github.com/quay/claircore@v1.5.28/suse/matcher.go

github.com/quay/claircore@v1.5.28/suse/matcher.go (about)

     1  package suse
     2  
     3  import (
     4  	"context"
     5  
     6  	version "github.com/knqyf263/go-rpm-version"
     7  
     8  	"github.com/quay/claircore"
     9  	"github.com/quay/claircore/libvuln/driver"
    10  )
    11  
    12  var (
    13  	OSReleaseIDs   = []string{"sles", "opensuse", "opensuse-leap"}
    14  	OSReleaseNames = []string{"SLES", "openSUSE Leap"}
    15  )
    16  
    17  // Matcher implements driver.Matcher
    18  type Matcher struct{}
    19  
    20  var _ driver.Matcher = (*Matcher)(nil)
    21  
    22  // Name implements driver.Matcher
    23  func (*Matcher) Name() string {
    24  	return "suse"
    25  }
    26  
    27  // Filter implements driver.Matcher
    28  func (*Matcher) Filter(record *claircore.IndexRecord) bool {
    29  	if record.Distribution == nil {
    30  		return false
    31  	}
    32  
    33  	switch {
    34  	case contains(OSReleaseIDs, record.Distribution.DID):
    35  		return true
    36  	case contains(OSReleaseNames, record.Distribution.Name):
    37  		return true
    38  	default:
    39  		return false
    40  	}
    41  }
    42  
    43  // Query implements driver.Matcher
    44  func (*Matcher) Query() []driver.MatchConstraint {
    45  	return []driver.MatchConstraint{
    46  		driver.DistributionDID,
    47  		driver.DistributionName,
    48  		driver.DistributionVersion,
    49  	}
    50  }
    51  
    52  // Vulnerable implements driver.Matcher
    53  func (*Matcher) Vulnerable(ctx context.Context, record *claircore.IndexRecord, vuln *claircore.Vulnerability) (bool, error) {
    54  	pkgVer, vulnVer := version.NewVersion(record.Package.Version), version.NewVersion(vuln.Package.Version)
    55  	// Assume the vulnerability record we have is for the last known vulnerable
    56  	// version, so greater versions aren't vulnerable.
    57  	cmp := func(i int) bool { return i != version.GREATER }
    58  	// But if it's explicitly marked as a fixed-in version, it't only vulnerable
    59  	// if less than that version.
    60  	if vuln.FixedInVersion != "" {
    61  		vulnVer = version.NewVersion(vuln.FixedInVersion)
    62  		cmp = func(i int) bool { return i == version.LESS }
    63  	}
    64  	return cmp(pkgVer.Compare(vulnVer)) && vuln.ArchOperation.Cmp(record.Package.Arch, vuln.Package.Arch), nil
    65  }
    66  
    67  // contains is a helper function to see if a slice of strings contains a specific string
    68  func contains(opts []string, s string) bool {
    69  
    70  	// Iterate through list
    71  	for _, opt := range opts {
    72  
    73  		// If found
    74  		if opt == s {
    75  			return true
    76  		}
    77  	}
    78  	// Not found
    79  	return false
    80  }