
	Model

	Name      string
	Namespace Namespace
}

type FeatureVersion added in v1.0.0

type FeatureVersion struct {
	Model

	Feature    Feature
	Version    string
	AffectedBy []Vulnerability

	// For output purposes. Only make sense when the feature version is in the context of an image.
	AddedBy Layer
}

type Layer

type Layer struct {
	Model

	Name          string
	EngineVersion int
	Parent        *Layer
	Namespace     *Namespace
	Features      []FeatureVersion
}

type MetadataMap added in v1.0.0

type MetadataMap map[string]interface{}

func (*MetadataMap) Scan added in v1.0.0

func (mm *MetadataMap) Scan(value interface{}) error

func (*MetadataMap) Value added in v1.0.0

func (mm *MetadataMap) Value() (driver.Value, error)

type MockDatastore

type MockDatastore struct {
	FctListNamespaces           func() ([]Namespace, error)
	FctInsertLayer              func(Layer) error
	FctFindLayer                func(name string, withFeatures, withVulnerabilities bool) (Layer, error)
	FctDeleteLayer              func(name string) error
	FctListVulnerabilities      func(namespaceName string, limit int, page int) ([]Vulnerability, int, error)
	FctInsertVulnerabilities    func(vulnerabilities []Vulnerability, createNotification bool) error
	FctFindVulnerability        func(namespaceName, name string) (Vulnerability, error)
	FctDeleteVulnerability      func(namespaceName, name string) error
	FctInsertVulnerabilityFixes func(vulnerabilityNamespace, vulnerabilityName string, fixes []FeatureVersion) error
	FctDeleteVulnerabilityFix   func(vulnerabilityNamespace, vulnerabilityName, featureName string) error
	FctGetAvailableNotification func(renotifyInterval time.Duration) (VulnerabilityNotification, error)
	FctGetNotification          func(name string, limit int, page VulnerabilityNotificationPageNumber) (VulnerabilityNotification, VulnerabilityNotificationPageNumber, error)
	FctSetNotificationNotified  func(name string) error
	FctDeleteNotification       func(name string) error
	FctInsertKeyValue           func(key, value string) error
	FctGetKeyValue              func(key string) (string, error)
	FctLock                     func(name string, owner string, duration time.Duration, renew bool) (bool, time.Time)
	FctUnlock                   func(name, owner string)
	FctFindLock                 func(name string) (string, time.Time, error)
	FctPing                     func() bool
	FctClose                    func()
}

MockDatastore implements Datastore and enables overriding each available method. The default behavior of each method is to simply panic.

func (*MockDatastore) Close

func (mds *MockDatastore) Close()

func (*MockDatastore) DeleteLayer

func (mds *MockDatastore) DeleteLayer(name string) error

func (*MockDatastore) DeleteNotification

func (mds *MockDatastore) DeleteNotification(name string) error

func (*MockDatastore) DeleteVulnerability

func (mds *MockDatastore) DeleteVulnerability(namespaceName, name string) error

func (*MockDatastore) DeleteVulnerabilityFix

func (mds *MockDatastore) DeleteVulnerabilityFix(vulnerabilityNamespace, vulnerabilityName, featureName string) error

func (*MockDatastore) FindLayer

func (mds *MockDatastore) FindLayer(name string, withFeatures, withVulnerabilities bool) (Layer, error)

func (*MockDatastore) FindLock

func (mds *MockDatastore) FindLock(name string) (string, time.Time, error)

func (*MockDatastore) FindVulnerability

func (mds *MockDatastore) FindVulnerability(namespaceName, name string) (Vulnerability, error)

func (*MockDatastore) GetAvailableNotification

func (mds *MockDatastore) GetAvailableNotification(renotifyInterval time.Duration) (VulnerabilityNotification, error)

func (*MockDatastore) GetKeyValue

func (mds *MockDatastore) GetKeyValue(key string) (string, error)

func (*MockDatastore) InsertKeyValue

func (mds *MockDatastore) InsertKeyValue(key, value string) error

func (*MockDatastore) InsertLayer

func (mds *MockDatastore) InsertLayer(layer Layer) error

func (*MockDatastore) InsertVulnerabilities

func (mds *MockDatastore) InsertVulnerabilities(vulnerabilities []Vulnerability, createNotification bool) error

func (*MockDatastore) InsertVulnerabilityFixes

func (mds *MockDatastore) InsertVulnerabilityFixes(vulnerabilityNamespace, vulnerabilityName string, fixes []FeatureVersion) error

func (*MockDatastore) ListNamespaces

func (mds *MockDatastore) ListNamespaces() ([]Namespace, error)

func (*MockDatastore) ListVulnerabilities

func (mds *MockDatastore) ListVulnerabilities(namespaceName string, limit int, page int) ([]Vulnerability, int, error)

func (*MockDatastore) Lock

func (mds *MockDatastore) Lock(name string, owner string, duration time.Duration, renew bool) (bool, time.Time)

func (*MockDatastore) Ping

func (mds *MockDatastore) Ping() bool

func (*MockDatastore) SetNotificationNotified

func (mds *MockDatastore) SetNotificationNotified(name string) error

func (*MockDatastore) Unlock

func (mds *MockDatastore) Unlock(name, owner string)

type Model added in v1.0.0

type Model struct {
	ID int
}

ID is only meant to be used by database implementations and should never be used for anything else.

type Namespace added in v1.0.0

type Namespace struct {
	Model

	Name          string
	VersionFormat string
}

type RegistrableComponentConfig

type RegistrableComponentConfig struct {
	Type    string
	Options map[string]interface{}
}

RegistrableComponentConfig is a configuration block that can be used to determine which registrable component should be initialized and pass custom configuration to it.

type Severity

type Severity string

Severity defines a standard scale for measuring the severity of a vulnerability.

const (
	// UnknownSeverity is either a security problem that has not been assigned to
	// a priority yet or a priority that our system did not recognize.
	UnknownSeverity Severity = "Unknown"

	// NegligibleSeverity is technically a security problem, but is only
	// theoretical in nature, requires a very special situation, has almost no
	// install base, or does no real damage. These tend not to get backport from
	// upstreams, and will likely not be included in security updates unless
	// there is an easy fix and some other issue causes an update.
	NegligibleSeverity Severity = "Negligible"

	// LowSeverity is a security problem, but is hard to exploit due to
	// environment, requires a user-assisted attack, a small install base, or
	// does very little damage.  These tend to be included in security updates
	// only when higher priority issues require an update, or if many low
	// priority issues have built up.
	LowSeverity Severity = "Low"

	// MediumSeverity is a real security problem, and is exploitable for many
	// people.  Includes network daemon denial of service attacks, cross-site
	// scripting, and gaining user privileges.  Updates should be made soon for
	// this priority of issue.
	MediumSeverity Severity = "Medium"

	// HighSeverity is a real problem, exploitable for many people in a default
	// installation. Includes serious remote denial of services, local root
	// privilege escalations, or data loss.
	HighSeverity Severity = "High"

	// CriticalSeverity is a world-burning problem, exploitable for nearly all
	// people in a default installation of Linux. Includes remote root privilege
	// escalations, or massive data loss.
	CriticalSeverity Severity = "Critical"

	// Defcon1Severity is a Critical problem which has been manually highlighted
	// by the team. It requires an immediate attention.
	Defcon1Severity Severity = "Defcon1"
)

func NewSeverity

func NewSeverity(s string) (Severity, error)

NewSeverity attempts to parse a string into a standard Severity value.

func (Severity) Compare

func (s Severity) Compare(s2 Severity) int

Compare determines the equality of two severities.

If the severities are equal, returns 0. If the receiever is less, returns -1. If the receiver is greater, returns 1.

func (*Severity) Scan

func (s *Severity) Scan(value interface{}) error

Scan implements the database/sql.Scanner interface.

func (Severity) Value

func (s Severity) Value() (driver.Value, error)

Value implements the database/sql/driver.Valuer interface.

type Vulnerability

type Vulnerability struct {
	Model

	Name      string
	Namespace Namespace

	Description string
	Link        string
	Severity    Severity

	Metadata MetadataMap

	FixedIn                        []FeatureVersion
	LayersIntroducingVulnerability []Layer

	// For output purposes. Only make sense when the vulnerability
	// is already about a specific Feature/FeatureVersion.
	FixedBy string `json:",omitempty"`
}

type VulnerabilityNotification added in v1.0.0

type VulnerabilityNotification struct {
	Model

	Name string

	Created  time.Time
	Notified time.Time
	Deleted  time.Time

	OldVulnerability *Vulnerability
	NewVulnerability *Vulnerability
}

type VulnerabilityNotificationPageNumber added in v1.0.0

type VulnerabilityNotificationPageNumber struct {
	// -1 means that we reached the end already.
	OldVulnerability int
	NewVulnerability int
}

Directories

Path Synopsis
Package pgsql implements database.Datastore with PostgreSQL.
Package pgsql implements database.Datastore with PostgreSQL.
migrations
Package migrations regroups every migrations available to the pgsql database backend.
Package migrations regroups every migrations available to the pgsql database backend.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL