postgres

package

v1.5.27 Latest Latest Go to latest Published: Apr 25, 2024 License: Apache-2.0 Imports: 33 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/quay/claircore

Links

Open Source Insights

Documentation ¶

Overview ¶

Package postgres implements the indexer store interface for a PostgreSQL database.

SQL statements should be arranged in this package such that they're constants in the closest scope possible to where they're used. They should be run through sqlfmt and then checked for correctness, as sqlfmt doesn't fully understand the PostgreSQL dialect. Queries should endeavor to do work database-side, as opposed to making queries to construct further queries.

Index ¶

Constants
Variables
func Connect(ctx context.Context, connString string, applicationName string) (*pgxpool.Pool, error)
func InitPostgresIndexerStore(_ context.Context, pool *pgxpool.Pool, doMigration bool) (indexer.Store, error)
func InitPostgresMatcherStore(_ context.Context, pool *pgxpool.Pool, doMigration bool) (datastore.MatcherStore, error)
type IndexerStore
- func NewIndexerStore(pool *pgxpool.Pool) *IndexerStore
type MatcherStore
- func NewMatcherStore(pool *pgxpool.Pool) *MatcherStore

Constants ¶

View Source

const (
	// GCThrottle sets a limit for the number of deleted update operations
	// (and subsequent cascade deletes in the uo_vuln table) that can occur in a GC run.
	GCThrottle = 50
)

Variables ¶

View Source

var (
	// ErrNotIndexed indicates the vulnerability being queried has a dist or repo not
	// indexed into the database.
	ErrNotIndexed = fmt.Errorf("vulnerability containers data not indexed by any scannners")
)

Functions ¶

func Connect ¶

func Connect(ctx context.Context, connString string, applicationName string) (*pgxpool.Pool, error)

Connect initialize a postgres pgxpool.Pool based on the connection string

func InitPostgresIndexerStore ¶

func InitPostgresIndexerStore(_ context.Context, pool *pgxpool.Pool, doMigration bool) (indexer.Store, error)

InitPostgresIndexerStore initialize a indexer.Store given the pgxpool.Pool

func InitPostgresMatcherStore ¶

func InitPostgresMatcherStore(_ context.Context, pool *pgxpool.Pool, doMigration bool) (datastore.MatcherStore, error)

InitPostgresMatcherStore initialize a indexer.Store given libindex.Opts

Types ¶

type IndexerStore ¶

type IndexerStore struct {
	// contains filtered or unexported fields
}

IndexerStore implements the claircore.Store interface.

All the other exported methods live in their own files.

func NewIndexerStore ¶

func NewIndexerStore(pool *pgxpool.Pool) *IndexerStore

func (*IndexerStore) AffectedManifests ¶

func (s *IndexerStore) AffectedManifests(ctx context.Context, v claircore.Vulnerability, vulnFunc claircore.CheckVulnernableFunc) ([]claircore.Digest, error)

AffectedManifests finds the manifests digests which are affected by the provided vulnerability.

An exhaustive search for all indexed packages of the same name as the vulnerability is performed.

The list of packages is filtered down to only the affected set.

The manifest index is then queried to resolve a list of manifest hashes containing the affected artifacts.

func (*IndexerStore) Close ¶

func (s *IndexerStore) Close(_ context.Context) error

func (*IndexerStore) DeleteManifests ¶

func (s *IndexerStore) DeleteManifests(ctx context.Context, ds ...claircore.Digest) ([]claircore.Digest, error)

func (*IndexerStore) DistributionsByLayer ¶

func (s *IndexerStore) DistributionsByLayer(ctx context.Context, hash claircore.Digest, scnrs indexer.VersionedScanners) ([]*claircore.Distribution, error)

func (*IndexerStore) FilesByLayer ¶ added in v1.5.1

func (s *IndexerStore) FilesByLayer(ctx context.Context, hash claircore.Digest, scnrs indexer.VersionedScanners) ([]claircore.File, error)

func (*IndexerStore) IndexDistributions ¶

func (s *IndexerStore) IndexDistributions(ctx context.Context, dists []*claircore.Distribution, layer *claircore.Layer, scnr indexer.VersionedScanner) error

func (*IndexerStore) IndexFiles ¶ added in v1.5.1

func (s *IndexerStore) IndexFiles(ctx context.Context, files []claircore.File, layer *claircore.Layer, scnr indexer.VersionedScanner) error

func (*IndexerStore) IndexManifest ¶

func (s *IndexerStore) IndexManifest(ctx context.Context, ir *claircore.IndexReport) error

func (*IndexerStore) IndexPackages ¶

func (s *IndexerStore) IndexPackages(ctx context.Context, pkgs []*claircore.Package, layer *claircore.Layer, scnr indexer.VersionedScanner) error

IndexPackages indexes all provided packages along with creating a scan artifact.

If a source package is nested inside a binary package we index the source package first and then create a relation between the binary package and source package.

Scan artifacts are used to determine if a particular layer has been scanned by a particular scanner. See the LayerScanned method for more details.

func (*IndexerStore) IndexReport ¶

func (s *IndexerStore) IndexReport(ctx context.Context, hash claircore.Digest) (*claircore.IndexReport, bool, error)

func (*IndexerStore) IndexRepositories ¶

func (s *IndexerStore) IndexRepositories(ctx context.Context, repos []*claircore.Repository, l *claircore.Layer, scnr indexer.VersionedScanner) error

func (*IndexerStore) LayerScanned ¶

func (s *IndexerStore) LayerScanned(ctx context.Context, hash claircore.Digest, scnr indexer.VersionedScanner) (bool, error)

func (*IndexerStore) ManifestScanned ¶

func (s *IndexerStore) ManifestScanned(ctx context.Context, hash claircore.Digest, vs indexer.VersionedScanners) (bool, error)

ManifestScanned determines if a manifest has been scanned by ALL the provided scanners.

func (*IndexerStore) PackagesByLayer ¶

func (s *IndexerStore) PackagesByLayer(ctx context.Context, hash claircore.Digest, scnrs indexer.VersionedScanners) ([]*claircore.Package, error)

func (*IndexerStore) PersistManifest ¶

func (s *IndexerStore) PersistManifest(ctx context.Context, manifest claircore.Manifest) error

func (*IndexerStore) RegisterScanners ¶

func (s *IndexerStore) RegisterScanners(ctx context.Context, vs indexer.VersionedScanners) error

func (*IndexerStore) RepositoriesByLayer ¶

func (s *IndexerStore) RepositoriesByLayer(ctx context.Context, hash claircore.Digest, scnrs indexer.VersionedScanners) ([]*claircore.Repository, error)

func (*IndexerStore) SetIndexFinished ¶

func (s *IndexerStore) SetIndexFinished(ctx context.Context, ir *claircore.IndexReport, scnrs indexer.VersionedScanners) error

func (*IndexerStore) SetIndexReport ¶

func (s *IndexerStore) SetIndexReport(ctx context.Context, ir *claircore.IndexReport) error

func (*IndexerStore) SetLayerScanned ¶

func (s *IndexerStore) SetLayerScanned(ctx context.Context, hash claircore.Digest, vs indexer.VersionedScanner) error

type MatcherStore ¶

type MatcherStore struct {
	// contains filtered or unexported fields
}

MatcherStore implements all interfaces in the vulnstore package

func NewMatcherStore ¶

func NewMatcherStore(pool *pgxpool.Pool) *MatcherStore

func (*MatcherStore) DeleteUpdateOperations ¶

func (s *MatcherStore) DeleteUpdateOperations(ctx context.Context, id ...uuid.UUID) (int64, error)

DeleteUpdateOperations implements vulnstore.Updater.

func (*MatcherStore) DeltaUpdateVulnerabilities ¶ added in v1.5.21

func (s *MatcherStore) DeltaUpdateVulnerabilities(ctx context.Context, updater string, fingerprint driver.Fingerprint, vulns []*claircore.Vulnerability, deletedVulns []string) (uuid.UUID, error)

DeltaUpdateVulnerabilities implements vulnstore.Updater.

It is similar to UpdateVulnerabilities but support processing of partial data as opposed to needing an entire vulnerability database Order of operations:

Create a new UpdateOperation
Query existing vulnerabilities for the updater
Discount and vulnerabilities with newer updates and deleted vulnerabilities
Update the associated updateOperation for the remaining existing vulnerabilities
Insert the new vulnerabilities
Associate new vulnerabilities with new updateOperation

func (*MatcherStore) GC ¶

func (s *MatcherStore) GC(ctx context.Context, keep int) (int64, error)

GC is split into two phases, first it will identify any update operations which are older then the provided keep value and delete these.

Next it will perform updater based deletions of any vulns from the vuln table which are not longer referenced by update operations.

The GC is throttled to not overload the database with cascade deletes. If a full GC is required run this method until the returned int64 value is 0.

func (*MatcherStore) Get ¶

func (s *MatcherStore) Get(ctx context.Context, records []*claircore.IndexRecord, opts datastore.GetOpts) (map[string][]*claircore.Vulnerability, error)

Get implements vulnstore.Vulnerability.

func (*MatcherStore) GetEnrichment ¶

func (s *MatcherStore) GetEnrichment(ctx context.Context, name string, tags []string) (res []driver.EnrichmentRecord, err error)

func (*MatcherStore) GetLatestUpdateRef ¶

func (s *MatcherStore) GetLatestUpdateRef(ctx context.Context, kind driver.UpdateKind) (uuid.UUID, error)

GetLatestUpdateRef implements driver.Updater.

func (*MatcherStore) GetLatestUpdateRefs ¶

func (s *MatcherStore) GetLatestUpdateRefs(ctx context.Context, kind driver.UpdateKind) (map[string][]driver.UpdateOperation, error)

func (*MatcherStore) GetUpdateDiff ¶

func (s *MatcherStore) GetUpdateDiff(ctx context.Context, prev, cur uuid.UUID) (*driver.UpdateDiff, error)

func (*MatcherStore) GetUpdateOperations ¶

func (s *MatcherStore) GetUpdateOperations(ctx context.Context, kind driver.UpdateKind, updater ...string) (map[string][]driver.UpdateOperation, error)

func (*MatcherStore) Initialized ¶

func (s *MatcherStore) Initialized(ctx context.Context) (bool, error)

func (*MatcherStore) RecordUpdaterSetStatus ¶

func (s *MatcherStore) RecordUpdaterSetStatus(ctx context.Context, updaterSet string, updateTime time.Time) error

RecordUpdaterSetStatus records that all updaters from a updater set are up to date with vulnerabilities at this time

func (*MatcherStore) RecordUpdaterStatus ¶

func (s *MatcherStore) RecordUpdaterStatus(ctx context.Context, updaterName string, updateTime time.Time, fingerprint driver.Fingerprint, updaterError error) error

RecordUpdaterStatus records that an updater is up to date with vulnerabilities at this time

func (*MatcherStore) UpdateEnrichments ¶

func (s *MatcherStore) UpdateEnrichments(ctx context.Context, name string, fp driver.Fingerprint, es []driver.EnrichmentRecord) (uuid.UUID, error)

UpdateEnrichments creates a new UpdateOperation, inserts the provided EnrichmentRecord(s), and ensures enrichments from previous updates are not queried by clients.

func (*MatcherStore) UpdateVulnerabilities ¶

func (s *MatcherStore) UpdateVulnerabilities(ctx context.Context, updater string, fingerprint driver.Fingerprint, vulns []*claircore.Vulnerability) (uuid.UUID, error)

UpdateVulnerabilities implements vulnstore.Updater.

It creates a new UpdateOperation for this update call, inserts the provided vulnerabilities and computes a diff comprising the removed and added vulnerabilities for this UpdateOperation.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
migrations

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL