clair

arno/clair

Author	SHA1	Message	Date
Eric Sim	6617f560cc	database: Rename affected type to feature type (for Amazon Linux updater)	2019-04-11 13:26:14 -07:00
Eric Sim	adde75975f	Fix style issues	2019-04-11 13:26:14 -07:00
Eric Sim	684ae2be1d	Refactoring (minor)	2019-04-11 13:26:14 -07:00
Eric Sim	8e98ee878a	Add 2xx checks for mirror.list and repomd.xml	2019-04-11 13:26:13 -07:00
Eric Sim	803cf4a29e	gofmt	2019-04-11 13:26:13 -07:00
Eric Sim	8fb9097dbd	Add updaters for Amazon Linux 2018.03 and Amazon Linux 2 We get vulnerabilities from ALAS (Amazon Linux Security Advisories) data, which can be found in updateinfo.xml from the repos.	2019-04-11 13:26:13 -07:00
Sida Chen	1b9ed99646	database: Move db logic to dbutil Move all transaction related logic to dbutil to simplify and later unify the db interface.	2019-03-06 15:22:21 -05:00
Sida Chen	73bc2bc36b	Merge pull request #672 from KeyboardNerd/source_package/feature_type Implement Feature types	2019-02-20 15:58:50 -05:00
Sida Chen	7dd989c0f2	database: Rename affected Type to feature type	2019-02-19 16:48:42 -05:00
Jimmy Zelinskie	cafe0976a4	Merge pull request #685 from jzelinskie/updater-cleanup updater: remove FindLock(), use errgroup to avoid races	2019-02-14 14:57:59 -05:00
Jimmy Zelinskie	25078ac838	ext: add CleanAll() utility functions	2019-01-10 13:50:46 -05:00
Flavio Castelli	5a4d4913c1	Reintroduce image scanning for openSUSE and SLE Handle scanning of openSUSE and SUSE Linux Enterprise images. Signed-off-by: Flavio Castelli <fcastelli@suse.com>	2019-01-07 18:48:55 +01:00
Ales Raszka	bd7102d963	Vulnsrc rhel: handle "none" CVE impact Some RHEL CVEs [1] contains "none" string in impact field. This is throwing warning message when fetching vulnerabilities. The new code handles this case and it uses advisory severity instead. [1] https://www.redhat.com/security/data/oval/com.redhat.rhsa-20080038.xml	2019-01-02 14:27:08 +01:00
Geoff Baskwill	3503ddb96f	vulnsrc_oracle: one vulnerability per CVE Get one vulnerability per CVE for Oracle instead of one per ELSA so we can have NVD metadata added to the vulnerabilities. Related: #495, #499.	2018-11-02 19:36:43 -04:00
Sida Chen	72674ca871	vulnsrc: Refactor vulnerability sources to use utility functions	2018-10-22 23:00:58 -04:00
Sida Chen	2236b0a5c9	updater: Add vulnsrc affected feature type Each vulnerability source has a specific type of feature that it affects We assume the following: * Alpine: Binary Package * Debian: Source Package * Ubuntu: Source Package * Oracle OVAL: Binary Package * RHEL OVAL: Binary Package	2018-10-18 15:06:41 -04:00
Kate Murphy	8d5a0131c4	ext: Use SHA256 instead of SHA1 for fingerprinting To make static analysis tools happy. The current use of SHA1 for fingerprinting is safe. However, there is very little downside to switching to SHA256.	2018-10-12 16:09:14 -04:00
Jimmy Zelinskie	0ca9431235	Merge pull request #621 from jzelinskie/gitutil pkg/gitutil: init	2018-09-26 11:42:35 -04:00
Jimmy Zelinskie	c2d887f9e9	pkg/gitutil: init This refactors the code we're using to manage temporary git repositories into a utility package.	2018-09-19 13:50:54 -04:00
Grégoire Unbekandt	c4ffa0c370	vulnsrc_rhel: cve impact use the specific CVE's impact field instead of the RHSA's one	2018-09-15 00:00:09 +02:00
Grégoire Unbekandt	a90db713a2	vulnsrc_rhel: add test Add test for multiple CVE	2018-09-14 23:54:33 +02:00
Grégoire Unbekandt	8b3338ef56	vulnsrc_rhel: minor changes delete a useless line	2018-09-14 23:54:33 +02:00
Grégoire Unbekandt	4e4e98f328	vulnsrc_rhel: minor changes Code reorganisation	2018-09-14 23:54:33 +02:00
Grégoire Unbekandt	ac86a36740	vulnsrc_rhel: rhsa_ID by default If no CVE is present, create a vulnerability with rhsa ID	2018-09-14 23:54:33 +02:00
Grégoire Unbekandt	4ab98cfe54	vulnsrc_rhel: one vulnerability by CVE Get one vulnerability by CVE_ID for RHEL instead of one by RHSA_ID so we can have NVD metadata added to the vulnerabilities. Fixes #495	2018-09-14 23:54:33 +02:00
Jimmy Zelinskie	06b257cc97	Merge pull request #606 from MackJM/wip/master_httputil Adding httputil and version packages to master	2018-09-06 11:27:35 -04:00
Jimmy Zelinskie	ce15f73501	*: gofmt -s	2018-09-05 19:20:35 -04:00
Jean Michel MacKay	9df4f5bd70	Adding httputil and version packages - Debian/RHEL/Oracle vulnsrc now use httputil to download files - httputil sets the User-Agent to the requests as Clair/<version> (https://github.com/coreos/clair/) - httputil holds Status2xx() which returns if the response is a http success (2xx) - GetClientAddr moved from api/httputil to pkg/httputil - the version packge holds a Version string which is set at build time from the git tag and sha - the .git directory was removed from .dockerignore so that we can use the git tag to set the version	2018-09-05 14:56:39 -04:00
Daniel Jiang	9e4a347ecd	Quickfix to the URL for fetching alpine's vuln data. Fixes #593 Signed-off-by: Daniel Jiang <jiangd@vmware.com>	2018-08-23 13:39:26 +08:00
Jimmy Zelinskie	456af5f48c	vulnsrc/ubuntu: use new git-based ubuntu tracker	2018-07-10 16:46:46 -04:00
Jimmy Zelinskie	c031f8ea0c	vulnsrc/alpine: s/pull/clone	2018-07-05 19:11:30 -04:00
Jimmy Zelinskie	4c2be5285e	vulnsrc/alpine: avoid shadowing vars	2018-07-05 19:09:45 -04:00
Sida Chen	fb32dcfa58	Clair Logic, Extensions: updated mock tests, extensions, basic logic Main Clair logic is changed in worker, updater, notifier for better adapting ancestry schema. Extensions are updated with the new model and feature lister and namespace detector drivers are able to specify the specific listers and detectors used to process layer's content. InRange and GetFixedIn interfaces are added to Version format for adapting ranged affected features and next available fixed in in the future. Tests for worker, updater and extensions are fixed.	2017-08-10 11:24:40 -04:00
alinar	d4a967e6e6	Fixing always revision 0 for ubuntu	2017-06-07 12:37:24 +01:00
Jimmy Zelinskie	0891bbac00	ext/vulnsrc/alpine: use HTTPS	2017-05-11 15:18:37 -04:00
Sida Chen	9306e99368	converted to structured logging by using logrus changed from capnslog to logrus for logging JSON structured message. finished issue #383	2017-05-04 13:59:57 -04:00
Jimmy Zelinskie	09cbfe325b	ext/vulnsrc/oracle: ensure flag is largest elsa If the Oracle Linux directory is ever in the wrong order, this should ensure that the updaterFlag is always set the latest ELSA value.	2017-04-27 18:57:19 -04:00
Jimmy Zelinskie	bcf47f53ee	ext/vulnsrc/oracle: fix ELSA version comparison Previously we naively compared integers. However, not all versions have the same length.	2017-04-19 15:15:41 -04:00
Jimmy Zelinskie	300fe980ef	ext/vulnsrc/ubuntu: add missing version format	2017-03-01 01:12:27 -05:00
Quentin Machu	d606d85afe	ext/vulnsrc/rhel: fix logging namespace	2017-02-22 10:50:42 -08:00
Jimmy Zelinskie	c8622d5f34	vulnsrc/alpine: unify schema and parse v3.5 HEAD of Alpine SecDB now uses one consistent schema for all of their vulnerabilities, so the logic around parsing different versions can now be removed. This change also crawls the directory structure to parse all files due to the addition of community.yaml tracking community Alpine Linux packages.	2017-02-07 13:31:28 -08:00
Jimmy Zelinskie	9c63a63944	clair: mv updater clair and mv severity to db	2017-01-22 23:20:56 -05:00
Jimmy Zelinskie	c2f4a44068	utils: rm exec.go This change also adds a dependency check at startup, rather than runtime.	2017-01-22 23:02:51 -05:00
Jimmy Zelinskie	343e24eb7e	clair: remove `types` package This removes the `types` package instead moving the contents to the top-level clair package. This change also renames the `Priority` type to `Severity` in order to reduce confusion. This change also removes the IsValid method and replaces it with a safe constructor to avoid the creation of invalid values. Many docstrings were tweaked in the making of this commit.	2017-01-22 23:02:51 -05:00
Jimmy Zelinskie	f9b319089d	ext: lock all drivers	2017-01-22 23:02:50 -05:00
Jimmy Zelinskie	78cef02fda	pkg: cerrors -> commonerr	2017-01-22 23:02:50 -05:00
Jimmy Zelinskie	4a990372ff	refactor: move updaters and notifier into ext	2017-01-22 23:02:50 -05:00

47 Commits