Skip to content

Commit

Permalink
include version in CPE string
Browse files Browse the repository at this point in the history 
Since this comes straight from the Package struct, we need a method on the Package struct to handle this instead of a method on CPE.

Signed-off-by: Dan Luhring <[email protected]>
  • Loading branch information
@luhring
luhring committed Jan 31, 2025
1 parent f405193 commit 5629b3b
Showing 1 changed file with 21 additions and 15 deletions.
36 changes: 21 additions & 15 deletions pkg/config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,13 +126,34 @@ type Package struct {
Resources *Resources `json:"resources,omitempty" yaml:"resources,omitempty"`
}

// CPE stores values used to produce a CPE to describe the package, suitable for
// matching against NVD records.
//
// For Melange, the "part" attribute should always be interpreted as "a" (for
// "application").
type CPE struct {
Vendor string
Product string
}

type Resources struct {
CPU string `json:"cpu,omitempty" yaml:"cpu,omitempty"`
CPUModel string `json:"cpumodel,omitempty" yaml:"cpumodel,omitempty"`
Memory string `json:"memory,omitempty" yaml:"memory,omitempty"`
Disk string `json:"disk,omitempty" yaml:"disk,omitempty"`
}

// CPEString returns the CPE string for the package, suitable for matching
// against NVD records.
func (p Package) CPEString() string {
return fmt.Sprintf(
"cpe:2.3:a:%s:%s:%s:*:*:*:*:*:*:*:*",
p.CPE.Vendor,
p.CPE.Product,
p.Version,
)
}

// PackageURL returns the package URL ("purl") for the APK (origin) package.
func (p Package) PackageURL(distro, arch string) *purl.PackageURL {
return newAPKPackageURL(distro, p.Name, p.FullVersion(), arch)
Expand Down Expand Up @@ -649,21 +670,6 @@ type Configuration struct {
root *yaml.Node
}

// CPE stores values used to produce a CPE to describe the package, suitable for
// matching against NVD records.
//
// For Melange, the "part" attribute should always be interpreted as "a" (for
// "application").
type CPE struct {
Vendor string
Product string
}

// String returns a CPE string for the package.
func (c CPE) String() string {
return fmt.Sprintf("cpe:2.3:a:%s:%s:*:*:*:*:*:*:*:*", c.Vendor, c.Product)
}

// AllPackageNames returns a sequence of all package names in the configuration,
// i.e. the origin package name and the names of all subpackages.
func (cfg Configuration) AllPackageNames() iter.Seq[string] {
Expand Down

0 comments on commit 5629b3b

Please sign in to comment.