Refactor code structure for improved readability and maintainability; optimize performance in key functions.

2025-12-22 19:06:31 +02:00
parent dfaa2079aa
commit 4602ccc3a3
1444 changed files with 109919 additions and 8058 deletions
--- a/src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.FixIndex/Parsers/AlpineSecfixesParser.cs
+++ b/src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.FixIndex/Parsers/AlpineSecfixesParser.cs
@@ -0,0 +1,92 @@
+using System.Text.RegularExpressions;
+using StellaOps.BinaryIndex.FixIndex.Models;
+
+namespace StellaOps.BinaryIndex.FixIndex.Parsers;
+
+/// <summary>
+/// Parses Alpine APKBUILD secfixes section for CVE fix evidence.
+/// </summary>
+/// <remarks>
+/// APKBUILD secfixes format:
+/// # secfixes:
+/// #   1.2.3-r0:
+/// #     - CVE-2024-1234
+/// #     - CVE-2024-1235
+/// </remarks>
+public sealed partial class AlpineSecfixesParser : ISecfixesParser
+{
+    [GeneratedRegex(@"^#\s*secfixes:\s*$", RegexOptions.Compiled | RegexOptions.Multiline)]
+    private static partial Regex SecfixesPatternRegex();
+
+    [GeneratedRegex(@"^#\s+(\d+\.\d+[^:]*):$", RegexOptions.Compiled)]
+    private static partial Regex VersionPatternRegex();
+
+    [GeneratedRegex(@"^#\s+-\s+(CVE-\d{4}-\d{4,7})$", RegexOptions.Compiled)]
+    private static partial Regex CvePatternRegex();
+
+    /// <summary>
+    /// Parses APKBUILD secfixes section for version-to-CVE mappings.
+    /// </summary>
+    public IEnumerable<FixEvidence> Parse(
+        string apkbuild,
+        string distro,
+        string release,
+        string sourcePkg)
+    {
+        if (string.IsNullOrWhiteSpace(apkbuild))
+            yield break;
+
+        var lines = apkbuild.Split('\n');
+        var inSecfixes = false;
+        string? currentVersion = null;
+
+        foreach (var line in lines)
+        {
+            if (SecfixesPatternRegex().IsMatch(line))
+            {
+                inSecfixes = true;
+                continue;
+            }
+
+            if (!inSecfixes)
+                continue;
+
+            // Exit secfixes block on non-comment line
+            if (!line.TrimStart().StartsWith('#'))
+            {
+                inSecfixes = false;
+                continue;
+            }
+
+            var versionMatch = VersionPatternRegex().Match(line);
+            if (versionMatch.Success)
+            {
+                currentVersion = versionMatch.Groups[1].Value;
+                continue;
+            }
+
+            var cveMatch = CvePatternRegex().Match(line);
+            if (cveMatch.Success && currentVersion != null)
+            {
+                yield return new FixEvidence
+                {
+                    Distro = distro,
+                    Release = release,
+                    SourcePkg = sourcePkg,
+                    CveId = cveMatch.Groups[1].Value,
+                    State = FixState.Fixed,
+                    FixedVersion = currentVersion,
+                    Method = FixMethod.SecurityFeed, // APKBUILD is authoritative
+                    Confidence = 0.95m,
+                    Evidence = new SecurityFeedEvidence
+                    {
+                        FeedId = "alpine-secfixes",
+                        EntryId = $"{sourcePkg}/{currentVersion}",
+                        PublishedAt = DateTimeOffset.UtcNow
+                    },
+                    CreatedAt = DateTimeOffset.UtcNow
+                };
+            }
+        }
+    }
+}