Skip to content

Commit

Permalink
Tidy up tools/rumble to only run needed queries
Browse files Browse the repository at this point in the history
  • Loading branch information
jamonation authored Aug 11, 2023
1 parent b958a03 commit 2e6fb32
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 84 deletions.
10 changes: 5 additions & 5 deletions .github/workflows/rumble-vulnerability-data.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,13 +44,13 @@ jobs:
with:
go-version: '^1.20.0'

- name: set up bigqueryrc
- name: Fetch latest Grype vulnerability database
shell: bash
run: |
# gcloud config set auth/impersonate_service_account "${{ env.SERVICE_ACCOUNT }}"
# the following is just used to quiet the bigqueryrc init message, the query result is unused
# bq query --use_legacy_sql=false --format=csv --max_rows=1 'SELECT COUNT(*) FROM base-image-rumble.rumble.scheduled;' 2>&1 > /dev/null
curl -s $(curl -s https://toolbox-data.anchore.io/grype/databases/listing.json |jq -r '.available."5" | .[0] .url') -o-|tar xvz
curl -s \
$(curl -s https://toolbox-data.anchore.io/grype/databases/listing.json \
|jq -r '.available."5" | .[0] .url') -o- \
|tar xvz
- name: Generate Rumble JSON files
run: go run .
47 changes: 3 additions & 44 deletions tools/rumble/bigquery.go
Original file line number Diff line number Diff line change
Expand Up @@ -53,53 +53,11 @@ func NewBqClient() (bqClient, error) {
return b, nil
}

const csvQuery = `
SELECT
ROW_NUMBER() OVER (ORDER BY time),
image,
scanner,
scanner_version,
scanner_db_version,
FORMAT_DATETIME("%Y-%m-%d %H:%M:%S", DATE(time)) as time,
low_cve_count as low_cve_cnt,
med_cve_count as med_cve_cnt,
high_cve_count as high_cve_cnt,
crit_cve_count as crit_cve_cnt,
unknown_cve_count as unknown_cve_cnt,
low_cve_count + med_cve_count + high_cve_count + crit_cve_count + unknown_cve_count AS tot_cve_cnt,
digest FROM base-image-rumble.rumble.scheduled
WHERE DATE(time) BETWEEN DATE_SUB(CURRENT_DATE(), INTERVAL 30 DAY) AND CURRENT_DATE()
AND scanner = "grype"
LIMIT 10
`

const allVulnsQuery = `
SELECT DISTINCT vulnerability
FROM base-image-rumble.rumble.scheduled_vulns
`

const cveQuery = `
WITH ruuuumble AS (
SELECT s1.image,
s1.time as t,
s1.raw_grype_json,
s2.vulnerability,
s2.installed as version,
s2.type,
s2.severity
FROM base-image-rumble.rumble.scheduled_vulns
AS s2
INNER JOIN base-image-rumble.rumble.scheduled
AS s1
ON s1.id = s2.scan_id
WHERE s1.image = "golang:latest"
OR s1.image = "cgr.dev/chainguard/golang:latest"
)
SELECT image, t, vulnerability, version, type, severity FROM ruuuumble
WHERE DATE(t) BETWEEN DATE_SUB(CURRENT_DATE(), INTERVAL 1 DAY) AND CURRENT_DATE()
GROUP BY vulnerability, t, image, version, type, severity
`

const affectedImagesQuery = `
SELECT s1.image, s1.time as time,
FROM base-image-rumble.rumble.scheduled_vulns
Expand All @@ -115,9 +73,10 @@ ORDER BY s1.image, s1.time
func (b *bqClient) queryAffectedImages(qr string, vulns []vuln) ([]vuln, error) {
eg := new(errgroup.Group)
eg.SetLimit(50)
for i, v := range vulns {
for idx, v := range vulns {
vulnerability := v
i := idx
eg.Go(func() error {
vulnerability := v
fmt.Printf("querying %v\n", vulnerability.Id)
q := b.Client.Query(qr)
q.Parameters = []bigquery.QueryParameter{
Expand Down
4 changes: 2 additions & 2 deletions tools/rumble/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ require (
cloud.google.com/go/bigquery v1.52.0
cloud.google.com/go/storage v1.30.1
github.com/mattn/go-sqlite3 v1.14.17
golang.org/x/sync v0.2.0
google.golang.org/api v0.126.0
)

Expand Down Expand Up @@ -39,7 +40,6 @@ require (
golang.org/x/mod v0.10.0 // indirect
golang.org/x/net v0.10.0 // indirect
golang.org/x/oauth2 v0.8.0 // indirect
golang.org/x/sync v0.2.0 // indirect
golang.org/x/sys v0.8.0 // indirect
golang.org/x/text v0.9.0 // indirect
golang.org/x/tools v0.9.1 // indirect
Expand All @@ -50,4 +50,4 @@ require (
google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect
google.golang.org/grpc v1.55.0 // indirect
google.golang.org/protobuf v1.30.0 // indirect
)
)
34 changes: 1 addition & 33 deletions tools/rumble/storage.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,10 @@ import (
"encoding/csv"
"encoding/json"
"fmt"
"log"
"os"

"cloud.google.com/go/storage"
"golang.org/x/sync/errgroup"
"google.golang.org/api/iterator"
)

type gcsClient struct {
Expand Down Expand Up @@ -64,10 +62,6 @@ func (g *gcsClient) saveJSON(vulns []vuln) error {
return err
}

// err = os.WriteFile("/tmp/cves/"+v.Id+".json", js, os.ModePerm)
// if err != nil {
// return err
// }
fmt.Printf("Wrote %s\n", fName)
return nil
})
Expand All @@ -79,33 +73,7 @@ func (g *gcsClient) saveJSON(vulns []vuln) error {
return nil
}

func (c *gcsClient) query() {
bkt := c.Client.Bucket("chainguard-academy")
query := &storage.Query{Prefix: "cve-data"}

var names [][]string
it := bkt.Objects(c.Ctx, query)
for {
attrs, err := it.Next()
if err == iterator.Done {
break
}
if err != nil {
log.Fatal(err)
}
names = append(names, []string{attrs.Name})
}

w := csv.NewWriter(os.Stdout)

for _, v := range names {
if err := w.Write(v); err != nil {
log.Fatalln("error writing record to csv:", err)
}

}
}

// unused, but can print a csv to stdout if needed
func printRecords(records []interface{}, queryType string) error {
w := csv.NewWriter(os.Stdout)

Expand Down

0 comments on commit 2e6fb32

Please sign in to comment.