feat(gost/redhat): support EUS, AUS merge

gost/redhat.go

@@ -5,6 +5,7 @@ package gost
 
 import (
 	"encoding/json"
+	"fmt"
 	"strconv"
 	"strings"
 
@@ -27,7 +28,7 @@ func (red RedHat) DetectCVEs(r *models.ScanResult, ignoreWillNotFix bool) (nCVEs
 		gostRelease = strings.TrimPrefix(r.Release, "stream")
 	}
 	if red.DBDriver.Cnf.IsFetchViaHTTP() {
-		prefix, _ := util.URLPathJoin(red.DBDriver.Cnf.GetURL(), "redhat", major(gostRelease), "pkgs")
+		prefix, _ := util.URLPathJoin(red.DBDriver.Cnf.GetURL(), "redhat", gostRelease, "pkgs")
 		responses, err := getAllUnfixedCvesViaHTTP(r, prefix)
 		if err != nil {
 			return 0, err
@@ -50,7 +51,7 @@ func (red RedHat) DetectCVEs(r *models.ScanResult, ignoreWillNotFix bool) (nCVEs
 		}
 		for _, pack := range r.Packages {
 			// CVE-ID: RedhatCVE
-			cves, err := red.DBDriver.DB.GetUnfixedCvesRedhat(major(gostRelease), pack.Name, ignoreWillNotFix)
+			cves, err := red.DBDriver.DB.GetUnfixedCvesRedhat(gostRelease, pack.Name, ignoreWillNotFix)
 			if err != nil {
 				return 0, err
 			}
@@ -161,9 +162,17 @@ func (red RedHat) setUnfixedCveToScanResult(cve *gostmodels.RedhatCVE, r *models
 
 func (red RedHat) mergePackageStates(v models.VulnInfo, ps []gostmodels.RedhatPackageState, installed models.Packages, release string) (pkgStats models.PackageFixStatuses) {
 	pkgStats = v.AffectedPackages
+	var cpe string
+	if strings.HasSuffix(release, "-eus") {
+		cpe = fmt.Sprintf("cpe:/o:redhat:rhel_eus:%s", strings.TrimSuffix(release, "-eus"))
+	} else if strings.HasSuffix(release, "-aus") {
+		cpe = fmt.Sprintf("cpe:/o:redhat:rhel_aus:%s", strings.TrimSuffix(release, "-aus"))
+	} else {
+		cpe = fmt.Sprintf("cpe:/o:redhat:enterprise_linux:%s", major(release))
+	}
+
 	for _, pstate := range ps {
-		if pstate.Cpe !=
-			"cpe:/o:redhat:enterprise_linux:"+major(release) {
+		if pstate.Cpe != cpe {
 			return
 		}