Merge pull request #672 from KeyboardNerd/source_package/feature_type

Implement Feature types

.travis.yml

@@ -31,11 +31,6 @@ notifications:
 
 matrix:
   include:
-  - addons:
-      apt:
-        packages:
-        - rpm
-      postgresql: 9.4
   - addons:
       apt:
         packages:

api/v3/clairpb/clair.proto

@@ -80,6 +80,9 @@ message Feature {
   Detector detector = 5;
   // The list of vulnerabilities that affect the feature.
   repeated Vulnerability vulnerabilities = 6;
+  // The feature type indicates if the feature represents a source package or
+  // binary package.
+  string feature_type = 7;
 }
 
 message Layer {

api/v3/clairpb/clair.swagger.json

@@ -330,6 +330,10 @@
             "$ref": "#/definitions/clairVulnerability"
           },
           "description": "The list of vulnerabilities that affect the feature."
+        },
+        "feature_type": {
+          "type": "string",
+          "description": "The feature type indicates if the feature represents a source package or\nbinary package."
         }
       }
     },

api/v3/clairpb/convert.go

@@ -99,6 +99,7 @@ func NotificationFromDatabaseModel(dbNotification database.VulnerabilityNotifica
 	return &noti, nil
 }
 
+// VulnerabilityFromDatabaseModel converts database Vulnerability to api Vulnerability.
 func VulnerabilityFromDatabaseModel(dbVuln database.Vulnerability) (*Vulnerability, error) {
 	metaString := ""
 	if dbVuln.Metadata != nil {
@@ -119,6 +120,7 @@ func VulnerabilityFromDatabaseModel(dbVuln database.Vulnerability) (*Vulnerabili
 	}, nil
 }
 
+// VulnerabilityWithFixedInFromDatabaseModel converts database VulnerabilityWithFixedIn to api Vulnerability.
 func VulnerabilityWithFixedInFromDatabaseModel(dbVuln database.VulnerabilityWithFixedIn) (*Vulnerability, error) {
 	vuln, err := VulnerabilityFromDatabaseModel(dbVuln.Vulnerability)
 	if err != nil {
@@ -145,9 +147,11 @@ func NamespacedFeatureFromDatabaseModel(feature database.AncestryFeature) *Featu
 		VersionFormat: feature.Namespace.VersionFormat,
 		Version:       version,
 		Detector:      DetectorFromDatabaseModel(feature.FeatureBy),
+		FeatureType:   string(feature.Type),
 	}
 }
 
+// DetectorFromDatabaseModel converts database detector to api detector.
 func DetectorFromDatabaseModel(detector database.Detector) *Detector {
 	return &Detector{
 		Name:    detector.Name,
@@ -156,6 +160,7 @@ func DetectorFromDatabaseModel(detector database.Detector) *Detector {
 	}
 }
 
+// DetectorsFromDatabaseModel converts database detectors to api detectors.
 func DetectorsFromDatabaseModel(dbDetectors []database.Detector) []*Detector {
 	detectors := make([]*Detector, 0, len(dbDetectors))
 	for _, d := range dbDetectors {

database/database.go

@@ -17,7 +17,6 @@
 package database
 
 import (
-	"errors"
 	"fmt"
 	"time"
 
@@ -27,20 +26,20 @@ import (
 var (
 	// ErrBackendException is an error that occurs when the database backend
 	// does not work properly (ie. unreachable).
-	ErrBackendException = errors.New("database: an error occurred when querying the backend")
+	ErrBackendException = NewStorageError("an error occurred when querying the backend")
 
 	// ErrInconsistent is an error that occurs when a database consistency check
 	// fails (i.e. when an entity which is supposed to be unique is detected
 	// twice)
-	ErrInconsistent = errors.New("database: inconsistent database")
+	ErrInconsistent = NewStorageError("inconsistent database")
 
 	// ErrInvalidParameters is an error that occurs when the parameters are not valid.
-	ErrInvalidParameters = errors.New("database: parameters are not valid")
+	ErrInvalidParameters = NewStorageError("parameters are not valid")
 
 	// ErrMissingEntities is an error that occurs when an associated immutable
 	// entity doesn't exist in the database. This error can indicate a wrong
 	// implementation or corrupted database.
-	ErrMissingEntities = errors.New("database: associated immutable entities are missing in the database")
+	ErrMissingEntities = NewStorageError("associated immutable entities are missing in the database")
 )
 
 // RegistrableComponentConfig is a configuration block that can be used to

database/affected_feature_type.go → database/error.go

@@ -1,4 +1,4 @@
-// Copyright 2018 clair authors
+// Copyright 2019 clair authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -14,13 +14,22 @@
 
 package database
 
-// AffectedFeatureType indicates the type of feature that a vulnerability
-// affects.
-type AffectedFeatureType string
+// StorageError is database error
+type StorageError struct {
+	reason   string
+	original error
+}
 
-const (
-	// AffectSourcePackage indicates the vulnerability affects a source package.
-	AffectSourcePackage AffectedFeatureType = "source"
-	// AffectBinaryPackage indicates the vulnerability affects a binary package.
-	AffectBinaryPackage AffectedFeatureType = "binary"
-)
+func (e *StorageError) Error() string {
+	return e.reason
+}
+
+// NewStorageErrorWithInternalError creates a new database error
+func NewStorageErrorWithInternalError(reason string, originalError error) *StorageError {
+	return &StorageError{reason, originalError}
+}
+
+// NewStorageError creates a new database error
+func NewStorageError(reason string) *StorageError {
+	return &StorageError{reason, nil}
+}

database/feature_type.go

@@ -0,0 +1,52 @@
+// Copyright 2019 clair authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package database
+
+import (
+	"database/sql/driver"
+	"fmt"
+)
+
+// FeatureType indicates the type of feature that a vulnerability
+// affects.
+type FeatureType string
+
+const (
+	SourcePackage FeatureType = "source"
+	BinaryPackage FeatureType = "binary"
+)
+
+var featureTypes = []FeatureType{
+	SourcePackage,
+	BinaryPackage,
+}
+
+// Scan implements the database/sql.Scanner interface.
+func (t *FeatureType) Scan(value interface{}) error {
+	val := value.(string)
+	for _, ft := range featureTypes {
+		if string(ft) == val {
+			*t = ft
+			return nil
+		}
+	}
+
+	panic(fmt.Sprintf("invalid feature type received from database: '%s'", val))
+}
+
+// Value implements the database/sql/driver.Valuer interface.
+func (t *FeatureType) Value() (driver.Value, error) {
+	return string(*t), nil
+}

database/models.go

@@ -155,18 +155,33 @@ type Namespace struct {
 	VersionFormat string
 }
 
+func NewNamespace(name string, versionFormat string) *Namespace {
+	return &Namespace{name, versionFormat}
+}
+
 // Feature represents a package detected in a layer but the namespace is not
 // determined.
 //
-// e.g. Name: Libssl1.0, Version: 1.0, Name: Openssl, Version: 1.0, VersionFormat: dpkg.
+// e.g. Name: Libssl1.0, Version: 1.0, VersionFormat: dpkg, Type: binary
 // dpkg is the version format of the installer package manager, which in this
 // case could be dpkg or apk.
 type Feature struct {
 	Name          string
 	Version       string
-	SourceName    string
-	SourceVersion string
 	VersionFormat string
+	Type          FeatureType
+}
+
+func NewFeature(name string, version string, versionFormat string, featureType FeatureType) *Feature {
+	return &Feature{name, version, versionFormat, featureType}
+}
+
+func NewBinaryPackage(name string, version string, versionFormat string) *Feature {
+	return &Feature{name, version, versionFormat, BinaryPackage}
+}
+
+func NewSourcePackage(name string, version string, versionFormat string) *Feature {
+	return &Feature{name, version, versionFormat, SourcePackage}
 }
 
 // NamespacedFeature is a feature with determined namespace and can be affected
@@ -179,6 +194,11 @@ type NamespacedFeature struct {
 	Namespace Namespace
 }
 
+func NewNamespacedFeature(namespace *Namespace, feature *Feature) *NamespacedFeature {
+	// TODO: namespaced feature should use pointer values
+	return &NamespacedFeature{*feature, *namespace}
+}
+
 // AffectedNamespacedFeature is a namespaced feature affected by the
 // vulnerabilities with fixed-in versions for this feature.
 type AffectedNamespacedFeature struct {
@@ -199,10 +219,10 @@ type VulnerabilityWithFixedIn struct {
 // by a Vulnerability. Namespace and Feature Name is unique. Affected Feature is
 // bound to vulnerability.
 type AffectedFeature struct {
-	// AffectedType determines which type of package it affects.
-	AffectedType AffectedFeatureType
-	Namespace    Namespace
-	FeatureName  string
+	// FeatureType determines which type of package it affects.
+	FeatureType FeatureType
+	Namespace   Namespace
+	FeatureName string
 	// FixedInVersion is known next feature version that's not affected by the
 	// vulnerability. Empty FixedInVersion means the unaffected version is
 	// unknown.

database/pgsql/ancestry.go

@@ -23,10 +23,11 @@ const (
 
 	findAncestryFeatures = `
 		SELECT namespace.name, namespace.version_format, feature.name, 
-			feature.version, feature.version_format, ancestry_layer.ancestry_index, 
+			feature.version, feature.version_format, feature_type.name, ancestry_layer.ancestry_index, 
 			ancestry_feature.feature_detector_id, ancestry_feature.namespace_detector_id
-		FROM namespace, feature, namespaced_feature, ancestry_layer, ancestry_feature
+		FROM namespace, feature, feature_type, namespaced_feature, ancestry_layer, ancestry_feature
 		WHERE ancestry_layer.ancestry_id = $1
+			AND feature_type.id = feature.type
 			AND ancestry_feature.ancestry_layer_id = ancestry_layer.id
 			AND ancestry_feature.namespaced_feature_id = namespaced_feature.id
 			AND namespaced_feature.feature_id = feature.id
@@ -256,6 +257,7 @@ func (tx *pgSession) findAncestryFeatures(ancestryID int64, detectors detectorMa
 			&feature.Feature.Name,
 			&feature.Feature.Version,
 			&feature.Feature.VersionFormat,
+			&feature.Feature.Type,
 			&index,
 			&featureDetectorID,
 			&namespaceDetectorID,