diff --git a/contrib/asff.tpl b/contrib/asff.tpl index 4075c1909e..3e0a4557b6 100644 --- a/contrib/asff.tpl +++ b/contrib/asff.tpl @@ -19,12 +19,12 @@ { "SchemaVersion": "2018-10-08", "Id": "{{ $target }}/{{ .VulnerabilityID }}", - "ProductArn": "arn:aws:securityhub:{{ getEnv "AWS_REGION" }}::product/aquasecurity/aquasecurity", + "ProductArn": "arn:aws:securityhub:{{ env "AWS_REGION" }}::product/aquasecurity/aquasecurity", "GeneratorId": "Trivy", - "AwsAccountId": "{{ getEnv "AWS_ACCOUNT_ID" }}", + "AwsAccountId": "{{ env "AWS_ACCOUNT_ID" }}", "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ], - "CreatedAt": "{{ getCurrentTime }}", - "UpdatedAt": "{{ getCurrentTime }}", + "CreatedAt": "{{ now | date "2006-01-02T15:04:05.999999999Z07:00" }}", + "UpdatedAt": "{{ now | date "2006-01-02T15:04:05.999999999Z07:00" }}", "Severity": { "Label": "{{ $severity }}" }, @@ -42,7 +42,7 @@ "Type": "Container", "Id": "{{ $target }}", "Partition": "aws", - "Region": "{{ getEnv "AWS_REGION" }}", + "Region": "{{ env "AWS_REGION" }}", "Details": { "Container": { "ImageName": "{{ $target }}" }, "Other": { @@ -51,10 +51,10 @@ "PkgName": "{{ .PkgName }}", "Installed Package": "{{ .InstalledVersion }}", "Patched Package": "{{ .FixedVersion }}", - "NvdCvssScoreV3": "{{ (index .CVSS "nvd").V3Score }}", - "NvdCvssVectorV3": "{{ (index .CVSS "nvd").V3Vector }}", - "NvdCvssScoreV2": "{{ (index .CVSS "nvd").V2Score }}", - "NvdCvssVectorV2": "{{ (index .CVSS "nvd").V2Vector }}" + "NvdCvssScoreV3": "{{ (index .CVSS (sourceID "nvd")).V3Score }}", + "NvdCvssVectorV3": "{{ (index .CVSS (sourceID "nvd")).V3Vector }}", + "NvdCvssScoreV2": "{{ (index .CVSS (sourceID "nvd")).V2Score }}", + "NvdCvssVectorV2": "{{ (index .CVSS (sourceID "nvd")).V2Vector }}" } } } diff --git a/contrib/html.tpl b/contrib/html.tpl index 08d240e248..f7df0e3d1c 100644 --- a/contrib/html.tpl +++ b/contrib/html.tpl @@ -52,7 +52,7 @@ } a.toggle-more-links { cursor: pointer; } - {{- escapeXML ( index . 0 ).Target }} - Trivy Report - {{ getCurrentTime }} + {{- escapeXML ( index . 0 ).Target }} - Trivy Report - {{ now }} -

{{- escapeXML ( index . 0 ).Target }} - Trivy Report - {{ getCurrentTime }}

+

{{- escapeXML ( index . 0 ).Target }} - Trivy Report - {{ now }}

{{- range . }} diff --git a/go.mod b/go.mod index ba5a492bfe..1c45b8030d 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46 github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 - github.com/aquasecurity/trivy-db v0.0.0-20220129175002-a5adda5ac069 + github.com/aquasecurity/trivy-db v0.0.0-20220130223604-df65ebde46f4 github.com/caarlos0/env/v6 v6.0.0 github.com/cenkalti/backoff v2.2.1+incompatible github.com/cheggaaa/pb/v3 v3.0.3 diff --git a/go.sum b/go.sum index 37de125b9d..e1ac9d0ea8 100644 --- a/go.sum +++ b/go.sum @@ -260,8 +260,8 @@ github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516 h1:moQmzbp github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516/go.mod h1:gTd97VdQ0rg8Mkiic3rPgNOQdprZ7feTAhiD5mGQjgM= github.com/aquasecurity/tfsec v0.63.1 h1:KH63HTcUoab7d3PKtqFO6T8K5AY7bzLw7Kiu+EY9U64= github.com/aquasecurity/tfsec v0.63.1/go.mod h1:g5ZWmsfqW1FsCaPb9ux8Pzjcyss/WUB2XuRd5slqvnc= -github.com/aquasecurity/trivy-db v0.0.0-20220129175002-a5adda5ac069 h1:TYG76ClrtBiunB43Hme+ahszJfm0E+og+JQsEEMrHbk= -github.com/aquasecurity/trivy-db v0.0.0-20220129175002-a5adda5ac069/go.mod h1:BOulYmf+l2bd+Bjo3tTsdnbWCsh5UsJn1MqdiZzmm/Q= +github.com/aquasecurity/trivy-db v0.0.0-20220130223604-df65ebde46f4 h1:w/cU+uNDHHzMKLNpiohoHvPTtd1mi6Dyih4pqV6FLxQ= +github.com/aquasecurity/trivy-db v0.0.0-20220130223604-df65ebde46f4/go.mod h1:BOulYmf+l2bd+Bjo3tTsdnbWCsh5UsJn1MqdiZzmm/Q= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= diff --git a/integration/client_server_test.go b/integration/client_server_test.go index 234ecd6711..9863622894 100644 --- a/integration/client_server_test.go +++ b/integration/client_server_test.go @@ -286,13 +286,23 @@ func TestClientServerWithTemplate(t *testing.T) { }, } + report.CustomTemplateFuncMap = map[string]interface{}{ + "now": func() time.Time { + return time.Date(2020, 8, 10, 7, 28, 17, 958601, time.UTC) + }, + "date": func(format string, t time.Time) string { + return t.Format(format) + }, + } + + t.Cleanup(func() { + report.CustomTemplateFuncMap = map[string]interface{}{} + }) + app, addr, cacheDir := setup(t, setupOptions{}) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - report.Now = func() time.Time { - return time.Date(2020, 8, 10, 7, 28, 17, 958601, time.UTC) - } t.Setenv("AWS_REGION", "test-region") t.Setenv("AWS_ACCOUNT_ID", "123456789012") osArgs, outputFile := setupClient(t, tt.args, addr, cacheDir, tt.golden) @@ -382,7 +392,7 @@ func TestClientServerWithRedis(t *testing.T) { // Set up Trivy server app, addr, cacheDir := setup(t, setupOptions{cacheBackend: addr}) - defer os.RemoveAll(cacheDir) + t.Cleanup(func() { os.RemoveAll(cacheDir) }) // Test parameters testArgs := csArgs{ diff --git a/integration/fs_test.go b/integration/fs_test.go index ee6f6d55ca..f4524e8285 100644 --- a/integration/fs_test.go +++ b/integration/fs_test.go @@ -45,6 +45,14 @@ func TestFilesystem(t *testing.T) { }, golden: "testdata/pip.json.golden", }, + { + name: "pom", + args: args{ + securityChecks: "vuln", + input: "testdata/fixtures/fs/pom", + }, + golden: "testdata/pom.json.golden", + }, { name: "dockerfile", args: args{ @@ -90,7 +98,7 @@ func TestFilesystem(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { osArgs := []string{"trivy", "--cache-dir", cacheDir, "fs", "--skip-db-update", "--skip-policy-update", - "--format", "json", "--security-checks", tt.args.securityChecks} + "--format", "json", "--offline-scan", "--security-checks", tt.args.securityChecks} if len(tt.args.policyPaths) != 0 { for _, policyPath := range tt.args.policyPaths { diff --git a/integration/testdata/almalinux-8.json.golden b/integration/testdata/almalinux-8.json.golden index 20873da569..ab88cfb8c5 100644 --- a/integration/testdata/almalinux-8.json.golden +++ b/integration/testdata/almalinux-8.json.golden @@ -62,6 +62,7 @@ "SeveritySource": "alma", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3712", "DataSource": { + "ID": "alma", "Name": "AlmaLinux Product Errata", "URL": "https://errata.almalinux.org/" }, diff --git a/integration/testdata/alpine-310-registry.json.golden b/integration/testdata/alpine-310-registry.json.golden index bff8492d6e..ea9d38cebb 100644 --- a/integration/testdata/alpine-310-registry.json.golden +++ b/integration/testdata/alpine-310-registry.json.golden @@ -71,6 +71,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", "DataSource": { + "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, @@ -129,6 +130,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", "DataSource": { + "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, @@ -197,6 +199,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", "DataSource": { + "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, @@ -255,6 +258,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", "DataSource": { + "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, diff --git a/integration/testdata/alpine-310.html.golden b/integration/testdata/alpine-310.html.golden index 9fc315955c..0b369b3d94 100644 --- a/integration/testdata/alpine-310.html.golden +++ b/integration/testdata/alpine-310.html.golden @@ -51,7 +51,7 @@ } a.toggle-more-links { cursor: pointer; } - testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2) - Trivy Report - 2020-08-10T07:28:17.000958601Z + testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2) - Trivy Report - 2020-08-10 07:28:17.000958601 +0000 UTC -

testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2) - Trivy Report - 2020-08-10T07:28:17.000958601Z

+

testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2) - Trivy Report - 2020-08-10 07:28:17.000958601 +0000 UTC

{{ escapeXML .Type }}
diff --git a/integration/testdata/alpine-310.json.golden b/integration/testdata/alpine-310.json.golden index ce61abf143..76397cb6f1 100644 --- a/integration/testdata/alpine-310.json.golden +++ b/integration/testdata/alpine-310.json.golden @@ -64,6 +64,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", "DataSource": { + "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, @@ -121,6 +122,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", "DataSource": { + "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, @@ -188,6 +190,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", "DataSource": { + "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, @@ -245,6 +248,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", "DataSource": { + "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, diff --git a/integration/testdata/alpine-39-high-critical.json.golden b/integration/testdata/alpine-39-high-critical.json.golden index 9a2b279b9d..da10766c31 100644 --- a/integration/testdata/alpine-39-high-critical.json.golden +++ b/integration/testdata/alpine-39-high-critical.json.golden @@ -64,6 +64,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14697", "DataSource": { + "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, @@ -99,6 +100,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14697", "DataSource": { + "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, diff --git a/integration/testdata/alpine-39-ignore-cveids.json.golden b/integration/testdata/alpine-39-ignore-cveids.json.golden index 00baeb990e..bb5060ad0a 100644 --- a/integration/testdata/alpine-39-ignore-cveids.json.golden +++ b/integration/testdata/alpine-39-ignore-cveids.json.golden @@ -64,6 +64,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", "DataSource": { + "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, @@ -131,6 +132,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", "DataSource": { + "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, diff --git a/integration/testdata/alpine-39.json.golden b/integration/testdata/alpine-39.json.golden index 1b1796cd2c..cc6d343db5 100644 --- a/integration/testdata/alpine-39.json.golden +++ b/integration/testdata/alpine-39.json.golden @@ -64,6 +64,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", "DataSource": { + "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, @@ -121,6 +122,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", "DataSource": { + "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, @@ -188,6 +190,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1549", "DataSource": { + "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, @@ -245,6 +248,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", "DataSource": { + "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, @@ -312,6 +316,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14697", "DataSource": { + "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, @@ -347,6 +352,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14697", "DataSource": { + "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, diff --git a/integration/testdata/amazon-1.json.golden b/integration/testdata/amazon-1.json.golden index 8297b85046..0e5c8d9909 100644 --- a/integration/testdata/amazon-1.json.golden +++ b/integration/testdata/amazon-1.json.golden @@ -63,6 +63,7 @@ "SeveritySource": "amazon", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5481", "DataSource": { + "ID": "amazon", "Name": "Amazon Linux Security Center", "URL": "https://alas.aws.amazon.com/" }, diff --git a/integration/testdata/amazon-2.json.golden b/integration/testdata/amazon-2.json.golden index 759ef12d4e..327c3b0d14 100644 --- a/integration/testdata/amazon-2.json.golden +++ b/integration/testdata/amazon-2.json.golden @@ -63,6 +63,7 @@ "SeveritySource": "amazon", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5481", "DataSource": { + "ID": "amazon", "Name": "Amazon Linux Security Center", "URL": "https://alas.aws.amazon.com/" }, @@ -118,6 +119,7 @@ "SeveritySource": "amazon", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5436", "DataSource": { + "ID": "amazon", "Name": "Amazon Linux Security Center", "URL": "https://alas.aws.amazon.com/" }, diff --git a/integration/testdata/busybox-with-lockfile.json.golden b/integration/testdata/busybox-with-lockfile.json.golden index 21052c450b..9b9760933a 100644 --- a/integration/testdata/busybox-with-lockfile.json.golden +++ b/integration/testdata/busybox-with-lockfile.json.golden @@ -54,32 +54,77 @@ "Type": "cargo", "Vulnerabilities": [ { - "VulnerabilityID": "RUSTSEC-2019-0001", + "VulnerabilityID": "CVE-2019-15542", "PkgName": "ammonia", "InstalledVersion": "1.9.0", "FixedVersion": "\u003e= 2.1.0", "Layer": { "DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f" }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15542", "DataSource": { "Name": "RustSec Advisory Database", "URL": "https://github.com/RustSec/advisory-db" }, - "Severity": "UNKNOWN" + "Title": "Uncontrolled recursion leads to abort in HTML serialization", + "Description": "An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + } + }, + "References": [ + "https://crates.io/crates/ammonia", + "https://github.com/rust-ammonia/ammonia/blob/master/CHANGELOG.md#210", + "https://rustsec.org/advisories/RUSTSEC-2019-0001.html" + ], + "PublishedDate": "2019-08-26T18:15:00Z", + "LastModifiedDate": "2020-08-24T17:37:00Z" }, { - "VulnerabilityID": "RUSTSEC-2021-0074", + "VulnerabilityID": "CVE-2021-38193", "PkgName": "ammonia", "InstalledVersion": "1.9.0", "FixedVersion": "\u003e= 3.1.0, \u003e= 2.1.3, \u003c 3.0.0", "Layer": { "DiffID": "sha256:ea6f6933da66090da8bfe233d68f083792a68f944cd2d8f9fbb52da795813a4f" }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-38193", "DataSource": { "Name": "RustSec Advisory Database", "URL": "https://github.com/RustSec/advisory-db" }, - "Severity": "UNKNOWN" + "Title": "Incorrect handling of embedded SVG and MathML leads to mutation XSS", + "Description": "An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V2Score": 4.3, + "V3Score": 6.1 + } + }, + "References": [ + "https://crates.io/crates/ammonia", + "https://github.com/rust-ammonia/ammonia/pull/142", + "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/ammonia/RUSTSEC-2021-0074.md", + "https://rustsec.org/advisories/RUSTSEC-2021-0074.html" + ], + "PublishedDate": "2021-08-08T06:15:00Z", + "LastModifiedDate": "2021-08-16T16:37:00Z" } ] } diff --git a/integration/testdata/debian-buster-ignore-unfixed.json.golden b/integration/testdata/debian-buster-ignore-unfixed.json.golden index 6967028c95..f91b2f478f 100644 --- a/integration/testdata/debian-buster-ignore-unfixed.json.golden +++ b/integration/testdata/debian-buster-ignore-unfixed.json.golden @@ -66,6 +66,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18224", "DataSource": { + "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, diff --git a/integration/testdata/debian-buster.json.golden b/integration/testdata/debian-buster.json.golden index 01b642c544..745f7802e5 100644 --- a/integration/testdata/debian-buster.json.golden +++ b/integration/testdata/debian-buster.json.golden @@ -62,6 +62,7 @@ "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", "DataSource": { + "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, @@ -113,6 +114,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18224", "DataSource": { + "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, diff --git a/integration/testdata/debian-stretch.json.golden b/integration/testdata/debian-stretch.json.golden index 44d8f89edd..87111dc34c 100644 --- a/integration/testdata/debian-stretch.json.golden +++ b/integration/testdata/debian-stretch.json.golden @@ -62,6 +62,7 @@ "SeveritySource": "debian", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", "DataSource": { + "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, @@ -113,6 +114,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", "DataSource": { + "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, @@ -170,6 +172,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", "DataSource": { + "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, @@ -227,6 +230,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", "DataSource": { + "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, @@ -284,6 +288,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", "DataSource": { + "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, diff --git a/integration/testdata/distroless-base.json.golden b/integration/testdata/distroless-base.json.golden index f6d958a3bf..bbbe79bb48 100644 --- a/integration/testdata/distroless-base.json.golden +++ b/integration/testdata/distroless-base.json.golden @@ -60,6 +60,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", "DataSource": { + "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, @@ -130,6 +131,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", "DataSource": { + "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, @@ -204,6 +206,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", "DataSource": { + "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, @@ -274,6 +277,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", "DataSource": { + "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, diff --git a/integration/testdata/distroless-python27.json.golden b/integration/testdata/distroless-python27.json.golden index 7157300411..118a83df38 100644 --- a/integration/testdata/distroless-python27.json.golden +++ b/integration/testdata/distroless-python27.json.golden @@ -77,6 +77,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", "DataSource": { + "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, @@ -147,6 +148,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", "DataSource": { + "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, @@ -221,6 +223,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551", "DataSource": { + "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, @@ -291,6 +294,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1563", "DataSource": { + "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, diff --git a/integration/testdata/fixtures/db/data-source.yaml b/integration/testdata/fixtures/db/data-source.yaml index 84e6a85d4b..bd10efeee5 100644 --- a/integration/testdata/fixtures/db/data-source.yaml +++ b/integration/testdata/fixtures/db/data-source.yaml @@ -1,382 +1,141 @@ - bucket: data-source pairs: - - key: GitHub Security Advisory Composer + - key: "composer::GitHub Security Advisory Composer" value: + ID: "ghsa" Name: "GitHub Security Advisory Composer" URL: "https://github.com/advisories?query=type%%3Areviewed+ecosystem%%3Acomposer" - - key: GitHub Security Advisory Maven + - key: "maven::GitHub Security Advisory Maven" value: + ID: "ghsa" Name: "GitHub Security Advisory Maven" URL: "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven" - - key: GitHub Security Advisory Npm + - key: "npm::GitHub Security Advisory Npm" value: + ID: "ghsa" Name: "GitHub Security Advisory Npm" URL: "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" - - key: GitHub Security Advisory Nuget + - key: "nuget::GitHub Security Advisory Nuget" value: + ID: "ghsa" Name: "GitHub Security Advisory Nuget" URL: "https://github.com/advisories?query=type%%3Areviewed+ecosystem%%3Anuget" - - key: GitHub Security Advisory Pip + - key: "pip::GitHub Security Advisory Pip" value: + ID: "ghsa" Name: "GitHub Security Advisory Pip" URL: "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" - - key: GitHub Security Advisory RubyGems + - key: "rubygems::GitHub Security Advisory RubyGems" value: + ID: "ghsa" Name: "GitHub Security Advisory RubyGems" URL: "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Arubygems" - - key: Oracle Linux 5 - value: - Name: "Oracle Linux OVAL definitions" - URL: "https://linux.oracle.com/security/oval/" - - key: Oracle Linux 6 - value: - Name: "Oracle Linux OVAL definitions" - URL: "https://linux.oracle.com/security/oval/" - - key: Oracle Linux 7 - value: - Name: "Oracle Linux OVAL definitions" - URL: "https://linux.oracle.com/security/oval/" - key: Oracle Linux 8 value: + ID: "oracle-oval" Name: "Oracle Linux OVAL definitions" URL: "https://linux.oracle.com/security/oval/" - - key: Photon OS 1.0 - value: - Name: "Photon OS CVE metadata" - URL: "https://packages.vmware.com/photon/photon_cve_metadata/" - - key: Photon OS 2.0 - value: - Name: "Photon OS CVE metadata" - URL: "https://packages.vmware.com/photon/photon_cve_metadata/" - key: Photon OS 3.0 value: + ID: "photon" Name: "Photon OS CVE metadata" URL: "https://packages.vmware.com/photon/photon_cve_metadata/" - - key: Photon OS 4.0 - value: - Name: "Photon OS CVE metadata" - URL: "https://packages.vmware.com/photon/photon_cve_metadata/" - - key: SUSE Linux Enterprise 11 - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: SUSE Linux Enterprise 11-PUBCLOUD - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: SUSE Linux Enterprise 11.1 - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: SUSE Linux Enterprise 11.2 - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: SUSE Linux Enterprise 11.3 - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: SUSE Linux Enterprise 11.4 - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: SUSE Linux Enterprise 12 - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: SUSE Linux Enterprise 12.1 - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: SUSE Linux Enterprise 12.2 - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: SUSE Linux Enterprise 12.3 - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: SUSE Linux Enterprise 12.4 - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: SUSE Linux Enterprise 12.5 - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: SUSE Linux Enterprise 15 - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: SUSE Linux Enterprise 15-ESPOS - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: SUSE Linux Enterprise 15.1 - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: SUSE Linux Enterprise 15.2 - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: SUSE Linux Enterprise 15.3 - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: SUSE Linux Enterprise 15.4 - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: SUSE Linux Enterprise 5.0 - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: SUSE Linux Enterprise 5.1 - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - key: alma 8 value: + ID: "alma" Name: "AlmaLinux Product Errata" URL: "https://errata.almalinux.org/" - - key: alpine 3.10 - value: - Name: "Alpine Secdb" - URL: "https://secdb.alpinelinux.org/" - - key: alpine 3.11 - value: - Name: "Alpine Secdb" - URL: "https://secdb.alpinelinux.org/" - - key: alpine 3.12 - value: - Name: "Alpine Secdb" - URL: "https://secdb.alpinelinux.org/" - - key: alpine 3.13 - value: - Name: "Alpine Secdb" - URL: "https://secdb.alpinelinux.org/" - - key: alpine 3.14 - value: - Name: "Alpine Secdb" - URL: "https://secdb.alpinelinux.org/" - - key: alpine 3.15 - value: - Name: "Alpine Secdb" - URL: "https://secdb.alpinelinux.org/" - - key: alpine 3.2 - value: - Name: "Alpine Secdb" - URL: "https://secdb.alpinelinux.org/" - - key: alpine 3.3 - value: - Name: "Alpine Secdb" - URL: "https://secdb.alpinelinux.org/" - - key: alpine 3.4 - value: - Name: "Alpine Secdb" - URL: "https://secdb.alpinelinux.org/" - - key: alpine 3.5 - value: - Name: "Alpine Secdb" - URL: "https://secdb.alpinelinux.org/" - - key: alpine 3.6 - value: - Name: "Alpine Secdb" - URL: "https://secdb.alpinelinux.org/" - - key: alpine 3.7 - value: - Name: "Alpine Secdb" - URL: "https://secdb.alpinelinux.org/" - - key: alpine 3.8 - value: - Name: "Alpine Secdb" - URL: "https://secdb.alpinelinux.org/" - key: alpine 3.9 value: + ID: "alpine" + Name: "Alpine Secdb" + URL: "https://secdb.alpinelinux.org/" + - key: alpine 3.10 + value: + ID: "alpine" Name: "Alpine Secdb" URL: "https://secdb.alpinelinux.org/" - key: amazon linux 1 value: + ID: "amazon" Name: "Amazon Linux Security Center" URL: "https://alas.aws.amazon.com/" - key: amazon linux 2 value: + ID: "amazon" Name: "Amazon Linux Security Center" URL: "https://alas.aws.amazon.com/" - - key: archlinux - value: - Name: "Arch Linux Vulnerable issues" - URL: "https://security.archlinux.org/" - key: cargo::Open Source Vulnerability value: Name: "RustSec Advisory Database" URL: "https://github.com/RustSec/advisory-db" - key: debian 10 value: - Name: "Debian Security Tracker" - URL: "https://salsa.debian.org/security-tracker-team/security-tracker" - - key: debian 11 - value: - Name: "Debian Security Tracker" - URL: "https://salsa.debian.org/security-tracker-team/security-tracker" - - key: debian 12 - value: - Name: "Debian Security Tracker" - URL: "https://salsa.debian.org/security-tracker-team/security-tracker" - - key: debian 7 - value: - Name: "Debian Security Tracker" - URL: "https://salsa.debian.org/security-tracker-team/security-tracker" - - key: debian 8 - value: + ID: "debian" Name: "Debian Security Tracker" URL: "https://salsa.debian.org/security-tracker-team/security-tracker" - key: debian 9 value: + ID: "debian" Name: "Debian Security Tracker" URL: "https://salsa.debian.org/security-tracker-team/security-tracker" - key: go::GitLab Advisory Database Community value: + ID: "glad" Name: "GitLab Advisory Database Community" URL: "https://gitlab.com/gitlab-org/advisories-community" - key: go::The Go Vulnerability Database value: + ID: "go-vulndb" Name: "The Go Vulnerability Database" URL: "https://github.com/golang/vulndb" - key: maven::GitLab Advisory Database Community value: + ID: "glad" Name: "GitLab Advisory Database Community" URL: "https://gitlab.com/gitlab-org/advisories-community" - - key: nodejs-security-wg + - key: npm::nodejs-security-wg value: + ID: "nodejs-security-wg" Name: "Node.js Ecosystem Security Working Group" URL: "https://github.com/nodejs/security-wg" - key: openSUSE Leap 15.0 value: + ID: "suse-cvrf" Name: "SUSE CVRF" URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - key: openSUSE Leap 15.1 value: + ID: "suse-cvrf" Name: "SUSE CVRF" URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: openSUSE Leap 15.2 - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: openSUSE Leap 15.3 - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: openSUSE Leap 15.4 - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: openSUSE Leap 42.1 - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: openSUSE Leap 42.2 - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: openSUSE Leap 42.3 - value: - Name: "SUSE CVRF" - URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - - key: php-security-advisories + - key: composer::php-security-advisories value: + ID: "php-security-advisories" Name: "PHP Security Advisories Database" URL: "https://github.com/FriendsOfPHP/security-advisories" - key: pip::Open Source Vulnerability value: + ID: "osv" Name: "Python Packaging Advisory Database" URL: "https://github.com/pypa/advisory-db" - key: rocky 8 value: + ID: "rocky" Name: "Rocky Linux updateinfo" URL: "https://download.rockylinux.org/pub/rocky/" - - key: ruby-advisory-db + - key: rubygems::ruby-advisory-db value: + ID: "ruby-advisory-db" Name: "Ruby Advisory Database" URL: "https://github.com/rubysec/ruby-advisory-db" - - key: ubuntu 12.04 - value: - Name: "Ubuntu CVE Tracker" - URL: "https://git.launchpad.net/ubuntu-cve-tracker" - - key: ubuntu 12.10 - value: - Name: "Ubuntu CVE Tracker" - URL: "https://git.launchpad.net/ubuntu-cve-tracker" - - key: ubuntu 13.04 - value: - Name: "Ubuntu CVE Tracker" - URL: "https://git.launchpad.net/ubuntu-cve-tracker" - - key: ubuntu 13.10 - value: - Name: "Ubuntu CVE Tracker" - URL: "https://git.launchpad.net/ubuntu-cve-tracker" - - key: ubuntu 14.04 - value: - Name: "Ubuntu CVE Tracker" - URL: "https://git.launchpad.net/ubuntu-cve-tracker" - - key: ubuntu 14.10 - value: - Name: "Ubuntu CVE Tracker" - URL: "https://git.launchpad.net/ubuntu-cve-tracker" - - key: ubuntu 15.04 - value: - Name: "Ubuntu CVE Tracker" - URL: "https://git.launchpad.net/ubuntu-cve-tracker" - - key: ubuntu 15.10 - value: - Name: "Ubuntu CVE Tracker" - URL: "https://git.launchpad.net/ubuntu-cve-tracker" - - key: ubuntu 16.04 - value: - Name: "Ubuntu CVE Tracker" - URL: "https://git.launchpad.net/ubuntu-cve-tracker" - - key: ubuntu 16.10 - value: - Name: "Ubuntu CVE Tracker" - URL: "https://git.launchpad.net/ubuntu-cve-tracker" - - key: ubuntu 17.04 - value: - Name: "Ubuntu CVE Tracker" - URL: "https://git.launchpad.net/ubuntu-cve-tracker" - - key: ubuntu 17.10 - value: - Name: "Ubuntu CVE Tracker" - URL: "https://git.launchpad.net/ubuntu-cve-tracker" - key: ubuntu 18.04 value: + ID: "ubuntu" Name: "Ubuntu CVE Tracker" URL: "https://git.launchpad.net/ubuntu-cve-tracker" - - key: ubuntu 18.10 + - key: CBL-Mariner 1.0 value: - Name: "Ubuntu CVE Tracker" - URL: "https://git.launchpad.net/ubuntu-cve-tracker" - - key: ubuntu 19.04 - value: - Name: "Ubuntu CVE Tracker" - URL: "https://git.launchpad.net/ubuntu-cve-tracker" - - key: ubuntu 19.10 - value: - Name: "Ubuntu CVE Tracker" - URL: "https://git.launchpad.net/ubuntu-cve-tracker" - - key: ubuntu 20.04 - value: - Name: "Ubuntu CVE Tracker" - URL: "https://git.launchpad.net/ubuntu-cve-tracker" - - key: ubuntu 20.10 - value: - Name: "Ubuntu CVE Tracker" - URL: "https://git.launchpad.net/ubuntu-cve-tracker" - - key: ubuntu 21.04 - value: - Name: "Ubuntu CVE Tracker" - URL: "https://git.launchpad.net/ubuntu-cve-tracker" - - key: ubuntu 21.10 - value: - Name: "Ubuntu CVE Tracker" - URL: "https://git.launchpad.net/ubuntu-cve-tracker" \ No newline at end of file + ID: "cbl-mariner" + Name: "CBL-Mariner Vulnerability Data" + URL: "https://github.com/microsoft/CBL-MarinerVulnerabilityData" diff --git a/integration/testdata/fixtures/db/java.yaml b/integration/testdata/fixtures/db/java.yaml new file mode 100644 index 0000000000..01e12578a6 --- /dev/null +++ b/integration/testdata/fixtures/db/java.yaml @@ -0,0 +1,20 @@ +- bucket: maven::GitHub Security Advisory Maven + pairs: + - bucket: com.fasterxml.jackson.core:jackson-databind + pairs: + - key: CVE-2020-9548 + value: + PatchedVersions: + - 2.9.10.4 + VulnerableVersions: + - ">= 2.0.0, <= 2.9.10.3" +- bucket: maven::GitLab Advisory Database Community + pairs: + - bucket: com.fasterxml.jackson.core:jackson-databind + pairs: + - key: CVE-2021-20190 + value: + PatchedVersions: + - 2.9.10.7 + VulnerableVersions: + - "[2.9.0,2.9.10.7)" diff --git a/integration/testdata/fixtures/db/nodejs.yaml b/integration/testdata/fixtures/db/nodejs.yaml index e3de2f5a71..af22671978 100644 --- a/integration/testdata/fixtures/db/nodejs.yaml +++ b/integration/testdata/fixtures/db/nodejs.yaml @@ -1,4 +1,4 @@ -- bucket: GitHub Security Advisory Npm +- bucket: "npm::GitHub Security Advisory Npm" pairs: - bucket: jquery pairs: diff --git a/integration/testdata/fixtures/db/python.yaml b/integration/testdata/fixtures/db/python.yaml index 0024f5a4e3..2d484feff1 100644 --- a/integration/testdata/fixtures/db/python.yaml +++ b/integration/testdata/fixtures/db/python.yaml @@ -1,4 +1,4 @@ -- bucket: GitHub Security Advisory Pip +- bucket: "pip::GitHub Security Advisory Pip" pairs: - bucket: werkzeug pairs: diff --git a/integration/testdata/fixtures/db/ruby.yaml b/integration/testdata/fixtures/db/ruby.yaml index 6bbc3479cc..802c7b9b05 100644 --- a/integration/testdata/fixtures/db/ruby.yaml +++ b/integration/testdata/fixtures/db/ruby.yaml @@ -1,4 +1,4 @@ -- bucket: GitHub Security Advisory RubyGems +- bucket: "rubygems::GitHub Security Advisory RubyGems" pairs: - bucket: activesupport pairs: diff --git a/integration/testdata/fixtures/db/rust.yaml b/integration/testdata/fixtures/db/rust.yaml index b4256d1593..a6c80c4358 100644 --- a/integration/testdata/fixtures/db/rust.yaml +++ b/integration/testdata/fixtures/db/rust.yaml @@ -2,11 +2,11 @@ pairs: - bucket: ammonia pairs: - - key: RUSTSEC-2019-0001 + - key: CVE-2019-15542 value: PatchedVersions: - ">= 2.1.0" - - key: RUSTSEC-2021-0074 + - key: CVE-2021-38193 value: PatchedVersions: - ">= 3.1.0" diff --git a/integration/testdata/fixtures/db/vulnerability.yaml b/integration/testdata/fixtures/db/vulnerability.yaml index b5b71dae1e..4a47f3c3b9 100644 --- a/integration/testdata/fixtures/db/vulnerability.yaml +++ b/integration/testdata/fixtures/db/vulnerability.yaml @@ -132,7 +132,7 @@ Severity: CRITICAL Title: "nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties" VendorSeverity: - ghsa-npm: 4.0 + ghsa: 4.0 nvd: 4.0 redhat: 3.0 - key: CVE-2019-11358 @@ -237,7 +237,7 @@ alma: 2.0 amazon: 2.0 arch-linux: 2.0 - ghsa-npm: 2.0 + ghsa: 2.0 nodejs-security-wg: 2.0 nvd: 2.0 oracle-oval: 2.0 @@ -294,7 +294,7 @@ Severity: HIGH Title: "python-werkzeug: insufficient debugger PIN randomness vulnerability" VendorSeverity: - ghsa-pip: 3.0 + ghsa: 3.0 nvd: 3.0 redhat: 2.0 ubuntu: 1.0 @@ -400,6 +400,27 @@ photon: 2.0 redhat: 1.0 ubuntu: 1.0 + - key: CVE-2019-15542 + value: + CVSS: + nvd: + V2Score: 5.0 + V2Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P + V3Score: 7.5 + V3Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + CweIDs: + - CWE-674 + Description: An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization. + LastModifiedDate: 2020-08-24T17:37:00Z + PublishedDate: 2019-08-26T18:15:00Z + References: + - https://crates.io/crates/ammonia + - "https://github.com/rust-ammonia/ammonia/blob/master/CHANGELOG.md#210" + - https://rustsec.org/advisories/RUSTSEC-2019-0001.html + Severity: HIGH + Title: Uncontrolled recursion leads to abort in HTML serialization + VendorSeverity: + nvd: 3.0 - key: CVE-2019-1559 value: CVSS: @@ -816,7 +837,7 @@ Severity: MEDIUM Title: "python-werkzeug: open redirect via double slash in the URL" VendorSeverity: - ghsa-pip: 2.0 + ghsa: 2.0 nvd: 2.0 redhat: 2.0 ubuntu: 2.0 @@ -887,9 +908,83 @@ Severity: CRITICAL Title: "rubygem-activesupport: potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore" VendorSeverity: - ghsa-rubygems: 3.0 + ghsa: 3.0 nvd: 4.0 redhat: 3.0 + - key: CVE-2020-9548 + value: + CVSS: + nvd: + V2Score: 6.8 + V2Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P + V3Score: 9.8 + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + redhat: + V3Score: 8.1 + V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + CweIDs: + - CWE-502 + Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). + LastModifiedDate: 2021-12-02T21:23:00Z + PublishedDate: 2020-03-02T04:15:00Z + References: + - https://access.redhat.com/security/cve/CVE-2020-9548 + - https://github.com/FasterXML/jackson-databind/issues/2634 + - https://github.com/advisories/GHSA-p43x-xfjf-5jhr + - https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E + - https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E + - https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E + - https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E + - https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E + - https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E + - https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E + - https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E + - https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html + - https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 + - https://nvd.nist.gov/vuln/detail/CVE-2020-9548 + - https://security.netapp.com/advisory/ntap-20200904-0006/ + - https://www.oracle.com/security-alerts/cpujan2021.html + - https://www.oracle.com/security-alerts/cpujul2020.html + - https://www.oracle.com/security-alerts/cpuoct2020.html + - https://www.oracle.com/security-alerts/cpuoct2021.html + Severity: CRITICAL + Title: "jackson-databind: Serialization gadgets in anteros-core" + VendorSeverity: + ghsa: 4.0 + nvd: 4.0 + redhat: 3.0 + - key: CVE-2021-20190 + value: + CVSS: + nvd: + V2Score: 8.3 + V2Vector: AV:N/AC:M/Au:N/C:P/I:P/A:C + V3Score: 8.1 + V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + redhat: + V3Score: 8.1 + V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + CweIDs: + - CWE-502 + Description: A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. + LastModifiedDate: 2021-07-20T23:15:00Z + PublishedDate: 2021-01-19T17:15:00Z + References: + - https://access.redhat.com/security/cve/CVE-2021-20190 + - https://bugzilla.redhat.com/show_bug.cgi?id=1916633 + - https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a + - https://github.com/FasterXML/jackson-databind/issues/2854 + - https://github.com/advisories/GHSA-5949-rw7g-wx7w + - https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E + - https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html + - https://nvd.nist.gov/vuln/detail/CVE-2021-20190 + - https://security.netapp.com/advisory/ntap-20210219-0008/ + Severity: HIGH + Title: "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing" + VendorSeverity: + ghsa: 3.0 + nvd: 3.0 + redhat: 3.0 - key: CVE-2021-3712 value: CVSS: @@ -947,6 +1042,28 @@ redhat: 2.0 rocky: 2.0 ubuntu: 2.0 + - key: CVE-2021-38193 + value: + CVSS: + nvd: + V2Score: 4.3 + V2Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N + V3Score: 6.1 + V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + CweIDs: + - CWE-79 + Description: An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870. + LastModifiedDate: 2021-08-16T16:37:00Z + PublishedDate: 2021-08-08T06:15:00Z + References: + - https://crates.io/crates/ammonia + - https://github.com/rust-ammonia/ammonia/pull/142 + - https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/ammonia/RUSTSEC-2021-0074.md + - https://rustsec.org/advisories/RUSTSEC-2021-0074.html + Severity: MEDIUM + Title: Incorrect handling of embedded SVG and MathML leads to mutation XSS + VendorSeverity: + nvd: 2.0 - key: CVE-2022-0158 value: CVSS: diff --git a/integration/testdata/fixtures/fs/pom/pom.xml b/integration/testdata/fixtures/fs/pom/pom.xml new file mode 100644 index 0000000000..0f4214b5d2 --- /dev/null +++ b/integration/testdata/fixtures/fs/pom/pom.xml @@ -0,0 +1,59 @@ + + + 4.0.0 + + com.example + log4shell + 1.0-SNAPSHOT + log4shell + war + + + UTF-8 + 1.8 + 1.8 + 5.7.1 + + + + + javax.servlet + javax.servlet-api + 4.0.1 + provided + + + org.junit.jupiter + junit-jupiter-api + ${junit.version} + test + + + org.junit.jupiter + junit-jupiter-engine + ${junit.version} + test + + + + + com.fasterxml.jackson.core + jackson-databind + 2.9.1 + + + + + + + org.apache.maven.plugins + maven-war-plugin + 3.3.1 + + + + + + \ No newline at end of file diff --git a/integration/testdata/fluentd-gems.json.golden b/integration/testdata/fluentd-gems.json.golden index 11b18c1a89..23ba1be3ec 100644 --- a/integration/testdata/fluentd-gems.json.golden +++ b/integration/testdata/fluentd-gems.json.golden @@ -119,6 +119,7 @@ "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18224", "DataSource": { + "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, @@ -175,15 +176,16 @@ "Layer": { "DiffID": "sha256:75e43d55939745950bc3f8fad56c5834617c4339f0f54755e69a0dd5372624e9" }, - "SeveritySource": "nvd", + "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-8165", "DataSource": { + "ID": "ghsa", "Name": "GitHub Security Advisory RubyGems", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Arubygems" }, "Title": "rubygem-activesupport: potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore", "Description": "A deserialization of untrusted data vulnernerability exists in rails \u003c 5.2.4.3, rails \u003c 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.", - "Severity": "CRITICAL", + "Severity": "HIGH", "CweIDs": [ "CWE-502" ], diff --git a/integration/testdata/mariner-1.0.json.golden b/integration/testdata/mariner-1.0.json.golden index 9bddd459b7..cfd2be34f2 100644 --- a/integration/testdata/mariner-1.0.json.golden +++ b/integration/testdata/mariner-1.0.json.golden @@ -44,7 +44,13 @@ "Layer": { "DiffID": "sha256:4266328c97a194b2ca52ec83bc05496596303f5e9b244ffa99cf84763a487804" }, + "SeveritySource": "cbl-mariner", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0261", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, "Title": "CVE-2022-0261 affecting package vim 8.2.4081", "Description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "Severity": "HIGH", @@ -67,8 +73,13 @@ "Layer": { "DiffID": "sha256:4266328c97a194b2ca52ec83bc05496596303f5e9b244ffa99cf84763a487804" }, - "SeveritySource": "nvd", + "SeveritySource": "cbl-mariner", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0158", + "DataSource": { + "ID": "cbl-mariner", + "Name": "CBL-Mariner Vulnerability Data", + "URL": "https://github.com/microsoft/CBL-MarinerVulnerabilityData" + }, "Title": "vim: heap-based read buffer overflow in compile_get_env()", "Description": "vim is vulnerable to Heap-based Buffer Overflow", "Severity": "LOW", diff --git a/integration/testdata/nodejs.json.golden b/integration/testdata/nodejs.json.golden index 5d61c1d0c5..f791004ffb 100644 --- a/integration/testdata/nodejs.json.golden +++ b/integration/testdata/nodejs.json.golden @@ -26,9 +26,10 @@ "InstalledVersion": "3.3.9", "FixedVersion": "3.4.0", "Layer": {}, - "SeveritySource": "nodejs-security-wg", + "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11358", "DataSource": { + "ID": "ghsa", "Name": "GitHub Security Advisory Npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, @@ -140,9 +141,10 @@ "InstalledVersion": "4.17.4", "FixedVersion": "4.17.12", "Layer": {}, - "SeveritySource": "ghsa-npm", + "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-10744", "DataSource": { + "ID": "ghsa", "Name": "GitHub Security Advisory Npm", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm" }, diff --git a/integration/testdata/opensuse-leap-151.json.golden b/integration/testdata/opensuse-leap-151.json.golden index 20d8491d4a..3a68cc0314 100644 --- a/integration/testdata/opensuse-leap-151.json.golden +++ b/integration/testdata/opensuse-leap-151.json.golden @@ -68,7 +68,10 @@ "Layer": { "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" }, + "SeveritySource": "suse-cvrf", + "PrimaryURL": "https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html", "DataSource": { + "ID": "suse-cvrf", "Name": "SUSE CVRF", "URL": "https://ftp.suse.com/pub/projects/security/cvrf/" }, @@ -88,7 +91,10 @@ "Layer": { "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff" }, + "SeveritySource": "suse-cvrf", + "PrimaryURL": "https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html", "DataSource": { + "ID": "suse-cvrf", "Name": "SUSE CVRF", "URL": "https://ftp.suse.com/pub/projects/security/cvrf/" }, diff --git a/integration/testdata/oraclelinux-8-slim.json.golden b/integration/testdata/oraclelinux-8-slim.json.golden index a6dffdbc37..a1824b010b 100644 --- a/integration/testdata/oraclelinux-8-slim.json.golden +++ b/integration/testdata/oraclelinux-8-slim.json.golden @@ -69,15 +69,16 @@ "Layer": { "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" }, - "SeveritySource": "nvd", + "SeveritySource": "oracle-oval", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3823", "DataSource": { + "ID": "oracle-oval", "Name": "Oracle Linux OVAL definitions", "URL": "https://linux.oracle.com/security/oval/" }, "Title": "curl: SMTP end-of-response out-of-bounds read", "Description": "libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.", - "Severity": "HIGH", + "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], @@ -123,15 +124,16 @@ "Layer": { "DiffID": "sha256:e3196b7450602f5547c52d197255dfa96a006ea9c52c19bf3ba2d5412a4b161e" }, - "SeveritySource": "nvd", + "SeveritySource": "oracle-oval", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5436", "DataSource": { + "ID": "oracle-oval", "Name": "Oracle Linux OVAL definitions", "URL": "https://linux.oracle.com/security/oval/" }, "Title": "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function", "Description": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", - "Severity": "HIGH", + "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], diff --git a/integration/testdata/photon-30.json.golden b/integration/testdata/photon-30.json.golden index f602ea56c6..644252c44f 100644 --- a/integration/testdata/photon-30.json.golden +++ b/integration/testdata/photon-30.json.golden @@ -73,6 +73,7 @@ "SeveritySource": "photon", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", "DataSource": { + "ID": "photon", "Name": "Photon OS CVE metadata", "URL": "https://packages.vmware.com/photon/photon_cve_metadata/" }, @@ -121,6 +122,7 @@ "SeveritySource": "photon", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5481", "DataSource": { + "ID": "photon", "Name": "Photon OS CVE metadata", "URL": "https://packages.vmware.com/photon/photon_cve_metadata/" }, @@ -176,6 +178,7 @@ "SeveritySource": "photon", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5481", "DataSource": { + "ID": "photon", "Name": "Photon OS CVE metadata", "URL": "https://packages.vmware.com/photon/photon_cve_metadata/" }, diff --git a/integration/testdata/pip.json.golden b/integration/testdata/pip.json.golden index 159f7a9493..3469cf0971 100644 --- a/integration/testdata/pip.json.golden +++ b/integration/testdata/pip.json.golden @@ -26,9 +26,10 @@ "InstalledVersion": "0.11", "FixedVersion": "0.15.3", "Layer": {}, - "SeveritySource": "nvd", + "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14806", "DataSource": { + "ID": "ghsa", "Name": "GitHub Security Advisory Pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, @@ -71,9 +72,10 @@ "InstalledVersion": "0.11", "FixedVersion": "0.11.6", "Layer": {}, - "SeveritySource": "nvd", + "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-28724", "DataSource": { + "ID": "ghsa", "Name": "GitHub Security Advisory Pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, diff --git a/integration/testdata/pom.json.golden b/integration/testdata/pom.json.golden new file mode 100644 index 0000000000..625b2e5ea4 --- /dev/null +++ b/integration/testdata/pom.json.golden @@ -0,0 +1,126 @@ +{ + "SchemaVersion": 2, + "ArtifactName": "testdata/fixtures/fs/pom", + "ArtifactType": "filesystem", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "pom.xml", + "Class": "lang-pkgs", + "Type": "pom", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2020-9548", + "PkgName": "com.fasterxml.jackson.core:jackson-databind", + "InstalledVersion": "2.9.1", + "FixedVersion": "2.9.10.4", + "Layer": {}, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-9548", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Maven", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven" + }, + "Title": "jackson-databind: Serialization gadgets in anteros-core", + "Description": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-502" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2020-9548", + "https://github.com/FasterXML/jackson-databind/issues/2634", + "https://github.com/advisories/GHSA-p43x-xfjf-5jhr", + "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html", + "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", + "https://nvd.nist.gov/vuln/detail/CVE-2020-9548", + "https://security.netapp.com/advisory/ntap-20200904-0006/", + "https://www.oracle.com/security-alerts/cpujan2021.html", + "https://www.oracle.com/security-alerts/cpujul2020.html", + "https://www.oracle.com/security-alerts/cpuoct2020.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html" + ], + "PublishedDate": "2020-03-02T04:15:00Z", + "LastModifiedDate": "2021-12-02T21:23:00Z" + }, + { + "VulnerabilityID": "CVE-2021-20190", + "PkgName": "com.fasterxml.jackson.core:jackson-databind", + "InstalledVersion": "2.9.1", + "FixedVersion": "2.9.10.7", + "Layer": {}, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-20190", + "DataSource": { + "ID": "glad", + "Name": "GitLab Advisory Database Community", + "URL": "https://gitlab.com/gitlab-org/advisories-community" + }, + "Title": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing", + "Description": "A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-502" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 8.3, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-20190", + "https://bugzilla.redhat.com/show_bug.cgi?id=1916633", + "https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a", + "https://github.com/FasterXML/jackson-databind/issues/2854", + "https://github.com/advisories/GHSA-5949-rw7g-wx7w", + "https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-20190", + "https://security.netapp.com/advisory/ntap-20210219-0008/" + ], + "PublishedDate": "2021-01-19T17:15:00Z", + "LastModifiedDate": "2021-07-20T23:15:00Z" + } + ] + } + ] +} \ No newline at end of file diff --git a/integration/testdata/rockylinux-8.json.golden b/integration/testdata/rockylinux-8.json.golden index e0df654b38..4dea9e99db 100644 --- a/integration/testdata/rockylinux-8.json.golden +++ b/integration/testdata/rockylinux-8.json.golden @@ -62,6 +62,7 @@ "SeveritySource": "rocky", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3712", "DataSource": { + "ID": "rocky", "Name": "Rocky Linux updateinfo", "URL": "https://download.rockylinux.org/pub/rocky/" }, diff --git a/integration/testdata/ubuntu-1804-ignore-unfixed.json.golden b/integration/testdata/ubuntu-1804-ignore-unfixed.json.golden index 70677f8bb1..bbe8da088b 100644 --- a/integration/testdata/ubuntu-1804-ignore-unfixed.json.golden +++ b/integration/testdata/ubuntu-1804-ignore-unfixed.json.golden @@ -81,6 +81,7 @@ "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", "DataSource": { + "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, @@ -135,6 +136,7 @@ "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", "DataSource": { + "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, @@ -189,6 +191,7 @@ "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", "DataSource": { + "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, @@ -243,6 +246,7 @@ "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", "DataSource": { + "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, diff --git a/integration/testdata/ubuntu-1804.json.golden b/integration/testdata/ubuntu-1804.json.golden index 2d166f3d9b..367f0cc9ad 100644 --- a/integration/testdata/ubuntu-1804.json.golden +++ b/integration/testdata/ubuntu-1804.json.golden @@ -80,6 +80,7 @@ "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276", "DataSource": { + "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, @@ -128,6 +129,7 @@ "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", "DataSource": { + "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, @@ -182,6 +184,7 @@ "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", "DataSource": { + "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, @@ -236,6 +239,7 @@ "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", "DataSource": { + "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, @@ -290,6 +294,7 @@ "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5094", "DataSource": { + "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, diff --git a/pkg/detector/library/advisory.go b/pkg/detector/library/advisory.go deleted file mode 100644 index 5c0d378290..0000000000 --- a/pkg/detector/library/advisory.go +++ /dev/null @@ -1,76 +0,0 @@ -package library - -import ( - "fmt" - "strings" - - "golang.org/x/xerrors" - - "github.com/aquasecurity/trivy-db/pkg/db" - dbTypes "github.com/aquasecurity/trivy-db/pkg/types" - "github.com/aquasecurity/trivy/pkg/detector/library/comparer" - "github.com/aquasecurity/trivy/pkg/types" -) - -// Advisory represents security advisories for each programming language -type Advisory struct { - ecosystem string - comparer comparer.Comparer -} - -// NewAdvisory is the factory method of Advisory -func NewAdvisory(ecosystem string, comparer comparer.Comparer) *Advisory { - return &Advisory{ - ecosystem: ecosystem, - comparer: comparer, - } -} - -// DetectVulnerabilities scans buckets with the prefix according to the ecosystem in "Advisory". -// If "ecosystem" is pip, it looks for buckets with "pip::" and gets security advisories from those buckets. -// It allows us to add a new data source with the ecosystem prefix (e.g. pip::new-data-source) -// and detect vulnerabilities without specifying a specific bucket name. -func (s *Advisory) DetectVulnerabilities(pkgName, pkgVer string) ([]types.DetectedVulnerability, error) { - // e.g. "pip::", "npm::" - prefix := fmt.Sprintf("%s::", s.ecosystem) - advisories, err := db.Config{}.GetAdvisories(prefix, pkgName) - if err != nil { - return nil, xerrors.Errorf("failed to get %s advisories: %w", s.ecosystem, err) - } - - var vulns []types.DetectedVulnerability - for _, advisory := range advisories { - if !s.comparer.IsVulnerable(pkgVer, advisory) { - continue - } - - vuln := types.DetectedVulnerability{ - VulnerabilityID: advisory.VulnerabilityID, - PkgName: pkgName, - InstalledVersion: pkgVer, - FixedVersion: s.createFixedVersions(advisory), - DataSource: advisory.DataSource, - } - vulns = append(vulns, vuln) - } - - return vulns, nil -} - -func (s *Advisory) createFixedVersions(advisory dbTypes.Advisory) string { - if len(advisory.PatchedVersions) != 0 { - return strings.Join(advisory.PatchedVersions, ", ") - } - - var fixedVersions []string - for _, version := range advisory.VulnerableVersions { - for _, s := range strings.Split(version, ",") { - s = strings.TrimSpace(s) - if !strings.HasPrefix(s, "<=") && strings.HasPrefix(s, "<") { - s = strings.TrimPrefix(s, "<") - fixedVersions = append(fixedVersions, strings.TrimSpace(s)) - } - } - } - return strings.Join(fixedVersions, ", ") -} diff --git a/pkg/detector/library/advisory_test.go b/pkg/detector/library/advisory_test.go deleted file mode 100644 index 7f14cffee1..0000000000 --- a/pkg/detector/library/advisory_test.go +++ /dev/null @@ -1,118 +0,0 @@ -package library_test - -import ( - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - - "github.com/aquasecurity/trivy-db/pkg/db" - "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" - "github.com/aquasecurity/trivy/pkg/dbtest" - "github.com/aquasecurity/trivy/pkg/detector/library" - "github.com/aquasecurity/trivy/pkg/detector/library/bundler" - "github.com/aquasecurity/trivy/pkg/detector/library/comparer" - "github.com/aquasecurity/trivy/pkg/types" -) - -func TestAdvisory_DetectVulnerabilities(t *testing.T) { - type args struct { - pkgName string - pkgVer string - } - tests := []struct { - name string - fixtures []string - ecosystem string - comparer comparer.Comparer - args args - want []types.DetectedVulnerability - wantErr string - }{ - { - name: "happy path", - fixtures: []string{"testdata/fixtures/php.yaml"}, - ecosystem: vulnerability.Composer, - comparer: comparer.GenericComparer{}, - args: args{ - pkgName: "symfony/symfony", - pkgVer: "4.2.6", - }, - want: []types.DetectedVulnerability{ - { - VulnerabilityID: "CVE-2019-10909", - PkgName: "symfony/symfony", - InstalledVersion: "4.2.6", - FixedVersion: "4.2.7", - }, - }, - }, - { - name: "no patched versions in the advisory", - fixtures: []string{"testdata/fixtures/php.yaml"}, - ecosystem: vulnerability.Composer, - comparer: comparer.GenericComparer{}, - args: args{ - pkgName: "symfony/symfony", - pkgVer: "4.4.6", - }, - want: []types.DetectedVulnerability{ - { - VulnerabilityID: "CVE-2020-5275", - PkgName: "symfony/symfony", - InstalledVersion: "4.4.6", - FixedVersion: "4.4.7", - }, - }, - }, - { - name: "no vulnerable versions in the advisory", - fixtures: []string{"testdata/fixtures/ruby.yaml"}, - ecosystem: vulnerability.RubyGems, - comparer: bundler.RubyGemsComparer{}, - args: args{ - pkgName: "activesupport", - pkgVer: "4.1.1", - }, - want: []types.DetectedVulnerability{ - { - VulnerabilityID: "CVE-2015-3226", - PkgName: "activesupport", - InstalledVersion: "4.1.1", - FixedVersion: ">= 4.2.2, ~> 4.1.11", - }, - }, - }, - { - name: "no vulnerability", - fixtures: []string{"testdata/fixtures/php.yaml"}, - ecosystem: vulnerability.Composer, - comparer: comparer.GenericComparer{}, - args: args{ - pkgName: "symfony/symfony", - pkgVer: "4.4.7", - }, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - // Initialize DB - _ = dbtest.InitDB(t, tt.fixtures) - defer db.Close() - - adv := library.NewAdvisory(tt.ecosystem, tt.comparer) - got, err := adv.DetectVulnerabilities(tt.args.pkgName, tt.args.pkgVer) - - switch { - case tt.wantErr != "": - require.NotNil(t, err) - assert.Contains(t, err.Error(), tt.wantErr) - default: - assert.NoError(t, err) - } - - // Compare - assert.Equal(t, tt.want, got) - }) - } -} diff --git a/pkg/detector/library/bundler/advisory.go b/pkg/detector/library/bundler/advisory.go deleted file mode 100644 index 41c45512be..0000000000 --- a/pkg/detector/library/bundler/advisory.go +++ /dev/null @@ -1,49 +0,0 @@ -package bundler - -import ( - "strings" - - "golang.org/x/xerrors" - - bundlerSrc "github.com/aquasecurity/trivy-db/pkg/vulnsrc/bundler" - "github.com/aquasecurity/trivy/pkg/types" -) - -// Advisory implements the bundler VulnSrc -type Advisory struct { - comparer RubyGemsComparer - vs bundlerSrc.VulnSrc -} - -// NewAdvisory is the factory method to return bundler.Advisory -func NewAdvisory() *Advisory { - return &Advisory{ - vs: bundlerSrc.NewVulnSrc(), - comparer: RubyGemsComparer{}, - } -} - -// DetectVulnerabilities scans and returns Vulnerability in bundler -func (a *Advisory) DetectVulnerabilities(pkgName, pkgVer string) ([]types.DetectedVulnerability, error) { - advisories, err := a.vs.Get(pkgName) - if err != nil { - return nil, xerrors.Errorf("failed to get bundler advisories: %w", err) - } - - var vulns []types.DetectedVulnerability - for _, advisory := range advisories { - if !a.comparer.IsVulnerable(pkgVer, advisory) { - continue - } - - vuln := types.DetectedVulnerability{ - VulnerabilityID: advisory.VulnerabilityID, - PkgName: strings.TrimSpace(pkgName), - InstalledVersion: pkgVer, - FixedVersion: strings.Join(advisory.PatchedVersions, ", "), - DataSource: advisory.DataSource, - } - vulns = append(vulns, vuln) - } - return vulns, nil -} diff --git a/pkg/detector/library/bundler/advisory_test.go b/pkg/detector/library/bundler/advisory_test.go deleted file mode 100644 index 9d6fa35e91..0000000000 --- a/pkg/detector/library/bundler/advisory_test.go +++ /dev/null @@ -1,89 +0,0 @@ -package bundler_test - -import ( - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - - "github.com/aquasecurity/trivy-db/pkg/db" - dbTypes "github.com/aquasecurity/trivy-db/pkg/types" - "github.com/aquasecurity/trivy/pkg/dbtest" - "github.com/aquasecurity/trivy/pkg/detector/library/bundler" - "github.com/aquasecurity/trivy/pkg/types" -) - -func TestAdvisory_DetectVulnerabilities(t *testing.T) { - type args struct { - pkgName string - pkgVer string - } - tests := []struct { - name string - args args - fixtures []string - want []types.DetectedVulnerability - wantErr string - }{ - { - name: "detected", - args: args{ - pkgName: "activesupport", - pkgVer: "4.1.1", - }, - fixtures: []string{ - "testdata/fixtures/gem.yaml", - "testdata/fixtures/data-source.yaml", - }, - want: []types.DetectedVulnerability{ - { - PkgName: "activesupport", - InstalledVersion: "4.1.1", - VulnerabilityID: "CVE-2015-3226", - FixedVersion: ">= 4.2.2, ~> 4.1.11", - DataSource: &dbTypes.DataSource{ - Name: "Ruby Advisory Database", - URL: "https://github.com/rubysec/ruby-advisory-db", - }, - }, - }, - }, - { - name: "not detected", - args: args{ - pkgName: "activesupport", - pkgVer: "4.1.0.a", - }, - fixtures: []string{"testdata/fixtures/gem.yaml"}, - want: nil, - }, - { - name: "invalid JSON", - args: args{ - pkgName: "activesupport", - pkgVer: "4.1.0", - }, - fixtures: []string{"testdata/fixtures/invalid-type.yaml"}, - want: nil, - wantErr: "failed to unmarshal advisory JSON", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - _ = dbtest.InitDB(t, tt.fixtures) - defer db.Close() - - a := bundler.NewAdvisory() - got, err := a.DetectVulnerabilities(tt.args.pkgName, tt.args.pkgVer) - if tt.wantErr != "" { - require.NotNil(t, err) - assert.Contains(t, err.Error(), tt.wantErr) - return - } - - assert.NoError(t, err) - assert.Equal(t, tt.want, got) - }) - } -} diff --git a/pkg/detector/library/bundler/testdata/fixtures/data-source.yaml b/pkg/detector/library/bundler/testdata/fixtures/data-source.yaml deleted file mode 100644 index faa403ec4a..0000000000 --- a/pkg/detector/library/bundler/testdata/fixtures/data-source.yaml +++ /dev/null @@ -1,6 +0,0 @@ -- bucket: data-source - pairs: - - key: ruby-advisory-db - value: - Name: "Ruby Advisory Database" - URL: "https://github.com/rubysec/ruby-advisory-db" diff --git a/pkg/detector/library/bundler/testdata/fixtures/gem.yaml b/pkg/detector/library/bundler/testdata/fixtures/gem.yaml deleted file mode 100644 index a1a7aac9b7..0000000000 --- a/pkg/detector/library/bundler/testdata/fixtures/gem.yaml +++ /dev/null @@ -1,11 +0,0 @@ -- bucket: ruby-advisory-db - pairs: - - bucket: activesupport - pairs: - - key: CVE-2015-3226 - value: - PatchedVersions: - - ">= 4.2.2" - - "~> 4.1.11" - UnaffectedVersions: - - "< 4.1.0" \ No newline at end of file diff --git a/pkg/detector/library/bundler/testdata/fixtures/invalid-type.yaml b/pkg/detector/library/bundler/testdata/fixtures/invalid-type.yaml deleted file mode 100644 index 1e64266183..0000000000 --- a/pkg/detector/library/bundler/testdata/fixtures/invalid-type.yaml +++ /dev/null @@ -1,7 +0,0 @@ -- bucket: ruby-advisory-db - pairs: - - bucket: activesupport - pairs: - - key: CVE-2015-3226 - value: - PatchedVersions: dummy diff --git a/pkg/detector/library/comparer/compare.go b/pkg/detector/library/compare/compare.go similarity index 99% rename from pkg/detector/library/comparer/compare.go rename to pkg/detector/library/compare/compare.go index ee71a3527d..60829deb81 100644 --- a/pkg/detector/library/comparer/compare.go +++ b/pkg/detector/library/compare/compare.go @@ -1,4 +1,4 @@ -package comparer +package compare import ( "strings" diff --git a/pkg/detector/library/comparer/compare_test.go b/pkg/detector/library/compare/compare_test.go similarity index 95% rename from pkg/detector/library/comparer/compare_test.go rename to pkg/detector/library/compare/compare_test.go index 91b01eff25..3c1502e8fd 100644 --- a/pkg/detector/library/comparer/compare_test.go +++ b/pkg/detector/library/compare/compare_test.go @@ -1,4 +1,4 @@ -package comparer_test +package compare_test import ( "testing" @@ -6,7 +6,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/aquasecurity/trivy-db/pkg/types" - "github.com/aquasecurity/trivy/pkg/detector/library/comparer" + "github.com/aquasecurity/trivy/pkg/detector/library/compare" ) func TestGenericComparer_IsVulnerable(t *testing.T) { @@ -108,7 +108,7 @@ func TestGenericComparer_IsVulnerable(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - v := comparer.GenericComparer{} + v := compare.GenericComparer{} got := v.IsVulnerable(tt.args.ver, tt.args.advisory) assert.Equal(t, tt.want, got) }) diff --git a/pkg/detector/library/maven/compare.go b/pkg/detector/library/compare/maven/compare.go similarity index 87% rename from pkg/detector/library/maven/compare.go rename to pkg/detector/library/compare/maven/compare.go index cc32bdca7f..8e4ca69242 100644 --- a/pkg/detector/library/maven/compare.go +++ b/pkg/detector/library/compare/maven/compare.go @@ -6,7 +6,7 @@ import ( version "github.com/masahiro331/go-mvn-version" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" - "github.com/aquasecurity/trivy/pkg/detector/library/comparer" + "github.com/aquasecurity/trivy/pkg/detector/library/compare" ) // Comparer represents a comparer for maven @@ -14,7 +14,7 @@ type Comparer struct{} // IsVulnerable checks if the package version is vulnerable to the advisory. func (n Comparer) IsVulnerable(ver string, advisory dbTypes.Advisory) bool { - return comparer.IsVulnerable(ver, advisory, n.matchVersion) + return compare.IsVulnerable(ver, advisory, n.matchVersion) } // matchVersion checks if the package version satisfies the given constraint. diff --git a/pkg/detector/library/maven/compare_test.go b/pkg/detector/library/compare/maven/compare_test.go similarity index 97% rename from pkg/detector/library/maven/compare_test.go rename to pkg/detector/library/compare/maven/compare_test.go index 555cf3b2da..3335ca978b 100644 --- a/pkg/detector/library/maven/compare_test.go +++ b/pkg/detector/library/compare/maven/compare_test.go @@ -3,11 +3,10 @@ package maven_test import ( "testing" - "github.com/aquasecurity/trivy/pkg/detector/library/maven" - "github.com/stretchr/testify/assert" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" + "github.com/aquasecurity/trivy/pkg/detector/library/compare/maven" ) func TestComparer_IsVulnerable(t *testing.T) { diff --git a/pkg/detector/library/npm/compare.go b/pkg/detector/library/compare/npm/compare.go similarity index 87% rename from pkg/detector/library/npm/compare.go rename to pkg/detector/library/compare/npm/compare.go index 847254c9a8..e531d3d302 100644 --- a/pkg/detector/library/npm/compare.go +++ b/pkg/detector/library/compare/npm/compare.go @@ -5,7 +5,7 @@ import ( npm "github.com/aquasecurity/go-npm-version/pkg" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" - "github.com/aquasecurity/trivy/pkg/detector/library/comparer" + "github.com/aquasecurity/trivy/pkg/detector/library/compare" ) // Comparer represents a comparer for npm @@ -13,7 +13,7 @@ type Comparer struct{} // IsVulnerable checks if the package version is vulnerable to the advisory. func (n Comparer) IsVulnerable(ver string, advisory dbTypes.Advisory) bool { - return comparer.IsVulnerable(ver, advisory, n.matchVersion) + return compare.IsVulnerable(ver, advisory, n.matchVersion) } // matchVersion checks if the package version satisfies the given constraint. diff --git a/pkg/detector/library/npm/compare_test.go b/pkg/detector/library/compare/npm/compare_test.go similarity index 97% rename from pkg/detector/library/npm/compare_test.go rename to pkg/detector/library/compare/npm/compare_test.go index 08b151f9c2..1d232e051d 100644 --- a/pkg/detector/library/npm/compare_test.go +++ b/pkg/detector/library/compare/npm/compare_test.go @@ -6,7 +6,7 @@ import ( "github.com/stretchr/testify/assert" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" - "github.com/aquasecurity/trivy/pkg/detector/library/npm" + "github.com/aquasecurity/trivy/pkg/detector/library/compare/npm" ) func TestNpmComparer_IsVulnerable(t *testing.T) { diff --git a/pkg/detector/library/python/compare.go b/pkg/detector/library/compare/pep440/compare.go similarity index 62% rename from pkg/detector/library/python/compare.go rename to pkg/detector/library/compare/pep440/compare.go index 930d7656e2..8c88518a9d 100644 --- a/pkg/detector/library/python/compare.go +++ b/pkg/detector/library/compare/pep440/compare.go @@ -1,23 +1,23 @@ -package python +package pep440 import ( "golang.org/x/xerrors" version "github.com/aquasecurity/go-pep440-version" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" - "github.com/aquasecurity/trivy/pkg/detector/library/comparer" + "github.com/aquasecurity/trivy/pkg/detector/library/compare" ) -// Pep440Comparer represents a comparer for PEP 440 -type Pep440Comparer struct{} +// Comparer represents a comparer for PEP 440 +type Comparer struct{} // IsVulnerable checks if the package version is vulnerable to the advisory. -func (n Pep440Comparer) IsVulnerable(ver string, advisory dbTypes.Advisory) bool { - return comparer.IsVulnerable(ver, advisory, n.matchVersion) +func (n Comparer) IsVulnerable(ver string, advisory dbTypes.Advisory) bool { + return compare.IsVulnerable(ver, advisory, n.matchVersion) } // matchVersion checks if the package version satisfies the given constraint. -func (n Pep440Comparer) matchVersion(currentVersion, constraint string) (bool, error) { +func (n Comparer) matchVersion(currentVersion, constraint string) (bool, error) { v, err := version.Parse(currentVersion) if err != nil { return false, xerrors.Errorf("python version error (%s): %s", currentVersion, err) diff --git a/pkg/detector/library/python/compare_test.go b/pkg/detector/library/compare/pep440/compare_test.go similarity index 95% rename from pkg/detector/library/python/compare_test.go rename to pkg/detector/library/compare/pep440/compare_test.go index 67b6f565e3..7ab251e417 100644 --- a/pkg/detector/library/python/compare_test.go +++ b/pkg/detector/library/compare/pep440/compare_test.go @@ -1,4 +1,4 @@ -package python_test +package pep440_test import ( "testing" @@ -6,7 +6,7 @@ import ( "github.com/stretchr/testify/assert" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" - "github.com/aquasecurity/trivy/pkg/detector/library/python" + "github.com/aquasecurity/trivy/pkg/detector/library/compare/pep440" ) func TestPep440Comparer_IsVulnerable(t *testing.T) { @@ -108,7 +108,7 @@ func TestPep440Comparer_IsVulnerable(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - c := python.Pep440Comparer{} + c := pep440.Comparer{} got := c.IsVulnerable(tt.args.currentVersion, tt.args.advisory) assert.Equal(t, tt.want, got) }) diff --git a/pkg/detector/library/bundler/compare.go b/pkg/detector/library/compare/rubygems/compare.go similarity index 60% rename from pkg/detector/library/bundler/compare.go rename to pkg/detector/library/compare/rubygems/compare.go index 680060fcd7..ccb84cb8f8 100644 --- a/pkg/detector/library/bundler/compare.go +++ b/pkg/detector/library/compare/rubygems/compare.go @@ -1,23 +1,23 @@ -package bundler +package rubygems import ( "golang.org/x/xerrors" "github.com/aquasecurity/go-gem-version" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" - "github.com/aquasecurity/trivy/pkg/detector/library/comparer" + "github.com/aquasecurity/trivy/pkg/detector/library/compare" ) -// RubyGemsComparer represents a comparer for RubyGems -type RubyGemsComparer struct{} +// Comparer represents a comparer for RubyGems +type Comparer struct{} // IsVulnerable checks if the package version is vulnerable to the advisory. -func (r RubyGemsComparer) IsVulnerable(ver string, advisory dbTypes.Advisory) bool { - return comparer.IsVulnerable(ver, advisory, r.matchVersion) +func (r Comparer) IsVulnerable(ver string, advisory dbTypes.Advisory) bool { + return compare.IsVulnerable(ver, advisory, r.matchVersion) } // matchVersion checks if the package version satisfies the given constraint. -func (r RubyGemsComparer) matchVersion(currentVersion, constraint string) (bool, error) { +func (r Comparer) matchVersion(currentVersion, constraint string) (bool, error) { v, err := gem.NewVersion(currentVersion) if err != nil { return false, xerrors.Errorf("RubyGems version error (%s): %s", currentVersion, err) diff --git a/pkg/detector/library/bundler/compare_test.go b/pkg/detector/library/compare/rubygems/compare_test.go similarity index 94% rename from pkg/detector/library/bundler/compare_test.go rename to pkg/detector/library/compare/rubygems/compare_test.go index ddfb8dbf51..53dbde2663 100644 --- a/pkg/detector/library/bundler/compare_test.go +++ b/pkg/detector/library/compare/rubygems/compare_test.go @@ -1,4 +1,4 @@ -package bundler_test +package rubygems_test import ( "testing" @@ -6,7 +6,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/aquasecurity/trivy-db/pkg/types" - "github.com/aquasecurity/trivy/pkg/detector/library/bundler" + "github.com/aquasecurity/trivy/pkg/detector/library/compare/rubygems" ) func TestRubyGemsComparer_IsVulnerable(t *testing.T) { @@ -94,7 +94,7 @@ func TestRubyGemsComparer_IsVulnerable(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - r := bundler.RubyGemsComparer{} + r := rubygems.Comparer{} got := r.IsVulnerable(tt.args.currentVersion, tt.args.advisory) assert.Equal(t, tt.want, got) }) diff --git a/pkg/detector/library/composer/advisory.go b/pkg/detector/library/composer/advisory.go deleted file mode 100644 index 15b4a1e0af..0000000000 --- a/pkg/detector/library/composer/advisory.go +++ /dev/null @@ -1,63 +0,0 @@ -package composer - -import ( - "fmt" - "strings" - - "golang.org/x/xerrors" - - composerSrc "github.com/aquasecurity/trivy-db/pkg/vulnsrc/composer" - "github.com/aquasecurity/trivy/pkg/detector/library/comparer" - "github.com/aquasecurity/trivy/pkg/types" -) - -// Advisory encapsulates composer.VulnSrc -type Advisory struct { - vs composerSrc.VulnSrc - comparer comparer.Comparer // TODO: implement a comparer for Composer -} - -// NewAdvisory is the factory method of Advisory -func NewAdvisory() *Advisory { - return &Advisory{ - vs: composerSrc.NewVulnSrc(), - comparer: comparer.GenericComparer{}, - } -} - -// DetectVulnerabilities returns the vulnerabilities in a package -func (s *Advisory) DetectVulnerabilities(pkgName, pkgVer string) ([]types.DetectedVulnerability, error) { - ref := fmt.Sprintf("composer://%s", pkgName) - advisories, err := s.vs.Get(ref) - if err != nil { - return nil, xerrors.Errorf("failed to get composer advisories: %w", err) - } - - var vulns []types.DetectedVulnerability - for _, advisory := range advisories { - var patchedVersions []string - for _, vulnerableRange := range advisory.VulnerableVersions { - // e.g. ">=5, <5.3.1" - for _, v := range strings.Split(vulnerableRange, ", ") { - // e.g. "<5.3.1" - if !strings.HasPrefix(v, "<=") && strings.HasPrefix(v, "<") { - patchedVersions = append(patchedVersions, strings.Trim(v, "<")) - } - } - } - - if !s.comparer.IsVulnerable(pkgVer, advisory) { - continue - } - - vuln := types.DetectedVulnerability{ - VulnerabilityID: advisory.VulnerabilityID, - PkgName: pkgName, - InstalledVersion: pkgVer, - FixedVersion: strings.Join(patchedVersions, ", "), - DataSource: advisory.DataSource, - } - vulns = append(vulns, vuln) - } - return vulns, nil -} diff --git a/pkg/detector/library/composer/advisory_test.go b/pkg/detector/library/composer/advisory_test.go deleted file mode 100644 index 67d3dff769..0000000000 --- a/pkg/detector/library/composer/advisory_test.go +++ /dev/null @@ -1,89 +0,0 @@ -package composer_test - -import ( - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - - "github.com/aquasecurity/trivy-db/pkg/db" - dbTypes "github.com/aquasecurity/trivy-db/pkg/types" - "github.com/aquasecurity/trivy/pkg/dbtest" - "github.com/aquasecurity/trivy/pkg/detector/library/composer" - "github.com/aquasecurity/trivy/pkg/types" -) - -func TestAdvisory_DetectVulnerabilities(t *testing.T) { - type args struct { - pkgName string - pkgVer string - } - tests := []struct { - name string - args args - fixtures []string - want []types.DetectedVulnerability - wantErr string - }{ - { - name: "detected", - args: args{ - pkgName: "aws/aws-sdk-php", - pkgVer: "3.2.0", - }, - fixtures: []string{ - "testdata/fixtures/composer.yaml", - "testdata/fixtures/data-source.yaml", - }, - want: []types.DetectedVulnerability{ - { - PkgName: "aws/aws-sdk-php", - InstalledVersion: "3.2.0", - VulnerabilityID: "CVE-2015-5723", - FixedVersion: "3.2.1", - DataSource: &dbTypes.DataSource{ - Name: "PHP Security Advisories Database", - URL: "https://github.com/FriendsOfPHP/security-advisories", - }, - }, - }, - }, - { - name: "not detected", - args: args{ - pkgName: "guzzlehttp/guzzle", - pkgVer: "5.3.1", - }, - fixtures: []string{"testdata/fixtures/composer.yaml"}, - want: nil, - }, - { - name: "malformed JSON", - args: args{ - pkgName: "aws/aws-sdk-php", - pkgVer: "3.2.0", - }, - fixtures: []string{"testdata/fixtures/invalid-type.yaml"}, - wantErr: "failed to unmarshal advisory JSON", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - _ = dbtest.InitDB(t, tt.fixtures) - defer db.Close() - - a := composer.NewAdvisory() - got, err := a.DetectVulnerabilities(tt.args.pkgName, tt.args.pkgVer) - if tt.wantErr != "" { - require.NotNil(t, err) - assert.Contains(t, err.Error(), tt.wantErr) - return - } else { - assert.NoError(t, err) - } - - assert.Equal(t, tt.want, got) - }) - } -} diff --git a/pkg/detector/library/composer/testdata/fixtures/composer.yaml b/pkg/detector/library/composer/testdata/fixtures/composer.yaml deleted file mode 100644 index 9af8d01928..0000000000 --- a/pkg/detector/library/composer/testdata/fixtures/composer.yaml +++ /dev/null @@ -1,16 +0,0 @@ -- bucket: php-security-advisories - pairs: - - bucket: "composer://aws/aws-sdk-php" - pairs: - - key: CVE-2015-5723 - value: - VulnerableVersions: - - ">=3.0.0, <3.2.1" - - bucket: "composer://guzzlehttp/guzzle" - pairs: - - key: CVE-2016-5385 - value: - VulnerableVersions: - - ">=4.0.0rc2, <4.2.4" - - ">=5, <5.3.1" - - ">=6, <6.2.1" \ No newline at end of file diff --git a/pkg/detector/library/composer/testdata/fixtures/data-source.yaml b/pkg/detector/library/composer/testdata/fixtures/data-source.yaml deleted file mode 100644 index d49bb061e8..0000000000 --- a/pkg/detector/library/composer/testdata/fixtures/data-source.yaml +++ /dev/null @@ -1,6 +0,0 @@ -- bucket: data-source - pairs: - - key: php-security-advisories - value: - Name: "PHP Security Advisories Database" - URL: "https://github.com/FriendsOfPHP/security-advisories" \ No newline at end of file diff --git a/pkg/detector/library/composer/testdata/fixtures/invalid-type.yaml b/pkg/detector/library/composer/testdata/fixtures/invalid-type.yaml deleted file mode 100644 index cc201df8d2..0000000000 --- a/pkg/detector/library/composer/testdata/fixtures/invalid-type.yaml +++ /dev/null @@ -1,7 +0,0 @@ -- bucket: php-security-advisories - pairs: - - bucket: "composer://aws/aws-sdk-php" - pairs: - - key: CVE-2015-5723 - value: - VulnerableVersions: invalid diff --git a/pkg/detector/library/detect.go b/pkg/detector/library/detect.go index 5728b9255d..fc14fe4241 100644 --- a/pkg/detector/library/detect.go +++ b/pkg/detector/library/detect.go @@ -25,7 +25,7 @@ func Detect(libType string, pkgs []ftypes.Package) ([]types.DetectedVulnerabilit func detect(driver Driver, libs []ftypes.Package) ([]types.DetectedVulnerability, error) { var vulnerabilities []types.DetectedVulnerability for _, lib := range libs { - vulns, err := driver.Detect(lib.Name, lib.Version) + vulns, err := driver.DetectVulnerabilities(lib.Name, lib.Version) if err != nil { return nil, xerrors.Errorf("failed to detect %s vulnerabilities: %w", driver.Type(), err) } diff --git a/pkg/detector/library/driver.go b/pkg/detector/library/driver.go index 4773579d87..b47f654296 100644 --- a/pkg/detector/library/driver.go +++ b/pkg/detector/library/driver.go @@ -1,120 +1,121 @@ package library import ( + "fmt" + "strings" + + "github.com/aquasecurity/trivy/pkg/detector/library/compare/maven" + "golang.org/x/xerrors" ftypes "github.com/aquasecurity/fanal/types" - ecosystem "github.com/aquasecurity/trivy-db/pkg/vulnsrc/ghsa" + "github.com/aquasecurity/trivy-db/pkg/db" + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" - "github.com/aquasecurity/trivy/pkg/detector/library/bundler" - "github.com/aquasecurity/trivy/pkg/detector/library/comparer" - "github.com/aquasecurity/trivy/pkg/detector/library/composer" - "github.com/aquasecurity/trivy/pkg/detector/library/ghsa" - "github.com/aquasecurity/trivy/pkg/detector/library/maven" - "github.com/aquasecurity/trivy/pkg/detector/library/npm" + "github.com/aquasecurity/trivy/pkg/detector/library/compare" + "github.com/aquasecurity/trivy/pkg/detector/library/compare/npm" + "github.com/aquasecurity/trivy/pkg/detector/library/compare/pep440" + "github.com/aquasecurity/trivy/pkg/detector/library/compare/rubygems" "github.com/aquasecurity/trivy/pkg/types" ) -type advisory interface { - DetectVulnerabilities(string, string) ([]types.DetectedVulnerability, error) -} - // NewDriver returns a driver according to the library type func NewDriver(libType string) (Driver, error) { - var driver Driver + var ecosystem dbTypes.Ecosystem + var comparer compare.Comparer + switch libType { case ftypes.Bundler, ftypes.GemSpec: - driver = newRubyGemsDriver() + ecosystem = vulnerability.RubyGems + comparer = rubygems.Comparer{} case ftypes.Cargo: - driver = newCargoDriver() + ecosystem = vulnerability.Cargo + comparer = compare.GenericComparer{} case ftypes.Composer: - driver = newComposerDriver() - case ftypes.Npm, ftypes.Yarn, ftypes.NodePkg, ftypes.JavaScript: - driver = newNpmDriver() - case ftypes.Pipenv, ftypes.Poetry, ftypes.Pip, ftypes.PythonPkg: - driver = newPipDriver() - case ftypes.NuGet: - driver = newNugetDriver() - case ftypes.Jar, ftypes.Pom: - driver = newMavenDriver() + ecosystem = vulnerability.Composer + comparer = compare.GenericComparer{} case ftypes.GoBinary, ftypes.GoMod: - driver = Driver{ - ecosystem: vulnerability.Go, - advisories: []advisory{NewAdvisory(vulnerability.Go, comparer.GenericComparer{})}, - } + ecosystem = vulnerability.Go + comparer = compare.GenericComparer{} + case ftypes.Jar, ftypes.Pom: + ecosystem = vulnerability.Maven + comparer = maven.Comparer{} + case ftypes.Npm, ftypes.Yarn, ftypes.NodePkg, ftypes.JavaScript: + ecosystem = vulnerability.Npm + comparer = npm.Comparer{} + case ftypes.NuGet: + ecosystem = vulnerability.NuGet + comparer = compare.GenericComparer{} + case ftypes.Pipenv, ftypes.Poetry, ftypes.Pip, ftypes.PythonPkg: + ecosystem = vulnerability.Pip + comparer = pep440.Comparer{} default: return Driver{}, xerrors.Errorf("unsupported type %s", libType) } - return driver, nil + return Driver{ + ecosystem: ecosystem, + comparer: comparer, + dbc: db.Config{}, + }, nil } -// Driver implements the advisory +// Driver represents security advisories for each programming language type Driver struct { - ecosystem string - advisories []advisory -} - -// Aggregate aggregates drivers -func Aggregate(ecosystem string, advisories ...advisory) Driver { - return Driver{ecosystem: ecosystem, advisories: advisories} -} - -// Detect scans and returns vulnerabilities -func (d *Driver) Detect(pkgName string, pkgVer string) ([]types.DetectedVulnerability, error) { - var detectedVulnerabilities []types.DetectedVulnerability - uniqVulnIDMap := make(map[string]struct{}) - for _, adv := range d.advisories { - vulns, err := adv.DetectVulnerabilities(pkgName, pkgVer) - if err != nil { - return nil, xerrors.Errorf("failed to detect vulnerabilities: %w", err) - } - for _, vuln := range vulns { - if _, ok := uniqVulnIDMap[vuln.VulnerabilityID]; ok { - continue - } - uniqVulnIDMap[vuln.VulnerabilityID] = struct{}{} - detectedVulnerabilities = append(detectedVulnerabilities, vuln) - } - } - - return detectedVulnerabilities, nil + ecosystem dbTypes.Ecosystem + comparer compare.Comparer + dbc db.Config } // Type returns the driver ecosystem func (d *Driver) Type() string { - return d.ecosystem + return string(d.ecosystem) } -func newRubyGemsDriver() Driver { - c := bundler.RubyGemsComparer{} - return Aggregate(vulnerability.RubyGems, NewAdvisory(vulnerability.RubyGems, c), bundler.NewAdvisory(), ghsa.NewAdvisory(ecosystem.RubyGems, c)) +// DetectVulnerabilities scans buckets with the prefix according to the ecosystem. +// If "ecosystem" is pip, it looks for buckets with "pip::" and gets security advisories from those buckets. +// It allows us to add a new data source with the ecosystem prefix (e.g. pip::new-data-source) +// and detect vulnerabilities without specifying a specific bucket name. +func (d *Driver) DetectVulnerabilities(pkgName, pkgVer string) ([]types.DetectedVulnerability, error) { + // e.g. "pip::", "npm::" + prefix := fmt.Sprintf("%s::", d.ecosystem) + advisories, err := d.dbc.GetAdvisories(prefix, vulnerability.NormalizePkgName(d.ecosystem, pkgName)) + if err != nil { + return nil, xerrors.Errorf("failed to get %s advisories: %w", d.ecosystem, err) + } + + var vulns []types.DetectedVulnerability + for _, adv := range advisories { + if !d.comparer.IsVulnerable(pkgVer, adv) { + continue + } + + vuln := types.DetectedVulnerability{ + VulnerabilityID: adv.VulnerabilityID, + PkgName: pkgName, + InstalledVersion: pkgVer, + FixedVersion: createFixedVersions(adv), + DataSource: adv.DataSource, + } + vulns = append(vulns, vuln) + } + + return vulns, nil } -func newComposerDriver() Driver { - c := comparer.GenericComparer{} - return Aggregate(vulnerability.Composer, NewAdvisory(vulnerability.Composer, c), composer.NewAdvisory(), ghsa.NewAdvisory(ecosystem.Composer, c)) -} +func createFixedVersions(advisory dbTypes.Advisory) string { + if len(advisory.PatchedVersions) != 0 { + return strings.Join(advisory.PatchedVersions, ", ") + } -func newCargoDriver() Driver { - return Aggregate(vulnerability.Cargo, NewAdvisory(vulnerability.Cargo, comparer.GenericComparer{})) -} - -func newNpmDriver() Driver { - c := npm.Comparer{} - return Aggregate(vulnerability.Npm, NewAdvisory(vulnerability.Npm, c), npm.NewAdvisory(), ghsa.NewAdvisory(ecosystem.Npm, c)) -} - -func newPipDriver() Driver { - c := comparer.GenericComparer{} - return Aggregate(vulnerability.Pip, NewAdvisory(vulnerability.Pip, c), ghsa.NewAdvisory(ecosystem.Pip, c)) -} - -func newNugetDriver() Driver { - c := comparer.GenericComparer{} - return Aggregate(vulnerability.NuGet, NewAdvisory(vulnerability.NuGet, c), ghsa.NewAdvisory(ecosystem.Nuget, c)) -} - -func newMavenDriver() Driver { - c := maven.Comparer{} - return Aggregate(vulnerability.Maven, NewAdvisory(vulnerability.Maven, c), ghsa.NewAdvisory(ecosystem.Maven, c)) + var fixedVersions []string + for _, version := range advisory.VulnerableVersions { + for _, s := range strings.Split(version, ",") { + s = strings.TrimSpace(s) + if !strings.HasPrefix(s, "<=") && strings.HasPrefix(s, "<") { + s = strings.TrimPrefix(s, "<") + fixedVersions = append(fixedVersions, strings.TrimSpace(s)) + } + } + } + return strings.Join(fixedVersions, ", ") } diff --git a/pkg/detector/library/driver_test.go b/pkg/detector/library/driver_test.go index 1d4a43ae32..b43ca79c14 100644 --- a/pkg/detector/library/driver_test.go +++ b/pkg/detector/library/driver_test.go @@ -9,6 +9,7 @@ import ( ftypes "github.com/aquasecurity/fanal/types" "github.com/aquasecurity/trivy-db/pkg/db" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" + "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" "github.com/aquasecurity/trivy/pkg/dbtest" "github.com/aquasecurity/trivy/pkg/detector/library" "github.com/aquasecurity/trivy/pkg/types" @@ -45,6 +46,7 @@ func TestDriver_Detect(t *testing.T) { InstalledVersion: "4.2.6", FixedVersion: "4.2.7", DataSource: &dbTypes.DataSource{ + ID: vulnerability.GLAD, Name: "GitLab Advisory Database Community", URL: "https://gitlab.com/gitlab-org/advisories-community", }, @@ -52,21 +54,14 @@ func TestDriver_Detect(t *testing.T) { }, }, { - name: "non-prefix buckets", + name: "non-prefixed buckets", fixtures: []string{"testdata/fixtures/php-without-prefix.yaml"}, libType: ftypes.Composer, args: args{ pkgName: "symfony/symfony", pkgVer: "4.2.6", }, - want: []types.DetectedVulnerability{ - { - VulnerabilityID: "CVE-2019-10909", - PkgName: "symfony/symfony", - InstalledVersion: "4.2.6", - FixedVersion: "4.2.7", - }, - }, + want: nil, }, { name: "no patched versions in the advisory", @@ -86,6 +81,7 @@ func TestDriver_Detect(t *testing.T) { InstalledVersion: "4.4.6", FixedVersion: "4.4.7", DataSource: &dbTypes.DataSource{ + ID: vulnerability.PhpSecurityAdvisories, Name: "PHP Security Advisories Database", URL: "https://github.com/FriendsOfPHP/security-advisories", }, @@ -110,6 +106,7 @@ func TestDriver_Detect(t *testing.T) { InstalledVersion: "4.1.1", FixedVersion: ">= 4.2.2, ~> 4.1.11", DataSource: &dbTypes.DataSource{ + ID: vulnerability.RubySec, Name: "Ruby Advisory Database", URL: "https://github.com/rubysec/ruby-advisory-db", }, @@ -125,6 +122,16 @@ func TestDriver_Detect(t *testing.T) { pkgVer: "4.4.7", }, }, + { + name: "malformed JSON", + fixtures: []string{"testdata/fixtures/invalid-type.yaml"}, + libType: ftypes.Composer, + args: args{ + pkgName: "symfony/symfony", + pkgVer: "5.1.5", + }, + wantErr: "failed to unmarshal advisory JSON", + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -135,16 +142,15 @@ func TestDriver_Detect(t *testing.T) { driver, err := library.NewDriver(tt.libType) require.NoError(t, err) - got, err := driver.Detect(tt.args.pkgName, tt.args.pkgVer) - switch { - case tt.wantErr != "": - require.NotNil(t, err) + got, err := driver.DetectVulnerabilities(tt.args.pkgName, tt.args.pkgVer) + if tt.wantErr != "" { + require.Error(t, err) assert.Contains(t, err.Error(), tt.wantErr) - default: - assert.NoError(t, err) + return } // Compare + assert.NoError(t, err) assert.Equal(t, tt.want, got) }) } diff --git a/pkg/detector/library/ghsa/advisory.go b/pkg/detector/library/ghsa/advisory.go deleted file mode 100644 index a29738c523..0000000000 --- a/pkg/detector/library/ghsa/advisory.go +++ /dev/null @@ -1,51 +0,0 @@ -package ghsa - -import ( - "strings" - - "golang.org/x/xerrors" - - "github.com/aquasecurity/trivy-db/pkg/vulnsrc/ghsa" - "github.com/aquasecurity/trivy/pkg/detector/library/comparer" - "github.com/aquasecurity/trivy/pkg/types" -) - -// Advisory implements VulnSrc -type Advisory struct { - vs ghsa.VulnSrc - comparer comparer.Comparer -} - -// NewAdvisory is the factory method to return advisory -func NewAdvisory(ecosystem ghsa.Ecosystem, comparer comparer.Comparer) *Advisory { - return &Advisory{ - vs: ghsa.NewVulnSrc(ecosystem), - comparer: comparer, - } -} - -// DetectVulnerabilities scans package for vulnerabilities -func (s *Advisory) DetectVulnerabilities(pkgName, pkgVer string) ([]types.DetectedVulnerability, error) { - advisories, err := s.vs.Get(pkgName) - if err != nil { - return nil, xerrors.Errorf("failed to get ghsa advisories: %w", err) - } - - var vulns []types.DetectedVulnerability - for _, advisory := range advisories { - if !s.comparer.IsVulnerable(pkgVer, advisory) { - continue - } - - vuln := types.DetectedVulnerability{ - VulnerabilityID: advisory.VulnerabilityID, - PkgName: pkgName, - InstalledVersion: pkgVer, - FixedVersion: strings.Join(advisory.PatchedVersions, ", "), - DataSource: advisory.DataSource, - } - vulns = append(vulns, vuln) - } - - return vulns, nil -} diff --git a/pkg/detector/library/ghsa/advisory_test.go b/pkg/detector/library/ghsa/advisory_test.go deleted file mode 100644 index b2a6b3f0f5..0000000000 --- a/pkg/detector/library/ghsa/advisory_test.go +++ /dev/null @@ -1,135 +0,0 @@ -package ghsa_test - -import ( - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - - "github.com/aquasecurity/trivy-db/pkg/db" - dbTypes "github.com/aquasecurity/trivy-db/pkg/types" - ghsaSrc "github.com/aquasecurity/trivy-db/pkg/vulnsrc/ghsa" - "github.com/aquasecurity/trivy/pkg/dbtest" - "github.com/aquasecurity/trivy/pkg/detector/library/comparer" - "github.com/aquasecurity/trivy/pkg/detector/library/ghsa" - "github.com/aquasecurity/trivy/pkg/types" -) - -func TestAdvisory_DetectVulnerabilities(t *testing.T) { - type fields struct { - ecosystem ghsaSrc.Ecosystem - comparer comparer.Comparer - } - type args struct { - pkgName string - pkgVer string - } - tests := []struct { - name string - args args - fields fields - fixtures []string - want []types.DetectedVulnerability - wantErr string - }{ - { - name: "composer detected", - fields: fields{ - ecosystem: ghsaSrc.Composer, - comparer: comparer.GenericComparer{}, - }, - args: args{ - pkgName: "symfony/symfony", - pkgVer: "5.1.5-alpha", - }, - fixtures: []string{ - "testdata/fixtures/ghsa.yaml", - "testdata/fixtures/data-source.yaml", - }, - want: []types.DetectedVulnerability{ - { - PkgName: "symfony/symfony", - InstalledVersion: "5.1.5-alpha", - VulnerabilityID: "CVE-2020-15094", - FixedVersion: "5.1.5, 4.4.13", - DataSource: &dbTypes.DataSource{ - Name: "GitHub Security Advisory Composer", - URL: "https://github.com/advisories?query=type%%3Areviewed+ecosystem%%3Acomposer", - }, - }, - }, - }, - { - name: "nuget detected", - fields: fields{ - ecosystem: ghsaSrc.Nuget, - comparer: comparer.GenericComparer{}, - }, - args: args{ - pkgName: "AWSSDK.Core", - pkgVer: "3.5.1.30", - }, - fixtures: []string{ - "testdata/fixtures/ghsa.yaml", - "testdata/fixtures/data-source.yaml", - }, - want: []types.DetectedVulnerability{ - { - PkgName: "AWSSDK.Core", - InstalledVersion: "3.5.1.30", - VulnerabilityID: "CVE-2020-99999", - FixedVersion: "3.5.1.31", - DataSource: &dbTypes.DataSource{ - Name: "GitHub Security Advisory Nuget", - URL: "https://github.com/advisories?query=type%%3Areviewed+ecosystem%%3Anuget", - }, - }, - }, - }, - { - name: "not detected", - fields: fields{ - ecosystem: ghsaSrc.Composer, - comparer: comparer.GenericComparer{}, - }, - args: args{ - pkgName: "symfony/symfony", - pkgVer: "5.1.5", - }, - fixtures: []string{"testdata/fixtures/ghsa.yaml"}, - want: nil, - }, - { - name: "malformed JSON", - fields: fields{ - ecosystem: ghsaSrc.Composer, - comparer: comparer.GenericComparer{}, - }, - args: args{ - pkgName: "symfony/symfony", - pkgVer: "5.1.5", - }, - fixtures: []string{"testdata/fixtures/invalid-type.yaml"}, - wantErr: "failed to unmarshal advisory JSON", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - _ = dbtest.InitDB(t, tt.fixtures) - defer db.Close() - - a := ghsa.NewAdvisory(tt.fields.ecosystem, tt.fields.comparer) - got, err := a.DetectVulnerabilities(tt.args.pkgName, tt.args.pkgVer) - if tt.wantErr != "" { - require.NotNil(t, err) - assert.Contains(t, err.Error(), tt.wantErr) - return - } else { - assert.NoError(t, err) - } - - assert.Equal(t, tt.want, got) - }) - } -} diff --git a/pkg/detector/library/ghsa/testdata/fixtures/data-source.yaml b/pkg/detector/library/ghsa/testdata/fixtures/data-source.yaml deleted file mode 100644 index 1e9008ca83..0000000000 --- a/pkg/detector/library/ghsa/testdata/fixtures/data-source.yaml +++ /dev/null @@ -1,10 +0,0 @@ -- bucket: data-source - pairs: - - key: GitHub Security Advisory Composer - value: - Name: "GitHub Security Advisory Composer" - URL: "https://github.com/advisories?query=type%%3Areviewed+ecosystem%%3Acomposer" - - key: GitHub Security Advisory Nuget - value: - Name: "GitHub Security Advisory Nuget" - URL: "https://github.com/advisories?query=type%%3Areviewed+ecosystem%%3Anuget" \ No newline at end of file diff --git a/pkg/detector/library/ghsa/testdata/fixtures/ghsa.yaml b/pkg/detector/library/ghsa/testdata/fixtures/ghsa.yaml deleted file mode 100644 index 6092567dbf..0000000000 --- a/pkg/detector/library/ghsa/testdata/fixtures/ghsa.yaml +++ /dev/null @@ -1,22 +0,0 @@ -- bucket: GitHub Security Advisory Composer - pairs: - - bucket: "symfony/symfony" - pairs: - - key: CVE-2020-15094 - value: - PatchedVersions: - - 5.1.5 - - 4.4.13 - VulnerableVersions: - - ">= 5.0.0, < 5.1.5" - - ">= 4.4.0, < 4.4.13" -- bucket: GitHub Security Advisory Nuget - pairs: - - bucket: "AWSSDK.Core" - pairs: - - key: CVE-2020-99999 - value: - PatchedVersions: - - 3.5.1.31 - VulnerableVersions: - - ">= 3.0.0, < 3.5.1.31" diff --git a/pkg/detector/library/mock_operation.go b/pkg/detector/library/mock_operation.go deleted file mode 100644 index 7750a44123..0000000000 --- a/pkg/detector/library/mock_operation.go +++ /dev/null @@ -1,88 +0,0 @@ -// Code generated by mockery v1.0.0. DO NOT EDIT. - -package library - -import mock "github.com/stretchr/testify/mock" -import pkgtypes "github.com/aquasecurity/trivy/pkg/types" -import time "time" -import types "github.com/aquasecurity/fanal/types" - -// MockOperation is an autogenerated mock type for the Operation type -type MockOperation struct { - mock.Mock -} - -type OperationDetectArgs struct { - ImageName string - ImageNameAnything bool - FilePath string - FilePathAnything bool - Created time.Time - CreatedAnything bool - Pkgs []types.Package - PkgsAnything bool -} - -type OperationDetectReturns struct { - Vulns []pkgtypes.DetectedVulnerability - Err error -} - -type OperationDetectExpectation struct { - Args OperationDetectArgs - Returns OperationDetectReturns -} - -func (_m *MockOperation) ApplyDetectExpectation(e OperationDetectExpectation) { - var args []interface{} - if e.Args.ImageNameAnything { - args = append(args, mock.Anything) - } else { - args = append(args, e.Args.ImageName) - } - if e.Args.FilePathAnything { - args = append(args, mock.Anything) - } else { - args = append(args, e.Args.FilePath) - } - if e.Args.CreatedAnything { - args = append(args, mock.Anything) - } else { - args = append(args, e.Args.Created) - } - if e.Args.PkgsAnything { - args = append(args, mock.Anything) - } else { - args = append(args, e.Args.Pkgs) - } - _m.On("Detect", args...).Return(e.Returns.Vulns, e.Returns.Err) -} - -func (_m *MockOperation) ApplyDetectExpectations(expectations []OperationDetectExpectation) { - for _, e := range expectations { - _m.ApplyDetectExpectation(e) - } -} - -// Detect provides a mock function with given fields: imageName, filePath, created, pkgs -func (_m *MockOperation) Detect(imageName string, filePath string, created time.Time, pkgs []types.Package) ([]pkgtypes.DetectedVulnerability, error) { - ret := _m.Called(imageName, filePath, created, pkgs) - - var r0 []pkgtypes.DetectedVulnerability - if rf, ok := ret.Get(0).(func(string, string, time.Time, []types.Package) []pkgtypes.DetectedVulnerability); ok { - r0 = rf(imageName, filePath, created, pkgs) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).([]pkgtypes.DetectedVulnerability) - } - } - - var r1 error - if rf, ok := ret.Get(1).(func(string, string, time.Time, []types.Package) error); ok { - r1 = rf(imageName, filePath, created, pkgs) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} diff --git a/pkg/detector/library/npm/advisory.go b/pkg/detector/library/npm/advisory.go deleted file mode 100644 index 0bf13c1414..0000000000 --- a/pkg/detector/library/npm/advisory.go +++ /dev/null @@ -1,57 +0,0 @@ -package npm - -import ( - "strings" - - "golang.org/x/xerrors" - - "github.com/aquasecurity/trivy-db/pkg/vulnsrc/node" - "github.com/aquasecurity/trivy/pkg/types" -) - -// Advisory encapsulate Node vulnerability source -type Advisory struct { - comparer Comparer - vs node.VulnSrc -} - -// NewAdvisory is the factory method for Node Advisory -func NewAdvisory() *Advisory { - return &Advisory{ - vs: node.NewVulnSrc(), - comparer: Comparer{}, - } -} - -// DetectVulnerabilities scans and return vulnerability using Node package scanner -func (a *Advisory) DetectVulnerabilities(pkgName, pkgVer string) ([]types.DetectedVulnerability, error) { - advisories, err := a.vs.Get(pkgName) - if err != nil { - return nil, xerrors.Errorf("failed to get node advisories: %w", err) - } - - var vulns []types.DetectedVulnerability - for _, advisory := range advisories { - if !a.comparer.IsVulnerable(pkgVer, advisory) { - continue - } - - vuln := types.DetectedVulnerability{ - VulnerabilityID: advisory.VulnerabilityID, - PkgName: pkgName, - InstalledVersion: pkgVer, - FixedVersion: createFixedVersions(advisory.PatchedVersions), - DataSource: advisory.DataSource, - } - vulns = append(vulns, vuln) - } - return vulns, nil -} - -func createFixedVersions(patchedVersions []string) string { - var fixedVersions []string - for _, s := range patchedVersions { - fixedVersions = append(fixedVersions, strings.TrimSpace(s)) - } - return strings.Join(fixedVersions, ", ") -} diff --git a/pkg/detector/library/npm/advisory_test.go b/pkg/detector/library/npm/advisory_test.go deleted file mode 100644 index b10895e5d0..0000000000 --- a/pkg/detector/library/npm/advisory_test.go +++ /dev/null @@ -1,96 +0,0 @@ -package npm_test - -import ( - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - - "github.com/aquasecurity/trivy-db/pkg/db" - dbTypes "github.com/aquasecurity/trivy-db/pkg/types" - "github.com/aquasecurity/trivy/pkg/dbtest" - "github.com/aquasecurity/trivy/pkg/detector/library/npm" - "github.com/aquasecurity/trivy/pkg/types" -) - -func TestAdvisory_DetectVulnerabilities(t *testing.T) { - type args struct { - pkgName string - pkgVer string - } - tests := []struct { - name string - args args - fixtures []string - want []types.DetectedVulnerability - wantErr string - }{ - { - name: "detected", - args: args{ - pkgName: "electron", - pkgVer: "2.0.17", - }, - fixtures: []string{ - "testdata/fixtures/npm.yaml", - "testdata/fixtures/data-source.yaml", - }, - want: []types.DetectedVulnerability{ - { - PkgName: "electron", - InstalledVersion: "2.0.17", - VulnerabilityID: "CVE-2019-5786", - FixedVersion: "^2.0.18, ^3.0.16, ^3.1.6, ^4.0.8, ^5.0.0-beta.5", - DataSource: &dbTypes.DataSource{ - Name: "Node.js Ecosystem Security Working Group", - URL: "https://github.com/nodejs/security-wg", - }, - }, - }, - }, - { - name: "not detected", - args: args{ - pkgName: "electron", - pkgVer: "2.0.18", - }, - fixtures: []string{"testdata/fixtures/npm.yaml"}, - want: nil, - }, - { - name: "empty value", - args: args{ - pkgName: "electron", - pkgVer: "2.0.18", - }, - fixtures: []string{"testdata/fixtures/no-value.yaml"}, - want: nil, - }, - {name: "malformed JSON", - args: args{ - pkgName: "electron", - pkgVer: "2.0.18", - }, - fixtures: []string{"testdata/fixtures/invalid-type.yaml"}, - wantErr: "failed to unmarshal advisory JSON", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - _ = dbtest.InitDB(t, tt.fixtures) - defer db.Close() - - a := npm.NewAdvisory() - got, err := a.DetectVulnerabilities(tt.args.pkgName, tt.args.pkgVer) - if tt.wantErr != "" { - require.NotNil(t, err) - assert.Contains(t, err.Error(), tt.wantErr) - return - } - - assert.NoError(t, err) - assert.Equal(t, tt.want, got) - }) - } -} diff --git a/pkg/detector/library/npm/testdata/fixtures/data-source.yaml b/pkg/detector/library/npm/testdata/fixtures/data-source.yaml deleted file mode 100644 index b9060d4e9f..0000000000 --- a/pkg/detector/library/npm/testdata/fixtures/data-source.yaml +++ /dev/null @@ -1,6 +0,0 @@ -- bucket: data-source - pairs: - - key: nodejs-security-wg - value: - Name: "Node.js Ecosystem Security Working Group" - URL: "https://github.com/nodejs/security-wg" \ No newline at end of file diff --git a/pkg/detector/library/npm/testdata/fixtures/invalid-type.yaml b/pkg/detector/library/npm/testdata/fixtures/invalid-type.yaml deleted file mode 100644 index 5a77fbb552..0000000000 --- a/pkg/detector/library/npm/testdata/fixtures/invalid-type.yaml +++ /dev/null @@ -1,9 +0,0 @@ -- bucket: nodejs-security-wg - pairs: - - bucket: electron - pairs: - - key: CVE-2019-5786 - value: - PatchedVersions: - - 1 - - 2 diff --git a/pkg/detector/library/npm/testdata/fixtures/no-value.yaml b/pkg/detector/library/npm/testdata/fixtures/no-value.yaml deleted file mode 100644 index 0e26815bb9..0000000000 --- a/pkg/detector/library/npm/testdata/fixtures/no-value.yaml +++ /dev/null @@ -1,6 +0,0 @@ -- bucket: nodejs-security-wg - pairs: - - bucket: electron - pairs: - - key: CVE-2019-5786 - value: diff --git a/pkg/detector/library/npm/testdata/fixtures/npm.yaml b/pkg/detector/library/npm/testdata/fixtures/npm.yaml deleted file mode 100644 index b586b827cf..0000000000 --- a/pkg/detector/library/npm/testdata/fixtures/npm.yaml +++ /dev/null @@ -1,18 +0,0 @@ -- bucket: nodejs-security-wg - pairs: - - bucket: electron - pairs: - - key: CVE-2019-5786 - value: - PatchedVersions: - - "^2.0.18" - - "^3.0.16" - - "^3.1.6" - - "^4.0.8" - - "^5.0.0-beta.5" - VulnerableVersions: - - "<2.0.18" - - "<3.0.16" - - "<3.1.6" - - "<4.0.8" - - "<5.0.0-beta.5" diff --git a/pkg/detector/library/testdata/fixtures/data-source.yaml b/pkg/detector/library/testdata/fixtures/data-source.yaml index ca205a49cb..1f892e6f26 100644 --- a/pkg/detector/library/testdata/fixtures/data-source.yaml +++ b/pkg/detector/library/testdata/fixtures/data-source.yaml @@ -2,13 +2,16 @@ pairs: - key: composer::GitLab Advisory Database Community value: + ID: "glad" Name: "GitLab Advisory Database Community" URL: "https://gitlab.com/gitlab-org/advisories-community" - key: composer::php-security-advisories value: + ID: "php-security-advisories" Name: "PHP Security Advisories Database" URL: "https://github.com/FriendsOfPHP/security-advisories" - key: rubygems::ruby-advisory-db value: + ID: "ruby-advisory-db" Name: "Ruby Advisory Database" URL: "https://github.com/rubysec/ruby-advisory-db" diff --git a/pkg/detector/library/ghsa/testdata/fixtures/invalid-type.yaml b/pkg/detector/library/testdata/fixtures/invalid-type.yaml similarity index 72% rename from pkg/detector/library/ghsa/testdata/fixtures/invalid-type.yaml rename to pkg/detector/library/testdata/fixtures/invalid-type.yaml index 0883f30e9a..c32592f323 100644 --- a/pkg/detector/library/ghsa/testdata/fixtures/invalid-type.yaml +++ b/pkg/detector/library/testdata/fixtures/invalid-type.yaml @@ -1,4 +1,4 @@ -- bucket: GitHub Security Advisory Composer +- bucket: composer::GitHub Security Advisory Composer pairs: - bucket: "symfony/symfony" pairs: diff --git a/pkg/detector/ospkg/alma/alma_test.go b/pkg/detector/ospkg/alma/alma_test.go index 5a2444185b..d3d30a8313 100644 --- a/pkg/detector/ospkg/alma/alma_test.go +++ b/pkg/detector/ospkg/alma/alma_test.go @@ -1,7 +1,6 @@ package alma_test import ( - dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "testing" "time" @@ -11,6 +10,8 @@ import ( ftypes "github.com/aquasecurity/fanal/types" "github.com/aquasecurity/trivy-db/pkg/db" + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" + "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" "github.com/aquasecurity/trivy/pkg/dbtest" "github.com/aquasecurity/trivy/pkg/detector/ospkg/alma" "github.com/aquasecurity/trivy/pkg/types" @@ -61,6 +62,7 @@ func TestScanner_Detect(t *testing.T) { FixedVersion: "3.6.8-37.el8.alma", Layer: ftypes.Layer{}, DataSource: &dbTypes.DataSource{ + ID: vulnerability.Alma, Name: "AlmaLinux Product Errata", URL: "https://errata.almalinux.org/", }, diff --git a/pkg/detector/ospkg/alma/testdata/fixtures/data-source.yaml b/pkg/detector/ospkg/alma/testdata/fixtures/data-source.yaml index f241ed6202..46e77ad435 100644 --- a/pkg/detector/ospkg/alma/testdata/fixtures/data-source.yaml +++ b/pkg/detector/ospkg/alma/testdata/fixtures/data-source.yaml @@ -2,5 +2,6 @@ pairs: - key: alma 8 value: + ID: "alma" Name: "AlmaLinux Product Errata" URL: "https://errata.almalinux.org/" \ No newline at end of file diff --git a/pkg/detector/ospkg/alpine/alpine_test.go b/pkg/detector/ospkg/alpine/alpine_test.go index 48df59c000..873029a137 100644 --- a/pkg/detector/ospkg/alpine/alpine_test.go +++ b/pkg/detector/ospkg/alpine/alpine_test.go @@ -1,7 +1,6 @@ package alpine_test import ( - dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "sort" "testing" "time" @@ -12,6 +11,8 @@ import ( ftypes "github.com/aquasecurity/fanal/types" "github.com/aquasecurity/trivy-db/pkg/db" + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" + "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" "github.com/aquasecurity/trivy/pkg/dbtest" "github.com/aquasecurity/trivy/pkg/detector/ospkg/alpine" "github.com/aquasecurity/trivy/pkg/types" @@ -62,6 +63,7 @@ func TestScanner_Detect(t *testing.T) { DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", }, DataSource: &dbTypes.DataSource{ + ID: vulnerability.Alpine, Name: "Alpine Secdb", URL: "https://secdb.alpinelinux.org/", }, @@ -75,6 +77,7 @@ func TestScanner_Detect(t *testing.T) { DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", }, DataSource: &dbTypes.DataSource{ + ID: vulnerability.Alpine, Name: "Alpine Secdb", URL: "https://secdb.alpinelinux.org/", }, @@ -102,6 +105,7 @@ func TestScanner_Detect(t *testing.T) { InstalledVersion: "1.6-r0", FixedVersion: "1.6-r1", DataSource: &dbTypes.DataSource{ + ID: vulnerability.Alpine, Name: "Alpine Secdb", URL: "https://secdb.alpinelinux.org/", }, @@ -135,6 +139,7 @@ func TestScanner_Detect(t *testing.T) { DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", }, DataSource: &dbTypes.DataSource{ + ID: vulnerability.Alpine, Name: "Alpine Secdb", URL: "https://secdb.alpinelinux.org/", }, diff --git a/pkg/detector/ospkg/alpine/testdata/fixtures/data-source.yaml b/pkg/detector/ospkg/alpine/testdata/fixtures/data-source.yaml index 68069745b1..ca781d2ee9 100644 --- a/pkg/detector/ospkg/alpine/testdata/fixtures/data-source.yaml +++ b/pkg/detector/ospkg/alpine/testdata/fixtures/data-source.yaml @@ -2,5 +2,6 @@ pairs: - key: alpine 3.10 value: + ID: "alpine" Name: "Alpine Secdb" URL: "https://secdb.alpinelinux.org/" \ No newline at end of file diff --git a/pkg/detector/ospkg/amazon/amazon_test.go b/pkg/detector/ospkg/amazon/amazon_test.go index 1685d7c4d7..a2c9456b60 100644 --- a/pkg/detector/ospkg/amazon/amazon_test.go +++ b/pkg/detector/ospkg/amazon/amazon_test.go @@ -1,7 +1,6 @@ package amazon_test import ( - dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "testing" "time" @@ -11,6 +10,8 @@ import ( ftypes "github.com/aquasecurity/fanal/types" "github.com/aquasecurity/trivy-db/pkg/db" + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" + "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" "github.com/aquasecurity/trivy/pkg/dbtest" "github.com/aquasecurity/trivy/pkg/detector/ospkg/amazon" "github.com/aquasecurity/trivy/pkg/types" @@ -55,6 +56,7 @@ func TestScanner_Detect(t *testing.T) { DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", }, DataSource: &dbTypes.DataSource{ + ID: vulnerability.Amazon, Name: "Amazon Linux Security Center", URL: "https://alas.aws.amazon.com/", }, @@ -86,6 +88,7 @@ func TestScanner_Detect(t *testing.T) { DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", }, DataSource: &dbTypes.DataSource{ + ID: vulnerability.Amazon, Name: "Amazon Linux Security Center", URL: "https://alas.aws.amazon.com/", }, diff --git a/pkg/detector/ospkg/amazon/testdata/fixtures/data-source.yaml b/pkg/detector/ospkg/amazon/testdata/fixtures/data-source.yaml index fd06cc66a1..a21dec7ea3 100644 --- a/pkg/detector/ospkg/amazon/testdata/fixtures/data-source.yaml +++ b/pkg/detector/ospkg/amazon/testdata/fixtures/data-source.yaml @@ -2,9 +2,11 @@ pairs: - key: amazon linux 1 value: + ID: "amazon" Name: "Amazon Linux Security Center" URL: "https://alas.aws.amazon.com/" - key: amazon linux 2 value: + ID: "amazon" Name: "Amazon Linux Security Center" URL: "https://alas.aws.amazon.com/" \ No newline at end of file diff --git a/pkg/detector/ospkg/debian/debian_test.go b/pkg/detector/ospkg/debian/debian_test.go index 8075d48c01..7fc0d737fe 100644 --- a/pkg/detector/ospkg/debian/debian_test.go +++ b/pkg/detector/ospkg/debian/debian_test.go @@ -58,6 +58,7 @@ func TestScanner_Detect(t *testing.T) { DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", }, DataSource: &dbTypes.DataSource{ + ID: vulnerability.Debian, Name: "Debian Security Tracker", URL: "https://salsa.debian.org/security-tracker-team/security-tracker", }, @@ -74,6 +75,7 @@ func TestScanner_Detect(t *testing.T) { DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", }, DataSource: &dbTypes.DataSource{ + ID: vulnerability.Debian, Name: "Debian Security Tracker", URL: "https://salsa.debian.org/security-tracker-team/security-tracker", }, diff --git a/pkg/detector/ospkg/debian/testdata/fixtures/data-source.yaml b/pkg/detector/ospkg/debian/testdata/fixtures/data-source.yaml index 4f2f695c00..dbce04f640 100644 --- a/pkg/detector/ospkg/debian/testdata/fixtures/data-source.yaml +++ b/pkg/detector/ospkg/debian/testdata/fixtures/data-source.yaml @@ -2,5 +2,6 @@ pairs: - key: debian 9 value: + ID: "debian" Name: "Debian Security Tracker" URL: "https://salsa.debian.org/security-tracker-team/security-tracker" \ No newline at end of file diff --git a/pkg/detector/ospkg/mariner/mariner_test.go b/pkg/detector/ospkg/mariner/mariner_test.go index 107fb83a68..19dc88b0af 100644 --- a/pkg/detector/ospkg/mariner/mariner_test.go +++ b/pkg/detector/ospkg/mariner/mariner_test.go @@ -3,13 +3,13 @@ package mariner_test import ( "testing" - dbTypes "github.com/aquasecurity/trivy-db/pkg/types" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ftypes "github.com/aquasecurity/fanal/types" "github.com/aquasecurity/trivy-db/pkg/db" + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" + "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" "github.com/aquasecurity/trivy/pkg/dbtest" "github.com/aquasecurity/trivy/pkg/detector/ospkg/mariner" "github.com/aquasecurity/trivy/pkg/types" @@ -59,6 +59,7 @@ func TestScanner_Detect(t *testing.T) { FixedVersion: "9.16.15-1.cm1", Layer: ftypes.Layer{}, DataSource: &dbTypes.DataSource{ + ID: vulnerability.CBLMariner, Name: "CBL-Mariner Vulnerability Data", URL: "https://github.com/microsoft/CBL-MarinerVulnerabilityData", }, @@ -96,6 +97,7 @@ func TestScanner_Detect(t *testing.T) { InstalledVersion: "8.2.4081-1.cm1", Layer: ftypes.Layer{}, DataSource: &dbTypes.DataSource{ + ID: vulnerability.CBLMariner, Name: "CBL-Mariner Vulnerability Data", URL: "https://github.com/microsoft/CBL-MarinerVulnerabilityData", }, diff --git a/pkg/detector/ospkg/mariner/testdata/fixtures/data-source.yaml b/pkg/detector/ospkg/mariner/testdata/fixtures/data-source.yaml index e509091661..57ce67b2ec 100644 --- a/pkg/detector/ospkg/mariner/testdata/fixtures/data-source.yaml +++ b/pkg/detector/ospkg/mariner/testdata/fixtures/data-source.yaml @@ -2,11 +2,13 @@ pairs: - key: CBL-Mariner 1.0 value: + ID: "cbl-mariner" Name: "CBL-Mariner Vulnerability Data" URL: "https://github.com/microsoft/CBL-MarinerVulnerabilityData" - bucket: data-source pairs: - key: CBL-Mariner 2.0 value: + ID: "cbl-mariner" Name: "CBL-Mariner Vulnerability Data" URL: "https://github.com/microsoft/CBL-MarinerVulnerabilityData" diff --git a/pkg/detector/ospkg/oracle/oracle_test.go b/pkg/detector/ospkg/oracle/oracle_test.go index 8c4a3bc529..3802e832bb 100644 --- a/pkg/detector/ospkg/oracle/oracle_test.go +++ b/pkg/detector/ospkg/oracle/oracle_test.go @@ -1,7 +1,6 @@ package oracle import ( - dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "testing" "time" @@ -12,7 +11,9 @@ import ( ftypes "github.com/aquasecurity/fanal/types" "github.com/aquasecurity/trivy-db/pkg/db" + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" oracleoval "github.com/aquasecurity/trivy-db/pkg/vulnsrc/oracle-oval" + "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" "github.com/aquasecurity/trivy/pkg/dbtest" "github.com/aquasecurity/trivy/pkg/types" ) @@ -131,6 +132,7 @@ func TestScanner_Detect(t *testing.T) { InstalledVersion: "7.29.0-59.0.1.el7", FixedVersion: "7.29.0-59.0.1.el7_9.1", DataSource: &dbTypes.DataSource{ + ID: vulnerability.OracleOVAL, Name: "Oracle Linux OVAL definitions", URL: "https://linux.oracle.com/security/oval/", }, @@ -203,6 +205,7 @@ func TestScanner_Detect(t *testing.T) { InstalledVersion: "2:2.17-156.ksplice1.el7", FixedVersion: "2:2.17-157.ksplice1.el7_3.4", DataSource: &dbTypes.DataSource{ + ID: vulnerability.OracleOVAL, Name: "Oracle Linux OVAL definitions", URL: "https://linux.oracle.com/security/oval/", }, diff --git a/pkg/detector/ospkg/oracle/testdata/fixtures/data-source.yaml b/pkg/detector/ospkg/oracle/testdata/fixtures/data-source.yaml index f1cbf42b07..996b4c870c 100644 --- a/pkg/detector/ospkg/oracle/testdata/fixtures/data-source.yaml +++ b/pkg/detector/ospkg/oracle/testdata/fixtures/data-source.yaml @@ -2,5 +2,6 @@ pairs: - key: Oracle Linux 7 value: + ID: "oracle-oval" Name: "Oracle Linux OVAL definitions" URL: "https://linux.oracle.com/security/oval/" \ No newline at end of file diff --git a/pkg/detector/ospkg/photon/photon_test.go b/pkg/detector/ospkg/photon/photon_test.go index b8a04b873c..c639c1f537 100644 --- a/pkg/detector/ospkg/photon/photon_test.go +++ b/pkg/detector/ospkg/photon/photon_test.go @@ -1,7 +1,6 @@ package photon_test import ( - dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "testing" "time" @@ -11,6 +10,8 @@ import ( ftypes "github.com/aquasecurity/fanal/types" "github.com/aquasecurity/trivy-db/pkg/db" + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" + "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" "github.com/aquasecurity/trivy/pkg/dbtest" "github.com/aquasecurity/trivy/pkg/detector/ospkg/photon" "github.com/aquasecurity/trivy/pkg/types" @@ -57,6 +58,7 @@ func TestScanner_Detect(t *testing.T) { DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", }, DataSource: &dbTypes.DataSource{ + ID: vulnerability.Photon, Name: "Photon OS CVE metadata", URL: "https://packages.vmware.com/photon/photon_cve_metadata/", }, diff --git a/pkg/detector/ospkg/photon/testdata/fixtures/data-source.yaml b/pkg/detector/ospkg/photon/testdata/fixtures/data-source.yaml index 0e7f384b6b..b21fda6993 100644 --- a/pkg/detector/ospkg/photon/testdata/fixtures/data-source.yaml +++ b/pkg/detector/ospkg/photon/testdata/fixtures/data-source.yaml @@ -2,5 +2,6 @@ pairs: - key: Photon OS 1.0 value: + ID: "photon" Name: "Photon OS CVE metadata" URL: "https://packages.vmware.com/photon/photon_cve_metadata/" \ No newline at end of file diff --git a/pkg/detector/ospkg/rocky/rocky_test.go b/pkg/detector/ospkg/rocky/rocky_test.go index 4ab27c9654..3ac809041c 100644 --- a/pkg/detector/ospkg/rocky/rocky_test.go +++ b/pkg/detector/ospkg/rocky/rocky_test.go @@ -1,7 +1,6 @@ package rocky_test import ( - dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "testing" "time" @@ -11,6 +10,8 @@ import ( ftypes "github.com/aquasecurity/fanal/types" "github.com/aquasecurity/trivy-db/pkg/db" + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" + "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" "github.com/aquasecurity/trivy/pkg/dbtest" "github.com/aquasecurity/trivy/pkg/detector/ospkg/rocky" "github.com/aquasecurity/trivy/pkg/types" @@ -58,6 +59,7 @@ func TestScanner_Detect(t *testing.T) { FixedVersion: "4.18.0-348.2.1.el8_5", Layer: ftypes.Layer{}, DataSource: &dbTypes.DataSource{ + ID: vulnerability.Rocky, Name: "Rocky Linux updateinfo", URL: "https://download.rockylinux.org/pub/rocky/", }, diff --git a/pkg/detector/ospkg/rocky/testdata/fixtures/data-source.yaml b/pkg/detector/ospkg/rocky/testdata/fixtures/data-source.yaml index fd3f6c3ecd..67713f60e1 100644 --- a/pkg/detector/ospkg/rocky/testdata/fixtures/data-source.yaml +++ b/pkg/detector/ospkg/rocky/testdata/fixtures/data-source.yaml @@ -2,5 +2,6 @@ pairs: - key: rocky 8 value: + ID: "rocky" Name: "Rocky Linux updateinfo" URL: "https://download.rockylinux.org/pub/rocky/" \ No newline at end of file diff --git a/pkg/detector/ospkg/suse/suse_test.go b/pkg/detector/ospkg/suse/suse_test.go index ce4d521c69..e139a0d99b 100644 --- a/pkg/detector/ospkg/suse/suse_test.go +++ b/pkg/detector/ospkg/suse/suse_test.go @@ -1,7 +1,6 @@ package suse_test import ( - dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "testing" "time" @@ -11,6 +10,8 @@ import ( ftypes "github.com/aquasecurity/fanal/types" "github.com/aquasecurity/trivy-db/pkg/db" + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" + "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" "github.com/aquasecurity/trivy/pkg/dbtest" "github.com/aquasecurity/trivy/pkg/detector/ospkg/suse" "github.com/aquasecurity/trivy/pkg/types" @@ -59,6 +60,7 @@ func TestScanner_Detect(t *testing.T) { DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", }, DataSource: &dbTypes.DataSource{ + ID: vulnerability.SuseCVRF, Name: "SUSE CVRF", URL: "https://ftp.suse.com/pub/projects/security/cvrf/", }, diff --git a/pkg/detector/ospkg/suse/testdata/fixtures/data-source.yaml b/pkg/detector/ospkg/suse/testdata/fixtures/data-source.yaml index 21e08b7b3b..13eb48d0a0 100644 --- a/pkg/detector/ospkg/suse/testdata/fixtures/data-source.yaml +++ b/pkg/detector/ospkg/suse/testdata/fixtures/data-source.yaml @@ -2,9 +2,11 @@ pairs: - key: openSUSE Leap 15.3 value: + ID: "suse-cvrf" Name: "SUSE CVRF" URL: "https://ftp.suse.com/pub/projects/security/cvrf/" - key: SUSE Linux Enterprise 15.3 value: + ID: "suse-cvrf" Name: "SUSE CVRF" URL: "https://ftp.suse.com/pub/projects/security/cvrf/" \ No newline at end of file diff --git a/pkg/detector/ospkg/ubuntu/testdata/fixtures/data-source.yaml b/pkg/detector/ospkg/ubuntu/testdata/fixtures/data-source.yaml index a22273cb35..b5c8f895fd 100644 --- a/pkg/detector/ospkg/ubuntu/testdata/fixtures/data-source.yaml +++ b/pkg/detector/ospkg/ubuntu/testdata/fixtures/data-source.yaml @@ -2,9 +2,11 @@ pairs: - key: ubuntu 20.04 value: + ID: "ubuntu" Name: "Ubuntu CVE Tracker" URL: "https://git.launchpad.net/ubuntu-cve-tracker" - key: ubuntu 21.04 value: + ID: "ubuntu" Name: "Ubuntu CVE Tracker" URL: "https://git.launchpad.net/ubuntu-cve-tracker" \ No newline at end of file diff --git a/pkg/detector/ospkg/ubuntu/ubuntu_test.go b/pkg/detector/ospkg/ubuntu/ubuntu_test.go index 59c900afa2..2cc077092b 100644 --- a/pkg/detector/ospkg/ubuntu/ubuntu_test.go +++ b/pkg/detector/ospkg/ubuntu/ubuntu_test.go @@ -1,7 +1,6 @@ package ubuntu_test import ( - dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "sort" "testing" "time" @@ -12,6 +11,8 @@ import ( ftypes "github.com/aquasecurity/fanal/types" "github.com/aquasecurity/trivy-db/pkg/db" + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" + "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" "github.com/aquasecurity/trivy/pkg/dbtest" "github.com/aquasecurity/trivy/pkg/detector/ospkg/ubuntu" "github.com/aquasecurity/trivy/pkg/types" @@ -56,6 +57,7 @@ func TestScanner_Detect(t *testing.T) { DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", }, DataSource: &dbTypes.DataSource{ + ID: vulnerability.Ubuntu, Name: "Ubuntu CVE Tracker", URL: "https://git.launchpad.net/ubuntu-cve-tracker", }, @@ -69,6 +71,7 @@ func TestScanner_Detect(t *testing.T) { DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02", }, DataSource: &dbTypes.DataSource{ + ID: vulnerability.Ubuntu, Name: "Ubuntu CVE Tracker", URL: "https://git.launchpad.net/ubuntu-cve-tracker", }, diff --git a/pkg/report/sarif_test.go b/pkg/report/sarif_test.go index d3dbb399b9..9979196af8 100644 --- a/pkg/report/sarif_test.go +++ b/pkg/report/sarif_test.go @@ -9,6 +9,7 @@ import ( "github.com/stretchr/testify/assert" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" + "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" "github.com/aquasecurity/trivy/pkg/report" "github.com/aquasecurity/trivy/pkg/types" ) @@ -47,12 +48,12 @@ func TestReportWriter_Sarif(t *testing.T) { Title: "foobar", Description: "baz", Severity: "HIGH", - CVSS: map[string]dbTypes.CVSS{ - "nvd": { + CVSS: map[dbTypes.SourceID]dbTypes.CVSS{ + vulnerability.NVD: { V3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", V3Score: 9.8, }, - "redhat": { + vulnerability.RedHat: { V3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", V3Score: 7.5, }, diff --git a/pkg/report/template.go b/pkg/report/template.go index dd58b3fc6a..bb1cfef8be 100644 --- a/pkg/report/template.go +++ b/pkg/report/template.go @@ -3,18 +3,22 @@ package report import ( "bytes" "encoding/xml" - "fmt" "html" "io" "os" "strings" "text/template" - "time" "github.com/Masterminds/sprig" "golang.org/x/xerrors" + + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" + "github.com/aquasecurity/trivy/pkg/log" ) +// CustomTemplateFuncMap is used to overwrite existing functions for testing. +var CustomTemplateFuncMap = map[string]interface{}{} + // TemplateWriter write result in custom format defined by user's template type TemplateWriter struct { Output io.Writer @@ -35,7 +39,7 @@ func NewTemplateWriter(output io.Writer, outputTemplate string) (*TemplateWriter templateFuncMap["escapeXML"] = func(input string) string { escaped := &bytes.Buffer{} if err := xml.EscapeText(escaped, []byte(input)); err != nil { - fmt.Printf("error while escapeString to XML: %v", err.Error()) + log.Logger.Error("error while escapeString to XML: %s", err) return input } return escaped.String() @@ -46,18 +50,18 @@ func NewTemplateWriter(output io.Writer, outputTemplate string) (*TemplateWriter } return input } - templateFuncMap["toLower"] = func(input string) string { - return strings.ToLower(input) - } templateFuncMap["escapeString"] = func(input string) string { return html.EscapeString(input) } - templateFuncMap["getEnv"] = func(key string) string { - return os.Getenv(key) + templateFuncMap["sourceID"] = func(input string) dbTypes.SourceID { + return dbTypes.SourceID(input) } - templateFuncMap["getCurrentTime"] = func() string { - return Now().UTC().Format(time.RFC3339Nano) + + // Overwrite functions + for k, v := range CustomTemplateFuncMap { + templateFuncMap[k] = v } + tmpl, err := template.New("output template").Funcs(templateFuncMap).Parse(outputTemplate) if err != nil { return nil, xerrors.Errorf("error parsing template: %w", err) diff --git a/pkg/report/template_test.go b/pkg/report/template_test.go index b8b018d5e6..68a2316677 100644 --- a/pkg/report/template_test.go +++ b/pkg/report/template_test.go @@ -152,10 +152,10 @@ func TestReportWriter_Template(t *testing.T) { expected: `Critical: 2, High: 1`, }, { - name: "happy path: env var parsing and getCurrentTime", + name: "happy path: env var parsing", detectedVulns: []types.DetectedVulnerability{}, - template: `{{ toLower (getEnv "AWS_ACCOUNT_ID") }} {{ getCurrentTime }}`, - expected: `123456789012 2020-08-10T07:28:17.000958601Z`, + template: `{{ lower (env "AWS_ACCOUNT_ID") }}`, + expected: `123456789012`, }, } for _, tc := range testCases { diff --git a/pkg/result/result.go b/pkg/result/result.go index 2ef9c35619..d9a3d68211 100644 --- a/pkg/result/result.go +++ b/pkg/result/result.go @@ -12,7 +12,6 @@ import ( "github.com/open-policy-agent/opa/rego" "golang.org/x/xerrors" - ftypes "github.com/aquasecurity/fanal/types" "github.com/aquasecurity/trivy-db/pkg/db" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" @@ -28,11 +27,10 @@ const ( ) var ( - primaryURLPrefixes = map[string][]string{ + primaryURLPrefixes = map[dbTypes.SourceID][]string{ vulnerability.Debian: {"http://www.debian.org", "https://www.debian.org"}, vulnerability.Ubuntu: {"http://www.ubuntu.com", "https://usn.ubuntu.com"}, vulnerability.RedHat: {"https://access.redhat.com"}, - vulnerability.OpenSuseCVRF: {"http://lists.opensuse.org", "https://lists.opensuse.org"}, vulnerability.SuseCVRF: {"http://lists.opensuse.org", "https://lists.opensuse.org"}, vulnerability.OracleOVAL: {"http://linux.oracle.com/errata", "https://linux.oracle.com/errata"}, vulnerability.NodejsSecurityWg: {"https://www.npmjs.com", "https://hackerone.com"}, @@ -66,11 +64,14 @@ func (c Client) FillVulnerabilityInfo(vulns []types.DetectedVulnerability, repor continue } - // Detect which data source should be used. - sources := c.detectSource(reportType) + // Detect the data source + var source dbTypes.SourceID + if vulns[i].DataSource != nil { + source = vulns[i].DataSource.ID + } // Select the severity according to the detected source. - severity, severitySource := c.getVendorSeverity(&vuln, sources) + severity, severitySource := c.getVendorSeverity(&vuln, source) // The vendor might provide package-specific severity like Debian. // For example, CVE-2015-2328 in Debian has "unimportant" for mongodb and "low" for pcre3. @@ -85,42 +86,14 @@ func (c Client) FillVulnerabilityInfo(vulns []types.DetectedVulnerability, repor vulns[i].Severity = severity vulns[i].SeveritySource = severitySource - vulns[i].PrimaryURL = c.getPrimaryURL(vulnID, vuln.References, sources) + vulns[i].PrimaryURL = c.getPrimaryURL(vulnID, vuln.References, source) vulns[i].Vulnerability.VendorSeverity = nil // Remove VendorSeverity from Results } } -func (c Client) detectSource(reportType string) []string { - var sources []string - switch reportType { - case vulnerability.Ubuntu, vulnerability.Alpine, vulnerability.RedHat, vulnerability.RedHatOVAL, - vulnerability.Debian, vulnerability.DebianOVAL, vulnerability.Fedora, vulnerability.Amazon, - vulnerability.OracleOVAL, vulnerability.SuseCVRF, vulnerability.OpenSuseCVRF, vulnerability.Photon, vulnerability.Alma, vulnerability.Rocky: - sources = []string{reportType} - case vulnerability.CentOS: // CentOS doesn't have its own so we use RedHat - sources = []string{vulnerability.RedHat} - case "npm", "yarn": - sources = []string{vulnerability.NodejsSecurityWg, vulnerability.GHSANpm, vulnerability.GLAD} - case "nuget": - sources = []string{vulnerability.GHSANuget, vulnerability.GLAD} - case "pipenv", "poetry": - sources = []string{vulnerability.GHSAPip, vulnerability.GLAD} - case "bundler": - sources = []string{vulnerability.RubySec, vulnerability.GHSARubygems, vulnerability.GLAD} - case "cargo": - sources = []string{vulnerability.OSVCratesio} - case "composer": - sources = []string{vulnerability.PhpSecurityAdvisories, vulnerability.GHSAComposer, vulnerability.GLAD} - case ftypes.Jar: - sources = []string{vulnerability.GHSAMaven, vulnerability.GLAD} - } - return sources -} -func (c Client) getVendorSeverity(vuln *dbTypes.Vulnerability, sources []string) (string, string) { - for _, source := range sources { - if vs, ok := vuln.VendorSeverity[source]; ok { - return vs.String(), source - } +func (c Client) getVendorSeverity(vuln *dbTypes.Vulnerability, source dbTypes.SourceID) (string, dbTypes.SourceID) { + if vs, ok := vuln.VendorSeverity[source]; ok { + return vs.String(), source } // Try NVD as a fallback if it exists @@ -135,7 +108,7 @@ func (c Client) getVendorSeverity(vuln *dbTypes.Vulnerability, sources []string) return vuln.Severity, "" } -func (c Client) getPrimaryURL(vulnID string, refs []string, sources []string) string { +func (c Client) getPrimaryURL(vulnID string, refs []string, source dbTypes.SourceID) string { switch { case strings.HasPrefix(vulnID, "CVE-"): return "https://avd.aquasec.com/nvd/" + strings.ToLower(vulnID) @@ -147,13 +120,11 @@ func (c Client) getPrimaryURL(vulnID string, refs []string, sources []string) st return "https://security-tracker.debian.org/tracker/" + vulnID } - for _, source := range sources { - prefixes := primaryURLPrefixes[source] - for _, pre := range prefixes { - for _, ref := range refs { - if strings.HasPrefix(ref, pre) { - return ref - } + prefixes := primaryURLPrefixes[source] + for _, pre := range prefixes { + for _, ref := range refs { + if strings.HasPrefix(ref, pre) { + return ref } } } diff --git a/pkg/result/result_test.go b/pkg/result/result_test.go index 4abfde79f5..1a0d1cc9eb 100644 --- a/pkg/result/result_test.go +++ b/pkg/result/result_test.go @@ -7,6 +7,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + fos "github.com/aquasecurity/fanal/analyzer/os" ftypes "github.com/aquasecurity/fanal/types" "github.com/aquasecurity/trivy-db/pkg/db" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" @@ -35,7 +36,7 @@ func TestClient_FillVulnerabilityInfo(t *testing.T) { vulns: []types.DetectedVulnerability{ {VulnerabilityID: "CVE-2019-0001"}, }, - reportType: vulnerability.RedHat, + reportType: fos.RedHat, }, expectedVulnerabilities: []types.DetectedVulnerability{ { @@ -57,9 +58,16 @@ func TestClient_FillVulnerabilityInfo(t *testing.T) { fixtures: []string{"testdata/fixtures/vulnerability.yaml"}, args: args{ vulns: []types.DetectedVulnerability{ - {VulnerabilityID: "CVE-2019-0002"}, + { + VulnerabilityID: "CVE-2019-0002", + DataSource: &dbTypes.DataSource{ + ID: vulnerability.Ubuntu, + Name: "Ubuntu CVE Tracker", + URL: "https://git.launchpad.net/ubuntu-cve-tracker", + }, + }, }, - reportType: vulnerability.Ubuntu, + reportType: fos.Ubuntu, }, expectedVulnerabilities: []types.DetectedVulnerability{ { @@ -74,6 +82,11 @@ func TestClient_FillVulnerabilityInfo(t *testing.T) { }, SeveritySource: vulnerability.NVD, PrimaryURL: "https://avd.aquasec.com/nvd/cve-2019-0002", + DataSource: &dbTypes.DataSource{ + ID: vulnerability.Ubuntu, + Name: "Ubuntu CVE Tracker", + URL: "https://git.launchpad.net/ubuntu-cve-tracker", + }, }, }, }, @@ -82,9 +95,16 @@ func TestClient_FillVulnerabilityInfo(t *testing.T) { fixtures: []string{"testdata/fixtures/vulnerability.yaml"}, args: args{ vulns: []types.DetectedVulnerability{ - {VulnerabilityID: "CVE-2019-0003"}, + { + VulnerabilityID: "CVE-2019-0003", + DataSource: &dbTypes.DataSource{ + ID: vulnerability.Ubuntu, + Name: "Ubuntu CVE Tracker", + URL: "https://git.launchpad.net/ubuntu-cve-tracker", + }, + }, }, - reportType: vulnerability.Ubuntu, + reportType: fos.Ubuntu, }, expectedVulnerabilities: []types.DetectedVulnerability{ { @@ -96,6 +116,11 @@ func TestClient_FillVulnerabilityInfo(t *testing.T) { References: []string{"http://example.com"}, }, PrimaryURL: "https://avd.aquasec.com/nvd/cve-2019-0003", + DataSource: &dbTypes.DataSource{ + ID: vulnerability.Ubuntu, + Name: "Ubuntu CVE Tracker", + URL: "https://git.launchpad.net/ubuntu-cve-tracker", + }, }, }, }, @@ -104,9 +129,16 @@ func TestClient_FillVulnerabilityInfo(t *testing.T) { fixtures: []string{"testdata/fixtures/vulnerability.yaml"}, args: args{ vulns: []types.DetectedVulnerability{ - {VulnerabilityID: "CVE-2019-0004"}, + { + VulnerabilityID: "CVE-2019-0004", + DataSource: &dbTypes.DataSource{ + ID: vulnerability.RedHat, + Name: "Red Hat OVAL v2", + URL: "https://www.redhat.com/security/data/oval/v2/", + }, + }, }, - reportType: vulnerability.CentOS, + reportType: fos.CentOS, }, expectedVulnerabilities: []types.DetectedVulnerability{ { @@ -117,7 +149,7 @@ func TestClient_FillVulnerabilityInfo(t *testing.T) { Severity: dbTypes.SeverityLow.String(), CweIDs: []string{"CWE-311"}, References: []string{"http://example.com"}, - CVSS: map[string]dbTypes.CVSS{ + CVSS: map[dbTypes.SourceID]dbTypes.CVSS{ vulnerability.NVD: { V2Vector: "AV:N/AC:L/Au:N/C:P/I:P/A:P", V2Score: 4.5, @@ -134,6 +166,11 @@ func TestClient_FillVulnerabilityInfo(t *testing.T) { }, SeveritySource: vulnerability.RedHat, PrimaryURL: "https://avd.aquasec.com/nvd/cve-2019-0004", + DataSource: &dbTypes.DataSource{ + ID: vulnerability.RedHat, + Name: "Red Hat OVAL v2", + URL: "https://www.redhat.com/security/data/oval/v2/", + }, }, }, }, @@ -142,7 +179,14 @@ func TestClient_FillVulnerabilityInfo(t *testing.T) { fixtures: []string{"testdata/fixtures/vulnerability.yaml"}, args: args{ vulns: []types.DetectedVulnerability{ - {VulnerabilityID: "CVE-2019-0005"}, + { + VulnerabilityID: "CVE-2019-0005", + DataSource: &dbTypes.DataSource{ + ID: vulnerability.GHSA, + Name: "GitHub Security Advisory Pip", + URL: "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip", + }, + }, }, reportType: ftypes.Poetry, }, @@ -155,8 +199,13 @@ func TestClient_FillVulnerabilityInfo(t *testing.T) { Severity: dbTypes.SeverityCritical.String(), References: []string{"https://www.who.int/emergencies/diseases/novel-coronavirus-2019"}, }, - SeveritySource: vulnerability.GHSAPip, + SeveritySource: vulnerability.GHSA, PrimaryURL: "https://avd.aquasec.com/nvd/cve-2019-0005", + DataSource: &dbTypes.DataSource{ + ID: vulnerability.GHSA, + Name: "GitHub Security Advisory Pip", + URL: "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip", + }, }, }, }, @@ -173,7 +222,7 @@ func TestClient_FillVulnerabilityInfo(t *testing.T) { }, }, }, - reportType: vulnerability.Debian, + reportType: fos.Debian, }, expectedVulnerabilities: []types.DetectedVulnerability{ { @@ -222,9 +271,9 @@ func TestClient_FillVulnerabilityInfo(t *testing.T) { func TestClient_getPrimaryURL(t *testing.T) { type args struct { - vulnID string - refs []string - sources []string + vulnID string + refs []string + source dbTypes.SourceID } tests := []struct { name string @@ -234,36 +283,36 @@ func TestClient_getPrimaryURL(t *testing.T) { { name: "CVE-ID", args: args{ - vulnID: "CVE-2014-8484", - refs: []string{"http://linux.oracle.com/cve/CVE-2014-8484.html"}, - sources: []string{vulnerability.OracleOVAL}, + vulnID: "CVE-2014-8484", + refs: []string{"http://linux.oracle.com/cve/CVE-2014-8484.html"}, + source: vulnerability.OracleOVAL, }, want: "https://avd.aquasec.com/nvd/cve-2014-8484", }, { name: "RUSTSEC", args: args{ - vulnID: "RUSTSEC-2018-0017", - refs: []string{"https://github.com/rust-lang-deprecated/tempdir/pull/46"}, - sources: []string{vulnerability.OSVCratesio}, + vulnID: "RUSTSEC-2018-0017", + refs: []string{"https://github.com/rust-lang-deprecated/tempdir/pull/46"}, + source: vulnerability.OSV, }, want: "https://osv.dev/vulnerability/RUSTSEC-2018-0017", }, { name: "GHSA", args: args{ - vulnID: "GHSA-28fw-88hq-6jmm", - refs: []string{}, - sources: []string{vulnerability.PhpSecurityAdvisories}, + vulnID: "GHSA-28fw-88hq-6jmm", + refs: []string{}, + source: vulnerability.PhpSecurityAdvisories, }, want: "https://github.com/advisories/GHSA-28fw-88hq-6jmm", }, { name: "Debian temp vulnerability", args: args{ - vulnID: "TEMP-0841856-B18BAF", - refs: []string{}, - sources: []string{vulnerability.DebianOVAL}, + vulnID: "TEMP-0841856-B18BAF", + refs: []string{}, + source: vulnerability.Debian, }, want: "https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF", }, @@ -276,7 +325,7 @@ func TestClient_getPrimaryURL(t *testing.T) { "https://github.com/lodash/lodash/pull/4759", "https://www.npmjs.com/advisories/1523", }, - sources: []string{vulnerability.NodejsSecurityWg}, + source: vulnerability.NodejsSecurityWg, }, want: "https://www.npmjs.com/advisories/1523", }, @@ -288,7 +337,7 @@ func TestClient_getPrimaryURL(t *testing.T) { "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00076.html", "https://www.suse.com/support/security/rating/", }, - sources: []string{vulnerability.OpenSuseCVRF}, + source: vulnerability.SuseCVRF, }, want: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00076.html", }, @@ -296,7 +345,7 @@ func TestClient_getPrimaryURL(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { c := Client{} - got := c.getPrimaryURL(tt.args.vulnID, tt.args.refs, tt.args.sources) + got := c.getPrimaryURL(tt.args.vulnID, tt.args.refs, tt.args.source) assert.Equal(t, tt.want, got) }) } diff --git a/pkg/result/testdata/fixtures/vulnerability.yaml b/pkg/result/testdata/fixtures/vulnerability.yaml index 62ecf9a1eb..623c14a246 100644 --- a/pkg/result/testdata/fixtures/vulnerability.yaml +++ b/pkg/result/testdata/fixtures/vulnerability.yaml @@ -54,6 +54,6 @@ Description: a nasty virus vulnerability for humans Severity: MEDIUM VendorSeverity: - ghsa-pip: 4 + ghsa: 4 References: - "https://www.who.int/emergencies/diseases/novel-coronavirus-2019" diff --git a/pkg/rpc/convert.go b/pkg/rpc/convert.go index 78c370d7c7..4f4b5458e2 100644 --- a/pkg/rpc/convert.go +++ b/pkg/rpc/convert.go @@ -96,7 +96,7 @@ func ConvertToRPCVulns(vulns []types.DetectedVulnerability) []*common.Vulnerabil } cvssMap := make(map[string]*common.CVSS) // This is needed because protobuf generates a map[string]*CVSS type for vendor, vendorSeverity := range vuln.CVSS { - cvssMap[vendor] = &common.CVSS{ + cvssMap[string(vendor)] = &common.CVSS{ V2Vector: vendorSeverity.V2Vector, V3Vector: vendorSeverity.V3Vector, V2Score: vendorSeverity.V2Score, @@ -133,7 +133,7 @@ func ConvertToRPCVulns(vulns []types.DetectedVulnerability) []*common.Vulnerabil References: vuln.References, Layer: ConvertToRPCLayer(vuln.Layer), Cvss: cvssMap, - SeveritySource: vuln.SeveritySource, + SeveritySource: string(vuln.SeveritySource), CweIds: vuln.CweIDs, PrimaryUrl: vuln.PrimaryURL, LastModifiedDate: lastModifiedDate, @@ -187,6 +187,7 @@ func ConvertToRPCDataSource(ds *dbTypes.DataSource) *common.DataSource { return nil } return &common.DataSource{ + Id: string(ds.ID), Name: ds.Name, Url: ds.URL, } @@ -215,7 +216,7 @@ func ConvertFromRPCVulns(rpcVulns []*common.Vulnerability) []types.DetectedVulne severity := dbTypes.Severity(vuln.Severity) cvssMap := make(dbTypes.VendorCVSS) // This is needed because protobuf generates a map[string]*CVSS type for vendor, vendorSeverity := range vuln.Cvss { - cvssMap[vendor] = dbTypes.CVSS{ + cvssMap[dbTypes.SourceID(vendor)] = dbTypes.CVSS{ V2Vector: vendorSeverity.V2Vector, V3Vector: vendorSeverity.V3Vector, V2Score: vendorSeverity.V2Score, @@ -251,7 +252,7 @@ func ConvertFromRPCVulns(rpcVulns []*common.Vulnerability) []types.DetectedVulne Custom: vuln.CustomVulnData.AsInterface(), }, Layer: ConvertFromRPCLayer(vuln.Layer), - SeveritySource: vuln.SeveritySource, + SeveritySource: dbTypes.SourceID(vuln.SeveritySource), PrimaryURL: vuln.PrimaryUrl, Custom: vuln.CustomAdvisoryData.AsInterface(), DataSource: ConvertFromRPCDataSource(vuln.DataSource), @@ -311,6 +312,7 @@ func ConvertFromRPCDataSource(ds *common.DataSource) *dbTypes.DataSource { return nil } return &dbTypes.DataSource{ + ID: dbTypes.SourceID(ds.Id), Name: ds.Name, URL: ds.Url, } diff --git a/pkg/rpc/convert_test.go b/pkg/rpc/convert_test.go index b853c62621..e663855bd1 100644 --- a/pkg/rpc/convert_test.go +++ b/pkg/rpc/convert_test.go @@ -7,6 +7,7 @@ import ( "github.com/stretchr/testify/assert" "google.golang.org/protobuf/types/known/timestamppb" + fos "github.com/aquasecurity/fanal/analyzer/os" ftypes "github.com/aquasecurity/fanal/types" ptypes "github.com/aquasecurity/go-dep-parser/pkg/types" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" @@ -351,7 +352,7 @@ func TestConvertFromRPCResults(t *testing.T) { args: args{rpcResults: []*scanner.Result{ { Target: "alpine:3.10", - Type: vulnerability.Alpine, + Type: fos.Alpine, Vulnerabilities: []*common.Vulnerability{ { VulnerabilityId: "CVE-2019-0001", @@ -361,7 +362,7 @@ func TestConvertFromRPCResults(t *testing.T) { Title: "DoS", Description: "Denial of Service", Severity: common.Severity_MEDIUM, - SeveritySource: vulnerability.NVD, + SeveritySource: string(vulnerability.NVD), CweIds: []string{"CWE-123", "CWE-456"}, Cvss: map[string]*common.CVSS{ "redhat": { @@ -390,7 +391,7 @@ func TestConvertFromRPCResults(t *testing.T) { want: []report.Result{ { Target: "alpine:3.10", - Type: vulnerability.Alpine, + Type: fos.Alpine, Vulnerabilities: []types.DetectedVulnerability{ { VulnerabilityID: "CVE-2019-0001", @@ -435,7 +436,7 @@ func TestConvertFromRPCResults(t *testing.T) { args: args{rpcResults: []*scanner.Result{ { Target: "alpine:3.10", - Type: vulnerability.Alpine, + Type: fos.Alpine, Vulnerabilities: []*common.Vulnerability{ { VulnerabilityId: "CVE-2019-0001", @@ -445,7 +446,7 @@ func TestConvertFromRPCResults(t *testing.T) { Title: "DoS", Description: "Denial of Service", Severity: common.Severity_MEDIUM, - SeveritySource: vulnerability.NVD, + SeveritySource: string(vulnerability.NVD), CweIds: []string{"CWE-123", "CWE-456"}, Cvss: map[string]*common.CVSS{ "redhat": { @@ -470,7 +471,7 @@ func TestConvertFromRPCResults(t *testing.T) { want: []report.Result{ { Target: "alpine:3.10", - Type: vulnerability.Alpine, + Type: fos.Alpine, Vulnerabilities: []types.DetectedVulnerability{ { VulnerabilityID: "CVE-2019-0001", diff --git a/pkg/scanner/local/scan_test.go b/pkg/scanner/local/scan_test.go index d7de6c001a..120e1fb119 100644 --- a/pkg/scanner/local/scan_test.go +++ b/pkg/scanner/local/scan_test.go @@ -8,9 +8,9 @@ import ( "github.com/stretchr/testify/require" "github.com/aquasecurity/fanal/analyzer" + fos "github.com/aquasecurity/fanal/analyzer/os" ftypes "github.com/aquasecurity/fanal/types" "github.com/aquasecurity/trivy-db/pkg/db" - "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" "github.com/aquasecurity/trivy/pkg/dbtest" ospkgDetector "github.com/aquasecurity/trivy/pkg/detector/ospkg" "github.com/aquasecurity/trivy/pkg/report" @@ -51,7 +51,7 @@ func TestScanner_Scan(t *testing.T) { Returns: ApplierApplyLayersReturns{ Detail: ftypes.ArtifactDetail{ OS: &ftypes.OS{ - Family: "alpine", + Family: fos.Alpine, Name: "3.11", }, Packages: []ftypes.Package{ @@ -127,7 +127,7 @@ func TestScanner_Scan(t *testing.T) { }, }, Class: report.ClassOSPkg, - Type: vulnerability.Alpine, + Type: fos.Alpine, }, { Target: "/app/Gemfile.lock", @@ -277,7 +277,7 @@ func TestScanner_Scan(t *testing.T) { }, }, Class: report.ClassOSPkg, - Type: vulnerability.Alpine, + Type: fos.Alpine, }, { Target: "/app/Gemfile.lock", @@ -421,7 +421,7 @@ func TestScanner_Scan(t *testing.T) { { Target: "alpine:latest (alpine 3.11)", Class: report.ClassOSPkg, - Type: vulnerability.Alpine, + Type: fos.Alpine, }, { Target: "/app/Gemfile.lock", @@ -931,10 +931,9 @@ func TestScanner_Scan(t *testing.T) { require.NotNil(t, err, tt.name) require.Contains(t, err.Error(), tt.wantErr, tt.name) return - } else { - require.NoError(t, err, tt.name) } + require.NoError(t, err, tt.name) assert.Equal(t, tt.wantResults, gotResults) assert.Equal(t, tt.wantOS, gotOS) diff --git a/pkg/scanner/local/testdata/fixtures/happy.yaml b/pkg/scanner/local/testdata/fixtures/happy.yaml index 605bbb23d6..7132e69adf 100644 --- a/pkg/scanner/local/testdata/fixtures/happy.yaml +++ b/pkg/scanner/local/testdata/fixtures/happy.yaml @@ -1,4 +1,4 @@ -- bucket: "GitHub Security Advisory RubyGems" +- bucket: "rubygems::GitHub Security Advisory RubyGems" pairs: - bucket: rails pairs: diff --git a/pkg/scanner/local/testdata/fixtures/sad.yaml b/pkg/scanner/local/testdata/fixtures/sad.yaml index ea14c83c22..10bca78803 100644 --- a/pkg/scanner/local/testdata/fixtures/sad.yaml +++ b/pkg/scanner/local/testdata/fixtures/sad.yaml @@ -1,4 +1,4 @@ -- bucket: "ruby-advisory-db" +- bucket: "rubygems::uby-advisory-db" pairs: - bucket: rails pairs: diff --git a/pkg/types/vulnerability.go b/pkg/types/vulnerability.go index 4801157608..1bf7fb856b 100644 --- a/pkg/types/vulnerability.go +++ b/pkg/types/vulnerability.go @@ -7,15 +7,15 @@ import ( // DetectedVulnerability holds the information of detected vulnerabilities type DetectedVulnerability struct { - VulnerabilityID string `json:",omitempty"` - VendorIDs []string `json:",omitempty"` - PkgName string `json:",omitempty"` - PkgPath string `json:",omitempty"` // It will be filled in the case of language-specific packages such as egg/wheel and gemspec - InstalledVersion string `json:",omitempty"` - FixedVersion string `json:",omitempty"` - Layer ftypes.Layer `json:",omitempty"` - SeveritySource string `json:",omitempty"` - PrimaryURL string `json:",omitempty"` + VulnerabilityID string `json:",omitempty"` + VendorIDs []string `json:",omitempty"` + PkgName string `json:",omitempty"` + PkgPath string `json:",omitempty"` // It will be filled in the case of language-specific packages such as egg/wheel and gemspec + InstalledVersion string `json:",omitempty"` + FixedVersion string `json:",omitempty"` + Layer ftypes.Layer `json:",omitempty"` + SeveritySource types.SourceID `json:",omitempty"` + PrimaryURL string `json:",omitempty"` // DataSource holds where the advisory comes from DataSource *types.DataSource `json:",omitempty"` diff --git a/rpc/cache/service.pb.go b/rpc/cache/service.pb.go index dc0df742f1..2b061841c5 100644 --- a/rpc/cache/service.pb.go +++ b/rpc/cache/service.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.27.1 -// protoc v3.19.1 +// protoc v3.19.4 // source: rpc/cache/service.proto package cache diff --git a/rpc/common/service.pb.go b/rpc/common/service.pb.go index a5695acb4a..29a741188b 100644 --- a/rpc/common/service.pb.go +++ b/rpc/common/service.pb.go @@ -1,26 +1,26 @@ // Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.27.1 +// protoc v3.19.4 // source: rpc/common/service.proto package common import ( - fmt "fmt" - proto "github.com/golang/protobuf/proto" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" structpb "google.golang.org/protobuf/types/known/structpb" timestamppb "google.golang.org/protobuf/types/known/timestamppb" - math "math" + reflect "reflect" + sync "sync" ) -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) type Severity int32 @@ -32,188 +32,237 @@ const ( Severity_CRITICAL Severity = 4 ) -var Severity_name = map[int32]string{ - 0: "UNKNOWN", - 1: "LOW", - 2: "MEDIUM", - 3: "HIGH", - 4: "CRITICAL", -} +// Enum value maps for Severity. +var ( + Severity_name = map[int32]string{ + 0: "UNKNOWN", + 1: "LOW", + 2: "MEDIUM", + 3: "HIGH", + 4: "CRITICAL", + } + Severity_value = map[string]int32{ + "UNKNOWN": 0, + "LOW": 1, + "MEDIUM": 2, + "HIGH": 3, + "CRITICAL": 4, + } +) -var Severity_value = map[string]int32{ - "UNKNOWN": 0, - "LOW": 1, - "MEDIUM": 2, - "HIGH": 3, - "CRITICAL": 4, +func (x Severity) Enum() *Severity { + p := new(Severity) + *p = x + return p } func (x Severity) String() string { - return proto.EnumName(Severity_name, int32(x)) + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) } +func (Severity) Descriptor() protoreflect.EnumDescriptor { + return file_rpc_common_service_proto_enumTypes[0].Descriptor() +} + +func (Severity) Type() protoreflect.EnumType { + return &file_rpc_common_service_proto_enumTypes[0] +} + +func (x Severity) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use Severity.Descriptor instead. func (Severity) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_6e749acacaaabfff, []int{0} + return file_rpc_common_service_proto_rawDescGZIP(), []int{0} } type OS struct { - Family string `protobuf:"bytes,1,opt,name=family,proto3" json:"family,omitempty"` - Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` - Eosl bool `protobuf:"varint,3,opt,name=eosl,proto3" json:"eosl,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Family string `protobuf:"bytes,1,opt,name=family,proto3" json:"family,omitempty"` + Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` + Eosl bool `protobuf:"varint,3,opt,name=eosl,proto3" json:"eosl,omitempty"` } -func (m *OS) Reset() { *m = OS{} } -func (m *OS) String() string { return proto.CompactTextString(m) } -func (*OS) ProtoMessage() {} +func (x *OS) Reset() { + *x = OS{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_common_service_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *OS) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*OS) ProtoMessage() {} + +func (x *OS) ProtoReflect() protoreflect.Message { + mi := &file_rpc_common_service_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use OS.ProtoReflect.Descriptor instead. func (*OS) Descriptor() ([]byte, []int) { - return fileDescriptor_6e749acacaaabfff, []int{0} + return file_rpc_common_service_proto_rawDescGZIP(), []int{0} } -func (m *OS) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_OS.Unmarshal(m, b) -} -func (m *OS) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_OS.Marshal(b, m, deterministic) -} -func (m *OS) XXX_Merge(src proto.Message) { - xxx_messageInfo_OS.Merge(m, src) -} -func (m *OS) XXX_Size() int { - return xxx_messageInfo_OS.Size(m) -} -func (m *OS) XXX_DiscardUnknown() { - xxx_messageInfo_OS.DiscardUnknown(m) -} - -var xxx_messageInfo_OS proto.InternalMessageInfo - -func (m *OS) GetFamily() string { - if m != nil { - return m.Family +func (x *OS) GetFamily() string { + if x != nil { + return x.Family } return "" } -func (m *OS) GetName() string { - if m != nil { - return m.Name +func (x *OS) GetName() string { + if x != nil { + return x.Name } return "" } -func (m *OS) GetEosl() bool { - if m != nil { - return m.Eosl +func (x *OS) GetEosl() bool { + if x != nil { + return x.Eosl } return false } type PackageInfo struct { - FilePath string `protobuf:"bytes,1,opt,name=file_path,json=filePath,proto3" json:"file_path,omitempty"` - Packages []*Package `protobuf:"bytes,2,rep,name=packages,proto3" json:"packages,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + FilePath string `protobuf:"bytes,1,opt,name=file_path,json=filePath,proto3" json:"file_path,omitempty"` + Packages []*Package `protobuf:"bytes,2,rep,name=packages,proto3" json:"packages,omitempty"` } -func (m *PackageInfo) Reset() { *m = PackageInfo{} } -func (m *PackageInfo) String() string { return proto.CompactTextString(m) } -func (*PackageInfo) ProtoMessage() {} +func (x *PackageInfo) Reset() { + *x = PackageInfo{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_common_service_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PackageInfo) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PackageInfo) ProtoMessage() {} + +func (x *PackageInfo) ProtoReflect() protoreflect.Message { + mi := &file_rpc_common_service_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PackageInfo.ProtoReflect.Descriptor instead. func (*PackageInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_6e749acacaaabfff, []int{1} + return file_rpc_common_service_proto_rawDescGZIP(), []int{1} } -func (m *PackageInfo) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_PackageInfo.Unmarshal(m, b) -} -func (m *PackageInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_PackageInfo.Marshal(b, m, deterministic) -} -func (m *PackageInfo) XXX_Merge(src proto.Message) { - xxx_messageInfo_PackageInfo.Merge(m, src) -} -func (m *PackageInfo) XXX_Size() int { - return xxx_messageInfo_PackageInfo.Size(m) -} -func (m *PackageInfo) XXX_DiscardUnknown() { - xxx_messageInfo_PackageInfo.DiscardUnknown(m) -} - -var xxx_messageInfo_PackageInfo proto.InternalMessageInfo - -func (m *PackageInfo) GetFilePath() string { - if m != nil { - return m.FilePath +func (x *PackageInfo) GetFilePath() string { + if x != nil { + return x.FilePath } return "" } -func (m *PackageInfo) GetPackages() []*Package { - if m != nil { - return m.Packages +func (x *PackageInfo) GetPackages() []*Package { + if x != nil { + return x.Packages } return nil } type Application struct { - Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` - FilePath string `protobuf:"bytes,2,opt,name=file_path,json=filePath,proto3" json:"file_path,omitempty"` - Libraries []*Library `protobuf:"bytes,3,rep,name=libraries,proto3" json:"libraries,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` + FilePath string `protobuf:"bytes,2,opt,name=file_path,json=filePath,proto3" json:"file_path,omitempty"` + Libraries []*Library `protobuf:"bytes,3,rep,name=libraries,proto3" json:"libraries,omitempty"` } -func (m *Application) Reset() { *m = Application{} } -func (m *Application) String() string { return proto.CompactTextString(m) } -func (*Application) ProtoMessage() {} +func (x *Application) Reset() { + *x = Application{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_common_service_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Application) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Application) ProtoMessage() {} + +func (x *Application) ProtoReflect() protoreflect.Message { + mi := &file_rpc_common_service_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Application.ProtoReflect.Descriptor instead. func (*Application) Descriptor() ([]byte, []int) { - return fileDescriptor_6e749acacaaabfff, []int{2} + return file_rpc_common_service_proto_rawDescGZIP(), []int{2} } -func (m *Application) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Application.Unmarshal(m, b) -} -func (m *Application) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Application.Marshal(b, m, deterministic) -} -func (m *Application) XXX_Merge(src proto.Message) { - xxx_messageInfo_Application.Merge(m, src) -} -func (m *Application) XXX_Size() int { - return xxx_messageInfo_Application.Size(m) -} -func (m *Application) XXX_DiscardUnknown() { - xxx_messageInfo_Application.DiscardUnknown(m) -} - -var xxx_messageInfo_Application proto.InternalMessageInfo - -func (m *Application) GetType() string { - if m != nil { - return m.Type +func (x *Application) GetType() string { + if x != nil { + return x.Type } return "" } -func (m *Application) GetFilePath() string { - if m != nil { - return m.FilePath +func (x *Application) GetFilePath() string { + if x != nil { + return x.FilePath } return "" } -func (m *Application) GetLibraries() []*Library { - if m != nil { - return m.Libraries +func (x *Application) GetLibraries() []*Library { + if x != nil { + return x.Libraries } return nil } type Package struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + // binary package // e.g. bind-utils Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` @@ -223,897 +272,1293 @@ type Package struct { Arch string `protobuf:"bytes,5,opt,name=arch,proto3" json:"arch,omitempty"` // src package containing some binary packages // e.g. bind - SrcName string `protobuf:"bytes,6,opt,name=src_name,json=srcName,proto3" json:"src_name,omitempty"` - SrcVersion string `protobuf:"bytes,7,opt,name=src_version,json=srcVersion,proto3" json:"src_version,omitempty"` - SrcRelease string `protobuf:"bytes,8,opt,name=src_release,json=srcRelease,proto3" json:"src_release,omitempty"` - SrcEpoch int32 `protobuf:"varint,9,opt,name=src_epoch,json=srcEpoch,proto3" json:"src_epoch,omitempty"` - License string `protobuf:"bytes,10,opt,name=license,proto3" json:"license,omitempty"` - Layer *Layer `protobuf:"bytes,11,opt,name=layer,proto3" json:"layer,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + SrcName string `protobuf:"bytes,6,opt,name=src_name,json=srcName,proto3" json:"src_name,omitempty"` + SrcVersion string `protobuf:"bytes,7,opt,name=src_version,json=srcVersion,proto3" json:"src_version,omitempty"` + SrcRelease string `protobuf:"bytes,8,opt,name=src_release,json=srcRelease,proto3" json:"src_release,omitempty"` + SrcEpoch int32 `protobuf:"varint,9,opt,name=src_epoch,json=srcEpoch,proto3" json:"src_epoch,omitempty"` + License string `protobuf:"bytes,10,opt,name=license,proto3" json:"license,omitempty"` + Layer *Layer `protobuf:"bytes,11,opt,name=layer,proto3" json:"layer,omitempty"` } -func (m *Package) Reset() { *m = Package{} } -func (m *Package) String() string { return proto.CompactTextString(m) } -func (*Package) ProtoMessage() {} +func (x *Package) Reset() { + *x = Package{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_common_service_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Package) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Package) ProtoMessage() {} + +func (x *Package) ProtoReflect() protoreflect.Message { + mi := &file_rpc_common_service_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Package.ProtoReflect.Descriptor instead. func (*Package) Descriptor() ([]byte, []int) { - return fileDescriptor_6e749acacaaabfff, []int{3} + return file_rpc_common_service_proto_rawDescGZIP(), []int{3} } -func (m *Package) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Package.Unmarshal(m, b) -} -func (m *Package) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Package.Marshal(b, m, deterministic) -} -func (m *Package) XXX_Merge(src proto.Message) { - xxx_messageInfo_Package.Merge(m, src) -} -func (m *Package) XXX_Size() int { - return xxx_messageInfo_Package.Size(m) -} -func (m *Package) XXX_DiscardUnknown() { - xxx_messageInfo_Package.DiscardUnknown(m) -} - -var xxx_messageInfo_Package proto.InternalMessageInfo - -func (m *Package) GetName() string { - if m != nil { - return m.Name +func (x *Package) GetName() string { + if x != nil { + return x.Name } return "" } -func (m *Package) GetVersion() string { - if m != nil { - return m.Version +func (x *Package) GetVersion() string { + if x != nil { + return x.Version } return "" } -func (m *Package) GetRelease() string { - if m != nil { - return m.Release +func (x *Package) GetRelease() string { + if x != nil { + return x.Release } return "" } -func (m *Package) GetEpoch() int32 { - if m != nil { - return m.Epoch +func (x *Package) GetEpoch() int32 { + if x != nil { + return x.Epoch } return 0 } -func (m *Package) GetArch() string { - if m != nil { - return m.Arch +func (x *Package) GetArch() string { + if x != nil { + return x.Arch } return "" } -func (m *Package) GetSrcName() string { - if m != nil { - return m.SrcName +func (x *Package) GetSrcName() string { + if x != nil { + return x.SrcName } return "" } -func (m *Package) GetSrcVersion() string { - if m != nil { - return m.SrcVersion +func (x *Package) GetSrcVersion() string { + if x != nil { + return x.SrcVersion } return "" } -func (m *Package) GetSrcRelease() string { - if m != nil { - return m.SrcRelease +func (x *Package) GetSrcRelease() string { + if x != nil { + return x.SrcRelease } return "" } -func (m *Package) GetSrcEpoch() int32 { - if m != nil { - return m.SrcEpoch +func (x *Package) GetSrcEpoch() int32 { + if x != nil { + return x.SrcEpoch } return 0 } -func (m *Package) GetLicense() string { - if m != nil { - return m.License +func (x *Package) GetLicense() string { + if x != nil { + return x.License } return "" } -func (m *Package) GetLayer() *Layer { - if m != nil { - return m.Layer +func (x *Package) GetLayer() *Layer { + if x != nil { + return x.Layer } return nil } type Library struct { - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - Version string `protobuf:"bytes,2,opt,name=version,proto3" json:"version,omitempty"` - License string `protobuf:"bytes,3,opt,name=license,proto3" json:"license,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + Version string `protobuf:"bytes,2,opt,name=version,proto3" json:"version,omitempty"` + License string `protobuf:"bytes,3,opt,name=license,proto3" json:"license,omitempty"` } -func (m *Library) Reset() { *m = Library{} } -func (m *Library) String() string { return proto.CompactTextString(m) } -func (*Library) ProtoMessage() {} +func (x *Library) Reset() { + *x = Library{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_common_service_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Library) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Library) ProtoMessage() {} + +func (x *Library) ProtoReflect() protoreflect.Message { + mi := &file_rpc_common_service_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Library.ProtoReflect.Descriptor instead. func (*Library) Descriptor() ([]byte, []int) { - return fileDescriptor_6e749acacaaabfff, []int{4} + return file_rpc_common_service_proto_rawDescGZIP(), []int{4} } -func (m *Library) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Library.Unmarshal(m, b) -} -func (m *Library) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Library.Marshal(b, m, deterministic) -} -func (m *Library) XXX_Merge(src proto.Message) { - xxx_messageInfo_Library.Merge(m, src) -} -func (m *Library) XXX_Size() int { - return xxx_messageInfo_Library.Size(m) -} -func (m *Library) XXX_DiscardUnknown() { - xxx_messageInfo_Library.DiscardUnknown(m) -} - -var xxx_messageInfo_Library proto.InternalMessageInfo - -func (m *Library) GetName() string { - if m != nil { - return m.Name +func (x *Library) GetName() string { + if x != nil { + return x.Name } return "" } -func (m *Library) GetVersion() string { - if m != nil { - return m.Version +func (x *Library) GetVersion() string { + if x != nil { + return x.Version } return "" } -func (m *Library) GetLicense() string { - if m != nil { - return m.License +func (x *Library) GetLicense() string { + if x != nil { + return x.License } return "" } type Misconfiguration struct { - FileType string `protobuf:"bytes,1,opt,name=file_type,json=fileType,proto3" json:"file_type,omitempty"` - FilePath string `protobuf:"bytes,2,opt,name=file_path,json=filePath,proto3" json:"file_path,omitempty"` - Successes []*MisconfResult `protobuf:"bytes,3,rep,name=successes,proto3" json:"successes,omitempty"` - Warnings []*MisconfResult `protobuf:"bytes,4,rep,name=warnings,proto3" json:"warnings,omitempty"` - Failures []*MisconfResult `protobuf:"bytes,5,rep,name=failures,proto3" json:"failures,omitempty"` - Exceptions []*MisconfResult `protobuf:"bytes,6,rep,name=exceptions,proto3" json:"exceptions,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + FileType string `protobuf:"bytes,1,opt,name=file_type,json=fileType,proto3" json:"file_type,omitempty"` + FilePath string `protobuf:"bytes,2,opt,name=file_path,json=filePath,proto3" json:"file_path,omitempty"` + Successes []*MisconfResult `protobuf:"bytes,3,rep,name=successes,proto3" json:"successes,omitempty"` + Warnings []*MisconfResult `protobuf:"bytes,4,rep,name=warnings,proto3" json:"warnings,omitempty"` + Failures []*MisconfResult `protobuf:"bytes,5,rep,name=failures,proto3" json:"failures,omitempty"` + Exceptions []*MisconfResult `protobuf:"bytes,6,rep,name=exceptions,proto3" json:"exceptions,omitempty"` } -func (m *Misconfiguration) Reset() { *m = Misconfiguration{} } -func (m *Misconfiguration) String() string { return proto.CompactTextString(m) } -func (*Misconfiguration) ProtoMessage() {} +func (x *Misconfiguration) Reset() { + *x = Misconfiguration{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_common_service_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Misconfiguration) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Misconfiguration) ProtoMessage() {} + +func (x *Misconfiguration) ProtoReflect() protoreflect.Message { + mi := &file_rpc_common_service_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Misconfiguration.ProtoReflect.Descriptor instead. func (*Misconfiguration) Descriptor() ([]byte, []int) { - return fileDescriptor_6e749acacaaabfff, []int{5} + return file_rpc_common_service_proto_rawDescGZIP(), []int{5} } -func (m *Misconfiguration) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Misconfiguration.Unmarshal(m, b) -} -func (m *Misconfiguration) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Misconfiguration.Marshal(b, m, deterministic) -} -func (m *Misconfiguration) XXX_Merge(src proto.Message) { - xxx_messageInfo_Misconfiguration.Merge(m, src) -} -func (m *Misconfiguration) XXX_Size() int { - return xxx_messageInfo_Misconfiguration.Size(m) -} -func (m *Misconfiguration) XXX_DiscardUnknown() { - xxx_messageInfo_Misconfiguration.DiscardUnknown(m) -} - -var xxx_messageInfo_Misconfiguration proto.InternalMessageInfo - -func (m *Misconfiguration) GetFileType() string { - if m != nil { - return m.FileType +func (x *Misconfiguration) GetFileType() string { + if x != nil { + return x.FileType } return "" } -func (m *Misconfiguration) GetFilePath() string { - if m != nil { - return m.FilePath +func (x *Misconfiguration) GetFilePath() string { + if x != nil { + return x.FilePath } return "" } -func (m *Misconfiguration) GetSuccesses() []*MisconfResult { - if m != nil { - return m.Successes +func (x *Misconfiguration) GetSuccesses() []*MisconfResult { + if x != nil { + return x.Successes } return nil } -func (m *Misconfiguration) GetWarnings() []*MisconfResult { - if m != nil { - return m.Warnings +func (x *Misconfiguration) GetWarnings() []*MisconfResult { + if x != nil { + return x.Warnings } return nil } -func (m *Misconfiguration) GetFailures() []*MisconfResult { - if m != nil { - return m.Failures +func (x *Misconfiguration) GetFailures() []*MisconfResult { + if x != nil { + return x.Failures } return nil } -func (m *Misconfiguration) GetExceptions() []*MisconfResult { - if m != nil { - return m.Exceptions +func (x *Misconfiguration) GetExceptions() []*MisconfResult { + if x != nil { + return x.Exceptions } return nil } type MisconfResult struct { - Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` - Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"` - Type string `protobuf:"bytes,3,opt,name=type,proto3" json:"type,omitempty"` - Id string `protobuf:"bytes,4,opt,name=id,proto3" json:"id,omitempty"` - Title string `protobuf:"bytes,5,opt,name=title,proto3" json:"title,omitempty"` - Severity string `protobuf:"bytes,6,opt,name=severity,proto3" json:"severity,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` + Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"` + Type string `protobuf:"bytes,3,opt,name=type,proto3" json:"type,omitempty"` + Id string `protobuf:"bytes,4,opt,name=id,proto3" json:"id,omitempty"` + Title string `protobuf:"bytes,5,opt,name=title,proto3" json:"title,omitempty"` + Severity string `protobuf:"bytes,6,opt,name=severity,proto3" json:"severity,omitempty"` } -func (m *MisconfResult) Reset() { *m = MisconfResult{} } -func (m *MisconfResult) String() string { return proto.CompactTextString(m) } -func (*MisconfResult) ProtoMessage() {} +func (x *MisconfResult) Reset() { + *x = MisconfResult{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_common_service_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MisconfResult) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MisconfResult) ProtoMessage() {} + +func (x *MisconfResult) ProtoReflect() protoreflect.Message { + mi := &file_rpc_common_service_proto_msgTypes[6] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MisconfResult.ProtoReflect.Descriptor instead. func (*MisconfResult) Descriptor() ([]byte, []int) { - return fileDescriptor_6e749acacaaabfff, []int{6} + return file_rpc_common_service_proto_rawDescGZIP(), []int{6} } -func (m *MisconfResult) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_MisconfResult.Unmarshal(m, b) -} -func (m *MisconfResult) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_MisconfResult.Marshal(b, m, deterministic) -} -func (m *MisconfResult) XXX_Merge(src proto.Message) { - xxx_messageInfo_MisconfResult.Merge(m, src) -} -func (m *MisconfResult) XXX_Size() int { - return xxx_messageInfo_MisconfResult.Size(m) -} -func (m *MisconfResult) XXX_DiscardUnknown() { - xxx_messageInfo_MisconfResult.DiscardUnknown(m) -} - -var xxx_messageInfo_MisconfResult proto.InternalMessageInfo - -func (m *MisconfResult) GetNamespace() string { - if m != nil { - return m.Namespace +func (x *MisconfResult) GetNamespace() string { + if x != nil { + return x.Namespace } return "" } -func (m *MisconfResult) GetMessage() string { - if m != nil { - return m.Message +func (x *MisconfResult) GetMessage() string { + if x != nil { + return x.Message } return "" } -func (m *MisconfResult) GetType() string { - if m != nil { - return m.Type +func (x *MisconfResult) GetType() string { + if x != nil { + return x.Type } return "" } -func (m *MisconfResult) GetId() string { - if m != nil { - return m.Id +func (x *MisconfResult) GetId() string { + if x != nil { + return x.Id } return "" } -func (m *MisconfResult) GetTitle() string { - if m != nil { - return m.Title +func (x *MisconfResult) GetTitle() string { + if x != nil { + return x.Title } return "" } -func (m *MisconfResult) GetSeverity() string { - if m != nil { - return m.Severity +func (x *MisconfResult) GetSeverity() string { + if x != nil { + return x.Severity } return "" } type DetectedMisconfiguration struct { - Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` - Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` - Title string `protobuf:"bytes,3,opt,name=title,proto3" json:"title,omitempty"` - Description string `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"` - Message string `protobuf:"bytes,5,opt,name=message,proto3" json:"message,omitempty"` - Namespace string `protobuf:"bytes,6,opt,name=namespace,proto3" json:"namespace,omitempty"` - Resolution string `protobuf:"bytes,7,opt,name=resolution,proto3" json:"resolution,omitempty"` - Severity Severity `protobuf:"varint,8,opt,name=severity,proto3,enum=trivy.common.Severity" json:"severity,omitempty"` - PrimaryUrl string `protobuf:"bytes,9,opt,name=primary_url,json=primaryUrl,proto3" json:"primary_url,omitempty"` - References []string `protobuf:"bytes,10,rep,name=references,proto3" json:"references,omitempty"` - Status string `protobuf:"bytes,11,opt,name=status,proto3" json:"status,omitempty"` - Layer *Layer `protobuf:"bytes,12,opt,name=layer,proto3" json:"layer,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` + Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` + Title string `protobuf:"bytes,3,opt,name=title,proto3" json:"title,omitempty"` + Description string `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"` + Message string `protobuf:"bytes,5,opt,name=message,proto3" json:"message,omitempty"` + Namespace string `protobuf:"bytes,6,opt,name=namespace,proto3" json:"namespace,omitempty"` + Resolution string `protobuf:"bytes,7,opt,name=resolution,proto3" json:"resolution,omitempty"` + Severity Severity `protobuf:"varint,8,opt,name=severity,proto3,enum=trivy.common.Severity" json:"severity,omitempty"` + PrimaryUrl string `protobuf:"bytes,9,opt,name=primary_url,json=primaryUrl,proto3" json:"primary_url,omitempty"` + References []string `protobuf:"bytes,10,rep,name=references,proto3" json:"references,omitempty"` + Status string `protobuf:"bytes,11,opt,name=status,proto3" json:"status,omitempty"` + Layer *Layer `protobuf:"bytes,12,opt,name=layer,proto3" json:"layer,omitempty"` } -func (m *DetectedMisconfiguration) Reset() { *m = DetectedMisconfiguration{} } -func (m *DetectedMisconfiguration) String() string { return proto.CompactTextString(m) } -func (*DetectedMisconfiguration) ProtoMessage() {} +func (x *DetectedMisconfiguration) Reset() { + *x = DetectedMisconfiguration{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_common_service_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DetectedMisconfiguration) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DetectedMisconfiguration) ProtoMessage() {} + +func (x *DetectedMisconfiguration) ProtoReflect() protoreflect.Message { + mi := &file_rpc_common_service_proto_msgTypes[7] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DetectedMisconfiguration.ProtoReflect.Descriptor instead. func (*DetectedMisconfiguration) Descriptor() ([]byte, []int) { - return fileDescriptor_6e749acacaaabfff, []int{7} + return file_rpc_common_service_proto_rawDescGZIP(), []int{7} } -func (m *DetectedMisconfiguration) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_DetectedMisconfiguration.Unmarshal(m, b) -} -func (m *DetectedMisconfiguration) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_DetectedMisconfiguration.Marshal(b, m, deterministic) -} -func (m *DetectedMisconfiguration) XXX_Merge(src proto.Message) { - xxx_messageInfo_DetectedMisconfiguration.Merge(m, src) -} -func (m *DetectedMisconfiguration) XXX_Size() int { - return xxx_messageInfo_DetectedMisconfiguration.Size(m) -} -func (m *DetectedMisconfiguration) XXX_DiscardUnknown() { - xxx_messageInfo_DetectedMisconfiguration.DiscardUnknown(m) -} - -var xxx_messageInfo_DetectedMisconfiguration proto.InternalMessageInfo - -func (m *DetectedMisconfiguration) GetType() string { - if m != nil { - return m.Type +func (x *DetectedMisconfiguration) GetType() string { + if x != nil { + return x.Type } return "" } -func (m *DetectedMisconfiguration) GetId() string { - if m != nil { - return m.Id +func (x *DetectedMisconfiguration) GetId() string { + if x != nil { + return x.Id } return "" } -func (m *DetectedMisconfiguration) GetTitle() string { - if m != nil { - return m.Title +func (x *DetectedMisconfiguration) GetTitle() string { + if x != nil { + return x.Title } return "" } -func (m *DetectedMisconfiguration) GetDescription() string { - if m != nil { - return m.Description +func (x *DetectedMisconfiguration) GetDescription() string { + if x != nil { + return x.Description } return "" } -func (m *DetectedMisconfiguration) GetMessage() string { - if m != nil { - return m.Message +func (x *DetectedMisconfiguration) GetMessage() string { + if x != nil { + return x.Message } return "" } -func (m *DetectedMisconfiguration) GetNamespace() string { - if m != nil { - return m.Namespace +func (x *DetectedMisconfiguration) GetNamespace() string { + if x != nil { + return x.Namespace } return "" } -func (m *DetectedMisconfiguration) GetResolution() string { - if m != nil { - return m.Resolution +func (x *DetectedMisconfiguration) GetResolution() string { + if x != nil { + return x.Resolution } return "" } -func (m *DetectedMisconfiguration) GetSeverity() Severity { - if m != nil { - return m.Severity +func (x *DetectedMisconfiguration) GetSeverity() Severity { + if x != nil { + return x.Severity } return Severity_UNKNOWN } -func (m *DetectedMisconfiguration) GetPrimaryUrl() string { - if m != nil { - return m.PrimaryUrl +func (x *DetectedMisconfiguration) GetPrimaryUrl() string { + if x != nil { + return x.PrimaryUrl } return "" } -func (m *DetectedMisconfiguration) GetReferences() []string { - if m != nil { - return m.References +func (x *DetectedMisconfiguration) GetReferences() []string { + if x != nil { + return x.References } return nil } -func (m *DetectedMisconfiguration) GetStatus() string { - if m != nil { - return m.Status +func (x *DetectedMisconfiguration) GetStatus() string { + if x != nil { + return x.Status } return "" } -func (m *DetectedMisconfiguration) GetLayer() *Layer { - if m != nil { - return m.Layer +func (x *DetectedMisconfiguration) GetLayer() *Layer { + if x != nil { + return x.Layer } return nil } type Vulnerability struct { - VulnerabilityId string `protobuf:"bytes,1,opt,name=vulnerability_id,json=vulnerabilityId,proto3" json:"vulnerability_id,omitempty"` - PkgName string `protobuf:"bytes,2,opt,name=pkg_name,json=pkgName,proto3" json:"pkg_name,omitempty"` - InstalledVersion string `protobuf:"bytes,3,opt,name=installed_version,json=installedVersion,proto3" json:"installed_version,omitempty"` - FixedVersion string `protobuf:"bytes,4,opt,name=fixed_version,json=fixedVersion,proto3" json:"fixed_version,omitempty"` - Title string `protobuf:"bytes,5,opt,name=title,proto3" json:"title,omitempty"` - Description string `protobuf:"bytes,6,opt,name=description,proto3" json:"description,omitempty"` - Severity Severity `protobuf:"varint,7,opt,name=severity,proto3,enum=trivy.common.Severity" json:"severity,omitempty"` - References []string `protobuf:"bytes,8,rep,name=references,proto3" json:"references,omitempty"` - Layer *Layer `protobuf:"bytes,10,opt,name=layer,proto3" json:"layer,omitempty"` - SeveritySource string `protobuf:"bytes,11,opt,name=severity_source,json=severitySource,proto3" json:"severity_source,omitempty"` - Cvss map[string]*CVSS `protobuf:"bytes,12,rep,name=cvss,proto3" json:"cvss,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - CweIds []string `protobuf:"bytes,13,rep,name=cwe_ids,json=cweIds,proto3" json:"cwe_ids,omitempty"` - PrimaryUrl string `protobuf:"bytes,14,opt,name=primary_url,json=primaryUrl,proto3" json:"primary_url,omitempty"` - PublishedDate *timestamppb.Timestamp `protobuf:"bytes,15,opt,name=published_date,json=publishedDate,proto3" json:"published_date,omitempty"` - LastModifiedDate *timestamppb.Timestamp `protobuf:"bytes,16,opt,name=last_modified_date,json=lastModifiedDate,proto3" json:"last_modified_date,omitempty"` - CustomAdvisoryData *structpb.Value `protobuf:"bytes,17,opt,name=custom_advisory_data,json=customAdvisoryData,proto3" json:"custom_advisory_data,omitempty"` - CustomVulnData *structpb.Value `protobuf:"bytes,18,opt,name=custom_vuln_data,json=customVulnData,proto3" json:"custom_vuln_data,omitempty"` - VendorIds []string `protobuf:"bytes,19,rep,name=vendor_ids,json=vendorIds,proto3" json:"vendor_ids,omitempty"` - DataSource *DataSource `protobuf:"bytes,20,opt,name=data_source,json=dataSource,proto3" json:"data_source,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + VulnerabilityId string `protobuf:"bytes,1,opt,name=vulnerability_id,json=vulnerabilityId,proto3" json:"vulnerability_id,omitempty"` + PkgName string `protobuf:"bytes,2,opt,name=pkg_name,json=pkgName,proto3" json:"pkg_name,omitempty"` + InstalledVersion string `protobuf:"bytes,3,opt,name=installed_version,json=installedVersion,proto3" json:"installed_version,omitempty"` + FixedVersion string `protobuf:"bytes,4,opt,name=fixed_version,json=fixedVersion,proto3" json:"fixed_version,omitempty"` + Title string `protobuf:"bytes,5,opt,name=title,proto3" json:"title,omitempty"` + Description string `protobuf:"bytes,6,opt,name=description,proto3" json:"description,omitempty"` + Severity Severity `protobuf:"varint,7,opt,name=severity,proto3,enum=trivy.common.Severity" json:"severity,omitempty"` + References []string `protobuf:"bytes,8,rep,name=references,proto3" json:"references,omitempty"` + Layer *Layer `protobuf:"bytes,10,opt,name=layer,proto3" json:"layer,omitempty"` + SeveritySource string `protobuf:"bytes,11,opt,name=severity_source,json=severitySource,proto3" json:"severity_source,omitempty"` + Cvss map[string]*CVSS `protobuf:"bytes,12,rep,name=cvss,proto3" json:"cvss,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + CweIds []string `protobuf:"bytes,13,rep,name=cwe_ids,json=cweIds,proto3" json:"cwe_ids,omitempty"` + PrimaryUrl string `protobuf:"bytes,14,opt,name=primary_url,json=primaryUrl,proto3" json:"primary_url,omitempty"` + PublishedDate *timestamppb.Timestamp `protobuf:"bytes,15,opt,name=published_date,json=publishedDate,proto3" json:"published_date,omitempty"` + LastModifiedDate *timestamppb.Timestamp `protobuf:"bytes,16,opt,name=last_modified_date,json=lastModifiedDate,proto3" json:"last_modified_date,omitempty"` + CustomAdvisoryData *structpb.Value `protobuf:"bytes,17,opt,name=custom_advisory_data,json=customAdvisoryData,proto3" json:"custom_advisory_data,omitempty"` + CustomVulnData *structpb.Value `protobuf:"bytes,18,opt,name=custom_vuln_data,json=customVulnData,proto3" json:"custom_vuln_data,omitempty"` + VendorIds []string `protobuf:"bytes,19,rep,name=vendor_ids,json=vendorIds,proto3" json:"vendor_ids,omitempty"` + DataSource *DataSource `protobuf:"bytes,20,opt,name=data_source,json=dataSource,proto3" json:"data_source,omitempty"` } -func (m *Vulnerability) Reset() { *m = Vulnerability{} } -func (m *Vulnerability) String() string { return proto.CompactTextString(m) } -func (*Vulnerability) ProtoMessage() {} +func (x *Vulnerability) Reset() { + *x = Vulnerability{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_common_service_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Vulnerability) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Vulnerability) ProtoMessage() {} + +func (x *Vulnerability) ProtoReflect() protoreflect.Message { + mi := &file_rpc_common_service_proto_msgTypes[8] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Vulnerability.ProtoReflect.Descriptor instead. func (*Vulnerability) Descriptor() ([]byte, []int) { - return fileDescriptor_6e749acacaaabfff, []int{8} + return file_rpc_common_service_proto_rawDescGZIP(), []int{8} } -func (m *Vulnerability) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Vulnerability.Unmarshal(m, b) -} -func (m *Vulnerability) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Vulnerability.Marshal(b, m, deterministic) -} -func (m *Vulnerability) XXX_Merge(src proto.Message) { - xxx_messageInfo_Vulnerability.Merge(m, src) -} -func (m *Vulnerability) XXX_Size() int { - return xxx_messageInfo_Vulnerability.Size(m) -} -func (m *Vulnerability) XXX_DiscardUnknown() { - xxx_messageInfo_Vulnerability.DiscardUnknown(m) -} - -var xxx_messageInfo_Vulnerability proto.InternalMessageInfo - -func (m *Vulnerability) GetVulnerabilityId() string { - if m != nil { - return m.VulnerabilityId +func (x *Vulnerability) GetVulnerabilityId() string { + if x != nil { + return x.VulnerabilityId } return "" } -func (m *Vulnerability) GetPkgName() string { - if m != nil { - return m.PkgName +func (x *Vulnerability) GetPkgName() string { + if x != nil { + return x.PkgName } return "" } -func (m *Vulnerability) GetInstalledVersion() string { - if m != nil { - return m.InstalledVersion +func (x *Vulnerability) GetInstalledVersion() string { + if x != nil { + return x.InstalledVersion } return "" } -func (m *Vulnerability) GetFixedVersion() string { - if m != nil { - return m.FixedVersion +func (x *Vulnerability) GetFixedVersion() string { + if x != nil { + return x.FixedVersion } return "" } -func (m *Vulnerability) GetTitle() string { - if m != nil { - return m.Title +func (x *Vulnerability) GetTitle() string { + if x != nil { + return x.Title } return "" } -func (m *Vulnerability) GetDescription() string { - if m != nil { - return m.Description +func (x *Vulnerability) GetDescription() string { + if x != nil { + return x.Description } return "" } -func (m *Vulnerability) GetSeverity() Severity { - if m != nil { - return m.Severity +func (x *Vulnerability) GetSeverity() Severity { + if x != nil { + return x.Severity } return Severity_UNKNOWN } -func (m *Vulnerability) GetReferences() []string { - if m != nil { - return m.References +func (x *Vulnerability) GetReferences() []string { + if x != nil { + return x.References } return nil } -func (m *Vulnerability) GetLayer() *Layer { - if m != nil { - return m.Layer +func (x *Vulnerability) GetLayer() *Layer { + if x != nil { + return x.Layer } return nil } -func (m *Vulnerability) GetSeveritySource() string { - if m != nil { - return m.SeveritySource +func (x *Vulnerability) GetSeveritySource() string { + if x != nil { + return x.SeveritySource } return "" } -func (m *Vulnerability) GetCvss() map[string]*CVSS { - if m != nil { - return m.Cvss +func (x *Vulnerability) GetCvss() map[string]*CVSS { + if x != nil { + return x.Cvss } return nil } -func (m *Vulnerability) GetCweIds() []string { - if m != nil { - return m.CweIds +func (x *Vulnerability) GetCweIds() []string { + if x != nil { + return x.CweIds } return nil } -func (m *Vulnerability) GetPrimaryUrl() string { - if m != nil { - return m.PrimaryUrl +func (x *Vulnerability) GetPrimaryUrl() string { + if x != nil { + return x.PrimaryUrl } return "" } -func (m *Vulnerability) GetPublishedDate() *timestamppb.Timestamp { - if m != nil { - return m.PublishedDate +func (x *Vulnerability) GetPublishedDate() *timestamppb.Timestamp { + if x != nil { + return x.PublishedDate } return nil } -func (m *Vulnerability) GetLastModifiedDate() *timestamppb.Timestamp { - if m != nil { - return m.LastModifiedDate +func (x *Vulnerability) GetLastModifiedDate() *timestamppb.Timestamp { + if x != nil { + return x.LastModifiedDate } return nil } -func (m *Vulnerability) GetCustomAdvisoryData() *structpb.Value { - if m != nil { - return m.CustomAdvisoryData +func (x *Vulnerability) GetCustomAdvisoryData() *structpb.Value { + if x != nil { + return x.CustomAdvisoryData } return nil } -func (m *Vulnerability) GetCustomVulnData() *structpb.Value { - if m != nil { - return m.CustomVulnData +func (x *Vulnerability) GetCustomVulnData() *structpb.Value { + if x != nil { + return x.CustomVulnData } return nil } -func (m *Vulnerability) GetVendorIds() []string { - if m != nil { - return m.VendorIds +func (x *Vulnerability) GetVendorIds() []string { + if x != nil { + return x.VendorIds } return nil } -func (m *Vulnerability) GetDataSource() *DataSource { - if m != nil { - return m.DataSource +func (x *Vulnerability) GetDataSource() *DataSource { + if x != nil { + return x.DataSource } return nil } type DataSource struct { - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - Url string `protobuf:"bytes,2,opt,name=url,proto3" json:"url,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` + Url string `protobuf:"bytes,3,opt,name=url,proto3" json:"url,omitempty"` } -func (m *DataSource) Reset() { *m = DataSource{} } -func (m *DataSource) String() string { return proto.CompactTextString(m) } -func (*DataSource) ProtoMessage() {} +func (x *DataSource) Reset() { + *x = DataSource{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_common_service_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DataSource) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DataSource) ProtoMessage() {} + +func (x *DataSource) ProtoReflect() protoreflect.Message { + mi := &file_rpc_common_service_proto_msgTypes[9] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DataSource.ProtoReflect.Descriptor instead. func (*DataSource) Descriptor() ([]byte, []int) { - return fileDescriptor_6e749acacaaabfff, []int{9} + return file_rpc_common_service_proto_rawDescGZIP(), []int{9} } -func (m *DataSource) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_DataSource.Unmarshal(m, b) -} -func (m *DataSource) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_DataSource.Marshal(b, m, deterministic) -} -func (m *DataSource) XXX_Merge(src proto.Message) { - xxx_messageInfo_DataSource.Merge(m, src) -} -func (m *DataSource) XXX_Size() int { - return xxx_messageInfo_DataSource.Size(m) -} -func (m *DataSource) XXX_DiscardUnknown() { - xxx_messageInfo_DataSource.DiscardUnknown(m) -} - -var xxx_messageInfo_DataSource proto.InternalMessageInfo - -func (m *DataSource) GetName() string { - if m != nil { - return m.Name +func (x *DataSource) GetId() string { + if x != nil { + return x.Id } return "" } -func (m *DataSource) GetUrl() string { - if m != nil { - return m.Url +func (x *DataSource) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *DataSource) GetUrl() string { + if x != nil { + return x.Url } return "" } type Layer struct { - Digest string `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"` - DiffId string `protobuf:"bytes,2,opt,name=diff_id,json=diffId,proto3" json:"diff_id,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Digest string `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"` + DiffId string `protobuf:"bytes,2,opt,name=diff_id,json=diffId,proto3" json:"diff_id,omitempty"` } -func (m *Layer) Reset() { *m = Layer{} } -func (m *Layer) String() string { return proto.CompactTextString(m) } -func (*Layer) ProtoMessage() {} +func (x *Layer) Reset() { + *x = Layer{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_common_service_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Layer) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Layer) ProtoMessage() {} + +func (x *Layer) ProtoReflect() protoreflect.Message { + mi := &file_rpc_common_service_proto_msgTypes[10] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Layer.ProtoReflect.Descriptor instead. func (*Layer) Descriptor() ([]byte, []int) { - return fileDescriptor_6e749acacaaabfff, []int{10} + return file_rpc_common_service_proto_rawDescGZIP(), []int{10} } -func (m *Layer) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Layer.Unmarshal(m, b) -} -func (m *Layer) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Layer.Marshal(b, m, deterministic) -} -func (m *Layer) XXX_Merge(src proto.Message) { - xxx_messageInfo_Layer.Merge(m, src) -} -func (m *Layer) XXX_Size() int { - return xxx_messageInfo_Layer.Size(m) -} -func (m *Layer) XXX_DiscardUnknown() { - xxx_messageInfo_Layer.DiscardUnknown(m) -} - -var xxx_messageInfo_Layer proto.InternalMessageInfo - -func (m *Layer) GetDigest() string { - if m != nil { - return m.Digest +func (x *Layer) GetDigest() string { + if x != nil { + return x.Digest } return "" } -func (m *Layer) GetDiffId() string { - if m != nil { - return m.DiffId +func (x *Layer) GetDiffId() string { + if x != nil { + return x.DiffId } return "" } type CVSS struct { - V2Vector string `protobuf:"bytes,1,opt,name=v2_vector,json=v2Vector,proto3" json:"v2_vector,omitempty"` - V3Vector string `protobuf:"bytes,2,opt,name=v3_vector,json=v3Vector,proto3" json:"v3_vector,omitempty"` - V2Score float64 `protobuf:"fixed64,3,opt,name=v2_score,json=v2Score,proto3" json:"v2_score,omitempty"` - V3Score float64 `protobuf:"fixed64,4,opt,name=v3_score,json=v3Score,proto3" json:"v3_score,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + V2Vector string `protobuf:"bytes,1,opt,name=v2_vector,json=v2Vector,proto3" json:"v2_vector,omitempty"` + V3Vector string `protobuf:"bytes,2,opt,name=v3_vector,json=v3Vector,proto3" json:"v3_vector,omitempty"` + V2Score float64 `protobuf:"fixed64,3,opt,name=v2_score,json=v2Score,proto3" json:"v2_score,omitempty"` + V3Score float64 `protobuf:"fixed64,4,opt,name=v3_score,json=v3Score,proto3" json:"v3_score,omitempty"` } -func (m *CVSS) Reset() { *m = CVSS{} } -func (m *CVSS) String() string { return proto.CompactTextString(m) } -func (*CVSS) ProtoMessage() {} +func (x *CVSS) Reset() { + *x = CVSS{} + if protoimpl.UnsafeEnabled { + mi := &file_rpc_common_service_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CVSS) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CVSS) ProtoMessage() {} + +func (x *CVSS) ProtoReflect() protoreflect.Message { + mi := &file_rpc_common_service_proto_msgTypes[11] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CVSS.ProtoReflect.Descriptor instead. func (*CVSS) Descriptor() ([]byte, []int) { - return fileDescriptor_6e749acacaaabfff, []int{11} + return file_rpc_common_service_proto_rawDescGZIP(), []int{11} } -func (m *CVSS) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_CVSS.Unmarshal(m, b) -} -func (m *CVSS) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_CVSS.Marshal(b, m, deterministic) -} -func (m *CVSS) XXX_Merge(src proto.Message) { - xxx_messageInfo_CVSS.Merge(m, src) -} -func (m *CVSS) XXX_Size() int { - return xxx_messageInfo_CVSS.Size(m) -} -func (m *CVSS) XXX_DiscardUnknown() { - xxx_messageInfo_CVSS.DiscardUnknown(m) -} - -var xxx_messageInfo_CVSS proto.InternalMessageInfo - -func (m *CVSS) GetV2Vector() string { - if m != nil { - return m.V2Vector +func (x *CVSS) GetV2Vector() string { + if x != nil { + return x.V2Vector } return "" } -func (m *CVSS) GetV3Vector() string { - if m != nil { - return m.V3Vector +func (x *CVSS) GetV3Vector() string { + if x != nil { + return x.V3Vector } return "" } -func (m *CVSS) GetV2Score() float64 { - if m != nil { - return m.V2Score +func (x *CVSS) GetV2Score() float64 { + if x != nil { + return x.V2Score } return 0 } -func (m *CVSS) GetV3Score() float64 { - if m != nil { - return m.V3Score +func (x *CVSS) GetV3Score() float64 { + if x != nil { + return x.V3Score } return 0 } -func init() { - proto.RegisterEnum("trivy.common.Severity", Severity_name, Severity_value) - proto.RegisterType((*OS)(nil), "trivy.common.OS") - proto.RegisterType((*PackageInfo)(nil), "trivy.common.PackageInfo") - proto.RegisterType((*Application)(nil), "trivy.common.Application") - proto.RegisterType((*Package)(nil), "trivy.common.Package") - proto.RegisterType((*Library)(nil), "trivy.common.Library") - proto.RegisterType((*Misconfiguration)(nil), "trivy.common.Misconfiguration") - proto.RegisterType((*MisconfResult)(nil), "trivy.common.MisconfResult") - proto.RegisterType((*DetectedMisconfiguration)(nil), "trivy.common.DetectedMisconfiguration") - proto.RegisterType((*Vulnerability)(nil), "trivy.common.Vulnerability") - proto.RegisterMapType((map[string]*CVSS)(nil), "trivy.common.Vulnerability.CvssEntry") - proto.RegisterType((*DataSource)(nil), "trivy.common.DataSource") - proto.RegisterType((*Layer)(nil), "trivy.common.Layer") - proto.RegisterType((*CVSS)(nil), "trivy.common.CVSS") +var File_rpc_common_service_proto protoreflect.FileDescriptor + +var file_rpc_common_service_proto_rawDesc = []byte{ + 0x0a, 0x18, 0x72, 0x70, 0x63, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x73, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0c, 0x74, 0x72, 0x69, 0x76, + 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, + 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, + 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x44, 0x0a, 0x02, 0x4f, 0x53, 0x12, 0x16, 0x0a, + 0x06, 0x66, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x66, + 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x65, 0x6f, 0x73, + 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x65, 0x6f, 0x73, 0x6c, 0x22, 0x5d, 0x0a, + 0x0b, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x1b, 0x0a, 0x09, + 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x08, 0x66, 0x69, 0x6c, 0x65, 0x50, 0x61, 0x74, 0x68, 0x12, 0x31, 0x0a, 0x08, 0x70, 0x61, 0x63, + 0x6b, 0x61, 0x67, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x74, 0x72, + 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x50, 0x61, 0x63, 0x6b, 0x61, + 0x67, 0x65, 0x52, 0x08, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x73, 0x22, 0x73, 0x0a, 0x0b, + 0x41, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x74, + 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, + 0x1b, 0x0a, 0x09, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x08, 0x66, 0x69, 0x6c, 0x65, 0x50, 0x61, 0x74, 0x68, 0x12, 0x33, 0x0a, 0x09, + 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x69, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x15, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, + 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x52, 0x09, 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x69, 0x65, + 0x73, 0x22, 0xba, 0x02, 0x0a, 0x07, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x12, 0x0a, + 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x72, + 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x72, 0x65, + 0x6c, 0x65, 0x61, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x70, 0x6f, 0x63, 0x68, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x65, 0x70, 0x6f, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x61, + 0x72, 0x63, 0x68, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x61, 0x72, 0x63, 0x68, 0x12, + 0x19, 0x0a, 0x08, 0x73, 0x72, 0x63, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x07, 0x73, 0x72, 0x63, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x72, + 0x63, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0a, 0x73, 0x72, 0x63, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1f, 0x0a, 0x0b, 0x73, + 0x72, 0x63, 0x5f, 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0a, 0x73, 0x72, 0x63, 0x52, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x12, 0x1b, 0x0a, 0x09, + 0x73, 0x72, 0x63, 0x5f, 0x65, 0x70, 0x6f, 0x63, 0x68, 0x18, 0x09, 0x20, 0x01, 0x28, 0x05, 0x52, + 0x08, 0x73, 0x72, 0x63, 0x45, 0x70, 0x6f, 0x63, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x6c, 0x69, 0x63, + 0x65, 0x6e, 0x73, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6c, 0x69, 0x63, 0x65, + 0x6e, 0x73, 0x65, 0x12, 0x29, 0x0a, 0x05, 0x6c, 0x61, 0x79, 0x65, 0x72, 0x18, 0x0b, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, + 0x6e, 0x2e, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x52, 0x05, 0x6c, 0x61, 0x79, 0x65, 0x72, 0x22, 0x51, + 0x0a, 0x07, 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, + 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, + 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x6c, 0x69, 0x63, 0x65, 0x6e, + 0x73, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6c, 0x69, 0x63, 0x65, 0x6e, 0x73, + 0x65, 0x22, 0xb6, 0x02, 0x0a, 0x10, 0x4d, 0x69, 0x73, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1b, 0x0a, 0x09, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x74, + 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x66, 0x69, 0x6c, 0x65, 0x54, + 0x79, 0x70, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x74, 0x68, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x66, 0x69, 0x6c, 0x65, 0x50, 0x61, 0x74, 0x68, + 0x12, 0x39, 0x0a, 0x09, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x03, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, + 0x6f, 0x6e, 0x2e, 0x4d, 0x69, 0x73, 0x63, 0x6f, 0x6e, 0x66, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, + 0x52, 0x09, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x37, 0x0a, 0x08, 0x77, + 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, + 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x69, 0x73, + 0x63, 0x6f, 0x6e, 0x66, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x52, 0x08, 0x77, 0x61, 0x72, 0x6e, + 0x69, 0x6e, 0x67, 0x73, 0x12, 0x37, 0x0a, 0x08, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, + 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, + 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x69, 0x73, 0x63, 0x6f, 0x6e, 0x66, 0x52, 0x65, 0x73, + 0x75, 0x6c, 0x74, 0x52, 0x08, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x12, 0x3b, 0x0a, + 0x0a, 0x65, 0x78, 0x63, 0x65, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x1b, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, + 0x2e, 0x4d, 0x69, 0x73, 0x63, 0x6f, 0x6e, 0x66, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x52, 0x0a, + 0x65, 0x78, 0x63, 0x65, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x9d, 0x01, 0x0a, 0x0d, 0x4d, + 0x69, 0x73, 0x63, 0x6f, 0x6e, 0x66, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x1c, 0x0a, 0x09, + 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, + 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73, + 0x73, 0x61, 0x67, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x69, 0x74, 0x6c, + 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x12, 0x1a, + 0x0a, 0x08, 0x73, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x08, 0x73, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x22, 0x86, 0x03, 0x0a, 0x18, 0x44, + 0x65, 0x74, 0x65, 0x63, 0x74, 0x65, 0x64, 0x4d, 0x69, 0x73, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, + 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x74, + 0x69, 0x74, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x69, 0x74, 0x6c, + 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, + 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x1c, 0x0a, + 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x72, + 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0a, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x08, 0x73, + 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x16, 0x2e, + 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x65, 0x76, + 0x65, 0x72, 0x69, 0x74, 0x79, 0x52, 0x08, 0x73, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x12, + 0x1f, 0x0a, 0x0b, 0x70, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x09, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x55, 0x72, 0x6c, + 0x12, 0x1e, 0x0a, 0x0a, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x18, 0x0a, + 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x73, + 0x12, 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x29, 0x0a, 0x05, 0x6c, 0x61, 0x79, 0x65, + 0x72, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, + 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x52, 0x05, 0x6c, 0x61, + 0x79, 0x65, 0x72, 0x22, 0xbc, 0x07, 0x0a, 0x0d, 0x56, 0x75, 0x6c, 0x6e, 0x65, 0x72, 0x61, 0x62, + 0x69, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x29, 0x0a, 0x10, 0x76, 0x75, 0x6c, 0x6e, 0x65, 0x72, 0x61, + 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0f, 0x76, 0x75, 0x6c, 0x6e, 0x65, 0x72, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x49, 0x64, + 0x12, 0x19, 0x0a, 0x08, 0x70, 0x6b, 0x67, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x07, 0x70, 0x6b, 0x67, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2b, 0x0a, 0x11, 0x69, + 0x6e, 0x73, 0x74, 0x61, 0x6c, 0x6c, 0x65, 0x64, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6c, 0x6c, 0x65, + 0x64, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x66, 0x69, 0x78, 0x65, + 0x64, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0c, 0x66, 0x69, 0x78, 0x65, 0x64, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, + 0x05, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x69, + 0x74, 0x6c, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, + 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, + 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x08, 0x73, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, + 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x16, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, + 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x53, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x52, + 0x08, 0x73, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x12, 0x1e, 0x0a, 0x0a, 0x72, 0x65, 0x66, + 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x72, + 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x12, 0x29, 0x0a, 0x05, 0x6c, 0x61, 0x79, + 0x65, 0x72, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, + 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x52, 0x05, 0x6c, + 0x61, 0x79, 0x65, 0x72, 0x12, 0x27, 0x0a, 0x0f, 0x73, 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, + 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x73, + 0x65, 0x76, 0x65, 0x72, 0x69, 0x74, 0x79, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x39, 0x0a, + 0x04, 0x63, 0x76, 0x73, 0x73, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x74, 0x72, + 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x56, 0x75, 0x6c, 0x6e, 0x65, + 0x72, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x2e, 0x43, 0x76, 0x73, 0x73, 0x45, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x04, 0x63, 0x76, 0x73, 0x73, 0x12, 0x17, 0x0a, 0x07, 0x63, 0x77, 0x65, 0x5f, + 0x69, 0x64, 0x73, 0x18, 0x0d, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x63, 0x77, 0x65, 0x49, 0x64, + 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x5f, 0x75, 0x72, 0x6c, + 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x55, + 0x72, 0x6c, 0x12, 0x41, 0x0a, 0x0e, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x64, 0x5f, + 0x64, 0x61, 0x74, 0x65, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, + 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, + 0x64, 0x44, 0x61, 0x74, 0x65, 0x12, 0x48, 0x0a, 0x12, 0x6c, 0x61, 0x73, 0x74, 0x5f, 0x6d, 0x6f, + 0x64, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x64, 0x61, 0x74, 0x65, 0x18, 0x10, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x6c, + 0x61, 0x73, 0x74, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x64, 0x44, 0x61, 0x74, 0x65, 0x12, + 0x48, 0x0a, 0x14, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x5f, 0x61, 0x64, 0x76, 0x69, 0x73, 0x6f, + 0x72, 0x79, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x11, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x41, 0x64, 0x76, + 0x69, 0x73, 0x6f, 0x72, 0x79, 0x44, 0x61, 0x74, 0x61, 0x12, 0x40, 0x0a, 0x10, 0x63, 0x75, 0x73, + 0x74, 0x6f, 0x6d, 0x5f, 0x76, 0x75, 0x6c, 0x6e, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x12, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0e, 0x63, 0x75, 0x73, + 0x74, 0x6f, 0x6d, 0x56, 0x75, 0x6c, 0x6e, 0x44, 0x61, 0x74, 0x61, 0x12, 0x1d, 0x0a, 0x0a, 0x76, + 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x13, 0x20, 0x03, 0x28, 0x09, 0x52, + 0x09, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x49, 0x64, 0x73, 0x12, 0x39, 0x0a, 0x0b, 0x64, 0x61, + 0x74, 0x61, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x18, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x44, + 0x61, 0x74, 0x61, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x0a, 0x64, 0x61, 0x74, 0x61, 0x53, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x1a, 0x4b, 0x0a, 0x09, 0x43, 0x76, 0x73, 0x73, 0x45, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x03, 0x6b, 0x65, 0x79, 0x12, 0x28, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, + 0x6f, 0x6e, 0x2e, 0x43, 0x56, 0x53, 0x53, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, + 0x38, 0x01, 0x22, 0x42, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, + 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, + 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x22, 0x38, 0x0a, 0x05, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x12, + 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x64, 0x69, 0x66, 0x66, 0x5f, + 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x69, 0x66, 0x66, 0x49, 0x64, + 0x22, 0x76, 0x0a, 0x04, 0x43, 0x56, 0x53, 0x53, 0x12, 0x1b, 0x0a, 0x09, 0x76, 0x32, 0x5f, 0x76, + 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x76, 0x32, 0x56, + 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x76, 0x33, 0x5f, 0x76, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x76, 0x33, 0x56, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0x12, 0x19, 0x0a, 0x08, 0x76, 0x32, 0x5f, 0x73, 0x63, 0x6f, 0x72, 0x65, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x01, 0x52, 0x07, 0x76, 0x32, 0x53, 0x63, 0x6f, 0x72, 0x65, 0x12, 0x19, 0x0a, + 0x08, 0x76, 0x33, 0x5f, 0x73, 0x63, 0x6f, 0x72, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x01, 0x52, + 0x07, 0x76, 0x33, 0x53, 0x63, 0x6f, 0x72, 0x65, 0x2a, 0x44, 0x0a, 0x08, 0x53, 0x65, 0x76, 0x65, + 0x72, 0x69, 0x74, 0x79, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, + 0x00, 0x12, 0x07, 0x0a, 0x03, 0x4c, 0x4f, 0x57, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x4d, 0x45, + 0x44, 0x49, 0x55, 0x4d, 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x48, 0x49, 0x47, 0x48, 0x10, 0x03, + 0x12, 0x0c, 0x0a, 0x08, 0x43, 0x52, 0x49, 0x54, 0x49, 0x43, 0x41, 0x4c, 0x10, 0x04, 0x42, 0x31, + 0x5a, 0x2f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x71, 0x75, + 0x61, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2f, 0x74, 0x72, 0x69, 0x76, 0x79, 0x2f, + 0x72, 0x70, 0x63, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x3b, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, + 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } -func init() { proto.RegisterFile("rpc/common/service.proto", fileDescriptor_6e749acacaaabfff) } +var ( + file_rpc_common_service_proto_rawDescOnce sync.Once + file_rpc_common_service_proto_rawDescData = file_rpc_common_service_proto_rawDesc +) -var fileDescriptor_6e749acacaaabfff = []byte{ - // 1253 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x56, 0xdd, 0x6e, 0xdb, 0xb6, - 0x17, 0xff, 0xfb, 0xdb, 0x3a, 0x4e, 0x52, 0x95, 0xed, 0xbf, 0x53, 0xd3, 0x6e, 0x35, 0x3c, 0x0c, - 0x4b, 0x37, 0xc0, 0x46, 0x9d, 0x8b, 0xb5, 0xeb, 0xcd, 0xb2, 0xa4, 0x58, 0x8d, 0x36, 0x69, 0xa7, - 0xb4, 0x29, 0x30, 0x60, 0x10, 0x18, 0x8a, 0x76, 0x88, 0xc8, 0x92, 0x46, 0x52, 0x4a, 0xfd, 0x02, - 0x7b, 0x8b, 0xbd, 0xc6, 0x2e, 0x86, 0x3d, 0xdc, 0xc0, 0x0f, 0xc9, 0x52, 0x12, 0x2c, 0xdd, 0x95, - 0x78, 0x3e, 0xf8, 0x3b, 0x87, 0xbf, 0x73, 0x0e, 0x45, 0xf0, 0x78, 0x4a, 0x26, 0x24, 0x59, 0x2e, - 0x93, 0x78, 0x22, 0x28, 0xcf, 0x19, 0xa1, 0xe3, 0x94, 0x27, 0x32, 0x41, 0x1b, 0x92, 0xb3, 0x7c, - 0x35, 0x36, 0xb6, 0xed, 0x47, 0x8b, 0x24, 0x59, 0x44, 0x74, 0xa2, 0x6d, 0xa7, 0xd9, 0x7c, 0x22, - 0xd9, 0x92, 0x0a, 0x89, 0x97, 0xa9, 0x71, 0xdf, 0x7e, 0x78, 0xd9, 0x41, 0x48, 0x9e, 0x11, 0x69, - 0xac, 0xa3, 0x03, 0x68, 0xbe, 0x39, 0x46, 0xf7, 0xa0, 0x3b, 0xc7, 0x4b, 0x16, 0xad, 0xbc, 0xc6, - 0xb0, 0xb1, 0xe3, 0xf8, 0x56, 0x42, 0x08, 0xda, 0x31, 0x5e, 0x52, 0xaf, 0xa9, 0xb5, 0x7a, 0xad, - 0x74, 0x34, 0x11, 0x91, 0xd7, 0x1a, 0x36, 0x76, 0xfa, 0xbe, 0x5e, 0x8f, 0x7e, 0x85, 0xc1, 0x5b, - 0x4c, 0xce, 0xf1, 0x82, 0xce, 0xe2, 0x79, 0x82, 0x1e, 0x80, 0x33, 0x67, 0x11, 0x0d, 0x52, 0x2c, - 0xcf, 0x2c, 0x62, 0x5f, 0x29, 0xde, 0x62, 0x79, 0x86, 0x9e, 0x40, 0x3f, 0x35, 0xbe, 0xc2, 0x6b, - 0x0e, 0x5b, 0x3b, 0x83, 0xe9, 0xff, 0xc7, 0xd5, 0x13, 0x8d, 0x2d, 0x92, 0x5f, 0xba, 0x8d, 0x04, - 0x0c, 0xf6, 0xd2, 0x34, 0x62, 0x04, 0x4b, 0x96, 0xc4, 0x2a, 0x03, 0xb9, 0x4a, 0xa9, 0x45, 0xd6, - 0xeb, 0x7a, 0xc8, 0xe6, 0xa5, 0x90, 0xbb, 0xe0, 0x44, 0xec, 0x94, 0x63, 0xce, 0xa8, 0xf0, 0x5a, - 0xd7, 0xc5, 0x7c, 0xad, 0xcd, 0x2b, 0x7f, 0xed, 0x37, 0xfa, 0xab, 0x09, 0x3d, 0x9b, 0x4a, 0xc9, - 0x43, 0xa3, 0xc2, 0x83, 0x07, 0xbd, 0x9c, 0x72, 0xc1, 0x92, 0xd8, 0xc6, 0x2b, 0x44, 0x65, 0xe1, - 0x34, 0xa2, 0x58, 0x50, 0x4d, 0x92, 0xe3, 0x17, 0x22, 0xba, 0x0b, 0x1d, 0x9a, 0x26, 0xe4, 0xcc, - 0x6b, 0x0f, 0x1b, 0x3b, 0x1d, 0xdf, 0x08, 0x0a, 0x1d, 0x73, 0x72, 0xe6, 0x75, 0x0c, 0xba, 0x5a, - 0xa3, 0xfb, 0xd0, 0x17, 0x9c, 0x04, 0x3a, 0x6a, 0xd7, 0x80, 0x08, 0x4e, 0x8e, 0x54, 0xe0, 0x47, - 0x30, 0x50, 0xa6, 0x22, 0x78, 0x4f, 0x5b, 0x41, 0x70, 0x72, 0x62, 0xe3, 0x5b, 0x87, 0x22, 0x87, - 0x7e, 0xe9, 0xe0, 0xdb, 0x34, 0x1e, 0x80, 0xa3, 0x1c, 0x4c, 0x2a, 0x8e, 0x4e, 0x45, 0x45, 0x7b, - 0xa1, 0xb3, 0xf1, 0xa0, 0x17, 0x31, 0x42, 0x63, 0x41, 0x3d, 0x30, 0x81, 0xad, 0x88, 0x1e, 0x43, - 0x27, 0xc2, 0x2b, 0xca, 0xbd, 0xc1, 0xb0, 0xb1, 0x33, 0x98, 0xde, 0xb9, 0x44, 0xa1, 0x32, 0xf9, - 0xc6, 0x63, 0xf4, 0x33, 0xf4, 0x2c, 0xa5, 0xff, 0x9d, 0xbb, 0x22, 0x7a, 0xab, 0x16, 0x7d, 0xf4, - 0x67, 0x13, 0xdc, 0x43, 0x26, 0x48, 0x12, 0xcf, 0xd9, 0x22, 0xe3, 0xa6, 0x15, 0x8a, 0xb2, 0x57, - 0xfa, 0x41, 0x97, 0xfd, 0xdd, 0x8d, 0x3d, 0xf1, 0x0c, 0x1c, 0x91, 0x11, 0x42, 0x85, 0x28, 0x7b, - 0xe2, 0x41, 0xfd, 0x40, 0x36, 0x98, 0x4f, 0x45, 0x16, 0x49, 0x7f, 0xed, 0x8d, 0xbe, 0x83, 0xfe, - 0x05, 0xe6, 0x31, 0x8b, 0x17, 0xc2, 0x6b, 0xdf, 0xbc, 0xb3, 0x74, 0x56, 0x1b, 0xe7, 0x98, 0x45, - 0x19, 0xa7, 0xc2, 0xeb, 0x7c, 0xc2, 0xc6, 0xc2, 0x19, 0x3d, 0x07, 0xa0, 0x1f, 0x09, 0x4d, 0xd5, - 0x99, 0x85, 0xd7, 0xbd, 0x79, 0x6b, 0xc5, 0x7d, 0xf4, 0x47, 0x03, 0x36, 0x6b, 0x56, 0xf4, 0x10, - 0x1c, 0x55, 0x06, 0x91, 0x62, 0x52, 0xb0, 0xb6, 0x56, 0xa8, 0x12, 0x2c, 0xa9, 0x10, 0x78, 0x51, - 0xcc, 0x7d, 0x21, 0x96, 0x83, 0xd7, 0xaa, 0x0c, 0xde, 0x16, 0x34, 0x59, 0xa8, 0xfb, 0xd9, 0xf1, - 0x9b, 0x2c, 0x54, 0x2d, 0x2e, 0x99, 0x8c, 0xa8, 0xed, 0x66, 0x23, 0xa0, 0x6d, 0xe8, 0x0b, 0x9a, - 0x53, 0xce, 0xe4, 0xca, 0xb6, 0x73, 0x29, 0x8f, 0x7e, 0x6f, 0x81, 0x77, 0x40, 0x25, 0x25, 0x92, - 0x86, 0x57, 0x0a, 0x7c, 0xdd, 0xac, 0x9b, 0x90, 0xcd, 0xab, 0x21, 0x5b, 0xd5, 0x90, 0x43, 0x18, - 0x84, 0x54, 0x10, 0xce, 0x34, 0x0d, 0x36, 0xc3, 0xaa, 0xaa, 0x7a, 0xd0, 0x4e, 0xfd, 0xa0, 0x35, - 0x82, 0xba, 0x97, 0x09, 0xfa, 0x02, 0x80, 0x53, 0x91, 0x44, 0x99, 0xac, 0xcc, 0xdf, 0x5a, 0x83, - 0xa6, 0x95, 0xc3, 0xaa, 0xe1, 0xdb, 0x9a, 0xde, 0xab, 0xd7, 0xea, 0xd8, 0x5a, 0xd7, 0x24, 0xa8, - 0x99, 0x4d, 0x39, 0x5b, 0x62, 0xbe, 0x0a, 0x32, 0x1e, 0xe9, 0xa1, 0x74, 0x7c, 0xb0, 0xaa, 0xf7, - 0x3c, 0x32, 0x41, 0xe7, 0x94, 0xd3, 0x98, 0x50, 0xe1, 0xc1, 0xb0, 0x65, 0x82, 0x16, 0x1a, 0x75, - 0x85, 0x0b, 0x89, 0x65, 0x26, 0xf4, 0x74, 0x3a, 0xbe, 0x95, 0xd6, 0x43, 0xbb, 0x71, 0xe3, 0xd0, - 0xfe, 0xdd, 0x83, 0xcd, 0x93, 0x2c, 0x8a, 0x29, 0xc7, 0xa7, 0x2c, 0x52, 0x59, 0x3d, 0x06, 0x37, - 0xaf, 0x2a, 0x02, 0x16, 0xda, 0x4a, 0xdc, 0xaa, 0xe9, 0x67, 0xa1, 0xba, 0xb0, 0xd2, 0xf3, 0x45, - 0x50, 0xf9, 0x5d, 0xf4, 0xd2, 0xf3, 0x85, 0xbe, 0xb0, 0xbe, 0x85, 0xdb, 0x2c, 0x16, 0x12, 0x47, - 0x11, 0x0d, 0xcb, 0x6b, 0xcb, 0xd4, 0xca, 0x2d, 0x0d, 0xc5, 0xe5, 0xf5, 0x25, 0x6c, 0xce, 0xd9, - 0xc7, 0x8a, 0xa3, 0x29, 0xdc, 0x86, 0x56, 0x16, 0x4e, 0xd7, 0x37, 0xd9, 0xa5, 0x8a, 0x77, 0xaf, - 0x56, 0xbc, 0x5a, 0x99, 0xde, 0x27, 0x56, 0xa6, 0x4e, 0x7c, 0xff, 0x0a, 0xf1, 0x25, 0xc1, 0x70, - 0x13, 0xc1, 0xe8, 0x6b, 0xb8, 0x55, 0xc0, 0x06, 0x22, 0xc9, 0x38, 0xa1, 0xb6, 0x58, 0x5b, 0x85, - 0xfa, 0x58, 0x6b, 0xd1, 0x33, 0x68, 0x93, 0x5c, 0x08, 0x6f, 0x43, 0x4f, 0xfa, 0x57, 0x75, 0xc8, - 0x5a, 0x89, 0xc6, 0xfb, 0xb9, 0x10, 0x2f, 0x62, 0xc9, 0x57, 0xbe, 0xde, 0x82, 0x3e, 0x83, 0x1e, - 0xb9, 0xa0, 0x01, 0x0b, 0x85, 0xb7, 0xa9, 0x73, 0xed, 0x92, 0x0b, 0x3a, 0x0b, 0xc5, 0xe5, 0x0e, - 0xdb, 0xba, 0xd2, 0x61, 0x7b, 0xb0, 0x95, 0x66, 0xa7, 0x11, 0x13, 0x67, 0x34, 0x0c, 0x42, 0x2c, - 0xa9, 0x77, 0x4b, 0x9f, 0x68, 0x7b, 0x6c, 0x5e, 0x10, 0xe3, 0xe2, 0x05, 0x31, 0x7e, 0x57, 0x3c, - 0x31, 0xfc, 0xcd, 0x72, 0xc7, 0x01, 0x96, 0x14, 0xbd, 0x04, 0x14, 0x61, 0x21, 0x83, 0x65, 0x12, - 0xb2, 0x39, 0x2b, 0x60, 0xdc, 0x1b, 0x61, 0x5c, 0xb5, 0xeb, 0xd0, 0x6e, 0xb2, 0x48, 0x77, 0x49, - 0x26, 0x64, 0xb2, 0x0c, 0x70, 0x98, 0x33, 0x91, 0xf0, 0x95, 0xc2, 0xc2, 0xde, 0x6d, 0x8d, 0x75, - 0xef, 0x0a, 0xd6, 0x09, 0x8e, 0x32, 0xea, 0x23, 0xb3, 0x67, 0xcf, 0x6e, 0x39, 0xc0, 0x12, 0xa3, - 0x1f, 0xc0, 0xb5, 0x48, 0xaa, 0x65, 0x0d, 0x0a, 0xfa, 0x57, 0x94, 0x2d, 0xe3, 0xaf, 0x78, 0xd6, - 0x08, 0x9f, 0x03, 0xe4, 0x34, 0x0e, 0x13, 0xae, 0x59, 0xbd, 0xa3, 0x59, 0x75, 0x8c, 0x46, 0x11, - 0xfb, 0x0c, 0x06, 0x0a, 0xb4, 0xa8, 0xe8, 0x5d, 0x8d, 0xed, 0xd5, 0x6b, 0xa6, 0x70, 0x4c, 0x6d, - 0x7d, 0x08, 0xcb, 0xf5, 0xf6, 0x2b, 0x70, 0xca, 0xfa, 0x21, 0x17, 0x5a, 0xe7, 0xb4, 0x78, 0x81, - 0xa9, 0x25, 0xda, 0x81, 0x4e, 0xae, 0x32, 0xd2, 0x03, 0x35, 0x98, 0xa2, 0x3a, 0xe6, 0xfe, 0xc9, - 0xf1, 0xb1, 0x6f, 0x1c, 0xbe, 0x6f, 0x3e, 0x6d, 0x8c, 0xa6, 0x00, 0xeb, 0x30, 0xd7, 0xfe, 0x76, - 0x5d, 0x68, 0xa9, 0xd2, 0x9b, 0xf1, 0x54, 0xcb, 0xd1, 0x53, 0xe8, 0xe8, 0x0e, 0x55, 0xd7, 0x47, - 0xc8, 0x16, 0x54, 0xc8, 0xe2, 0x05, 0x68, 0x24, 0xd5, 0x4e, 0x21, 0x9b, 0xcf, 0x83, 0xf2, 0xc2, - 0xed, 0x2a, 0x71, 0x16, 0x8e, 0x72, 0x68, 0xab, 0x04, 0xd4, 0x4f, 0x36, 0x9f, 0x06, 0x39, 0x25, - 0x32, 0xe1, 0xc5, 0x1f, 0x38, 0x9f, 0x9e, 0x68, 0x59, 0x1b, 0x77, 0x0b, 0xa3, 0xfd, 0x03, 0xe7, - 0xbb, 0xd6, 0x78, 0x1f, 0xfa, 0xf9, 0x34, 0x10, 0x24, 0xe1, 0xe6, 0xe6, 0x6e, 0xf8, 0xbd, 0x7c, - 0x7a, 0xac, 0x44, 0x6d, 0xda, 0xb5, 0xa6, 0xb6, 0x35, 0xed, 0x6a, 0xd3, 0x37, 0x07, 0xd0, 0x2f, - 0x86, 0x14, 0x0d, 0xa0, 0xf7, 0xfe, 0xe8, 0xd5, 0xd1, 0x9b, 0x0f, 0x47, 0xee, 0xff, 0x50, 0x0f, - 0x5a, 0xaf, 0xdf, 0x7c, 0x70, 0x1b, 0x08, 0xa0, 0x7b, 0xf8, 0xe2, 0x60, 0xf6, 0xfe, 0xd0, 0x6d, - 0xa2, 0x3e, 0xb4, 0x5f, 0xce, 0x7e, 0x7a, 0xe9, 0xb6, 0xd0, 0x06, 0xf4, 0xf7, 0xfd, 0xd9, 0xbb, - 0xd9, 0xfe, 0xde, 0x6b, 0xb7, 0xfd, 0xe3, 0x93, 0x5f, 0x26, 0x0b, 0x26, 0xcf, 0xb2, 0x53, 0x45, - 0xe6, 0x04, 0xff, 0x96, 0x61, 0x41, 0x49, 0xa6, 0x40, 0x27, 0x9a, 0xe3, 0xc9, 0xfa, 0xf5, 0xfd, - 0xdc, 0x7c, 0x4e, 0xbb, 0xba, 0x4b, 0x76, 0xff, 0x09, 0x00, 0x00, 0xff, 0xff, 0x3c, 0x8e, 0x21, - 0xdb, 0x99, 0x0b, 0x00, 0x00, +func file_rpc_common_service_proto_rawDescGZIP() []byte { + file_rpc_common_service_proto_rawDescOnce.Do(func() { + file_rpc_common_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_rpc_common_service_proto_rawDescData) + }) + return file_rpc_common_service_proto_rawDescData +} + +var file_rpc_common_service_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_rpc_common_service_proto_msgTypes = make([]protoimpl.MessageInfo, 13) +var file_rpc_common_service_proto_goTypes = []interface{}{ + (Severity)(0), // 0: trivy.common.Severity + (*OS)(nil), // 1: trivy.common.OS + (*PackageInfo)(nil), // 2: trivy.common.PackageInfo + (*Application)(nil), // 3: trivy.common.Application + (*Package)(nil), // 4: trivy.common.Package + (*Library)(nil), // 5: trivy.common.Library + (*Misconfiguration)(nil), // 6: trivy.common.Misconfiguration + (*MisconfResult)(nil), // 7: trivy.common.MisconfResult + (*DetectedMisconfiguration)(nil), // 8: trivy.common.DetectedMisconfiguration + (*Vulnerability)(nil), // 9: trivy.common.Vulnerability + (*DataSource)(nil), // 10: trivy.common.DataSource + (*Layer)(nil), // 11: trivy.common.Layer + (*CVSS)(nil), // 12: trivy.common.CVSS + nil, // 13: trivy.common.Vulnerability.CvssEntry + (*timestamppb.Timestamp)(nil), // 14: google.protobuf.Timestamp + (*structpb.Value)(nil), // 15: google.protobuf.Value +} +var file_rpc_common_service_proto_depIdxs = []int32{ + 4, // 0: trivy.common.PackageInfo.packages:type_name -> trivy.common.Package + 5, // 1: trivy.common.Application.libraries:type_name -> trivy.common.Library + 11, // 2: trivy.common.Package.layer:type_name -> trivy.common.Layer + 7, // 3: trivy.common.Misconfiguration.successes:type_name -> trivy.common.MisconfResult + 7, // 4: trivy.common.Misconfiguration.warnings:type_name -> trivy.common.MisconfResult + 7, // 5: trivy.common.Misconfiguration.failures:type_name -> trivy.common.MisconfResult + 7, // 6: trivy.common.Misconfiguration.exceptions:type_name -> trivy.common.MisconfResult + 0, // 7: trivy.common.DetectedMisconfiguration.severity:type_name -> trivy.common.Severity + 11, // 8: trivy.common.DetectedMisconfiguration.layer:type_name -> trivy.common.Layer + 0, // 9: trivy.common.Vulnerability.severity:type_name -> trivy.common.Severity + 11, // 10: trivy.common.Vulnerability.layer:type_name -> trivy.common.Layer + 13, // 11: trivy.common.Vulnerability.cvss:type_name -> trivy.common.Vulnerability.CvssEntry + 14, // 12: trivy.common.Vulnerability.published_date:type_name -> google.protobuf.Timestamp + 14, // 13: trivy.common.Vulnerability.last_modified_date:type_name -> google.protobuf.Timestamp + 15, // 14: trivy.common.Vulnerability.custom_advisory_data:type_name -> google.protobuf.Value + 15, // 15: trivy.common.Vulnerability.custom_vuln_data:type_name -> google.protobuf.Value + 10, // 16: trivy.common.Vulnerability.data_source:type_name -> trivy.common.DataSource + 12, // 17: trivy.common.Vulnerability.CvssEntry.value:type_name -> trivy.common.CVSS + 18, // [18:18] is the sub-list for method output_type + 18, // [18:18] is the sub-list for method input_type + 18, // [18:18] is the sub-list for extension type_name + 18, // [18:18] is the sub-list for extension extendee + 0, // [0:18] is the sub-list for field type_name +} + +func init() { file_rpc_common_service_proto_init() } +func file_rpc_common_service_proto_init() { + if File_rpc_common_service_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_rpc_common_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*OS); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_common_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PackageInfo); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_common_service_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Application); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_common_service_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Package); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_common_service_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Library); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_common_service_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Misconfiguration); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_common_service_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MisconfResult); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_common_service_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DetectedMisconfiguration); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_common_service_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Vulnerability); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_common_service_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DataSource); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_common_service_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Layer); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_rpc_common_service_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CVSS); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_rpc_common_service_proto_rawDesc, + NumEnums: 1, + NumMessages: 13, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_rpc_common_service_proto_goTypes, + DependencyIndexes: file_rpc_common_service_proto_depIdxs, + EnumInfos: file_rpc_common_service_proto_enumTypes, + MessageInfos: file_rpc_common_service_proto_msgTypes, + }.Build() + File_rpc_common_service_proto = out.File + file_rpc_common_service_proto_rawDesc = nil + file_rpc_common_service_proto_goTypes = nil + file_rpc_common_service_proto_depIdxs = nil } diff --git a/rpc/common/service.proto b/rpc/common/service.proto index 192392b643..952b0b7e1e 100644 --- a/rpc/common/service.proto +++ b/rpc/common/service.proto @@ -104,8 +104,9 @@ message Vulnerability { } message DataSource { - string name = 1; - string url = 2; + string id = 1; + string name = 2; + string url = 3; } message Layer { diff --git a/rpc/scanner/service.pb.go b/rpc/scanner/service.pb.go index 053cbe05d7..a2ffa65175 100644 --- a/rpc/scanner/service.pb.go +++ b/rpc/scanner/service.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.27.1 -// protoc v3.19.1 +// protoc v3.19.4 // source: rpc/scanner/service.proto package scanner
alpine