arno/clair
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #100 from jzelinskie/namespaces

Browse Source 
api/v1: create namespace type
This commit is contained in:
Jimmy Zelinskie 2016-03-16 15:35:00 -04:00
commit d73cfd116d
4 changed files with 63 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
api/v1/README.md
View File

@ -122,18 +122,18 @@ Server: clair
{
"Layer": {
"Name": "17675ec01494d651e1ccf81dc9cf63959ebfeed4f978fddb1666b6ead008ed52",
"Namespace": "debian:8",
"NamespaceName": "debian:8",
"ParentName": "140f9bdfeb9784cf8730e9dab5dd12fbd704151cf555ac8cae650451794e5ac2",
"IndexedByVersion": 1,
"Features": [
{
"Name": "coreutils",
"Namespace": "debian:8",
"NamespaceName": "debian:8",
"Version": "8.23-4",
"Vulnerabilities": [
{
"Name": "CVE-2014-9471",
"Namespace": "debian:8",
"NamespaceName": "debian:8",
"Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.",
"Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471",
"Severity": "Low",
@ -189,8 +189,8 @@ Server: clair
{
"Namespaces": [
"debian:8",
"debian:9"
{ "Name": "debian:8" },
{ "Name": "debian:9" }
]
}
```
@ -227,14 +227,14 @@ Server: clair
"Vulnerabilities": [
{
"Name": "CVE-1999-1332",
"Namespace": "debian:8",
"NamespaceName": "debian:8",
"Description": "gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file.",
"Link": "https://security-tracker.debian.org/tracker/CVE-1999-1332",
"Severity": "Low"
},
{
"Name": "CVE-1999-1572",
"Namespace": "debian:8",
"NamespaceName": "debian:8",
"Description": "cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.",
"Link": "https://security-tracker.debian.org/tracker/CVE-1999-1572",
"Severity": "Low",
@ -266,7 +266,7 @@ POST http://localhost:6060/v1/namespaces/debian%3A8/vulnerabilities HTTP/1.1
{
"Vulnerability": {
"Name": "CVE-2014-9471",
"Namespace": "debian:8",
"NamespaceName": "debian:8",
"Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471",
"Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.",
"Severity": "Low",
@ -281,7 +281,7 @@ POST http://localhost:6060/v1/namespaces/debian%3A8/vulnerabilities HTTP/1.1
"FixedIn": [
{
"Name": "coreutils",
"Namespace": "debian:8",
"NamespaceName": "debian:8",
"Version": "8.23-1"
}
]
@ -299,7 +299,7 @@ Server: clair
{
"Vulnerability": {
"Name": "CVE-2014-9471",
"Namespace": "debian:8",
"NamespaceName": "debian:8",
"Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471",
"Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.",
"Severity": "Low",
@ -314,7 +314,7 @@ Server: clair
"FixedIn": [
{
"Name": "coreutils",
"Namespace": "debian:8",
"NamespaceName": "debian:8",
"Version": "8.23-1"
}
]
@ -350,7 +350,7 @@ Server: clair
{
"Vulnerability": {
"Name": "CVE-2014-9471",
"Namespace": "debian:8",
"NamespaceName": "debian:8",
"Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471",
"Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.",
"Severity": "Low",
@ -365,7 +365,7 @@ Server: clair
"FixedIn": [
{
"Name": "coreutils",
"Namespace": "debian:8",
"NamespaceName": "debian:8",
"Version": "8.23-1"
}
]
@ -390,7 +390,7 @@ PUT http://localhost:6060/v1/namespaces/debian%3A8/vulnerabilities/CVE-2014-9471
{
"Vulnerability": {
"Name": "CVE-2014-9471",
"Namespace": "debian:8",
"NamespaceName": "debian:8",
"Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471",
"Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.",
"Severity": "Low",
@ -415,7 +415,7 @@ Server: clair
{
"Vulnerability": {
"Name": "CVE-2014-9471",
"Namespace": "debian:8",
"NamespaceName": "debian:8",
"Link": "https://security-tracker.debian.org/tracker/CVE-2014-9471",
"Description": "The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the \"--date=TZ=\"123\"345\" @1\" string to the touch or date command.",
"Severity": "Low",
@ -477,7 +477,7 @@ Server: clair
"Features": [
{
"Name": "coreutils",
"Namespace": "debian:8",
"NamespaceName": "debian:8",
"Version": "8.23-1"
}
]
@ -498,7 +498,7 @@ PUT http://localhost:6060/v1/namespaces/debian%3A8/vulnerabilities/CVE-2014-9471
{
"Feature": {
"Name": "coreutils",
"Namespace": "debian:8",
"NamespaceName": "debian:8",
"Version": "4.24-9"
}
}
@ -513,7 +513,7 @@ Server: clair
{
"Feature": {
"Name": "coreutils",
"Namespace": "debian:8",
"NamespaceName": "debian:8",
"Version": "4.24-9"
}
}
@ -578,13 +578,13 @@ Server: clair
"New": {
"Vulnerability": {
"Name": "CVE-TEST",
"Namespace": "debian:8",
"NamespaceName": "debian:8",
"Description": "New CVE",
"Severity": "Low",
"FixedIn": [
{
"Name": "grep",
"Namespace": "debian:8",
"NamespaceName": "debian:8",
"Version": "2.25"
}
]
@ -597,7 +597,7 @@ Server: clair
"Old": {
"Vulnerability": {
"Name": "CVE-TEST",
"Namespace": "debian:8",
"NamespaceName": "debian:8",
"Description": "New CVE",
"Severity": "Low",
"FixedIn": []

26
api/v1/models.go
View File

@ -35,7 +35,7 @@ type Error struct {
type Layer struct {
Name string `json:"Name,omitempty"`
Namespace string `json:"Namespace,omitempty"`
NamespaceName string `json:"NamespaceName,omitempty"`
Path string `json:"Path,omitempty"`
ParentName string `json:"ParentName,omitempty"`
Format string `json:"Format,omitempty"`
@ -54,14 +54,14 @@ func LayerFromDatabaseModel(dbLayer database.Layer, withFeatures, withVulnerabil
}
if dbLayer.Namespace != nil {
layer.Namespace = dbLayer.Namespace.Name
layer.NamespaceName = dbLayer.Namespace.Name
}
if withFeatures || withVulnerabilities && dbLayer.Features != nil {
for _, dbFeatureVersion := range dbLayer.Features {
feature := Feature{
Name: dbFeatureVersion.Feature.Name,
Namespace: dbFeatureVersion.Feature.Namespace.Name,
NamespaceName: dbFeatureVersion.Feature.Namespace.Name,
Version: dbFeatureVersion.Version.String(),
AddedBy: dbFeatureVersion.AddedBy.Name,
}
@ -69,7 +69,7 @@ func LayerFromDatabaseModel(dbLayer database.Layer, withFeatures, withVulnerabil
for _, dbVuln := range dbFeatureVersion.AffectedBy {
vuln := Vulnerability{
Name: dbVuln.Name,
Namespace: dbVuln.Namespace.Name,
NamespaceName: dbVuln.Namespace.Name,
Description: dbVuln.Description,
Link: dbVuln.Link,
Severity: string(dbVuln.Severity),
@ -88,9 +88,13 @@ func LayerFromDatabaseModel(dbLayer database.Layer, withFeatures, withVulnerabil
return layer
}
type Namespace struct {
Name string `json:"Name,omitempty"`
}
type Vulnerability struct {
Name string `json:"Name,omitempty"`
Namespace string `json:"Namespace,omitempty"`
NamespaceName string `json:"NamespaceName,omitempty"`
Description string `json:"Description,omitempty"`
Link string `json:"Link,omitempty"`
Severity string `json:"Severity,omitempty"`
@ -117,7 +121,7 @@ func (v Vulnerability) DatabaseModel() (database.Vulnerability, error) {
return database.Vulnerability{
Name: v.Name,
Namespace: database.Namespace{Name: v.Namespace},
Namespace: database.Namespace{Name: v.NamespaceName},
Description: v.Description,
Link: v.Link,
Severity: severity,
@ -129,7 +133,7 @@ func (v Vulnerability) DatabaseModel() (database.Vulnerability, error) {
func VulnerabilityFromDatabaseModel(dbVuln database.Vulnerability, withFixedIn bool) Vulnerability {
vuln := Vulnerability{
Name: dbVuln.Name,
Namespace: dbVuln.Namespace.Name,
NamespaceName: dbVuln.Namespace.Name,
Description: dbVuln.Description,
Link: dbVuln.Link,
Severity: string(dbVuln.Severity),
@ -147,7 +151,7 @@ func VulnerabilityFromDatabaseModel(dbVuln database.Vulnerability, withFixedIn b
type Feature struct {
Name string `json:"Name,omitempty"`
Namespace string `json:"Namespace,omitempty"`
NamespaceName string `json:"NamespaceName,omitempty"`
Version string `json:"Version,omitempty"`
Vulnerabilities []Vulnerability `json:"Vulnerabilities,omitempty"`
AddedBy string `json:"AddedBy,omitempty"`
@ -161,7 +165,7 @@ func FeatureFromDatabaseModel(dbFeatureVersion database.FeatureVersion) Feature
return Feature{
Name: dbFeatureVersion.Feature.Name,
Namespace: dbFeatureVersion.Feature.Namespace.Name,
NamespaceName: dbFeatureVersion.Feature.Namespace.Name,
Version: versionStr,
AddedBy: dbFeatureVersion.AddedBy.Name,
}
@ -182,7 +186,7 @@ func (f Feature) DatabaseModel() (database.FeatureVersion, error) {
return database.FeatureVersion{
Feature: database.Feature{
Name: f.Name,
Namespace: database.Namespace{Name: f.Namespace},
Namespace: database.Namespace{Name: f.NamespaceName},
},
Version: version,
}, nil
@ -270,7 +274,7 @@ type LayerEnvelope struct {
}
type NamespaceEnvelope struct {
Namespaces *[]string `json:"Namespaces,omitempty"`
Namespaces *[]Namespace `json:"Namespaces,omitempty"`
Error *Error `json:"Error,omitempty"`
}

4
api/v1/routes.go
View File

@ -176,9 +176,9 @@ func getNamespaces(w http.ResponseWriter, r *http.Request, p httprouter.Params,
writeResponse(w, r, http.StatusInternalServerError, NamespaceEnvelope{Error: &Error{err.Error()}})
return getNamespacesRoute, http.StatusInternalServerError
}
var namespaces []string
var namespaces []Namespace
for _, dbNamespace := range dbNamespaces {
namespaces = append(namespaces, dbNamespace.Name)
namespaces = append(namespaces, Namespace{Name: dbNamespace.Name})
}
writeResponse(w, r, http.StatusOK, NamespaceEnvelope{Namespaces: &namespaces})

2
contrib/analyze-local-images/main.go
View File

@ -127,7 +127,7 @@ func main() {
isSafe := true
for _, feature := range layer.Features {
fmt.Printf("## Feature: %s %s (%s)\n", feature.Name, feature.Version, feature.Namespace)
fmt.Printf("## Feature: %s %s (%s)\n", feature.Name, feature.Version, feature.NamespaceName)
if len(feature.Vulnerabilities) > 0 {
isSafe = false