clair: Index | Files | Directories

package database

import ""

Package database defines the Clair's models and a common interface for database implementations.


Package Files

ancestry.go database.go dbutil.go detector.go error.go feature.go feature_type.go layer.go metadata.go mock.go namespace.go namespace_mapping.go notification.go severity.go testutil.go vulnerability.go


var (
    // ErrBackendException is an error that occurs when the database backend
    // does not work properly (ie. unreachable).
    ErrBackendException = NewStorageError("an error occurred when querying the backend")

    // ErrInconsistent is an error that occurs when a database consistency check
    // fails (i.e. when an entity which is supposed to be unique is detected
    // twice)
    ErrInconsistent = NewStorageError("inconsistent database")

    // ErrInvalidParameters is an error that occurs when the parameters are not valid.
    ErrInvalidParameters = NewStorageError("parameters are not valid")

    // ErrMissingEntities is an error that occurs when an associated immutable
    // entity doesn't exist in the database. This error can indicate a wrong
    // implementation or corrupted database.
    ErrMissingEntities = NewStorageError("associated immutable entities are missing in the database")
var (
    DetectorTypes = []DetectorType{
    // ErrFailedToParseDetectorType is the error returned when a detector type could
    // not be parsed from a string.
    ErrFailedToParseDetectorType = errors.New("failed to parse DetectorType from input")
    // ErrInvalidDetector is the error returned when a detector from database has
    // invalid name or version or type.
    ErrInvalidDetector = errors.New("the detector has invalid metadata")

DetectorTypes contains all detector types.

var DebianReleasesMapping = map[string]string{

    "squeeze":  "6",
    "wheezy":   "7",
    "jessie":   "8",
    "stretch":  "9",
    "buster":   "10",
    "bullseye": "11",
    "sid":      "unstable",

    "oldoldstable": "8",
    "oldstable":    "9",
    "stable":       "10",
    "testing":      "11",
    "unstable":     "unstable",

DebianReleasesMapping translates Debian code names and class names to version numbers

var ErrFailedToParseSeverity = errors.New("failed to parse Severity from input")

ErrFailedToParseSeverity is the error returned when a severity could not be parsed from a string.

var Severities = []Severity{

Severities lists all known severities, ordered from lowest to highest.

var UbuntuReleasesMapping = map[string]string{
    "precise": "12.04",
    "quantal": "12.10",
    "raring":  "13.04",
    "trusty":  "14.04",
    "utopic":  "14.10",
    "vivid":   "15.04",
    "wily":    "15.10",
    "xenial":  "16.04",
    "yakkety": "16.10",
    "zesty":   "17.04",
    "artful":  "17.10",
    "bionic":  "18.04",
    "cosmic":  "18.10",
    "disco":   "19.04",
    "eoan":    "19.10",
    "focal":   "20.04",

UbuntuReleasesMapping translates Ubuntu code names to version numbers

func AcquireLock Uses

func AcquireLock(datastore Datastore, name, owner string, duration time.Duration) (acquired bool, expiration time.Time)

AcquireLock acquires a named global lock for a duration.

func AssertAncestryEqual Uses

func AssertAncestryEqual(t *testing.T, expected, actual *Ancestry) bool

AssertAncestryEqual asserts actual ancestry equals to expected ancestry content wise.

func AssertAncestryLayerEqual Uses

func AssertAncestryLayerEqual(t *testing.T, expected, actual *AncestryLayer) bool

AssertAncestryLayerEqual asserts actual ancestry layer equals to expected ancestry layer content wise.

func AssertDetectorsEqual Uses

func AssertDetectorsEqual(t *testing.T, expected, actual []Detector) bool

AssertDetectorsEqual asserts actual detectors are content wise equal to expected detectors regardless of the ordering.

func AssertElementsEqual Uses

func AssertElementsEqual(t *testing.T, expected, actual []interface{}) bool

AssertElementsEqual asserts that content in actual equals to content in expected array regardless of ordering.

Note: This function uses interface wise comparison.

func AssertFeaturesEqual Uses

func AssertFeaturesEqual(t *testing.T, expected, actual []Feature) bool

AssertFeaturesEqual asserts content in actual equals content in expected regardless of ordering.

func AssertIntStringMapEqual Uses

func AssertIntStringMapEqual(t *testing.T, expected, actual map[int]string) bool

AssertIntStringMapEqual asserts two maps with integer as key and string as value are equal.

func AssertLayerEqual Uses

func AssertLayerEqual(t *testing.T, expected, actual *Layer) bool

AssertLayerEqual asserts actual layer equals to expected layer content wise.

func AssertLayerFeaturesEqual Uses

func AssertLayerFeaturesEqual(t *testing.T, expected, actual []LayerFeature) bool

AssertLayerFeaturesEqual asserts content in actual equals to content in expected regardless of ordering.

func AssertLayerNamespacesEqual Uses

func AssertLayerNamespacesEqual(t *testing.T, expected, actual []LayerNamespace) bool

AssertLayerNamespacesEqual asserts content in actual equals to content in expected regardless of ordering.

func AssertMetadataMapEqual Uses

func AssertMetadataMapEqual(t *testing.T, expected, actual MetadataMap) bool

AssertMetadataMapEqual asserts two metadata maps are equal.

func AssertNamespacesEqual Uses

func AssertNamespacesEqual(t *testing.T, expected, actual []Namespace) bool

AssertNamespacesEqual asserts content in actual equals to content in expected regardless of ordering.

func AssertVulnerabilityEqual Uses

func AssertVulnerabilityEqual(t *testing.T, expected, actual *Vulnerability) bool

AssertVulnerabilityEqual asserts two vulnerabilities are equal.

func CacheRelatedVulnerabilityAndCommit Uses

func CacheRelatedVulnerabilityAndCommit(datastore Datastore, features []NamespacedFeature) error

CacheRelatedVulnerabilityAndCommit wraps session CacheAffectedNamespacedFeatures function with begin and commit.

func ExtendLock Uses

func ExtendLock(ds Datastore, name, whoami string, desiredLockDuration time.Duration) (bool, time.Time)

ExtendLock extends the duration of an existing global lock for the given duration.

func FindKeyValueAndRollback Uses

func FindKeyValueAndRollback(datastore Datastore, key string) (value string, ok bool, err error)

FindKeyValueAndRollback wraps session FindKeyValue function with begin and roll back.

func InsertVulnerabilityNotificationsAndCommit Uses

func InsertVulnerabilityNotificationsAndCommit(store Datastore, notifications []VulnerabilityNotification) error

InsertVulnerabilityNotificationsAndCommit inserts the notifications into db and commit.

func MarkNotificationAsReadAndCommit Uses

func MarkNotificationAsReadAndCommit(store Datastore, name string) (bool, error)

MarkNotificationAsReadAndCommit marks a notification as read.

func PersistDetectorsAndCommit Uses

func PersistDetectorsAndCommit(store Datastore, detectors []Detector) error

PersistDetectorsAndCommit stores the detectors in the data store.

func PersistFeaturesAndCommit Uses

func PersistFeaturesAndCommit(datastore Datastore, features []Feature) error

PersistFeaturesAndCommit wraps session PersistFeaturesAndCommit function with begin and commit.

func PersistNamespacedFeaturesAndCommit Uses

func PersistNamespacedFeaturesAndCommit(datastore Datastore, features []NamespacedFeature) error

PersistNamespacedFeaturesAndCommit wraps session PersistNamespacedFeatures function with begin and commit.

func PersistNamespacesAndCommit Uses

func PersistNamespacesAndCommit(datastore Datastore, namespaces []Namespace) error

PersistNamespacesAndCommit wraps session PersistNamespaces function with begin and commit.

func PersistPartialLayerAndCommit Uses

func PersistPartialLayerAndCommit(datastore Datastore, layer *Layer) error

PersistPartialLayerAndCommit wraps session PersistLayer function with begin and commit.

func Register Uses

func Register(name string, driver Driver)

Register makes a Constructor available by the provided name.

If this function is called twice with the same name or if the Constructor is nil, it panics.

func ReleaseLock Uses

func ReleaseLock(datastore Datastore, name, owner string)

ReleaseLock releases a named global lock.

func SerializeDetectors Uses

func SerializeDetectors(detectors []Detector) []string

SerializeDetectors returns the string representation of given detectors.

func UpdateKeyValueAndCommit Uses

func UpdateKeyValueAndCommit(store Datastore, key, value string) error

UpdateKeyValueAndCommit stores the key value to storage.

func UpdateVulnerabilitiesAndCommit Uses

func UpdateVulnerabilitiesAndCommit(store Datastore, toRemove []VulnerabilityID, toAdd []VulnerabilityWithAffected) error

func UpsertAncestryAndCommit Uses

func UpsertAncestryAndCommit(datastore Datastore, ancestry *Ancestry) error

UpsertAncestryAndCommit wraps session UpsertAncestry function with begin and commit.

type AffectedFeature Uses

type AffectedFeature struct {
    // FeatureType determines which type of package it affects.
    FeatureType FeatureType
    Namespace   Namespace
    FeatureName string
    // FixedInVersion is known next feature version that's not affected by the
    // vulnerability. Empty FixedInVersion means the unaffected version is
    // unknown.
    FixedInVersion string
    // AffectedVersion contains the version range to determine whether or not a
    // feature is affected.
    AffectedVersion string

AffectedFeature is used to determine whether a namespaced feature is affected by a Vulnerability. Namespace and Feature Name is unique. Affected Feature is bound to vulnerability.

type AffectedNamespacedFeature Uses

type AffectedNamespacedFeature struct {

    AffectedBy []VulnerabilityWithFixedIn

AffectedNamespacedFeature is a namespaced feature affected by the vulnerabilities with fixed-in versions for this feature.

type Ancestry Uses

type Ancestry struct {
    // Name is a globally unique value for a set of layers. This is often the
    // sha256 digest of an OCI/Docker manifest.
    Name string `json:"name"`
    // By contains the processors that are used when computing the
    // content of this ancestry.
    By  []Detector `json:"by"`
    // Layers should be ordered and i_th layer is the parent of i+1_th layer in
    // the slice.
    Layers []AncestryLayer `json:"layers"`

Ancestry is a manifest that keeps all layers in an image in order.

func FindAncestryAndRollback Uses

func FindAncestryAndRollback(datastore Datastore, name string) (Ancestry, bool, error)

FindAncestryAndRollback wraps session FindAncestry function with begin and rollback.

func (*Ancestry) Valid Uses

func (a *Ancestry) Valid() bool

Valid checks if the ancestry is compliant to spec.

type AncestryFeature Uses

type AncestryFeature struct {
    NamespacedFeature `json:"namespacedFeature"`

    // FeatureBy is the detector that detected the feature.
    FeatureBy Detector `json:"featureBy"`
    // NamespaceBy is the detector that detected the namespace.
    NamespaceBy Detector `json:"namespaceBy"`

AncestryFeature is a namespaced feature with the detectors used to find this feature.

type AncestryLayer Uses

type AncestryLayer struct {
    // Hash is the sha-256 tarsum on the layer's blob content.
    Hash string `json:"hash"`
    // Features are the features introduced by this layer when it was
    // processed.
    Features []AncestryFeature `json:"features"`

AncestryLayer is a layer with all detected namespaced features.

func (*AncestryLayer) GetFeatures Uses

func (l *AncestryLayer) GetFeatures() []NamespacedFeature

GetFeatures returns the Ancestry's features.

func (*AncestryLayer) Valid Uses

func (l *AncestryLayer) Valid() bool

Valid checks if the Ancestry Layer is compliant to the spec.

type Datastore Uses

type Datastore interface {
    // Begin starts a session to change.
    Begin() (Session, error)

    // Ping returns the health status of the database.
    Ping() bool

    // Close closes the database and frees any allocated resource.

Datastore represents a persistent data store

func Open Uses

func Open(cfg RegistrableComponentConfig) (Datastore, error)

Open opens a Datastore specified by a configuration.

type Detector Uses

type Detector struct {
    // Name of an extension should be non-empty and uniquely identifies the
    // extension.
    Name string `json:"name"`
    // Version of an extension should be non-empty.
    Version string `json:"version"`
    // DType is the type of the extension and should be one of the types in
    // DetectorTypes.
    DType DetectorType `json:"dtype"`

Detector is an versioned Clair extension.

func DiffDetectors Uses

func DiffDetectors(d1 []Detector, d2 []Detector) []Detector

DiffDetectors returns the detectors belongs to d1 but not d2

func IntersectDetectors Uses

func IntersectDetectors(d1 []Detector, d2 []Detector) []Detector

IntersectDetectors returns the detectors in both d1 and d2.

func NewFeatureDetector Uses

func NewFeatureDetector(name, version string) Detector

NewFeatureDetector returns a new feature detector.

func NewNamespaceDetector Uses

func NewNamespaceDetector(name, version string) Detector

NewNamespaceDetector returns a new namespace detector.

func (Detector) String Uses

func (d Detector) String() string

String returns a unique string representation of the detector.

func (Detector) Valid Uses

func (d Detector) Valid() bool

Valid checks if all fields in the detector satisfies the spec.

type DetectorType Uses

type DetectorType string

DetectorType is the type of a detector.

const (
    // NamespaceDetectorType is a type of detector that extracts the namespaces.
    NamespaceDetectorType DetectorType = "namespace"
    // FeatureDetectorType is a type of detector that extracts the features.
    FeatureDetectorType DetectorType = "feature"

func NewDetectorType Uses

func NewDetectorType(s string) (DetectorType, error)

NewDetectorType attempts to parse a string into a standard DetectorType value.

func (*DetectorType) Scan Uses

func (s *DetectorType) Scan(value interface{}) error

Scan implements the database/sql.Scanner interface.

func (DetectorType) Valid Uses

func (s DetectorType) Valid() bool

Valid checks if a detector type is defined.

func (DetectorType) Value Uses

func (s DetectorType) Value() (driver.Value, error)

Value implements the database/sql/driver.Valuer interface.

type Driver Uses

type Driver func(RegistrableComponentConfig) (Datastore, error)

Driver is a function that opens a Datastore specified by its database driver type and specific configuration.

type Feature Uses

type Feature struct {
    Name          string      `json:"name"`
    Version       string      `json:"version"`
    VersionFormat string      `json:"versionFormat"`
    Type          FeatureType `json:"type"`

Feature represents a package detected in a layer but the namespace is not determined.

e.g. Name: Libssl1.0, Version: 1.0, VersionFormat: dpkg, Type: binary dpkg is the version format of the installer package manager, which in this case could be dpkg or apk.

func ConvertFeatureSetToFeatures Uses

func ConvertFeatureSetToFeatures(features mapset.Set) []Feature

ConvertFeatureSetToFeatures converts a feature set to an array of features

func DeduplicateFeatures Uses

func DeduplicateFeatures(features ...Feature) []Feature

DeduplicateFeatures deduplicates a list of list of features.

func NewBinaryPackage Uses

func NewBinaryPackage(name string, version string, versionFormat string) *Feature

func NewFeature Uses

func NewFeature(name string, version string, versionFormat string, featureType FeatureType) *Feature

func NewSourcePackage Uses

func NewSourcePackage(name string, version string, versionFormat string) *Feature

type FeatureType Uses

type FeatureType string

FeatureType indicates the type of feature that a vulnerability affects.

const (
    SourcePackage FeatureType = "source"
    BinaryPackage FeatureType = "binary"

func (*FeatureType) Scan Uses

func (t *FeatureType) Scan(value interface{}) error

Scan implements the database/sql.Scanner interface.

func (*FeatureType) Value Uses

func (t *FeatureType) Value() (driver.Value, error)

Value implements the database/sql/driver.Valuer interface.

type Layer Uses

type Layer struct {
    // Hash is the sha-256 tarsum on the layer's blob content.
    Hash string `json:"hash"`
    // By contains a list of detectors scanned this Layer.
    By         []Detector       `json:"by"`
    Namespaces []LayerNamespace `json:"namespaces"`
    Features   []LayerFeature   `json:"features"`

Layer is a layer with all the detected features and namespaces.

func FindLayerAndRollback Uses

func FindLayerAndRollback(datastore Datastore, hash string) (layer *Layer, ok bool, err error)

FindLayerAndRollback wraps session FindLayer function with begin and rollback.

func MergeLayers Uses

func MergeLayers(l *Layer, new *Layer) *Layer

MergeLayers merges all content in new layer to l, where the content is updated.

func (*Layer) GetFeatures Uses

func (l *Layer) GetFeatures() []Feature

func (*Layer) GetNamespaces Uses

func (l *Layer) GetNamespaces() []Namespace

type LayerFeature Uses

type LayerFeature struct {
    Feature `json:"feature"`

    // By is the detector found the feature.
    By                 Detector  `json:"by"`
    PotentialNamespace Namespace `json:"potentialNamespace"`

LayerFeature is a feature with detection information.

func ConvertFeatureSetToLayerFeatures Uses

func ConvertFeatureSetToLayerFeatures(features mapset.Set) []LayerFeature

func (*LayerFeature) CompareWithoutNamespace Uses

func (l *LayerFeature) CompareWithoutNamespace(other LayerFeature) bool

CompareWithoutNamespace - compares Features and exclude PotentialNamespace

type LayerNamespace Uses

type LayerNamespace struct {
    Namespace `json:"namespace"`

    // By is the detector found the namespace.
    By  Detector `json:"by"`

LayerNamespace is a namespace with detection information.

type LayerScanResult Uses

type LayerScanResult struct {
    ExistingLayer      *Layer
    NewScanResultLayer *Layer

LayerScanResult is a layer struct which stores existing layer from DB and new layer content detected by new detectors

type MetadataMap Uses

type MetadataMap map[string]interface{}

MetadataMap is for storing the metadata returned by vulnerability database.

func (*MetadataMap) Scan Uses

func (mm *MetadataMap) Scan(value interface{}) error

func (*MetadataMap) Value Uses

func (mm *MetadataMap) Value() (driver.Value, error)

type MockDatastore Uses

type MockDatastore struct {
    FctBegin func() (Session, error)
    FctPing  func() bool
    FctClose func()

MockDatastore implements Datastore and enables overriding each available method. The default behavior of each method is to simply panic.

func (*MockDatastore) Begin Uses

func (mds *MockDatastore) Begin() (Session, error)

func (*MockDatastore) Close Uses

func (mds *MockDatastore) Close()

func (*MockDatastore) Ping Uses

func (mds *MockDatastore) Ping() bool

type MockSession Uses

type MockSession struct {
    FctCommit                           func() error
    FctRollback                         func() error
    FctUpsertAncestry                   func(Ancestry) error
    FctFindAncestry                     func(name string) (Ancestry, bool, error)
    FctFindAffectedNamespacedFeatures   func(features []NamespacedFeature) ([]NullableAffectedNamespacedFeature, error)
    FctPersistNamespaces                func([]Namespace) error
    FctPersistFeatures                  func([]Feature) error
    FctPersistDetectors                 func(detectors []Detector) error
    FctPersistNamespacedFeatures        func([]NamespacedFeature) error
    FctCacheAffectedNamespacedFeatures  func([]NamespacedFeature) error
    FctPersistLayer                     func(hash string, features []LayerFeature, namespaces []LayerNamespace, by []Detector) error
    FctFindLayer                        func(name string) (Layer, bool, error)
    FctInsertVulnerabilities            func([]VulnerabilityWithAffected) error
    FctFindVulnerabilities              func([]VulnerabilityID) ([]NullableVulnerability, error)
    FctDeleteVulnerabilities            func([]VulnerabilityID) error
    FctInsertVulnerabilityNotifications func([]VulnerabilityNotification) error
    FctFindNewNotification              func(lastNotified time.Time) (NotificationHook, bool, error)
    FctFindVulnerabilityNotification    func(name string, limit int, oldPage pagination.Token, newPage pagination.Token) (
        vuln VulnerabilityNotificationWithVulnerable, ok bool, err error)
    FctMarkNotificationAsRead func(name string) error
    FctDeleteNotification     func(name string) error
    FctUpdateKeyValue         func(key, value string) error
    FctFindKeyValue           func(key string) (string, bool, error)
    FctAcquireLock            func(name, owner string, duration time.Duration) (bool, time.Time, error)
    FctExtendLock             func(name, owner string, duration time.Duration) (bool, time.Time, error)
    FctReleaseLock            func(name, owner string) error

MockSession implements Session and enables overriding each available method. The default behavior of each method is to simply panic.

func (*MockSession) AcquireLock Uses

func (ms *MockSession) AcquireLock(name, owner string, duration time.Duration) (bool, time.Time, error)

func (*MockSession) CacheAffectedNamespacedFeatures Uses

func (ms *MockSession) CacheAffectedNamespacedFeatures(namespacedFeatures []NamespacedFeature) error

func (*MockSession) Commit Uses

func (ms *MockSession) Commit() error

func (*MockSession) DeleteNotification Uses

func (ms *MockSession) DeleteNotification(name string) error

func (*MockSession) DeleteVulnerabilities Uses

func (ms *MockSession) DeleteVulnerabilities(VulnerabilityIDs []VulnerabilityID) error

func (*MockSession) ExtendLock Uses

func (ms *MockSession) ExtendLock(name, owner string, duration time.Duration) (bool, time.Time, error)

func (*MockSession) FindAffectedNamespacedFeatures Uses

func (ms *MockSession) FindAffectedNamespacedFeatures(features []NamespacedFeature) ([]NullableAffectedNamespacedFeature, error)

func (*MockSession) FindAncestry Uses

func (ms *MockSession) FindAncestry(name string) (Ancestry, bool, error)

func (*MockSession) FindKeyValue Uses

func (ms *MockSession) FindKeyValue(key string) (string, bool, error)

func (*MockSession) FindLayer Uses

func (ms *MockSession) FindLayer(name string) (Layer, bool, error)

func (*MockSession) FindNewNotification Uses

func (ms *MockSession) FindNewNotification(lastNotified time.Time) (NotificationHook, bool, error)

func (*MockSession) FindVulnerabilities Uses

func (ms *MockSession) FindVulnerabilities(vulnerabilityIDs []VulnerabilityID) ([]NullableVulnerability, error)

func (*MockSession) FindVulnerabilityNotification Uses

func (ms *MockSession) FindVulnerabilityNotification(name string, limit int, oldPage pagination.Token, newPage pagination.Token) (
    VulnerabilityNotificationWithVulnerable, bool, error)

func (*MockSession) InsertVulnerabilities Uses

func (ms *MockSession) InsertVulnerabilities(vulnerabilities []VulnerabilityWithAffected) error

func (*MockSession) InsertVulnerabilityNotifications Uses

func (ms *MockSession) InsertVulnerabilityNotifications(vulnerabilityNotifications []VulnerabilityNotification) error

func (*MockSession) MarkNotificationAsRead Uses

func (ms *MockSession) MarkNotificationAsRead(name string) error

func (*MockSession) PersistDetectors Uses

func (ms *MockSession) PersistDetectors(detectors []Detector) error

func (*MockSession) PersistFeatures Uses

func (ms *MockSession) PersistFeatures(features []Feature) error

func (*MockSession) PersistLayer Uses

func (ms *MockSession) PersistLayer(hash string, features []LayerFeature, namespaces []LayerNamespace, detectors []Detector) error

func (*MockSession) PersistNamespacedFeatures Uses

func (ms *MockSession) PersistNamespacedFeatures(namespacedFeatures []NamespacedFeature) error

func (*MockSession) PersistNamespaces Uses

func (ms *MockSession) PersistNamespaces(namespaces []Namespace) error

func (*MockSession) ReleaseLock Uses

func (ms *MockSession) ReleaseLock(name, owner string) error

func (*MockSession) Rollback Uses

func (ms *MockSession) Rollback() error

func (*MockSession) UpdateKeyValue Uses

func (ms *MockSession) UpdateKeyValue(key, value string) error

func (*MockSession) UpsertAncestry Uses

func (ms *MockSession) UpsertAncestry(ancestry Ancestry) error

type Namespace Uses

type Namespace struct {
    Name          string `json:"name"`
    VersionFormat string `json:"versionFormat"`

Namespace is the contextual information around features.

e.g. Debian:7, NodeJS.

func DeduplicateNamespaces Uses

func DeduplicateNamespaces(namespaces ...Namespace) []Namespace

DeduplicateNamespaces deduplicates a list of namespaces.

func NewNamespace Uses

func NewNamespace(name string, versionFormat string) *Namespace

func (*Namespace) Valid Uses

func (ns *Namespace) Valid() bool

type NamespacedFeature Uses

type NamespacedFeature struct {
    Feature `json:"feature"`

    Namespace Namespace `json:"namespace"`

NamespacedFeature is a feature with determined namespace and can be affected by vulnerabilities.

e.g. OpenSSL 1.0 dpkg Debian:7.

func DeduplicateNamespacedFeatures Uses

func DeduplicateNamespacedFeatures(features []NamespacedFeature) []NamespacedFeature

DeduplicateNamespacedFeatures returns a copy of all unique features in the input.

func GetAncestryFeatures Uses

func GetAncestryFeatures(ancestry Ancestry) []NamespacedFeature

GetAncestryFeatures returns a list of unique namespaced features in the ancestry.

func NewNamespacedFeature Uses

func NewNamespacedFeature(namespace *Namespace, feature *Feature) *NamespacedFeature

type NotificationHook Uses

type NotificationHook struct {
    Name string

    Created  time.Time
    Notified time.Time
    Deleted  time.Time

NotificationHook is a message sent to another service to inform of a change to a Vulnerability or the Ancestries affected by a Vulnerability. It contains the name of a notification that should be read and marked as read via the API.

func FindNewNotification Uses

func FindNewNotification(store Datastore, notifiedBefore time.Time) (NotificationHook, bool, error)

FindNewNotification finds notifications either never notified or notified before the given time.

type NullableAffectedNamespacedFeature Uses

type NullableAffectedNamespacedFeature struct {

    Valid bool

NullableAffectedNamespacedFeature is an affectednamespacedfeature with whether it's found in datastore.

func FindAffectedNamespacedFeaturesAndRollback Uses

func FindAffectedNamespacedFeaturesAndRollback(store Datastore, features []NamespacedFeature) ([]NullableAffectedNamespacedFeature, error)

FindAffectedNamespacedFeaturesAndRollback finds the vulnerabilities on each feature.

type NullableVulnerability Uses

type NullableVulnerability struct {

    Valid bool

NullableVulnerability is a vulnerability with whether the vulnerability is found in datastore.

func FindVulnerabilitiesAndRollback Uses

func FindVulnerabilitiesAndRollback(store Datastore, ids []VulnerabilityID) ([]NullableVulnerability, error)

FindVulnerabilitiesAndRollback finds the vulnerabilities based on given ids.

type PagedVulnerableAncestries Uses

type PagedVulnerableAncestries struct {

    // Affected is a map of special indexes to Ancestries, which the pair
    // should be unique in a stream. Every indexes in the map should be larger
    // than previous page.
    Affected map[int]string

    Limit   int
    Current pagination.Token
    Next    pagination.Token

    // End signals the end of the pages.
    End bool

PagedVulnerableAncestries is a vulnerability with a page of affected ancestries each with a special index attached for streaming purpose. The current page number and next page number are for navigate.

type ReadOnly Uses

type ReadOnly interface {
    ReadOnly() bool

ReadOnly defines the function that can be used to determine if we are in read only mode for databases that can support read only operation

type RegistrableComponentConfig Uses

type RegistrableComponentConfig struct {
    Type    string
    Options map[string]interface{}

RegistrableComponentConfig is a configuration block that can be used to determine which registrable component should be initialized and pass custom configuration to it.

type Session Uses

type Session interface {
    // Commit commits changes to datastore.
    // Commit call after Rollback does no-op.
    Commit() error

    // Rollback drops changes to datastore.
    // Rollback call after Commit does no-op.
    Rollback() error

    // UpsertAncestry inserts or replaces an ancestry and its namespaced
    // features and processors used to scan the ancestry.
    UpsertAncestry(Ancestry) error

    // FindAncestry retrieves an ancestry with all detected
    // namespaced features. If the ancestry is not found, return false.
    FindAncestry(name string) (ancestry Ancestry, found bool, err error)

    // PersistDetector inserts a slice of detectors if not in the database.
    PersistDetectors(detectors []Detector) error

    // PersistFeatures inserts a set of features if not in the database.
    PersistFeatures(features []Feature) error

    // PersistNamespacedFeatures inserts a set of namespaced features if not in
    // the database.
    PersistNamespacedFeatures([]NamespacedFeature) error

    // CacheAffectedNamespacedFeatures relates the namespaced features with the
    // vulnerabilities affecting these features.
    // NOTE(Sida): it's not necessary for every database implementation and so
    // this function may have a better home.
    CacheAffectedNamespacedFeatures([]NamespacedFeature) error

    // FindAffectedNamespacedFeatures retrieves a set of namespaced features
    // with affecting vulnerabilities.
    FindAffectedNamespacedFeatures(features []NamespacedFeature) ([]NullableAffectedNamespacedFeature, error)

    // PersistNamespaces inserts a set of namespaces if not in the database.
    PersistNamespaces([]Namespace) error

    // PersistLayer appends a layer's content in the database.
    // If any feature, namespace, or detector is not in the database, it returns not found error.
    PersistLayer(hash string, features []LayerFeature, namespaces []LayerNamespace, detectedBy []Detector) error

    // FindLayer returns a layer with all detected features and
    // namespaces.
    FindLayer(hash string) (layer Layer, found bool, err error)

    // InsertVulnerabilities inserts a set of UNIQUE vulnerabilities with
    // affected features into database, assuming that all vulnerabilities
    // provided are NOT in database and all vulnerabilities' namespaces are
    // already in the database.
    InsertVulnerabilities([]VulnerabilityWithAffected) error

    // FindVulnerability retrieves a set of Vulnerabilities with affected
    // features.
    FindVulnerabilities([]VulnerabilityID) ([]NullableVulnerability, error)

    // DeleteVulnerability removes a set of Vulnerabilities assuming that the
    // requested vulnerabilities are in the database.
    DeleteVulnerabilities([]VulnerabilityID) error

    // InsertVulnerabilityNotifications inserts a set of unique vulnerability
    // notifications into datastore, assuming that they are not in the database.
    InsertVulnerabilityNotifications([]VulnerabilityNotification) error

    // FindNewNotification retrieves a notification, which has never been
    // notified or notified before a certain time.
    FindNewNotification(notifiedBefore time.Time) (hook NotificationHook, found bool, err error)

    // FindVulnerabilityNotification retrieves a vulnerability notification with
    // affected ancestries affected by old or new vulnerability.
    // Because the number of affected ancestries maybe large, they are paginated
    // and their pages are specified by the pagination token, which should be
    // considered first page when it's empty.
    FindVulnerabilityNotification(name string, limit int, oldVulnerabilityPage pagination.Token, newVulnerabilityPage pagination.Token) (noti VulnerabilityNotificationWithVulnerable, found bool, err error)

    // MarkNotificationAsRead marks a Notification as notified now, assuming
    // the requested notification is in the database.
    MarkNotificationAsRead(name string) error

    // DeleteNotification removes a Notification in the database.
    DeleteNotification(name string) error

    // UpdateKeyValue stores or updates a simple key/value pair.
    UpdateKeyValue(key, value string) error

    // FindKeyValue retrieves a value from the given key.
    FindKeyValue(key string) (value string, found bool, err error)

    // AcquireLock acquires a brand new lock in the database with a given name
    // for the given duration.
    // A lock can only have one owner.
    // This method should NOT block until a lock is acquired.
    AcquireLock(name, owner string, duration time.Duration) (acquired bool, expiration time.Time, err error)

    // ExtendLock extends an existing lock such that the lock will expire at the
    // current time plus the provided duration.
    // This method should return immediately with an error if the lock does not
    // exist.
    ExtendLock(name, owner string, duration time.Duration) (extended bool, expiration time.Time, err error)

    // ReleaseLock releases an existing lock.
    ReleaseLock(name, owner string) error

Session contains the required operations on a persistent data store for a Clair deployment.

Session is started by Datastore.Begin and terminated with Commit or Rollback. Besides Commit and Rollback, other functions cannot be called after the session is terminated. Any function is not guaranteed to be called successfully if there's a session failure.

type Severity Uses

type Severity string

Severity defines a standard scale for measuring the severity of a vulnerability.

const (
    // UnknownSeverity is either a security problem that has not been assigned to
    // a priority yet or a priority that our system did not recognize.
    UnknownSeverity Severity = "Unknown"

    // NegligibleSeverity is technically a security problem, but is only
    // theoretical in nature, requires a very special situation, has almost no
    // install base, or does no real damage. These tend not to get backport from
    // upstream, and will likely not be included in security updates unless
    // there is an easy fix and some other issue causes an update.
    NegligibleSeverity Severity = "Negligible"

    // LowSeverity is a security problem, but is hard to exploit due to
    // environment, requires a user-assisted attack, a small install base, or
    // does very little damage.  These tend to be included in security updates
    // only when higher priority issues require an update, or if many low
    // priority issues have built up.
    LowSeverity Severity = "Low"

    // MediumSeverity is a real security problem, and is exploitable for many
    // people.  Includes network daemon denial of service attacks, cross-site
    // scripting, and gaining user privileges.  Updates should be made soon for
    // this priority of issue.
    MediumSeverity Severity = "Medium"

    // HighSeverity is a real problem, exploitable for many people in a default
    // installation. Includes serious remote denial of services, local root
    // privilege escalations, or data loss.
    HighSeverity Severity = "High"

    // CriticalSeverity is a world-burning problem, exploitable for nearly all
    // people in a default installation of Linux. Includes remote root privilege
    // escalations, or massive data loss.
    CriticalSeverity Severity = "Critical"

    // Defcon1Severity is a Critical problem which has been manually highlighted
    // by the team. It requires an immediate attention.
    Defcon1Severity Severity = "Defcon1"

func NewSeverity Uses

func NewSeverity(s string) (Severity, error)

NewSeverity attempts to parse a string into a standard Severity value.

func (Severity) Compare Uses

func (s Severity) Compare(s2 Severity) int

Compare determines the equality of two severities.

If the severities are equal, returns 0. If the receiver is less, returns -1. If the receiver is greater, returns 1.

func (*Severity) Scan Uses

func (s *Severity) Scan(value interface{}) error

Scan implements the database/sql.Scanner interface.

func (Severity) Valid Uses

func (s Severity) Valid() bool

Valid checks if the severity is valid or not.

func (Severity) Value Uses

func (s Severity) Value() (driver.Value, error)

Value implements the database/sql/driver.Valuer interface.

type StorageError Uses

type StorageError struct {
    // contains filtered or unexported fields

StorageError is database error

func NewStorageError Uses

func NewStorageError(reason string) *StorageError

NewStorageError creates a new database error

func NewStorageErrorWithInternalError Uses

func NewStorageErrorWithInternalError(reason string, originalError error) *StorageError

NewStorageErrorWithInternalError creates a new database error

func (*StorageError) Error Uses

func (e *StorageError) Error() string

type Vulnerability Uses

type Vulnerability struct {
    Name      string
    Namespace Namespace

    Description string
    Link        string
    Severity    Severity

    Metadata MetadataMap

Vulnerability represents CVE or similar vulnerability reports.

type VulnerabilityID Uses

type VulnerabilityID struct {
    Name      string
    Namespace string

VulnerabilityID is an identifier for every vulnerability. Every vulnerability has unique namespace and name.

type VulnerabilityNotification Uses

type VulnerabilityNotification struct {

    Old *Vulnerability
    New *Vulnerability

VulnerabilityNotification is a notification for vulnerability changes.

type VulnerabilityNotificationWithVulnerable Uses

type VulnerabilityNotificationWithVulnerable struct {

    Old *PagedVulnerableAncestries
    New *PagedVulnerableAncestries

VulnerabilityNotificationWithVulnerable is a notification for vulnerability changes with vulnerable ancestries.

func FindVulnerabilityNotificationAndRollback Uses

func FindVulnerabilityNotificationAndRollback(store Datastore, name string, limit int, oldVulnerabilityPage pagination.Token, newVulnerabilityPage pagination.Token) (VulnerabilityNotificationWithVulnerable, bool, error)

FindVulnerabilityNotificationAndRollback finds the vulnerability notification and rollback.

type VulnerabilityWithAffected Uses

type VulnerabilityWithAffected struct {

    Affected []AffectedFeature

VulnerabilityWithAffected is a vulnerability with all known affected features.

type VulnerabilityWithFixedIn Uses

type VulnerabilityWithFixedIn struct {

    FixedInVersion string

VulnerabilityWithFixedIn is used for AffectedNamespacedFeature to retrieve the affecting vulnerabilities and the fixed-in versions for the feature.


pgsqlPackage pgsql implements database.Datastore with PostgreSQL.
pgsql/migrationsPackage migrations regroups every migrations available to the pgsql database backend.

Package database imports 13 packages (graph) and is imported by 543 packages. Updated 2020-06-09. Refresh now. Tools for package owners.