github.com/quay/claircore@v1.5.28/alpine/parser.go (about) 1 package alpine 2 3 import ( 4 "context" 5 "encoding/json" 6 "fmt" 7 "io" 8 9 "github.com/quay/zlog" 10 11 "github.com/quay/claircore" 12 "github.com/quay/claircore/libvuln/driver" 13 ) 14 15 const ( 16 cveURLPrefix = "https://www.cve.org/CVERecord?id=%s" 17 ) 18 19 var _ driver.Parser = (*updater)(nil) 20 21 func (u *updater) Parse(ctx context.Context, r io.ReadCloser) ([]*claircore.Vulnerability, error) { 22 ctx = zlog.ContextWithValues(ctx, "component", "alpine/Updater.Parse") 23 zlog.Info(ctx).Msg("starting parse") 24 defer r.Close() 25 26 var db SecurityDB 27 if err := json.NewDecoder(r).Decode(&db); err != nil { 28 return nil, err 29 } 30 return u.parse(ctx, &db) 31 } 32 33 // parse parses the alpine SecurityDB 34 func (u *updater) parse(ctx context.Context, sdb *SecurityDB) ([]*claircore.Vulnerability, error) { 35 out := []*claircore.Vulnerability{} 36 for _, pkg := range sdb.Packages { 37 if err := ctx.Err(); err != nil { 38 return nil, ctx.Err() 39 } 40 partial := claircore.Vulnerability{ 41 Updater: u.Name(), 42 NormalizedSeverity: claircore.Unknown, 43 Package: &claircore.Package{ 44 Name: pkg.Pkg.Name, 45 Kind: claircore.SOURCE, 46 }, 47 Dist: u.release.Distribution(), 48 } 49 out = append(out, unpackSecFixes(partial, pkg.Pkg.Secfixes)...) 50 } 51 return out, nil 52 } 53 54 // unpackSecFixes takes a map of secFixes and creates a claircore.Vulnerability for each all CVEs present. 55 func unpackSecFixes(partial claircore.Vulnerability, secFixes map[string][]string) []*claircore.Vulnerability { 56 out := []*claircore.Vulnerability{} 57 for fixedIn, IDs := range secFixes { 58 for _, id := range IDs { 59 v := partial 60 v.Name = id 61 v.FixedInVersion = fixedIn 62 v.Links = fmt.Sprintf(cveURLPrefix, id) 63 out = append(out, &v) 64 } 65 } 66 return out 67 }