mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-21 23:00:42 -08:00
fix(python): correct handling pip package names with a hyphen (#1771)
This commit is contained in:
afdesk
4
go.mod
4
go.mod
@@ -9,8 +9,8 @@ require (
|
|||||||
github.com/Microsoft/hcsshim v0.9.2 // indirect
|
github.com/Microsoft/hcsshim v0.9.2 // indirect
|
||||||
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46
|
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46
|
||||||
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
|
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
|
||||||
github.com/aquasecurity/fanal v0.0.0-20220221141823-58a5d668e45f
|
github.com/aquasecurity/fanal v0.0.0-20220225095822-ef150f781751
|
||||||
github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff
|
github.com/aquasecurity/go-dep-parser v0.0.0-20220224134419-e4f58c60089e
|
||||||
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
|
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
|
||||||
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
|
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
|
||||||
github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46
|
github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46
|
||||||
|
|||||||
9
go.sum
9
go.sum
@@ -248,10 +248,10 @@ github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30
|
|||||||
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8=
|
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8=
|
||||||
github.com/aquasecurity/defsec v0.12.1 h1:QZI94PCiprRiX0775tO05R4uREVOI5s2g3K6q0hZnoI=
|
github.com/aquasecurity/defsec v0.12.1 h1:QZI94PCiprRiX0775tO05R4uREVOI5s2g3K6q0hZnoI=
|
||||||
github.com/aquasecurity/defsec v0.12.1/go.mod h1:ePT+j44TFfUwgIZ6yx5FPHgYk2aTXAqsMf/WnE78ujg=
|
github.com/aquasecurity/defsec v0.12.1/go.mod h1:ePT+j44TFfUwgIZ6yx5FPHgYk2aTXAqsMf/WnE78ujg=
|
||||||
github.com/aquasecurity/fanal v0.0.0-20220221141823-58a5d668e45f h1:yIGImJ9ugi+FkxDL7kOErVTNjj7QrWRMExQ7NivG95c=
|
github.com/aquasecurity/fanal v0.0.0-20220225095822-ef150f781751 h1:5/MrYu8gbHZsNSN2FmCWtIqtE9UZudkdH8RkX28UCIo=
|
||||||
github.com/aquasecurity/fanal v0.0.0-20220221141823-58a5d668e45f/go.mod h1:yYI49KiuvA0EYL1v2hs9xAzGaFL7O9djgPkelqHd5sE=
|
github.com/aquasecurity/fanal v0.0.0-20220225095822-ef150f781751/go.mod h1:IDIXfsyFi+lhoKtwrbE4HPku72dizwopUsQ4XRz4aXo=
|
||||||
github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff h1:JCKEV3TgUNh9fn+8hXyIdsF9yErA0rUbCkgt2flRKt4=
|
github.com/aquasecurity/go-dep-parser v0.0.0-20220224134419-e4f58c60089e h1:NXHfUPuyfZOurJJtnEFo0JlFopMNlPgID3BpgEwoTUU=
|
||||||
github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff/go.mod h1:8fJ//Ob6/03lxbn4xa1F+G/giVtiVLxnZNpBp5xOxNk=
|
github.com/aquasecurity/go-dep-parser v0.0.0-20220224134419-e4f58c60089e/go.mod h1:XxIz2s4UymZBcg9WwAc2km77lFt9rVE/LmKJe2YVOtY=
|
||||||
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=
|
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=
|
||||||
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce/go.mod h1:HXgVzOPvXhVGLJs4ZKO817idqr/xhwsTcj17CLYY74s=
|
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce/go.mod h1:HXgVzOPvXhVGLJs4ZKO817idqr/xhwsTcj17CLYY74s=
|
||||||
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 h1:eveqE9ivrt30CJ7dOajOfBavhZ4zPqHcZe/4tKp0alc=
|
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 h1:eveqE9ivrt30CJ7dOajOfBavhZ4zPqHcZe/4tKp0alc=
|
||||||
@@ -1754,6 +1754,7 @@ go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
|
|||||||
go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
|
go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
|
||||||
go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ=
|
go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ=
|
||||||
go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
|
go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
|
||||||
|
go.uber.org/zap v1.20.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw=
|
||||||
go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8=
|
go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8=
|
||||||
go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw=
|
go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw=
|
||||||
go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE=
|
go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE=
|
||||||
|
|||||||
@@ -22,6 +22,7 @@ func TestFilesystem(t *testing.T) {
|
|||||||
ignoreIDs []string
|
ignoreIDs []string
|
||||||
policyPaths []string
|
policyPaths []string
|
||||||
namespaces []string
|
namespaces []string
|
||||||
|
listAllPkgs bool
|
||||||
input string
|
input string
|
||||||
}
|
}
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
@@ -41,6 +42,7 @@ func TestFilesystem(t *testing.T) {
|
|||||||
name: "pip",
|
name: "pip",
|
||||||
args: args{
|
args: args{
|
||||||
securityChecks: "vuln",
|
securityChecks: "vuln",
|
||||||
|
listAllPkgs: true,
|
||||||
input: "testdata/fixtures/fs/pip",
|
input: "testdata/fixtures/fs/pip",
|
||||||
},
|
},
|
||||||
golden: "testdata/pip.json.golden",
|
golden: "testdata/pip.json.golden",
|
||||||
@@ -129,6 +131,10 @@ func TestFilesystem(t *testing.T) {
|
|||||||
outputFile = tt.golden
|
outputFile = tt.golden
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if tt.args.listAllPkgs {
|
||||||
|
osArgs = append(osArgs, "--list-all-pkgs")
|
||||||
|
}
|
||||||
|
|
||||||
osArgs = append(osArgs, "--output", outputFile)
|
osArgs = append(osArgs, "--output", outputFile)
|
||||||
osArgs = append(osArgs, tt.args.input)
|
osArgs = append(osArgs, tt.args.input)
|
||||||
|
|
||||||
|
|||||||
@@ -4,3 +4,5 @@ itsdangerous==2.0.0
|
|||||||
Jinja2==3.0.0
|
Jinja2==3.0.0
|
||||||
MarkupSafe>2.0.0
|
MarkupSafe>2.0.0
|
||||||
Werkzeug==0.11
|
Werkzeug==0.11
|
||||||
|
oauth2-client==4.0.0
|
||||||
|
python-gitlab==2.0.0
|
||||||
|
|||||||
37
integration/testdata/pip.json.golden
vendored
37
integration/testdata/pip.json.golden
vendored
@@ -19,6 +19,43 @@
|
|||||||
"Target": "requirements.txt",
|
"Target": "requirements.txt",
|
||||||
"Class": "lang-pkgs",
|
"Class": "lang-pkgs",
|
||||||
"Type": "pip",
|
"Type": "pip",
|
||||||
|
"Packages": [
|
||||||
|
{
|
||||||
|
"Name": "Flask",
|
||||||
|
"Version": "2.0.0",
|
||||||
|
"Layer": {}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"Name": "Jinja2",
|
||||||
|
"Version": "3.0.0",
|
||||||
|
"Layer": {}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"Name": "Werkzeug",
|
||||||
|
"Version": "0.11",
|
||||||
|
"Layer": {}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"Name": "click",
|
||||||
|
"Version": "8.0.0",
|
||||||
|
"Layer": {}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"Name": "itsdangerous",
|
||||||
|
"Version": "2.0.0",
|
||||||
|
"Layer": {}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"Name": "oauth2-client",
|
||||||
|
"Version": "4.0.0",
|
||||||
|
"Layer": {}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"Name": "python-gitlab",
|
||||||
|
"Version": "2.0.0",
|
||||||
|
"Layer": {}
|
||||||
|
}
|
||||||
|
],
|
||||||
"Vulnerabilities": [
|
"Vulnerabilities": [
|
||||||
{
|
{
|
||||||
"VulnerabilityID": "CVE-2019-14806",
|
"VulnerabilityID": "CVE-2019-14806",
|
||||||
|
|||||||
Reference in New Issue
Block a user