From 6ec1ce6ca6a6779df80ed4c4aaa0cf1307553abe Mon Sep 17 00:00:00 2001
From: Alex Goodman <alex.goodman@anchore.com>
Date: Mon, 27 Jul 2020 08:44:18 -0400
Subject: [PATCH] use explicitly the v1 db schema

---
 cmd/version.go                                |  5 ++---
 go.mod                                        |  2 +-
 go.sum                                        | 10 ++-------
 grype/db/curator.go                           | 12 +++++-----
 grype/vulnerability/store_provider.go         |  6 ++---
 .../store_provider_mocks_test.go              | 12 +++++-----
 grype/vulnerability/vulnerability.go          |  6 ++---
 test/integration/db_mock_test.go              | 22 +++++++++----------
 8 files changed, 33 insertions(+), 42 deletions(-)

diff --git a/cmd/version.go b/cmd/version.go
index 62217ad8..23535117 100644
--- a/cmd/version.go
+++ b/cmd/version.go
@@ -3,8 +3,7 @@ package cmd
 import (
 	"fmt"
 
-	"github.com/anchore/grype-db/pkg/db"
-
+	v1 "github.com/anchore/grype-db/pkg/db/v1"
 	"github.com/anchore/grype/internal"
 	"github.com/anchore/grype/internal/version"
 	"github.com/spf13/cobra"
@@ -35,7 +34,7 @@ func printVersion(_ *cobra.Command, _ []string) {
 		fmt.Println("Platform:            ", versionInfo.Platform)
 		fmt.Println("GoVersion:           ", versionInfo.GoVersion)
 		fmt.Println("Compiler:            ", versionInfo.Compiler)
-		fmt.Println("Supported DB Schema: ", db.SchemaVersion)
+		fmt.Println("Supported DB Schema: ", v1.SchemaVersion)
 	} else {
 		fmt.Printf("%s %s\n", internal.ApplicationName, versionInfo.Version)
 	}
diff --git a/go.mod b/go.mod
index bc5a37b6..5761fb97 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/adrg/xdg v0.2.1
 	github.com/anchore/go-testutils v0.0.0-20200624184116-66aa578126db
 	github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b
-	github.com/anchore/grype-db v0.0.0-20200725230023-ff38124c1f49
+	github.com/anchore/grype-db v0.0.0-20200727124815-9139f1175e84
 	github.com/anchore/syft v0.0.0-20200724122256-9ec5da24dd28
 	github.com/facebookincubator/nvdtools v0.1.4-0.20200622182922-aed862a62ae6
 	github.com/go-test/deep v1.0.7
diff --git a/go.sum b/go.sum
index e471415c..40f5ed10 100644
--- a/go.sum
+++ b/go.sum
@@ -115,18 +115,12 @@ github.com/anchore/go-testutils v0.0.0-20200624184116-66aa578126db h1:LWKezJnFTF
 github.com/anchore/go-testutils v0.0.0-20200624184116-66aa578126db/go.mod h1:D3rc2L/q4Hcp9eeX6AIJH4Q+kPjOtJCFhG9za90j+nU=
 github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b h1:e1bmaoJfZVsCYMrIZBpFxwV26CbsuoEh5muXD5I1Ods=
 github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E=
-github.com/anchore/grype-db v0.0.0-20200724105409-0ddbeb65f5a3 h1:otpVUWQ2HXmL7nX5+t3W94qMqJCaSOW+Myen783WJs8=
-github.com/anchore/grype-db v0.0.0-20200724105409-0ddbeb65f5a3/go.mod h1:LINmipRzG88vnJEWvgMMDVCFH1qZsj7+bjmpERlSyaA=
-github.com/anchore/grype-db v0.0.0-20200725230023-ff38124c1f49 h1:nPrHsCcS0kdqfMhEcHx2TVazthM1j2P+UtkZeSLEnz0=
-github.com/anchore/grype-db v0.0.0-20200725230023-ff38124c1f49/go.mod h1:LINmipRzG88vnJEWvgMMDVCFH1qZsj7+bjmpERlSyaA=
-github.com/anchore/siren-db v0.0.0-20200721170640-64923624e7b2 h1:j3MwtIO1HBgGYD7pG0RVl+jXwkgpTfTk1EoT/QFIYhY=
-github.com/anchore/siren-db v0.0.0-20200721170640-64923624e7b2/go.mod h1:/n1sNOhAfvg5CrlhjWOinKEWpeLYYm9H8gv+afWtpOk=
+github.com/anchore/grype-db v0.0.0-20200727124815-9139f1175e84 h1:Fl3ST7iUGaJSZwq80bO68PuISQd0d6FsDw24TMezHFY=
+github.com/anchore/grype-db v0.0.0-20200727124815-9139f1175e84/go.mod h1:LINmipRzG88vnJEWvgMMDVCFH1qZsj7+bjmpERlSyaA=
 github.com/anchore/stereoscope v0.0.0-20200520221116-025e07f1c93e h1:QBwtrM0MXi0z+GcHk3RoSyzaQ+CLgas0bC/uOd1P+PQ=
 github.com/anchore/stereoscope v0.0.0-20200520221116-025e07f1c93e/go.mod h1:bkyLl5VITnrmgErv4S1vDfVz/TGAZ5il6161IQo7w2g=
 github.com/anchore/stereoscope v0.0.0-20200706164556-7cf39d7f4639 h1:J1oytkj+aBuACNF2whtEiVxRXIZ8zwT+EiPTqm/FvwA=
 github.com/anchore/stereoscope v0.0.0-20200706164556-7cf39d7f4639/go.mod h1:WntReQTI/I27FOQ87UgLVVzWgku6+ZsqfOTLxpIZFCs=
-github.com/anchore/syft v0.0.0-20200724005404-a4016d35ce09 h1:kDfnvX7J6Ys6GXonKNbttQvgyh0dzQCfuLy0wiJlc/c=
-github.com/anchore/syft v0.0.0-20200724005404-a4016d35ce09/go.mod h1:9y7/7XgBFbHBEer3tJt5TMDfMm8/enrhB420Stuan4A=
 github.com/anchore/syft v0.0.0-20200724122256-9ec5da24dd28 h1:g35+t2H/4gukUtuQRIZbjTK+IrBy7uz/l9wzh0TNvYA=
 github.com/anchore/syft v0.0.0-20200724122256-9ec5da24dd28/go.mod h1:9y7/7XgBFbHBEer3tJt5TMDfMm8/enrhB420Stuan4A=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ=
diff --git a/grype/db/curator.go b/grype/db/curator.go
index ddfd08ef..7e9e7bc3 100644
--- a/grype/db/curator.go
+++ b/grype/db/curator.go
@@ -7,15 +7,15 @@ import (
 	"path"
 
 	"github.com/anchore/grype-db/pkg/curation"
-	"github.com/anchore/grype-db/pkg/db"
-	"github.com/anchore/grype-db/pkg/store/sqlite/reader"
+	v1 "github.com/anchore/grype-db/pkg/db/v1"
+	"github.com/anchore/grype-db/pkg/db/v1/reader"
 	"github.com/anchore/grype/internal/file"
 	"github.com/anchore/grype/internal/log"
 	"github.com/spf13/afero"
 )
 
 const (
-	FileName = db.VulnerabilityStoreFileName
+	FileName = v1.VulnerabilityStoreFileName
 )
 
 type Config struct {
@@ -34,12 +34,12 @@ func NewCurator(cfg Config) (Curator, error) {
 	return Curator{
 		config:       cfg,
 		fs:           afero.NewOsFs(),
-		targetSchema: db.SchemaVersion,
+		targetSchema: v1.SchemaVersion,
 		client:       &file.HashiGoGetter{},
 	}, nil
 }
 
-func (c *Curator) GetStore() (db.VulnerabilityStoreReader, error) {
+func (c *Curator) GetStore() (v1.VulnerabilityStoreReader, error) {
 	// ensure the DB is ok
 	err := c.Validate()
 	if err != nil {
@@ -67,7 +67,7 @@ func (c *Curator) Status() Status {
 	return Status{
 		Age:                   metadata.Built,
 		CurrentSchemaVersion:  metadata.Version,
-		RequiredSchemeVersion: db.SchemaVersion,
+		RequiredSchemeVersion: v1.SchemaVersion,
 		Location:              c.config.DbDir,
 		Err:                   err,
 	}
diff --git a/grype/vulnerability/store_provider.go b/grype/vulnerability/store_provider.go
index 57ae1d20..6d2fc848 100644
--- a/grype/vulnerability/store_provider.go
+++ b/grype/vulnerability/store_provider.go
@@ -3,7 +3,7 @@ package vulnerability
 import (
 	"fmt"
 
-	"github.com/anchore/grype-db/pkg/db"
+	v1 "github.com/anchore/grype-db/pkg/db/v1"
 	"github.com/anchore/grype/grype/cpe"
 	"github.com/anchore/syft/syft/distro"
 	"github.com/anchore/syft/syft/pkg"
@@ -11,10 +11,10 @@ import (
 )
 
 type StoreProvider struct {
-	store db.VulnerabilityStoreReader
+	store v1.VulnerabilityStoreReader
 }
 
-func NewProviderFromStore(store db.VulnerabilityStoreReader) *StoreProvider {
+func NewProviderFromStore(store v1.VulnerabilityStoreReader) *StoreProvider {
 	return &StoreProvider{
 		store: store,
 	}
diff --git a/grype/vulnerability/store_provider_mocks_test.go b/grype/vulnerability/store_provider_mocks_test.go
index 90967872..59431a4e 100644
--- a/grype/vulnerability/store_provider_mocks_test.go
+++ b/grype/vulnerability/store_provider_mocks_test.go
@@ -1,21 +1,21 @@
 package vulnerability
 
-import "github.com/anchore/grype-db/pkg/db"
+import v1 "github.com/anchore/grype-db/pkg/db/v1"
 
 type mockStore struct {
-	data map[string]map[string][]db.Vulnerability
+	data map[string]map[string][]v1.Vulnerability
 }
 
 func newMockStore() *mockStore {
 	d := mockStore{
-		data: make(map[string]map[string][]db.Vulnerability),
+		data: make(map[string]map[string][]v1.Vulnerability),
 	}
 	d.stub()
 	return &d
 }
 
 func (d *mockStore) stub() {
-	d.data["debian:8"] = map[string][]db.Vulnerability{
+	d.data["debian:8"] = map[string][]v1.Vulnerability{
 		"neutron": {
 			{
 				PackageName:       "neutron",
@@ -33,7 +33,7 @@ func (d *mockStore) stub() {
 			},
 		},
 	}
-	d.data["nvd"] = map[string][]db.Vulnerability{
+	d.data["nvd"] = map[string][]v1.Vulnerability{
 		"activerecord": {
 			{
 				PackageName:       "activerecord",
@@ -79,6 +79,6 @@ func (d *mockStore) stub() {
 	}
 }
 
-func (d *mockStore) GetVulnerability(namespace, name string) ([]db.Vulnerability, error) {
+func (d *mockStore) GetVulnerability(namespace, name string) ([]v1.Vulnerability, error) {
 	return d.data[namespace][name], nil
 }
diff --git a/grype/vulnerability/vulnerability.go b/grype/vulnerability/vulnerability.go
index 5088dca1..14ce79b3 100644
--- a/grype/vulnerability/vulnerability.go
+++ b/grype/vulnerability/vulnerability.go
@@ -3,10 +3,8 @@ package vulnerability
 import (
 	"fmt"
 
-	"github.com/anchore/grype-db/pkg/db"
-
+	v1 "github.com/anchore/grype-db/pkg/db/v1"
 	"github.com/anchore/grype/grype/cpe"
-
 	"github.com/anchore/grype/grype/version"
 )
 
@@ -16,7 +14,7 @@ type Vulnerability struct {
 	ID         string
 }
 
-func NewVulnerability(vuln db.Vulnerability) (*Vulnerability, error) {
+func NewVulnerability(vuln v1.Vulnerability) (*Vulnerability, error) {
 	format := version.ParseFormat(vuln.VersionFormat)
 
 	constraint, err := version.GetConstraint(vuln.VersionConstraint, format)
diff --git a/test/integration/db_mock_test.go b/test/integration/db_mock_test.go
index 4ed35f63..810007cc 100644
--- a/test/integration/db_mock_test.go
+++ b/test/integration/db_mock_test.go
@@ -1,21 +1,21 @@
 package integration
 
 import (
-	"github.com/anchore/grype-db/pkg/db"
+	v1 "github.com/anchore/grype-db/pkg/db/v1"
 )
 
 // integrity check
-var _ db.VulnerabilityStoreReader = &mockStore{}
+var _ v1.VulnerabilityStoreReader = &mockStore{}
 
 type mockStore struct {
-	backend map[string]map[string][]db.Vulnerability
+	backend map[string]map[string][]v1.Vulnerability
 }
 
 func NewMockDbStore() *mockStore {
 	return &mockStore{
-		backend: map[string]map[string][]db.Vulnerability{
+		backend: map[string]map[string][]v1.Vulnerability{
 			"github:npm": {
-				"validator": []db.Vulnerability{
+				"validator": []v1.Vulnerability{
 					{
 						ID:                "CVE-javascript-validator",
 						VersionConstraint: "< 3.2.1",
@@ -24,7 +24,7 @@ func NewMockDbStore() *mockStore {
 				},
 			},
 			"github:python": {
-				"Pygments": []db.Vulnerability{
+				"Pygments": []v1.Vulnerability{
 					{
 						ID:                "CVE-python-pygments",
 						VersionConstraint: "< 2.6.2",
@@ -33,7 +33,7 @@ func NewMockDbStore() *mockStore {
 				},
 			},
 			"github:gem": {
-				"rails": []db.Vulnerability{
+				"rails": []v1.Vulnerability{
 					{
 						ID:                "CVE-ruby-activerecord",
 						VersionConstraint: "> 4.0.0, <= 4.1.1",
@@ -42,7 +42,7 @@ func NewMockDbStore() *mockStore {
 				},
 			},
 			"github:java": {
-				"org.anchore:example-java-app-maven": []db.Vulnerability{
+				"org.anchore:example-java-app-maven": []v1.Vulnerability{
 					{
 						ID:                "CVE-java-example-java-app",
 						VersionConstraint: ">= 0.0.1, < 1.2.0",
@@ -51,7 +51,7 @@ func NewMockDbStore() *mockStore {
 				},
 			},
 			"debian:8": {
-				"apt-dev": []db.Vulnerability{
+				"apt-dev": []v1.Vulnerability{
 					{
 						ID:                "CVE-dpkg-apt",
 						VersionConstraint: "<= 1.8.2",
@@ -60,7 +60,7 @@ func NewMockDbStore() *mockStore {
 				},
 			},
 			"rhel:8": {
-				"dive": []db.Vulnerability{
+				"dive": []v1.Vulnerability{
 					{
 						ID:                "CVE-rpmdb-dive",
 						VersionConstraint: "<= 1.0.42",
@@ -72,7 +72,7 @@ func NewMockDbStore() *mockStore {
 	}
 }
 
-func (s *mockStore) GetVulnerability(namespace, name string) ([]db.Vulnerability, error) {
+func (s *mockStore) GetVulnerability(namespace, name string) ([]v1.Vulnerability, error) {
 	namespaceMap := s.backend[namespace]
 	if namespaceMap == nil {
 		return nil, nil