From 6f7c78211702749f61118e57892d1e0bbfa1318a Mon Sep 17 00:00:00 2001
From: ashwin-h <ashwinh@vmware.com>
Date: Fri, 29 May 2020 09:31:05 +0530
Subject: [PATCH] Add photon matcher.

---
 libvuln/opts.go   |  2 ++
 photon/matcher.go | 48 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+)
 create mode 100644 photon/matcher.go

diff --git a/libvuln/opts.go b/libvuln/opts.go
index 103874e23..70e274bbd 100644
--- a/libvuln/opts.go
+++ b/libvuln/opts.go
@@ -12,6 +12,7 @@ import (
 	"github.com/quay/claircore/python"
 	"github.com/quay/claircore/rhel"
 	"github.com/quay/claircore/ubuntu"
+	"github.com/quay/claircore/photon"
 )
 
 const (
@@ -71,6 +72,7 @@ var defaultMatchers = []driver.Matcher{
 	&python.Matcher{},
 	&ubuntu.Matcher{},
 	&rhel.Matcher{},
+	&photon.Matcher{},
 }
 
 // parse is an internal method for constructing
diff --git a/photon/matcher.go b/photon/matcher.go
new file mode 100644
index 000000000..14ecd8753
--- /dev/null
+++ b/photon/matcher.go
@@ -0,0 +1,48 @@
+package photon
+
+import (
+	version "github.com/knqyf263/go-rpm-version"
+
+	"github.com/quay/claircore"
+	"github.com/quay/claircore/libvuln/driver"
+)
+
+// Matcher implements driver.Matcher.
+type Matcher struct{}
+
+var _ driver.Matcher = (*Matcher)(nil)
+
+// Name implements driver.Matcher.
+func (*Matcher) Name() string {
+	return "photon"
+}
+
+// Filter implements driver.Matcher.
+func (*Matcher) Filter(record *claircore.IndexRecord) bool {
+	return record.Distribution != nil &&
+		record.Distribution.DID == "photon"
+}
+
+// Query implements driver.Matcher.
+func (*Matcher) Query() []driver.MatchConstraint {
+	return []driver.MatchConstraint{
+		driver.DistributionDID,
+		driver.DistributionName,
+		driver.DistributionVersion,
+	}
+}
+
+// Vulnerable implements driver.Matcher.
+func (*Matcher) Vulnerable(record *claircore.IndexRecord, vuln *claircore.Vulnerability) bool {
+	pkgVer, vulnVer := version.NewVersion(record.Package.Version), version.NewVersion(vuln.Package.Version)
+	// Assume the vulnerability record we have is for the last known vulnerable
+	// version, so greater versions aren't vulnerable.
+	cmp := func(i int) bool { return i != version.GREATER }
+	// But if it's explicitly marked as a fixed-in version, it't only vulnerable
+	// if less than that version.
+	if vuln.FixedInVersion != "" {
+		vulnVer = version.NewVersion(vuln.FixedInVersion)
+		cmp = func(i int) bool { return i == version.LESS }
+	}
+	return cmp(pkgVer.Compare(vulnVer))
+}