0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2025-01-20 22:52:51 -05:00
zot/pkg/extensions/search/cve/update.go
Andrei Aaron 7c78f80a96
feat(cve): implement CVE scanning as background tasks (#1833)
1. Move existing CVE DB download generator/task login under the cve package
2. Add a new CVE scanner task generator and task type to run in the background, as well as tests for it
3. Move the CVE cache in its own package
4. Add a CVE scanner methods to check if an entry is present in the cache, and to retreive the results
5. Modify the FilterTags MetaDB method to not exit on first error
This is needed in order to pass all tags to the generator,
instead of the generator stopping at the first set of invalid data
6. Integrate the new scanning task generator with the existing zot code.
7. Fix an issue where the CVE scan results for multiarch images was not cached
8. Rewrite some of the older CVE tests to use the new image-utils test package
9. Use the CVE scanner as attribute of the controller instead of CveInfo.
Remove functionality of CVE DB update from CveInfo, it is now responsible,
as the name states, only for providing CVE information.
10. The logic to get maximum severity and cve count for image sumaries now uses only the scanner cache.
11. Removed the GetCVESummaryForImage method from CveInfo as it was only used in tests

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-09-22 11:49:17 -07:00

120 lines
2.2 KiB
Go

package cveinfo
import (
"context"
"sync"
"time"
"zotregistry.io/zot/pkg/log"
"zotregistry.io/zot/pkg/scheduler"
)
type state int
const (
pending state = iota
running
done
)
func NewDBUpdateTaskGenerator(
interval time.Duration,
scanner Scanner,
log log.Logger,
) scheduler.TaskGenerator {
generator := &DBUpdateTaskGenerator{
interval,
scanner,
log,
pending,
0,
time.Now(),
&sync.Mutex{},
}
return generator
}
type DBUpdateTaskGenerator struct {
interval time.Duration
scanner Scanner
log log.Logger
status state
waitTime time.Duration
lastTaskTime time.Time
lock *sync.Mutex
}
func (gen *DBUpdateTaskGenerator) Next() (scheduler.Task, error) {
var newTask scheduler.Task
gen.lock.Lock()
if gen.status == pending && time.Since(gen.lastTaskTime) >= gen.waitTime {
newTask = newDBUpdadeTask(gen.interval, gen.scanner, gen, gen.log)
gen.status = running
}
gen.lock.Unlock()
return newTask, nil
}
func (gen *DBUpdateTaskGenerator) IsDone() bool {
gen.lock.Lock()
status := gen.status
gen.lock.Unlock()
return status == done
}
func (gen *DBUpdateTaskGenerator) IsReady() bool {
return true
}
func (gen *DBUpdateTaskGenerator) Reset() {
gen.lock.Lock()
gen.status = pending
gen.waitTime = 0
gen.lock.Unlock()
}
type dbUpdateTask struct {
interval time.Duration
scanner Scanner
generator *DBUpdateTaskGenerator
log log.Logger
}
func newDBUpdadeTask(interval time.Duration, scanner Scanner,
generator *DBUpdateTaskGenerator, log log.Logger,
) *dbUpdateTask {
return &dbUpdateTask{interval, scanner, generator, log}
}
func (dbt *dbUpdateTask) DoWork(ctx context.Context) error {
dbt.log.Info().Msg("updating the CVE database")
err := dbt.scanner.UpdateDB()
if err != nil {
dbt.generator.lock.Lock()
dbt.generator.status = pending
if dbt.generator.waitTime == 0 {
dbt.generator.waitTime = time.Second
}
dbt.generator.waitTime *= 2
dbt.generator.lastTaskTime = time.Now()
dbt.generator.lock.Unlock()
return err
}
dbt.generator.lock.Lock()
dbt.generator.lastTaskTime = time.Now()
dbt.generator.status = done
dbt.generator.lock.Unlock()
dbt.log.Info().Str("DB update completed, next update scheduled after", dbt.interval.String()).Msg("")
return nil
}