-
Notifications
You must be signed in to change notification settings - Fork 79
/
matcher.go
72 lines (59 loc) · 1.48 KB
/
matcher.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
package debian
import (
"context"
version "github.com/knqyf263/go-deb-version"
"github.com/quay/claircore"
"github.com/quay/claircore/libvuln/driver"
)
// Matcher is a [driver.Matcher] for Debian distributions.
type Matcher struct{}
var _ driver.Matcher = (*Matcher)(nil)
// Name implements [driver.Matcher].
func (*Matcher) Name() string {
return "debian-matcher"
}
// Filter implements [driver.Matcher].
func (*Matcher) Filter(record *claircore.IndexRecord) bool {
if record.Distribution == nil {
return false
}
switch {
case record.Distribution.DID == "debian":
return true
case record.Distribution.Name == "Debian GNU/Linux":
return true
default:
return false
}
}
// Query implements [driver.Matcher].
func (*Matcher) Query() []driver.MatchConstraint {
return []driver.MatchConstraint{
driver.DistributionDID,
driver.DistributionName,
driver.DistributionVersion,
}
}
// Vulnerable implements [driver.Matcher].
func (*Matcher) Vulnerable(ctx context.Context, record *claircore.IndexRecord, vuln *claircore.Vulnerability) (bool, error) {
if vuln.FixedInVersion == "" {
return true, nil
}
// If Debian reports fixed_version is 0,
// the package is unaffected.
if vuln.FixedInVersion == "0" {
return false, nil
}
v1, err := version.NewVersion(record.Package.Version)
if err != nil {
return false, err
}
v2, err := version.NewVersion(vuln.FixedInVersion)
if err != nil {
return false, err
}
if v1.LessThan(v2) {
return true, nil
}
return false, nil
}