arno/clair
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
778 Commits 5 Branches 24 Tags 158 MiB
699d1143e5
Commit Graph

79 Commits

Author SHA1 Message Date
Jimmy Zelinskie
699d1143e5 ext: fixup incorrect copyright year 2018-10-18 18:47:37 -04:00
Kate Murphy
b81e4454fb
ext: Parse CVSSv3 data from JSON NVD feed 2018-10-16 19:08:17 -04:00
Kate Murphy
14277a8f5d
ext: Add JSON NVD parsing tests 2018-10-16 18:53:32 -04:00
Kate Murphy
aab46f5658
ext: Parse NVD JSON feed instead of XML 
The JSON feed provides some values that are not available in the XML
feed such as CVSSv3.
 2018-10-16 18:53:32 -04:00
Sida Chen
f759dd54c0 database: Replace Parent Feature with source metadata 
Feature's source feature string is directly stored in the database
instead of having the parent pointer to simplify the database.
 2018-10-15 16:26:24 -04:00
Jimmy Zelinskie
2ac088dd0f
Merge pull request #639 from Katee/update-sha1-to-sha256 
Use SHA256 instead of SHA1 for fingerprinting
 2018-10-15 11:43:56 -04:00
Kate Murphy
8d5a0131c4
ext: Use SHA256 instead of SHA1 for fingerprinting 
To make static analysis tools happy.

The current use of SHA1 for fingerprinting is safe. However, there is very
little downside to switching to SHA256.
 2018-10-12 16:09:14 -04:00
Sida Chen
2cc61f9fc0 ext/featurefmt/apk: Extract origin package information from database 
"o" field is used to extract the Package Origin from the APK database.
 2018-10-11 18:02:58 -04:00
Sida Chen
a057e4a943 ext/featurefmt/rpm: Extract source package from rpm database 
Source package is now extracted from the RPM database by using
${SourceRPM} option in the rpm --qf argument.
 2018-10-11 18:02:58 -04:00
Sida Chen
4ac046642f ext/featurefmt/dpkg: Extract source package metadata 
The source package metadata is extracted from the source line instead
of forcing the binary package to have source package information.
 2018-10-11 18:02:58 -04:00
Sida Chen
1c40e7d016 ext/featurefmt: Refactor featurefmt testing code 
1. Featurefmt testing code is moved to featurefmttest package.
2. Featurefmt now can be tested against a csv file, which contains the
expected package information result.
 2018-10-11 18:02:58 -04:00
Sida Chen
3c72fa29a6
Merge pull request #620 from KeyboardNerd/feature/detector 
Internally version all detected content by extension
 2018-10-08 15:16:04 -04:00
Sida Chen
e657d26313 database: move dbutil and testutil to database from pkg 
Move dbutil and testutil to database from pkg
Rename all "result"
 2018-10-08 12:10:35 -04:00
Sida Chen
53bf19aecf ext: Lister and Detector returns detector info with detected content 
1. Every Lister and Detector are versioned
2. detected content, are returned in a map with detector info as the key
 2018-10-08 10:42:40 -04:00
Jimmy Zelinskie
0ca9431235
Merge pull request #621 from jzelinskie/gitutil 
pkg/gitutil: init
 2018-09-26 11:42:35 -04:00
Jimmy Zelinskie
44ae4bc959
Merge pull request #610 from MackJM/wip/master_nvd_httputil 
Using httputil for NVD
 2018-09-19 14:25:44 -04:00
Jimmy Zelinskie
c2d887f9e9 pkg/gitutil: init 
This refactors the code we're using to manage temporary git repositories
into a utility package.
 2018-09-19 13:50:54 -04:00
Grégoire Unbekandt
c4ffa0c370 vulnsrc_rhel: cve impact 
use the specific CVE's impact field instead of the RHSA's one
 2018-09-15 00:00:09 +02:00
Grégoire Unbekandt
a90db713a2 vulnsrc_rhel: add test 
Add test for multiple CVE
 2018-09-14 23:54:33 +02:00
Grégoire Unbekandt
8b3338ef56 vulnsrc_rhel: minor changes 
delete a useless line
 2018-09-14 23:54:33 +02:00
Grégoire Unbekandt
4e4e98f328 vulnsrc_rhel: minor changes 
Code reorganisation
 2018-09-14 23:54:33 +02:00
Grégoire Unbekandt
ac86a36740 vulnsrc_rhel: rhsa_ID by default 
If no CVE is present, create a vulnerability with rhsa ID
 2018-09-14 23:54:33 +02:00
Grégoire Unbekandt
4ab98cfe54 vulnsrc_rhel: one vulnerability by CVE 
Get one vulnerability by CVE_ID for RHEL instead of one by RHSA_ID so we can have NVD metadata added to the vulnerabilities.

Fixes #495
 2018-09-14 23:54:33 +02:00
Jean Michel MacKay
30848d9eb7 Fixed extra newline 2018-09-11 15:28:40 -04:00
Jean Michel MacKay
56b4f23ae2 Move downloadFeed out to a seperate function 2018-09-11 15:28:39 -04:00
Jean Michel MacKay
f34f94320a Embed nvd's downloading and storing of meta data into a function to help with resource management 2018-09-11 15:28:39 -04:00
Jean Michel MacKay
3959f416fa Fix up error and changing close to defer close 2018-09-11 15:28:39 -04:00
Jean Michel MacKay
49cbdd7a7c Using httputil for NVD 
nvd was missed when moving to httputil, this fixes it
 2018-09-11 15:28:39 -04:00
Jimmy Zelinskie
06b257cc97
Merge pull request #606 from MackJM/wip/master_httputil 
Adding httputil and version packages to master
 2018-09-06 11:27:35 -04:00
Jimmy Zelinskie
ce15f73501 *: gofmt -s 2018-09-05 19:20:35 -04:00
Jean Michel MacKay
9df4f5bd70 Adding httputil and version packages 
- Debian/RHEL/Oracle vulnsrc now use httputil to download files
- httputil sets the User-Agent to the requests as Clair/<version> (https://github.com/coreos/clair/)
- httputil holds Status2xx() which returns if the response is a http success (2xx)
- GetClientAddr moved from api/httputil to pkg/httputil
- the version packge holds a Version string which is set at build time from the git tag and sha
- the .git directory was removed from .dockerignore so that we can use the git tag to set the version
 2018-09-05 14:56:39 -04:00
Jimmy Zelinskie
ce6b00887b vulnmdsrc: update NVD URLs 
This connects us via a domain hosted on AWS which should provide
performance benefits for users running Clair on AWS and alleviate load
from the NIST campus network.

Fixes #575.
 2018-09-04 11:55:19 -04:00
Daniel Jiang
9e4a347ecd Quickfix to the URL for fetching alpine's vuln data. 
Fixes #593

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
 2018-08-23 13:39:26 +08:00
Jimmy Zelinskie
f32f438a98
Merge branch 'master' into nvdupdates 2018-07-17 10:36:08 -04:00
honglichang(常红立)
0d5f300c5b fix nvd path 
1. stop clair, not del nvd xml
 2018-07-17 20:11:24 +08:00
ErikThoreson
df1dd5c149 adding publisher datetime and updating nvd feed download 2018-07-12 16:40:05 -05:00
Jimmy Zelinskie
456af5f48c vulnsrc/ubuntu: use new git-based ubuntu tracker 2018-07-10 16:46:46 -04:00
Jimmy Zelinskie
c031f8ea0c vulnsrc/alpine: s/pull/clone 2018-07-05 19:11:30 -04:00
Jimmy Zelinskie
4c2be5285e vulnsrc/alpine: avoid shadowing vars 2018-07-05 19:09:45 -04:00
Joe Ray
947a8aa00c featurens: Ensure RHEL is correctly identified 
When trying to identify various RedHat releases, RHEL was not being
picked up as a centos release because the Oracle Linux regex was too
permissive: it would match any release name with '<something> Linux
Server release' in the name. By being more restrictive with the Oracle
regex, RHEL is now properly identified.

I don't know why the Oracle regex used such a permissive matcher for the
name but it still passes all the tests by replacing it with the word
'Oracle'.

Fixes #436
 2018-01-12 12:01:25 +00:00
Grégoire Unbekandt
5c5857548d driver: Add proxy support 
Enable the use of HTTP_PROXY and HTTPS_PROXY variables when downloading
layers
 2017-11-07 12:17:13 +01:00
Grégoire Unbekandt
e953a259b0 nvd: fix the name of a field 
The xml's field "availability-impact" wasn't collected due to a typo.
 2017-10-23 15:45:23 +02:00
Sida Chen
fb32dcfa58 Clair Logic, Extensions: updated mock tests, extensions, basic logic 
Main Clair logic is changed in worker, updater, notifier for better adapting
ancestry schema. Extensions are updated with the new model and feature lister
 and namespace detector drivers are able to specify the specific listers and
detectors used to process layer's content. InRange and GetFixedIn interfaces
are added to Version format for adapting ranged affected features and next
available fixed in in the future. Tests for worker, updater and extensions
are fixed.
 2017-08-10 11:24:40 -04:00
Jimmy Zelinskie
04847a016d Merge pull request #418 from KeyboardNerd/multiplens 
use namespace's versionfmt to specify listers scanning features
 2017-06-28 13:53:21 -04:00
Sida Chen
9561d623c2 featurefmt: use namespace's versionfmt to specify listers 
use namespace's versionfmt to specify listers used to scan features
the content detection functions are changed accordingly in worker
 2017-06-22 15:36:07 -04:00
Sida Chen
50437f32a1 featurens: fix detecting duplicated namespaces problem 2017-06-22 11:41:18 -04:00
alinar
d4a967e6e6 Fixing always revision 0 for ubuntu 2017-06-07 12:37:24 +01:00
Jimmy Zelinskie
abd7d2e013 Merge pull request #394 from KeyboardNerd/multiplens 
added support for detecting multiple namespaces in a layer
 2017-05-24 17:22:08 -04:00
Sida Chen
75d5d40d79 featurens: added multiple namespace testing for namespace detector 2017-05-24 17:18:11 -04:00
Sida Chen
bffa6499b7 added support for detect multiple namespaces in a layer 
created table layer_namespace to store the many to many unique mapping of layers and namespaces
changed v1 api to provide a list of namespaces for each layer
changed namespace detector to use all registered detectors to detect namespaces
updated tests for multiple namespaces

Fixes #150
 2017-05-24 17:01:51 -04:00