diff --git a/database/pgsql/rhelv2_layer.go b/database/pgsql/rhelv2_layer.go index 7bfda747d..a6b9e7d22 100644 --- a/database/pgsql/rhelv2_layer.go +++ b/database/pgsql/rhelv2_layer.go @@ -15,6 +15,7 @@ import ( "github.com/stackrox/rox/pkg/utils" "github.com/stackrox/scanner/database" "github.com/stackrox/scanner/database/metrics" + "github.com/stackrox/scanner/pkg/env" ) func (pgSQL *pgSQL) InsertRHELv2Layer(layer *database.RHELv2Layer) error { @@ -46,11 +47,18 @@ func (pgSQL *pgSQL) InsertRHELv2Layer(layer *database.RHELv2Layer) error { func (pgSQL *pgSQL) insertRHELv2Layer(tx *sql.Tx, layer *database.RHELv2Layer) error { defer metrics.ObserveQueryTime("insertRHELv2Layer", "layer", time.Now()) - _, err := tx.Exec(insertRHELv2Layer, layer.Hash, layer.ParentHash, layer.Dist, pq.Array(layer.CPEs), layer.Lineage, layer.ParentLineage) + var lineage string + var parentLineage string + if env.RHLineage.Enabled() { + lineage = layer.Lineage + parentLineage = layer.ParentLineage + } + + _, err := tx.Exec(insertRHELv2Layer, layer.Hash, layer.ParentHash, layer.Dist, pq.Array(layer.CPEs), lineage, parentLineage) return err } -func (pgSQL *pgSQL) insertRHELv2Packages(tx *sql.Tx, layer string, pkgs []*database.RHELv2Package, lineage string) error { +func (pgSQL *pgSQL) insertRHELv2Packages(tx *sql.Tx, layer string, pkgs []*database.RHELv2Package, layerLineage string) error { // Sort packages to avoid potential deadlock. // Sort by the unique index (name, version, module, arch). sort.SliceStable(pkgs, func(i, j int) bool { @@ -80,6 +88,11 @@ func (pgSQL *pgSQL) insertRHELv2Packages(tx *sql.Tx, layer string, pkgs []*datab } } + var lineage string + if env.RHLineage.Enabled() { + lineage = layerLineage + } + for _, pkg := range pkgs { if pkg.Name == "" { continue @@ -112,7 +125,12 @@ func (pgSQL *pgSQL) GetRHELv2Layers(layerHash, layerLineage string) ([]*database return nil, handleError("GetRHELv2Layers.Begin()", err) } - rows, err := tx.Query(searchRHELv2Layers, layerHash, layerLineage) + var lineage string + if env.RHLineage.Enabled() { + lineage = layerLineage + } + + rows, err := tx.Query(searchRHELv2Layers, layerHash, lineage) if err != nil { return nil, err } @@ -177,7 +195,12 @@ func (pgSQL *pgSQL) populatePackages(tx *sql.Tx, layers []*database.RHELv2Layer) func (pgSQL *pgSQL) getPackagesByLayer(tx *sql.Tx, layer *database.RHELv2Layer) error { defer metrics.ObserveQueryTime("getRHELv2Layers", "packagesByLayer", time.Now()) - rows, err := tx.Query(searchRHELv2Package, layer.Hash, layer.Lineage) + var lineage string + if env.RHLineage.Enabled() { + lineage = layer.Lineage + } + + rows, err := tx.Query(searchRHELv2Package, layer.Hash, lineage) if err != nil { return err } diff --git a/pkg/env/list.go b/pkg/env/list.go index 36806af06..1d3557c91 100644 --- a/pkg/env/list.go +++ b/pkg/env/list.go @@ -44,4 +44,11 @@ var ( // LegacyNVDLoader when true will cause the loader to pull NVD data using // the NVD Legacy Data Feeds, if false will pull from the NVD 2.0 API. LegacyNVDLoader = RegisterBooleanSetting("ROX_LEGACY_NVD_LOADER", false) + + // RHLineage when true will cause all parent layers to be considered when storing results for RHEL + // image layers addressing a bug leading to inaccurate scan results. + // + // Setting this to false will cause known image scan inaccuracies and should only be done as a + // temporary measure to address unforeseen stability issues (as an example). + RHLineage = RegisterBooleanSetting("ROX_RHEL_LINEAGE", false) )