165c397f16
glide: add errgroup and regenerate vendor
5 years ago
7084a226ae
updater: extract deduplicate function
5 years ago
25078ac838
ext: add CleanAll() utility functions
5 years ago
e16d17dda9
updater: remove original RunUpdate()
5 years ago
0d41968acd
updater: reimplement fetch() with errgroup
...
This adds context support to a few more functions in the update process.
This makes progress towards to goal of having cancellable updates.
5 years ago
6c5be7e1c6
updater: refactor to use errgroup
...
This addresses a race condition and makes this code much more
understandable.
5 years ago
399deab100
database: remove FindLock()
5 years ago
45ecf18815
pkg/timeutil: init
5 years ago
300bb52696
database: add FindLock dbutil
6 years ago
4fbeb9ced5
database: add (Acquire|Release)Lock dbutils
6 years ago
504f0f3af3
Merge pull request #656 from glb/elsa_CVEID
...
vulnsrc_oracle: one vulnerability per CVE
6 years ago
3503ddb96f
vulnsrc_oracle: one vulnerability per CVE
...
Get one vulnerability per CVE for Oracle instead of one per ELSA so we
can have NVD metadata added to the vulnerabilities.
Related: #495 , #499 .
6 years ago
93e7a4cfa8
Merge pull request #650 from Katee/add-ubuntu-cosmic
...
Add database mapping for Ubuntu Cosmic (18.10)
6 years ago
4c08c8f959
Merge pull request #653 from brosander/helm-dep
...
Pinning helm postgres dep to the working 1.0.0
6 years ago
00db964497
Pinning helm postgres dep to the working 1.0.0
6 years ago
6c682da3e1
database: add mapping for Ubuntu Cosmic (18.10)
6 years ago
c123c95590
Merge pull request #648 from HaraldNordgren/go_versions
...
Bump Go versions and use '.x' to always get latest patch versions
6 years ago
be24096183
Bump Go versions and use '.x' to always get latest patch versions
6 years ago
05cbf328aa
Merge pull request #647 from KeyboardNerd/spkg/cvrf
...
vulnsrc: Refactor debian and alpine sources
6 years ago
4106322107
vendor: Update gopkg.in/yaml.v2 package
...
* Update gopkg.in/yaml.v2 package and glide setting
* Update other packages
6 years ago
72674ca871
vulnsrc: Refactor vulnerability sources to use utility functions
6 years ago
a3f7387ff1
database: Add FindKeyValue function wrapper
6 years ago
c3904c9696
pkg: Add fsutil to contian file system utility functions
6 years ago
1ee1b95afc
Merge pull request #644 from KeyboardNerd/bug/git
...
gitutil: Fix git pull on non-git repository directory
6 years ago
0c2e5e73c2
Merge pull request #645 from Katee/include-cvssv3
...
Switch to NVD JSON feed and include CVSSv3
6 years ago
081ae34af1
ext: remove duplicate vectorValuesToLetters definition
6 years ago
4f0da12b12
ext: pass through CVSSv3 impact and exploitability score
6 years ago
8efc3e4038
ext: remove unneeded use of init()
6 years ago
699d1143e5
ext: fixup incorrect copyright year
6 years ago
335cb65917
Merge pull request #646 from KeyboardNerd/spkg/model
6 years ago
2236b0a5c9
updater: Add vulnsrc affected feature type
...
Each vulnerability source has a specific type of feature that it affects
We assume the following:
* Alpine: Binary Package
* Debian: Source Package
* Ubuntu: Source Package
* Oracle OVAL: Binary Package
* RHEL OVAL: Binary Package
6 years ago
00fadfc3e3
database: Add affected feature type
...
Affected feature type is for determining either the source feature or
the binary feature that an vulnerability affects.
6 years ago
11b67e612c
gitutil: Fix git pull on non-git repository directory
...
* Add conditional check: if the git repo directory is newly created, we
clone.
* Add tests
Fixes #641
6 years ago
b81e4454fb
ext: Parse CVSSv3 data from JSON NVD feed
6 years ago
14277a8f5d
ext: Add JSON NVD parsing tests
6 years ago
aab46f5658
ext: Parse NVD JSON feed instead of XML
...
The JSON feed provides some values that are not available in the XML
feed such as CVSSv3.
6 years ago
17539bda60
Merge pull request #640 from KeyboardNerd/sourcePackage
...
database: Replace Parent Feature with source metadata
6 years ago
f759dd54c0
database: Replace Parent Feature with source metadata
...
Feature's source feature string is directly stored in the database
instead of having the parent pointer to simplify the database.
6 years ago
2ac088dd0f
Merge pull request #639 from Katee/update-sha1-to-sha256
...
Use SHA256 instead of SHA1 for fingerprinting
6 years ago
fe614f2b01
Merge pull request #638 from KeyboardNerd/featureTree
...
Parse Source package from package information databases
6 years ago
8d5a0131c4
ext: Use SHA256 instead of SHA1 for fingerprinting
...
To make static analysis tools happy.
The current use of SHA1 for fingerprinting is safe. However, there is very
little downside to switching to SHA256.
6 years ago
2cc61f9fc0
ext/featurefmt/apk: Extract origin package information from database
...
"o" field is used to extract the Package Origin from the APK database.
6 years ago
a057e4a943
ext/featurefmt/rpm: Extract source package from rpm database
...
Source package is now extracted from the RPM database by using
${SourceRPM} option in the rpm --qf argument.
6 years ago
4ac046642f
ext/featurefmt/dpkg: Extract source package metadata
...
The source package metadata is extracted from the source line instead
of forcing the binary package to have source package information.
6 years ago
1c40e7d016
ext/featurefmt: Refactor featurefmt testing code
...
1. Featurefmt testing code is moved to featurefmttest package.
2. Featurefmt now can be tested against a csv file, which contains the
expected package information result.
6 years ago
3fe894c5ad
database: Add parent feature pointer to Feature struct
...
Feature now has a pointer to parent feature. If a vulnerability affects
a parent feature, this child feature will be affected.
6 years ago
ddaf19b3a6
Merge pull request #633 from coreos/roadmap-1
...
*: update roadmap
6 years ago
3c72fa29a6
Merge pull request #620 from KeyboardNerd/feature/detector
...
Internally version all detected content by extension
6 years ago
74efdf6b51
*: update roadmap
...
Fixes #626 .
6 years ago
69c0c84348
api: Rename detector type to DType
...
Rename detector type to DType because all reserved key words should be
avoided used as type name or variable name.
6 years ago
Jimmy Zelinskie