Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

matcher: Introduce Remote Matcher interface #202

Merged
merged 5 commits into from
Jul 16, 2020
Merged

matcher: Introduce Remote Matcher interface #202

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
8988f43
matcher: Add preliminary support for Remote Matcher
arajkumar Jul 14, 2020
6be431e
Merge branch 'master' into remote-matcher-v1
arajkumar Jul 16, 2020
eeb850f
Update internal/matcher/controller.go
arajkumar Jul 16, 2020
acb6bb4
remotematcher: Add a realistic deadline for QueryRemoteMatcher call
arajkumar Jul 16, 2020
4efbe40
remotematcher: Change deadline to 60s according to review comments
arajkumar Jul 16, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
23 changes: 23 additions & 0 deletions internal/matcher/controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package matcher

import (
"context"
"time"

"github.com/rs/zerolog"

Expand Down Expand Up @@ -45,6 +46,15 @@ func (mc *Controller) Match(ctx context.Context, records []*claircore.IndexRecor
return map[string][]*claircore.Vulnerability{}, nil
}

remoteMatcher, matchedVulns, err := mc.queryRemoteMatcher(ctx, interested)
arajkumar marked this conversation as resolved.
Show resolved Hide resolved
if remoteMatcher {
if err != nil {
log.Error().Err(err).Msg("remote matcher error, returning empty results")
return map[string][]*claircore.Vulnerability{}, nil
}
return matchedVulns, nil
}

dbSide, authoritative := mc.dbFilter()
log.Debug().
Bool("opt-in", dbSide).
Expand All @@ -71,6 +81,19 @@ func (mc *Controller) Match(ctx context.Context, records []*claircore.IndexRecor
return filteredVulns, nil
}

// If RemoteMatcher exists, it will call the matcher service which runs on a remote
// machine and fetches the vulnerabilities associated with the IndexRecords.
func (mc *Controller) queryRemoteMatcher(ctx context.Context, interested []*claircore.IndexRecord) (bool, map[string][]*claircore.Vulnerability, error) {
f, ok := mc.m.(driver.RemoteMatcher)
if !ok {
return false, nil, nil
}
tctx, cancel := context.WithTimeout(ctx, 60*time.Second)
defer cancel()
vulns, err := f.QueryRemoteMatcher(tctx, interested)
return true, vulns, err
}

// DbFilter reports whether the db-side version filtering can be used, and
// whether it's authoritative.
func (mc *Controller) dbFilter() (bool, bool) {
Expand Down
17 changes: 17 additions & 0 deletions libvuln/driver/remotematcher.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
package driver

import (
"context"

"github.com/quay/claircore"
)

// RemoteMatcher is an additional interface that a Matcher can implement.

// When called the interface can invoke the remote matcher using the RESTful API
// to fetch new vulnerabilities associated with the given IndexRecords.

// The information retrieved from this interface won't be persisted into ClairCore database.
type RemoteMatcher interface {
QueryRemoteMatcher(ctx context.Context, records []*claircore.IndexRecord) (map[string][]*claircore.Vulnerability, error)
}