wip

gardenlinux · Sep 20, 2024 · ebbdabe · ebbdabe
1 parent 2b2a512
commit ebbdabe
Show file tree

Hide file tree

Showing 3 changed files with 2,349 additions and 12 deletions.
diff --git a/main.go b/main.go
@@ -4,32 +4,95 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"log"
 	"net/http"
+	"strings"
+	"os"
+	"slices"
 )
 
 type sourcePackageCve struct {
-	CveId                string `json:"cveId"`
-	SourcePackageName    string `json:"sourcePackageName"`
-	SourcePackageVersion string `json:"sourcePackageVersion"`
-	GardenlinuxVersion   string `json:"gardenlinuxVersion"`
-	IsVulnerable         bool   `json:"isVulnerable"`
-	CvePublishedDate     string `json:"cvePublishedDate"`
+	CveId                string  `json:"cveId"`
+	BaseScore            float32 `json:"baseScore"`
+	VectorString         string  `json:"vectorString"`
+	SourcePackageName    string  `json:"sourcePackageName"`
+	SourcePackageVersion string  `json:"sourcePackageVersion"`
+	GardenlinuxVersion   string  `json:"gardenlinuxVersion"`
+	IsVulnerable         bool    `json:"isVulnerable"`
+	CvePublishedDate     string  `json:"cvePublishedDate"`
+}
+
+type dpkgPackage struct {
+	Package string
+	Status string
+	Source string
+}
+
+func getDpkgSourcePackages(dpkgStatusFilePath string) []string {
+	dat, err := os.ReadFile(dpkgStatusFilePath)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	var packages []dpkgPackage
+
+	lines := strings.Split(string(dat), "\n")
+
+	for _,line := range lines {
+		if strings.HasPrefix(line, "Package: ") {
+			pkg := strings.Replace(line, "Package: ", "", 1)
+			packages = append(packages, dpkgPackage{Package: pkg})
+		}
+
+		if strings.HasPrefix(line, "Status: ") {
+			packages[len(packages) -1].Status = strings.Replace(line, "Status: ", "", 1)
+		}
+
+		if strings.HasPrefix(line, "Source: ") {
+			packages[len(packages) -1].Source = strings.Replace(line, "Source: ", "", 1)
+		}
+	}
+
+	var pkgs []string
+
+	for _, pkg  := range packages {
+		if len(pkg.Source) > 0 {
+			pkgs = append(pkgs, `"` + strings.Split(pkg.Source, " ")[0] + `"`)
+		} else {
+			pkgs = append(pkgs, `"` + pkg.Package + `"`)
+		}
+	}
+
+	slices.Sort(pkgs)
+	return slices.Compact(pkgs)
 }
 
 func main() {
-	resp, err := http.Get("https://glvd.ingress.glvd.gardnlinux.shoot.canary.k8s-hana.ondemand.com/v1/packages/vim")
+
+	dpkgSourcePackages := getDpkgSourcePackages("/var/lib/dpkg/status")
+
+
+	client := &http.Client{}
+	var data = strings.NewReader(`{"packageNames":[` + strings.Join(dpkgSourcePackages, ",") + `]}`)
+	req, err := http.NewRequest("PUT", "https://glvd.ingress.glvd.gardnlinux.shoot.canary.k8s-hana.ondemand.com/v1/cves/1592.0/packages?sortBy=cveId&sortOrder=ASC", data)
 	if err != nil {
-		panic(err)
+		log.Fatal(err)
+	}
+	req.Header.Set("accept", "application/json")
+	req.Header.Set("Content-Type", "application/json")
+	resp, err := client.Do(req)
+	if err != nil {
+		log.Fatal(err)
 	}
 	defer resp.Body.Close()
-	body, err := io.ReadAll(resp.Body)
+	bodyText, err := io.ReadAll(resp.Body)
 	if err != nil {
-		panic(err)
+		log.Fatal(err)
 	}
-	fmt.Println(string(body))
+	// fmt.Printf("%s\n", bodyText)
 
 	var results []sourcePackageCve
-	err = json.Unmarshal(body, &results)
+	err = json.Unmarshal(bodyText, &results)
 
 	if err != nil {
 		panic(err)

diff --git a/test-data/etc-os-release.txt b/test-data/etc-os-release.txt
@@ -0,0 +1,11 @@
+ID=gardenlinux
+NAME="Garden Linux"
+PRETTY_NAME="Garden Linux 1624.0"
+HOME_URL="https://gardenlinux.io"
+SUPPORT_URL="https://github.com/gardenlinux/gardenlinux"
+BUG_REPORT_URL="https://github.com/gardenlinux/gardenlinux/issues"
+GARDENLINUX_CNAME=container-arm64-1624.0
+GARDENLINUX_FEATURES=_slim,base,container
+GARDENLINUX_VERSION=1624.0
+GARDENLINUX_COMMIT_ID=f269ecdf
+GARDENLINUX_COMMIT_ID_LONG=f269ecdf9e0bc0f48f6fde3aeed60786e13dded5