arno/clair
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

testing commit: modify V1 by add Namespace.Version

Browse Source 
Signed-off-by: liang chenye <liangchenye@huawei.com>
This commit is contained in:
liang chenye 2016-04-27 22:12:24 +08:00
parent 53958f6ea5
commit 27ebef5d90
3 changed files with 73 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
api/v1/README.md
View File

@ -189,8 +189,8 @@ Server: clair
{
"Namespaces": [
{ "Name": "debian:8" },
{ "Name": "debian:9" }
{ "Name": "debian", "Version": "8" },
{ "Name": "debian", "Version": "9" }
]
}
```
@ -227,14 +227,14 @@ Server: clair
"Vulnerabilities": [
{
"Name": "CVE-1999-1332",
"NamespaceName": "debian:8",
"Namespace": {"Name": "debian", "Version": "8"},
"Description": "gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file.",
"Link": "https://security-tracker.debian.org/tracker/CVE-1999-1332",
"Severity": "Low"
},
{
"Name": "CVE-1999-1572",
"NamespaceName": "debian:8",
"Namespace": {"Name": "debian", "Version": "8"},
"Description": "cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.",
"Link": "https://security-tracker.debian.org/tracker/CVE-1999-1572",
"Severity": "Low",
@ -266,7 +266,7 @@ POST http://localhost:6060/v1/namespaces/debian%3A8/vulnerabilities HTTP/1.1
{
"Vulnerability": {
"Name": "CVE-2014-9471",
"NamespaceName": "debian:8",
"Namespace": {"Name": "debian", "Version": "8"},
"Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471",
"Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.",
"Severity": "Low",
@ -281,7 +281,7 @@ POST http://localhost:6060/v1/namespaces/debian%3A8/vulnerabilities HTTP/1.1
"FixedIn": [
{
"Name": "coreutils",
"NamespaceName": "debian:8",
"Namespace": {"Name": "debian", "Version": "8"},
"Version": "8.23-1"
}
]
@ -299,7 +299,7 @@ Server: clair
{
"Vulnerability": {
"Name": "CVE-2014-9471",
"NamespaceName": "debian:8",
"Namespace": {"Name": "debian", "Version": "8"},
"Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471",
"Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.",
"Severity": "Low",
@ -314,7 +314,7 @@ Server: clair
"FixedIn": [
{
"Name": "coreutils",
"NamespaceName": "debian:8",
"Namespace": {"Name": "debian", "Version": "8"},
"Version": "8.23-1"
}
]
@ -350,7 +350,7 @@ Server: clair
{
"Vulnerability": {
"Name": "CVE-2014-9471",
"NamespaceName": "debian:8",
"Namespace": {"Name": "debian", "Version": "8"},
"Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471",
"Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.",
"Severity": "Low",
@ -365,7 +365,7 @@ Server: clair
"FixedIn": [
{
"Name": "coreutils",
"NamespaceName": "debian:8",
"Namespace": {"Name": "debian", "Version": "8"},
"Version": "8.23-1"
}
]
@ -390,7 +390,7 @@ PUT http://localhost:6060/v1/namespaces/debian%3A8/vulnerabilities/CVE-2014-9471
{
"Vulnerability": {
"Name": "CVE-2014-9471",
"NamespaceName": "debian:8",
"Namespace": {"Name": "debian", "Version": "8"},
"Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471",
"Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.",
"Severity": "Low",
@ -415,7 +415,7 @@ Server: clair
{
"Vulnerability": {
"Name": "CVE-2014-9471",
"NamespaceName": "debian:8",
"Namespace": {"Name": "debian", "Version": "8"},
"Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471",
"Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.",
"Severity": "Low",
@ -477,7 +477,7 @@ Server: clair
"Features": [
{
"Name": "coreutils",
"NamespaceName": "debian:8",
"Namespace": {"Name": "debian", "Version": "8"},
"Version": "8.23-1"
}
]
@ -498,7 +498,7 @@ PUT http://localhost:6060/v1/namespaces/debian%3A8/vulnerabilities/CVE-2014-9471
{
"Feature": {
"Name": "coreutils",
"NamespaceName": "debian:8",
"Namespace": {"Name": "debian", "Version": "8"},
"Version": "4.24-9"
}
}
@ -513,7 +513,7 @@ Server: clair
{
"Feature": {
"Name": "coreutils",
"NamespaceName": "debian:8",
"Namespace": {"Name": "debian", "Version": "8"},
"Version": "4.24-9"
}
}
@ -578,13 +578,13 @@ Server: clair
"New": {
"Vulnerability": {
"Name": "CVE-TEST",
"NamespaceName": "debian:8",
"Namespace": {"Name": "debian", "Version": "8"},
"Description": "New CVE",
"Severity": "Low",
"FixedIn": [
{
"Name": "grep",
"NamespaceName": "debian:8",
"Namespace": {"Name": "debian", "Version": "8"},
"Version": "2.25"
}
]
@ -597,7 +597,7 @@ Server: clair
"Old": {
"Vulnerability": {
"Name": "CVE-TEST",
"NamespaceName": "debian:8",
"Namespace": {"Name": "debian", "Version": "8"},
"Description": "New CVE",
"Severity": "Low",
"FixedIn": []

81
api/v1/models.go
View File

@ -34,13 +34,13 @@ type Error struct {
}
type Layer struct {
Name string `json:"Name,omitempty"`
NamespaceNames []string `json:"NamespaceNames,omitempty"`
Path string `json:"Path,omitempty"`
ParentName string `json:"ParentName,omitempty"`
Format string `json:"Format,omitempty"`
IndexedByVersion int `json:"IndexedByVersion,omitempty"`
Features []Feature `json:"Features,omitempty"`
Name string `json:"Name,omitempty"`
Namespaces []Namespace `json:"NamespaceName,omitempty"`
Path string `json:"Path,omitempty"`
ParentName string `json:"ParentName,omitempty"`
Format string `json:"Format,omitempty"`
IndexedByVersion int `json:"IndexedByVersion,omitempty"`
Features []Feature `json:"Features,omitempty"`
}
func LayerFromDatabaseModel(dbLayer database.Layer, withFeatures, withVulnerabilities bool) Layer {
@ -54,26 +54,26 @@ func LayerFromDatabaseModel(dbLayer database.Layer, withFeatures, withVulnerabil
}
for _, namespace := range dbLayer.Namespaces {
layer.NamespaceNames = append(layer.NamespaceNames, namespace.Name)
layer.Namespaces = append(layer.Namespaces, Namespace{Name: namespace.Name, Version: namespace.Version.String()})
}
if withFeatures || withVulnerabilities && dbLayer.Features != nil {
for _, dbFeatureVersion := range dbLayer.Features {
feature := Feature{
Name: dbFeatureVersion.Feature.Name,
NamespaceName: dbFeatureVersion.Feature.Namespace.Name,
Version: dbFeatureVersion.Version.String(),
AddedBy: dbFeatureVersion.AddedBy.Name,
Name: dbFeatureVersion.Feature.Name,
Namespace: Namespace{Name: dbFeatureVersion.Feature.Namespace.Name, Version: dbFeatureVersion.Feature.Namespace.Version.String()},
Version: dbFeatureVersion.Version.String(),
AddedBy: dbFeatureVersion.AddedBy.Name,
}
for _, dbVuln := range dbFeatureVersion.AffectedBy {
vuln := Vulnerability{
Name: dbVuln.Name,
NamespaceName: dbVuln.Namespace.Name,
Description: dbVuln.Description,
Link: dbVuln.Link,
Severity: string(dbVuln.Severity),
Metadata: dbVuln.Metadata,
Name: dbVuln.Name,
Namespace: Namespace{Name: dbVuln.Namespace.Name, Version: dbVuln.Namespace.Version.String()},
Description: dbVuln.Description,
Link: dbVuln.Link,
Severity: string(dbVuln.Severity),
Metadata: dbVuln.Metadata,
}
if dbVuln.FixedBy != types.MaxVersion {
@ -89,18 +89,19 @@ func LayerFromDatabaseModel(dbLayer database.Layer, withFeatures, withVulnerabil
}
type Namespace struct {
Name string `json:"Name,omitempty"`
Name string `json:"Name,omitempty"`
Version string `json:"Version, omitempty"`
}
type Vulnerability struct {
Name string `json:"Name,omitempty"`
NamespaceName string `json:"NamespaceName,omitempty"`
Description string `json:"Description,omitempty"`
Link string `json:"Link,omitempty"`
Severity string `json:"Severity,omitempty"`
Metadata map[string]interface{} `json:"Metadata,omitempty"`
FixedBy string `json:"FixedBy,omitempty"`
FixedIn []Feature `json:"FixedIn,omitempty"`
Name string `json:"Name,omitempty"`
Namespace Namespace `json:"Namespace,omitempty"`
Description string `json:"Description,omitempty"`
Link string `json:"Link,omitempty"`
Severity string `json:"Severity,omitempty"`
Metadata map[string]interface{} `json:"Metadata,omitempty"`
FixedBy string `json:"FixedBy,omitempty"`
FixedIn []Feature `json:"FixedIn,omitempty"`
}
func (v Vulnerability) DatabaseModel() (database.Vulnerability, error) {
@ -121,7 +122,7 @@ func (v Vulnerability) DatabaseModel() (database.Vulnerability, error) {
return database.Vulnerability{
Name: v.Name,
Namespace: database.Namespace{Name: v.NamespaceName},
Namespace: database.Namespace{Name: v.Namespace.Name, Version: types.NewVersionUnsafe(v.Namespace.Version)},
Description: v.Description,
Link: v.Link,
Severity: severity,
@ -132,12 +133,12 @@ func (v Vulnerability) DatabaseModel() (database.Vulnerability, error) {
func VulnerabilityFromDatabaseModel(dbVuln database.Vulnerability, withFixedIn bool) Vulnerability {
vuln := Vulnerability{
Name: dbVuln.Name,
NamespaceName: dbVuln.Namespace.Name,
Description: dbVuln.Description,
Link: dbVuln.Link,
Severity: string(dbVuln.Severity),
Metadata: dbVuln.Metadata,
Name: dbVuln.Name,
Namespace: Namespace{Name: dbVuln.Namespace.Name, Version: dbVuln.Namespace.Version.String()},
Description: dbVuln.Description,
Link: dbVuln.Link,
Severity: string(dbVuln.Severity),
Metadata: dbVuln.Metadata,
}
if withFixedIn {
@ -151,7 +152,7 @@ func VulnerabilityFromDatabaseModel(dbVuln database.Vulnerability, withFixedIn b
type Feature struct {
Name string `json:"Name,omitempty"`
NamespaceName string `json:"NamespaceName,omitempty"`
Namespace Namespace `json:"Namespace,omitempty"`
Version string `json:"Version,omitempty"`
Vulnerabilities []Vulnerability `json:"Vulnerabilities,omitempty"`
AddedBy string `json:"AddedBy,omitempty"`
@ -164,10 +165,10 @@ func FeatureFromDatabaseModel(dbFeatureVersion database.FeatureVersion) Feature
}
return Feature{
Name: dbFeatureVersion.Feature.Name,
NamespaceName: dbFeatureVersion.Feature.Namespace.Name,
Version: versionStr,
AddedBy: dbFeatureVersion.AddedBy.Name,
Name: dbFeatureVersion.Feature.Name,
Namespace: Namespace{Name: dbFeatureVersion.Feature.Namespace.Name, Version: dbFeatureVersion.Feature.Namespace.Version.String()},
Version: versionStr,
AddedBy: dbFeatureVersion.AddedBy.Name,
}
}
@ -186,7 +187,7 @@ func (f Feature) DatabaseModel() (database.FeatureVersion, error) {
return database.FeatureVersion{
Feature: database.Feature{
Name: f.Name,
Namespace: database.Namespace{Name: f.NamespaceName},
Namespace: database.Namespace{Name: f.Namespace.Name, Version: types.NewVersionUnsafe(f.Namespace.Version)},
},
Version: version,
}, nil

23
api/v1/routes.go
View File

@ -29,6 +29,7 @@ import (
"github.com/coreos/clair/database"
"github.com/coreos/clair/utils"
cerrors "github.com/coreos/clair/utils/errors"
"github.com/coreos/clair/utils/types"
"github.com/coreos/clair/worker"
)
@ -178,7 +179,7 @@ func getNamespaces(w http.ResponseWriter, r *http.Request, p httprouter.Params,
}
var namespaces []Namespace
for _, dbNamespace := range dbNamespaces {
namespaces = append(namespaces, Namespace{Name: dbNamespace.Name})
namespaces = append(namespaces, Namespace{Name: dbNamespace.Name, Version: dbNamespace.Version.String()})
}
writeResponse(w, r, http.StatusOK, NamespaceEnvelope{Namespaces: &namespaces})
@ -212,8 +213,8 @@ func getVulnerabilities(w http.ResponseWriter, r *http.Request, p httprouter.Par
}
}
namespace := p.ByName("namespaceName")
if namespace == "" {
namespace := getNamespace(p.ByName("namespaceName"), p.ByName("namespaceVersion"))
if namespace.IsEmpty() {
writeResponse(w, r, http.StatusBadRequest, VulnerabilityEnvelope{Error: &Error{"namespace should not be empty"}})
return getNotificationRoute, http.StatusBadRequest
}
@ -285,7 +286,7 @@ func postVulnerability(w http.ResponseWriter, r *http.Request, p httprouter.Para
func getVulnerability(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx *context.RouteContext) (string, int) {
_, withFixedIn := r.URL.Query()["fixedIn"]
dbVuln, err := ctx.Store.FindVulnerability(p.ByName("namespaceName"), p.ByName("vulnerabilityName"))
dbVuln, err := ctx.Store.FindVulnerability(getNamespace(p.ByName("namespaceName"), p.ByName("namespaceVersion")), p.ByName("vulnerabilityName"))
if err == cerrors.ErrNotFound {
writeResponse(w, r, http.StatusNotFound, VulnerabilityEnvelope{Error: &Error{err.Error()}})
return getVulnerabilityRoute, http.StatusNotFound
@ -324,7 +325,7 @@ func putVulnerability(w http.ResponseWriter, r *http.Request, p httprouter.Param
return putVulnerabilityRoute, http.StatusBadRequest
}
vuln.Namespace.Name = p.ByName("namespaceName")
vuln.Namespace = getNamespace(p.ByName("namespaceName"), p.ByName("namespaceVersion"))
vuln.Name = p.ByName("vulnerabilityName")
err = ctx.Store.InsertVulnerabilities([]database.Vulnerability{vuln}, true)
@ -344,7 +345,7 @@ func putVulnerability(w http.ResponseWriter, r *http.Request, p httprouter.Param
}
func deleteVulnerability(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx *context.RouteContext) (string, int) {
err := ctx.Store.DeleteVulnerability(p.ByName("namespaceName"), p.ByName("vulnerabilityName"))
err := ctx.Store.DeleteVulnerability(getNamespace(p.ByName("namespaceName"), p.ByName("namespaceVersion")), p.ByName("vulnerabilityName"))
if err == cerrors.ErrNotFound {
writeResponse(w, r, http.StatusNotFound, VulnerabilityEnvelope{Error: &Error{err.Error()}})
return deleteVulnerabilityRoute, http.StatusNotFound
@ -358,7 +359,7 @@ func deleteVulnerability(w http.ResponseWriter, r *http.Request, p httprouter.Pa
}
func getFixes(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx *context.RouteContext) (string, int) {
dbVuln, err := ctx.Store.FindVulnerability(p.ByName("namespaceName"), p.ByName("vulnerabilityName"))
dbVuln, err := ctx.Store.FindVulnerability(getNamespace(p.ByName("namespaceName"), p.ByName("namespaceVersion")), p.ByName("vulnerabilityName"))
if err == cerrors.ErrNotFound {
writeResponse(w, r, http.StatusNotFound, FeatureEnvelope{Error: &Error{err.Error()}})
return getFixesRoute, http.StatusNotFound
@ -396,7 +397,7 @@ func putFix(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx *co
return putFixRoute, http.StatusBadRequest
}
err = ctx.Store.InsertVulnerabilityFixes(p.ByName("vulnerabilityNamespace"), p.ByName("vulnerabilityName"), []database.FeatureVersion{dbFix})
err = ctx.Store.InsertVulnerabilityFixes(getNamespace(p.ByName("vulnerabilityNamespaceName"), p.ByName("vulnerabilityNamespaceVersion")), p.ByName("vulnerabilityName"), []database.FeatureVersion{dbFix})
if err != nil {
switch err.(type) {
case *cerrors.ErrBadRequest:
@ -417,7 +418,7 @@ func putFix(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx *co
}
func deleteFix(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx *context.RouteContext) (string, int) {
err := ctx.Store.DeleteVulnerabilityFix(p.ByName("vulnerabilityNamespace"), p.ByName("vulnerabilityName"), p.ByName("fixName"))
err := ctx.Store.DeleteVulnerabilityFix(getNamespace(p.ByName("vulnerabilityNamespaceName"), p.ByName("vulnerabilityNamespaceVersion")), p.ByName("vulnerabilityName"), p.ByName("fixName"))
if err == cerrors.ErrNotFound {
writeResponse(w, r, http.StatusNotFound, FeatureEnvelope{Error: &Error{err.Error()}})
return deleteFixRoute, http.StatusNotFound
@ -496,3 +497,7 @@ func getMetrics(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx
prometheus.Handler().ServeHTTP(w, r)
return getMetricsRoute, 0
}
func getNamespace(name, version string) database.Namespace {
return database.Namespace{Name: name, Version: types.NewVersionUnsafe(version)}
}