-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmanual.go
122 lines (101 loc) · 3.01 KB
/
manual.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package manual
import (
"context"
"github.com/quay/claircore"
"github.com/quay/claircore/libvuln/driver"
"github.com/quay/zlog"
"io"
"io/fs"
"net/http"
"net/url"
)
// Factory is the UpdaterSetFactory exposed by this package.
//
// All configuration is done on the returned updaters. See the [Config] type.
var Factory driver.UpdaterSetFactory = &factory{}
type factory struct{}
func (factory) UpdaterSet(context.Context) (s driver.UpdaterSet, err error) {
s = driver.NewUpdaterSet()
s.Add(&updater{})
return s, nil
}
type updater struct {
c *http.Client
root *url.URL
// Allow is a bool-and-map-of-bool.
//
// If populated, only extant entries are allowed. If not populated,
// everything is allowed. It uses a bool to make a conditional simpler later.
allow map[string]bool
}
// Config is the configuration that this updater accepts.
//
// By convention, it's at a key called "osv".
type Config struct {
// The URL serving data dumps behind an S3 API.
//
// Authentication is unconfigurable, the ListObjectsV2 API must be publicly
// accessible.
URL string `json:"url" yaml:"url"`
// Allowlist is a list of ecosystems to allow. When this is unset, all are
// allowed.
//
// Extant ecosystems are discovered at runtime, see the OSV Schema
// (https://ossf.github.io/osv-schema/) or the "ecosystems.txt" file in the
// OSV data for the current list.
Allowlist []string `json:"allowlist" yaml:"allowlist"`
}
var _ driver.Updater = (*updater)(nil)
func (u *updater) Name() string { return `manual` }
// Configure implements driver.Configurable.
func (u *updater) Configure(ctx context.Context, f driver.ConfigUnmarshaler, c *http.Client) error {
ctx = zlog.ContextWithValues(ctx, "component", "updater/manual/updater.Configure")
//client is always nil since there's no need to have http connection
var cfg Config
if l := len(cfg.Allowlist); l != 0 {
u.allow = make(map[string]bool, l)
for _, a := range cfg.Allowlist {
u.allow[a] = true
}
}
zlog.Debug(ctx).Msg("loaded incoming config")
return nil
}
type fingerprint struct {
Etag string
Ecosystems []ecoFP
}
type ecoFP struct {
Ecosystem string
Key string
Etag string
}
func (u *updater) Fetch(ctx context.Context, f driver.Fingerprint) (io.ReadCloser, driver.Fingerprint, error) {
return nil, "", nil
}
func (u *updater) Parse(ctx context.Context, contents io.ReadCloser) ([]*claircore.Vulnerability, error) {
return manuallyEnrichedVulns, nil
}
type (
fileStat interface{ Stat() (fs.FileInfo, error) }
sizer interface{ Size() int64 }
)
// Ecs is an entity-component system for vulnerabilities.
//
// This is organized this way to help consolidate allocations.
type ecs struct {
Updater string
pkgindex map[string]int
repoindex map[string]int
Vulnerability []claircore.Vulnerability
Package []claircore.Package
Distribution []claircore.Distribution
Repository []claircore.Repository
}
func newECS(u string) ecs {
return ecs{
Updater: u,
pkgindex: make(map[string]int),
repoindex: make(map[string]int),
}
}