Refuse to update old databases

Very old databases can causes 1000+ changes due getting very CVE updated.
For very old database is is better to download the latest new archive.

Author: Mab879

cmd/cvetool/update.go

@@ -9,6 +9,7 @@ import (
 
 	ds_sqlite "github.com/ComplianceAsCode/cvetool/datastore/sqlite"
 	"github.com/quay/claircore/libvuln"
+	"github.com/quay/claircore/libvuln/driver"
 	_ "github.com/quay/claircore/updater/defaults"
 	"github.com/urfave/cli/v2"
 )
@@ -66,6 +67,32 @@ func update(c *cli.Context) error {
 		UpdaterSets: []string{"rhel-vex", "clair.cvss"},
 	}
 
+	// Check last update time
+	updateOps, err := matcherStore.GetUpdateOperations(ctx, driver.VulnerabilityKind)
+	if err != nil {
+		return fmt.Errorf("error getting update operations: %v", err)
+	}
+
+	// Find the most recent update time across all updaters
+	var lastUpdate time.Time
+	for _, ops := range updateOps {
+		if len(ops) > 0 {
+			// ops are sorted by date descending, so first element is most recent
+			if ops[0].Date.After(lastUpdate) {
+				lastUpdate = ops[0].Date
+			}
+		}
+	}
+
+	if !lastUpdate.IsZero() {
+		fmt.Printf("Last update: %s (%s ago)\n", lastUpdate.Format(time.RFC1123), time.Since(lastUpdate).Round(time.Second))
+		if time.Since(lastUpdate) > (24 * time.Hour * 30) {
+			return fmt.Errorf("Database more than 30 days old, refusing to update. Delete the database and run this commmand again.")
+		}
+	} else {
+		fmt.Println("No previous updates found in database")
+	}
+
 	lv, err := libvuln.New(ctx, matcherOpts)
 	if err != nil {
 		return fmt.Errorf("error creating Libvuln: %v", err)