rpm: add common version comparison function

Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Change-Id: I5f1f740f42b9ef6a8184a73873dbed56aebb5f6d




JJ: See-Also: CLAIRDEV-NNNN
JJ: Closes: #NNNN

Author: hdonnay

internal/rpm/matcher.go

@@ -0,0 +1,47 @@
+package rpm
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/quay/claircore"
+	"github.com/quay/claircore/internal/rpmver"
+)
+
+// MatchVulnerable is a function implementing "driver.Matcher.Vulnerable"
+// in a common way.
+//
+// Given a package version "P" and vulnerability "V":
+//
+//   - If a fixed version "F" is specified in "V", "P < F" is reported.
+//   - If a package version "F" is specified in "V", "P <= F" is reported.
+//   - If no version is provided in "V", this function compares against an
+//     "infinite" version.
+//
+// In addition to this version comparison, the architectures are compared.
+func MatchVulnerable(ctx context.Context, rec *claircore.IndexRecord, vuln *claircore.Vulnerability) (bool, error) {
+	p, err := rpmver.Parse(rec.Package.Version)
+	if err != nil {
+		return false, fmt.Errorf("rpm: unable to parse package version: %w", err)
+	}
+
+	var v rpmver.Version
+	cmp := isLTE
+	switch {
+	case vuln.FixedInVersion != "":
+		v, err = rpmver.Parse(vuln.FixedInVersion)
+		cmp = isLT
+	case vuln.Package.Version != "":
+		v, err = rpmver.Parse(vuln.Package.Version)
+	default:
+		v, err = rpmver.Parse("65535:65535-65535")
+	}
+	if err != nil {
+		return false, fmt.Errorf("rpm: unable to parse vulnerability version: %w", err)
+	}
+
+	return cmp(rpmver.Compare(&p, &v)) && vuln.ArchOperation.Cmp(rec.Package.Arch, vuln.Package.Arch), nil
+}
+
+func isLTE(cmp int) bool { return cmp != 1 }
+func isLT(cmp int) bool  { return cmp == -1 }

internal/rpm/matcher_test.go

@@ -0,0 +1,80 @@
+package rpm
+
+import (
+	"errors"
+	"testing"
+
+	"github.com/quay/claircore"
+	"github.com/quay/claircore/internal/rpmver"
+)
+
+func TestMatchVulnerable(t *testing.T) {
+	record := func(v string) *claircore.IndexRecord {
+		return &claircore.IndexRecord{Package: &claircore.Package{Version: v, Arch: "x86_64"}}
+	}
+	tcs := []struct {
+		Name          string
+		Record        *claircore.IndexRecord
+		Vulnerability *claircore.Vulnerability
+		Want          bool
+		Err           error
+	}{
+		{
+			Name:          "Infinite",
+			Record:        record("0:1.2.3-4"),
+			Vulnerability: &claircore.Vulnerability{Package: new(claircore.Package)},
+			Want:          true,
+		},
+		{
+			Name:   "InfiniteWrongArch",
+			Record: record("0:1.2.3-4"),
+			Vulnerability: &claircore.Vulnerability{
+				Package:       &claircore.Package{Arch: "aarch64"},
+				ArchOperation: claircore.OpEquals,
+			},
+			Want: false,
+		},
+		{
+			Name:   "BadRecordVersion",
+			Record: record("1.2.3"), // Not an EVR
+			Err:    rpmver.ErrParse,
+		},
+		{
+			Name:   "BadVulnerabilityVersion",
+			Record: record("1.2.3-4"),
+			Vulnerability: &claircore.Vulnerability{
+				FixedInVersion: "2.0",
+			},
+			Err: rpmver.ErrParse,
+		},
+		{
+			Name:   "FixedIn",
+			Record: record("1.2.3-4"),
+			Vulnerability: &claircore.Vulnerability{
+				FixedInVersion: "1.2.3-4",
+			},
+			Want: false,
+		},
+		{
+			Name:   "Package",
+			Record: record("1.2.3-4"),
+			Vulnerability: &claircore.Vulnerability{
+				Package: &claircore.Package{Version: "1.2.3-4"},
+			},
+			Want: true,
+		},
+	}
+
+	for _, tc := range tcs {
+		t.Run(tc.Name, func(t *testing.T) {
+			ctx := t.Context()
+			got, err := MatchVulnerable(ctx, tc.Record, tc.Vulnerability)
+			if !errors.Is(err, tc.Err) {
+				t.Errorf("unexpected error: %v", err)
+			}
+			if got != tc.Want {
+				t.Errorf("got: %v, want: %v", got, tc.Want)
+			}
+		})
+	}
+}