github.com/quay/claircore@v1.5.28/photon/matcher.go

github.com/quay/claircore@v1.5.28/photon/matcher.go (about)

     1  package photon
     2  
     3  import (
     4  	"context"
     5  
     6  	version "github.com/knqyf263/go-rpm-version"
     7  
     8  	"github.com/quay/claircore"
     9  	"github.com/quay/claircore/libvuln/driver"
    10  )
    11  
    12  // Matcher implements driver.Matcher.
    13  type Matcher struct{}
    14  
    15  var _ driver.Matcher = (*Matcher)(nil)
    16  
    17  // Name implements driver.Matcher.
    18  func (*Matcher) Name() string {
    19  	return "photon"
    20  }
    21  
    22  // Filter implements driver.Matcher.
    23  func (*Matcher) Filter(record *claircore.IndexRecord) bool {
    24  	return record.Distribution != nil &&
    25  		record.Distribution.DID == "photon"
    26  }
    27  
    28  // Query implements driver.Matcher.
    29  func (*Matcher) Query() []driver.MatchConstraint {
    30  	return []driver.MatchConstraint{
    31  		driver.DistributionDID,
    32  		driver.DistributionName,
    33  		driver.DistributionVersion,
    34  	}
    35  }
    36  
    37  // Vulnerable implements driver.Matcher.
    38  func (*Matcher) Vulnerable(ctx context.Context, record *claircore.IndexRecord, vuln *claircore.Vulnerability) (bool, error) {
    39  	pkgVer, vulnVer := version.NewVersion(record.Package.Version), version.NewVersion(vuln.Package.Version)
    40  	// Assume the vulnerability record we have is for the last known vulnerable
    41  	// version, so greater versions aren't vulnerable.
    42  	cmp := func(i int) bool { return i != version.GREATER }
    43  	// But if it's explicitly marked as a fixed-in version, it't only vulnerable
    44  	// if less than that version.
    45  	if vuln.FixedInVersion != "" {
    46  		vulnVer = version.NewVersion(vuln.FixedInVersion)
    47  		cmp = func(i int) bool { return i == version.LESS }
    48  	}
    49  	return cmp(pkgVer.Compare(vulnVer)), nil
    50  }