security

package
v0.16.13 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 16, 2026 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source 
const SecurityContainerName = "containarium-core-security"

SecurityContainerName is the name of the core ClamAV security container. Defined here to avoid an import cycle with internal/server.

Variables

This section is empty.

Functions

func ParseClamScanOutput 

func ParseClamScanOutput(output string) (status string, findingsCount int, findings string)

ParseClamScanOutput parses clamscan output and returns status, findings count, and findings text

Types

type ListParams 

type ListParams struct {
	ContainerName string
	Status        string
	From          string // ISO date
	To            string // ISO date
	Limit         int
	Offset        int
}

ListParams holds parameters for listing reports

type Report 

type Report struct {
	ContainerName string
	Username      string
	Status        string // "clean" or "infected"
	FindingsCount int
	Findings      string
	ScannedAt     time.Time
	ScanDuration  string
}

Report represents a ClamAV scan result

type ScanJob 

type ScanJob struct {
	ID            int64
	ContainerName string
	Username      string
	Status        string // pending | running | completed | failed
	RetryCount    int
	MaxRetries    int
	ErrorMessage  string
	CreatedAt     time.Time
	StartedAt     *time.Time
	CompletedAt   *time.Time
}

ScanJob represents a queued ClamAV scan job

type Scanner 

type Scanner struct {
	// contains filtered or unexported fields
}

Scanner performs periodic ClamAV scans of container filesystems

func NewScanner 

func NewScanner(incusClient *incus.Client, store *Store) *Scanner

NewScanner creates a new scanner

func (*Scanner) EnqueueAll 

func (s *Scanner) EnqueueAll(ctx context.Context) (int, error)

EnqueueAll enqueues a scan job for each running user container. Returns the number of jobs enqueued.

func (*Scanner) EnqueueNewContainer added in v0.15.0 

func (s *Scanner) EnqueueNewContainer(containerName string)

EnqueueNewContainer enqueues a scan for a newly created container after a short delay to allow the container to fully boot and install packages.

func (*Scanner) EnqueueOne 

func (s *Scanner) EnqueueOne(ctx context.Context, containerName, username string) (int64, error)

EnqueueOne enqueues a scan job for a single container. Returns the job ID.

func (*Scanner) ScanContainer 

func (s *Scanner) ScanContainer(ctx context.Context, containerName, username string) error

ScanContainer scans a single container's filesystem via disk device mount. Each container gets a unique mount path so multiple scans can run concurrently.

func (*Scanner) Start 

func (s *Scanner) Start(ctx context.Context)

Start begins the background scanning loop and worker pool

func (*Scanner) Stop 

func (s *Scanner) Stop()

Stop stops the background scanning loop

type Store 

type Store struct {
	// contains filtered or unexported fields
}

Store handles persistent storage of ClamAV scan reports

func NewStore 

func NewStore(ctx context.Context, pool *pgxpool.Pool) (*Store, error)

NewStore creates a new security store connected to PostgreSQL

func (*Store) ClaimNextJob 

func (s *Store) ClaimNextJob(ctx context.Context) (*ScanJob, error)

ClaimNextJob atomically claims the oldest pending job for processing. Returns nil if no jobs are available.

func (*Store) Cleanup 

func (s *Store) Cleanup(ctx context.Context, retentionDays int) error

Cleanup removes old reports beyond the retention period

func (*Store) CleanupOldJobs 

func (s *Store) CleanupOldJobs(ctx context.Context, retentionDays int) error

CleanupOldJobs deletes completed/failed jobs older than retentionDays

func (*Store) CompleteJob 

func (s *Store) CompleteJob(ctx context.Context, jobID int64) error

CompleteJob marks a job as completed

func (*Store) EnqueueScanJob 

func (s *Store) EnqueueScanJob(ctx context.Context, containerName, username string) (int64, error)

EnqueueScanJob inserts a new pending scan job and returns its ID. If the container already has a pending or running job, it skips the insert and returns the existing job's ID to avoid queue bloat from repeated scan-all triggers.

func (*Store) FailJob 

func (s *Store) FailJob(ctx context.Context, jobID int64, errMsg string) error

FailJob increments retry_count. If retries remain, re-queues as pending; otherwise marks as failed.

func (*Store) GetContainerSummaries 

func (s *Store) GetContainerSummaries(ctx context.Context) ([]*pb.ClamavContainerSummary, error)

GetContainerSummaries returns the latest scan status per container

func (*Store) ListReports 

func (s *Store) ListReports(ctx context.Context, params ListParams) ([]*pb.ClamavReport, int32, error)

ListReports retrieves scan reports with optional filtering

func (*Store) ListReportsForExport 

func (s *Store) ListReportsForExport(ctx context.Context, from, to, containerName, status string) ([]*pb.ClamavReport, error)

ListReportsForExport returns all matching rows (no pagination) for CSV export

func (*Store) ListScanJobs 

func (s *Store) ListScanJobs(ctx context.Context, status string, limit int) ([]ScanJob, error)

ListScanJobs returns recent scan jobs, optionally filtered by status. Returns up to limit jobs ordered by created_at DESC.

func (*Store) SaveReport 

func (s *Store) SaveReport(ctx context.Context, report *Report) error

SaveReport saves a scan report to the database

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.