diff --git a/docs/vulnerability/detection/language.md b/docs/vulnerability/detection/language.md index 53041cbde8..ea57c0dd17 100644 --- a/docs/vulnerability/detection/language.md +++ b/docs/vulnerability/detection/language.md @@ -6,14 +6,15 @@ |---------|-------------------------|:---------:|:--------------:|:---------------:|-----------------| | Ruby | Gemfile.lock | - | ✅ | ✅ | included | | | gemspec | ✅ | ✅ | - | included | -| Python | Pipfile.lock | - | ✅ | ✅ |excluded | +| Python | Pipfile.lock | - | ✅ | ✅ | excluded | | | poetry.lock | - | ✅ | ✅ | included | | | requirements.txt | - | ✅ | ✅ | included | | | egg package[^1] | ✅ | ✅ | - | excluded | | | wheel package[^2] | ✅ | ✅ | - | excluded | | PHP | composer.lock | ✅ | ✅ | ✅ | excluded | -| Node.js | package-lock.json | ✅ | ✅ | ✅ | excluded | -| | yarn.lock | ✅ | ✅ | ✅ | ncluded | +| Node.js | package-lock.json | - | ✅ | ✅ | excluded | +| | yarn.lock | - | ✅ | ✅ | included | +| | package.json | ✅ | ✅ | - | excluded | | .NET | packages.lock.json | ✅ | ✅ | ✅ | included | | Java | JAR/WAR/EAR[^3][^4] | ✅ | ✅ | ✅ | included | | Go | Binaries built by Go[^5] | ✅ | ✅ | - | excluded | diff --git a/go.mod b/go.mod index 833f2d4e2a..3c2b4b5b72 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/Masterminds/sprig v2.22.0+incompatible github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 - github.com/aquasecurity/fanal v0.0.0-20210914172041-6ec4fbcfc2e3 + github.com/aquasecurity/fanal v0.0.0-20210915104214-95382456f047 github.com/aquasecurity/go-dep-parser v0.0.0-20210905090655-b95c2c079bbb github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 diff --git a/go.sum b/go.sum index 3d28b1e32b..302628ac44 100644 --- a/go.sum +++ b/go.sum @@ -201,8 +201,8 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30xLN2sUZcMXl50hg+PJCIDdJgIvIbVcKqLJ/ZrtM= github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8= -github.com/aquasecurity/fanal v0.0.0-20210914172041-6ec4fbcfc2e3 h1:ELXkeEQ6d+olRfCig23i3MJWBu/IFLj8StYH8Iqk9aQ= -github.com/aquasecurity/fanal v0.0.0-20210914172041-6ec4fbcfc2e3/go.mod h1:pkPj0NkblwiXdg7Q5RnNlekcJ935StxImiLsU3tCvno= +github.com/aquasecurity/fanal v0.0.0-20210915104214-95382456f047 h1:SmwcaPrdCxxQLlzhVwhZNOs7H4IIICpzEk/3oKwpGts= +github.com/aquasecurity/fanal v0.0.0-20210915104214-95382456f047/go.mod h1:pkPj0NkblwiXdg7Q5RnNlekcJ935StxImiLsU3tCvno= github.com/aquasecurity/go-dep-parser v0.0.0-20210905090655-b95c2c079bbb h1:RYx2+0fUc/3nR4SywvLAs+Sm3dtLhpBw2IeBE8+w1Po= github.com/aquasecurity/go-dep-parser v0.0.0-20210905090655-b95c2c079bbb/go.mod h1:Zc7Eo6tFl9l4XcqsWeabD7jHnXRBK/LdgZuu9GTSVLU= github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM= diff --git a/pkg/detector/library/driver.go b/pkg/detector/library/driver.go index ddb4ae6471..de512b616e 100644 --- a/pkg/detector/library/driver.go +++ b/pkg/detector/library/driver.go @@ -31,7 +31,7 @@ func NewDriver(libType string) (Driver, error) { driver = newCargoDriver() case ftypes.Composer: driver = newComposerDriver() - case ftypes.Npm, ftypes.Yarn: + case ftypes.Npm, ftypes.Yarn, ftypes.NodePkg: driver = newNpmDriver() case ftypes.Pipenv, ftypes.Poetry, ftypes.Pip, ftypes.PythonPkg: driver = newPipDriver() diff --git a/pkg/detector/ospkg/redhat/redhat_test.go b/pkg/detector/ospkg/redhat/redhat_test.go index a01fb17ca9..45cee25c7f 100644 --- a/pkg/detector/ospkg/redhat/redhat_test.go +++ b/pkg/detector/ospkg/redhat/redhat_test.go @@ -1,6 +1,7 @@ package redhat_test import ( + "sort" "testing" "time" @@ -205,6 +206,9 @@ func TestScanner_Detect(t *testing.T) { assert.Contains(t, err.Error(), tt.wantErr) return } + sort.Slice(got, func(i, j int) bool { + return got[i].VulnerabilityID < got[j].VulnerabilityID + }) assert.NoError(t, err) assert.Equal(t, tt.want, got) }) diff --git a/pkg/detector/ospkg/ubuntu/ubuntu_test.go b/pkg/detector/ospkg/ubuntu/ubuntu_test.go index 7454e18422..a63acf989c 100644 --- a/pkg/detector/ospkg/ubuntu/ubuntu_test.go +++ b/pkg/detector/ospkg/ubuntu/ubuntu_test.go @@ -1,6 +1,7 @@ package ubuntu_test import ( + "sort" "testing" "time" @@ -94,6 +95,9 @@ func TestScanner_Detect(t *testing.T) { assert.Contains(t, err.Error(), tt.wantErr) return } + sort.Slice(got, func(i, j int) bool { + return got[i].VulnerabilityID < got[j].VulnerabilityID + }) assert.NoError(t, err) assert.Equal(t, tt.want, got) }) diff --git a/pkg/scanner/local/scan.go b/pkg/scanner/local/scan.go index c43c20fa5b..4d24a45125 100644 --- a/pkg/scanner/local/scan.go +++ b/pkg/scanner/local/scan.go @@ -30,6 +30,7 @@ var ( pkgTargets = map[string]string{ ftypes.PythonPkg: "Python", ftypes.GemSpec: "Ruby", + ftypes.NodePkg: "Node.js", } )