Reintroduce image scanning for openSUSE and SLE #506
Conversation
|
Thank you so much for reworking all of these changes! I'm really sorry for the slow response. We don't really have an e2e test framework, and the API changed this release. You can do manual testing by simply using cURL against the API server. It handles both gRPC and JSON over REST. I'd also like to see some changes to the documentation to include the licensing information for the data in the openSUSE database. |
ext/vulnsrc/suse/suse.go
Outdated
|
|
||
| log "github.com/sirupsen/logrus" | ||
|
|
||
| "fmt" |
There was a problem hiding this comment.
this should be grouped in the first section of imports
ext/vulnsrc/suse/suse.go
Outdated
| up.UpdaterFlag = "openSUSEUpdater" | ||
| up.FileRegexp = regexp.MustCompile(`opensuse.leap.(\d+\.*\d*).xml`) | ||
| default: | ||
| panic("Unrecognized flavor") |
There was a problem hiding this comment.
panic("tried to create an updater for an unrecognized flavor of suse")
ext/vulnsrc/suse/suse.go
Outdated
| if err != nil { | ||
| return resp, err | ||
| } | ||
| log.WithField("flagvalue", flagValue) |
There was a problem hiding this comment.
This probably needs to be something like Debug level if it stays at all.
ext/vulnsrc/suse/suse.go
Outdated
|
|
||
| // this contains the modification time of the most recent | ||
| // file expressed as unix time (int64) | ||
| latestOval, _ := strconv.ParseInt(flagValue, 10, 64) |
ext/vulnsrc/suse/suse.go
Outdated
| log.Fields{ | ||
| "ovalFile": ovalFile, | ||
| "updater": u.Name, | ||
| }).Debug("file to check") |
There was a problem hiding this comment.
log.WithFields(log.Fields{
"ovalFile": ovalFile,
"updater": u.Name,
}).Debug("file to check")
ext/vulnsrc/suse/suse.go
Outdated
| } | ||
|
|
||
| // timestamp format 2017-10-23T04:07:14 | ||
| layout := "2006-1-2T15:04:05" |
There was a problem hiding this comment.
pull this out into a constant timeFormatOVAL
ext/vulnsrc/suse/suse.go
Outdated
| Vulnerability: database.Vulnerability{ | ||
| Name: name(definition), | ||
| Link: link(definition), | ||
| //TODO: handle that once openSUSE/SLE OVAL files have severity info |
There was a problem hiding this comment.
pull this out into a function severity(definition) that doesn't do anything but return UnknownSeverity, and has this comment.
ext/vulnsrc/suse/suse.go
Outdated
| // Attempt to parse package data from trees of criterions. | ||
| for _, c := range criterions { | ||
| if match := suseInstalledCommentRegexp.FindStringSubmatch(c.Comment); match != nil { | ||
| if len(match) != 4 { |
There was a problem hiding this comment.
it's easier to read this conditional if you keep it if (positive case) else negative case.
if len(match) == 4 {
osVerison = ...
} else {
log.WithField().Warning()
}
ext/vulnsrc/suse/suse.go
Outdated
| re := regexp.MustCompile(`-\d+\.`) | ||
|
|
||
| matches := re.FindStringSubmatchIndex(fullname) | ||
|
|
There was a problem hiding this comment.
get rid of this new line
ext/vulnsrc/suse/suse_test.go
Outdated
| "libfreerdp2-2.0.0~git.1463131968.4e66df7-11.69 is installed": []string{"libfreerdp2", "2.0.0~git.1463131968.4e66df7-11.69"}, | ||
| "ruby2.1-rubygem-sle2docker-0.2.3-5.1 is installed": []string{"ruby2.1-rubygem-sle2docker", "0.2.3-5.1"}, | ||
| "xen-libs-4.4.1_06-2.2 is installed": []string{"xen-libs", "4.4.1_06-2.2"}, | ||
| "runc-0.1.1+gitr2816_02f8fa7 is installed": []string{"runc", "0.1.1+gitr2816_02f8fa7"}, |
There was a problem hiding this comment.
add some tests for the failure scenario
|
@jzelinskie sorry for the late response... I've implemented all the changes you requested. Once you are fine with the changes I'll rebase this branch against master and squash all the commits into a single one. ❤️ |
jzelinskie
added
lacking/review
ext/vulnsrc/suse/suse.go
Outdated
| // Fetch the update list. | ||
| r, err := http.Get(ovalURI) | ||
| if err != nil { | ||
| log.Fatal(err) |
There was a problem hiding this comment.
This shouldn't be fatal.
ext/vulnsrc/suse/suse.go
Outdated
| // Collect vulnerabilities. | ||
| for _, v := range vs { | ||
| resp.Vulnerabilities = append(resp.Vulnerabilities, v) | ||
| } |
There was a problem hiding this comment.
This for-loop can be done in one line:
resp.Vulnerabilities = append(resp.Vulnerabilities, vs...)
ext/vulnsrc/suse/suse.go
Outdated
| } | ||
| for _, p := range pkgs { | ||
| vulnerability.Affected = append(vulnerability.Affected, p) | ||
| } |
There was a problem hiding this comment.
This for-loop can be done in one line:
vulnerability.Affected = append(vulnerability.Affected, pkgs...)
ext/vulnsrc/suse/suse.go
Outdated
| } | ||
|
|
||
| if suseOpenSUSEInstalledCommentRegexp.FindStringSubmatch(c.Comment) == nil && strings.HasSuffix(c.Comment, " is installed") { | ||
| name, version, err := splitPackageNameAndVersion(c.Comment[:len(c.Comment)-13]) |
There was a problem hiding this comment.
In order to make it obvious where 13 is coming from: len(c.Comment)-len(" is installed")
|
@jzelinskie I've update the code with the changes you proposed. Take a look at the changes I made and gimme the final green light for the rebase. |
|
I don't want this to hang any longer. Rebase away! |
flavio
force-pushed
the
reintroduce-suse-opensuse
branch
from
bcf33b3
to
fd554e6
Compare
@jzelinskie done! |
flavio
force-pushed
the
reintroduce-suse-opensuse
branch
from
fd554e6
to
47c6299
Compare
|
I did another forced push to address the style check errors reported by |
|
Hi Guys, any forecast when this feature will be available? |
|
Sorry for the silence around the holidays. This code all looks fine. I think all this PR needs is to add OpenSUSE to the documentation in a few places. Most importantly here: https://github.com/coreos/clair/blob/master/Documentation/drivers-and-data-sources.md#data-sources-for-the-built-in-drivers |
Handle scanning of openSUSE and SUSE Linux Enterprise images. Signed-off-by: Flavio Castelli <fcastelli@suse.com>
Expand the documentation about the available data sources to mention openSUSE and SLE. Signed-off-by: Flavio Castelli <fcastelli@suse.com>
flavio
force-pushed
the
reintroduce-suse-opensuse
branch
from
47c6299
to
1105102
Compare
|
@jzelinskie I did a rebase against master and then added a new commit which extends the documentation. Thanks for pointing that out. AFAIK this is the only place of the documentation that needs to be extended. |
As promised inside of #503... handle scanning of openSUSE and SUSE Linux Enterprise images.
The unit tests are passing but I wasn't able to test the code against real images because neither clair-scanner nor reg work against
master's new API. Suggestions about how to test the changes are welcome 😃