Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

revert: add new classes for vulnerabilities #2701

Merged
merged 4 commits into from
Aug 15, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ require (
github.com/NYTimes/gziphandler v1.1.1
github.com/alicebob/miniredis/v2 v2.22.0
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
github.com/aquasecurity/go-dep-parser v0.0.0-20220807122629-b5a21d267b03
github.com/aquasecurity/go-dep-parser v0.0.0-20220815163410-fcf26eb92b86
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -206,8 +206,8 @@ github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8=
github.com/aquasecurity/defsec v0.71.5 h1:HOao1TaP74lhbsLUmYaNgHx1afdYImDicB8b/f54FIM=
github.com/aquasecurity/defsec v0.71.5/go.mod h1:+ouYrROGLz3lGutl+K+ilXX5V41S76JIi+L8aXPBsAQ=
github.com/aquasecurity/go-dep-parser v0.0.0-20220807122629-b5a21d267b03 h1:Axx5KwV0c83IlPLIIsi/Ht6sGsSJBzABUngXjFHFg4I=
github.com/aquasecurity/go-dep-parser v0.0.0-20220807122629-b5a21d267b03/go.mod h1:SONYN1M+sYu6VIJsZnltmVfcGOCvp09HWbhpnHDn3aY=
github.com/aquasecurity/go-dep-parser v0.0.0-20220815163410-fcf26eb92b86 h1:sc8hDjSxO3aiG0R7HvaAVnY6329NTtv9AqDGpVQxAPQ=
github.com/aquasecurity/go-dep-parser v0.0.0-20220815163410-fcf26eb92b86/go.mod h1:wwxn1SyOEY8W5hy8aDQDoExX+ybVsi+xfIllXz93+Fk=
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce/go.mod h1:HXgVzOPvXhVGLJs4ZKO817idqr/xhwsTcj17CLYY74s=
github.com/aquasecurity/go-mock-aws v0.0.0-20220726154943-99847deb62b0 h1:tihCUjLWkF0b1SAjAKcFltUs3SpsqGrLtI+Frye0D10=
Expand Down
8 changes: 5 additions & 3 deletions integration/client_server_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ import (
"testing"
"time"

"github.com/samber/lo"

cdx "github.com/CycloneDX/cyclonedx-go"
"github.com/docker/go-connections/nat"
"github.com/stretchr/testify/assert"
Expand Down Expand Up @@ -399,10 +401,10 @@ func TestClientServerWithCycloneDX(t *testing.T) {
err = json.NewDecoder(f).Decode(&got)
require.NoError(t, err)

assert.EqualValues(t, tt.wantComponentsCount, len(*got.Components))
assert.EqualValues(t, tt.wantDependenciesCount, len(*got.Dependencies))
assert.EqualValues(t, tt.wantComponentsCount, len(lo.FromPtr(got.Components)))
assert.EqualValues(t, tt.wantDependenciesCount, len(lo.FromPtr(got.Dependencies)))
for i, dep := range *got.Dependencies {
assert.EqualValues(t, tt.wantDependsOnCount[i], len(*dep.Dependencies))
assert.EqualValues(t, tt.wantDependsOnCount[i], len(lo.FromPtr(dep.Dependencies)))
}
})
}
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/almalinux-8.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/almalinux-8.tar.gz (alma 8.5)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "alma",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/alpine-310-registry.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@
"Results": [
{
"Target": "localhost:63577/alpine:3.10 (alpine 3.10.2)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "alpine",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/alpine-310.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "alpine",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/alpine-39-high-critical.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/alpine-39.tar.gz (alpine 3.9.4)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "alpine",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/alpine-39-ignore-cveids.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/alpine-39.tar.gz (alpine 3.9.4)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "alpine",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/alpine-39.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/alpine-39.tar.gz (alpine 3.9.4)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "alpine",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/alpine-distroless.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/alpine-distroless.tar.gz (alpine 3.16)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "alpine",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/amazon-1.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/amazon-1.tar.gz (amazon AMI release 2018.03)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "amazon",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/amazon-2.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/amazon-2.tar.gz (amazon 2 (Karoo))",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "amazon",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/busybox-with-lockfile.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
"Results": [
{
"Target": "Cargo.lock",
"Class": "vuln-lang-pkgs",
"Class": "lang-pkgs",
"Type": "cargo",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/centos-6.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/centos-6.tar.gz (centos 6.10)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "centos",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/centos-7-cyclonedx.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"specVersion": "1.4",
"version": 1,
"metadata": {
"timestamp": "2022-07-03T08:45:54+00:00",
"timestamp": "2022-08-14T12:39:11+00:00",
"tools": [
{
"vendor": "aquasecurity",
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/centos-7-ignore-unfixed.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/centos-7.tar.gz (centos 7.6.1810)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "centos",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/centos-7-medium.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/centos-7.tar.gz (centos 7.6.1810)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "centos",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/centos-7.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/centos-7.tar.gz (centos 7.6.1810)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "centos",
"Vulnerabilities": [
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/debian-buster.tar.gz (debian 10.1)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "debian",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/debian-buster.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/debian-buster.tar.gz (debian 10.1)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "debian",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/debian-stretch.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/debian-stretch.tar.gz (debian 9.9)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "debian",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/distroless-base.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/distroless-base.tar.gz (debian 9.9)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "debian",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/distroless-python27.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/distroless-python27.tar.gz (debian 9.9)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "debian",
"Vulnerabilities": [
{
Expand Down
4 changes: 2 additions & 2 deletions integration/testdata/fluentd-gems.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/fluentd-multiple-lockfiles.tar.gz (debian 10.2)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "debian",
"Vulnerabilities": [
{
Expand Down Expand Up @@ -165,7 +165,7 @@
},
{
"Target": "Ruby",
"Class": "vuln-lang-pkgs",
"Class": "lang-pkgs",
"Type": "gemspec",
"Vulnerabilities": [
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"specVersion": "1.4",
"version": 1,
"metadata": {
"timestamp": "2022-07-03T08:45:54+00:00",
"timestamp": "2022-08-14T12:39:11+00:00",
"tools": [
{
"vendor": "aquasecurity",
Expand Down
6 changes: 3 additions & 3 deletions integration/testdata/gomod.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
"Results": [
{
"Target": "go.mod",
"Class": "vuln-lang-pkgs",
"Class": "lang-pkgs",
"Type": "gomod",
"Vulnerabilities": [
{
Expand Down Expand Up @@ -103,7 +103,7 @@
},
{
"Target": "submod/go.mod",
"Class": "vuln-lang-pkgs",
"Class": "lang-pkgs",
"Type": "gomod",
"Vulnerabilities": [
{
Expand Down Expand Up @@ -131,7 +131,7 @@
},
{
"Target": "submod2/go.mod",
"Class": "vuln-lang-pkgs",
"Class": "lang-pkgs",
"Type": "gomod",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/mariner-1.0.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/mariner-1.0.tar.gz (cbl-mariner 1.0.20220122)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "cbl-mariner",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/nodejs.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
"Results": [
{
"Target": "package-lock.json",
"Class": "vuln-lang-pkgs",
"Class": "lang-pkgs",
"Type": "npm",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/opensuse-leap-151.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/opensuse-leap-151.tar.gz (opensuse.leap 15.1)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "opensuse.leap",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/oraclelinux-8.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/oraclelinux-8.tar.gz (oracle 8.0)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "oracle",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/photon-30.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/photon-30.tar.gz (photon 3.0)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "photon",
"Vulnerabilities": [
{
Expand Down
7 changes: 1 addition & 6 deletions integration/testdata/pip.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -55,12 +55,7 @@
"Version": "2.0.0",
"Layer": {}
}
]
},
{
"Target": "requirements.txt",
"Class": "vuln-lang-pkgs",
"Type": "pip",
],
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2019-14806",
Expand Down
14 changes: 13 additions & 1 deletion integration/testdata/pnpm.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,22 @@
"SchemaVersion": 2,
"ArtifactName": "testdata/fixtures/fs/pnpm",
"ArtifactType": "filesystem",
"Metadata": {
"ImageConfig": {
"architecture": "",
"created": "0001-01-01T00:00:00Z",
"os": "",
"rootfs": {
"type": "",
"diff_ids": null
},
"config": {}
}
},
"Results": [
{
"Target": "pnpm-lock.yaml",
"Class": "vuln-lang-pkgs",
"Class": "lang-pkgs",
"Type": "pnpm",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/pom.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
"Results": [
{
"Target": "pom.xml",
"Class": "vuln-lang-pkgs",
"Class": "lang-pkgs",
"Type": "pom",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/rockylinux-8.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/rockylinux-8.tar.gz (rocky 8.5)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "rocky",
"Vulnerabilities": [
{
Expand Down
4 changes: 2 additions & 2 deletions integration/testdata/spring4shell-jre11.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -185,12 +185,12 @@
"Results": [
{
"Target": "testdata/fixtures/images/spring4shell-jre11.tar.gz (debian 11.3)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "debian"
},
{
"Target": "Java",
"Class": "vuln-lang-pkgs",
"Class": "lang-pkgs",
"Type": "jar",
"Vulnerabilities": [
{
Expand Down
Loading