github.com/quay/claircore@v1.5.28/alpine/matcher.go (about) 1 package alpine 2 3 import ( 4 "context" 5 6 version "github.com/knqyf263/go-apk-version" 7 "github.com/quay/claircore" 8 "github.com/quay/claircore/libvuln/driver" 9 ) 10 11 // Matcher implements driver.Matcher for Alpine containers. 12 type Matcher struct{} 13 14 var _ driver.Matcher = (*Matcher)(nil) 15 16 // Name implements driver.Matcher. 17 func (*Matcher) Name() string { 18 return "alpine-matcher" 19 } 20 21 // Filter implements driver.Matcher. 22 func (*Matcher) Filter(record *claircore.IndexRecord) bool { 23 if record.Distribution == nil { 24 return false 25 } 26 27 switch { 28 case record.Distribution.DID == distID: 29 return true 30 case record.Distribution.Name == distName: 31 return true 32 default: 33 return false 34 } 35 } 36 37 // Query implements driver.Matcher. 38 func (*Matcher) Query() []driver.MatchConstraint { 39 return []driver.MatchConstraint{ 40 driver.DistributionDID, 41 driver.DistributionName, 42 driver.DistributionPrettyName, 43 } 44 } 45 46 // Vulnerable implements driver.Matcher. 47 func (*Matcher) Vulnerable(ctx context.Context, record *claircore.IndexRecord, vuln *claircore.Vulnerability) (bool, error) { 48 if vuln.FixedInVersion == "" { 49 return true, nil 50 } 51 52 if vuln.FixedInVersion == "0" { 53 return false, nil 54 } 55 56 v1, err := version.NewVersion(record.Package.Version) 57 if err != nil { 58 return false, nil 59 } 60 61 v2, err := version.NewVersion(vuln.FixedInVersion) 62 if err != nil { 63 return false, nil 64 } 65 66 if v1.LessThan(v2) { 67 return true, nil 68 } 69 70 return false, nil 71 }