alpine: add support for v3.4 YAML schema

quay · Dec 19, 2016 · 3d90cac · 3d90cac
1 parent 805f620
commit 3d90cac
Show file tree

Hide file tree

Showing 4 changed files with 344 additions and 14 deletions.
diff --git a/updater/fetchers/alpine/alpine.go b/updater/fetchers/alpine/alpine.go
@@ -92,12 +92,19 @@ func (f *fetcher) FetchUpdate(db database.Datastore) (resp updater.FetcherRespon
 		if err != nil {
 			return
 		}
+		log.Debug(namespace)
 
 		var vulns []database.Vulnerability
-		vulns, err = parseYAML(file)
+		switch namespace {
+		case "v3.3":
+			vulns, err = parse33YAML(file)
+		case "v3.4":
+			vulns, err = parse34YAML(file)
+		}
 		if err != nil {
 			return
 		}
+
 		resp.Vulnerabilities = append(resp.Vulnerabilities, vulns...)
 		file.Close()
 	}
@@ -111,7 +118,7 @@ func (f *fetcher) pullRepository() (commit string, err error) {
 			return "", ErrFilesystem
 		}
 
-		if out, err := utils.Exec(f.repositoryLocalPath, "git", "pull"); err != nil {
+		if out, err := utils.Exec(f.repositoryLocalPath, "git", "clone", secdbGitURL, "."); err != nil {
 			f.Clean()
 			log.Errorf("could not pull alpine-secdb repository: %s. output: %s", err, out)
 			return "", cerrors.ErrCouldNotDownload
@@ -133,7 +140,7 @@ func (f *fetcher) Clean() {
 	}
 }
 
-type secdbFile struct {
+type secdb33File struct {
 	Distro   string `yaml:"distroversion"`
 	Packages []struct {
 		Pkg struct {
@@ -144,14 +151,14 @@ type secdbFile struct {
 	} `yaml:"packages"`
 }
 
-func parseYAML(r io.Reader) (vulns []database.Vulnerability, err error) {
+func parse33YAML(r io.Reader) (vulns []database.Vulnerability, err error) {
 	var rBytes []byte
 	rBytes, err = ioutil.ReadAll(r)
 	if err != nil {
 		return
 	}
 
-	var file secdbFile
+	var file secdb33File
 	err = yaml.Unmarshal(rBytes, &file)
 	if err != nil {
 		return
@@ -166,6 +173,7 @@ func parseYAML(r io.Reader) (vulns []database.Vulnerability, err error) {
 			}
 
 			var vuln database.Vulnerability
+			vuln.Severity = types.Unknown
 			vuln.Name = fix
 			vuln.Link = nvdURLPrefix + fix
 			vuln.FixedIn = []database.FeatureVersion{
@@ -177,10 +185,63 @@ func parseYAML(r io.Reader) (vulns []database.Vulnerability, err error) {
 					Version: version,
 				},
 			}
-
 			vulns = append(vulns, vuln)
 		}
 	}
 
 	return
 }
+
+type secdb34File struct {
+	Distro   string `yaml:"distroversion"`
+	Packages []struct {
+		Pkg struct {
+			Name  string              `yaml:"name"`
+			Fixes map[string][]string `yaml:"secfixes"`
+		} `yaml:"pkg"`
+	} `yaml:"packages"`
+}
+
+func parse34YAML(r io.Reader) (vulns []database.Vulnerability, err error) {
+	var rBytes []byte
+	rBytes, err = ioutil.ReadAll(r)
+	if err != nil {
+		return
+	}
+
+	var file secdb34File
+	err = yaml.Unmarshal(rBytes, &file)
+	if err != nil {
+		return
+	}
+
+	for _, pack := range file.Packages {
+		pkg := pack.Pkg
+		for versionStr, vulnStrs := range pkg.Fixes {
+			version, err := types.NewVersion(versionStr)
+			if err != nil {
+				log.Warningf("could not parse package version '%s': %s. skipping", versionStr, err.Error())
+				continue
+			}
+
+			for _, vulnStr := range vulnStrs {
+				var vuln database.Vulnerability
+				vuln.Severity = types.Unknown
+				vuln.Name = vulnStr
+				vuln.Link = nvdURLPrefix + vulnStr
+				vuln.FixedIn = []database.FeatureVersion{
+					{
+						Feature: database.Feature{
+							Namespace: database.Namespace{Name: "alpine:" + file.Distro},
+							Name:      pkg.Name,
+						},
+						Version: version,
+					},
+				}
+				vulns = append(vulns, vuln)
+			}
+		}
+	}
+
+	return
+}
diff --git a/updater/fetchers/alpine/alpine_test.go b/updater/fetchers/alpine/alpine_test.go
@@ -23,20 +23,38 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-func TestAlpineYAMLParsing(t *testing.T) {
+func TestAlpine33YAMLParsing(t *testing.T) {
 	_, filename, _, _ := runtime.Caller(0)
 	path := filepath.Join(filepath.Dir(filename))
 
-	testData, _ := os.Open(path + "/testdata/main.yaml")
+	testData, _ := os.Open(path + "/testdata/v33_main.yaml")
 	defer testData.Close()
 
-	vulns, err := parseYAML(testData)
+	vulns, err := parse33YAML(testData)
 	if err != nil {
 		assert.Nil(t, err)
 	}
-	assert.Equal(t, len(vulns), 15)
-	assert.Equal(t, vulns[0].Name, "CVE-2016-2147")
-	assert.Equal(t, vulns[0].FixedIn[0].Feature.Namespace.Name, "alpine:v3.3")
-	assert.Equal(t, vulns[0].FixedIn[0].Feature.Name, "busybox")
-	assert.Equal(t, vulns[0].Link, "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2147")
+	assert.Equal(t, 15, len(vulns))
+	assert.Equal(t, "CVE-2016-2147", vulns[0].Name)
+	assert.Equal(t, "alpine:v3.3", vulns[0].FixedIn[0].Feature.Namespace.Name)
+	assert.Equal(t, "busybox", vulns[0].FixedIn[0].Feature.Name)
+	assert.Equal(t, "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2147", vulns[0].Link)
+}
+
+func TestAlpine34YAMLParsing(t *testing.T) {
+	_, filename, _, _ := runtime.Caller(0)
+	path := filepath.Join(filepath.Dir(filename))
+
+	testData, _ := os.Open(path + "/testdata/v34_main.yaml")
+	defer testData.Close()
+
+	vulns, err := parse34YAML(testData)
+	if err != nil {
+		assert.Nil(t, err)
+	}
+	assert.Equal(t, 105, len(vulns))
+	assert.Equal(t, "CVE-2016-5387", vulns[0].Name)
+	assert.Equal(t, "alpine:v3.4", vulns[0].FixedIn[0].Feature.Namespace.Name)
+	assert.Equal(t, "apache2", vulns[0].FixedIn[0].Feature.Name)
+	assert.Equal(t, "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387", vulns[0].Link)
 }
diff --git a/updater/fetchers/alpine/testdata/main.yaml → ...er/fetchers/alpine/testdata/v33_main.yaml b/updater/fetchers/alpine/testdata/main.yaml → ...er/fetchers/alpine/testdata/v33_main.yaml