alpine: refactor fetcher & git pull on update

2016-12-15 16:36:41 -05:00 · 2016-12-15 16:36:41 -05:00 · 59e6c628dc
commit 59e6c628dc
parent 9be305d19f
1 changed files with 39 additions and 28 deletions
--- a/updater/fetchers/alpine/alpine.go
+++ b/updater/fetchers/alpine/alpine.go
@ -35,6 +35,7 @@ import (
 )
 const (
 	// When available, this should be updated to use HTTPS.
 	secdbGitURL  = "http://git.alpinelinux.org/cgit/alpine-secdb"
 	updaterFlag  = "alpine-secdbUpdater"
 	nvdURLPrefix = "https://cve.mitre.org/cgi-bin/cvename.cgi?name="
@ -87,32 +88,37 @@ func (f *fetcher) FetchUpdate(db database.Datastore) (resp updater.FetcherRespon
 	// Append any changed vulnerabilities to the response.
 	for _, namespace := range []string{"v3.3", "v3.4"} {
 		var file io.ReadCloser
 		file, err = os.Open(f.repositoryLocalPath + "/" + namespace + "/main.yaml")
 		if err != nil {
 			return
 		}
 		log.Debug(namespace)
 		var vulns []database.Vulnerability
-		switch namespace {
+		vulns, err = parseVulnsFromNamespace(f.repositoryLocalPath, namespace)
 		case "v3.3":
 			vulns, err = parse33YAML(file)
 		case "v3.4":
 			vulns, err = parse34YAML(file)
 		}
 		if err != nil {
 			return
 		}
 		resp.Vulnerabilities = append(resp.Vulnerabilities, vulns...)
-		file.Close()
+	}
 	return
 }
 func parseVulnsFromNamespace(repositoryPath, namespace string) (vulns []database.Vulnerability, err error) {
 	var file io.ReadCloser
 	file, err = os.Open(repositoryPath + "/" + namespace + "/main.yaml")
 	if err != nil {
 		return
 	}
 	defer file.Close()
 	switch namespace {
 	case "v3.3":
 		vulns, err = parse33YAML(file)
 	case "v3.4":
 		vulns, err = parse34YAML(file)
 	}
 	return
 }
 func (f *fetcher) pullRepository() (commit string, err error) {
 	// If the repository doesn't exist, clone it.
 	if _, pathExists := os.Stat(f.repositoryLocalPath); f.repositoryLocalPath == "" || os.IsNotExist(pathExists) {
 		if f.repositoryLocalPath, err = ioutil.TempDir(os.TempDir(), "alpine-secdb"); err != nil {
 			return "", ErrFilesystem
@ -123,6 +129,12 @@ func (f *fetcher) pullRepository() (commit string, err error) {
 			log.Errorf("could not pull alpine-secdb repository: %s. output: %s", err, out)
 			return "", cerrors.ErrCouldNotDownload
 		}
 	} else {
 		// The repository exists and it needs to be refreshed via a pull.
 		_, err := utils.Exec(f.repositoryLocalPath, "git", "pull")
 		if err != nil {
 			return "", ErrGitFailure
 		}
 	}
 	out, err := utils.Exec(f.repositoryLocalPath, "git", "rev-parse", "HEAD")
@ -172,23 +184,22 @@ func parse33YAML(r io.Reader) (vulns []database.Vulnerability, err error) {
 				continue
 			}
-			var vuln database.Vulnerability
+			vulns = append(vulns, database.Vulnerability{
-			vuln.Severity = types.Unknown
+				Name:     fix,
-			vuln.Name = fix
+				Severity: types.Unknown,
-			vuln.Link = nvdURLPrefix + fix
+				Link:     nvdURLPrefix + fix,
-			vuln.FixedIn = []database.FeatureVersion{
+				FixedIn: []database.FeatureVersion{
-				{
+					{
-					Feature: database.Feature{
+						Feature: database.Feature{
-						Namespace: database.Namespace{Name: "alpine:" + file.Distro},
+							Namespace: database.Namespace{Name: "alpine:" + file.Distro},
-						Name:      pkg.Name,
+							Name:      pkg.Name,
 						},
 						Version: version,
 					},
 					Version: version,
 				},
-			}
+			})
 			vulns = append(vulns, vuln)
 		}
 	}
 	return
 }