split vulnerability into index & metadata (#51)

This commit is contained in:
Alex Goodman 2020-07-16 14:59:35 -04:00 committed by GitHub
parent 12aeee3b92
commit afb8597aa2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 115 additions and 59 deletions

43
cmd/db_status.go Normal file
View file

@ -0,0 +1,43 @@
package cmd
import (
"fmt"
"os"
"github.com/anchore/vulnscan/vulnscan/db"
"github.com/spf13/cobra"
)
var statusCmd = &cobra.Command{
Use: "status",
Short: "display database status",
Run: func(cmd *cobra.Command, args []string) {
os.Exit(runDbStatusCmd(cmd, args))
},
}
func init() {
dbCmd.AddCommand(statusCmd)
}
func runDbStatusCmd(_ *cobra.Command, _ []string) int {
dbCurator, err := db.NewCurator(appConfig.Db.ToCuratorConfig())
if err != nil {
log.Errorf("could not curate database: %w", err)
return 1
}
status := dbCurator.Status()
fmt.Println("Location: ", status.Location)
fmt.Println("Built: ", status.Age.String())
fmt.Println("Version: ", status.SchemaVersion)
fmt.Println("Constraint: ", status.SchemaConstraint)
if status.Err != nil {
fmt.Printf("Status: INVALID [%+v]\n", status.Err)
} else {
fmt.Println("Status: Valid")
}
return 0
}

View file

@ -65,7 +65,7 @@ func runDefaultCmd(_ *cobra.Command, args []string) int {
log.Infof("Fetching image '%s'", userImageStr)
img, err := stereoscope.GetImage(userImageStr)
if err != nil {
log.Errorf("could not fetch image '%s': %w", userImageStr, err)
log.Errorf("could not fetch image '%s': %+v", userImageStr, err)
return 1
}
defer stereoscope.Cleanup()
@ -73,7 +73,7 @@ func runDefaultCmd(_ *cobra.Command, args []string) int {
log.Info("Cataloging image")
catalog, err := imgbom.CatalogImg(img, appConfig.ScopeOpt)
if err != nil {
log.Errorf("could not catalog image: %w", err)
log.Errorf("could not catalog image: %+v", err)
return 1
}
@ -86,7 +86,7 @@ func runDefaultCmd(_ *cobra.Command, args []string) int {
dbCurator, err := db.NewCurator(appConfig.Db.ToCuratorConfig())
if err != nil {
log.Errorf("could not curate database: %w", err)
log.Errorf("could not curate database: %+v", err)
return 1
}
@ -108,7 +108,7 @@ func runDefaultCmd(_ *cobra.Command, args []string) int {
store, err := dbCurator.GetStore()
if err != nil {
log.Errorf("failed to load vulnerability database: %w", err)
log.Errorf("failed to load vulnerability database: %+v", err)
return 1
}
@ -125,7 +125,7 @@ func runDefaultCmd(_ *cobra.Command, args []string) int {
err = presenter.GetPresenter(presenterType).Present(os.Stdout, catalog, results)
if err != nil {
log.Errorf("could not format catalog results: %w", err)
log.Errorf("could not format catalog results: %+v", err)
return 1
}

View file

@ -1,24 +0,0 @@
package cmd
import (
"os"
"github.com/spf13/cobra"
)
var statusCmd = &cobra.Command{
Use: "status",
Short: "display general status",
Run: func(cmd *cobra.Command, args []string) {
os.Exit(runStatusCmd(cmd, args))
},
}
func init() {
rootCmd.AddCommand(statusCmd)
}
func runStatusCmd(cmd *cobra.Command, args []string) int {
log.Error("status command...")
return 0
}

2
go.mod
View file

@ -7,7 +7,7 @@ require (
github.com/anchore/go-testutils v0.0.0-20200624184116-66aa578126db
github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b
github.com/anchore/imgbom v0.0.0-20200713170720-e8d11eec6992
github.com/anchore/siren-db v0.0.0-20200713191036-498d64d91776
github.com/anchore/siren-db v0.0.0-20200716152335-9bc4580f72a1
github.com/anchore/stereoscope v0.0.0-20200706164556-7cf39d7f4639
github.com/hashicorp/go-getter v1.4.1
github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a

29
go.sum
View file

@ -109,25 +109,16 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
github.com/anchore/go-testutils v0.0.0-20200520222037-edc2bf1864fe h1:YMXe4RA3qy4Ri5fmGQii/Gn+Pxv3oBfiS/LqzeOVuwo=
github.com/anchore/go-testutils v0.0.0-20200520222037-edc2bf1864fe/go.mod h1:D3rc2L/q4Hcp9eeX6AIJH4Q+kPjOtJCFhG9za90j+nU=
github.com/anchore/go-testutils v0.0.0-20200624184116-66aa578126db h1:LWKezJnFTFxNkZ4MzajVf+YWvJS0+7hwFr59u6SS7cw=
github.com/anchore/go-testutils v0.0.0-20200624184116-66aa578126db/go.mod h1:D3rc2L/q4Hcp9eeX6AIJH4Q+kPjOtJCFhG9za90j+nU=
github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b h1:e1bmaoJfZVsCYMrIZBpFxwV26CbsuoEh5muXD5I1Ods=
github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E=
github.com/anchore/imgbom v0.0.0-20200707130654-e040fc89309c h1:ZtIiV609jCuFiqau4E/0swy+3DlQ7ZFuYtOR0m/BXog=
github.com/anchore/imgbom v0.0.0-20200707130654-e040fc89309c/go.mod h1:vrV+LfqB1bcBUPiyfN7ijw88nDs9ZZPaTMaegaw4DUQ=
github.com/anchore/imgbom v0.0.0-20200709210529-ef8c2157725a h1:50nHqj6giq050OpHjntV6oqV2sZFDzBwoRAVfMjzURg=
github.com/anchore/imgbom v0.0.0-20200709210529-ef8c2157725a/go.mod h1:vrV+LfqB1bcBUPiyfN7ijw88nDs9ZZPaTMaegaw4DUQ=
github.com/anchore/imgbom v0.0.0-20200710114513-502e2afd06eb h1:6TLZSeDqLO3ZBYGIkeev/iTJd2Of0p6NLcifD46QRFo=
github.com/anchore/imgbom v0.0.0-20200710114513-502e2afd06eb/go.mod h1:vrV+LfqB1bcBUPiyfN7ijw88nDs9ZZPaTMaegaw4DUQ=
github.com/anchore/imgbom v0.0.0-20200713170720-e8d11eec6992 h1:ERVRoY8sKpccEbuV53NyG/frJzIZ4n4NyOhbSGGOMSs=
github.com/anchore/imgbom v0.0.0-20200713170720-e8d11eec6992/go.mod h1:b7euhNKBz5ReqVtal47okqWXg4YPT2/aitoWyQsDFns=
github.com/anchore/siren-db v0.0.0-20200713191036-498d64d91776 h1:NwYrzqPB1zVdtH7xJqqfpNnM0hTyGxtgiKjFF4SZ1Ho=
github.com/anchore/siren-db v0.0.0-20200713191036-498d64d91776/go.mod h1:iH1dk3aHPzrq7Qc82IG2UDCi6IVDwn9ikgEnnGr3rqU=
github.com/anchore/siren-db v0.0.0-20200716152335-9bc4580f72a1 h1:0EorIdCoVGD/Nv6zNfXduCubAixzZ/0VH6PGrK8xKug=
github.com/anchore/siren-db v0.0.0-20200716152335-9bc4580f72a1/go.mod h1:kw/8/5C2Shyk5TzyaLZvwABulWJNtJbFo6FaQzeQEs0=
github.com/anchore/stereoscope v0.0.0-20200520221116-025e07f1c93e h1:QBwtrM0MXi0z+GcHk3RoSyzaQ+CLgas0bC/uOd1P+PQ=
github.com/anchore/stereoscope v0.0.0-20200520221116-025e07f1c93e/go.mod h1:bkyLl5VITnrmgErv4S1vDfVz/TGAZ5il6161IQo7w2g=
github.com/anchore/stereoscope v0.0.0-20200624175800-ef5dbfb7cae4/go.mod h1:f4LZpPnN/5RpQnzcznDsYNeYavFCAW8CpbHN01G3Lh8=
github.com/anchore/stereoscope v0.0.0-20200706164556-7cf39d7f4639 h1:J1oytkj+aBuACNF2whtEiVxRXIZ8zwT+EiPTqm/FvwA=
github.com/anchore/stereoscope v0.0.0-20200706164556-7cf39d7f4639/go.mod h1:WntReQTI/I27FOQ87UgLVVzWgku6+ZsqfOTLxpIZFCs=
github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
@ -212,6 +203,8 @@ github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/denisenkom/go-mssqldb v0.0.0-20191124224453-732737034ffd h1:83Wprp6ROGeiHFAP8WJdI2RoxALQYgdllERc3N5N2DM=
github.com/denisenkom/go-mssqldb v0.0.0-20191124224453-732737034ffd/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY=
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
@ -241,6 +234,8 @@ github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymF
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5 h1:Yzb9+7DPaBjB8zlTR87/ElzFsnQfuHnVUVqpZZIcV5Y=
github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5/go.mod h1:a2zkGnVExMxdzMo3M0Hi/3sEU+cWnZpSni0O6/Yb/P0=
github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
@ -277,6 +272,7 @@ github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh
github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs=
github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/go-test/deep v1.0.6 h1:UHSEyLZUwX9Qoi99vVwvewiMC8mM2bf7XEM2nqvzEn8=
@ -306,6 +302,8 @@ github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zV
github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls=
github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@ -470,6 +468,12 @@ github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT
github.com/jingyugao/rowserrcheck v0.0.0-20191204022205-72ab7603b68a/go.mod h1:xRskid8CManxVta/ALEhJha/pweKBaVG6fWgc0yH25s=
github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a h1:zPPuIq2jAWWPTrGt70eK/BSch+gFAGrNzecsoENgu2o=
github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a/go.mod h1:yL958EeXv8Ylng6IfnvG4oflryUi3vgA3xPs9hmII1s=
github.com/jinzhu/gorm v1.9.14 h1:Kg3ShyTPcM6nzVo148fRrcMO6MNKuqtOUwnzqMgVniM=
github.com/jinzhu/gorm v1.9.14/go.mod h1:G3LB3wezTOWM2ITLzPxEXgSkOXAntiLHS7UdBefADcs=
github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
github.com/jinzhu/now v1.0.1 h1:HjfetcXq097iXP0uoPCdnM4Efp5/9MsM0/M+XOTeR3M=
github.com/jinzhu/now v1.0.1/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
github.com/jirfag/go-printf-func-name v0.0.0-20191110105641-45db9963cdd3/go.mod h1:HEWGJkRDzjJY2sqdDwxccsGicWEf9BQOZsq2tV+xzM0=
github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af/go.mod h1:HEWGJkRDzjJY2sqdDwxccsGicWEf9BQOZsq2tV+xzM0=
github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
@ -523,6 +527,7 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/lib/pq v1.2.0 h1:LXpIM/LZ5xGFhOpXAQUIMM1HdyqzVYM13zNdjCEEcA0=
github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/logrusorgru/aurora v0.0.0-20181002194514-a7b3b318ed4e/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381 h1:bqDmpDG49ZRnB5PcgP0RXtQvnMSgIF14M7CBd2shtXs=
@ -825,6 +830,7 @@ golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnf
golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@ -832,6 +838,7 @@ golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8U
golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191205180655-e7c4368fe9dd/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 h1:cg5LA/zNPRzIXIWSCxQW10Rvpy94aQh3LT/ShoCpkHw=

View file

@ -11,23 +11,25 @@ import (
"github.com/spf13/afero"
)
func ValidateByHash(fs afero.Fs, path, hashStr string) (bool, error) {
func ValidateByHash(fs afero.Fs, path, hashStr string) (bool, string, error) {
var hasher hash.Hash
var hashFn string
switch {
case strings.HasPrefix(hashStr, "sha256:"):
hashFn = "sha256"
hasher = sha256.New()
default:
return false, fmt.Errorf("hasher not supported or specified (given: %s)", hashStr)
return false, "", fmt.Errorf("hasher not supported or specified (given: %s)", hashStr)
}
hashNoPrefix := strings.Split(hashStr, ":")[1]
actualHash, err := HashFile(fs, path, hasher)
if err != nil {
return false, err
return false, "", err
}
return actualHash == hashNoPrefix, nil
return actualHash == hashNoPrefix, hashFn + ":" + actualHash, nil
}
func HashFile(fs afero.Fs, path string, hasher hash.Hash) (string, error) {

View file

@ -2,3 +2,4 @@ package vulnscan
// note: must be a single word, all lowercase
const LibraryName = "vulnscan"
const DbSchemaConstraint = ">= 1.0.0, < 2.0.0"

View file

@ -9,15 +9,15 @@ import (
"github.com/anchore/go-version"
"github.com/anchore/siren-db/pkg/curation"
"github.com/anchore/siren-db/pkg/db"
"github.com/anchore/siren-db/pkg/store/sqlite"
"github.com/anchore/siren-db/pkg/store"
"github.com/anchore/vulnscan/internal/file"
"github.com/anchore/vulnscan/internal/log"
"github.com/anchore/vulnscan/vulnscan"
"github.com/spf13/afero"
)
const (
supportedVersion = "<1.0.0"
FileName = db.StoreFileName
FileName = db.VulnerabilityStoreFileName
)
type Config struct {
@ -33,9 +33,9 @@ type Curator struct {
}
func NewCurator(cfg Config) (Curator, error) {
constraint, err := version.NewConstraint(supportedVersion)
constraint, err := version.NewConstraint(vulnscan.DbSchemaConstraint)
if err != nil {
return Curator{}, fmt.Errorf("unable to set DB curator version constraint (%s): %w", supportedVersion, err)
return Curator{}, fmt.Errorf("unable to set DB curator version constraint (%s): %w", vulnscan.DbSchemaConstraint, err)
}
return Curator{
@ -53,15 +53,31 @@ func (c *Curator) GetStore() (db.VulnerabilityStoreReader, error) {
return nil, fmt.Errorf("vulnerability database is corrupt (run db update to correct): %+v", err)
}
// provide an abstraction for the underlying store
connectOptions := sqlite.Options{
FilePath: path.Join(c.config.DbDir, FileName),
}
store, _, err := sqlite.NewStore(&connectOptions)
dbPath := path.Join(c.config.DbDir, FileName)
s, _, err := store.LoadCurrent(dbPath, false)
return s, err
}
func (c *Curator) Status() Status {
metadata, err := curation.NewMetadataFromDir(c.fs, c.config.DbDir)
if err != nil {
return nil, fmt.Errorf("unable to get vulnerability store: %w", err)
err = fmt.Errorf("failed to parse database metadata (%s): %w", c.config.DbDir, err)
}
if metadata == nil {
err = fmt.Errorf("database metadata not found at %q", c.config.DbDir)
}
if err == nil {
err = c.Validate()
}
return Status{
Age: metadata.Built,
SchemaVersion: metadata.Version.String(),
SchemaConstraint: vulnscan.DbSchemaConstraint,
Location: c.config.DbDir,
Err: err,
}
return store, nil
}
func (c *Curator) Delete() error {
@ -193,12 +209,12 @@ func (c *Curator) validate(dbDirPath string) error {
}
dbPath := path.Join(dbDirPath, FileName)
valid, err := file.ValidateByHash(c.fs, dbPath, metadata.Checksum)
valid, actualHash, err := file.ValidateByHash(c.fs, dbPath, metadata.Checksum)
if err != nil {
return err
}
if !valid {
return fmt.Errorf("bad db checksum (%s)", dbDirPath)
return fmt.Errorf("bad db checksum (%s): %q vs %q", dbPath, metadata.Checksum, actualHash)
}
if !c.versionConstraint.Check(metadata.Version) {

11
vulnscan/db/status.go Normal file
View file

@ -0,0 +1,11 @@
package db
import "time"
type Status struct {
Age time.Time
SchemaVersion string
SchemaConstraint string
Location string
Err error
}