peridot/secparse/rherrata/errata.go
2022-07-07 22:13:21 +02:00

237 lines
7.4 KiB
Go

// Copyright (c) All respective contributors to the Peridot Project. All rights reserved.
// Copyright (c) 2021-2022 Rocky Enterprise Software Foundation, Inc. All rights reserved.
// Copyright (c) 2021-2022 Ctrl IQ, Inc. All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice,
// this list of conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice,
// this list of conditions and the following disclaimer in the documentation
// and/or other materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors
// may be used to endorse or promote products derived from this software without
// specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
// POSSIBILITY OF SUCH DAMAGE.
package rherrata
import (
"errors"
"fmt"
"github.com/PuerkitoBio/goquery"
"github.com/gocolly/colly/v2"
secparsepb "peridot.resf.org/secparse/proto/v1"
"strings"
"time"
)
type Architecture string
const (
ArchX8664 Architecture = "x86_64"
ArchAArch64 Architecture = "aarch64"
ArchPPC64 Architecture = "ppc64le"
ArchS390X Architecture = "s390x"
ArchNoArch Architecture = "noarch"
)
type Fix struct {
BugzillaID string
Description string
}
type UpdatedPackages struct {
SRPMs []string
Packages map[Architecture][]string
}
type Errata struct {
Synopsis string
Type secparsepb.Advisory_Type
Severity secparsepb.Advisory_Severity
Topic []string
Description []string
Solution []string
AffectedProducts map[string]*UpdatedPackages
Fixes []*Fix
CVEs []string
References []string
IssuedAt time.Time
}
func (a *API) GetErrata(advisory string) (*Errata, error) {
var err error
var errata Errata
c := colly.NewCollector(colly.UserAgent(a.userAgent))
// Do not fix this typo. It is like this on Red Hat's website
c.OnHTML("div#synpopsis", func(element *colly.HTMLElement) {
errata.Synopsis = element.DOM.Find("p").Text()
})
c.OnHTML("div#topic > p", func(element *colly.HTMLElement) {
errata.Topic = append(errata.Topic, element.Text)
})
c.OnHTML("div#solution > p", func(element *colly.HTMLElement) {
errata.Solution = append(errata.Solution, element.Text)
})
c.OnHTML("div#fixes > ul > li", func(element *colly.HTMLElement) {
fixComponents := strings.SplitN(element.Text, "-", 3)
if len(fixComponents) != 3 {
return
}
for i, comp := range fixComponents {
fixComponents[i] = strings.TrimSpace(comp)
}
fix := &Fix{
BugzillaID: fixComponents[1],
Description: fixComponents[2],
}
errata.Fixes = append(errata.Fixes, fix)
})
c.OnHTML("div#cves > ul > li", func(element *colly.HTMLElement) {
errata.CVEs = append(errata.CVEs, strings.TrimSpace(element.Text))
})
c.OnHTML("div#references > ul > li", func(element *colly.HTMLElement) {
errata.References = append(errata.References, strings.TrimSpace(element.Text))
})
c.OnHTML("dl.details", func(element *colly.HTMLElement) {
issuedAt, err := time.Parse("2006-01-02", element.DOM.Find("dd").First().Text())
if err == nil {
errata.IssuedAt = issuedAt
}
})
c.OnHTML("div#packages", func(element *colly.HTMLElement) {
productIndex := map[int]string{}
products := map[string]*UpdatedPackages{}
element.DOM.Find("h2").Each(func(i int, selection *goquery.Selection) {
productIndex[i] = selection.Text()
products[selection.Text()] = &UpdatedPackages{}
})
element.DOM.Find("table.files").Each(func(i int, selection *goquery.Selection) {
productUpdate := products[productIndex[i]]
if productUpdate.Packages == nil {
productUpdate.Packages = map[Architecture][]string{}
}
selection.Find("td.name").Each(func(_ int, selection *goquery.Selection) {
name := strings.TrimSpace(selection.Text())
isRpm := strings.HasSuffix(name, ".rpm")
isSrcRpm := strings.HasSuffix(name, ".src.rpm")
if isRpm {
if isSrcRpm {
productUpdate.SRPMs = append(productUpdate.SRPMs, name)
} else {
var arch Architecture
if strings.Contains(name, ".x86_64") || strings.Contains(name, ".i686") {
arch = ArchX8664
} else if strings.Contains(name, ".aarch64") {
arch = ArchAArch64
} else if strings.Contains(name, ".ppc64le") {
arch = ArchPPC64
} else if strings.Contains(name, ".s390x") {
arch = ArchS390X
} else if strings.Contains(name, ".noarch") {
arch = ArchNoArch
}
if productUpdate.Packages[arch] == nil {
productUpdate.Packages[arch] = []string{}
}
productUpdate.Packages[arch] = append(productUpdate.Packages[arch], name)
}
}
})
errata.AffectedProducts = products
})
})
c.OnHTML("div#description > p", func(element *colly.HTMLElement) {
htmlText, err := element.DOM.Html()
if err != nil {
return
}
htmlText = strings.TrimSuffix(htmlText, "<br/>")
if element.Text == "Security Fix(es):" || element.Text == "Bug Fix(es) and Enhancement(s):" || element.Text == "Bug Fix(es):" || element.Text == "Enhancement(s):" {
return
}
errata.Description = append(errata.Description, strings.Split(htmlText, "<br/>")...)
})
c.OnHTML("div#type-severity", func(element *colly.HTMLElement) {
typeSeverity := strings.Split(element.DOM.Find("p").Text(), ":")
if typeSeverity[0] == "Product Enhancement Advisory" {
errata.Type = secparsepb.Advisory_Enhancement
} else if typeSeverity[0] == "Bug Fix Advisory" {
errata.Type = secparsepb.Advisory_BugFix
} else {
if len(typeSeverity) != 2 {
err = errors.New("invalid type/severity")
return
}
typeSplit := strings.Split(typeSeverity[0], " ")
if len(typeSplit) != 2 {
err = errors.New("invalid type")
return
}
switch strings.TrimSpace(typeSplit[0]) {
case "Security":
errata.Type = secparsepb.Advisory_Security
break
case "BugFix":
errata.Type = secparsepb.Advisory_BugFix
break
case "Enhancement":
errata.Type = secparsepb.Advisory_Enhancement
break
}
switch strings.TrimSpace(typeSeverity[1]) {
case "Low":
errata.Severity = secparsepb.Advisory_Low
break
case "Moderate":
errata.Severity = secparsepb.Advisory_Moderate
break
case "Important":
errata.Severity = secparsepb.Advisory_Important
break
case "Critical":
errata.Severity = secparsepb.Advisory_Critical
break
}
}
})
errC := c.Visit(fmt.Sprintf("%s/%s", a.baseURLErrata, advisory))
if errC != nil {
return nil, errC
}
c.Wait()
if err != nil {
return nil, err
}
return &errata, nil
}