From d846c3125006ed8bc32d8e45a88c9deb9d9f9584 Mon Sep 17 00:00:00 2001 From: acmarr Date: Fri, 16 Feb 2024 12:00:34 -0800 Subject: [PATCH] NVSHAS-8675 add support for mariner 2.0 and new debian/ubuntu names. --- common/types.go | 4 ++++ updater/fetchers/mariner/mariner.go | 34 ++++++++++++++++------------- 2 files changed, 23 insertions(+), 15 deletions(-) diff --git a/common/types.go b/common/types.go index 19f7dab..2f83caa 100644 --- a/common/types.go +++ b/common/types.go @@ -182,6 +182,9 @@ var UbuntuReleasesMapping = map[string]string{ "impish": "21.10", "jammy": "22.04", "kinetic": "22.10", + "lunar": "23.04", + "mantic": "23.10", + "noble": "24.04", } var DebianReleasesMapping = map[string]string{ @@ -194,6 +197,7 @@ var DebianReleasesMapping = map[string]string{ "bullseye": "11", "bookworm": "12", "trixie": "13", + "forky": "14", "sid": "unstable", // Class names diff --git a/updater/fetchers/mariner/mariner.go b/updater/fetchers/mariner/mariner.go index c582936..a4f3eda 100644 --- a/updater/fetchers/mariner/mariner.go +++ b/updater/fetchers/mariner/mariner.go @@ -18,12 +18,15 @@ import ( const ( marinerFolder = "mariner-vulnerability" - marinerFile = "cbl-mariner-1.0-oval.xml" notapplicable = "not applicable" ) var ( ignoredCriterions = []string{} + marinerFiles = []string{ + "cbl-mariner-1.0-oval.xml", + "cbl-mariner-2.0-oval.xml", + } ) type MarinerFetcher struct{} @@ -107,23 +110,24 @@ func (fetcher *MarinerFetcher) FetchUpdate() (resp updater.FetcherResponse, err log.Info("fetching mariner vulnerabilities") var reader io.Reader - //Load file - file, err := os.Open(fmt.Sprintf("%s/%s/%s", common.CVESourceRoot, marinerFolder, marinerFile)) - if err != nil { - return resp, err - } - reader = bufio.NewReader(file) + //Load each file + for _, marinerFile := range marinerFiles { + file, err := os.Open(fmt.Sprintf("%s/%s/%s", common.CVESourceRoot, marinerFolder, marinerFile)) + if err != nil { + return resp, err + } + reader = bufio.NewReader(file) - vulns, err := parseMarinerOval(reader) - if err != nil { - return resp, err - } + vulns, err := parseMarinerOval(reader) + if err != nil { + return resp, err + } + + // Collect vulnerabilities. + resp.Vulnerabilities = append(resp.Vulnerabilities, vulns...) - // Collect vulnerabilities. - for _, v := range vulns { - resp.Vulnerabilities = append(resp.Vulnerabilities, v) + log.WithFields(log.Fields{"Vulnerabilities": len(resp.Vulnerabilities)}).Info("fetching mariner done") } - log.WithFields(log.Fields{"Vulnerabilities": len(resp.Vulnerabilities)}).Info("fetching mariner done") return resp, nil }