From 4d919c3b2af2f9029baca037b6ae06bb3a2e52ec Mon Sep 17 00:00:00 2001
From: MaineK00n <mainek00n.1229@gmail.com>
Date: Tue, 18 Jan 2022 22:45:06 +0900
Subject: [PATCH] feat(rocky): support Rocky Linux (#107)

---
 .github/workflows/update.yml                  |   4 +
 main.go                                       |   7 +
 rocky/rocky.go                                | 251 ++++++++++++++++++
 rocky/rocky_test.go                           |  74 ++++++
 rocky/testdata/fixtures/happy/repomd.xml      |  77 ++++++
 .../testdata/fixtures/happy/updateinfo.xml.gz | Bin 0 -> 2585 bytes
 .../fixtures/repomd_invalid/repomd.xml        |   3 +
 .../fixtures/updateinfo_invalid/repomd.xml    |  77 ++++++
 .../updateinfo_invalid/updateinfo.xml.gz      | Bin 0 -> 1380 bytes
 .../testdata/golden/2021/RLSA-2021:2575.json  |  65 +++++
 .../testdata/golden/2021/RLSA-2021:3057.json  | 191 +++++++++++++
 11 files changed, 749 insertions(+)
 create mode 100644 rocky/rocky.go
 create mode 100644 rocky/rocky_test.go
 create mode 100644 rocky/testdata/fixtures/happy/repomd.xml
 create mode 100644 rocky/testdata/fixtures/happy/updateinfo.xml.gz
 create mode 100644 rocky/testdata/fixtures/repomd_invalid/repomd.xml
 create mode 100644 rocky/testdata/fixtures/updateinfo_invalid/repomd.xml
 create mode 100644 rocky/testdata/fixtures/updateinfo_invalid/updateinfo.xml.gz
 create mode 100644 rocky/testdata/golden/2021/RLSA-2021:2575.json
 create mode 100644 rocky/testdata/golden/2021/RLSA-2021:3057.json

diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml
index 498f953..9fe9591 100644
--- a/.github/workflows/update.yml
+++ b/.github/workflows/update.yml
@@ -91,6 +91,10 @@ jobs:
       name: AlmaLinux Security Advisory
       run: ./vuln-list-update -target alma
 
+    - if: always()
+      name: Rocky Linux Security Advisory
+      run: ./vuln-list-update -target rocky
+
     - if: always()
       name: OSV Database
       run: ./vuln-list-update -target osv
diff --git a/main.go b/main.go
index 6308495..e61d7fb 100644
--- a/main.go
+++ b/main.go
@@ -31,6 +31,7 @@ import (
 	"github.com/aquasecurity/vuln-list-update/photon"
 	redhatoval "github.com/aquasecurity/vuln-list-update/redhat/oval"
 	"github.com/aquasecurity/vuln-list-update/redhat/securitydataapi"
+	"github.com/aquasecurity/vuln-list-update/rocky"
 	susecvrf "github.com/aquasecurity/vuln-list-update/suse/cvrf"
 	"github.com/aquasecurity/vuln-list-update/ubuntu"
 	"github.com/aquasecurity/vuln-list-update/utils"
@@ -195,6 +196,12 @@ func run() error {
 			return xerrors.Errorf("AlmaLinux update error: %w", err)
 		}
 		commitMsg = "AlmaLinux Security Advisory"
+	case "rocky":
+		rc := rocky.NewConfig()
+		if err := rc.Update(); err != nil {
+			return xerrors.Errorf("Rocky Linux update error: %w", err)
+		}
+		commitMsg = "Rocky Linux Security Advisory"
 	case "osv":
 		p := osv.NewOsv()
 		if err := p.Update(); err != nil {
diff --git a/rocky/rocky.go b/rocky/rocky.go
new file mode 100644
index 0000000..657219d
--- /dev/null
+++ b/rocky/rocky.go
@@ -0,0 +1,251 @@
+package rocky
+
+import (
+	"bytes"
+	"compress/gzip"
+	"encoding/xml"
+	"fmt"
+	"log"
+	"net/url"
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+
+	"github.com/aquasecurity/vuln-list-update/utils"
+	"github.com/cheggaaa/pb/v3"
+	"golang.org/x/xerrors"
+)
+
+const (
+	retry    = 3
+	rockyDir = "rocky"
+)
+
+var (
+	urlFormat       = "https://download.rockylinux.org/pub/rocky/%s/%s/%s/os/"
+	defaultReleases = []string{"8"}
+	defaultRepos    = []string{"BaseOS", "AppStream", "extras"}
+	defaultArches   = []string{"x86_64", "aarch64"}
+)
+
+// RepoMd has repomd data
+type RepoMd struct {
+	RepoList []Repo `xml:"data"`
+}
+
+// Repo has a repo data
+type Repo struct {
+	Type     string   `xml:"type,attr"`
+	Location Location `xml:"location"`
+}
+
+// Location has a location of repomd
+type Location struct {
+	Href string `xml:"href,attr"`
+}
+
+// UpdateInfo has a list
+type UpdateInfo struct {
+	RLSAList []RLSA `xml:"update"`
+}
+
+// RLSA has detailed data of RLSA
+type RLSA struct {
+	ID          string      `xml:"id" json:"id,omitempty"`
+	Title       string      `xml:"title" json:"title,omitempty"`
+	Issued      Date        `xml:"issued" json:"issued,omitempty"`
+	Updated     Date        `xml:"updated" json:"updated,omitempty"`
+	Severity    string      `xml:"severity" json:"severity,omitempty"`
+	Description string      `xml:"description" json:"description,omitempty"`
+	Packages    []Package   `xml:"pkglist>collection>package" json:"packages,omitempty"`
+	References  []Reference `xml:"references>reference" json:"references,omitempty"`
+	CveIDs      []string    `json:"cveids,omitempty"`
+}
+
+// Date has time information
+type Date struct {
+	Date string `xml:"date,attr" json:"date,omitempty"`
+}
+
+// Reference has reference information
+type Reference struct {
+	Href  string `xml:"href,attr" json:"href,omitempty"`
+	ID    string `xml:"id,attr" json:"id,omitempty"`
+	Title string `xml:"title,attr" json:"title,omitempty"`
+	Type  string `xml:"type,attr" json:"type,omitempty"`
+}
+
+// Package has affected package information
+type Package struct {
+	Name     string `xml:"name,attr" json:"name,omitempty"`
+	Epoch    string `xml:"epoch,attr" json:"epoch,omitempty"`
+	Version  string `xml:"version,attr" json:"version,omitempty"`
+	Release  string `xml:"release,attr" json:"release,omitempty"`
+	Arch     string `xml:"arch,attr" json:"arch,omitempty"`
+	Filename string `xml:"filename" json:"filename,omitempty"`
+}
+
+type options struct {
+	url      string
+	dir      string
+	retry    int
+	releases []string
+	repos    []string
+	arches   []string
+}
+
+type option func(*options)
+
+func With(url, dir string, retry int, releases, repos, arches []string) option {
+	return func(opts *options) {
+		opts.url = url
+		opts.dir = dir
+		opts.retry = retry
+		opts.releases = releases
+		opts.repos = repos
+		opts.arches = arches
+	}
+}
+
+type Config struct {
+	*options
+}
+
+func NewConfig(opts ...option) Config {
+	o := &options{
+		url:      urlFormat,
+		dir:      filepath.Join(utils.VulnListDir(), rockyDir),
+		retry:    retry,
+		releases: defaultReleases,
+		repos:    defaultRepos,
+		arches:   defaultArches,
+	}
+	for _, opt := range opts {
+		opt(o)
+	}
+
+	return Config{
+		options: o,
+	}
+}
+
+func (c Config) Update() error {
+	for _, release := range c.releases {
+		for _, repo := range c.repos {
+			for _, arch := range c.arches {
+				log.Printf("Fetching Rocky Linux %s %s %s data...", release, repo, arch)
+				if err := c.update(release, repo, arch); err != nil {
+					return xerrors.Errorf("failed to update security advisories of Rocky Linux %s %s %s: %w", release, repo, arch, err)
+				}
+			}
+		}
+	}
+	return nil
+}
+
+func (c Config) update(release, repo, arch string) error {
+	dirPath := filepath.Join(c.dir, release, repo, arch)
+	log.Printf("Remove Rocky Linux %s %s %s directory %s", release, repo, arch, dirPath)
+	if err := os.RemoveAll(dirPath); err != nil {
+		return xerrors.Errorf("failed to remove Rocky Linux %s %s %s directory: %w", release, repo, arch, err)
+	}
+	if err := os.MkdirAll(dirPath, os.ModePerm); err != nil {
+		return xerrors.Errorf("failed to mkdir: %w", err)
+	}
+
+	u, err := url.Parse(fmt.Sprintf(c.url, release, repo, arch))
+	if err != nil {
+		return xerrors.Errorf("failed to parse root url: %w", err)
+	}
+	rootPath := u.Path
+	u.Path = path.Join(rootPath, "repodata/repomd.xml")
+	updateInfoPath, err := c.fetchUpdateInfoPath(u.String())
+	if err != nil {
+		return xerrors.Errorf("failed to fetch updateInfo path from repomd.xml: %w", err)
+	}
+	u.Path = path.Join(rootPath, updateInfoPath)
+	uinfo, err := c.fetchUpdateInfo(u.String())
+	if err != nil {
+		return xerrors.Errorf("failed to fetch updateInfo: %w", err)
+	}
+
+	secErrata := map[string][]RLSA{}
+	for _, rlsa := range uinfo.RLSAList {
+		if !strings.HasPrefix(rlsa.ID, "RLSA-") {
+			continue
+		}
+		y := strings.Split(strings.TrimPrefix(rlsa.ID, "RLSA-"), ":")[0]
+		secErrata[y] = append(secErrata[y], rlsa)
+	}
+
+	for year, errata := range secErrata {
+		log.Printf("Write Errata for Rocky Linux %s %s %s %s", release, repo, arch, year)
+
+		if err := os.MkdirAll(filepath.Join(dirPath, year), os.ModePerm); err != nil {
+			return xerrors.Errorf("failed to mkdir: %w", err)
+		}
+
+		bar := pb.StartNew(len(errata))
+		for _, erratum := range errata {
+			jsonPath := filepath.Join(dirPath, year, fmt.Sprintf("%s.json", erratum.ID))
+			if err := utils.Write(jsonPath, erratum); err != nil {
+				return xerrors.Errorf("failed to write Rocky Linux CVE details: %w", err)
+			}
+			bar.Increment()
+		}
+		bar.Finish()
+	}
+
+	return nil
+}
+
+func (c Config) fetchUpdateInfoPath(repomdURL string) (updateInfoPath string, err error) {
+	res, err := utils.FetchURL(repomdURL, "", c.retry)
+	if err != nil {
+		return "", xerrors.Errorf("failed to fetch %s: %w", repomdURL, err)
+	}
+
+	var repoMd RepoMd
+	if err := xml.NewDecoder(bytes.NewBuffer(res)).Decode(&repoMd); err != nil {
+		return "", xerrors.Errorf("failed to decode repomd.xml: %w", err)
+	}
+
+	for _, repo := range repoMd.RepoList {
+		if repo.Type == "updateinfo" {
+			updateInfoPath = repo.Location.Href
+			break
+		}
+	}
+	if updateInfoPath == "" {
+		return "", xerrors.New("no updateinfo field in the repomd")
+	}
+	return updateInfoPath, nil
+}
+
+func (c Config) fetchUpdateInfo(url string) (*UpdateInfo, error) {
+	res, err := utils.FetchURL(url, "", c.retry)
+	if err != nil {
+		return nil, xerrors.Errorf("failed to fetch updateInfo: %w", err)
+	}
+	r, err := gzip.NewReader(bytes.NewBuffer(res))
+	if err != nil {
+		return nil, xerrors.Errorf("failed to decompress updateInfo: %w", err)
+	}
+	defer r.Close()
+
+	var updateInfo UpdateInfo
+	if err := xml.NewDecoder(r).Decode(&updateInfo); err != nil {
+		return nil, err
+	}
+	for i, alas := range updateInfo.RLSAList {
+		var cveIDs []string
+		for _, ref := range alas.References {
+			if ref.Type == "cve" {
+				cveIDs = append(cveIDs, ref.ID)
+			}
+		}
+		updateInfo.RLSAList[i].CveIDs = cveIDs
+	}
+	return &updateInfo, nil
+}
diff --git a/rocky/rocky_test.go b/rocky/rocky_test.go
new file mode 100644
index 0000000..219b7a0
--- /dev/null
+++ b/rocky/rocky_test.go
@@ -0,0 +1,74 @@
+package rocky_test
+
+import (
+	"errors"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/aquasecurity/vuln-list-update/rocky"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"golang.org/x/xerrors"
+)
+
+func Test_Update(t *testing.T) {
+	tests := []struct {
+		name          string
+		rootDir       string
+		expectedError error
+	}{
+		{
+			name:          "happy path",
+			rootDir:       "testdata/fixtures/happy",
+			expectedError: nil,
+		},
+		{
+			name:          "bad repomd response",
+			rootDir:       "testdata/fixtures/repomd_invalid",
+			expectedError: xerrors.Errorf("failed to update security advisories of Rocky Linux 8 BaseOS x86_64: %w", errors.New("failed to fetch updateInfo path from repomd.xml")),
+		},
+		{
+			name:          "bad updateInfo response",
+			rootDir:       "testdata/fixtures/updateinfo_invalid",
+			expectedError: xerrors.Errorf("failed to update security advisories of Rocky Linux 8 BaseOS x86_64: %w", errors.New("failed to fetch updateInfo")),
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			tsUpdateInfoURL := httptest.NewServer(http.StripPrefix("/pub/rocky/8/BaseOS/x86_64/os/repodata/", http.FileServer(http.Dir(tt.rootDir))))
+			defer tsUpdateInfoURL.Close()
+
+			dir := t.TempDir()
+			rc := rocky.NewConfig(rocky.With(tsUpdateInfoURL.URL+"/pub/rocky/%s/%s/%s/os/", dir, 0, []string{"8"}, []string{"BaseOS"}, []string{"x86_64"}))
+			if err := rc.Update(); tt.expectedError != nil {
+				require.Error(t, err)
+				assert.Contains(t, err.Error(), tt.expectedError.Error())
+				return
+			}
+
+			err := filepath.Walk(dir, func(path string, info os.FileInfo, errfp error) error {
+				if errfp != nil {
+					return errfp
+				}
+				if info.IsDir() {
+					return nil
+				}
+
+				dir, file := filepath.Split(path)
+				want, err := os.ReadFile(filepath.Join("testdata", "golden", filepath.Base(dir), file))
+				assert.NoError(t, err, "failed to open the golden file")
+
+				got, err := os.ReadFile(path)
+				assert.NoError(t, err, "failed to open the result file")
+
+				assert.JSONEq(t, string(want), string(got))
+
+				return nil
+			})
+			assert.Nil(t, err, "filepath walk error")
+		})
+	}
+}
diff --git a/rocky/testdata/fixtures/happy/repomd.xml b/rocky/testdata/fixtures/happy/repomd.xml
new file mode 100644
index 0000000..5e652e5
--- /dev/null
+++ b/rocky/testdata/fixtures/happy/repomd.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<repomd xmlns="http://linux.duke.edu/metadata/repo" xmlns:rpm="http://linux.duke.edu/metadata/rpm">
+  <revision>8.4</revision>
+  <tags>
+    <distro cpeid="cpe:/o:rocky:rocky:8">Rocky Linux 8</distro>
+  </tags>
+  <data type="primary">
+    <checksum type="sha256">9d25370cf8f2bdf046145fa51ef3d0229ecc6862cbe35281a70184cc39089f54</checksum>
+    <open-checksum type="sha256">554780b39c8a31f3b92eb2356f38099bd6135834c51542c8ffb889aa6d37c1a0</open-checksum>
+    <location href="repodata/9d25370cf8f2bdf046145fa51ef3d0229ecc6862cbe35281a70184cc39089f54-primary.xml.gz"/>
+    <timestamp>1632166291</timestamp>
+    <size>4136440</size>
+    <open-size>29944727</open-size>
+  </data>
+  <data type="filelists">
+    <checksum type="sha256">3f9875964fcb58abd0c3b88ae317450d124020d81e873f1db05c695e84fc1c3b</checksum>
+    <open-checksum type="sha256">483a4f0494e31ae0d100714ddae8eab680c408ff354979636d7bec849c1b6e4d</open-checksum>
+    <location href="repodata/3f9875964fcb58abd0c3b88ae317450d124020d81e873f1db05c695e84fc1c3b-filelists.xml.gz"/>
+    <timestamp>1632166291</timestamp>
+    <size>3284862</size>
+    <open-size>45704869</open-size>
+  </data>
+  <data type="other">
+    <checksum type="sha256">201204bd642f240caaa2d8cd8b8fcf0bf0071fdf7ba67c68b79c209163995057</checksum>
+    <open-checksum type="sha256">ab9351e393e2f08997754411263a7b51114209668d453a62ad998981789c091d</open-checksum>
+    <location href="repodata/201204bd642f240caaa2d8cd8b8fcf0bf0071fdf7ba67c68b79c209163995057-other.xml.gz"/>
+    <timestamp>1632166291</timestamp>
+    <size>621783</size>
+    <open-size>6152523</open-size>
+  </data>
+  <data type="primary_db">
+    <checksum type="sha256">2e35bd95b02d3bf3d99b82f3bbb6b0381f55b671226771d9d7db975b5d0f205b</checksum>
+    <open-checksum type="sha256">b1af8fb023566905067e07bfcffed71ce73ebc6e4ed0af2a010ac7ea6bbfbefa</open-checksum>
+    <location href="repodata/2e35bd95b02d3bf3d99b82f3bbb6b0381f55b671226771d9d7db975b5d0f205b-primary.sqlite.xz"/>
+    <timestamp>1632166306</timestamp>
+    <size>3599636</size>
+    <open-size>34222080</open-size>
+  </data>
+  <data type="filelists_db">
+    <checksum type="sha256">06510a9c700387c4c670654f6440386d6e91e0628116492a4a38228f67ec4d61</checksum>
+    <open-checksum type="sha256">19df9e2e5a6e66214ddf95569d50ce1c73cfed99c109e453b043a68b8609fd95</open-checksum>
+    <location href="repodata/06510a9c700387c4c670654f6440386d6e91e0628116492a4a38228f67ec4d61-filelists.sqlite.xz"/>
+    <timestamp>1632166298</timestamp>
+    <size>2665240</size>
+    <open-size>24879104</open-size>
+  </data>
+  <data type="other_db">
+    <checksum type="sha256">dddb998b6aca861c3b0724e13ee6f99a74e516b659299ec47c682a08f414cf25</checksum>
+    <open-checksum type="sha256">46d0a6ae8562e93c729361fa1b28ccf10d26bed3d9d2ff1e464ff807b6201688</open-checksum>
+    <location href="repodata/dddb998b6aca861c3b0724e13ee6f99a74e516b659299ec47c682a08f414cf25-other.sqlite.xz"/>
+    <timestamp>1632166293</timestamp>
+    <size>423132</size>
+    <open-size>6062080</open-size>
+  </data>
+  <data type="group">
+    <checksum type="sha256">5eedac6f334681aa51e154d77025db287c33ce1491b14368be9b477ff8208152</checksum>
+    <location href="repodata/5eedac6f334681aa51e154d77025db287c33ce1491b14368be9b477ff8208152-comps-BaseOS.x86_64.xml"/>
+    <timestamp>1632166276</timestamp>
+    <size>297208</size>
+  </data>
+  <data type="group_xz">
+    <checksum type="sha256">32e04847f7cc2872db5ac9e92ea540ef2a7999d1c2be0c8c3d47a359b3e2d613</checksum>
+    <open-checksum type="sha256">5eedac6f334681aa51e154d77025db287c33ce1491b14368be9b477ff8208152</open-checksum>
+    <location href="repodata/32e04847f7cc2872db5ac9e92ea540ef2a7999d1c2be0c8c3d47a359b3e2d613-comps-BaseOS.x86_64.xml.xz"/>
+    <timestamp>1632166291</timestamp>
+    <size>56668</size>
+    <open-size>297208</open-size>
+  </data>
+  <data type="updateinfo">
+    <checksum type="sha256">c14b2249cc128fa8c565d0b79986daffc4e1c0a430c84a3ebccc1a016d59bda1</checksum>
+    <open-checksum type="sha256">3655bacbf1e119d2fd5d27c25acc98a5f8e27ba64d9b86c6b181c20e67b0f7e7</open-checksum>
+    <location href="repodata/updateinfo.xml.gz"/>
+    <timestamp>1632172541</timestamp>
+    <size>24366</size>
+    <open-size>184021</open-size>
+  </data>
+</repomd>
\ No newline at end of file
diff --git a/rocky/testdata/fixtures/happy/updateinfo.xml.gz b/rocky/testdata/fixtures/happy/updateinfo.xml.gz
new file mode 100644
index 0000000000000000000000000000000000000000..eaad18e12edc331fa666a3972c44f336b17fbc16
GIT binary patch
literal 2585
zcmV+!3g-16iwFqJi%MYt19fm@VRU6_Zf0*Tcx`L|?OJVb8@Unw-d{neKye2|65n53
z+h`ix;R>Wh5u^Ef7?MM48%ZnduATUPeP{LJNRES8vQq1c8aBKlIm6+@;mk8!o!=}n
zbl6`0fwA+|Gb>F!yBIV$#rgGLnmT>Bn^yCiPouiI9<a89?xwvMlxhys0qgD-crl1K
z*QNS2V7J(`RXx8L$U(1=R95-&-P^yu9!f67nKYiCkEv<Z*HzsVFH6<nN0?4CBQ1>7
zFqmhC^9jro&T!tbm09QG)%dmEw!Oj3`VN|nln=QZO38$$S<a*$T+&3#F>8U9l3fWq
zl!0-6w*2iS)`Qj}O?5r#+RHcf;%@oKet7dE>m}K{9u)S|yu)VER4uZrx^y3*LH2Wf
zGbbGc!ufbDzg9+YLW`Fx(YHOI%+r{4^J>uIrky0x&|Ql2@#hb#&K3#Ys=K@VM?EJr
z?mw=3Z)P)S?k-=?*=8H-hJ6ONYT3O0$lw;LDa7fjd&ig&>0B#Wsm$1>rdsrix%`<%
z&uUs=H7CK@a)s=+YO9V-x^B^)jmOwD(7|ZeVa5-4e_QDWnSu?{X0M^zZekO9yclez
zfJCF(QG<B`-6++w^`zr>ziiJkU{$^tJZxLJ>QdllMjv}`x)}Ux1=jYmmdNY~_vkg)
zH5Fl=m*<1MqlaIh>%HdQ+Vz6Q4_9=)_;5X~+U|aRsh&<TEhlRyb<>ftZ~b7?O#|jI
z`@&V0ZJ&oMAbo&qWPNjg9M>B?EY%d-ySBsG)_LS3KavBs_O^?G8{yRdss{`gb(&EB
zfI-tg%<KL?9rGq_D_zPD*HR<u95svCmce9CKkw4S$4q&kU^Ppx<9vKCx2=pEalK#d
z1f;QpOHd|BQDT%*SRv3R#Y0viNWlx|(G(q=2Zzz>k`?%3tb*)9lnP>rOXuE#Z@k9u
z+lan6jL*g{7w&cBgp)}@B*T$wk0^OUB^)=!#}uM>(enZlm66#f=QX5goh)T<>=t+3
zq@JtcW(_X{;X^Z?kE9Z+c+MdiW1|AXNn$Zrf(9O~N?I0emFI>$&KvDA0iSzEG^j$%
z_FG7vk3WZoO*GjG9-9pHylmZKy6H2=SM&ANedu%Mi+ug}IwOTpJY&<}G~4LfD@k*8
zCe)cR|I0~w1Je@|b&ur}QuLqx`04eZx10Xi)cGcL>}s<Q6QESJ1hJct!u1r?IDy-0
ze$C+XmQ^$IzK+#}ZHyhU*X&I_n^9hRe>0s^Tdb!2(5qB8z4X;GniIzFudaS%kw9TB
zb>S=aaZ;rTyRL4rr8zQov<Na{v-sX7Qt+x@<n96yNbYuLwq=6tCdl5r|A~<|fB2#O
zkuvnM>D_&9?HAJT;rHS#yQkpDyk&Bi8z9GOyYXf}a!+K^Eskl`%bAB1i23N>Z9QKR
znw|E|VJ3lZahV;t)2A|Y6o%6(wp-yzP~28qNke@tX;jwRb;{_~EaiskNy%a}?E|4+
z<6bF(`y7nZ6#P?B(V<T~IIa|8=8g;D!3t}9meCTAiIKackhqOPrG*2tcd~sBUZ1@E
z)#~FSw$iy5W~n%vqOmA#(jgI4ItxpLP5~4fG$*74rWi_4C`{6bj&ma=a0t%0gD}f<
z0;Vql+H&USqb3Ym9i>O%tmcrt=LqO>g2W|ZR!Zc8xQPuS`{FZdU8IsuIHG$R|I4U7
z^JqSX+1_VU79?D(AP(nDNZuLrB_`oSHog#;HgfBQaXBPS?2QTt04b=ZFc?b4LlAor
z4|}$6q0<RWiO!RQmBN$dkpMsmB_~;k`qI%%B7@>N79$gl3KEU8Moa1Z?~CXv-p7y!
zME7sA1?4lCcW3MaHglZbGpARZtEyLr-c|Xbkc=i4`b?@P(O{C`ze5^)58@Mf@EYlt
zqr&$F|DOv#!i84{<t4bVlt!z^$ndh`5H`FN+=~u>msJ__l~qxFeAudtdEr$l%fq8}
z3$-6qw~*ZF*Db5iHSFqoy3NJ)Nca)o&idSpgdB+{CI7Y3m6GAE=r?%4wmn}_a0uxn
z!la!*Z6fm3Wvj7HKqyLBWxVseNL?^GZbP(QYp<3UumW>d$oHmDt7V)Jphtt!Y8%jc
z6{M90xeSR)LRFl$U{g*?6SeZFvNwSj?g(5RV{*=As(pkH2SQ0yn&``LM%i+Tr{t+S
zb{!Aqtcl7>Yd!Wv)#u~`I*c3()tX?9EmEc|j0sUw3E&Gopbi0|jGoy4-Y~~S=?~p0
zAiFl@cwkal#I*$HY|)A8O2wTBj^_|^q_UHn3>gDxkyH%MQUD;wj)p##*uPGAp3nC5
z>J(u8!l)y9t1r?=r>TG!F)E`yRa-F{t`ry2aIg{*P~b%q1ORvFfSU+K1QaqJ8efOR
zH-}V25fkmx<g>!U&YPR(qx`_Kuc$iUWsc20XdjF=s7gXD&=Zg%CQD&LOO!fM`jU!s
zB2|tH&p~h(OrqEuX^)=e%O~f?NAutkolIQOp*JcgP65|Y_Hwy^FezEIE|4?(5C~w2
zf^wjVG6z5xG79z0tAnq>Izb9O%_$|cwMEB+)+uWfx1JLP2(g5cOC%t3aUnwXT16qX
z;6kfJ0GE`xD8w*O8lRjx5@Q(Rr>=n$g832aj!4oJg#ivx7vcg)9CrC?JO)oxH`*wR
z@L5<;#M%n<S7g#FEMUBiL5Zjjh5W=)-EotgjV@~0d$L@*ZQ?{JOm;cg9C*SIlt%E`
zc!@;{5RwR6q9+@D_Ud3zSDy0l3j3w8-LmS4JR*wdJc5LnRSrr5Rcw$->hHX*quPuz
znTnjEbp`}Z#6n2VH4x3nCZ|IoKE1Ny=mkYW&XoyN2)mFR1qknW4Av-Rtf$sY#aR*@
zsHl)G6I&3rP{8OngQ^X&zxOV%DW?EvZ^!Xq3{E9-MCiYVMCm^i9zb}{lhICRp(!qe
zqOJ6Xeu9Id`#<h^Onter|F@EME<_%@F@0$#{cP0n00u`Tu8G2V&ie}m4^BmC&{2Ua
zASJ3Ql*_UwXBfCAZV@Gq5QKIV3Bthur>1V(6QpB1b{#R98D}YOW~<3flK`1Z=26h$
z*Obo`MR!8Fc&lANS8~WyF`Hm0D$7(9?*CHpL0mgEI`*B2823&`VF*!BRHaee1)DLr
zLX|S8z-1{ZP@NXg3Resit_@|gB&Z1SRCgTC8BUEY9G53Rc7$gC0yh#dpeO)QSxI%T
zCj4|jKw~6Q_A<Z~_lc-j5Z1&Lh*6~ddBWyPnJ1Ifw(L3PHBKn1c!G`Cf=kg0h|6yg
zc=S0GYl|>82?HRDL9ju4p(0YKrpy-t9PF)iI-#o@vgUZ#HROQa2O_RYhAe|~hP;zp
vkp4n~0OY|vyow;@1Z*ZE%L`XMv_XLTW;%QFR}wZ)?d5*}Ht}utJ~IFSs=xB(

literal 0
HcmV?d00001

diff --git a/rocky/testdata/fixtures/repomd_invalid/repomd.xml b/rocky/testdata/fixtures/repomd_invalid/repomd.xml
new file mode 100644
index 0000000..40d3d84
--- /dev/null
+++ b/rocky/testdata/fixtures/repomd_invalid/repomd.xml
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<repomd xmlns="http://linux.duke.edu/metadata/repo" xmlns:rpm="http://linux.duke.edu/metadata/rpm">
+</repomd>
\ No newline at end of file
diff --git a/rocky/testdata/fixtures/updateinfo_invalid/repomd.xml b/rocky/testdata/fixtures/updateinfo_invalid/repomd.xml
new file mode 100644
index 0000000..5e652e5
--- /dev/null
+++ b/rocky/testdata/fixtures/updateinfo_invalid/repomd.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<repomd xmlns="http://linux.duke.edu/metadata/repo" xmlns:rpm="http://linux.duke.edu/metadata/rpm">
+  <revision>8.4</revision>
+  <tags>
+    <distro cpeid="cpe:/o:rocky:rocky:8">Rocky Linux 8</distro>
+  </tags>
+  <data type="primary">
+    <checksum type="sha256">9d25370cf8f2bdf046145fa51ef3d0229ecc6862cbe35281a70184cc39089f54</checksum>
+    <open-checksum type="sha256">554780b39c8a31f3b92eb2356f38099bd6135834c51542c8ffb889aa6d37c1a0</open-checksum>
+    <location href="repodata/9d25370cf8f2bdf046145fa51ef3d0229ecc6862cbe35281a70184cc39089f54-primary.xml.gz"/>
+    <timestamp>1632166291</timestamp>
+    <size>4136440</size>
+    <open-size>29944727</open-size>
+  </data>
+  <data type="filelists">
+    <checksum type="sha256">3f9875964fcb58abd0c3b88ae317450d124020d81e873f1db05c695e84fc1c3b</checksum>
+    <open-checksum type="sha256">483a4f0494e31ae0d100714ddae8eab680c408ff354979636d7bec849c1b6e4d</open-checksum>
+    <location href="repodata/3f9875964fcb58abd0c3b88ae317450d124020d81e873f1db05c695e84fc1c3b-filelists.xml.gz"/>
+    <timestamp>1632166291</timestamp>
+    <size>3284862</size>
+    <open-size>45704869</open-size>
+  </data>
+  <data type="other">
+    <checksum type="sha256">201204bd642f240caaa2d8cd8b8fcf0bf0071fdf7ba67c68b79c209163995057</checksum>
+    <open-checksum type="sha256">ab9351e393e2f08997754411263a7b51114209668d453a62ad998981789c091d</open-checksum>
+    <location href="repodata/201204bd642f240caaa2d8cd8b8fcf0bf0071fdf7ba67c68b79c209163995057-other.xml.gz"/>
+    <timestamp>1632166291</timestamp>
+    <size>621783</size>
+    <open-size>6152523</open-size>
+  </data>
+  <data type="primary_db">
+    <checksum type="sha256">2e35bd95b02d3bf3d99b82f3bbb6b0381f55b671226771d9d7db975b5d0f205b</checksum>
+    <open-checksum type="sha256">b1af8fb023566905067e07bfcffed71ce73ebc6e4ed0af2a010ac7ea6bbfbefa</open-checksum>
+    <location href="repodata/2e35bd95b02d3bf3d99b82f3bbb6b0381f55b671226771d9d7db975b5d0f205b-primary.sqlite.xz"/>
+    <timestamp>1632166306</timestamp>
+    <size>3599636</size>
+    <open-size>34222080</open-size>
+  </data>
+  <data type="filelists_db">
+    <checksum type="sha256">06510a9c700387c4c670654f6440386d6e91e0628116492a4a38228f67ec4d61</checksum>
+    <open-checksum type="sha256">19df9e2e5a6e66214ddf95569d50ce1c73cfed99c109e453b043a68b8609fd95</open-checksum>
+    <location href="repodata/06510a9c700387c4c670654f6440386d6e91e0628116492a4a38228f67ec4d61-filelists.sqlite.xz"/>
+    <timestamp>1632166298</timestamp>
+    <size>2665240</size>
+    <open-size>24879104</open-size>
+  </data>
+  <data type="other_db">
+    <checksum type="sha256">dddb998b6aca861c3b0724e13ee6f99a74e516b659299ec47c682a08f414cf25</checksum>
+    <open-checksum type="sha256">46d0a6ae8562e93c729361fa1b28ccf10d26bed3d9d2ff1e464ff807b6201688</open-checksum>
+    <location href="repodata/dddb998b6aca861c3b0724e13ee6f99a74e516b659299ec47c682a08f414cf25-other.sqlite.xz"/>
+    <timestamp>1632166293</timestamp>
+    <size>423132</size>
+    <open-size>6062080</open-size>
+  </data>
+  <data type="group">
+    <checksum type="sha256">5eedac6f334681aa51e154d77025db287c33ce1491b14368be9b477ff8208152</checksum>
+    <location href="repodata/5eedac6f334681aa51e154d77025db287c33ce1491b14368be9b477ff8208152-comps-BaseOS.x86_64.xml"/>
+    <timestamp>1632166276</timestamp>
+    <size>297208</size>
+  </data>
+  <data type="group_xz">
+    <checksum type="sha256">32e04847f7cc2872db5ac9e92ea540ef2a7999d1c2be0c8c3d47a359b3e2d613</checksum>
+    <open-checksum type="sha256">5eedac6f334681aa51e154d77025db287c33ce1491b14368be9b477ff8208152</open-checksum>
+    <location href="repodata/32e04847f7cc2872db5ac9e92ea540ef2a7999d1c2be0c8c3d47a359b3e2d613-comps-BaseOS.x86_64.xml.xz"/>
+    <timestamp>1632166291</timestamp>
+    <size>56668</size>
+    <open-size>297208</open-size>
+  </data>
+  <data type="updateinfo">
+    <checksum type="sha256">c14b2249cc128fa8c565d0b79986daffc4e1c0a430c84a3ebccc1a016d59bda1</checksum>
+    <open-checksum type="sha256">3655bacbf1e119d2fd5d27c25acc98a5f8e27ba64d9b86c6b181c20e67b0f7e7</open-checksum>
+    <location href="repodata/updateinfo.xml.gz"/>
+    <timestamp>1632172541</timestamp>
+    <size>24366</size>
+    <open-size>184021</open-size>
+  </data>
+</repomd>
\ No newline at end of file
diff --git a/rocky/testdata/fixtures/updateinfo_invalid/updateinfo.xml.gz b/rocky/testdata/fixtures/updateinfo_invalid/updateinfo.xml.gz
new file mode 100644
index 0000000000000000000000000000000000000000..a7ba8f6c04105f52be50f62457ac5535dbfd9d9d
GIT binary patch
literal 1380
zcmV-q1)KUGiwFpcw3%H119fm@VRU6_Zf0*^X>N95Y-waJcx`L|?O083<2DdI*S}(*
z0!0>xB-<P3!<D@a+8!3z76n@DwV)|VVnc~4N!f9JeIF@%V>`)iyK!>rAvQ&kGjHC^
zBge_!-PVeh!dR)BSu{$95xtuavaZdU6L!8C5bIo}%`8%~>26~ycxR+r|G;W?r<;W9
zI-<hp`m+nHW3IEasE`d)5xI3MX3=(Kv<u=anrAYfUw^p%eH@R6qs#c}?NydyDs$2)
zF~1IG>4SGhW5SY)WHhFj_P0!l!?xs1QER03eyC;qhLwUgffd@&jWCT+S=!sqq_v&M
z$-kaO!PIaRk47{eO^1_+(k&?umYmaYG#y`tB~~CF_?vGLWa+1=EEg8jtwXr;-}dlW
zVg_t4nN)0{dUyxHx{5g}<ShpNy;6E5o068DYJ_16so+o8>EOqYKYJoB;>pG2Y&!U6
zG#Oo8T#lx+|Awj+XllDD*%rA_%*mx7af`9XN3Ae581ch`b;?<)Sd$~o<>0y@+2oyd
zW*x6&E+{ZZD`tVKYjV5|AXjWnHEZypb5KpS<VLqfb73vw0~@kzyj?h!b*n@z8c*-z
zfOG-7@Y!+yXz7Fz%B$9mT2p7S4TwP-9CAS#B-iqe`K50X`lAw_Ui`Vr2;r-uW@b%G
zW+ZD68;pCzn?NebE6Qb22(ufD|9%`BXALd<M60w!2nl`cEz>^dMkwTnbZ@g@+=aBB
z`WY~QXT-5jlRc#zN<pUo4J{ATc8axJgqovL_)-Z&XJlD|l$;i8V*Oh0gmLc{M3C*;
z)?kb!UE`z*kd1KCggk92TU8qMx(i{UG`~sceM2Eb3&=jqucWK?<EC2F8foaAf|wdC
zx4QLFim;S3j!y^(+bhx27VLY33*iyxAgcvPR3|lFYN0Ho^HiSnJc<0xDc&OvBz`HC
zDDe(fa6T~SAjGh#Q@JlB_<-#~u@yOufLTsEyH5H;1Ib`qyx9f-4!MRTc;L`6Qws0C
zM{gmKm_t2&U+>Q*^s9DadQct=6~|GH?;!(4x0mPf`PpGPBy|1DPfxrH72asKG1MnF
zgcAxo8SEYbqX`a&|E2s@QXWmV0<xbm1@bXa^3E5<!XTPzQyYNtmk7Z_C+^@_@TwCb
z@&XFN6PH$~b({;_pd#PXniYR{VXfTm{Zy$OnIhzIC6w~tUsfJxzWkZ;$_UnF0|oef
z`|19U)$RA+4&PpVZ~axsc2(*xt{paz(5(dbQyxI{as{RiPS+dV(n){FAlKKZXpm!Z
zHa*numy`>{c9Wg8h169zA<9lzmsZ+3TKED-ZvEwpH-}39YH1Jp8+W*W<Dz7~aN|Bv
zA%iU4?He*9P|H5&c4th`LNSXf=h|tS@})??q!EcWWy(t#;}G_<4XZ_h=XZWE+dF(B
zlKCt;m<pZIEZR10un?M@qq!YT9=P>WPq<BYLvL?NC9Ruh9IcSpr~$pIn?-%|8TT#e
z7(JzTd(b;(X_(BmZ6PzfnngHP|2#+BqSgKpO>saR^@o1sg({fE#M{f{;woYFT{GV4
zV9%1P<l-C-3)E1szv=R9+FOYG74gpYr1zPaw$9Q|`?7Qc?7tz5D-<!%90BRZ(u*U`
z#iA=^Q|P$A0^;rZXGida<(G@d-&)VX?f1Vdx_eHZjq{$}mqWb9kIyE4Hm&z&UIpus
zNPf)Vi>uLTt&VYe1Us*T7VIpKayIW+do|=oD3r%7zQVbE9M)fl?_)B3M2;Knzn?~}
m`7!Wn{ut8U_tQwz`^L&oZ`-Z3|A*B)8~g(!<W$8(6aWBp3$Q`}

literal 0
HcmV?d00001

diff --git a/rocky/testdata/golden/2021/RLSA-2021:2575.json b/rocky/testdata/golden/2021/RLSA-2021:2575.json
new file mode 100644
index 0000000..d8ba152
--- /dev/null
+++ b/rocky/testdata/golden/2021/RLSA-2021:2575.json
@@ -0,0 +1,65 @@
+{
+  "id": "RLSA-2021:2575",
+  "title": "Moderate: lz4 security update",
+  "issued": {
+    "date": "2021-07-22 03:13:55"
+  },
+  "updated": {
+    "date": "2021-06-29 00:00:00"
+  },
+  "severity": "Moderate",
+  "description": "For more information visit https://errata.rockylinux.org/RLSA-2021:2575",
+  "packages": [
+    {
+      "name": "lz4-libs",
+      "epoch": "0",
+      "version": "1.8.3",
+      "release": "3.el8_4",
+      "arch": "i686",
+      "filename": "lz4-libs-1.8.3-3.el8_4.i686.rpm"
+    },
+    {
+      "name": "lz4-libs",
+      "epoch": "0",
+      "version": "1.8.3",
+      "release": "3.el8_4",
+      "arch": "x86_64",
+      "filename": "lz4-libs-1.8.3-3.el8_4.x86_64.rpm"
+    },
+    {
+      "name": "lz4-devel",
+      "epoch": "0",
+      "version": "1.8.3",
+      "release": "3.el8_4",
+      "arch": "x86_64",
+      "filename": "lz4-devel-1.8.3-3.el8_4.x86_64.rpm"
+    },
+    {
+      "name": "lz4-devel",
+      "epoch": "0",
+      "version": "1.8.3",
+      "release": "3.el8_4",
+      "arch": "i686",
+      "filename": "lz4-devel-1.8.3-3.el8_4.i686.rpm"
+    },
+    {
+      "name": "lz4",
+      "epoch": "0",
+      "version": "1.8.3",
+      "release": "3.el8_4",
+      "arch": "x86_64",
+      "filename": "lz4-1.8.3-3.el8_4.x86_64.rpm"
+    }
+  ],
+  "references": [
+    {
+      "href": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3520.json",
+      "id": "CVE-2021-3520",
+      "title": "Update information for CVE-2021-3520 is retrieved from Red Hat",
+      "type": "cve"
+    }
+  ],
+  "cveids": [
+    "CVE-2021-3520"
+  ]
+}
\ No newline at end of file
diff --git a/rocky/testdata/golden/2021/RLSA-2021:3057.json b/rocky/testdata/golden/2021/RLSA-2021:3057.json
new file mode 100644
index 0000000..ac25774
--- /dev/null
+++ b/rocky/testdata/golden/2021/RLSA-2021:3057.json
@@ -0,0 +1,191 @@
+{
+  "id": "RLSA-2021:3057",
+  "title": "Important: kernel security, bug fix, and enhancement update",
+  "issued": {
+    "date": "2021-08-12 21:14:23"
+  },
+  "updated": {
+    "date": "2021-08-10 00:00:00"
+  },
+  "severity": "Important",
+  "description": "For more information visit https://errata.rockylinux.org/RLSA-2021:3057",
+  "packages": [
+    {
+      "name": "kernel-tools",
+      "epoch": "0",
+      "version": "4.18.0",
+      "release": "305.12.1.el8_4",
+      "arch": "x86_64",
+      "filename": "kernel-tools-4.18.0-305.12.1.el8_4.x86_64.rpm"
+    },
+    {
+      "name": "kernel",
+      "epoch": "0",
+      "version": "4.18.0",
+      "release": "305.12.1.el8_4",
+      "arch": "x86_64",
+      "filename": "kernel-4.18.0-305.12.1.el8_4.x86_64.rpm"
+    },
+    {
+      "name": "kernel-debug-modules",
+      "epoch": "0",
+      "version": "4.18.0",
+      "release": "305.12.1.el8_4",
+      "arch": "x86_64",
+      "filename": "kernel-debug-modules-4.18.0-305.12.1.el8_4.x86_64.rpm"
+    },
+    {
+      "name": "bpftool",
+      "epoch": "0",
+      "version": "4.18.0",
+      "release": "305.12.1.el8_4",
+      "arch": "x86_64",
+      "filename": "bpftool-4.18.0-305.12.1.el8_4.x86_64.rpm"
+    },
+    {
+      "name": "kernel-debug-core",
+      "epoch": "0",
+      "version": "4.18.0",
+      "release": "305.12.1.el8_4",
+      "arch": "x86_64",
+      "filename": "kernel-debug-core-4.18.0-305.12.1.el8_4.x86_64.rpm"
+    },
+    {
+      "name": "kernel-abi-stablelists",
+      "epoch": "0",
+      "version": "4.18.0",
+      "release": "305.12.1.el8_4",
+      "arch": "noarch",
+      "filename": "kernel-abi-stablelists-4.18.0-305.12.1.el8_4.noarch.rpm"
+    },
+    {
+      "name": "kernel-debug",
+      "epoch": "0",
+      "version": "4.18.0",
+      "release": "305.12.1.el8_4",
+      "arch": "x86_64",
+      "filename": "kernel-debug-4.18.0-305.12.1.el8_4.x86_64.rpm"
+    },
+    {
+      "name": "kernel-headers",
+      "epoch": "0",
+      "version": "4.18.0",
+      "release": "305.12.1.el8_4",
+      "arch": "x86_64",
+      "filename": "kernel-headers-4.18.0-305.12.1.el8_4.x86_64.rpm"
+    },
+    {
+      "name": "kernel-debug-modules-extra",
+      "epoch": "0",
+      "version": "4.18.0",
+      "release": "305.12.1.el8_4",
+      "arch": "x86_64",
+      "filename": "kernel-debug-modules-extra-4.18.0-305.12.1.el8_4.x86_64.rpm"
+    },
+    {
+      "name": "kernel-core",
+      "epoch": "0",
+      "version": "4.18.0",
+      "release": "305.12.1.el8_4",
+      "arch": "x86_64",
+      "filename": "kernel-core-4.18.0-305.12.1.el8_4.x86_64.rpm"
+    },
+    {
+      "name": "kernel-debug-devel",
+      "epoch": "0",
+      "version": "4.18.0",
+      "release": "305.12.1.el8_4",
+      "arch": "x86_64",
+      "filename": "kernel-debug-devel-4.18.0-305.12.1.el8_4.x86_64.rpm"
+    },
+    {
+      "name": "kernel-modules",
+      "epoch": "0",
+      "version": "4.18.0",
+      "release": "305.12.1.el8_4",
+      "arch": "x86_64",
+      "filename": "kernel-modules-4.18.0-305.12.1.el8_4.x86_64.rpm"
+    },
+    {
+      "name": "perf",
+      "epoch": "0",
+      "version": "4.18.0",
+      "release": "305.12.1.el8_4",
+      "arch": "x86_64",
+      "filename": "perf-4.18.0-305.12.1.el8_4.x86_64.rpm"
+    },
+    {
+      "name": "kernel-tools-libs",
+      "epoch": "0",
+      "version": "4.18.0",
+      "release": "305.12.1.el8_4",
+      "arch": "x86_64",
+      "filename": "kernel-tools-libs-4.18.0-305.12.1.el8_4.x86_64.rpm"
+    },
+    {
+      "name": "kernel-cross-headers",
+      "epoch": "0",
+      "version": "4.18.0",
+      "release": "305.12.1.el8_4",
+      "arch": "x86_64",
+      "filename": "kernel-cross-headers-4.18.0-305.12.1.el8_4.x86_64.rpm"
+    },
+    {
+      "name": "kernel-modules-extra",
+      "epoch": "0",
+      "version": "4.18.0",
+      "release": "305.12.1.el8_4",
+      "arch": "x86_64",
+      "filename": "kernel-modules-extra-4.18.0-305.12.1.el8_4.x86_64.rpm"
+    },
+    {
+      "name": "kernel-devel",
+      "epoch": "0",
+      "version": "4.18.0",
+      "release": "305.12.1.el8_4",
+      "arch": "x86_64",
+      "filename": "kernel-devel-4.18.0-305.12.1.el8_4.x86_64.rpm"
+    },
+    {
+      "name": "python3-perf",
+      "epoch": "0",
+      "version": "4.18.0",
+      "release": "305.12.1.el8_4",
+      "arch": "x86_64",
+      "filename": "python3-perf-4.18.0-305.12.1.el8_4.x86_64.rpm"
+    },
+    {
+      "name": "kernel-doc",
+      "epoch": "0",
+      "version": "4.18.0",
+      "release": "305.12.1.el8_4",
+      "arch": "noarch",
+      "filename": "kernel-doc-4.18.0-305.12.1.el8_4.noarch.rpm"
+    }
+  ],
+  "references": [
+    {
+      "href": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22543.json",
+      "id": "CVE-2021-22543",
+      "title": "Update information for CVE-2021-22543 is retrieved from Red Hat",
+      "type": "cve"
+    },
+    {
+      "href": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22555.json",
+      "id": "CVE-2021-22555",
+      "title": "Update information for CVE-2021-22555 is retrieved from Red Hat",
+      "type": "cve"
+    },
+    {
+      "href": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3609.json",
+      "id": "CVE-2021-3609",
+      "title": "Update information for CVE-2021-3609 is retrieved from Red Hat",
+      "type": "cve"
+    }
+  ],
+  "cveids": [
+    "CVE-2021-22543",
+    "CVE-2021-22555",
+    "CVE-2021-3609"
+  ]
+}
\ No newline at end of file