Beispiel #1
0
// Update fetches all the vulnerabilities from the registered fetchers, upserts
// them into the database and then sends notifications.
func Update() {
	log.Info("updating vulnerabilities")

	// Fetch updates.
	status, responses := fetch()

	// Merge responses.
	vulnerabilities, packages, flags, notes, err := mergeAndVerify(responses)
	if err != nil {
		log.Errorf("an error occured when merging update responses: %s", err)
		return
	}
	responses = nil

	// TODO(Quentin-M): Complete informations using NVD

	// Insert packages.
	log.Tracef("beginning insertion of %d packages for update", len(packages))
	err = database.InsertPackages(packages)
	if err != nil {
		log.Errorf("an error occured when inserting packages for update: %s", err)
		return
	}
	packages = nil

	// Insert vulnerabilities.
	log.Tracef("beginning insertion of %d vulnerabilities for update", len(vulnerabilities))
	notifications, err := database.InsertVulnerabilities(vulnerabilities)
	if err != nil {
		log.Errorf("an error occured when inserting vulnerabilities for update: %s", err)
		return
	}
	vulnerabilities = nil

	// Insert notifications into the database.
	err = database.InsertNotifications(notifications, database.GetDefaultNotificationWrapper())
	if err != nil {
		log.Errorf("an error occured when inserting notifications for update: %s", err)
		return
	}
	notifications = nil

	// Update flags and notes.
	for flagName, flagValue := range flags {
		database.UpdateFlag(flagName, flagValue)
	}
	database.UpdateFlag(notesFlagName, notes)

	// Update last successful update if every fetchers worked properly.
	if status {
		database.UpdateFlag(flagName, strconv.FormatInt(time.Now().UTC().Unix(), 10))
	}
	log.Info("update finished")
}
Beispiel #2
0
// Update fetches all the vulnerabilities from the registered fetchers, upserts
// them into the database and then sends notifications.
func Update() {
	log.Info("updating vulnerabilities")

	// Fetch updates in parallel.
	var status = true
	var responseC = make(chan *FetcherResponse, 0)
	for n, f := range fetchers {
		go func(name string, fetcher Fetcher) {
			response, err := fetcher.FetchUpdate()
			if err != nil {
				log.Errorf("an error occured when fetching update '%s': %s.", name, err)
				status = false
				responseC <- nil
				return
			}

			responseC <- &response
		}(n, f)
	}

	// Collect results of updates.
	var responses []*FetcherResponse
	var notes []string
	for i := 0; i < len(fetchers); {
		select {
		case resp := <-responseC:
			if resp != nil {
				responses = append(responses, resp)
				notes = append(notes, resp.Notes...)
			}
			i++
		}
	}

	close(responseC)

	// TODO(Quentin-M): Merge responses together
	// TODO(Quentin-M): Complete informations using NVD

	// Store flags out of the response struct.
	flags := make(map[string]string)
	for _, response := range responses {
		if response.FlagName != "" && response.FlagValue != "" {
			flags[response.FlagName] = response.FlagValue
		}
	}

	// Update health notes.
	healthNotes = notes

	// Build list of packages.
	var packages []*database.Package
	for _, response := range responses {
		for _, v := range response.Vulnerabilities {
			packages = append(packages, v.FixedIn...)
		}
	}

	// Insert packages into the database.
	log.Tracef("beginning insertion of %d packages for update", len(packages))
	t := time.Now()
	err := database.InsertPackages(packages)
	log.Tracef("inserting %d packages took %v", len(packages), time.Since(t))
	if err != nil {
		log.Errorf("an error occured when inserting packages for update: %s", err)
		updateHealth(false)
		return
	}
	packages = nil

	// Build a list of vulnerabilties.
	var vulnerabilities []*database.Vulnerability
	for _, response := range responses {
		for _, v := range response.Vulnerabilities {
			var packageNodes []string
			for _, pkg := range v.FixedIn {
				packageNodes = append(packageNodes, pkg.Node)
			}
			vulnerabilities = append(vulnerabilities, &database.Vulnerability{ID: v.ID, Link: v.Link, Priority: v.Priority, Description: v.Description, FixedInNodes: packageNodes})
		}
	}
	responses = nil

	// Insert vulnerabilities into the database.
	log.Tracef("beginning insertion of %d vulnerabilities for update", len(vulnerabilities))
	t = time.Now()
	notifications, err := database.InsertVulnerabilities(vulnerabilities)
	log.Tracef("inserting %d vulnerabilities took %v", len(vulnerabilities), time.Since(t))
	if err != nil {
		log.Errorf("an error occured when inserting vulnerabilities for update: %s", err)
		updateHealth(false)
		return
	}
	vulnerabilities = nil

	// Insert notifications into the database.
	err = database.InsertNotifications(notifications, database.GetDefaultNotificationWrapper())
	if err != nil {
		log.Errorf("an error occured when inserting notifications for update: %s", err)
		updateHealth(false)
		return
	}
	notifications = nil

	// Update flags in the database.
	for flagName, flagValue := range flags {
		database.UpdateFlag(flagName, flagValue)
	}

	// Update health depending on the status of the fetchers.
	updateHealth(status)
	if status {
		now := time.Now().UTC()
		database.UpdateFlag(flagName, strconv.FormatInt(now.Unix(), 10))
		healthLatestSuccessfulUpdate = now
	}
	log.Info("update finished")
}
Beispiel #3
0
// Run updates the vulnerability database at regular intervals
func Run(interval time.Duration, st *utils.Stopper) {
	defer st.End()

	// Do not run the updater if the interval is 0
	if interval == 0 {
		log.Infof("updater service is disabled.")
		return
	}

	whoAmI := uuid.New()
	healthIdentifier = whoAmI
	log.Infof("updater service started. lock identifier: %s", whoAmI)

	for {
		// Set the next update time to (last update time + interval) or now if there
		// is no last update time stored in database (first update) or if an error
		// occurs
		nextUpdate := time.Now().UTC()
		if lastUpdateTSS, err := database.GetFlagValue(flagName); err == nil && lastUpdateTSS != "" {
			if lastUpdateTS, err := strconv.ParseInt(lastUpdateTSS, 10, 64); err == nil {
				healthLatestSuccessfulUpdate = time.Unix(lastUpdateTS, 0)
				nextUpdate = time.Unix(lastUpdateTS, 0).Add(interval)
			}
		}

		// If the next update timer is in the past, then try to update.
		if nextUpdate.Before(time.Now().UTC()) {
			// Attempt to get a lock on the the update.
			log.Debug("attempting to obtain update lock")
			hasLock, hasLockUntil := database.Lock(flagName, lockDuration, whoAmI)
			if hasLock {
				healthLockOwner = healthIdentifier

				// Launch update in a new go routine.
				doneC := make(chan bool, 1)
				go func() {
					Update()
					doneC <- true
				}()

				// Refresh the lock until the update is done.
				for done := false; !done; {
					select {
					case <-doneC:
						done = true
					case <-time.After(refreshLockDuration):
						database.Lock(flagName, lockDuration, whoAmI)
					}
				}

				// Write the last update time to the database and set the next update
				// time.
				now := time.Now().UTC()
				database.UpdateFlag(flagName, strconv.FormatInt(now.Unix(), 10))
				healthLatestSuccessfulUpdate = now
				nextUpdate = now.Add(interval)

				// Unlock the update.
				database.Unlock(flagName, whoAmI)
			} else {
				lockOwner, lockExpiration, err := database.LockInfo(flagName)
				if err != nil {
					log.Debug("update lock is already taken")
					nextUpdate = hasLockUntil
				} else {
					log.Debugf("update lock is already taken by %s until %v", lockOwner, lockExpiration)
					nextUpdate = lockExpiration
					healthLockOwner = lockOwner
				}
			}
		}

		// Sleep, but remain stoppable until approximately the next update time.
		now := time.Now().UTC()
		waitUntil := nextUpdate.Add(time.Duration(rand.ExpFloat64()/0.5) * time.Second)
		log.Debugf("next update attempt scheduled for %v.", waitUntil)
		if !waitUntil.Before(now) {
			if !st.Sleep(waitUntil.Sub(time.Now())) {
				break
			}
		}
	}

	log.Info("updater service stopped")
}