github.com/quay/claircore@v1.5.28/rhel/rhcc/matcher.go (about) 1 package rhcc 2 3 import ( 4 "context" 5 6 rpmVersion "github.com/knqyf263/go-rpm-version" 7 "github.com/quay/zlog" 8 9 "github.com/quay/claircore" 10 "github.com/quay/claircore/libvuln/driver" 11 ) 12 13 // Matcher is an instance of the rhcc matcher. It's exported so it can be used 14 // in the "defaults" package. 15 // 16 // This instance is safe for concurrent use. 17 var Matcher driver.Matcher = &matcher{} 18 19 type matcher struct{} 20 21 var _ driver.Matcher = (*matcher)(nil) 22 23 // Name implements [driver.Matcher]. 24 func (*matcher) Name() string { return "rhel-container-matcher" } 25 26 // Filter implements [driver.Matcher]. 27 func (*matcher) Filter(r *claircore.IndexRecord) bool { 28 return r.Repository != nil && 29 r.Repository.Name == goldRepo.Name 30 } 31 32 // Query implements [driver.Matcher]. 33 func (*matcher) Query() []driver.MatchConstraint { 34 return []driver.MatchConstraint{driver.RepositoryName} 35 } 36 37 // Vulnerable implements [driver.Matcher]. 38 func (*matcher) Vulnerable(ctx context.Context, record *claircore.IndexRecord, vuln *claircore.Vulnerability) (bool, error) { 39 pkgVer, fixedInVer := rpmVersion.NewVersion(record.Package.Version), rpmVersion.NewVersion(vuln.FixedInVersion) 40 zlog.Debug(ctx). 41 Str("record", record.Package.Version). 42 Str("vulnerability", vuln.FixedInVersion). 43 Msg("comparing versions") 44 return pkgVer.LessThan(fixedInVer), nil 45 } 46 47 // Implement version filtering to have the database only return results for the 48 // same minor version. Marking the results as not authoritative means the 49 // Vulnerable method is still called. 50 51 func (*matcher) VersionFilter() {} 52 53 func (*matcher) VersionAuthoritative() bool { return false }