gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-23 07:29:00 -08:00
Code Issues Packages Projects Releases Wiki Activity

feat(nodejs): support package.json (#1225)

Browse Source 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
This commit is contained in:
Ankush K
2021-09-15 16:53:35 +05:30
committed by GitHub
parent 31c45ffc52
commit 8edcc62a8d
7 changed files with 17 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docs/vulnerability/detection/language.md
View File

@@ -12,8 +12,9 @@
| | egg package[^1] | ✅ | ✅ | - | excluded | | | egg package[^1] | ✅ | ✅ | - | excluded |
| | wheel package[^2] | ✅ | ✅ | - | excluded | | | wheel package[^2] | ✅ | ✅ | - | excluded |
| PHP | composer.lock | ✅ | ✅ | ✅ | excluded | | PHP | composer.lock | ✅ | ✅ | ✅ | excluded |
| Node.js | package-lock.json | | ✅ | ✅ | excluded | | Node.js | package-lock.json | - | ✅ | ✅ | excluded |
| | yarn.lock | | ✅ | ✅ | ncluded | | | yarn.lock | - | ✅ | ✅ | included |
| | package.json | ✅ | ✅ | - | excluded |
| .NET | packages.lock.json | ✅ | ✅ | ✅ | included | | .NET | packages.lock.json | ✅ | ✅ | ✅ | included |
| Java | JAR/WAR/EAR[^3][^4] | ✅ | ✅ | ✅ | included | | Java | JAR/WAR/EAR[^3][^4] | ✅ | ✅ | ✅ | included |
| Go | Binaries built by Go[^5] | ✅ | ✅ | - | excluded | | Go | Binaries built by Go[^5] | ✅ | ✅ | - | excluded |

2
go.mod
View File

@@ -7,7 +7,7 @@ require (
github.com/Masterminds/sprig v2.22.0+incompatible github.com/Masterminds/sprig v2.22.0+incompatible
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
github.com/aquasecurity/fanal v0.0.0-20210914172041-6ec4fbcfc2e3 github.com/aquasecurity/fanal v0.0.0-20210915104214-95382456f047
github.com/aquasecurity/go-dep-parser v0.0.0-20210905090655-b95c2c079bbb github.com/aquasecurity/go-dep-parser v0.0.0-20210905090655-b95c2c079bbb
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798

4
go.sum
View File

@@ -201,8 +201,8 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6
github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30xLN2sUZcMXl50hg+PJCIDdJgIvIbVcKqLJ/ZrtM= github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30xLN2sUZcMXl50hg+PJCIDdJgIvIbVcKqLJ/ZrtM=
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8= github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8=
github.com/aquasecurity/fanal v0.0.0-20210914172041-6ec4fbcfc2e3 h1:ELXkeEQ6d+olRfCig23i3MJWBu/IFLj8StYH8Iqk9aQ= github.com/aquasecurity/fanal v0.0.0-20210915104214-95382456f047 h1:SmwcaPrdCxxQLlzhVwhZNOs7H4IIICpzEk/3oKwpGts=
github.com/aquasecurity/fanal v0.0.0-20210914172041-6ec4fbcfc2e3/go.mod h1:pkPj0NkblwiXdg7Q5RnNlekcJ935StxImiLsU3tCvno= github.com/aquasecurity/fanal v0.0.0-20210915104214-95382456f047/go.mod h1:pkPj0NkblwiXdg7Q5RnNlekcJ935StxImiLsU3tCvno=
github.com/aquasecurity/go-dep-parser v0.0.0-20210905090655-b95c2c079bbb h1:RYx2+0fUc/3nR4SywvLAs+Sm3dtLhpBw2IeBE8+w1Po= github.com/aquasecurity/go-dep-parser v0.0.0-20210905090655-b95c2c079bbb h1:RYx2+0fUc/3nR4SywvLAs+Sm3dtLhpBw2IeBE8+w1Po=
github.com/aquasecurity/go-dep-parser v0.0.0-20210905090655-b95c2c079bbb/go.mod h1:Zc7Eo6tFl9l4XcqsWeabD7jHnXRBK/LdgZuu9GTSVLU= github.com/aquasecurity/go-dep-parser v0.0.0-20210905090655-b95c2c079bbb/go.mod h1:Zc7Eo6tFl9l4XcqsWeabD7jHnXRBK/LdgZuu9GTSVLU=
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM= github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=

2
pkg/detector/library/driver.go
View File

@@ -31,7 +31,7 @@ func NewDriver(libType string) (Driver, error) {
driver = newCargoDriver() driver = newCargoDriver()
case ftypes.Composer: case ftypes.Composer:
driver = newComposerDriver() driver = newComposerDriver()
case ftypes.Npm, ftypes.Yarn: case ftypes.Npm, ftypes.Yarn, ftypes.NodePkg:
driver = newNpmDriver() driver = newNpmDriver()
case ftypes.Pipenv, ftypes.Poetry, ftypes.Pip, ftypes.PythonPkg: case ftypes.Pipenv, ftypes.Poetry, ftypes.Pip, ftypes.PythonPkg:
driver = newPipDriver() driver = newPipDriver()

4
pkg/detector/ospkg/redhat/redhat_test.go
View File

@@ -1,6 +1,7 @@
package redhat_test package redhat_test
import ( import (
"sort"
"testing" "testing"
"time" "time"
@@ -205,6 +206,9 @@ func TestScanner_Detect(t *testing.T) {
assert.Contains(t, err.Error(), tt.wantErr) assert.Contains(t, err.Error(), tt.wantErr)
return return
} }
sort.Slice(got, func(i, j int) bool {
return got[i].VulnerabilityID < got[j].VulnerabilityID
})
assert.NoError(t, err) assert.NoError(t, err)
assert.Equal(t, tt.want, got) assert.Equal(t, tt.want, got)
}) })

4
pkg/detector/ospkg/ubuntu/ubuntu_test.go
View File

@@ -1,6 +1,7 @@
package ubuntu_test package ubuntu_test
import ( import (
"sort"
"testing" "testing"
"time" "time"
@@ -94,6 +95,9 @@ func TestScanner_Detect(t *testing.T) {
assert.Contains(t, err.Error(), tt.wantErr) assert.Contains(t, err.Error(), tt.wantErr)
return return
} }
sort.Slice(got, func(i, j int) bool {
return got[i].VulnerabilityID < got[j].VulnerabilityID
})
assert.NoError(t, err) assert.NoError(t, err)
assert.Equal(t, tt.want, got) assert.Equal(t, tt.want, got)
}) })

1
pkg/scanner/local/scan.go
View File

@@ -30,6 +30,7 @@ var (
pkgTargets = map[string]string{ pkgTargets = map[string]string{
ftypes.PythonPkg: "Python", ftypes.PythonPkg: "Python",
ftypes.GemSpec: "Ruby", ftypes.GemSpec: "Ruby",
ftypes.NodePkg: "Node.js",
} }
) )