Skip to content

Commit

Permalink
Support for patches that resolve multiple issues
Browse files Browse the repository at this point in the history
Such as `CVE-2022-2601.CVE-2022-3775.4.patch`

Signed-off-by: Arnout Engelen <[email protected]>
  • Loading branch information
raboof authored and henrirosten committed Jan 2, 2024
1 parent 31f17d1 commit df634a1
Showing 1 changed file with 29 additions and 20 deletions.
49 changes: 29 additions & 20 deletions src/sbomnix/sbomdb.py
Original file line number Diff line number Diff line change
Expand Up @@ -369,6 +369,34 @@ def _cdx_component_add_licenses(component, drv):
component["licenses"] = licenses


def _cdx_component_add_patches(component, drv):
"""Add security patch information to cdx component (if any)"""
if drv.patches:
security_patches = []
for p in drv.patches.split(" "):
ids = re.findall(r"CVE-\d{4}-\d+", p, re.IGNORECASE)
if ids:
resolves = []
for i in ids:
resolves.append(
{
"type": "security",
"id": i.upper(),
"references": [f"file://{p}"],
}
)
security_patches.append(
{
"type": "unofficial",
"resolves": resolves,
}
)
if security_patches:
pedigree = {}
pedigree["patches"] = security_patches
component["pedigree"] = pedigree


def _drv_to_cdx_component(drv, uid="store_path"):
"""Convert one entry from sbomdb (drv) to cdx component"""
component = {}
Expand All @@ -383,26 +411,7 @@ def _drv_to_cdx_component(drv, uid="store_path"):
if "meta_description" in drv._asdict() and drv.meta_description:
component["description"] = drv.meta_description
_cdx_component_add_licenses(component, drv)
if drv.patches:
security_patches = []
for p in drv.patches.split(" "):
m = re.search(r"CVE-\d{4}-\d+", p, re.IGNORECASE)
if m:
patch = {
"type": "unofficial",
"resolves": [
{
"type": "security",
"id": m.group(0).upper(),
"references": [f"file://{p}"],
}
],
}
security_patches.append(patch)
if security_patches:
pedigree = {}
pedigree["patches"] = security_patches
component["pedigree"] = pedigree
_cdx_component_add_patches(component, drv)
properties = []
for output_path in drv.outputs:
prop = {}
Expand Down

0 comments on commit df634a1

Please sign in to comment.