func parse34YAML(r io.Reader) (vulns []database.Vulnerability, err error) {
var rBytes []byte
rBytes, err = ioutil.ReadAll(r)
if err != nil {
return
}
var file secdb34File
err = yaml.Unmarshal(rBytes, &file)
if err != nil {
return
}
for _, pack := range file.Packages {
pkg := pack.Pkg
for versionStr, vulnStrs := range pkg.Fixes {
version, err := types.NewVersion(versionStr)
if err != nil {
log.Warningf("could not parse package version '%s': %s. skipping", versionStr, err.Error())
continue
}
for _, vulnStr := range vulnStrs {
var vuln database.Vulnerability
vuln.Severity = types.Unknown
vuln.Name = vulnStr
vuln.Link = nvdURLPrefix + vulnStr
vuln.FixedIn = []database.FeatureVersion{
{
Feature: database.Feature{
Namespace: database.Namespace{Name: "alpine:" + file.Distro},
Name: pkg.Name,
},
Version: version,
},
}
vulns = append(vulns, vuln)
}
}
}
return
}
