build(redhat): use vuln-list-redhat (#319)

Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>

.github/workflows/cron.yml

@@ -5,6 +5,7 @@ on:
     - cron: '0 */6 * * *'
   workflow_dispatch:
 env:
+  REPO_OWNER: ${{ github.repository_owner }} # used in 'make db-build'
   GH_USER: aqua-bot
   VERSION: 2
 jobs:

Makefile

@@ -3,6 +3,10 @@ LDFLAGS=-ldflags "-s -w"
 GOPATH=$(shell go env GOPATH)
 GOBIN=$(GOPATH)/bin
 
+ifndef REPO_OWNER
+    REPO_OWNER=aquasecurity
+endif
+
 u := $(if $(update),-u)
 
 $(GOBIN)/wire:
@@ -85,4 +89,6 @@ db-clean:
 .PHONY: db-fetch-vuln-list
 db-fetch-vuln-list:
 	mkdir -p cache/vuln-list
-	wget -qO - https://github.com/aquasecurity/vuln-list/archive/main.tar.gz | tar xz -C cache/vuln-list --strip-components=1
+	wget -qO - https://github.com/$(REPO_OWNER)/vuln-list/archive/main.tar.gz | tar xz -C cache/vuln-list --strip-components=1
+	mkdir -p cache/vuln-list-redhat
+	wget -qO - https://github.com/$(REPO_OWNER)/vuln-list-redhat/archive/main.tar.gz | tar xz -C cache/vuln-list-redhat --strip-components=1

pkg/vulnsrc/redhat-oval/redhat-oval.go

@@ -28,7 +28,9 @@ const (
 )
 
 var (
-	redhatDir = filepath.Join("oval", "redhat")
+	ovalDir     = "oval"
+	cpeDir      = "cpe"
+	vulnListDir = "vuln-list-redhat"
 
 	moduleRegexp = regexp.MustCompile(`Module\s+(.*)\s+is enabled`)
 
@@ -67,7 +69,7 @@ func (vs VulnSrc) Update(dir string) error {
 	}
 
 	// List version directories
-	rootDir := filepath.Join(dir, "vuln-list", redhatDir)
+	rootDir := filepath.Join(dir, vulnListDir, ovalDir)
 	versions, err := os.ReadDir(rootDir)
 	if err != nil {
 		return xerrors.Errorf("unable to list directory entries (%s): %w", rootDir, err)
@@ -103,7 +105,7 @@ func (vs VulnSrc) Update(dir string) error {
 }
 
 func (vs VulnSrc) parseRepositoryCpeMapping(dir string, uniqCPEs CPEMap) (map[string][]string, error) {
-	filePath := filepath.Join(dir, "vuln-list", "redhat-cpe", "repository-to-cpe.json")
+	filePath := filepath.Join(dir, vulnListDir, cpeDir, "repository-to-cpe.json")
 	f, err := os.Open(filePath)
 	if err != nil {
 		return nil, xerrors.Errorf("file open error: %w", err)
@@ -123,7 +125,7 @@ func (vs VulnSrc) parseRepositoryCpeMapping(dir string, uniqCPEs CPEMap) (map[st
 }
 
 func (vs VulnSrc) parseNvrCpeMapping(dir string, uniqCPEs CPEMap) (map[string][]string, error) {
-	filePath := filepath.Join(dir, "vuln-list", "redhat-cpe", "nvr-to-cpe.json")
+	filePath := filepath.Join(dir, vulnListDir, cpeDir, "nvr-to-cpe.json")
 	f, err := os.Open(filePath)
 	if err != nil {
 		return nil, xerrors.Errorf("file open error: %w", err)

pkg/vulnsrc/redhat/redhat.go

@@ -21,7 +21,8 @@ import (
 )
 
 const (
-	redhatDir = "redhat"
+	vulnListDir = "vuln-list-redhat"
+	apiDir      = "api"
 
 	resourceURL = "https://access.redhat.com/security/cve/%s"
 )
@@ -41,7 +42,7 @@ func (vs VulnSrc) Name() types.SourceID {
 }
 
 func (vs VulnSrc) Update(dir string) error {
-	rootDir := filepath.Join(dir, "vuln-list", redhatDir)
+	rootDir := filepath.Join(dir, vulnListDir, apiDir)
 
 	var cves []RedhatCVE
 	err := utils.FileWalk(rootDir, func(r io.Reader, _ string) error {