Jimmy Zelinskie
ab33f8c4bd
Merge pull request #298 from jzelinskie/versions
...
Add registrable version formats
2017-01-03 17:10:49 -05:00
Jimmy Zelinskie
8d29bf860d
versionfmt: convert to using constant over literal
2017-01-03 16:00:20 -05:00
Jimmy Zelinskie
033709eaea
add registerable version formats
...
Since we only ever used dpkg, this change shims everything into using
dpkg.
2016-12-30 12:51:24 -05:00
Alexei Ledenev
7ec9225bdc
fix error scanning folders for feteched Alpine vulnerabilities
2016-12-30 15:36:09 +02:00
Avi Miller
2643d22aaa
Updated fetcher and tests to close the file handles and HTTP response.
...
Signed-off-by: Avi Miller <avi.miller@oracle.com>
2016-12-20 12:14:10 +11:00
Avi Miller
9d885f680c
Add Oracle Linux fetcher to grab and parse OVAL data.
...
Signed-off-by: Avi Miller <avi.miller@oracle.com>
2016-12-20 11:25:07 +11:00
Jimmy Zelinskie
740262c055
Revert "Merge pull request #199 from openSUSE/feature/opensuse"
...
This reverts commit 97347ec44d
, reversing
changes made to 051564facd
.
2016-12-19 17:03:39 -05:00
Jimmy Zelinskie
f74cd35243
fetchers/alpine: add notes for untracked namespaces
2016-12-19 11:32:46 -05:00
Jimmy Zelinskie
3be8dfcf99
fetchers/alpine: auto detect namespaces
2016-12-19 11:32:46 -05:00
Jimmy Zelinskie
59e6c628dc
alpine: refactor fetcher & git pull on update
2016-12-19 11:32:46 -05:00
Jimmy Zelinskie
3d90cac427
alpine: add support for v3.4 YAML schema
2016-12-19 11:32:46 -05:00
Jimmy Zelinskie
0cb8fc9455
updater/fetchers: add alpine secdb fetcher
2016-12-19 11:32:45 -05:00
Jordi Massaguer Pla
b8ceb0c461
Integrated a fetcher for openSUSE and for SUSE Linux Enterprise
...
We extracted oval parser from rhel and used that for opensuse and
SUSE Linux Enterpise
Signed-off-by: Thomas Boerger <tboerger@suse.de>
Signed-off-by: Jordi Massaguer Pla <jmassaguerpla@suse.de>
2016-09-23 12:00:00 +02:00
Vincent Batts
ce8d31bbb3
redhatrelease: override match for RHEL hosts
...
Until https://github.com/coreos/clair/pull/193 is merged, having
vulnerabilities that are tagged both rhel and centos would duplicate in
the database or use a change that requires a migration.
But presently due to the fetcher logic, the rhel provided
vulnerabilities are labelled for centos, and then the namespace does not
match and therefore not tested against.
So until such a day that a vulnerability could have both rhel and centos
label, then hack this in. It'll accomplish the same during this interim.
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2016-08-12 15:35:32 -04:00
Quentin Machu
be97db5261
updater: enable fetching of RHEL 5 vulnerabilities ( #217 )
...
The RHEL updater currently ignores vulnerabilities for CentOS <= 5.
s the naming of the constant firstConsideredRHEL suggests it, it
should actually considers CentOS 5 and ignores CentOS < 5.
Fixes #215
2016-07-15 11:54:47 -04:00
Quentin Machu
28295eb2bf
Merge pull request #186 from Quentin-M/delete_ubuntu_repository
...
updater: Delete Ubuntu's repository upon bzr errors
2016-06-09 19:27:17 +02:00
Quentin Machu
34f62ef1f1
updater: delete Ubuntu's repository upon bzr errors
...
By deleting an Ubuntu repository that may be in a bad state,
Clair will eventually be able to perform the update, instead of retrying naively.
Fixes #169
2016-06-09 14:11:30 +02:00
Fabian Ruff
85edda6ce1
Switch to https for ubuntu cve tracker
...
Fixes #168
2016-05-25 23:29:03 +02:00
Quentin Machu
836d37b275
*: use path/filepath
instead of path
2016-05-20 12:01:31 -05:00
Jimmy Zelinskie
500fc4e407
various: gofmt -s
2016-02-24 19:29:36 -05:00
Quentin Machu
45ed80df1b
updater: remove useless error
2016-02-24 16:36:45 -05:00
Quentin Machu
2126259c99
updater: use a better link for Ubuntu vulnerabilities and rename some constants
2016-02-24 16:36:45 -05:00
Quentin Machu
5fdd9d1a07
*: add metadata support along with NVD CVSS
2016-02-24 16:36:45 -05:00
Quentin Machu
431c0ccb03
updater: add a clean function to fetchers
2016-02-24 16:36:45 -05:00
Quentin Machu
3ecb8b69cb
updater: ignore "ubuntu-core" in the Ubuntu fetcher
2016-02-24 16:34:54 -05:00
Quentin Machu
4bdbd5e6db
*: fix several tests
2016-02-24 16:34:54 -05:00
Quentin Machu
8e852348a1
updater: ensure that ubuntu's notes are unique
2016-02-24 16:34:54 -05:00
Quentin Machu
99de759224
updater: namespace and split Ubuntu/RHEL vulnerabilities
2016-02-24 16:34:54 -05:00
Quentin Machu
85fa3f9a38
updater/worker: adapt several tests
2016-02-24 16:34:54 -05:00
Quentin Machu
847c649288
updater: update RHEL fetcher and add not-affected capability
2016-02-24 16:34:54 -05:00
Quentin Machu
ea59b0e45f
updater: update Ubuntu fetcher and add not-affected capability
2016-02-24 16:34:54 -05:00
Quentin Machu
7e72eb10b6
updater: ignore Debian's "temp" vulnerabilities
2016-02-24 16:34:54 -05:00
Quentin Machu
77387af2ac
updater: port updater and its fetchers
2016-02-24 16:34:54 -05:00
Quentin Machu
452f7018ec
updater: move each fetcher to its own package
2016-02-24 16:32:21 -05:00
Quentin Machu
2c150b015e
*: refactor & do initial work towards PostgreSQL implementation
2016-02-24 16:32:21 -05:00
Stephane Jourdan
e91365f4b3
updater: fix typos
2016-02-23 18:07:41 +01:00
Quentin Machu
712aa11b8b
updater: Add support for Ubuntu Vivid Core and ignore Vivid PhoneOverlay
...
Reacts to https://bazaar.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master/revision/10488
2016-01-25 13:04:39 -05:00
Quentin Machu
c055c33cf8
updater: Fix Ubuntu's partial update bug.
...
Deferring file closing causes `too many open files` (exceeding fs.file-max) on some platforms!
2015-12-16 15:42:32 -05:00
Quentin Machu
a7b683d4ba
updater: Refactor and merge fetcher responses
...
Fixes #17 and lays the groundwork for #19 .
2015-12-01 16:18:45 -05:00
Quentin Machu
2452a8fc48
updater: Always use bzr revno
to get Ubuntu db's revision number.
...
Fixes #7
2015-11-16 18:33:39 -05:00
Quentin Machu
3ec262dd51
Initial commit
2015-11-13 14:11:28 -05:00