forked from quay/claircore
/
get.go
150 lines (138 loc) · 3.82 KB
/
get.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
package postgres
import (
"context"
"fmt"
"strconv"
"time"
"github.com/jackc/pgx/v4"
"github.com/jackc/pgx/v4/pgxpool"
"github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promauto"
"github.com/quay/zlog"
"go.opentelemetry.io/otel/baggage"
"go.opentelemetry.io/otel/label"
"github.com/Panzer1119/claircore"
"github.com/Panzer1119/claircore/internal/vulnstore"
)
var (
getCounter = promauto.NewCounterVec(
prometheus.CounterOpts{
Namespace: "claircore",
Subsystem: "vulnstore",
Name: "get_total",
Help: "Total number of database queries issued in the get method.",
},
[]string{"query"},
)
getDuration = promauto.NewHistogramVec(
prometheus.HistogramOpts{
Namespace: "claircore",
Subsystem: "vulnstore",
Name: "get_duration_seconds",
Help: "The duration of all queries issued in the get method",
},
[]string{"query"},
)
)
func get(ctx context.Context, pool *pgxpool.Pool, records []*claircore.IndexRecord, opts vulnstore.GetOpts) (map[string][]*claircore.Vulnerability, error) {
ctx = baggage.ContextWithValues(ctx,
label.String("component", "internal/vulnstore/postgres/get"))
tx, err := pool.Begin(ctx)
if err != nil {
return nil, err
}
defer tx.Rollback(ctx)
// start a batch
batch := &pgx.Batch{}
for _, record := range records {
query, err := buildGetQuery(record, &opts)
if err != nil {
// if we cannot build a query for an individual record continue to the next
zlog.Debug(ctx).
Err(err).
Str("record", fmt.Sprintf("%+v", record)).
Msg("could not build query for record")
continue
}
// queue the select query
batch.Queue(query)
}
// send the batch
tctx, cancel := context.WithTimeout(ctx, 30*time.Second)
defer cancel()
start := time.Now()
res := tx.SendBatch(tctx, batch)
// Can't just defer the close, because the batch must be fully handled
// before resolving the transaction. Maybe we can move this result handling
// into its own function to be able to just defer it.
// gather all the returned vulns for each queued select statement
results := make(map[string][]*claircore.Vulnerability)
vulnSet := make(map[string]map[string]struct{})
for _, record := range records {
rows, err := res.Query()
if err != nil {
res.Close()
return nil, err
}
// unpack all returned rows into claircore.Vulnerability structs
for rows.Next() {
// fully allocate vuln struct
v := &claircore.Vulnerability{
Package: &claircore.Package{},
Dist: &claircore.Distribution{},
Repo: &claircore.Repository{},
}
var id int64
err := rows.Scan(
&id,
&v.Name,
&v.Description,
&v.Issued,
&v.Links,
&v.Severity,
&v.NormalizedSeverity,
&v.Package.Name,
&v.Package.Version,
&v.Package.Module,
&v.Package.Arch,
&v.Package.Kind,
&v.Dist.DID,
&v.Dist.Name,
&v.Dist.Version,
&v.Dist.VersionCodeName,
&v.Dist.VersionID,
&v.Dist.Arch,
&v.Dist.CPE,
&v.Dist.PrettyName,
&v.ArchOperation,
&v.Repo.Name,
&v.Repo.Key,
&v.Repo.URI,
&v.FixedInVersion,
&v.Updater,
)
v.ID = strconv.FormatInt(id, 10)
if err != nil {
res.Close()
return nil, fmt.Errorf("failed to scan vulnerability: %v", err)
}
rid := record.Package.ID
if _, ok := vulnSet[rid]; !ok {
vulnSet[rid] = make(map[string]struct{})
}
if _, ok := vulnSet[rid][v.ID]; !ok {
vulnSet[rid][v.ID] = struct{}{}
results[rid] = append(results[rid], v)
}
}
}
if err := res.Close(); err != nil {
return nil, fmt.Errorf("some weird batch error: %v", err)
}
getCounter.WithLabelValues("query_batch").Add(1)
getDuration.WithLabelValues("query_batch").Observe(time.Since(start).Seconds())
if err := tx.Commit(ctx); err != nil {
return nil, fmt.Errorf("failed to commit tx: %v", err)
}
return results, nil
}