From afb8597aa2c2f40d935dc5c81cff04821d601b99 Mon Sep 17 00:00:00 2001 From: Alex Goodman Date: Thu, 16 Jul 2020 14:59:35 -0400 Subject: [PATCH] split vulnerability into index & metadata (#51) --- cmd/db_status.go | 43 ++++++++++++++++++++++++++++++++++++++++ cmd/root.go | 10 +++++----- cmd/status.go | 24 ---------------------- go.mod | 2 +- go.sum | 29 ++++++++++++++++----------- internal/file/hasher.go | 10 ++++++---- vulnscan/constants.go | 1 + vulnscan/db/curator.go | 44 ++++++++++++++++++++++++++++------------- vulnscan/db/status.go | 11 +++++++++++ 9 files changed, 115 insertions(+), 59 deletions(-) create mode 100644 cmd/db_status.go delete mode 100644 cmd/status.go create mode 100644 vulnscan/db/status.go diff --git a/cmd/db_status.go b/cmd/db_status.go new file mode 100644 index 00000000..9a01d24a --- /dev/null +++ b/cmd/db_status.go @@ -0,0 +1,43 @@ +package cmd + +import ( + "fmt" + "os" + + "github.com/anchore/vulnscan/vulnscan/db" + + "github.com/spf13/cobra" +) + +var statusCmd = &cobra.Command{ + Use: "status", + Short: "display database status", + Run: func(cmd *cobra.Command, args []string) { + os.Exit(runDbStatusCmd(cmd, args)) + }, +} + +func init() { + dbCmd.AddCommand(statusCmd) +} + +func runDbStatusCmd(_ *cobra.Command, _ []string) int { + dbCurator, err := db.NewCurator(appConfig.Db.ToCuratorConfig()) + if err != nil { + log.Errorf("could not curate database: %w", err) + return 1 + } + + status := dbCurator.Status() + fmt.Println("Location: ", status.Location) + fmt.Println("Built: ", status.Age.String()) + fmt.Println("Version: ", status.SchemaVersion) + fmt.Println("Constraint: ", status.SchemaConstraint) + if status.Err != nil { + fmt.Printf("Status: INVALID [%+v]\n", status.Err) + } else { + fmt.Println("Status: Valid") + } + + return 0 +} diff --git a/cmd/root.go b/cmd/root.go index 2f1db87d..a88fc9e1 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -65,7 +65,7 @@ func runDefaultCmd(_ *cobra.Command, args []string) int { log.Infof("Fetching image '%s'", userImageStr) img, err := stereoscope.GetImage(userImageStr) if err != nil { - log.Errorf("could not fetch image '%s': %w", userImageStr, err) + log.Errorf("could not fetch image '%s': %+v", userImageStr, err) return 1 } defer stereoscope.Cleanup() @@ -73,7 +73,7 @@ func runDefaultCmd(_ *cobra.Command, args []string) int { log.Info("Cataloging image") catalog, err := imgbom.CatalogImg(img, appConfig.ScopeOpt) if err != nil { - log.Errorf("could not catalog image: %w", err) + log.Errorf("could not catalog image: %+v", err) return 1 } @@ -86,7 +86,7 @@ func runDefaultCmd(_ *cobra.Command, args []string) int { dbCurator, err := db.NewCurator(appConfig.Db.ToCuratorConfig()) if err != nil { - log.Errorf("could not curate database: %w", err) + log.Errorf("could not curate database: %+v", err) return 1 } @@ -108,7 +108,7 @@ func runDefaultCmd(_ *cobra.Command, args []string) int { store, err := dbCurator.GetStore() if err != nil { - log.Errorf("failed to load vulnerability database: %w", err) + log.Errorf("failed to load vulnerability database: %+v", err) return 1 } @@ -125,7 +125,7 @@ func runDefaultCmd(_ *cobra.Command, args []string) int { err = presenter.GetPresenter(presenterType).Present(os.Stdout, catalog, results) if err != nil { - log.Errorf("could not format catalog results: %w", err) + log.Errorf("could not format catalog results: %+v", err) return 1 } diff --git a/cmd/status.go b/cmd/status.go deleted file mode 100644 index 5a5d0f36..00000000 --- a/cmd/status.go +++ /dev/null @@ -1,24 +0,0 @@ -package cmd - -import ( - "os" - - "github.com/spf13/cobra" -) - -var statusCmd = &cobra.Command{ - Use: "status", - Short: "display general status", - Run: func(cmd *cobra.Command, args []string) { - os.Exit(runStatusCmd(cmd, args)) - }, -} - -func init() { - rootCmd.AddCommand(statusCmd) -} - -func runStatusCmd(cmd *cobra.Command, args []string) int { - log.Error("status command...") - return 0 -} diff --git a/go.mod b/go.mod index 69a28a39..571436fb 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/anchore/go-testutils v0.0.0-20200624184116-66aa578126db github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b github.com/anchore/imgbom v0.0.0-20200713170720-e8d11eec6992 - github.com/anchore/siren-db v0.0.0-20200713191036-498d64d91776 + github.com/anchore/siren-db v0.0.0-20200716152335-9bc4580f72a1 github.com/anchore/stereoscope v0.0.0-20200706164556-7cf39d7f4639 github.com/hashicorp/go-getter v1.4.1 github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a diff --git a/go.sum b/go.sum index 3e8b33e1..6feb87c9 100644 --- a/go.sum +++ b/go.sum @@ -109,25 +109,16 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= -github.com/anchore/go-testutils v0.0.0-20200520222037-edc2bf1864fe h1:YMXe4RA3qy4Ri5fmGQii/Gn+Pxv3oBfiS/LqzeOVuwo= -github.com/anchore/go-testutils v0.0.0-20200520222037-edc2bf1864fe/go.mod h1:D3rc2L/q4Hcp9eeX6AIJH4Q+kPjOtJCFhG9za90j+nU= github.com/anchore/go-testutils v0.0.0-20200624184116-66aa578126db h1:LWKezJnFTFxNkZ4MzajVf+YWvJS0+7hwFr59u6SS7cw= github.com/anchore/go-testutils v0.0.0-20200624184116-66aa578126db/go.mod h1:D3rc2L/q4Hcp9eeX6AIJH4Q+kPjOtJCFhG9za90j+nU= github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b h1:e1bmaoJfZVsCYMrIZBpFxwV26CbsuoEh5muXD5I1Ods= github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E= -github.com/anchore/imgbom v0.0.0-20200707130654-e040fc89309c h1:ZtIiV609jCuFiqau4E/0swy+3DlQ7ZFuYtOR0m/BXog= -github.com/anchore/imgbom v0.0.0-20200707130654-e040fc89309c/go.mod h1:vrV+LfqB1bcBUPiyfN7ijw88nDs9ZZPaTMaegaw4DUQ= -github.com/anchore/imgbom v0.0.0-20200709210529-ef8c2157725a h1:50nHqj6giq050OpHjntV6oqV2sZFDzBwoRAVfMjzURg= -github.com/anchore/imgbom v0.0.0-20200709210529-ef8c2157725a/go.mod h1:vrV+LfqB1bcBUPiyfN7ijw88nDs9ZZPaTMaegaw4DUQ= -github.com/anchore/imgbom v0.0.0-20200710114513-502e2afd06eb h1:6TLZSeDqLO3ZBYGIkeev/iTJd2Of0p6NLcifD46QRFo= -github.com/anchore/imgbom v0.0.0-20200710114513-502e2afd06eb/go.mod h1:vrV+LfqB1bcBUPiyfN7ijw88nDs9ZZPaTMaegaw4DUQ= github.com/anchore/imgbom v0.0.0-20200713170720-e8d11eec6992 h1:ERVRoY8sKpccEbuV53NyG/frJzIZ4n4NyOhbSGGOMSs= github.com/anchore/imgbom v0.0.0-20200713170720-e8d11eec6992/go.mod h1:b7euhNKBz5ReqVtal47okqWXg4YPT2/aitoWyQsDFns= -github.com/anchore/siren-db v0.0.0-20200713191036-498d64d91776 h1:NwYrzqPB1zVdtH7xJqqfpNnM0hTyGxtgiKjFF4SZ1Ho= -github.com/anchore/siren-db v0.0.0-20200713191036-498d64d91776/go.mod h1:iH1dk3aHPzrq7Qc82IG2UDCi6IVDwn9ikgEnnGr3rqU= +github.com/anchore/siren-db v0.0.0-20200716152335-9bc4580f72a1 h1:0EorIdCoVGD/Nv6zNfXduCubAixzZ/0VH6PGrK8xKug= +github.com/anchore/siren-db v0.0.0-20200716152335-9bc4580f72a1/go.mod h1:kw/8/5C2Shyk5TzyaLZvwABulWJNtJbFo6FaQzeQEs0= github.com/anchore/stereoscope v0.0.0-20200520221116-025e07f1c93e h1:QBwtrM0MXi0z+GcHk3RoSyzaQ+CLgas0bC/uOd1P+PQ= github.com/anchore/stereoscope v0.0.0-20200520221116-025e07f1c93e/go.mod h1:bkyLl5VITnrmgErv4S1vDfVz/TGAZ5il6161IQo7w2g= -github.com/anchore/stereoscope v0.0.0-20200624175800-ef5dbfb7cae4/go.mod h1:f4LZpPnN/5RpQnzcznDsYNeYavFCAW8CpbHN01G3Lh8= github.com/anchore/stereoscope v0.0.0-20200706164556-7cf39d7f4639 h1:J1oytkj+aBuACNF2whtEiVxRXIZ8zwT+EiPTqm/FvwA= github.com/anchore/stereoscope v0.0.0-20200706164556-7cf39d7f4639/go.mod h1:WntReQTI/I27FOQ87UgLVVzWgku6+ZsqfOTLxpIZFCs= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= @@ -212,6 +203,8 @@ github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/denisenkom/go-mssqldb v0.0.0-20191124224453-732737034ffd h1:83Wprp6ROGeiHFAP8WJdI2RoxALQYgdllERc3N5N2DM= +github.com/denisenkom/go-mssqldb v0.0.0-20191124224453-732737034ffd/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU= github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= @@ -241,6 +234,8 @@ github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymF github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5 h1:Yzb9+7DPaBjB8zlTR87/ElzFsnQfuHnVUVqpZZIcV5Y= +github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5/go.mod h1:a2zkGnVExMxdzMo3M0Hi/3sEU+cWnZpSni0O6/Yb/P0= github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= @@ -277,6 +272,7 @@ github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= +github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-test/deep v1.0.6 h1:UHSEyLZUwX9Qoi99vVwvewiMC8mM2bf7XEM2nqvzEn8= @@ -306,6 +302,8 @@ github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zV github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= +github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY= +github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -470,6 +468,12 @@ github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT github.com/jingyugao/rowserrcheck v0.0.0-20191204022205-72ab7603b68a/go.mod h1:xRskid8CManxVta/ALEhJha/pweKBaVG6fWgc0yH25s= github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a h1:zPPuIq2jAWWPTrGt70eK/BSch+gFAGrNzecsoENgu2o= github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a/go.mod h1:yL958EeXv8Ylng6IfnvG4oflryUi3vgA3xPs9hmII1s= +github.com/jinzhu/gorm v1.9.14 h1:Kg3ShyTPcM6nzVo148fRrcMO6MNKuqtOUwnzqMgVniM= +github.com/jinzhu/gorm v1.9.14/go.mod h1:G3LB3wezTOWM2ITLzPxEXgSkOXAntiLHS7UdBefADcs= +github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E= +github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc= +github.com/jinzhu/now v1.0.1 h1:HjfetcXq097iXP0uoPCdnM4Efp5/9MsM0/M+XOTeR3M= +github.com/jinzhu/now v1.0.1/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8= github.com/jirfag/go-printf-func-name v0.0.0-20191110105641-45db9963cdd3/go.mod h1:HEWGJkRDzjJY2sqdDwxccsGicWEf9BQOZsq2tV+xzM0= github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af/go.mod h1:HEWGJkRDzjJY2sqdDwxccsGicWEf9BQOZsq2tV+xzM0= github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= @@ -523,6 +527,7 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= +github.com/lib/pq v1.2.0 h1:LXpIM/LZ5xGFhOpXAQUIMM1HdyqzVYM13zNdjCEEcA0= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381 h1:bqDmpDG49ZRnB5PcgP0RXtQvnMSgIF14M7CBd2shtXs= @@ -825,6 +830,7 @@ golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -832,6 +838,7 @@ golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20191205180655-e7c4368fe9dd/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 h1:cg5LA/zNPRzIXIWSCxQW10Rvpy94aQh3LT/ShoCpkHw= diff --git a/internal/file/hasher.go b/internal/file/hasher.go index 1a734dad..c9af0c0b 100644 --- a/internal/file/hasher.go +++ b/internal/file/hasher.go @@ -11,23 +11,25 @@ import ( "github.com/spf13/afero" ) -func ValidateByHash(fs afero.Fs, path, hashStr string) (bool, error) { +func ValidateByHash(fs afero.Fs, path, hashStr string) (bool, string, error) { var hasher hash.Hash + var hashFn string switch { case strings.HasPrefix(hashStr, "sha256:"): + hashFn = "sha256" hasher = sha256.New() default: - return false, fmt.Errorf("hasher not supported or specified (given: %s)", hashStr) + return false, "", fmt.Errorf("hasher not supported or specified (given: %s)", hashStr) } hashNoPrefix := strings.Split(hashStr, ":")[1] actualHash, err := HashFile(fs, path, hasher) if err != nil { - return false, err + return false, "", err } - return actualHash == hashNoPrefix, nil + return actualHash == hashNoPrefix, hashFn + ":" + actualHash, nil } func HashFile(fs afero.Fs, path string, hasher hash.Hash) (string, error) { diff --git a/vulnscan/constants.go b/vulnscan/constants.go index 2f08244b..7bffadda 100644 --- a/vulnscan/constants.go +++ b/vulnscan/constants.go @@ -2,3 +2,4 @@ package vulnscan // note: must be a single word, all lowercase const LibraryName = "vulnscan" +const DbSchemaConstraint = ">= 1.0.0, < 2.0.0" diff --git a/vulnscan/db/curator.go b/vulnscan/db/curator.go index c9e322f9..1b74c144 100644 --- a/vulnscan/db/curator.go +++ b/vulnscan/db/curator.go @@ -9,15 +9,15 @@ import ( "github.com/anchore/go-version" "github.com/anchore/siren-db/pkg/curation" "github.com/anchore/siren-db/pkg/db" - "github.com/anchore/siren-db/pkg/store/sqlite" + "github.com/anchore/siren-db/pkg/store" "github.com/anchore/vulnscan/internal/file" "github.com/anchore/vulnscan/internal/log" + "github.com/anchore/vulnscan/vulnscan" "github.com/spf13/afero" ) const ( - supportedVersion = "<1.0.0" - FileName = db.StoreFileName + FileName = db.VulnerabilityStoreFileName ) type Config struct { @@ -33,9 +33,9 @@ type Curator struct { } func NewCurator(cfg Config) (Curator, error) { - constraint, err := version.NewConstraint(supportedVersion) + constraint, err := version.NewConstraint(vulnscan.DbSchemaConstraint) if err != nil { - return Curator{}, fmt.Errorf("unable to set DB curator version constraint (%s): %w", supportedVersion, err) + return Curator{}, fmt.Errorf("unable to set DB curator version constraint (%s): %w", vulnscan.DbSchemaConstraint, err) } return Curator{ @@ -53,15 +53,31 @@ func (c *Curator) GetStore() (db.VulnerabilityStoreReader, error) { return nil, fmt.Errorf("vulnerability database is corrupt (run db update to correct): %+v", err) } - // provide an abstraction for the underlying store - connectOptions := sqlite.Options{ - FilePath: path.Join(c.config.DbDir, FileName), - } - store, _, err := sqlite.NewStore(&connectOptions) + dbPath := path.Join(c.config.DbDir, FileName) + s, _, err := store.LoadCurrent(dbPath, false) + return s, err +} + +func (c *Curator) Status() Status { + metadata, err := curation.NewMetadataFromDir(c.fs, c.config.DbDir) if err != nil { - return nil, fmt.Errorf("unable to get vulnerability store: %w", err) + err = fmt.Errorf("failed to parse database metadata (%s): %w", c.config.DbDir, err) + } + if metadata == nil { + err = fmt.Errorf("database metadata not found at %q", c.config.DbDir) + } + + if err == nil { + err = c.Validate() + } + + return Status{ + Age: metadata.Built, + SchemaVersion: metadata.Version.String(), + SchemaConstraint: vulnscan.DbSchemaConstraint, + Location: c.config.DbDir, + Err: err, } - return store, nil } func (c *Curator) Delete() error { @@ -193,12 +209,12 @@ func (c *Curator) validate(dbDirPath string) error { } dbPath := path.Join(dbDirPath, FileName) - valid, err := file.ValidateByHash(c.fs, dbPath, metadata.Checksum) + valid, actualHash, err := file.ValidateByHash(c.fs, dbPath, metadata.Checksum) if err != nil { return err } if !valid { - return fmt.Errorf("bad db checksum (%s)", dbDirPath) + return fmt.Errorf("bad db checksum (%s): %q vs %q", dbPath, metadata.Checksum, actualHash) } if !c.versionConstraint.Check(metadata.Version) { diff --git a/vulnscan/db/status.go b/vulnscan/db/status.go new file mode 100644 index 00000000..f0cb0650 --- /dev/null +++ b/vulnscan/db/status.go @@ -0,0 +1,11 @@ +package db + +import "time" + +type Status struct { + Age time.Time + SchemaVersion string + SchemaConstraint string + Location string + Err error +}