redhatrelease: override match for RHEL hosts

Until https://github.com/coreos/clair/pull/193 is merged, having
vulnerabilities that are tagged both rhel and centos would duplicate in
the database or use a change that requires a migration.

But presently due to the fetcher logic, the rhel provided
vulnerabilities are labelled for centos, and then the namespace does not
match and therefore not tested against.

So until such a day that a vulnerability could have both rhel and centos
label, then hack this in. It'll accomplish the same during this interim.

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
This commit is contained in:
Vincent Batts 2016-08-12 15:35:32 -04:00
parent d88f797821
commit ce8d31bbb3
2 changed files with 21 additions and 2 deletions

View File

@ -291,6 +291,7 @@ func toFeatureVersions(criteria criteria) []database.FeatureVersion {
} }
if osVersion >= firstConsideredRHEL { if osVersion >= firstConsideredRHEL {
// TODO(vbatts) this is where features need multiple labels ('centos' and 'rhel')
featureVersion.Feature.Namespace.Name = "centos" + ":" + strconv.Itoa(osVersion) featureVersion.Feature.Namespace.Name = "centos" + ":" + strconv.Itoa(osVersion)
} else { } else {
continue continue

View File

@ -20,9 +20,15 @@ import (
"github.com/coreos/clair/database" "github.com/coreos/clair/database"
"github.com/coreos/clair/worker/detectors" "github.com/coreos/clair/worker/detectors"
"github.com/coreos/pkg/capnslog"
) )
var redhatReleaseRegexp = regexp.MustCompile(`(?P<os>[^\s]*) (Linux release|release) (?P<version>[\d]+)`) var (
log = capnslog.NewPackageLogger("github.com/coreos/clair", "worker/detectors/namespace/redhatrelease")
centosReleaseRegexp = regexp.MustCompile(`(?P<os>[^\s]*) (Linux release|release) (?P<version>[\d]+)`)
redhatReleaseRegexp = regexp.MustCompile(`(?P<os>Red Hat Enterprise Linux) (Client release|Server release|Workstation release) (?P<version>[\d]+)`)
)
// RedhatReleaseNamespaceDetector implements NamespaceDetector and detects the OS from the // RedhatReleaseNamespaceDetector implements NamespaceDetector and detects the OS from the
// /etc/centos-release, /etc/redhat-release and /etc/system-release files. // /etc/centos-release, /etc/redhat-release and /etc/system-release files.
@ -31,6 +37,7 @@ var redhatReleaseRegexp = regexp.MustCompile(`(?P<os>[^\s]*) (Linux release|rele
// eg. CentOS release 5.11 (Final) // eg. CentOS release 5.11 (Final)
// eg. CentOS release 6.6 (Final) // eg. CentOS release 6.6 (Final)
// eg. CentOS Linux release 7.1.1503 (Core) // eg. CentOS Linux release 7.1.1503 (Core)
// eg. Red Hat Enterprise Linux Server release 7.2 (Maipo)
type RedhatReleaseNamespaceDetector struct{} type RedhatReleaseNamespaceDetector struct{}
func init() { func init() {
@ -44,10 +51,21 @@ func (detector *RedhatReleaseNamespaceDetector) Detect(data map[string][]byte) *
continue continue
} }
r := redhatReleaseRegexp.FindStringSubmatch(string(f)) var r []string
// try for RHEL
r = redhatReleaseRegexp.FindStringSubmatch(string(f))
if len(r) == 4 {
// TODO(vbatts) this is a hack until https://github.com/coreos/clair/pull/193
return &database.Namespace{Name: "centos" + ":" + r[3]}
}
// then try centos first
r = centosReleaseRegexp.FindStringSubmatch(string(f))
if len(r) == 4 { if len(r) == 4 {
return &database.Namespace{Name: strings.ToLower(r[1]) + ":" + r[3]} return &database.Namespace{Name: strings.ToLower(r[1]) + ":" + r[3]}
} }
} }
return nil return nil