From 53f3a05be7436a72b7ef998dcd14c17c89323c1f Mon Sep 17 00:00:00 2001 From: MaineK00n Date: Wed, 26 Jan 2022 03:39:22 +0900 Subject: [PATCH] feat(rocky): support modular package --- pkg/vulnsrc/rocky/rocky.go | 27 ++++--- pkg/vulnsrc/rocky/rocky_test.go | 35 ++++++++- .../8/BaseOS/x86_64/2021/RLSA-2021-1989.json | 73 ++++++++++--------- .../8/BaseOS/x86_64/2021/RLSA-2021-1979.json | 43 +++++++---- .../8/BaseOS/x86_64/2021/RLSA-2021-1979.json | 39 ++++++++++ pkg/vulnsrc/rocky/types.go | 16 ++++ 6 files changed, 170 insertions(+), 63 deletions(-) create mode 100644 pkg/vulnsrc/rocky/testdata/no_moduleinfo/vuln-list/rocky/8/BaseOS/x86_64/2021/RLSA-2021-1979.json diff --git a/pkg/vulnsrc/rocky/rocky.go b/pkg/vulnsrc/rocky/rocky.go index 67e8cd4a..d0d51eff 100644 --- a/pkg/vulnsrc/rocky/rocky.go +++ b/pkg/vulnsrc/rocky/rocky.go @@ -104,25 +104,28 @@ func (vs VulnSrc) save(errataVer map[string][]RLSA) error { func (vs VulnSrc) commit(tx *bolt.Tx, platformName string, errata []RLSA) error { for _, erratum := range errata { for _, cveID := range erratum.CveIDs { - putAdvisoryCount := 0 - for _, pkg := range erratum.Packages { + for _, pkglist := range erratum.PkgLists { // Skip the modular packages until the following bug is fixed. // https://forums.rockylinux.org/t/some-errata-missing-in-comparison-with-rhel-and-almalinux/3843/8 - if strings.Contains(pkg.Release, ".module+el") { + // Using modules.yaml, if the conversion to each module fails + if len(erratum.Packages) > 0 { continue } - advisory := types.Advisory{ - FixedVersion: utils.ConstructVersion(pkg.Epoch, pkg.Version, pkg.Release), + for _, pkg := range pkglist.Packages { + pkgName := pkg.Name + if pkglist.Module.Name != "" && pkglist.Module.Stream != "" { + pkgName = fmt.Sprintf("%s:%s::%s", pkglist.Module.Name, pkglist.Module.Stream, pkg.Name) + } + + advisory := types.Advisory{ + FixedVersion: utils.ConstructVersion(pkg.Epoch, pkg.Version, pkg.Release), + } + if err := vs.dbc.PutAdvisoryDetail(tx, cveID, platformName, pkgName, advisory); err != nil { + return xerrors.Errorf("failed to save Rocky advisory: %w", err) + } } - if err := vs.dbc.PutAdvisoryDetail(tx, cveID, platformName, pkg.Name, advisory); err != nil { - return xerrors.Errorf("failed to save Rocky advisory: %w", err) - } - - putAdvisoryCount++ - } - if putAdvisoryCount > 0 { var references []string for _, ref := range erratum.References { references = append(references, ref.Href) diff --git a/pkg/vulnsrc/rocky/rocky_test.go b/pkg/vulnsrc/rocky/rocky_test.go index 1dc72eb7..b2bf6d07 100644 --- a/pkg/vulnsrc/rocky/rocky_test.go +++ b/pkg/vulnsrc/rocky/rocky_test.go @@ -57,9 +57,42 @@ func TestVulnSrc_Update(t *testing.T) { }, }, }, + { + name: "happy modular package", + dir: filepath.Join("testdata", "modular"), + wantValues: []want{ + { + key: []string{"advisory-detail", "CVE-2020-25097", "rocky 8", "squid:4::libecap"}, + value: types.Advisory{ + FixedVersion: "1.0.1-2.module+el8.4.0+404+316a0dc5", + }, + }, + { + key: []string{"advisory-detail", "CVE-2020-25097", "rocky 8", "squid:4::libecap-devel"}, + value: types.Advisory{ + FixedVersion: "1.0.1-2.module+el8.4.0+404+316a0dc5", + }, + }, + { + key: []string{"vulnerability-detail", "CVE-2020-25097", vulnerability.Rocky}, + value: types.VulnerabilityDetail{ + Severity: types.SeverityHigh, + References: []string{ + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25097.json", + }, + Title: "Important: squid:4 security update", + Description: "For more information visit https://errata.rockylinux.org/RLSA-2021:1979", + }, + }, + { + key: []string{"vulnerability-id", "CVE-2020-25097"}, + value: map[string]interface{}{}, + }, + }, + }, { name: "skip advisories for modular package", - dir: filepath.Join("testdata", "modular"), + dir: filepath.Join("testdata", "no_moduleinfo"), wantValues: []want{}, }, { diff --git a/pkg/vulnsrc/rocky/testdata/happy/vuln-list/rocky/8/BaseOS/x86_64/2021/RLSA-2021-1989.json b/pkg/vulnsrc/rocky/testdata/happy/vuln-list/rocky/8/BaseOS/x86_64/2021/RLSA-2021-1989.json index 8fdd804e..bdb90f9e 100644 --- a/pkg/vulnsrc/rocky/testdata/happy/vuln-list/rocky/8/BaseOS/x86_64/2021/RLSA-2021-1989.json +++ b/pkg/vulnsrc/rocky/testdata/happy/vuln-list/rocky/8/BaseOS/x86_64/2021/RLSA-2021-1989.json @@ -9,38 +9,43 @@ }, "severity": "Important", "description": "For more information visit https://errata.rockylinux.org/RLSA-2021:1989", - "packages": [ + "pkglists": [ { - "name": "bind-export-libs", - "epoch": "32", - "version": "9.11.26", - "release": "4.el8_4", - "arch": "i686", - "filename": "bind-export-libs-9.11.26-4.el8_4.i686.rpm" - }, - { - "name": "bind-export-libs", - "epoch": "32", - "version": "9.11.26", - "release": "4.el8_4", - "arch": "x86_64", - "filename": "bind-export-libs-9.11.26-4.el8_4.x86_64.rpm" - }, - { - "name": "bind-export-devel", - "epoch": "32", - "version": "9.11.26", - "release": "4.el8_4", - "arch": "x86_64", - "filename": "bind-export-devel-9.11.26-4.el8_4.x86_64.rpm" - }, - { - "name": "bind-export-devel", - "epoch": "32", - "version": "9.11.26", - "release": "4.el8_4", - "arch": "i686", - "filename": "bind-export-devel-9.11.26-4.el8_4.i686.rpm" + "packages": [ + { + "name": "bind-export-libs", + "epoch": "32", + "version": "9.11.26", + "release": "4.el8_4", + "arch": "i686", + "filename": "bind-export-libs-9.11.26-4.el8_4.i686.rpm" + }, + { + "name": "bind-export-libs", + "epoch": "32", + "version": "9.11.26", + "release": "4.el8_4", + "arch": "x86_64", + "filename": "bind-export-libs-9.11.26-4.el8_4.x86_64.rpm" + }, + { + "name": "bind-export-devel", + "epoch": "32", + "version": "9.11.26", + "release": "4.el8_4", + "arch": "x86_64", + "filename": "bind-export-devel-9.11.26-4.el8_4.x86_64.rpm" + }, + { + "name": "bind-export-devel", + "epoch": "32", + "version": "9.11.26", + "release": "4.el8_4", + "arch": "i686", + "filename": "bind-export-devel-9.11.26-4.el8_4.i686.rpm" + } + ], + "module": {} } ], "references": [ @@ -51,7 +56,5 @@ "type": "cve" } ], - "cveids": [ - "CVE-2021-25215" - ] -} \ No newline at end of file + "cveids": ["CVE-2021-25215"] +} diff --git a/pkg/vulnsrc/rocky/testdata/modular/vuln-list/rocky/8/BaseOS/x86_64/2021/RLSA-2021-1979.json b/pkg/vulnsrc/rocky/testdata/modular/vuln-list/rocky/8/BaseOS/x86_64/2021/RLSA-2021-1979.json index 1bdccda8..efc1d23f 100644 --- a/pkg/vulnsrc/rocky/testdata/modular/vuln-list/rocky/8/BaseOS/x86_64/2021/RLSA-2021-1979.json +++ b/pkg/vulnsrc/rocky/testdata/modular/vuln-list/rocky/8/BaseOS/x86_64/2021/RLSA-2021-1979.json @@ -9,22 +9,35 @@ }, "severity": "Important", "description": "For more information visit https://errata.rockylinux.org/RLSA-2021:1979", - "packages": [ + "pkglists": [ { - "name": "libecap", - "epoch": "0", - "version": "1.0.1", - "release": "2.module+el8.4.0+404+316a0dc5", - "arch": "x86_64", - "filename": "libecap-1.0.1-2.module+el8.4.0+404+316a0dc5.x86_64.rpm" - }, - { - "name": "libecap-devel", - "epoch": "0", - "version": "1.0.1", - "release": "2.module+el8.4.0+404+316a0dc5", - "arch": "x86_64", - "filename": "libecap-devel-1.0.1-2.module+el8.4.0+404+316a0dc5.x86_64.rpm" + "packages": [ + { + "name": "libecap", + "epoch": "0", + "version": "1.0.1", + "release": "2.module+el8.4.0+404+316a0dc5", + "arch": "x86_64", + "src": "libecap-1.0.1-2.module+el8.4.0+404+316a0dc5.src.rpm", + "filename": "libecap-1.0.1-2.module+el8.4.0+404+316a0dc5.x86_64.rpm" + }, + { + "name": "libecap-devel", + "epoch": "0", + "version": "1.0.1", + "release": "2.module+el8.4.0+404+316a0dc5", + "arch": "x86_64", + "src": "libecap-1.0.1-2.module+el8.4.0+404+316a0dc5.src.rpm", + "filename": "libecap-devel-1.0.1-2.module+el8.4.0+404+316a0dc5.x86_64.rpm" + } + ], + "module": { + "stream": "4", + "name": "squid", + "version": 8050020211109223548, + "arch": "x86_64", + "context": "b4937e53" + } } ], "references": [ diff --git a/pkg/vulnsrc/rocky/testdata/no_moduleinfo/vuln-list/rocky/8/BaseOS/x86_64/2021/RLSA-2021-1979.json b/pkg/vulnsrc/rocky/testdata/no_moduleinfo/vuln-list/rocky/8/BaseOS/x86_64/2021/RLSA-2021-1979.json new file mode 100644 index 00000000..1bdccda8 --- /dev/null +++ b/pkg/vulnsrc/rocky/testdata/no_moduleinfo/vuln-list/rocky/8/BaseOS/x86_64/2021/RLSA-2021-1979.json @@ -0,0 +1,39 @@ +{ + "id": "RLSA-2021:1979", + "title": "Important: squid:4 security update", + "issued": { + "date": "2021-07-22 03:16:49" + }, + "updated": { + "date": "2021-05-18 00:00:00" + }, + "severity": "Important", + "description": "For more information visit https://errata.rockylinux.org/RLSA-2021:1979", + "packages": [ + { + "name": "libecap", + "epoch": "0", + "version": "1.0.1", + "release": "2.module+el8.4.0+404+316a0dc5", + "arch": "x86_64", + "filename": "libecap-1.0.1-2.module+el8.4.0+404+316a0dc5.x86_64.rpm" + }, + { + "name": "libecap-devel", + "epoch": "0", + "version": "1.0.1", + "release": "2.module+el8.4.0+404+316a0dc5", + "arch": "x86_64", + "filename": "libecap-devel-1.0.1-2.module+el8.4.0+404+316a0dc5.x86_64.rpm" + } + ], + "references": [ + { + "href": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25097.json", + "id": "CVE-2020-25097", + "title": "Update information for CVE-2020-25097 is retrieved from Red Hat", + "type": "cve" + } + ], + "cveids": ["CVE-2020-25097"] +} diff --git a/pkg/vulnsrc/rocky/types.go b/pkg/vulnsrc/rocky/types.go index e807a62b..0f2ac788 100644 --- a/pkg/vulnsrc/rocky/types.go +++ b/pkg/vulnsrc/rocky/types.go @@ -7,6 +7,7 @@ type RLSA struct { Severity string `json:"severity,omitempty"` Description string `json:"description,omitempty"` Packages []Package `json:"packages,omitempty"` + PkgLists []PkgList `json:"pkglists,omitempty"` References []Reference `json:"references,omitempty"` CveIDs []string `json:"cveids,omitempty"` } @@ -19,6 +20,12 @@ type Reference struct { Type string `json:"type,omitempty"` } +// PkgList has modular package information +type PkgList struct { + Packages []Package `json:"packages,omitempty"` + Module Module `json:"module,omitempty"` +} + // Package has affected package information type Package struct { Name string `json:"name,omitempty"` @@ -28,3 +35,12 @@ type Package struct { Arch string `json:"arch,omitempty"` Filename string `json:"filename,omitempty"` } + +// Module has module information +type Module struct { + Stream string `json:"stream,omitempty"` + Name string `json:"name,omitempty"` + Version int64 `json:"version,omitempty"` + Arch string `json:"arch,omitempty"` + Context string `json:"context,omitempty"` +}