arno/clair
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #100 from jzelinskie/namespaces

Browse Source 
api/v1: create namespace type
This commit is contained in:
Jimmy Zelinskie 2016-03-16 15:35:00 -04:00
commit d73cfd116d
4 changed files with 63 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
api/v1/README.md
View File

@ -122,18 +122,18 @@ Server: clair
{ {
"Layer": { "Layer": {
"Name": "17675ec01494d651e1ccf81dc9cf63959ebfeed4f978fddb1666b6ead008ed52", "Name": "17675ec01494d651e1ccf81dc9cf63959ebfeed4f978fddb1666b6ead008ed52",
"Namespace": "debian:8", "NamespaceName": "debian:8",
"ParentName": "140f9bdfeb9784cf8730e9dab5dd12fbd704151cf555ac8cae650451794e5ac2", "ParentName": "140f9bdfeb9784cf8730e9dab5dd12fbd704151cf555ac8cae650451794e5ac2",
"IndexedByVersion": 1, "IndexedByVersion": 1,
"Features": [ "Features": [
{ {
"Name": "coreutils", "Name": "coreutils",
"Namespace": "debian:8", "NamespaceName": "debian:8",
"Version": "8.23-4", "Version": "8.23-4",
"Vulnerabilities": [ "Vulnerabilities": [
{ {
"Name": "CVE-2014-9471", "Name": "CVE-2014-9471",
"Namespace": "debian:8", "NamespaceName": "debian:8",
"Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.", "Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.",
"Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471", "Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471",
"Severity": "Low", "Severity": "Low",
@ -189,8 +189,8 @@ Server: clair
{ {
"Namespaces": [ "Namespaces": [
"debian:8", { "Name": "debian:8" },
"debian:9" { "Name": "debian:9" }
] ]
} }
``` ```
@ -227,14 +227,14 @@ Server: clair
"Vulnerabilities": [ "Vulnerabilities": [
{ {
"Name": "CVE-1999-1332", "Name": "CVE-1999-1332",
"Namespace": "debian:8", "NamespaceName": "debian:8",
"Description": "gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file.", "Description": "gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file.",
"Link": "https://security-tracker.debian.org/tracker/CVE-1999-1332", "Link": "https://security-tracker.debian.org/tracker/CVE-1999-1332",
"Severity": "Low" "Severity": "Low"
}, },
{ {
"Name": "CVE-1999-1572", "Name": "CVE-1999-1572",
"Namespace": "debian:8", "NamespaceName": "debian:8",
"Description": "cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.", "Description": "cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.",
"Link": "https://security-tracker.debian.org/tracker/CVE-1999-1572", "Link": "https://security-tracker.debian.org/tracker/CVE-1999-1572",
"Severity": "Low", "Severity": "Low",
@ -266,7 +266,7 @@ POST http://localhost:6060/v1/namespaces/debian%3A8/vulnerabilities HTTP/1.1
{ {
"Vulnerability": { "Vulnerability": {
"Name": "CVE-2014-9471", "Name": "CVE-2014-9471",
"Namespace": "debian:8", "NamespaceName": "debian:8",
"Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471", "Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471",
"Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.", "Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.",
"Severity": "Low", "Severity": "Low",
@ -281,7 +281,7 @@ POST http://localhost:6060/v1/namespaces/debian%3A8/vulnerabilities HTTP/1.1
"FixedIn": [ "FixedIn": [
{ {
"Name": "coreutils", "Name": "coreutils",
"Namespace": "debian:8", "NamespaceName": "debian:8",
"Version": "8.23-1" "Version": "8.23-1"
} }
] ]
@ -299,7 +299,7 @@ Server: clair
{ {
"Vulnerability": { "Vulnerability": {
"Name": "CVE-2014-9471", "Name": "CVE-2014-9471",
"Namespace": "debian:8", "NamespaceName": "debian:8",
"Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471", "Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471",
"Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.", "Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.",
"Severity": "Low", "Severity": "Low",
@ -314,7 +314,7 @@ Server: clair
"FixedIn": [ "FixedIn": [
{ {
"Name": "coreutils", "Name": "coreutils",
"Namespace": "debian:8", "NamespaceName": "debian:8",
"Version": "8.23-1" "Version": "8.23-1"
} }
] ]
@ -350,7 +350,7 @@ Server: clair
{ {
"Vulnerability": { "Vulnerability": {
"Name": "CVE-2014-9471", "Name": "CVE-2014-9471",
"Namespace": "debian:8", "NamespaceName": "debian:8",
"Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471", "Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471",
"Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.", "Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.",
"Severity": "Low", "Severity": "Low",
@ -365,7 +365,7 @@ Server: clair
"FixedIn": [ "FixedIn": [
{ {
"Name": "coreutils", "Name": "coreutils",
"Namespace": "debian:8", "NamespaceName": "debian:8",
"Version": "8.23-1" "Version": "8.23-1"
} }
] ]
@ -390,7 +390,7 @@ PUT http://localhost:6060/v1/namespaces/debian%3A8/vulnerabilities/CVE-2014-9471
{ {
"Vulnerability": { "Vulnerability": {
"Name": "CVE-2014-9471", "Name": "CVE-2014-9471",
"Namespace": "debian:8", "NamespaceName": "debian:8",
"Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471", "Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471",
"Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.", "Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.",
"Severity": "Low", "Severity": "Low",
@ -415,7 +415,7 @@ Server: clair
{ {
"Vulnerability": { "Vulnerability": {
"Name": "CVE-2014-9471", "Name": "CVE-2014-9471",
"Namespace": "debian:8", "NamespaceName": "debian:8",
"Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471", "Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471",
"Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.", "Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.",
"Severity": "Low", "Severity": "Low",
@ -477,7 +477,7 @@ Server: clair
"Features": [ "Features": [
{ {
"Name": "coreutils", "Name": "coreutils",
"Namespace": "debian:8", "NamespaceName": "debian:8",
"Version": "8.23-1" "Version": "8.23-1"
} }
] ]
@ -498,7 +498,7 @@ PUT http://localhost:6060/v1/namespaces/debian%3A8/vulnerabilities/CVE-2014-9471
{ {
"Feature": { "Feature": {
"Name": "coreutils", "Name": "coreutils",
"Namespace": "debian:8", "NamespaceName": "debian:8",
"Version": "4.24-9" "Version": "4.24-9"
} }
} }
@ -513,7 +513,7 @@ Server: clair
{ {
"Feature": { "Feature": {
"Name": "coreutils", "Name": "coreutils",
"Namespace": "debian:8", "NamespaceName": "debian:8",
"Version": "4.24-9" "Version": "4.24-9"
} }
} }
@ -578,13 +578,13 @@ Server: clair
"New": { "New": {
"Vulnerability": { "Vulnerability": {
"Name": "CVE-TEST", "Name": "CVE-TEST",
"Namespace": "debian:8", "NamespaceName": "debian:8",
"Description": "New CVE", "Description": "New CVE",
"Severity": "Low", "Severity": "Low",
"FixedIn": [ "FixedIn": [
{ {
"Name": "grep", "Name": "grep",
"Namespace": "debian:8", "NamespaceName": "debian:8",
"Version": "2.25" "Version": "2.25"
} }
] ]
@ -597,7 +597,7 @@ Server: clair
"Old": { "Old": {
"Vulnerability": { "Vulnerability": {
"Name": "CVE-TEST", "Name": "CVE-TEST",
"Namespace": "debian:8", "NamespaceName": "debian:8",
"Description": "New CVE", "Description": "New CVE",
"Severity": "Low", "Severity": "Low",
"FixedIn": [] "FixedIn": []

74
api/v1/models.go
View File

@ -35,7 +35,7 @@ type Error struct {
type Layer struct { type Layer struct {
Name string `json:"Name,omitempty"` Name string `json:"Name,omitempty"`
Namespace string `json:"Namespace,omitempty"` NamespaceName string `json:"NamespaceName,omitempty"`
Path string `json:"Path,omitempty"` Path string `json:"Path,omitempty"`
ParentName string `json:"ParentName,omitempty"` ParentName string `json:"ParentName,omitempty"`
Format string `json:"Format,omitempty"` Format string `json:"Format,omitempty"`
@ -54,26 +54,26 @@ func LayerFromDatabaseModel(dbLayer database.Layer, withFeatures, withVulnerabil
} }
if dbLayer.Namespace != nil { if dbLayer.Namespace != nil {
layer.Namespace = dbLayer.Namespace.Name layer.NamespaceName = dbLayer.Namespace.Name
} }
if withFeatures || withVulnerabilities && dbLayer.Features != nil { if withFeatures || withVulnerabilities && dbLayer.Features != nil {
for _, dbFeatureVersion := range dbLayer.Features { for _, dbFeatureVersion := range dbLayer.Features {
feature := Feature{ feature := Feature{
Name: dbFeatureVersion.Feature.Name, Name: dbFeatureVersion.Feature.Name,
Namespace: dbFeatureVersion.Feature.Namespace.Name, NamespaceName: dbFeatureVersion.Feature.Namespace.Name,
Version: dbFeatureVersion.Version.String(), Version: dbFeatureVersion.Version.String(),
AddedBy: dbFeatureVersion.AddedBy.Name, AddedBy: dbFeatureVersion.AddedBy.Name,
} }
for _, dbVuln := range dbFeatureVersion.AffectedBy { for _, dbVuln := range dbFeatureVersion.AffectedBy {
vuln := Vulnerability{ vuln := Vulnerability{
Name: dbVuln.Name, Name: dbVuln.Name,
Namespace: dbVuln.Namespace.Name, NamespaceName: dbVuln.Namespace.Name,
Description: dbVuln.Description, Description: dbVuln.Description,
Link: dbVuln.Link, Link: dbVuln.Link,
Severity: string(dbVuln.Severity), Severity: string(dbVuln.Severity),
Metadata: dbVuln.Metadata, Metadata: dbVuln.Metadata,
} }
if dbVuln.FixedBy != types.MaxVersion { if dbVuln.FixedBy != types.MaxVersion {
@ -88,15 +88,19 @@ func LayerFromDatabaseModel(dbLayer database.Layer, withFeatures, withVulnerabil
return layer return layer
} }
type Namespace struct {
Name string `json:"Name,omitempty"`
}
type Vulnerability struct { type Vulnerability struct {
Name string `json:"Name,omitempty"` Name string `json:"Name,omitempty"`
Namespace string `json:"Namespace,omitempty"` NamespaceName string `json:"NamespaceName,omitempty"`
Description string `json:"Description,omitempty"` Description string `json:"Description,omitempty"`
Link string `json:"Link,omitempty"` Link string `json:"Link,omitempty"`
Severity string `json:"Severity,omitempty"` Severity string `json:"Severity,omitempty"`
Metadata map[string]interface{} `json:"Metadata,omitempty"` Metadata map[string]interface{} `json:"Metadata,omitempty"`
FixedBy string `json:"FixedBy,omitempty"` FixedBy string `json:"FixedBy,omitempty"`
FixedIn []Feature `json:"FixedIn,omitempty"` FixedIn []Feature `json:"FixedIn,omitempty"`
} }
func (v Vulnerability) DatabaseModel() (database.Vulnerability, error) { func (v Vulnerability) DatabaseModel() (database.Vulnerability, error) {
@ -117,7 +121,7 @@ func (v Vulnerability) DatabaseModel() (database.Vulnerability, error) {
return database.Vulnerability{ return database.Vulnerability{
Name: v.Name, Name: v.Name,
Namespace: database.Namespace{Name: v.Namespace}, Namespace: database.Namespace{Name: v.NamespaceName},
Description: v.Description, Description: v.Description,
Link: v.Link, Link: v.Link,
Severity: severity, Severity: severity,
@ -128,12 +132,12 @@ func (v Vulnerability) DatabaseModel() (database.Vulnerability, error) {
func VulnerabilityFromDatabaseModel(dbVuln database.Vulnerability, withFixedIn bool) Vulnerability { func VulnerabilityFromDatabaseModel(dbVuln database.Vulnerability, withFixedIn bool) Vulnerability {
vuln := Vulnerability{ vuln := Vulnerability{
Name: dbVuln.Name, Name: dbVuln.Name,
Namespace: dbVuln.Namespace.Name, NamespaceName: dbVuln.Namespace.Name,
Description: dbVuln.Description, Description: dbVuln.Description,
Link: dbVuln.Link, Link: dbVuln.Link,
Severity: string(dbVuln.Severity), Severity: string(dbVuln.Severity),
Metadata: dbVuln.Metadata, Metadata: dbVuln.Metadata,
} }
if withFixedIn { if withFixedIn {
@ -147,7 +151,7 @@ func VulnerabilityFromDatabaseModel(dbVuln database.Vulnerability, withFixedIn b
type Feature struct { type Feature struct {
Name string `json:"Name,omitempty"` Name string `json:"Name,omitempty"`
Namespace string `json:"Namespace,omitempty"` NamespaceName string `json:"NamespaceName,omitempty"`
Version string `json:"Version,omitempty"` Version string `json:"Version,omitempty"`
Vulnerabilities []Vulnerability `json:"Vulnerabilities,omitempty"` Vulnerabilities []Vulnerability `json:"Vulnerabilities,omitempty"`
AddedBy string `json:"AddedBy,omitempty"` AddedBy string `json:"AddedBy,omitempty"`
@ -160,10 +164,10 @@ func FeatureFromDatabaseModel(dbFeatureVersion database.FeatureVersion) Feature
} }
return Feature{ return Feature{
Name: dbFeatureVersion.Feature.Name, Name: dbFeatureVersion.Feature.Name,
Namespace: dbFeatureVersion.Feature.Namespace.Name, NamespaceName: dbFeatureVersion.Feature.Namespace.Name,
Version: versionStr, Version: versionStr,
AddedBy: dbFeatureVersion.AddedBy.Name, AddedBy: dbFeatureVersion.AddedBy.Name,
} }
} }
@ -182,7 +186,7 @@ func (f Feature) DatabaseModel() (database.FeatureVersion, error) {
return database.FeatureVersion{ return database.FeatureVersion{
Feature: database.Feature{ Feature: database.Feature{
Name: f.Name, Name: f.Name,
Namespace: database.Namespace{Name: f.Namespace}, Namespace: database.Namespace{Name: f.NamespaceName},
}, },
Version: version, Version: version,
}, nil }, nil
@ -270,8 +274,8 @@ type LayerEnvelope struct {
} }
type NamespaceEnvelope struct { type NamespaceEnvelope struct {
Namespaces *[]string `json:"Namespaces,omitempty"` Namespaces *[]Namespace `json:"Namespaces,omitempty"`
Error *Error `json:"Error,omitempty"` Error *Error `json:"Error,omitempty"`
} }
type VulnerabilityEnvelope struct { type VulnerabilityEnvelope struct {

4
api/v1/routes.go
View File

@ -176,9 +176,9 @@ func getNamespaces(w http.ResponseWriter, r *http.Request, p httprouter.Params,
writeResponse(w, r, http.StatusInternalServerError, NamespaceEnvelope{Error: &Error{err.Error()}}) writeResponse(w, r, http.StatusInternalServerError, NamespaceEnvelope{Error: &Error{err.Error()}})
return getNamespacesRoute, http.StatusInternalServerError return getNamespacesRoute, http.StatusInternalServerError
} }
var namespaces []string var namespaces []Namespace
for _, dbNamespace := range dbNamespaces { for _, dbNamespace := range dbNamespaces {
namespaces = append(namespaces, dbNamespace.Name) namespaces = append(namespaces, Namespace{Name: dbNamespace.Name})
} }
writeResponse(w, r, http.StatusOK, NamespaceEnvelope{Namespaces: &namespaces}) writeResponse(w, r, http.StatusOK, NamespaceEnvelope{Namespaces: &namespaces})

2
contrib/analyze-local-images/main.go
View File

@ -127,7 +127,7 @@ func main() {
isSafe := true isSafe := true
for _, feature := range layer.Features { for _, feature := range layer.Features {
fmt.Printf("## Feature: %s %s (%s)\n", feature.Name, feature.Version, feature.Namespace) fmt.Printf("## Feature: %s %s (%s)\n", feature.Name, feature.Version, feature.NamespaceName)
if len(feature.Vulnerabilities) > 0 { if len(feature.Vulnerabilities) > 0 {
isSafe = false isSafe = false