ovalutil

package
v1.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 28, 2023 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ArchMatch

func ArchMatch(pkgArch string, requiredPkgArch string, operation oval.Operation) bool

ArchMatch checks if given package arch match with requited arch based on operator

func DpkgDefsToVulns

func DpkgDefsToVulns(ctx context.Context, root *oval.Root, protoVulns ProtoVulnsFunc, expansionFunc PackageExpansionFunc) ([]*claircore.Vulnerability, error)

DpkgDefsToVulns iterates over the definitions in an oval root and assumes DpkgInfo objects and states.

Each Criterion encountered with an EVR string will be translated into a claircore.Vulnerability

func Links(def oval.Definition) string

Links joins all the links in the cve definition into a single string.

func Operation

func Operation(value, requiredValue string, operation oval.Operation) bool

Operation check if values match based on given operation

func RPMDefsToVulns

func RPMDefsToVulns(ctx context.Context, root *oval.Root, protoVulns ProtoVulnsFunc) ([]*claircore.Vulnerability, error)

RPMDefsToVulns iterates over the definitions in an oval root and assumes RPMInfo objects and states.

Each Criterion encountered with an EVR string will be translated into a claircore.Vulnerability

func TestLookup

func TestLookup(root *oval.Root, ref string, f func(kind string) bool) (oval.Test, error)

TestLookup is a general test lookup function.

The passed function can be used as an allowlist for test kinds. All known kinds will be returned if not provided.

Types

type Compressor

type Compressor uint

Compressor is used by Fetcher to decompress data it fetches.

const (
	CompressionAuto  Compressor = iota // auto
	CompressionNone                    // none
	CompressionGzip                    // gzip
	CompressionBzip2                   // bzip2
	CompressionZstd                    // zstd
)

These are the kinds of Compession a Fetcher can deal with.

func ParseCompressor

func ParseCompressor(s string) (c Compressor, err error)

ParseCompressor reports the Compressor indicated by the passed in string.

func (Compressor) String

func (i Compressor) String() string

type DefinitionType

type DefinitionType string
const (
	CVEDefinition        DefinitionType = "cve"
	RHBADefinition       DefinitionType = "rhba"
	RHEADefinition       DefinitionType = "rhea"
	RHSADefinition       DefinitionType = "rhsa"
	UnaffectedDefinition DefinitionType = "unaffected"
	NoneDefinition       DefinitionType = "none"
)

func GetDefinitionType

func GetDefinitionType(def oval.Definition) (DefinitionType, error)

GetDefinitionType parses an OVAL definition and extracts its type from ID.

type Fetcher

type Fetcher struct {
	URL         *url.URL
	Client      *http.Client
	Compression Compressor
}

Fetcher implements the driver.Fetcher interface.

Fetcher expects all of its exported members to be filled out appropriately, and may panic if not.

func (*Fetcher) Configure

func (f *Fetcher) Configure(ctx context.Context, cf driver.ConfigUnmarshaler, c *http.Client) error

Configure implements driver.Configurable.

For users that embed a Fetcher, this provides a configuration hook by default.

func (*Fetcher) Fetch

Fetch fetches the resource as specified by Fetcher.URL and Fetcher.Compression, using the client provided as Fetcher.Client.

Fetch makes GET requests, and will make conditional requests using the passed-in hint.

Tmp.File is used to return a ReadCloser that outlives the passed-in context.

type FetcherConfig

type FetcherConfig struct {
	URL         string `json:"url" yaml:"url"`
	Compression string `json:"compression" yaml:"compression"`
}

FetcherConfig is the configuration that the Fetcher's Configure method works with.

Users the embed Fetcher and use Fetcher.Configure should make sure any of their configuration keys don't conflict with these names.

type PackageExpansionFunc

type PackageExpansionFunc func(def oval.Definition, name *oval.DpkgName) []string

PackageExpansionFunc allows a caller to expand the inserted vulns. For example when the OVAL DB reports vulnerabilities from the source package only (Debian). Or the name field has a var_ref indicating a variable lookup is needed (Ubuntu).

type ProtoVulnsFunc

type ProtoVulnsFunc func(def oval.Definition) ([]*claircore.Vulnerability, error)

ProtoVulnsFunc allows a caller to create prototype vulnerabilities that will be copied and further defined for every applicable oval.Criterion discovered.

This allows the caller to use oval.Definition fields and closure syntax when defining how a vulnerability should be parsed

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL