vulnsrc_rhel: rhsa_ID by default

If no CVE is present, create a vulnerability with rhsa ID
quay · Sep 14, 2018 · ac86a36 · ac86a36
1 parent 4ab98cf
commit ac86a36
Showing 1 changed file with 23 additions and 5 deletions.
diff --git a/ext/vulnsrc/rhel/rhel.go b/ext/vulnsrc/rhel/rhel.go
@@ -197,6 +197,8 @@ func parseRHSA(ovalReader io.Reader) (vulnerabilities []database.VulnerabilityWi
 	for _, definition := range ov.Definitions {
 		pkgs := toFeatures(definition.Criteria)
 		if len(pkgs) > 0 {
+
+			// Init vulnerability
 			vulnerability := database.VulnerabilityWithAffected{
 				Vulnerability: database.Vulnerability{
 					Severity:    severity(definition),
@@ -207,11 +209,15 @@ func parseRHSA(ovalReader io.Reader) (vulnerabilities []database.VulnerabilityWi
 				vulnerability.Affected = append(vulnerability.Affected, p)
 			}
 
-			// One vulnerability by CVE
-			for _, reference := range definition.References {
-				if reference.Source == "CVE" {
-					vulnerability.Name = reference.ID
-					vulnerability.Link = reference.URI
+			// Only RHSA is present
+			if len(definition.References) == 1 {
+				vulnerability.Name = rhsaName(definition)
+				vulnerability.Link = definition.References[0].URI
+				vulnerabilities = append(vulnerabilities, vulnerability)
+			} else {
+				for _, reference := range definition.References[1:] {
+					vulnerability.Name = name(reference)
+					vulnerability.Link = link(reference)
 					vulnerabilities = append(vulnerabilities, vulnerability)
 				}
 			}
@@ -380,3 +386,15 @@ func severity(def definition) database.Severity {
 		return database.UnknownSeverity
 	}
 }
+
+func name(ref reference) string {
+	return ref.ID
+}
+
+func link(ref reference) string {
+	return ref.URI
+}
+
+func rhsaName(def definition) string {
+	return strings.TrimSpace(def.Title[:strings.Index(def.Title, ": ")])
+}