Skip to content

Commit

Permalink
hardcode OpenShift CPEs (#1795)
Browse files Browse the repository at this point in the history
  • Loading branch information
@RTann
RTann authored Feb 10, 2025
1 parent dc6a197 commit 4a14f82
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 10 deletions.
14 changes: 4 additions & 10 deletions pkg/cpeutils/utils.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import (
)

// Note: this must be updated with each new OpenShift release.
const maxKnownOpenShift4MinorVersion = 17
const maxKnownOpenShift4MinorVersion = 20

// *** START Regex-related consts/vars. ***

Expand Down Expand Up @@ -71,17 +71,11 @@ func GetAllOpenShift4CPEs(cpe string) ([]string, error) {
return nil, errors.Errorf("CPE %s does not match an expected OpenShift 4 CPE format", cpe)
}

// We do *not* use the explicit given minor version due to issues with the OVAL data
// (see https://issues.redhat.com/browse/SECDATA-869 for more information).
// We just use an arbitrarily high version to ensure it works more consistently.
maxMinorVersion := maxKnownOpenShift4MinorVersion

// If an explicit minor version is given, assume it is the highest maximum version.
if match[minorVersionIdx] != "" {
var err error
maxMinorVersion, err = strconv.Atoi(match[minorVersionIdx])
if err != nil {
return nil, err
}
}

openshiftVersion := match[openshiftVersionIdx]
cpes := make([]string, 0, maxMinorVersion)
for i := 0; i <= maxMinorVersion; i++ {
Expand Down
41 changes: 41 additions & 0 deletions pkg/cpeutils/utils_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,14 @@ func TestGetAllOpenShift4CPEs(t *testing.T) {
"cpe:/a:redhat:openshift:4.10",
"cpe:/a:redhat:openshift:4.11",
"cpe:/a:redhat:openshift:4.12",
"cpe:/a:redhat:openshift:4.13",
"cpe:/a:redhat:openshift:4.14",
"cpe:/a:redhat:openshift:4.15",
"cpe:/a:redhat:openshift:4.16",
"cpe:/a:redhat:openshift:4.17",
"cpe:/a:redhat:openshift:4.18",
"cpe:/a:redhat:openshift:4.19",
"cpe:/a:redhat:openshift:4.20",
},
},
{
Expand All @@ -45,6 +53,14 @@ func TestGetAllOpenShift4CPEs(t *testing.T) {
"cpe:/a:redhat:openshift:4.10::el8",
"cpe:/a:redhat:openshift:4.11::el8",
"cpe:/a:redhat:openshift:4.12::el8",
"cpe:/a:redhat:openshift:4.13::el8",
"cpe:/a:redhat:openshift:4.14::el8",
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.16::el8",
"cpe:/a:redhat:openshift:4.17::el8",
"cpe:/a:redhat:openshift:4.18::el8",
"cpe:/a:redhat:openshift:4.19::el8",
"cpe:/a:redhat:openshift:4.20::el8",
},
},
{
Expand All @@ -64,6 +80,13 @@ func TestGetAllOpenShift4CPEs(t *testing.T) {
"cpe:/a:redhat:openshift:4.11::el9",
"cpe:/a:redhat:openshift:4.12::el9",
"cpe:/a:redhat:openshift:4.13::el9",
"cpe:/a:redhat:openshift:4.14::el9",
"cpe:/a:redhat:openshift:4.15::el9",
"cpe:/a:redhat:openshift:4.16::el9",
"cpe:/a:redhat:openshift:4.17::el9",
"cpe:/a:redhat:openshift:4.18::el9",
"cpe:/a:redhat:openshift:4.19::el9",
"cpe:/a:redhat:openshift:4.20::el9",
},
},
{
Expand All @@ -87,6 +110,9 @@ func TestGetAllOpenShift4CPEs(t *testing.T) {
"cpe:/a:redhat:openshift:4.15",
"cpe:/a:redhat:openshift:4.16",
"cpe:/a:redhat:openshift:4.17",
"cpe:/a:redhat:openshift:4.18",
"cpe:/a:redhat:openshift:4.19",
"cpe:/a:redhat:openshift:4.20",
},
},
{
Expand All @@ -110,6 +136,9 @@ func TestGetAllOpenShift4CPEs(t *testing.T) {
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.16::el8",
"cpe:/a:redhat:openshift:4.17::el8",
"cpe:/a:redhat:openshift:4.18::el8",
"cpe:/a:redhat:openshift:4.19::el8",
"cpe:/a:redhat:openshift:4.20::el8",
},
},
{
Expand All @@ -133,6 +162,9 @@ func TestGetAllOpenShift4CPEs(t *testing.T) {
"cpe:/a:redhat:openshift:4.15::el9",
"cpe:/a:redhat:openshift:4.16::el9",
"cpe:/a:redhat:openshift:4.17::el9",
"cpe:/a:redhat:openshift:4.18::el9",
"cpe:/a:redhat:openshift:4.19::el9",
"cpe:/a:redhat:openshift:4.20::el9",
},
},
{
Expand All @@ -150,6 +182,15 @@ func TestGetAllOpenShift4CPEs(t *testing.T) {
"cpe:/a:redhat:openshift:4.9::el7",
"cpe:/a:redhat:openshift:4.10::el7",
"cpe:/a:redhat:openshift:4.11::el7",
"cpe:/a:redhat:openshift:4.12::el7",
"cpe:/a:redhat:openshift:4.13::el7",
"cpe:/a:redhat:openshift:4.14::el7",
"cpe:/a:redhat:openshift:4.15::el7",
"cpe:/a:redhat:openshift:4.16::el7",
"cpe:/a:redhat:openshift:4.17::el7",
"cpe:/a:redhat:openshift:4.18::el7",
"cpe:/a:redhat:openshift:4.19::el7",
"cpe:/a:redhat:openshift:4.20::el7",
},
},
}
Expand Down

0 comments on commit 4a14f82

Please sign in to comment.