From abd984707fb7c307829c168dabc2a1078ec6a13d Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Thu, 22 Jan 2026 13:05:44 -0600 Subject: [PATCH] Refuse to update old databases Very old databases can causes 1000+ changes due getting very CVE updated. For very old database is is better to download the latest new archive. --- cmd/cvetool/update.go | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/cmd/cvetool/update.go b/cmd/cvetool/update.go index 4b50ac3..9be9d6b 100644 --- a/cmd/cvetool/update.go +++ b/cmd/cvetool/update.go @@ -9,6 +9,7 @@ import ( ds_sqlite "github.com/ComplianceAsCode/cvetool/datastore/sqlite" "github.com/quay/claircore/libvuln" + "github.com/quay/claircore/libvuln/driver" _ "github.com/quay/claircore/updater/defaults" "github.com/urfave/cli/v2" ) @@ -66,6 +67,32 @@ func update(c *cli.Context) error { UpdaterSets: []string{"rhel-vex", "clair.cvss"}, } + // Check last update time + updateOps, err := matcherStore.GetUpdateOperations(ctx, driver.VulnerabilityKind) + if err != nil { + return fmt.Errorf("error getting update operations: %v", err) + } + + // Find the most recent update time across all updaters + var lastUpdate time.Time + for _, ops := range updateOps { + if len(ops) > 0 { + // ops are sorted by date descending, so first element is most recent + if ops[0].Date.After(lastUpdate) { + lastUpdate = ops[0].Date + } + } + } + + if !lastUpdate.IsZero() { + fmt.Printf("Last update: %s (%s ago)\n", lastUpdate.Format(time.RFC1123), time.Since(lastUpdate).Round(time.Second)) + if time.Since(lastUpdate) > (24 * time.Hour * 30) { + return fmt.Errorf("Database more than 30 days old, refusing to update. Delete the database and run this commmand again.") + } + } else { + fmt.Println("No previous updates found in database") + } + lv, err := libvuln.New(ctx, matcherOpts) if err != nil { return fmt.Errorf("error creating Libvuln: %v", err)