Giter VIP home page Giter VIP logo

patches-server's Introduction

Patches Server

The Patches-Server is responsible for handling Patches-Scanner sessions and serving those scanners with active sessions a complete list of vulnerabilities from one or more sources.

This document describes the function of the Patches-Server with reference to its architecture diagram

Architecture Diagram

Component Definitions

Vuln Source

Any database or API that Patches-Server can read from to retrieve a list of vulnerabilities affecting a particular platform, such as Ubuntu 18.04.

Vulnerability

A description of an exploitable malfunction present in a software package.

Cache Window

A data structure that contains a strict subset of a larger total set of data. A cache window "slides" forward through the set of data it provides read access to as readers retrieve the data contained by the cache.

Patches Server

A web server that handles active and queued sessions for scanners. Scanners that are members of the "active sessions" collection are granted read access to the contents of the cache window maintained by the server.

Active Sessions

A subset of sessions connected to scanners reading from the cache window.

Queued Sessions

A subset of sessions connected to scanners waiting to be granted read access. Note that the union of active and queued sessions is equal to the set of all sessions.

Patches Scanner

Also called scanners. The client/agent component of Patches. Scanners read information about vulnerabilities served by Patches-Server and scan their host for the vulnerable packages they are informed about.

Memory Efficiency Problem

A source such as CoreOS' Clair may contain gigabytes of information about vulnerabilities affecting different platforms. In light of this, Patches-Server must be able to reliably serve scanners information from such sources without exhausting its host's memory resources each time a session becomes active.

Stated more concretely, Patches-Server must satisfy the following constraints:

  1. All scanners granted active sessions must be served all vulnerabilities present in vulnerability sources supported by Patches-Server.
  2. All scanners that attempt to open a session with Patches-Server must eventually be granted an active session or be denied explicitly.
  3. No more than a pre-defined amount of memory may be consumed by the server at any given point in time.

To accomplish this, Patches-Server employs two tactics:

  1. Maintain a cache window that serves as a read-only view into the complete collection of vulnerabilities. Active sessions will be blocked on reads to the window to guarantee that all active sessions' scanners retreive all vulns.
  2. Maintain "active sessions" and "queued sessions" collections, granting read access to a cache window to active sessions' scanners before moving queued sessions into active sessions once all active sessions complete or timeout.

This approach requires that Patches-Scanners frequently poll the Patches-Scanner to both retrieve vulnerabilities and prevent their session from timing out and being expelled from either collection of sessions. While a scanner's session is "queued," it will be informed that no vulnerabilities are prepared for it until that session is made "active" and a new window is created.

patches-server's People

Contributors

arcrose avatar gene1wood avatar mozilla-github-standards avatar

Stargazers

avatar avatar

Watchers

avatar avatar avatar

Forkers

mozilla-github-standards

patches-server's Issues

Wiki changes

FYI: The following changes were made to this repository's wiki:

These were made as the result of a recent automated defacement of publically writeable wikis.

CODE_OF_CONDUCT.md file missing

As of January 1 2019, Mozilla requires that all GitHub projects include this CODE_OF_CONDUCT.md file in the project root. The file has two parts:

  1. Required Text - All text under the headings Community Participation Guidelines and How to Report, are required, and should not be altered.
  2. Optional Text - The Project Specific Etiquette heading provides a space to speak more specifically about ways people can work effectively and inclusively together. Some examples of those can be found on the Firefox Debugger project, and Common Voice. (The optional part is commented out in the raw template file, and will not be visible until you modify and uncomment that part.)

If you have any questions about this file, or Code of Conduct policies and procedures, please see Mozilla-GitHub-Standards or email [email protected].

(Message COC001)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.