epss: added shared constants

Signed-off-by: daynewlee <[email protected]>
quay · Dec 2, 2024 · 271a0e0 · 271a0e0
1 parent 0383991
commit 271a0e0
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 19 deletions.
diff --git a/enricher/constants.go b/enricher/constants.go
@@ -0,0 +1,10 @@
+package enricher
+
+import "regexp"
+
+// This is a slightly more relaxed version of the validation pattern in the NVD
+// JSON schema: https://csrc.nist.gov/schema/nvd/feed/1.1/CVE_JSON_4.0_min_1.1.schema
+//
+// It allows for "CVE" to be case insensitive and for dashes and underscores
+// between the different segments.
+var CVERegexp = regexp.MustCompile(`(?i:cve)[-_][0-9]{4}[-_][0-9]{4,}`)
diff --git a/enricher/cvss/cvss.go b/enricher/cvss/cvss.go
@@ -11,14 +11,14 @@ import (
 	"io"
 	"net/http"
 	"net/url"
-	"regexp"
 	"sort"
 	"strings"
 	"time"
 
 	"github.com/quay/zlog"
 
 	"github.com/quay/claircore"
+	"github.com/quay/claircore/enricher"
 	"github.com/quay/claircore/libvuln/driver"
 	"github.com/quay/claircore/pkg/tmp"
 )
@@ -253,13 +253,6 @@ func (e *Enricher) ParseEnrichment(ctx context.Context, rc io.ReadCloser) ([]dri
 	return ret, nil
 }
 
-// This is a slightly more relaxed version of the validation pattern in the NVD
-// JSON schema: https://csrc.nist.gov/schema/nvd/feed/1.1/CVE_JSON_4.0_min_1.1.schema
-//
-// It allows for "CVE" to be case insensitive and for dashes and underscores
-// between the different segments.
-var cveRegexp = regexp.MustCompile(`(?i:cve)[-_][0-9]{4}[-_][0-9]{4,}`)
-
 // Enrich implements driver.Enricher.
 func (e *Enricher) Enrich(ctx context.Context, g driver.EnrichmentGetter, r *claircore.VulnerabilityReport) (string, []json.RawMessage, error) {
 	ctx = zlog.ContextWithValues(ctx, "component", "enricher/cvss/Enricher/Enrich")
@@ -278,7 +271,7 @@ func (e *Enricher) Enrich(ctx context.Context, g driver.EnrichmentGetter, r *cla
 			v.Name,
 			v.Links,
 		} {
-			for _, m := range cveRegexp.FindAllString(elem, -1) {
+			for _, m := range enricher.CVERegexp.FindAllString(elem, -1) {
 				t[m] = struct{}{}
 			}
 		}

diff --git a/enricher/epss/epss.go b/enricher/epss/epss.go
@@ -11,13 +11,13 @@ import (
 	"net/http"
 	"net/url"
 	"path"
-	"regexp"
 	"sort"
 	"strconv"
 	"strings"
 	"time"
 
 	"github.com/quay/claircore"
+	"github.com/quay/claircore/enricher"
 	"github.com/quay/claircore/libvuln/driver"
 	"github.com/quay/claircore/pkg/tmp"
 	"github.com/quay/zlog"
@@ -36,13 +36,6 @@ type EPSSItem struct {
 	Percentile   float64 `json:"percentile"`
 }
 
-// This is a slightly more relaxed version of the validation pattern in the NVD
-// JSON schema: https://csrc.nist.gov/schema/nvd/feed/1.1/CVE_JSON_4.0_min_1.1.schema
-//
-// It allows for "CVE" to be case insensitive and for dashes and underscores
-// between the different segments.
-var cveRegexp = regexp.MustCompile(`(?i:cve)[-_][0-9]{4}[-_][0-9]{4,}`)
-
 const (
 	// Type is the type of data returned from the Enricher's Enrich method.
 	Type = `message/vnd.clair.map.vulnerability; enricher=clair.epss schema=https://csrc.nist.gov/schema/nvd/feed/1.1/cvss-v3.x.json`
@@ -167,7 +160,7 @@ func (e *Enricher) FetchEnrichment(ctx context.Context, prevFingerprint driver.F
 	// assume metadata is always in the first line
 	record, err := csvReader.Read()
 	if err != nil {
-		return nil, "", fmt.Errorf("failed to read metadata line: %w", err)
+		return nil, "", fmt.Errorf("unable to read metadata line: %w", err)
 	}
 
 	var modelVersion, date string
@@ -309,7 +302,7 @@ func (e *Enricher) Enrich(ctx context.Context, g driver.EnrichmentGetter, r *cla
 				continue
 			}
 
-			matches := cveRegexp.FindAllString(elem, -1)
+			matches := enricher.CVERegexp.FindAllString(elem, -1)
 			if len(matches) == 0 {
 				zlog.Debug(ctx).Str("element", elem).Msg("no CVEs found in element")
 				continue