in providers/redhat/package_feed.go [44:86]
func (feed *Feed) packageFeed() packageFeed {
if feed.pkg2CVE != nil {
return feed.pkg2CVE
}
pkgFeed := packageFeed{}
for _, cve := range feed.Data {
var pkgs []string
// 1. look at AffectedRelease.
for _, ar := range cve.AffectedRelease {
if ar.Package == "" {
continue
}
// Failing to parse a package isn't fatal, but we want to surface the error
rpmPkg, err := rpm.Parse(ar.Package)
if err != nil {
flog.Errorf("feed: failed to parse package: %q", ar.Package)
continue
}
pkgs = addPackage(pkgs, rpmPkg.Name)
}
// 2. look at PackageState.
for _, ps := range cve.PackageState {
if ps.PackageName == "" {
continue
}
pkgs = addPackage(pkgs, ps.PackageName)
}
for _, pkg := range pkgs {
pkgFeed[pkg] = append(pkgFeed[pkg], cve)
}
}
feed.pkg2CVE = pkgFeed
return pkgFeed
}