Integrated a fetcher for openSUSE and for SUSE Linux Enterprise

We extracted oval parser from rhel and used that for opensuse and
SUSE Linux Enterpise

Signed-off-by: Thomas Boerger <tboerger@suse.de>
Signed-off-by: Jordi Massaguer Pla <jmassaguerpla@suse.de>

cmd/clair/main.go

@@ -29,7 +29,9 @@ import (
 	_ "github.com/coreos/clair/notifier/notifiers"
 
 	_ "github.com/coreos/clair/updater/fetchers/debian"
+	_ "github.com/coreos/clair/updater/fetchers/opensuse"
 	_ "github.com/coreos/clair/updater/fetchers/rhel"
+	_ "github.com/coreos/clair/updater/fetchers/sle"
 	_ "github.com/coreos/clair/updater/fetchers/ubuntu"
 	_ "github.com/coreos/clair/updater/metadata_fetchers/nvd"
 

updater/fetchers/opensuse/opensuse.go

@@ -0,0 +1,129 @@
+// Copyright 2015 clair authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package opensuse
+
+import (
+	"fmt"
+	"regexp"
+	"strconv"
+
+	"github.com/coreos/clair/updater"
+	"github.com/coreos/clair/utils/oval"
+	"github.com/coreos/pkg/capnslog"
+)
+
+var log = capnslog.NewPackageLogger("github.com/coreos/clair", "updater/fetchers/sle")
+
+func init() {
+	opensuseInfo := &OpenSUSEInfo{}
+
+	updater.RegisterFetcher(opensuseInfo.DistName(),
+		&oval.OvalFetcher{OsInfo: opensuseInfo})
+}
+
+// OpenSUSEInfo implements oval.OsInfo interface
+// See oval.OsInfo for more info on what each method is
+type OpenSUSEInfo struct {
+}
+
+func (f *OpenSUSEInfo) SecToken() string {
+	return "CVE"
+}
+
+func (f *OpenSUSEInfo) IgnoredCriterions() []string {
+	return []string{}
+}
+
+func (f *OpenSUSEInfo) OvalURI() string {
+	return "http://ftp.suse.com/pub/projects/security/oval/"
+}
+
+func (f *OpenSUSEInfo) DistName() string {
+	return "opensuse"
+}
+
+func (f *OpenSUSEInfo) Namespace() string {
+	return f.DistName()
+}
+
+func (f *OpenSUSEInfo) ParseOsVersion(comment string) string {
+	return f.ParseOsVersionR(comment, f.CritSystem())
+}
+
+func (f *OpenSUSEInfo) ParseOsVersionR(comment string, exp *regexp.Regexp) string {
+	systemMatch := exp.FindStringSubmatch(comment)
+	if len(systemMatch) < 2 {
+		return ""
+	}
+	osVersion := systemMatch[1]
+	if len(systemMatch) == 4 && systemMatch[3] != "" {
+		sp := systemMatch[3]
+		osVersion = fmt.Sprintf("%s.%s", osVersion, sp)
+	}
+
+	return osVersion
+}
+
+func (f *OpenSUSEInfo) ParsePackageNameVersion(comment string) (string, string) {
+	packageMatch := f.CritPackage().FindStringSubmatch(comment)
+
+	if len(packageMatch) != 3 {
+		return "", ""
+	}
+	name := packageMatch[1]
+	version := packageMatch[2]
+	return name, version
+}
+
+func (f *OpenSUSEInfo) ParseFilenameDist(line string) string {
+	return f.ParseFilenameDistR(line, f.DistRegexp(), f.DistMinVersion())
+}
+
+func (f *OpenSUSEInfo) ParseFilenameDistR(line string, exp *regexp.Regexp, minVersion float64) string {
+	r := exp.FindStringSubmatch(line)
+	if len(r) != 2 {
+		return ""
+	}
+	if r[0] == "" || r[1] == "" {
+		return ""
+	}
+	distVersion, _ := strconv.ParseFloat(r[1], 32)
+	if distVersion < minVersion {
+		return ""
+	}
+	return f.DistFile(r[0])
+}
+
+// These are not in the interface
+
+func (f *OpenSUSEInfo) DistFile(item string) string {
+	return f.OvalURI() + item
+}
+
+func (f *OpenSUSEInfo) CritSystem() *regexp.Regexp {
+	return regexp.MustCompile(`openSUSE [^0-9]*(\d+\.\d+)[^0-9]* is installed`)
+}
+
+func (f *OpenSUSEInfo) CritPackage() *regexp.Regexp {
+	return regexp.MustCompile(`(.*)-(.*\-[\d\.]+) is installed`)
+}
+
+func (f *OpenSUSEInfo) DistRegexp() *regexp.Regexp {
+	return regexp.MustCompile(`opensuse.[^0-9]*(\d+\.\d+).xml`)
+}
+
+func (f *OpenSUSEInfo) DistMinVersion() float64 {
+	return 13.1
+}

updater/fetchers/opensuse/opensuse_test.go

@@ -0,0 +1,66 @@
+// Copyright 2015 clair authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package opensuse
+
+import (
+	"os"
+	"path/filepath"
+	"runtime"
+	"testing"
+
+	"github.com/coreos/clair/database"
+	"github.com/coreos/clair/utils/oval"
+	"github.com/coreos/clair/utils/types"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestOpenSUSEParser(t *testing.T) {
+	_, filename, _, _ := runtime.Caller(0)
+	path := filepath.Join(filepath.Dir(filename))
+
+	// Test parsing testdata/fetcher_opensuse_test.1.xml
+	testFile, _ := os.Open(path + "/testdata/fetcher_opensuse_test.1.xml")
+	ov := &oval.OvalFetcher{OsInfo: &OpenSUSEInfo{}}
+	vulnerabilities, err := ov.ParseOval(testFile)
+	if assert.Nil(t, err) && assert.Len(t, vulnerabilities, 1) {
+		assert.Equal(t, "CVE-2012-2150", vulnerabilities[0].Name)
+		assert.Equal(t, "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2150", vulnerabilities[0].Link)
+		// Severity is not defined for openSUSE
+		assert.Equal(t, types.Unknown, vulnerabilities[0].Severity)
+		assert.Equal(t, `xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.`, vulnerabilities[0].Description)
+
+		expectedFeatureVersions := []database.FeatureVersion{
+			{
+				Feature: database.Feature{
+					Namespace: database.Namespace{Name: "opensuse:42.1"},
+					Name:      "xfsprogs",
+				},
+				Version: types.NewVersionUnsafe("3.2.1-5.1"),
+			},
+			{
+				Feature: database.Feature{
+					Namespace: database.Namespace{Name: "opensuse:42.1"},
+					Name:      "xfsprogs-devel",
+				},
+				Version: types.NewVersionUnsafe("3.2.1-5.1"),
+			},
+		}
+
+		for _, expectedFeatureVersion := range expectedFeatureVersions {
+			assert.Contains(t, vulnerabilities[0].FixedIn, expectedFeatureVersion)
+		}
+	}
+
+}

updater/fetchers/opensuse/testdata/fetcher_opensuse_test.1.xml

@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<oval_definitions
+  xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd"
+  xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5"
+  xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+  <generator>
+    <oval:product_name>Marcus Updateinfo to OVAL Converter</oval:product_name>
+    <oval:schema_version>5.5</oval:schema_version>
+    <oval:timestamp>2016-06-27T04:04:46</oval:timestamp>
+  </generator>
+  <definitions>
+    <definition id="oval:org.opensuse.security:def:20122150" version="1" class="vulnerability">
+      <metadata>
+        <title>CVE-2012-2150</title>
+        <affected family="unix">
+          <platform>openSUSE Leap 42.1</platform>
+        </affected>
+        <reference ref_id="CVE-2012-2150" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2150" source="CVE"/>
+        <description>xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.</description>
+      </metadata>
+      <criteria operator="AND">
+        <criterion test_ref="oval:org.opensuse.security:tst:2009117743" comment="openSUSE Leap 42.1 is installed"/>
+        <criteria operator="OR">
+          <criterion test_ref="oval:org.opensuse.security:tst:2009120999" comment="xfsprogs-3.2.1-5.1 is installed"/>
+          <criterion test_ref="oval:org.opensuse.security:tst:2009121000" comment="xfsprogs-devel-3.2.1-5.1 is installed"/>
+        </criteria>
+      </criteria>
+    </definition>
+  </definitions>
+  <tests>
+    <rpminfo_test id="oval:org.opensuse.security:tst:2009117743" version="1" comment="openSUSE-release is ==42.1" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+      <object object_ref="oval:org.opensuse.security:obj:2009031246"/>
+      <state state_ref="oval:org.opensuse.security:ste:2009046321"/>
+    </rpminfo_test>
+    <rpminfo_test id="oval:org.opensuse.security:tst:2009120999" version="1" comment="xfsprogs is &lt;3.2.1-5.1" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+      <object object_ref="oval:org.opensuse.security:obj:2009032555"/>
+      <state state_ref="oval:org.opensuse.security:ste:2009046736"/>
+    </rpminfo_test>
+    <rpminfo_test id="oval:org.opensuse.security:tst:2009121000" version="1" comment="xfsprogs-devel is &lt;3.2.1-5.1" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+      <object object_ref="oval:org.opensuse.security:obj:2009032648"/>
+      <state state_ref="oval:org.opensuse.security:ste:2009046736"/>
+    </rpminfo_test>
+  </tests>
+  <objects>
+    <rpminfo_object id="oval:org.opensuse.security:obj:2009032648" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+      <name>xfsprogs-devel</name>
+    </rpminfo_object>
+    <rpminfo_object id="oval:org.opensuse.security:obj:2009031246" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+      <name>openSUSE-release</name>
+    </rpminfo_object>
+    <rpminfo_object id="oval:org.opensuse.security:obj:2009032555" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+      <name>xfsprogs</name>
+    </rpminfo_object>
+  </objects>
+  <states>
+    <rpminfo_state id="oval:org.opensuse.security:ste:2009046736" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+      <evr datatype="evr_string" operation="less than">0:3.2.1-5.1</evr>
+    </rpminfo_state>
+    <rpminfo_state id="oval:org.opensuse.security:ste:2009046321" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+      <version operation="equals">42.1</version>
+    </rpminfo_state>
+  </states>
+</oval_definitions>