github.com/quay/claircore@v1.5.28/etc/debug/bin/check-rhcc

github.com/quay/claircore@v1.5.28/etc/debug/bin/check-rhcc (about)

     1  #!/bin/sh
     2  # Takes a list of identifiers as arguments and prints Vulnerability objects from cvemap.xml.
     3  # The "p" flag allows for specifying a substring of a package name to return objects naming it from the Vulnerability.
     4  set -e
     5  
     6  needcmd() {
     7  	for cmd in "$@"; do
     8  		if ! command -v "$cmd" 1>/dev/null 2>&1; then
     9  			printf 'need command: %s\n' "$cmd" >&2
    10  			exit 99
    11  		fi
    12  	done
    13  }
    14  needcmd wget xmllint zstd
    15  
    16  pkgname=''
    17  dofetch=0
    18  while getopts fp: flag; do
    19  	case $flag in
    20  	f) dofetch=1;;
    21  	p) pkgname="$OPTARG";;
    22  	?)
    23  		printf "Usage: %s: [-f] [-p package_name] ID...\n" "$0" >&2
    24  		exit 2;;
    25  	esac
    26  done
    27  shift $((OPTIND - 1))
    28  if [ "$#" -eq 0 ]; then
    29  	printf "Usage: %s: [-f] [-p package_name] ID...\n" "$0" >&2
    30  	exit 2
    31  fi
    32  : "$@"
    33  
    34  infile=/tmp/cvemap.xml.zst
    35  
    36  if test "$dofetch" -eq 1 || ! test -f "$infile"; then 
    37  	echo \# fetching cvemap.xml >&2
    38  	wget -q -O - 'https://access.redhat.com/security/data/metrics/cvemap.xml' |
    39  		zstd > "$infile"
    40  	echo \# OK >&2
    41  fi
    42  
    43  
    44  q=''
    45  for id in "$@"; do
    46  	q="${q}${q:+ or }@name=\"${id}\""
    47  done
    48  q="//Vulnerability[${q}]"
    49  if test -n "$pkgname"; then
    50  	q="${q}//*[Package[contains(@name, \"${pkgname}\")] or PackageName[contains(text(), \"${pkgname}\")]]"
    51  fi
    52  
    53  zstdcat "$infile" |
    54  	xmllint --xpath "$q" -