github.com/quay/claircore@v1.5.28/suse/parser.go (about) 1 package suse 2 3 import ( 4 "context" 5 "encoding/xml" 6 "fmt" 7 "io" 8 9 "github.com/quay/goval-parser/oval" 10 "github.com/quay/zlog" 11 12 "github.com/quay/claircore" 13 "github.com/quay/claircore/internal/xmlutil" 14 "github.com/quay/claircore/libvuln/driver" 15 "github.com/quay/claircore/pkg/ovalutil" 16 ) 17 18 var _ driver.Parser = (*Updater)(nil) 19 20 func (u *Updater) Parse(ctx context.Context, r io.ReadCloser) ([]*claircore.Vulnerability, error) { 21 ctx = zlog.ContextWithValues(ctx, 22 "component", "suse/Updater.Parse") 23 zlog.Info(ctx).Msg("starting parse") 24 defer r.Close() 25 root := oval.Root{} 26 dec := xml.NewDecoder(r) 27 dec.CharsetReader = xmlutil.CharsetReader 28 if err := dec.Decode(&root); err != nil { 29 return nil, fmt.Errorf("suse: unable to decode OVAL document: %w", err) 30 } 31 zlog.Debug(ctx).Msg("xml decoded") 32 protoVulns := func(def oval.Definition) ([]*claircore.Vulnerability, error) { 33 return []*claircore.Vulnerability{ 34 &claircore.Vulnerability{ 35 Updater: u.Name(), 36 Name: def.Title, 37 Description: def.Description, 38 Links: ovalutil.Links(def), 39 Severity: def.Advisory.Severity, 40 NormalizedSeverity: NormalizeSeverity(def.Advisory.Severity), 41 // each updater is configured to parse a suse release 42 // specific xml database. we'll use the updater's release 43 // to map the parsed vulnerabilities 44 Dist: releaseToDist(u.release), 45 }, 46 }, nil 47 } 48 vulns, err := ovalutil.RPMDefsToVulns(ctx, &root, protoVulns) 49 if err != nil { 50 return nil, err 51 } 52 return vulns, nil 53 }