rhel: Add RHCOS content set location to repositoryscanner

RHCOS stores the content-set files in /ur/share/buildinfo instead of /root/buildinfo. As RHCOS and RHEL share CVE feeds, we can extend this scanner instead of building a new one for RHCOS. Signed-off-by: Matthias Meidinger <[email protected]>
quay · May 29, 2024 · 7250a05 · 7250a05
1 parent 2e766ce
commit 7250a05
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 2 deletions.
diff --git a/rhel/repositoryscanner.go b/rhel/repositoryscanner.go
@@ -110,7 +110,7 @@ const (
 func (*RepositoryScanner) Name() string { return "rhel-repository-scanner" }
 
 // Version implements [indexer.VersionedScanner].
-func (*RepositoryScanner) Version() string { return "1.1" }
+func (*RepositoryScanner) Version() string { return "1.2" }
 
 // Kind implements [indexer.VersionedScanner].
 func (*RepositoryScanner) Kind() string { return "repository" }
@@ -244,12 +244,18 @@ func (r *RepositoryScanner) Scan(ctx context.Context, l *claircore.Layer) (repos
 // examining information contained within the container.
 func mapContentSets(ctx context.Context, sys fs.FS, cm *mappingFile) ([]string, error) {
 	// Get CPEs using embedded content-set files.
-	// The files is be stored in /root/buildinfo/content_manifests/ and will need to
+	// The files are stored in /root/buildinfo/content_manifests/ and will need to
 	// be translated using mapping file provided by Red Hat's PST team.
+	// For RHCOS, the files are stored in /usr/share/buildinfo/.
 	ms, err := fs.Glob(sys, `root/buildinfo/content_manifests/*.json`)
 	if err != nil {
 		panic("programmer error: " + err.Error())
 	}
+	ms2, err := fs.Glob(sys, `usr/share/buildinfo/*.json`)
+	if err != nil {
+		panic("programmer error: " + err.Error())
+	}
+	ms = append(ms, ms2...)
 	if ms == nil {
 		return nil, nil
 	}

diff --git a/rhel/repositoryscanner_test.go b/rhel/repositoryscanner_test.go
@@ -181,6 +181,48 @@ func TestRepositoryScanner(t *testing.T) {
 			want:      nil,
 			cfg:       &RepositoryScannerConfig{API: srv.URL, Repo2CPEMappingURL: srv.URL + "/repository-2-cpe.json"},
 			layerPath: "testdata/layer-with-invalid-content-manifests-json.tar",
+		}, {
+			name: "RHCOSLayerFromMappingFile",
+			want: []*claircore.Repository{
+				{
+					Name: "cpe:/o:redhat:enterprise_linux:6::server",
+					Key:  repositoryKey,
+					CPE:  cpe.MustUnbind("cpe:/o:redhat:enterprise_linux:6::server"),
+				},
+				{
+					Name: "cpe:/o:redhat:enterprise_linux:7::server",
+					Key:  repositoryKey,
+					CPE:  cpe.MustUnbind("cpe:/o:redhat:enterprise_linux:7::server"),
+				},
+				{
+					Name: "cpe:/o:redhat:enterprise_linux:8::server",
+					Key:  repositoryKey,
+					CPE:  cpe.MustUnbind("cpe:/o:redhat:enterprise_linux:8::server"),
+				},
+			},
+			cfg:       &RepositoryScannerConfig{Repo2CPEMappingFile: f.Name()},
+			layerPath: "testdata/rhcos-layer-with-embedded-cs.tar",
+		}, {
+			name: "RHCOSLayerFromMappingFileWithConflictingFiles",
+			want: []*claircore.Repository{
+				{
+					Name: "cpe:/o:redhat:enterprise_linux:6::server",
+					Key:  repositoryKey,
+					CPE:  cpe.MustUnbind("cpe:/o:redhat:enterprise_linux:6::server"),
+				},
+				{
+					Name: "cpe:/o:redhat:enterprise_linux:7::server",
+					Key:  repositoryKey,
+					CPE:  cpe.MustUnbind("cpe:/o:redhat:enterprise_linux:7::server"),
+				},
+				{
+					Name: "cpe:/o:redhat:enterprise_linux:8::server",
+					Key:  repositoryKey,
+					CPE:  cpe.MustUnbind("cpe:/o:redhat:enterprise_linux:8::server"),
+				},
+			},
+			cfg:       &RepositoryScannerConfig{Repo2CPEMappingFile: f.Name()},
+			layerPath: "testdata/rhcos-layer-with-conflicting-files.tar",
 		},
 	}
 

diff --git a/rhel/testdata/rhcos-layer-with-conflicting-files.tar b/rhel/testdata/rhcos-layer-with-conflicting-files.tar
diff --git a/rhel/testdata/rhcos-layer-with-embedded-cs.tar b/rhel/testdata/rhcos-layer-with-embedded-cs.tar