github.com/quay/claircore@v1.5.28/photon/parser.go (about) 1 package photon 2 3 import ( 4 "context" 5 "encoding/xml" 6 "fmt" 7 "io" 8 9 "github.com/quay/goval-parser/oval" 10 "github.com/quay/zlog" 11 12 "github.com/quay/claircore" 13 "github.com/quay/claircore/internal/xmlutil" 14 "github.com/quay/claircore/libvuln/driver" 15 "github.com/quay/claircore/pkg/ovalutil" 16 ) 17 18 var _ driver.Parser = (*Updater)(nil) 19 20 func (u *Updater) Parse(ctx context.Context, r io.ReadCloser) ([]*claircore.Vulnerability, error) { 21 ctx = zlog.ContextWithValues(ctx, "component", "photon/Updater.Parse") 22 zlog.Info(ctx).Msg("starting parse") 23 defer r.Close() 24 root := oval.Root{} 25 dec := xml.NewDecoder(r) 26 dec.CharsetReader = xmlutil.CharsetReader 27 if err := dec.Decode(&root); err != nil { 28 return nil, fmt.Errorf("photon: unable to decode OVAL document: %w", err) 29 } 30 zlog.Debug(ctx).Msg("xml decoded") 31 32 protoVulns := func(def oval.Definition) ([]*claircore.Vulnerability, error) { 33 return []*claircore.Vulnerability{ 34 &claircore.Vulnerability{ 35 Updater: u.Name(), 36 Name: def.Title, 37 Description: def.Description, 38 Issued: def.Advisory.Issued.Date, 39 Links: ovalutil.Links(def), 40 Severity: def.Advisory.Severity, 41 NormalizedSeverity: NormalizeSeverity(def.Advisory.Severity), 42 // each updater is configured to parse a photon release 43 // specific xml database. we'll use the updater's release 44 // to map the parsed vulnerabilities 45 Dist: releaseToDist(u.release), 46 }, 47 }, nil 48 } 49 vulns, err := ovalutil.RPMDefsToVulns(ctx, &root, protoVulns) 50 if err != nil { 51 return nil, err 52 } 53 return vulns, nil 54 }