github.com/quay/claircore@v1.5.28/libvuln/driver/matcher.go

github.com/quay/claircore@v1.5.28/libvuln/driver/matcher.go (about)

     1  package driver
     2  
     3  import (
     4  	"context"
     5  
     6  	"github.com/quay/claircore"
     7  )
     8  
     9  // MatchConstraint explains to the caller how a search for a package's vulnerability should
    10  // be constrained.
    11  //
    12  // for example if sql implementation encounters a DistributionDID constraint
    13  // it should create a query similar to "SELECT * FROM vulnerabilities WHERE package_name = ? AND distribution_did = ?"
    14  type MatchConstraint int
    15  
    16  //go:generate go run golang.org/x/tools/cmd/stringer -type MatchConstraint
    17  
    18  const (
    19  	_ MatchConstraint = iota
    20  	// should match claircore.Package.Source.Name => claircore.Vulnerability.Package.Name
    21  	PackageSourceName
    22  	// should match claircore.Package.Name => claircore.Vulnerability.Package.Name
    23  	PackageName
    24  	// should match claircore.Package.Module => claircore.Vulnerability.Package.Module
    25  	PackageModule
    26  	// should match claircore.Package.Distribution.DID => claircore.Vulnerability.Package.Distribution.DID
    27  	DistributionDID
    28  	// should match claircore.Package.Distribution.Name => claircore.Vulnerability.Package.Distribution.Name
    29  	DistributionName
    30  	// should match claircore.Package.Distribution.Version => claircore.Vulnerability.Package.Distribution.Version
    31  	DistributionVersion
    32  	// should match claircore.Package.Distribution.VersionCodeName => claircore.Vulnerability.Package.Distribution.VersionCodeName
    33  	DistributionVersionCodeName
    34  	// should match claircore.Package.Distribution.VersionID => claircore.Vulnerability.Package.Distribution.VersionID
    35  	DistributionVersionID
    36  	// should match claircore.Package.Distribution.Arch => claircore.Vulnerability.Package.Distribution.Arch
    37  	DistributionArch
    38  	// should match claircore.Package.Distribution.CPE => claircore.Vulnerability.Package.Distribution.CPE
    39  	DistributionCPE
    40  	// should match claircore.Package.Distribution.PrettyName => claircore.Vulnerability.Package.Distribution.PrettyName
    41  	DistributionPrettyName
    42  	// should match claircore.Package.Repository.Name => claircore.Vulnerability.Package.Repository.Name
    43  	RepositoryName
    44  )
    45  
    46  // Matcher is an interface which a Controller uses to query the vulnstore for vulnerabilities.
    47  type Matcher interface {
    48  	// a unique name for the matcher
    49  	Name() string
    50  	// Filter informs the Controller if the implemented Matcher is interested in the provided IndexRecord.
    51  	Filter(record *claircore.IndexRecord) bool
    52  	// Query informs the Controller how it should match packages with vulnerabilities.
    53  	// All conditions are logical AND'd together.
    54  	Query() []MatchConstraint
    55  	// Vulnerable informs the Controller if the given package is affected by the given vulnerability.
    56  	// for example checking the "FixedInVersion" field.
    57  	Vulnerable(ctx context.Context, record *claircore.IndexRecord, vuln *claircore.Vulnerability) (bool, error)
    58  }
    59  
    60  // VersionFilter is an additional interface that a Matcher can implement to
    61  // opt-in to using normalized version information in database queries.
    62  type VersionFilter interface {
    63  	VersionFilter()
    64  	// VersionAuthoritative reports whether the Matcher trusts the database-side
    65  	// filtering to be authoritative.
    66  	//
    67  	// A Matcher may return false if it's using a versioning scheme that can't
    68  	// be completely normalized into a claircore.Version.
    69  	VersionAuthoritative() bool
    70  }