arno/clair
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
780 Commits 5 Branches 24 Tags 158 MiB
72674ca871
Commit Graph

780 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sida Chen
72674ca871 vulnsrc: Refactor vulnerability sources to use utility functions 2018-10-22 23:00:58 -04:00
Sida Chen
a3f7387ff1 database: Add FindKeyValue function wrapper 2018-10-22 23:00:57 -04:00
Sida Chen
c3904c9696 pkg: Add fsutil to contian file system utility functions 2018-10-22 23:00:57 -04:00
Sida Chen
335cb65917
Merge pull request #646 from KeyboardNerd/spkg/model 2018-10-18 16:44:48 -04:00
Sida Chen
2236b0a5c9 updater: Add vulnsrc affected feature type 
Each vulnerability source has a specific type of feature that it affects

We assume the following:
* Alpine: Binary Package
* Debian: Source Package
* Ubuntu: Source Package
* Oracle OVAL: Binary Package
* RHEL OVAL: Binary Package
 2018-10-18 15:06:41 -04:00
Sida Chen
00fadfc3e3 database: Add affected feature type 
Affected feature type is for determining either the source feature or
the binary feature that an vulnerability affects.
 2018-10-18 15:06:41 -04:00
Sida Chen
17539bda60
Merge pull request #640 from KeyboardNerd/sourcePackage 
database: Replace Parent Feature with source metadata
 2018-10-15 16:49:50 -04:00
Sida Chen
f759dd54c0 database: Replace Parent Feature with source metadata 
Feature's source feature string is directly stored in the database
instead of having the parent pointer to simplify the database.
 2018-10-15 16:26:24 -04:00
Jimmy Zelinskie
2ac088dd0f
Merge pull request #639 from Katee/update-sha1-to-sha256 
Use SHA256 instead of SHA1 for fingerprinting
 2018-10-15 11:43:56 -04:00
Sida Chen
fe614f2b01
Merge pull request #638 from KeyboardNerd/featureTree 
Parse Source package from package information databases
 2018-10-15 10:11:55 -04:00
Kate Murphy
8d5a0131c4
ext: Use SHA256 instead of SHA1 for fingerprinting 
To make static analysis tools happy.

The current use of SHA1 for fingerprinting is safe. However, there is very
little downside to switching to SHA256.
 2018-10-12 16:09:14 -04:00
Sida Chen
2cc61f9fc0 ext/featurefmt/apk: Extract origin package information from database 
"o" field is used to extract the Package Origin from the APK database.
 2018-10-11 18:02:58 -04:00
Sida Chen
a057e4a943 ext/featurefmt/rpm: Extract source package from rpm database 
Source package is now extracted from the RPM database by using
${SourceRPM} option in the rpm --qf argument.
 2018-10-11 18:02:58 -04:00
Sida Chen
4ac046642f ext/featurefmt/dpkg: Extract source package metadata 
The source package metadata is extracted from the source line instead
of forcing the binary package to have source package information.
 2018-10-11 18:02:58 -04:00
Sida Chen
1c40e7d016 ext/featurefmt: Refactor featurefmt testing code 
1. Featurefmt testing code is moved to featurefmttest package.
2. Featurefmt now can be tested against a csv file, which contains the
expected package information result.
 2018-10-11 18:02:58 -04:00
Sida Chen
3fe894c5ad database: Add parent feature pointer to Feature struct 
Feature now has a pointer to parent feature. If a vulnerability affects
a parent feature, this child feature will be affected.
 2018-10-09 19:52:10 -04:00
Jimmy Zelinskie
ddaf19b3a6
Merge pull request #633 from coreos/roadmap-1 
*: update roadmap
 2018-10-08 16:13:46 -04:00
Sida Chen
3c72fa29a6
Merge pull request #620 from KeyboardNerd/feature/detector 
Internally version all detected content by extension
 2018-10-08 15:16:04 -04:00
Jimmy Zelinskie
74efdf6b51
*: update roadmap 
Fixes #626.
 2018-10-08 15:10:27 -04:00
Sida Chen
69c0c84348 api: Rename detector type to DType 
Rename detector type to DType because all reserved key words should be
avoided used as type name or variable name.
 2018-10-08 14:34:19 -04:00
Sida Chen
a3e9b5b55d database: rename utility functions with commit/rollback 
All database utility functions are renamed to explicitly say if it will
commit changes or rollback changes on success.
 2018-10-08 13:12:18 -04:00
Sida Chen
e657d26313 database: move dbutil and testutil to database from pkg 
Move dbutil and testutil to database from pkg
Rename all "result"
 2018-10-08 12:10:35 -04:00
Sida Chen
0c1b80b2ed pgsql: Implement database queries for detector relationship 
* Refactor layer and ancestry
* Add tests
* Fix bugs introduced when the queries were moved
 2018-10-08 11:27:15 -04:00
Sida Chen
028324014b clair: Implement worker detector support 
The worker is changed to accommodate the new database model and API.
Worker is refactored to move the database query helper functions to pkg.
 2018-10-08 10:42:40 -04:00
Sida Chen
48427e9b88 api: Add detectors for RPC 
Change the V3 implementation to accommondate the detectors.
 2018-10-08 10:42:40 -04:00
Sida Chen
9c49d9dc55 pgsql: Move queries to corresponding files 
Aggregate queries in their corresponding files instead of having the
single file for every queries because the database is more complicated.
 2018-10-08 10:42:40 -04:00
Sida Chen
53bf19aecf ext: Lister and Detector returns detector info with detected content 
1. Every Lister and Detector are versioned
2. detected content, are returned in a map with detector info as the key
 2018-10-08 10:42:40 -04:00
Sida Chen
34d0e516e0 vendor: Add golang-set dependency 
Golang-set library is added to make it easier to support set operations.
 2018-10-08 10:42:40 -04:00
Sida Chen
dca2d4e597 pgsql: Add detector to database schema 
'detector' table is added to store the metadata of detectors.
'layer_feature', 'layer_namespace', and 'ancestry_feature' tables are
modified to store the detection relationship between the
feature/namespace with the detector.
 2018-10-08 10:42:40 -04:00
Sida Chen
db2db8bbe8 database: Update database model and interface for detectors 
All detected features and namespaces under the context of Layer and
Ancestry will now have the detectors associated, so that the API can
provide the detection information to the Client.
 2018-10-08 10:42:17 -04:00
Sida Chen
9f5d1ea4e1 v3: associate feature and namespace with detector 2018-10-01 11:04:08 -04:00
Jimmy Zelinskie
8cf7ad454c
Merge pull request #627 from haydenhughes/master 
Add build-base to docker image
 2018-09-27 13:29:26 -04:00
Jimmy Zelinskie
5d1c30218e
Merge pull request #624 from jzelinskie/probot 
.github: add stale and issue template enforcement
 2018-09-26 18:02:38 -04:00
Jimmy Zelinskie
9b1f205833 .github: add stale and issue template enforcement 
This change will allow probot to enforce our GitHub policies.
 2018-09-26 13:07:20 -04:00
Jimmy Zelinskie
0ca9431235
Merge pull request #621 from jzelinskie/gitutil 
pkg/gitutil: init
 2018-09-26 11:42:35 -04:00
Hayden Hughes
d3facfd7cd
Add build-base to docker image 2018-09-26 08:17:33 +10:00
Sida Chen
0609ed964b config: removed worker config 
All processors will now be used to process the layers.
 2018-09-19 14:33:08 -04:00
Sida Chen
53433090a3 pgsql: update the query format 2018-09-19 14:33:08 -04:00
Jimmy Zelinskie
44ae4bc959
Merge pull request #610 from MackJM/wip/master_nvd_httputil 
Using httputil for NVD
 2018-09-19 14:25:44 -04:00
Jimmy Zelinskie
c2d887f9e9 pkg/gitutil: init 
This refactors the code we're using to manage temporary git repositories
into a utility package.
 2018-09-19 13:50:54 -04:00
Jimmy Zelinskie
d0a3fe9206
Merge pull request #499 from yebinama/rhel_CVEID 
vulnsrc_rhel: one vulnerability by CVE
 2018-09-14 18:21:15 -04:00
Grégoire Unbekandt
c4ffa0c370 vulnsrc_rhel: cve impact 
use the specific CVE's impact field instead of the RHSA's one
 2018-09-15 00:00:09 +02:00
Grégoire Unbekandt
a90db713a2 vulnsrc_rhel: add test 
Add test for multiple CVE
 2018-09-14 23:54:33 +02:00
Grégoire Unbekandt
8b3338ef56 vulnsrc_rhel: minor changes 
delete a useless line
 2018-09-14 23:54:33 +02:00
Grégoire Unbekandt
4e4e98f328 vulnsrc_rhel: minor changes 
Code reorganisation
 2018-09-14 23:54:33 +02:00
Grégoire Unbekandt
ac86a36740 vulnsrc_rhel: rhsa_ID by default 
If no CVE is present, create a vulnerability with rhsa ID
 2018-09-14 23:54:33 +02:00
Grégoire Unbekandt
4ab98cfe54 vulnsrc_rhel: one vulnerability by CVE 
Get one vulnerability by CVE_ID for RHEL instead of one by RHSA_ID so we can have NVD metadata added to the vulnerabilities.

Fixes #495
 2018-09-14 23:54:33 +02:00
Sida Chen
f98ff58afd
Merge pull request #619 from KeyboardNerd/sidac/rm_layer 
database: Remove LayerWithContent from interface
 2018-09-13 14:36:26 -04:00
Sida Chen
e160616723 database: Use LayerWithContent as Layer 2018-09-13 13:21:39 -04:00
Jean Michel MacKay
30848d9eb7 Fixed extra newline 2018-09-11 15:28:40 -04:00