arno/clair
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
444 Commits 5 Branches 24 Tags 158 MiB
4a990372ff
Commit Graph

52 Commits

Author SHA1 Message Date
Jimmy Zelinskie
4a990372ff refactor: move updaters and notifier into ext 2017-01-22 23:02:50 -05:00
Jimmy Zelinskie
ab33f8c4bd Merge pull request #298 from jzelinskie/versions 
Add registrable version formats
 2017-01-03 17:10:49 -05:00
Jimmy Zelinskie
8d29bf860d versionfmt: convert to using constant over literal 2017-01-03 16:00:20 -05:00
Jimmy Zelinskie
033709eaea add registerable version formats 
Since we only ever used dpkg, this change shims everything into using
dpkg.
 2016-12-30 12:51:24 -05:00
Alexei Ledenev
7ec9225bdc fix error scanning folders for feteched Alpine vulnerabilities 2016-12-30 15:36:09 +02:00
Avi Miller
2643d22aaa Updated fetcher and tests to close the file handles and HTTP response. 
Signed-off-by: Avi Miller <avi.miller@oracle.com>
 2016-12-20 12:14:10 +11:00
Avi Miller
9d885f680c Add Oracle Linux fetcher to grab and parse OVAL data. 
Signed-off-by: Avi Miller <avi.miller@oracle.com>
 2016-12-20 11:25:07 +11:00
Jimmy Zelinskie
740262c055 Revert "Merge pull request #199 from openSUSE/feature/opensuse" 
This reverts commit 97347ec44d, reversing
changes made to 051564facd.
 2016-12-19 17:03:39 -05:00
Jimmy Zelinskie
f74cd35243 fetchers/alpine: add notes for untracked namespaces 2016-12-19 11:32:46 -05:00
Jimmy Zelinskie
3be8dfcf99 fetchers/alpine: auto detect namespaces 2016-12-19 11:32:46 -05:00
Jimmy Zelinskie
59e6c628dc alpine: refactor fetcher & git pull on update 2016-12-19 11:32:46 -05:00
Jimmy Zelinskie
3d90cac427 alpine: add support for v3.4 YAML schema 2016-12-19 11:32:46 -05:00
Jimmy Zelinskie
0cb8fc9455 updater/fetchers: add alpine secdb fetcher 2016-12-19 11:32:45 -05:00
Quentin Machu
96398465de updater: Set vulns' Severity from NVD metadata fetcher if unknown 
If a Vulnerability that goes through the NVD metadata fetcher has an
empty or Unknown Severity, then use the CVSS score to set one. This
will help to get a more consistent database when a vulnerability source
does not provide this information.
 2016-11-18 19:00:13 +01:00
Quentin Machu
1c3daa23b9 updater: minimize vulns' lock duration in the NVD metadata fetcher 2016-11-18 18:09:59 +01:00
Jordi Massaguer Pla
b8ceb0c461 Integrated a fetcher for openSUSE and for SUSE Linux Enterprise 
We extracted oval parser from rhel and used that for opensuse and
SUSE Linux Enterpise

Signed-off-by: Thomas Boerger <tboerger@suse.de>
Signed-off-by: Jordi Massaguer Pla <jmassaguerpla@suse.de>
 2016-09-23 12:00:00 +02:00
Vincent Batts
ce8d31bbb3 redhatrelease: override match for RHEL hosts 
Until https://github.com/coreos/clair/pull/193 is merged, having
vulnerabilities that are tagged both rhel and centos would duplicate in
the database or use a change that requires a migration.

But presently due to the fetcher logic, the rhel provided
vulnerabilities are labelled for centos, and then the namespace does not
match and therefore not tested against.

So until such a day that a vulnerability could have both rhel and centos
label, then hack this in. It'll accomplish the same during this interim.

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
 2016-08-12 15:35:32 -04:00
Quentin Machu
be97db5261 updater: enable fetching of RHEL 5 vulnerabilities (#217) 
The RHEL updater currently ignores vulnerabilities for CentOS <= 5.
s the naming of the constant firstConsideredRHEL suggests it, it
should actually considers CentOS 5 and ignores CentOS < 5.

Fixes #215
 2016-07-15 11:54:47 -04:00
Quentin Machu
28295eb2bf Merge pull request #186 from Quentin-M/delete_ubuntu_repository 
updater: Delete Ubuntu's repository upon bzr errors
 2016-06-09 19:27:17 +02:00
Quentin Machu
34f62ef1f1 updater: delete Ubuntu's repository upon bzr errors 
By deleting an Ubuntu repository that may be in a bad state,
Clair will eventually be able to perform the update, instead of retrying naively.

Fixes #169
 2016-06-09 14:11:30 +02:00
Fabian Ruff
85edda6ce1 Switch to https for ubuntu cve tracker 
Fixes #168
 2016-05-25 23:29:03 +02:00
Quentin Machu
836d37b275 *: use path/filepath instead of path 2016-05-20 12:01:31 -05:00
Jimmy Zelinskie
500fc4e407 various: gofmt -s 2016-02-24 19:29:36 -05:00
Quentin Machu
45ed80df1b updater: remove useless error 2016-02-24 16:36:45 -05:00
Quentin Machu
2126259c99 updater: use a better link for Ubuntu vulnerabilities and rename some constants 2016-02-24 16:36:45 -05:00
Quentin Machu
7c11e4eb5d updater/database: do not create notifications during the initial update 2016-02-24 16:36:45 -05:00
Quentin Machu
5fdd9d1a07 *: add metadata support along with NVD CVSS 2016-02-24 16:36:45 -05:00
Quentin Machu
431c0ccb03 updater: add a clean function to fetchers 2016-02-24 16:36:45 -05:00
Quentin Machu
3ecb8b69cb updater: ignore "ubuntu-core" in the Ubuntu fetcher 2016-02-24 16:34:54 -05:00
Quentin Machu
4bdbd5e6db *: fix several tests 2016-02-24 16:34:54 -05:00
Quentin Machu
8e852348a1 updater: ensure that ubuntu's notes are unique 2016-02-24 16:34:54 -05:00
Quentin Machu
baed60e19b prometheus: add initial Prometheus support 2016-02-24 16:34:54 -05:00
Quentin Machu
b8b7be3f81 *: remove health checker 2016-02-24 16:34:54 -05:00
Quentin Machu
99de759224 updater: namespace and split Ubuntu/RHEL vulnerabilities 2016-02-24 16:34:54 -05:00
Quentin Machu
82175dcfe9 *: add missing copyright headers 2016-02-24 16:34:54 -05:00
Quentin Machu
85fa3f9a38 updater/worker: adapt several tests 2016-02-24 16:34:54 -05:00
Quentin Machu
847c649288 updater: update RHEL fetcher and add not-affected capability 2016-02-24 16:34:54 -05:00
Quentin Machu
ea59b0e45f updater: update Ubuntu fetcher and add not-affected capability 2016-02-24 16:34:54 -05:00
Quentin Machu
7e72eb10b6 updater: ignore Debian's "temp" vulnerabilities 2016-02-24 16:34:54 -05:00
Quentin Machu
77387af2ac updater: port updater and its fetchers 2016-02-24 16:34:54 -05:00
Quentin Machu
452f7018ec updater: move each fetcher to its own package 2016-02-24 16:32:21 -05:00
Quentin Machu
3a786ae020 database: add lock support 2016-02-24 16:32:21 -05:00
Quentin Machu
2c150b015e *: refactor & do initial work towards PostgreSQL implementation 2016-02-24 16:32:21 -05:00
Stephane Jourdan
e91365f4b3 updater: fix typos 2016-02-23 18:07:41 +01:00
Quentin Machu
712aa11b8b updater: Add support for Ubuntu Vivid Core and ignore Vivid PhoneOverlay 
Reacts to https://bazaar.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master/revision/10488
 2016-01-25 13:04:39 -05:00
Quentin Machu
c055c33cf8 updater: Fix Ubuntu's partial update bug. 
Deferring file closing causes `too many open files` (exceeding fs.file-max) on some platforms!
 2015-12-16 15:42:32 -05:00
Lei Jitang
cd1106dcdc fix type ctrl^C not stop updating 
when clair has network problem during updating vulnerability and failed
to update vulnerability, it will keep updating and even if type ctrl^C
can't stop the clair. This patch make clair to stop updating if type
ctrl^C.

Signed-off-by: Lei Jitang <leijitang@huawei.com>
 2015-12-14 00:48:01 -05:00
Quentin Machu
eb7e5d5c74 main: Use configuration file instead of flags and simplify app extension. 
Clair will now use a YAML configuration file instead of command line
arguments as the number of parameters grows.

Also, Clair now exposes a Boot() func that allows everyone to easily
create their own project and load dynamically their own fetchers/updaters.
 2015-12-08 11:50:52 -05:00
Quentin Machu
a7b683d4ba updater: Refactor and merge fetcher responses 
Fixes #17 and lays the groundwork for #19.
 2015-12-01 16:18:45 -05:00
Jimmy Zelinskie
bf7e1a52f2 stop reporting failures as successful updates 
Fixes #20.
 2015-11-20 15:36:34 -05:00