/
matcher.go
54 lines (43 loc) · 1.21 KB
/
matcher.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
package python
import (
"context"
pep440 "github.com/aquasecurity/go-pep440-version"
"github.com/quay/claircore"
"github.com/quay/claircore/libvuln/driver"
)
var (
_ driver.Matcher = (*Matcher)(nil)
)
// Matcher attempts to correlate discovered python packages with reported
// vulnerabilities.
type Matcher struct{}
// Name implements driver.Matcher.
func (*Matcher) Name() string { return "python" }
// Filter implements driver.Matcher.
func (*Matcher) Filter(record *claircore.IndexRecord) bool {
return record.Package.NormalizedVersion.Kind == "pep440"
}
// Query implements driver.Matcher.
func (*Matcher) Query() []driver.MatchConstraint {
return []driver.MatchConstraint{}
}
// Vulnerable implements driver.Matcher.
func (*Matcher) Vulnerable(ctx context.Context, record *claircore.IndexRecord, vuln *claircore.Vulnerability) (bool, error) {
// if the vuln is not associated with any package,
// return not vulnerable.
if vuln.Package == nil {
return false, nil
}
v, err := pep440.Parse(record.Package.Version)
if err != nil {
return false, nil
}
spec, err := pep440.NewSpecifiers(vuln.Package.Version)
if err != nil {
return false, nil
}
if spec.Check(v) {
return true, nil
}
return false, nil
}