clair: mv updater clair and mv severity to db

api/v1/models.go

@@ -24,7 +24,6 @@ import (
 	"github.com/coreos/pkg/capnslog"
 	"github.com/fernet/fernet-go"
 
-	"github.com/coreos/clair"
 	"github.com/coreos/clair/database"
 	"github.com/coreos/clair/ext/versionfmt"
 )
@@ -109,7 +108,7 @@ type Vulnerability struct {
 }
 
 func (v Vulnerability) DatabaseModel() (database.Vulnerability, error) {
-	severity, err := clair.NewSeverity(v.Severity)
+	severity, err := database.NewSeverity(v.Severity)
 	if err != nil {
 		return database.Vulnerability{}, err
 	}

cmd/clair/main.go

@@ -27,13 +27,13 @@ import (
 
 	"github.com/coreos/pkg/capnslog"
 
+	"github.com/coreos/clair"
 	"github.com/coreos/clair/api"
 	"github.com/coreos/clair/api/context"
 	"github.com/coreos/clair/config"
 	"github.com/coreos/clair/database"
 	"github.com/coreos/clair/notifier"
 	"github.com/coreos/clair/pkg/stopper"
-	"github.com/coreos/clair/updater"
 
 	// Register database driver.
 	_ "github.com/coreos/clair/database/pgsql"
@@ -112,7 +112,7 @@ func Boot(config *config.Config) {
 
 	// Start updater
 	st.Begin()
-	go updater.Run(config.Updater, db, st)
+	go clair.RunUpdater(config.Updater, db, st)
 
 	// Wait for interruption and shutdown gracefully.
 	waitForSignals(syscall.SIGINT, syscall.SIGTERM)

database/database.go

@@ -12,7 +12,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// Package database defines the Clair's models and a common interface for database implementations.
+// Package database defines the Clair's models and a common interface for
+// database implementations.
 package database
 
 import (
@@ -144,7 +145,8 @@ type Datastore interface {
 	// Vulnerability in the database. It can be used to store the fact that a
 	// Vulnerability no longer affects the given Feature in any Version.
 	//
-	// It has has to create a Notification that will contain the old and the updated Vulnerability.
+	// It has has to create a Notification that will contain the old and the
+	// updated Vulnerability.
 	DeleteVulnerabilityFix(vulnerabilityNamespace, vulnerabilityName, featureName string) error
 
 	// GetAvailableNotification returns the Name, Created, Notified and Deleted

database/models.go

@@ -18,8 +18,6 @@ import (
 	"database/sql/driver"
 	"encoding/json"
 	"time"
-
-	"github.com/coreos/clair"
 )
 
 // ID is only meant to be used by database implementations and should never be used for anything else.
@@ -70,7 +68,7 @@ type Vulnerability struct {
 
 	Description string
 	Link        string
-	Severity    clair.Severity
+	Severity    Severity
 
 	Metadata MetadataMap
 

database/pgsql/complex_test.go

@@ -26,7 +26,6 @@ import (
 	"github.com/pborman/uuid"
 	"github.com/stretchr/testify/assert"
 
-	"github.com/coreos/clair"
 	"github.com/coreos/clair/database"
 	"github.com/coreos/clair/ext/versionfmt/dpkg"
 )
@@ -92,7 +91,7 @@ func TestRaceAffects(t *testing.T) {
 					Version: strconv.Itoa(version),
 				},
 			},
-			Severity: clair.Unknown,
+			Severity: database.UnknownSeverity,
 		}
 
 		vulnerabilities[version] = append(vulnerabilities[version], vulnerability)

database/pgsql/layer_test.go

@@ -20,7 +20,6 @@ import (
 
 	"github.com/stretchr/testify/assert"
 
-	"github.com/coreos/clair"
 	"github.com/coreos/clair/database"
 	"github.com/coreos/clair/ext/versionfmt/dpkg"
 	"github.com/coreos/clair/pkg/commonerr"
@@ -91,7 +90,7 @@ func TestFindLayer(t *testing.T) {
 				if assert.Len(t, featureVersion.AffectedBy, 1) {
 					assert.Equal(t, "debian:7", featureVersion.AffectedBy[0].Namespace.Name)
 					assert.Equal(t, "CVE-OPENSSL-1-DEB7", featureVersion.AffectedBy[0].Name)
-					assert.Equal(t, clair.High, featureVersion.AffectedBy[0].Severity)
+					assert.Equal(t, database.HighSeverity, featureVersion.AffectedBy[0].Severity)
 					assert.Equal(t, "A vulnerability affecting OpenSSL < 2.0 on Debian 7.0", featureVersion.AffectedBy[0].Description)
 					assert.Equal(t, "http://google.com/#q=CVE-OPENSSL-1-DEB7", featureVersion.AffectedBy[0].Link)
 					assert.Equal(t, "2.0", featureVersion.AffectedBy[0].FixedBy)

database/pgsql/notification_test.go

@@ -20,7 +20,6 @@ import (
 
 	"github.com/stretchr/testify/assert"
 
-	"github.com/coreos/clair"
 	"github.com/coreos/clair/database"
 	"github.com/coreos/clair/ext/versionfmt"
 	"github.com/coreos/clair/ext/versionfmt/dpkg"
@@ -169,7 +168,7 @@ func TestNotification(t *testing.T) {
 
 	// Update a vulnerability and ensure that the old/new vulnerabilities are correct.
 	v1b := v1
-	v1b.Severity = clair.High
+	v1b.Severity = database.HighSeverity
 	v1b.FixedIn = []database.FeatureVersion{
 		{
 			Feature: f1,

database/pgsql/vulnerability_test.go

@@ -20,7 +20,6 @@ import (
 
 	"github.com/stretchr/testify/assert"
 
-	"github.com/coreos/clair"
 	"github.com/coreos/clair/database"
 	"github.com/coreos/clair/ext/versionfmt"
 	"github.com/coreos/clair/ext/versionfmt/dpkg"
@@ -44,7 +43,7 @@ func TestFindVulnerability(t *testing.T) {
 		Name:        "CVE-OPENSSL-1-DEB7",
 		Description: "A vulnerability affecting OpenSSL < 2.0 on Debian 7.0",
 		Link:        "http://google.com/#q=CVE-OPENSSL-1-DEB7",
-		Severity:    clair.High,
+		Severity:    database.HighSeverity,
 		Namespace: database.Namespace{
 			Name:          "debian:7",
 			VersionFormat: dpkg.ParserName,
@@ -74,7 +73,7 @@ func TestFindVulnerability(t *testing.T) {
 			Name:          "debian:7",
 			VersionFormat: dpkg.ParserName,
 		},
-		Severity: clair.Unknown,
+		Severity: database.UnknownSeverity,
 	}
 
 	v2f, err := datastore.FindVulnerability("debian:7", "CVE-NOPE")
@@ -180,13 +179,13 @@ func TestInsertVulnerability(t *testing.T) {
 			Name:      "",
 			Namespace: n1,
 			FixedIn:   []database.FeatureVersion{f1},
-			Severity:  clair.Unknown,
+			Severity:  database.UnknownSeverity,
 		},
 		{
 			Name:      "TestInsertVulnerability0",
 			Namespace: database.Namespace{},
 			FixedIn:   []database.FeatureVersion{f1},
-			Severity:  clair.Unknown,
+			Severity:  database.UnknownSeverity,
 		},
 		{
 			Name:      "TestInsertVulnerability0-",
@@ -197,7 +196,7 @@ func TestInsertVulnerability(t *testing.T) {
 			Name:      "TestInsertVulnerability0",
 			Namespace: n1,
 			FixedIn:   []database.FeatureVersion{f2},
-			Severity:  clair.Unknown,
+			Severity:  database.UnknownSeverity,
 		},
 	} {
 		err := datastore.InsertVulnerabilities([]database.Vulnerability{vulnerability}, true)
@@ -217,7 +216,7 @@ func TestInsertVulnerability(t *testing.T) {
 		Name:        "TestInsertVulnerability1",
 		Namespace:   n1,
 		FixedIn:     []database.FeatureVersion{f1, f3, f6, f7},
-		Severity:    clair.Low,
+		Severity:    database.LowSeverity,
 		Description: "TestInsertVulnerabilityDescription1",
 		Link:        "TestInsertVulnerabilityLink1",
 		Metadata:    v1meta,
@@ -233,7 +232,7 @@ func TestInsertVulnerability(t *testing.T) {
 	// Update vulnerability.
 	v1.Description = "TestInsertVulnerabilityLink2"
 	v1.Link = "TestInsertVulnerabilityLink2"
-	v1.Severity = clair.High
+	v1.Severity = database.HighSeverity
 	// Update f3 in f4, add fixed in f5, add fixed in f6 which already exists,
 	// removes fixed in f7 by adding f8 which is f7 but with MinVersion, and
 	// add fixed by f5 a second time (duplicated).

database/severity.go

@@ -0,0 +1,134 @@
+// Copyright 2017 clair authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package database
+
+import (
+	"database/sql/driver"
+	"errors"
+	"strings"
+)
+
+// ErrFailedToParseSeverity is the error returned when a severity could not
+// be parsed from a string.
+var ErrFailedToParseSeverity = errors.New("failed to parse Severity from input")
+
+// Severity defines a standard scale for measuring the severity of a
+// vulnerability.
+type Severity string
+
+const (
+	// UnknownSeverity is either a security problem that has not been assigned to
+	// a priority yet or a priority that our system did not recognize.
+	UnknownSeverity Severity = "Unknown"
+
+	// NegligibleSeverity is technically a security problem, but is only
+	// theoretical in nature, requires a very special situation, has almost no
+	// install base, or does no real damage. These tend not to get backport from
+	// upstreams, and will likely not be included in security updates unless
+	// there is an easy fix and some other issue causes an update.
+	NegligibleSeverity Severity = "Negligible"
+
+	// LowSeverity is a security problem, but is hard to exploit due to
+	// environment, requires a user-assisted attack, a small install base, or
+	// does very little damage.  These tend to be included in security updates
+	// only when higher priority issues require an update, or if many low
+	// priority issues have built up.
+	LowSeverity Severity = "Low"
+
+	// MediumSeverity is a real security problem, and is exploitable for many
+	// people.  Includes network daemon denial of service attacks, cross-site
+	// scripting, and gaining user privileges.  Updates should be made soon for
+	// this priority of issue.
+	MediumSeverity Severity = "Medium"
+
+	// HighSeverity is a real problem, exploitable for many people in a default
+	// installation. Includes serious remote denial of services, local root
+	// privilege escalations, or data loss.
+	HighSeverity Severity = "High"
+
+	// CriticalSeverity is a world-burning problem, exploitable for nearly all
+	// people in a default installation of Linux. Includes remote root privilege
+	// escalations, or massive data loss.
+	CriticalSeverity Severity = "Critical"
+
+	// Defcon1Severity is a Critical problem which has been manually highlighted
+	// by the team. It requires an immediate attention.
+	Defcon1Severity Severity = "Defcon1"
+)
+
+// Severities lists all known severities, ordered from lowest to highest.
+var Severities = []Severity{
+	UnknownSeverity,
+	NegligibleSeverity,
+	LowSeverity,
+	MediumSeverity,
+	HighSeverity,
+	CriticalSeverity,
+	Defcon1Severity,
+}
+
+// NewSeverity attempts to parse a string into a standard Severity value.
+func NewSeverity(s string) (Severity, error) {
+	for _, ss := range Severities {
+		if strings.EqualFold(s, string(ss)) {
+			return ss, nil
+		}
+	}
+
+	return UnknownSeverity, ErrFailedToParseSeverity
+}
+
+// Compare determines the equality of two severities.
+//
+// If the severities are equal, returns 0.
+// If the receiever is less, returns -1.
+// If the receiver is greater, returns 1.
+func (s Severity) Compare(s2 Severity) int {
+	var i1, i2 int
+
+	for i1 = 0; i1 < len(Severities); i1 = i1 + 1 {
+		if s == Severities[i1] {
+			break
+		}
+	}
+	for i2 = 0; i2 < len(Severities); i2 = i2 + 1 {
+		if s2 == Severities[i2] {
+			break
+		}
+	}
+
+	return i1 - i2
+}
+
+// Scan implements the database/sql.Scanner interface.
+func (s *Severity) Scan(value interface{}) error {
+	val, ok := value.([]byte)
+	if !ok {
+		return errors.New("could not scan a Severity from a non-string input")
+	}
+
+	var err error
+	*s, err = NewSeverity(string(val))
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// Value implements the database/sql/driver.Valuer interface.
+func (s Severity) Value() (driver.Value, error) {
+	return string(s), nil
+}

severity_test.go → database/severity_test.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package clair
+package database
 
 import (
 	"testing"
@@ -21,9 +21,9 @@ import (
 )
 
 func TestCompareSeverity(t *testing.T) {
-	assert.Equal(t, Medium.Compare(Medium), 0, "Severity comparison failed")
-	assert.True(t, Medium.Compare(High) < 0, "Severity comparison failed")
-	assert.True(t, Critical.Compare(Low) > 0, "Severity comparison failed")
+	assert.Equal(t, MediumSeverity.Compare(MediumSeverity), 0, "Severity comparison failed")
+	assert.True(t, MediumSeverity.Compare(HighSeverity) < 0, "Severity comparison failed")
+	assert.True(t, CriticalSeverity.Compare(LowSeverity) > 0, "Severity comparison failed")
 }
 
 func TestParseSeverity(t *testing.T) {

ext/vulnmdsrc/driver.go

@@ -19,7 +19,6 @@ package vulnmdsrc
 import (
 	"sync"
 
-	"github.com/coreos/clair"
 	"github.com/coreos/clair/database"
 )
 
@@ -29,7 +28,7 @@ var (
 )
 
 // AppendFunc is the type of a callback provided to an Appender.
-type AppendFunc func(metadataKey string, metadata interface{}, severity clair.Severity)
+type AppendFunc func(metadataKey string, metadata interface{}, severity database.Severity)
 
 // Appender represents anything that can fetch vulnerability metadata and
 // append it to a Vulnerability.