hardcode OpenShift CPEs

Author: RTann

pkg/cpeutils/utils.go

@@ -10,7 +10,7 @@ import (
 )
 
 // Note: this must be updated with each new OpenShift release.
-const maxKnownOpenShift4MinorVersion = 17
+const maxKnownOpenShift4MinorVersion = 20
 
 // *** START Regex-related consts/vars. ***
 
@@ -71,17 +71,11 @@ func GetAllOpenShift4CPEs(cpe string) ([]string, error) {
 		return nil, errors.Errorf("CPE %s does not match an expected OpenShift 4 CPE format", cpe)
 	}
 
+	// We do *not* use the explicit given minor version due to issues with the OVAL data
+	// (see https://issues.redhat.com/browse/SECDATA-869 for more information).
+	// We just use an arbitrarily high version to ensure it works more consistently.
 	maxMinorVersion := maxKnownOpenShift4MinorVersion
 
-	// If an explicit minor version is given, assume it is the highest maximum version.
-	if match[minorVersionIdx] != "" {
-		var err error
-		maxMinorVersion, err = strconv.Atoi(match[minorVersionIdx])
-		if err != nil {
-			return nil, err
-		}
-	}
-
 	openshiftVersion := match[openshiftVersionIdx]
 	cpes := make([]string, 0, maxMinorVersion)
 	for i := 0; i <= maxMinorVersion; i++ {

pkg/cpeutils/utils_test.go

@@ -27,6 +27,14 @@ func TestGetAllOpenShift4CPEs(t *testing.T) {
 				"cpe:/a:redhat:openshift:4.10",
 				"cpe:/a:redhat:openshift:4.11",
 				"cpe:/a:redhat:openshift:4.12",
+				"cpe:/a:redhat:openshift:4.13",
+				"cpe:/a:redhat:openshift:4.14",
+				"cpe:/a:redhat:openshift:4.15",
+				"cpe:/a:redhat:openshift:4.16",
+				"cpe:/a:redhat:openshift:4.17",
+				"cpe:/a:redhat:openshift:4.18",
+				"cpe:/a:redhat:openshift:4.19",
+				"cpe:/a:redhat:openshift:4.20",
 			},
 		},
 		{
@@ -45,6 +53,14 @@ func TestGetAllOpenShift4CPEs(t *testing.T) {
 				"cpe:/a:redhat:openshift:4.10::el8",
 				"cpe:/a:redhat:openshift:4.11::el8",
 				"cpe:/a:redhat:openshift:4.12::el8",
+				"cpe:/a:redhat:openshift:4.13::el8",
+				"cpe:/a:redhat:openshift:4.14::el8",
+				"cpe:/a:redhat:openshift:4.15::el8",
+				"cpe:/a:redhat:openshift:4.16::el8",
+				"cpe:/a:redhat:openshift:4.17::el8",
+				"cpe:/a:redhat:openshift:4.18::el8",
+				"cpe:/a:redhat:openshift:4.19::el8",
+				"cpe:/a:redhat:openshift:4.20::el8",
 			},
 		},
 		{
@@ -64,6 +80,13 @@ func TestGetAllOpenShift4CPEs(t *testing.T) {
 				"cpe:/a:redhat:openshift:4.11::el9",
 				"cpe:/a:redhat:openshift:4.12::el9",
 				"cpe:/a:redhat:openshift:4.13::el9",
+				"cpe:/a:redhat:openshift:4.14::el9",
+				"cpe:/a:redhat:openshift:4.15::el9",
+				"cpe:/a:redhat:openshift:4.16::el9",
+				"cpe:/a:redhat:openshift:4.17::el9",
+				"cpe:/a:redhat:openshift:4.18::el9",
+				"cpe:/a:redhat:openshift:4.19::el9",
+				"cpe:/a:redhat:openshift:4.20::el9",
 			},
 		},
 		{
@@ -87,6 +110,9 @@ func TestGetAllOpenShift4CPEs(t *testing.T) {
 				"cpe:/a:redhat:openshift:4.15",
 				"cpe:/a:redhat:openshift:4.16",
 				"cpe:/a:redhat:openshift:4.17",
+				"cpe:/a:redhat:openshift:4.18",
+				"cpe:/a:redhat:openshift:4.19",
+				"cpe:/a:redhat:openshift:4.20",
 			},
 		},
 		{
@@ -110,6 +136,9 @@ func TestGetAllOpenShift4CPEs(t *testing.T) {
 				"cpe:/a:redhat:openshift:4.15::el8",
 				"cpe:/a:redhat:openshift:4.16::el8",
 				"cpe:/a:redhat:openshift:4.17::el8",
+				"cpe:/a:redhat:openshift:4.18::el8",
+				"cpe:/a:redhat:openshift:4.19::el8",
+				"cpe:/a:redhat:openshift:4.20::el8",
 			},
 		},
 		{
@@ -133,6 +162,9 @@ func TestGetAllOpenShift4CPEs(t *testing.T) {
 				"cpe:/a:redhat:openshift:4.15::el9",
 				"cpe:/a:redhat:openshift:4.16::el9",
 				"cpe:/a:redhat:openshift:4.17::el9",
+				"cpe:/a:redhat:openshift:4.18::el9",
+				"cpe:/a:redhat:openshift:4.19::el9",
+				"cpe:/a:redhat:openshift:4.20::el9",
 			},
 		},
 		{
@@ -150,6 +182,15 @@ func TestGetAllOpenShift4CPEs(t *testing.T) {
 				"cpe:/a:redhat:openshift:4.9::el7",
 				"cpe:/a:redhat:openshift:4.10::el7",
 				"cpe:/a:redhat:openshift:4.11::el7",
+				"cpe:/a:redhat:openshift:4.12::el7",
+				"cpe:/a:redhat:openshift:4.13::el7",
+				"cpe:/a:redhat:openshift:4.14::el7",
+				"cpe:/a:redhat:openshift:4.15::el7",
+				"cpe:/a:redhat:openshift:4.16::el7",
+				"cpe:/a:redhat:openshift:4.17::el7",
+				"cpe:/a:redhat:openshift:4.18::el7",
+				"cpe:/a:redhat:openshift:4.19::el7",
+				"cpe:/a:redhat:openshift:4.20::el7",
 			},
 		},
 	}