Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Feature types #672

Merged
merged 12 commits into from
Feb 20, 2019
Merged

Implement Feature types #672

merged 12 commits into from
Feb 20, 2019

Conversation

KeyboardNerd
Copy link
Contributor

@KeyboardNerd KeyboardNerd commented Dec 12, 2018
edited
Loading

The PR is to differentiate packages by their types, and vulnerabilities to affect different types of features.

Change set:

  1. Feature Detectors: Extract both binary and source packages from image layers

  2. Vulnerability matching algorithm change: Each vulnerability matches a specific type of package, either binary or source package.

Vulnerability source Matching Package Type
Debian: "https://security-tracker.debian.org/tracker" matching source package name
Ubuntu: "https://git.launchpad.net/ubuntu-cve-tracker" matching source package name
Alpine: "https://github.com/alpinelinux/alpine-secdb" matching binary package name
Oracle: "https://linux.oracle.com/oval/" matching binary package name
RHEL: "https://www.redhat.com/security/data/oval/" matching binary package name

Please correct the above assumption for each vulnerability data source if any error.

  1. API change: Clair returns all found binary and source packages to the client, and let the client to filter.
    For each Feature, we add a field to indicate the type of the feature, currently it's Binary or Source package.

@KeyboardNerd KeyboardNerd changed the title Source -> Binary package: Rename affected feature type to feature type Structured layer feature for supporting source -> binary features Dec 12, 2018
@KeyboardNerd KeyboardNerd mentioned this pull request Jan 22, 2019
Closed
@KeyboardNerd KeyboardNerd changed the title Structured layer feature for supporting source -> binary features WIP: Structured layer feature for supporting source -> binary features Feb 12, 2019
@KeyboardNerd KeyboardNerd changed the title WIP: Structured layer feature for supporting source -> binary features WIP: Source package to binary package mapping Feb 12, 2019
@KeyboardNerd KeyboardNerd changed the title WIP: Source package to binary package mapping WIP: Implement Package types Feb 13, 2019
@KeyboardNerd KeyboardNerd force-pushed the source_package/feature_type branch 2 times, most recently from bd4a4ec to a42632d Compare February 14, 2019 15:53
@KeyboardNerd
pgsql: Add feature_type to initial schema
c6c8fce 
feature_type is for differentiating the binary packages and source
packages.
@KeyboardNerd KeyboardNerd force-pushed the source_package/feature_type branch from 761cc3e to a770585 Compare February 19, 2019 21:43
@KeyboardNerd KeyboardNerd changed the title WIP: Implement Package types Implement Package types Feb 19, 2019
@KeyboardNerd KeyboardNerd changed the title Implement Package types Implement Feature types Feb 19, 2019
KeyboardNerd
KeyboardNerd commented Feb 19, 2019
View reviewed changes
Copy link
Contributor Author

@KeyboardNerd KeyboardNerd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

comments for PR reviewer

database/affected_feature_type.go
@@ -1,26 +0,0 @@
// Copyright 2018 clair authors
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is renamed to database/feature_type.go

database/database.go

// ErrMissingEntities is an error that occurs when an associated immutable
// entity doesn't exist in the database. This error can indicate a wrong
// implementation or corrupted database.
ErrMissingEntities = errors.New("database: associated immutable entities are missing in the database")
ErrMissingEntities = NewStorageError("associated immutable entities are missing in the database")
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

one by one we're moving to use special error type for the database.

database/models.go
@@ -155,18 +155,33 @@ type Namespace struct {
VersionFormat string
}

func NewNamespace(name string, versionFormat string) *Namespace {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we're moving to use the proper initializer for the database structs

database/pgsql/complex_test.go

fmt.Printf("%d features, %d vulnerabilities are generated", len(nsFeatures), len(vulnerabilities))
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove the concurrent insertion because the vulnerabilities <-> feature relationships are cached after the features are inserted into the database

@KeyboardNerd
database: Add feature_type database model
00eed77
@KeyboardNerd
database: Rename affected Type to feature type
7dd989c
@KeyboardNerd
featurefmt: Extract source packages and binary packages
0e0d8b3 
The featurefmt now extracts both binary packages and source packages
from the package manager infos.
@KeyboardNerd
database: Update feature model
f616753 
Remove source name/version fields
Add Type field to indicate if it's binary package or source package
@KeyboardNerd
pgsql: Add proper tests for database migration
073c685
@KeyboardNerd
database: Add StorageError type
5fa1ac8
@KeyboardNerd
pgsql: Fix postgres queries for feature_type
79af05e
@KeyboardNerd
worker: Fix tests for feature_type
23ccd9b
@KeyboardNerd
Travis: Drop support for postgres 9.4
870e812 
postgres 9.4 doesn't support ON CONFLICT, which is required in our
implementation.
@KeyboardNerd KeyboardNerd force-pushed the source_package/feature_type branch from a770585 to 870e812 Compare February 19, 2019 21:48
@KeyboardNerd
api/v3: Add feature type to API feature
32b11e5 
API now returns every feature found by the detectors and also indicates
the type of feature.
jzelinskie
jzelinskie suggested changes Feb 19, 2019
View reviewed changes
database/models.go
@@ -179,6 +194,11 @@ type NamespacedFeature struct {
Namespace Namespace
}

func NewNamespacedFeature(namespace *Namespace, feature *Feature) *NamespacedFeature {
// TODO: namespaced feature should use pointer values
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it only desirable to use pointers here to save memory?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's idiomatic to use the pointer value for structs

database/pgsql/complex_test.go Outdated Show resolved Hide resolved
database/pgsql/complex_test.go Show resolved Hide resolved
database/pgsql/complex_test.go Outdated Show resolved Hide resolved
database/pgsql/feature.go Outdated Show resolved Hide resolved
database/pgsql/migrations/00001_initial_schema.go Show resolved Hide resolved
@KeyboardNerd KeyboardNerd merged commit 73bc2bc into quay:master Feb 20, 2019
@KeyboardNerd KeyboardNerd deleted the source_package/feature_type branch February 20, 2019 20:58
@KeyboardNerd KeyboardNerd mentioned this pull request Feb 20, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jzelinskie jzelinskie jzelinskie approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@KeyboardNerd @jzelinskie