diff --git a/updater/fetchers.go b/updater/fetchers.go index af09eeb9..609ecd40 100644 --- a/updater/fetchers.go +++ b/updater/fetchers.go @@ -20,7 +20,12 @@ var fetchers = make(map[string]Fetcher) // Fetcher represents anything that can fetch vulnerabilities. type Fetcher interface { + // FetchUpdate gets vulnerability updates. FetchUpdate(database.Datastore) (FetcherResponse, error) + + // Clean deletes any allocated resources. + // It is invoked when Clair stops. + Clean() } // FetcherResponse represents the sum of results of an update. diff --git a/updater/fetchers/debian/debian.go b/updater/fetchers/debian/debian.go index 7f1ec9c5..cbebcf0f 100644 --- a/updater/fetchers/debian/debian.go +++ b/updater/fetchers/debian/debian.go @@ -190,11 +190,11 @@ func parseDebianJSON(data *jsonData) (vulnerabilities []database.Vulnerability, // Create and add the feature version. pkg := database.FeatureVersion{ Feature: database.Feature{ - Name: pkgName, - Namespace: database.Namespace{ - Name: "debian:" + database.DebianReleasesMapping[releaseName], - }, - }, + Name: pkgName, + Namespace: database.Namespace{ + Name: "debian:" + database.DebianReleasesMapping[releaseName], + }, + }, Version: version, } vulnerability.FixedIn = append(vulnerability.FixedIn, pkg) @@ -249,3 +249,6 @@ func urgencyToSeverity(urgency string) types.Priority { return types.Unknown } } + +// Clean deletes any allocated resources. +func (fetcher *DebianFetcher) Clean() {} diff --git a/updater/fetchers/rhel/rhel.go b/updater/fetchers/rhel/rhel.go index 3bd28fc3..848678d0 100644 --- a/updater/fetchers/rhel/rhel.go +++ b/updater/fetchers/rhel/rhel.go @@ -162,7 +162,7 @@ func parseRHSA(ovalReader io.Reader) (vulnerabilities []database.Vulnerability, var ov oval err = xml.NewDecoder(ovalReader).Decode(&ov) if err != nil { - log.Errorf("could not decode RHEL's XML: %s.", err) + log.Errorf("could not decode RHEL's XML: %s", err) err = cerrors.ErrCouldNotParse return } @@ -358,3 +358,6 @@ func priority(def definition) types.Priority { return types.Unknown } } + +// Clean deletes any allocated resources. +func (f *RHELFetcher) Clean() {} diff --git a/updater/fetchers/ubuntu/ubuntu.go b/updater/fetchers/ubuntu/ubuntu.go index 3ea72765..776401e3 100644 --- a/updater/fetchers/ubuntu/ubuntu.go +++ b/updater/fetchers/ubuntu/ubuntu.go @@ -41,8 +41,6 @@ const ( ) var ( - repositoryLocalPath string - ubuntuIgnoredReleases = map[string]struct{}{ "upstream": struct{}{}, "devel": struct{}{}, @@ -79,9 +77,11 @@ var ( ErrFilesystem = errors.New("updater/fetchers: something went wrong when interacting with the fs") ) -// UbuntuFetcher implements updater.Fetcher and get vulnerability updates from +// UbuntuFetcher implements updater.Fetcher and gets vulnerability updates from // the Ubuntu CVE Tracker. -type UbuntuFetcher struct{} +type UbuntuFetcher struct { + repositoryLocalPath string +} func init() { updater.RegisterFetcher("Ubuntu", &UbuntuFetcher{}) @@ -92,7 +92,7 @@ func (fetcher *UbuntuFetcher) FetchUpdate(datastore database.Datastore) (resp up log.Info("fetching Ubuntu vulnerabilities") // Check to see if the repository does not already exist. - if _, pathExists := os.Stat(repositoryLocalPath); repositoryLocalPath == "" || os.IsNotExist(pathExists) { + if _, pathExists := os.Stat(fetcher.repositoryLocalPath); fetcher.repositoryLocalPath == "" || os.IsNotExist(pathExists) { // Create a temporary folder and download the repository. p, err := ioutil.TempDir(os.TempDir(), "ubuntu-cve-tracker") if err != nil { @@ -100,23 +100,23 @@ func (fetcher *UbuntuFetcher) FetchUpdate(datastore database.Datastore) (resp up } // bzr wants an empty target directory. - repositoryLocalPath = p + "/repository" + fetcher.repositoryLocalPath = p + "/repository" // Create the new repository. - err = createRepository(repositoryLocalPath) + err = createRepository(fetcher.repositoryLocalPath) if err != nil { return resp, err } } else { // Update the repository that's already on disk. - err = updateRepository(repositoryLocalPath) + err = updateRepository(fetcher.repositoryLocalPath) if err != nil { return resp, err } } // Get revision number. - revisionNumber, err := getRevisionNumber(repositoryLocalPath) + revisionNumber, err := getRevisionNumber(fetcher.repositoryLocalPath) if err != nil { return resp, err } @@ -128,7 +128,7 @@ func (fetcher *UbuntuFetcher) FetchUpdate(datastore database.Datastore) (resp up } // Get the list of vulnerabilities that we have to update. - modifiedCVE, err := collectModifiedVulnerabilities(revisionNumber, dbRevisionNumber, repositoryLocalPath) + modifiedCVE, err := collectModifiedVulnerabilities(revisionNumber, dbRevisionNumber, fetcher.repositoryLocalPath) if err != nil { return resp, err } @@ -136,7 +136,7 @@ func (fetcher *UbuntuFetcher) FetchUpdate(datastore database.Datastore) (resp up notes := make(map[string]struct{}) for cvePath := range modifiedCVE { // Open the CVE file. - file, err := os.Open(repositoryLocalPath + "/" + cvePath) + file, err := os.Open(fetcher.repositoryLocalPath + "/" + cvePath) if err != nil { // This can happen when a file is modified and then moved in another // commit. @@ -425,3 +425,8 @@ func ubuntuPriorityToSeverity(priority string) types.Priority { log.Warning("Could not determine a vulnerability priority from: %s", priority) return types.Unknown } + +// Clean deletes any allocated resources. +func (fetcher *UbuntuFetcher) Clean() { + os.RemoveAll(fetcher.repositoryLocalPath) +} diff --git a/updater/updater.go b/updater/updater.go index cc0d3386..1f3f54df 100644 --- a/updater/updater.go +++ b/updater/updater.go @@ -143,6 +143,11 @@ func Run(config *config.UpdaterConfig, datastore database.Datastore, st *utils.S } } + // Clean resources. + for _, fetcher := range fetchers { + fetcher.Clean() + } + log.Info("updater service stopped") }