arno/clair
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updater: add a clean function to fetchers

Browse Source
This commit is contained in:
Quentin Machu 2016-01-29 11:22:54 -05:00 committed by Jimmy Zelinskie
parent 6b3f95dc03
commit 431c0ccb03
5 changed files with 38 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
updater/fetchers.go
View File

@ -20,7 +20,12 @@ var fetchers = make(map[string]Fetcher)
// Fetcher represents anything that can fetch vulnerabilities. // Fetcher represents anything that can fetch vulnerabilities.
type Fetcher interface { type Fetcher interface {
// FetchUpdate gets vulnerability updates.
FetchUpdate(database.Datastore) (FetcherResponse, error) FetchUpdate(database.Datastore) (FetcherResponse, error)
// Clean deletes any allocated resources.
// It is invoked when Clair stops.
Clean()
} }
// FetcherResponse represents the sum of results of an update. // FetcherResponse represents the sum of results of an update.

13
updater/fetchers/debian/debian.go
View File

@ -190,11 +190,11 @@ func parseDebianJSON(data *jsonData) (vulnerabilities []database.Vulnerability,
// Create and add the feature version. // Create and add the feature version.
pkg := database.FeatureVersion{ pkg := database.FeatureVersion{
Feature: database.Feature{ Feature: database.Feature{
Name: pkgName, Name: pkgName,
Namespace: database.Namespace{ Namespace: database.Namespace{
Name: "debian:" + database.DebianReleasesMapping[releaseName], Name: "debian:" + database.DebianReleasesMapping[releaseName],
}, },
}, },
Version: version, Version: version,
} }
vulnerability.FixedIn = append(vulnerability.FixedIn, pkg) vulnerability.FixedIn = append(vulnerability.FixedIn, pkg)
@ -249,3 +249,6 @@ func urgencyToSeverity(urgency string) types.Priority {
return types.Unknown return types.Unknown
} }
} }
// Clean deletes any allocated resources.
func (fetcher *DebianFetcher) Clean() {}

5
updater/fetchers/rhel/rhel.go
View File

@ -162,7 +162,7 @@ func parseRHSA(ovalReader io.Reader) (vulnerabilities []database.Vulnerability,
var ov oval var ov oval
err = xml.NewDecoder(ovalReader).Decode(&ov) err = xml.NewDecoder(ovalReader).Decode(&ov)
if err != nil { if err != nil {
log.Errorf("could not decode RHEL's XML: %s.", err) log.Errorf("could not decode RHEL's XML: %s", err)
err = cerrors.ErrCouldNotParse err = cerrors.ErrCouldNotParse
return return
} }
@ -358,3 +358,6 @@ func priority(def definition) types.Priority {
return types.Unknown return types.Unknown
} }
} }
// Clean deletes any allocated resources.
func (f *RHELFetcher) Clean() {}

27
updater/fetchers/ubuntu/ubuntu.go
View File

@ -41,8 +41,6 @@ const (
) )
var ( var (
repositoryLocalPath string
ubuntuIgnoredReleases = map[string]struct{}{ ubuntuIgnoredReleases = map[string]struct{}{
"upstream": struct{}{}, "upstream": struct{}{},
"devel": struct{}{}, "devel": struct{}{},
@ -79,9 +77,11 @@ var (
ErrFilesystem = errors.New("updater/fetchers: something went wrong when interacting with the fs") ErrFilesystem = errors.New("updater/fetchers: something went wrong when interacting with the fs")
) )
// UbuntuFetcher implements updater.Fetcher and get vulnerability updates from // UbuntuFetcher implements updater.Fetcher and gets vulnerability updates from
// the Ubuntu CVE Tracker. // the Ubuntu CVE Tracker.
type UbuntuFetcher struct{} type UbuntuFetcher struct {
repositoryLocalPath string
}
func init() { func init() {
updater.RegisterFetcher("Ubuntu", &UbuntuFetcher{}) updater.RegisterFetcher("Ubuntu", &UbuntuFetcher{})
@ -92,7 +92,7 @@ func (fetcher *UbuntuFetcher) FetchUpdate(datastore database.Datastore) (resp up
log.Info("fetching Ubuntu vulnerabilities") log.Info("fetching Ubuntu vulnerabilities")
// Check to see if the repository does not already exist. // Check to see if the repository does not already exist.
if _, pathExists := os.Stat(repositoryLocalPath); repositoryLocalPath == "" || os.IsNotExist(pathExists) { if _, pathExists := os.Stat(fetcher.repositoryLocalPath); fetcher.repositoryLocalPath == "" || os.IsNotExist(pathExists) {
// Create a temporary folder and download the repository. // Create a temporary folder and download the repository.
p, err := ioutil.TempDir(os.TempDir(), "ubuntu-cve-tracker") p, err := ioutil.TempDir(os.TempDir(), "ubuntu-cve-tracker")
if err != nil { if err != nil {
@ -100,23 +100,23 @@ func (fetcher *UbuntuFetcher) FetchUpdate(datastore database.Datastore) (resp up
} }
// bzr wants an empty target directory. // bzr wants an empty target directory.
repositoryLocalPath = p + "/repository" fetcher.repositoryLocalPath = p + "/repository"
// Create the new repository. // Create the new repository.
err = createRepository(repositoryLocalPath) err = createRepository(fetcher.repositoryLocalPath)
if err != nil { if err != nil {
return resp, err return resp, err
} }
} else { } else {
// Update the repository that's already on disk. // Update the repository that's already on disk.
err = updateRepository(repositoryLocalPath) err = updateRepository(fetcher.repositoryLocalPath)
if err != nil { if err != nil {
return resp, err return resp, err
} }
} }
// Get revision number. // Get revision number.
revisionNumber, err := getRevisionNumber(repositoryLocalPath) revisionNumber, err := getRevisionNumber(fetcher.repositoryLocalPath)
if err != nil { if err != nil {
return resp, err return resp, err
} }
@ -128,7 +128,7 @@ func (fetcher *UbuntuFetcher) FetchUpdate(datastore database.Datastore) (resp up
} }
// Get the list of vulnerabilities that we have to update. // Get the list of vulnerabilities that we have to update.
modifiedCVE, err := collectModifiedVulnerabilities(revisionNumber, dbRevisionNumber, repositoryLocalPath) modifiedCVE, err := collectModifiedVulnerabilities(revisionNumber, dbRevisionNumber, fetcher.repositoryLocalPath)
if err != nil { if err != nil {
return resp, err return resp, err
} }
@ -136,7 +136,7 @@ func (fetcher *UbuntuFetcher) FetchUpdate(datastore database.Datastore) (resp up
notes := make(map[string]struct{}) notes := make(map[string]struct{})
for cvePath := range modifiedCVE { for cvePath := range modifiedCVE {
// Open the CVE file. // Open the CVE file.
file, err := os.Open(repositoryLocalPath + "/" + cvePath) file, err := os.Open(fetcher.repositoryLocalPath + "/" + cvePath)
if err != nil { if err != nil {
// This can happen when a file is modified and then moved in another // This can happen when a file is modified and then moved in another
// commit. // commit.
@ -425,3 +425,8 @@ func ubuntuPriorityToSeverity(priority string) types.Priority {
log.Warning("Could not determine a vulnerability priority from: %s", priority) log.Warning("Could not determine a vulnerability priority from: %s", priority)
return types.Unknown return types.Unknown
} }
// Clean deletes any allocated resources.
func (fetcher *UbuntuFetcher) Clean() {
os.RemoveAll(fetcher.repositoryLocalPath)
}

5
updater/updater.go
View File

@ -143,6 +143,11 @@ func Run(config *config.UpdaterConfig, datastore database.Datastore, st *utils.S
} }
} }
// Clean resources.
for _, fetcher := range fetchers {
fetcher.Clean()
}
log.Info("updater service stopped") log.Info("updater service stopped")
} }