-
Notifications
You must be signed in to change notification settings - Fork 524
/
store_adapter.go
119 lines (93 loc) · 3.23 KB
/
store_adapter.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
package vulnerability
import (
"fmt"
grypeDB "github.com/anchore/grype-db/pkg/db/v3"
"github.com/anchore/grype/grype/cpe"
"github.com/anchore/grype/grype/pkg"
"github.com/anchore/syft/syft/distro"
syftPkg "github.com/anchore/syft/syft/pkg"
"github.com/facebookincubator/nvdtools/wfn"
)
type StoreAdapter struct {
store grypeDB.VulnerabilityStoreReader
}
func NewProviderFromStore(store grypeDB.VulnerabilityStoreReader) *StoreAdapter {
return &StoreAdapter{
store: store,
}
}
func (pr *StoreAdapter) GetByDistro(d *distro.Distro, p pkg.Package) ([]Vulnerability, error) {
if d == nil {
return nil, nil
}
namespace := grypeDB.NamespaceForDistro(*d)
allPkgVulns, err := pr.store.GetVulnerability(namespace, p.Name)
if err != nil {
return nil, fmt.Errorf("provider failed to fetch namespace='%s' pkg='%s': %w", namespace, p.Name, err)
}
var vulnerabilities []Vulnerability
for _, vuln := range allPkgVulns {
vulnObj, err := NewVulnerability(vuln)
if err != nil {
return nil, fmt.Errorf("provider failed to parse distro='%s': %w", d, err)
}
vulnerabilities = append(vulnerabilities, *vulnObj)
}
return vulnerabilities, nil
}
func (pr *StoreAdapter) GetByLanguage(l syftPkg.Language, p pkg.Package) ([]Vulnerability, error) {
vulns := make([]Vulnerability, 0)
namersByNamespace := grypeDB.NamespacePackageNamersForLanguage(l)
if namersByNamespace == nil {
return nil, fmt.Errorf("no store namespaces found for language '%s'", l)
}
for namespace, namer := range namersByNamespace {
for _, name := range namer(p) {
allPkgVulns, err := pr.store.GetVulnerability(namespace, name)
if err != nil {
return nil, fmt.Errorf("provider failed to fetch namespace='%s' pkg='%s': %w", namespace, name, err)
}
for _, vuln := range allPkgVulns {
vulnObj, err := NewVulnerability(vuln)
if err != nil {
return nil, fmt.Errorf("provider failed to parse language='%s': %w", l, err)
}
vulns = append(vulns, *vulnObj)
}
}
}
return vulns, nil
}
func (pr *StoreAdapter) GetByCPE(requestCPE syftPkg.CPE) ([]Vulnerability, error) {
vulns := make([]Vulnerability, 0)
namespaces := grypeDB.NamespacesIndexedByCPE()
if namespaces == nil {
return nil, fmt.Errorf("no store namespaces found for arbitrary CPEs")
}
if requestCPE.Product == wfn.Any || requestCPE.Product == wfn.NA {
return nil, fmt.Errorf("product name is required")
}
for _, namespace := range namespaces {
allPkgVulns, err := pr.store.GetVulnerability(namespace, requestCPE.Product)
if err != nil {
return nil, fmt.Errorf("provider failed to fetch namespace='%s' product='%s': %w", namespace, requestCPE.Product, err)
}
for _, vuln := range allPkgVulns {
vulnCPEs, err := cpe.NewSlice(vuln.CPEs...)
if err != nil {
return nil, err
}
// compare the request CPE to the potential matches (excluding version, which is handled downstream)
candidateMatchCpes := cpe.MatchWithoutVersion(requestCPE, vulnCPEs)
if len(candidateMatchCpes) > 0 {
vulnObj, err := NewVulnerability(vuln)
if err != nil {
return nil, fmt.Errorf("provider failed to parse cpe='%s': %w", requestCPE.BindToFmtString(), err)
}
vulnObj.CPEs = candidateMatchCpes
vulns = append(vulns, *vulnObj)
}
}
}
return vulns, nil
}