feat(vuln): remove duplicates in Fixed Version (#5596)

Signed-off-by: knqyf263 <knqyf263@gmail.com> Co-authored-by: knqyf263 <knqyf263@gmail.com>
2025-12-22 07:10:41 -08:00 · 2023-12-04 16:29:14 +00:00
parent 99c04c4383
commit a54d1e95fd
4 changed files with 55 additions and 2 deletions
--- a/pkg/detector/library/driver.go
+++ b/pkg/detector/library/driver.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"strings"

+	"github.com/samber/lo"
 	"golang.org/x/xerrors"

 	"github.com/aquasecurity/trivy-db/pkg/db"
@@ -136,7 +137,7 @@ func (d *Driver) DetectVulnerabilities(pkgID, pkgName, pkgVer string) ([]types.D

 func createFixedVersions(advisory dbTypes.Advisory) string {
 	if len(advisory.PatchedVersions) != 0 {
-		return strings.Join(advisory.PatchedVersions, ", ")
+		return joinFixedVersions(advisory.PatchedVersions)
 	}

 	var fixedVersions []string
@@ -149,5 +150,9 @@ func createFixedVersions(advisory dbTypes.Advisory) string {
 			}
 		}
 	}
-	return strings.Join(fixedVersions, ", ")
+	return joinFixedVersions(fixedVersions)
+}
+
+func joinFixedVersions(fixedVersions []string) string {
+	return strings.Join(lo.Uniq(fixedVersions), ", ")
 }
--- a/pkg/detector/library/driver_test.go
+++ b/pkg/detector/library/driver_test.go
@@ -157,6 +157,31 @@ func TestDriver_Detect(t *testing.T) {
 			},
 			wantErr: "failed to unmarshal advisory JSON",
 		},
+		{
+			name: "duplicated version in advisory",
+			fixtures: []string{
+				"testdata/fixtures/pip.yaml",
+				"testdata/fixtures/data-source.yaml",
+			},
+			libType: ftypes.PythonPkg,
+			args: args{
+				pkgName: "Django",
+				pkgVer:  "4.2.1",
+			},
+			want: []types.DetectedVulnerability{
+				{
+					VulnerabilityID:  "CVE-2023-36053",
+					PkgName:          "Django",
+					InstalledVersion: "4.2.1",
+					FixedVersion:     "4.2.3",
+					DataSource: &dbTypes.DataSource{
+						ID:   vulnerability.GHSA,
+						Name: "GitHub Security Advisory Pip",
+						URL:  "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip",
+					},
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
--- a/pkg/detector/library/testdata/fixtures/data-source.yaml
+++ b/pkg/detector/library/testdata/fixtures/data-source.yaml
@@ -20,3 +20,8 @@
        ID: "ruby-advisory-db"
        Name: "Ruby Advisory Database"
        URL:  "https://github.com/rubysec/ruby-advisory-db"
+    - key: "pip::GitHub Security Advisory Pip"
+      value:
+        ID: "ghsa"
+        Name: "GitHub Security Advisory Pip"
+        URL: "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
--- a/pkg/detector/library/testdata/fixtures/pip.yaml
+++ b/pkg/detector/library/testdata/fixtures/pip.yaml
@@ -0,0 +1,18 @@
+- bucket: "pip::GitHub Security Advisory Pip"
+  pairs:
+    - bucket: Django
+      pairs:
+        - key: CVE-2023-36053
+          value:
+            PatchedVersions:
+              - 4.2.3
+            VulnerableVersions:
+              - < 4.2.3
+    - bucket: django
+      pairs:
+        - key: CVE-2023-36053
+          value:
+            PatchedVersions:
+              - 4.2.3
+            VulnerableVersions:
+              - < 4.2.3