Merge pull request #70 from anchore/update-grype-db

simplify schema checks and update grype-db

cmd/db_status.go

@@ -31,8 +31,8 @@ func runDbStatusCmd(_ *cobra.Command, _ []string) int {
 	status := dbCurator.Status()
 	fmt.Println("Location: ", status.Location)
 	fmt.Println("Built: ", status.Age.String())
-	fmt.Println("Version: ", status.SchemaVersion)
-	fmt.Println("Constraint: ", status.SchemaConstraint)
+	fmt.Println("Current DB Version: ", status.CurrentSchemaVersion)
+	fmt.Println("Require DB Version: ", status.RequiredSchemeVersion)
 	if status.Err != nil {
 		fmt.Printf("Status: INVALID [%+v]\n", status.Err)
 	} else {

go.mod

@@ -6,7 +6,7 @@ require (
 	github.com/adrg/xdg v0.2.1
 	github.com/anchore/go-testutils v0.0.0-20200624184116-66aa578126db
 	github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b
-	github.com/anchore/grype-db v0.0.0-20200724105409-0ddbeb65f5a3
+	github.com/anchore/grype-db v0.0.0-20200725230023-ff38124c1f49
 	github.com/anchore/syft v0.0.0-20200724122256-9ec5da24dd28
 	github.com/facebookincubator/nvdtools v0.1.4-0.20200622182922-aed862a62ae6
 	github.com/go-test/deep v1.0.7

go.sum

@@ -117,6 +117,8 @@ github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b h1:e1bmaoJfZV
 github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E=
 github.com/anchore/grype-db v0.0.0-20200724105409-0ddbeb65f5a3 h1:otpVUWQ2HXmL7nX5+t3W94qMqJCaSOW+Myen783WJs8=
 github.com/anchore/grype-db v0.0.0-20200724105409-0ddbeb65f5a3/go.mod h1:LINmipRzG88vnJEWvgMMDVCFH1qZsj7+bjmpERlSyaA=
+github.com/anchore/grype-db v0.0.0-20200725230023-ff38124c1f49 h1:nPrHsCcS0kdqfMhEcHx2TVazthM1j2P+UtkZeSLEnz0=
+github.com/anchore/grype-db v0.0.0-20200725230023-ff38124c1f49/go.mod h1:LINmipRzG88vnJEWvgMMDVCFH1qZsj7+bjmpERlSyaA=
 github.com/anchore/siren-db v0.0.0-20200721170640-64923624e7b2 h1:j3MwtIO1HBgGYD7pG0RVl+jXwkgpTfTk1EoT/QFIYhY=
 github.com/anchore/siren-db v0.0.0-20200721170640-64923624e7b2/go.mod h1:/n1sNOhAfvg5CrlhjWOinKEWpeLYYm9H8gv+afWtpOk=
 github.com/anchore/stereoscope v0.0.0-20200520221116-025e07f1c93e h1:QBwtrM0MXi0z+GcHk3RoSyzaQ+CLgas0bC/uOd1P+PQ=

grype/db/curator.go

@@ -6,7 +6,6 @@ import (
 	"os"
 	"path"
 
-	"github.com/anchore/go-version"
 	"github.com/anchore/grype-db/pkg/curation"
 	"github.com/anchore/grype-db/pkg/db"
 	"github.com/anchore/grype-db/pkg/store/sqlite/reader"
@@ -25,23 +24,18 @@ type Config struct {
 }
 
 type Curator struct {
-	fs                afero.Fs
-	config            Config
-	client            file.Getter
-	versionConstraint version.Constraints
+	fs           afero.Fs
+	config       Config
+	client       file.Getter
+	targetSchema int
 }
 
 func NewCurator(cfg Config) (Curator, error) {
-	constraint, err := version.NewConstraint(DbSchemaConstraint)
-	if err != nil {
-		return Curator{}, fmt.Errorf("unable to set DB curator version constraint (%s): %w", DbSchemaConstraint, err)
-	}
-
 	return Curator{
-		config:            cfg,
-		fs:                afero.NewOsFs(),
-		versionConstraint: constraint,
-		client:            &file.HashiGoGetter{},
+		config:       cfg,
+		fs:           afero.NewOsFs(),
+		targetSchema: db.SchemaVersion,
+		client:       &file.HashiGoGetter{},
 	}, nil
 }
 
@@ -71,11 +65,11 @@ func (c *Curator) Status() Status {
 	}
 
 	return Status{
-		Age:              metadata.Built,
-		SchemaVersion:    metadata.Version.String(),
-		SchemaConstraint: DbSchemaConstraint,
-		Location:         c.config.DbDir,
-		Err:              err,
+		Age:                   metadata.Built,
+		CurrentSchemaVersion:  metadata.Version,
+		RequiredSchemeVersion: db.SchemaVersion,
+		Location:              c.config.DbDir,
+		Err:                   err,
 	}
 }
 
@@ -88,10 +82,10 @@ func (c *Curator) IsUpdateAvailable() (bool, *curation.ListingEntry, error) {
 
 	listing, err := curation.NewListingFromURL(c.fs, c.client, c.config.ListingURL)
 	if err != nil {
-		return false, nil, fmt.Errorf("failed to get listing file: %w", err)
+		return false, nil, err
 	}
 
-	updateEntry := listing.BestUpdate(c.versionConstraint)
+	updateEntry := listing.BestUpdate(c.targetSchema)
 	if updateEntry == nil {
 		return false, nil, fmt.Errorf("no db candidates with correct version available (maybe there is an application update available?)")
 	}
@@ -103,7 +97,7 @@ func (c *Curator) IsUpdateAvailable() (bool, *curation.ListingEntry, error) {
 		return false, nil, fmt.Errorf("current metadata corrupt: %w", err)
 	}
 
-	if current.IsSupercededBy(updateEntry) {
+	if current.IsSupersededBy(updateEntry) {
 		log.Debugf("database update available: %s", updateEntry)
 		return true, updateEntry, nil
 	}
@@ -216,8 +210,8 @@ func (c *Curator) validate(dbDirPath string) error {
 		return fmt.Errorf("bad db checksum (%s): %q vs %q", dbPath, metadata.Checksum, actualHash)
 	}
 
-	if !c.versionConstraint.Check(metadata.Version) {
-		return fmt.Errorf("unsupported database version: version=%s constraint=%s", metadata.Version.String(), c.versionConstraint.String())
+	if c.targetSchema != metadata.Version {
+		return fmt.Errorf("unsupported database version: have=%d want=%d", metadata.Version, c.targetSchema)
 	}
 
 	// TODO: add version checks here to ensure this version of the application can use this database version (relative to what the DB says, not JUST the metadata!)

grype/db/curator_test.go

@@ -6,7 +6,6 @@ import (
 	"testing"
 	"time"
 
-	"github.com/anchore/go-version"
 	"github.com/anchore/grype-db/pkg/curation"
 	"github.com/anchore/grype/internal"
 	"github.com/anchore/grype/internal/file"
@@ -59,6 +58,9 @@ func newTestCurator(fs afero.Fs, getter file.Getter, dbDir, metadataUrl string)
 		DbDir:      dbDir,
 		ListingURL: metadataUrl,
 	})
+	if err != nil {
+		return Curator{}, err
+	}
 
 	c.client = getter
 	c.fs = fs
@@ -126,39 +128,33 @@ func TestCuratorValidate(t *testing.T) {
 	tests := []struct {
 		name       string
 		fixture    string
-		constraint string
+		constraint int
 		err        bool
 	}{
 		{
 			name:       "good checksum & good constraint",
 			fixture:    "test-fixtures/curator-validate/good-checksum",
-			constraint: ">=1.0.0, <2.0.0",
+			constraint: 1,
 			err:        false,
 		},
 		{
 			name:       "good checksum & bad constraint",
 			fixture:    "test-fixtures/curator-validate/good-checksum",
-			constraint: ">=0.0.0, <1.0.0",
+			constraint: 2,
 			err:        true,
 		},
 		{
 			name:       "bad checksum & good constraint",
 			fixture:    "test-fixtures/curator-validate/bad-checksum",
-			constraint: ">=1.0.0, <2.0.0",
+			constraint: 1,
 			err:        true,
 		},
 		{
 			name:       "bad checksum & bad constraint",
 			fixture:    "test-fixtures/curator-validate/bad-checksum",
-			constraint: ">=0.0.0, <1.0.0",
+			constraint: 2,
 			err:        true,
 		},
-		{
-			name:       "allow equal version",
-			fixture:    "test-fixtures/curator-validate/good-checksum",
-			constraint: ">=1.1.0",
-			err:        false,
-		},
 	}
 
 	for _, test := range tests {
@@ -172,11 +168,7 @@ func TestCuratorValidate(t *testing.T) {
 				t.Fatalf("failed making curator: %+v", err)
 			}
 
-			constraint, err := version.NewConstraint(test.constraint)
-			if err != nil {
-				t.Errorf("unable to set DB curator version constraint (%s): %w", test.constraint, err)
-			}
-			cur.versionConstraint = constraint
+			cur.targetSchema = test.constraint
 
 			err = cur.validate(test.fixture)
 

grype/db/schema_constraint.go

@@ -1,3 +0,0 @@
-package db
-
-const DbSchemaConstraint = ">= 1.0.0, < 2.0.0"

grype/db/status.go

@@ -3,9 +3,9 @@ package db
 import "time"
 
 type Status struct {
-	Age              time.Time
-	SchemaVersion    string
-	SchemaConstraint string
-	Location         string
-	Err              error
+	Age                   time.Time
+	CurrentSchemaVersion  int
+	RequiredSchemeVersion int
+	Location              string
+	Err                   error
 }

grype/db/test-fixtures/curator-validate/bad-checksum/metadata.json

@@ -1,5 +1,5 @@
 {
     "built": "2020-06-15T14:02:36Z",
-    "version": "1.1.0",
+    "version": 1,
     "checksum": "sha256:deadbeefcafe"
 }

grype/db/test-fixtures/curator-validate/good-checksum/metadata.json

@@ -1,5 +1,5 @@
 {
     "built": "2020-06-15T14:02:36Z",
-    "version": "1.1.0",
+    "version": 1,
     "checksum": "sha256:3baf9c50c94e7f1e65bafac2e6a6d559fb177461dd25bf8fca7e6e9e9c266cb4"
 }

grype/lib.go

@@ -55,14 +55,17 @@ func LoadVulnerabilityDb(cfg db.Config, update bool) (vulnerability.Provider, er
 	if update {
 		updateAvailable, updateEntry, err := dbCurator.IsUpdateAvailable()
 		if err != nil {
-			// TODO: should this be so fatal? we can certainly continue with a warning...
-			return nil, fmt.Errorf("unable to check for vulnerability database update: %w", err)
+			// we want to continue if possible even if we can't check for an update
+			log.Errorf("unable to check for vulnerability database update")
+			log.Debugf("check for vulnerability update failed: %+v", err)
 		}
 		if updateAvailable {
+			log.Infof("Downloading new vulnerability DB")
 			err = dbCurator.UpdateTo(updateEntry)
 			if err != nil {
 				return nil, fmt.Errorf("unable to update vulnerability database: %w", err)
 			}
+			log.Infof("Updated vulnerability DB to version=%d built=%q", updateEntry.Version, updateEntry.Built.String())
 		}
 	}
 

internal/config/config.go

@@ -67,8 +67,7 @@ func setNonCliDefaultValues(v *viper.Viper) {
 	v.SetDefault("db.cache-dir", path.Join(xdg.CacheHome, internal.ApplicationName, "db"))
 	// TODO: change me to the production URL before release
 	v.SetDefault("db.update-url", "http://localhost:5000/listing.json")
-	// TODO: set this to true before release
-	v.SetDefault("db.auto-update", false)
+	v.SetDefault("db.auto-update", true)
 	v.SetDefault("dev.profile-cpu", false)
 	v.SetDefault("check-for-app-update", true)
 }