fixup! rhel: add csaf/vex updater

go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/jackc/pgconn v1.14.1
 	github.com/jackc/pgtype v1.14.0
 	github.com/jackc/pgx/v4 v4.18.0
-	github.com/klauspost/compress v1.17.5
+	github.com/klauspost/compress v1.17.6
 	github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f
 	github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d
 	github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936
@@ -71,5 +71,6 @@ require (
 )
 
 replace github.com/quay/claircore/updater/driver => ./updater/driver
+
 // TODO (crozzy): remove once CSAF toolkit PR is merged.
 replace github.com/quay/claircore/toolkit => ./toolkit

go.sum

@@ -103,6 +103,8 @@ github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:C
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.17.5 h1:d4vBd+7CHydUqpFBgUEKkSdtSugf9YFmSkvUYPquI5E=
 github.com/klauspost/compress v1.17.5/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
+github.com/klauspost/compress v1.17.6 h1:60eq2E/jlfwQXtvZEeBUYADs+BwKBWURIY+Gj2eRGjI=
+github.com/klauspost/compress v1.17.6/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
 github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f h1:GvCU5GXhHq+7LeOzx/haG7HSIZokl3/0GkoUFzsRJjg=
 github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f/go.mod h1:q59u9px8b7UTj0nIjEjvmTWekazka6xIt6Uogz5Dm+8=
 github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d h1:X4cedH4Kn3JPupAwwWuo4AzYp16P0OyLO9d7OnMZc/c=

rhel/vex/fetcher.go

@@ -14,6 +14,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/klauspost/compress/snappy"
 	"github.com/klauspost/compress/zstd"
 	"github.com/quay/zlog"
 
@@ -44,8 +45,13 @@ func (u *VEXUpdater) Fetch(ctx context.Context, hint driver.Fingerprint) (io.Rea
 		return nil, hint, err
 	}
 
+	cw := snappy.NewBufferedWriter(f)
+
 	var success bool
 	defer func() {
+		if err := cw.Close(); err != nil {
+			zlog.Warn(ctx).Err(err).Msg("unable to close snappy writer")
+		}
 		if success {
 			if _, err := f.Seek(0, io.SeekStart); err != nil {
 				zlog.Warn(ctx).
@@ -115,7 +121,7 @@ func (u *VEXUpdater) Fetch(ctx context.Context, hint driver.Fingerprint) (io.Rea
 		}
 
 		lm := res.Header.Get("last-modified")
-		fp.requestTime, err = time.Parse(time.RFC1123, lm)
+		fp.requestTime, err = time.Parse(http.TimeFormat, lm)
 		if err != nil {
 			return nil, hint, fmt.Errorf("could not parse last-modified header %s:, %w", lm, err)
 		}
@@ -126,9 +132,11 @@ func (u *VEXUpdater) Fetch(ctx context.Context, hint driver.Fingerprint) (io.Rea
 		defer z.Close()
 		r := tar.NewReader(z)
 
-		var h *tar.Header
-		var buf bytes.Buffer
-		var entriesWritten int
+		var (
+			h              *tar.Header
+			buf, bc        bytes.Buffer
+			entriesWritten int
+		)
 		for h, err = r.Next(); err == nil; h, err = r.Next() {
 			if h.Typeflag != tar.TypeReg {
 				continue
@@ -145,13 +153,12 @@ func (u *VEXUpdater) Fetch(ctx context.Context, hint driver.Fingerprint) (io.Rea
 				return nil, hint, err
 			}
 
-			bc := &bytes.Buffer{}
-			err = json.Compact(bc, buf.Bytes())
+			err = json.Compact(&bc, buf.Bytes())
 			if err != nil {
 				return nil, hint, fmt.Errorf("error compressing JSON %s: %w", h.Name, err)
 			}
 			bc.WriteByte('\n')
-			f.Write(bc.Bytes())
+			cw.Write(bc.Bytes())
 			buf.Reset()
 			bc.Reset()
 			entriesWritten++
@@ -204,7 +211,10 @@ func (u *VEXUpdater) Fetch(ctx context.Context, hint driver.Fingerprint) (io.Rea
 	rd := csv.NewReader(res.Body)
 	rd.FieldsPerRecord = 2
 	rd.ReuseRecord = true
-	l := 0
+	var (
+		l       = 0
+		buf, bc bytes.Buffer
+	)
 	rec, err := rd.Read()
 	for ; err == nil; rec, err = rd.Read() {
 		if len(rec) != 2 {
@@ -249,19 +259,19 @@ func (u *VEXUpdater) Fetch(ctx context.Context, hint driver.Fingerprint) (io.Rea
 				return nil, hint, fmt.Errorf("unexpected response from advisary URL: %s %s", res.Status, req.URL)
 			}
 
-			buf := new(bytes.Buffer)
 			_, err = buf.ReadFrom(res.Body)
 			if err != nil {
 				return nil, hint, fmt.Errorf("error reading from buffer: %w", err)
 			}
 			zlog.Debug(ctx).Str("url", advisoryURI.String()).Msg("copying body to file")
-			bc := &bytes.Buffer{}
-			err = json.Compact(bc, buf.Bytes())
+			err = json.Compact(&bc, buf.Bytes())
 			if err != nil {
 				return nil, hint, fmt.Errorf("error compressing JSON: %w", err)
 			}
 			bc.WriteByte('\n')
-			f.Write(bc.Bytes())
+			cw.Write(bc.Bytes())
+			buf.Reset()
+			bc.Reset()
 			l++
 			res.Body.Close()
 		}
@@ -272,7 +282,6 @@ func (u *VEXUpdater) Fetch(ctx context.Context, hint driver.Fingerprint) (io.Rea
 	default:
 		return nil, hint, fmt.Errorf("error parsing the csv file: %w", err)
 	}
-
 	fp.requestTime = time.Now()
 	success = true
 	return f, driver.Fingerprint(fp.String()), nil

rhel/vex/fetcher_test.go

@@ -12,6 +12,7 @@ import (
 	"path/filepath"
 	"testing"
 
+	"github.com/klauspost/compress/snappy"
 	"github.com/quay/zlog"
 	"golang.org/x/tools/txtar"
 
@@ -114,7 +115,7 @@ func TestFactory(t *testing.T) {
 	// Check saved vulns
 	expectedLnCt := 7
 	lnCt := 0
-	r := bufio.NewReader(data)
+	r := bufio.NewReader(snappy.NewReader(data))
 	for b, err := r.ReadBytes('\n'); err == nil; b, err = r.ReadBytes('\n') {
 		_, err := csaf.Parse(b)
 		if err != nil {

rhel/vex/parser.go

@@ -8,6 +8,7 @@ import (
 	"io"
 	"strings"
 
+	"github.com/klauspost/compress/snappy"
 	"github.com/package-url/packageurl-go"
 	"github.com/quay/zlog"
 
@@ -20,7 +21,7 @@ import (
 // Parse implements [driver.Updater].
 func (u *VEXUpdater) Parse(ctx context.Context, contents io.ReadCloser) ([]*claircore.Vulnerability, error) {
 	// NOOP
-	return nil, nil
+	return nil, errors.ErrUnsupported
 }
 
 // DeltaParse implements [driver.DeltaUpdater].
@@ -32,7 +33,7 @@ func (u *VEXUpdater) DeltaParse(ctx context.Context, contents io.ReadCloser) ([]
 
 	pc := NewProductCache()
 
-	r := bufio.NewReader(contents)
+	r := bufio.NewReader(snappy.NewReader(contents))
 	for b, err := r.ReadBytes('\n'); err == nil; b, err = r.ReadBytes('\n') {
 		c, err := csaf.Parse(b)
 		if err != nil {

rhel/vex/parser_test.go

@@ -1,12 +1,16 @@
 package vex
 
 import (
+	"bytes"
 	"context"
 	"fmt"
+	"io"
 	"net/http"
 	"net/url"
 	"os"
 	"testing"
+
+	"github.com/klauspost/compress/snappy"
 )
 
 func TestParse(t *testing.T) {
@@ -34,9 +38,28 @@ func TestParse(t *testing.T) {
 		t.Run(tc.name, func(t *testing.T) {
 			f, err := os.Open(tc.filename)
 			if err != nil {
-				t.Fatalf("failed to open test data: %v", tc.filename)
+				t.Fatalf("failed to open test data file %s: %v", tc.filename, err)
+			}
+
+			// Ideally, you'd just use snappy.Encode() but apparently
+			// the stream format and the block format are not interchangable:
+			// https://pkg.go.dev/github.com/klauspost/compress/snappy#Writer.
+			b, err := io.ReadAll(f)
+			if err != nil {
+				t.Fatalf("failed to read file bytes: %v", err)
 			}
-			vulns, _, err := u.DeltaParse(c, f)
+			var buf bytes.Buffer
+			sw := snappy.NewBufferedWriter(&buf)
+			defer sw.Close()
+			bLen, err := sw.Write(b)
+			if err != nil {
+				t.Fatalf("error writing snappy data to buffer: %v", err)
+			}
+			if bLen != len(b) {
+				t.Errorf("didn't write the correct # of bytes")
+			}
+
+			vulns, _, err := u.DeltaParse(c, io.NopCloser(&buf))
 			if err != nil {
 				t.Fatalf("failed to parse CSAF JSON: %v", err)
 			}

rhel/vex/testdata/server.txt

@@ -1,4 +1,4 @@
-server/csaf_vex_2023-10-31.tar.zst last-modified:Mon, 11 Dec 2023 00:00:00 UTC\nanother:header
+server/csaf_vex_2023-10-31.tar.zst last-modified:Mon, 11 Dec 2023 00:00:00 GMT\nanother:header
 -- /archive_latest.txt --
 csaf_vex_2023-10-31.tar.zst
 -- /changes.csv etag:something --