From f8f0ff249f69fa812a58dc7c759ebcc04ae2a483 Mon Sep 17 00:00:00 2001
From: Ales Raszka <araszka@redhat.com>
Date: Wed, 30 Sep 2020 16:49:02 +0200
Subject: [PATCH] affected manifests: Use mather's Filter() in omnimatcher

The previous implementation used all matchers to find out whether
package is vulnerable. This approach didn't work because each matcher is
interested only in specific subset packages given by mather's filter.

This commit add filer to omnimatcher to make sure only right matchers
are used.

Signed-off-by: Ales Raszka <araszka@redhat.com>
---
 pkg/omnimatcher/omnimatcher.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pkg/omnimatcher/omnimatcher.go b/pkg/omnimatcher/omnimatcher.go
index 92726bd0e..eb5cd06b6 100644
--- a/pkg/omnimatcher/omnimatcher.go
+++ b/pkg/omnimatcher/omnimatcher.go
@@ -46,6 +46,10 @@ func New(m []driver.Matcher) OmniMatcher {
 // Vulnerable will call each Matcher's Vulnerable method until one returns true.
 func (om OmniMatcher) Vulnerable(ctx context.Context, record *claircore.IndexRecord, vuln *claircore.Vulnerability) (bool, error) {
 	for _, m := range om {
+		applicable := m.Filter(record)
+		if !applicable {
+			continue
+		}
 		match, err := m.Vulnerable(ctx, record, vuln)
 		if err != nil {
 			return false, err