gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-21 23:00:42 -08:00
Code Issues Packages Projects Releases Wiki Activity

feat(redhat): support build info in RHEL (#807)

Browse Source
This commit is contained in:
Teppei Fukuda
2022-01-28 18:35:00 +02:00
committed by GitHub
parent ce703ce4a5
commit d2827cba06
24 changed files with 1172 additions and 89460 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
go.mod
View File

@@ -7,13 +7,13 @@ require (
github.com/Masterminds/sprig v2.22.0+incompatible
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
github.com/aquasecurity/fanal v0.0.0-20220117141050-4586f4391cac
github.com/aquasecurity/fanal v0.0.0-20220128133114-3519fe6e6c21
github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46
github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492
github.com/aquasecurity/trivy-db v0.0.0-20220125230746-e5eec5a98bf1
github.com/aquasecurity/trivy-db v0.0.0-20220128150422-5c53ef8a797d
github.com/caarlos0/env/v6 v6.0.0
github.com/cenkalti/backoff v2.2.1+incompatible
github.com/cheggaaa/pb/v3 v3.0.3
@@ -33,7 +33,7 @@ require (
github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08
github.com/mitchellh/copystructure v1.1.1 // indirect
github.com/olekukonko/tablewriter v0.0.5
github.com/open-policy-agent/opa v0.36.0
github.com/open-policy-agent/opa v0.36.1
github.com/owenrumney/go-sarif/v2 v2.0.17
github.com/spf13/afero v1.6.0
github.com/stretchr/objx v0.3.0 // indirect
@@ -41,7 +41,7 @@ require (
github.com/testcontainers/testcontainers-go v0.11.1
github.com/twitchtv/twirp v8.1.0+incompatible
github.com/urfave/cli/v2 v2.3.0
go.uber.org/zap v1.19.1
go.uber.org/zap v1.20.0
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
google.golang.org/protobuf v1.27.1
gopkg.in/go-playground/validator.v9 v9.31.0 // indirect

54
go.sum
View File

@@ -79,6 +79,8 @@ github.com/Azure/azure-sdk-for-go v30.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9mo
github.com/Azure/azure-sdk-for-go v35.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/azure-sdk-for-go v38.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/azure-sdk-for-go v42.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/azure-sdk-for-go v61.2.0+incompatible h1:sSormXkfW0ov1vh6ihTBRQxdfg73fPqkccl50GbR9iM=
github.com/Azure/azure-sdk-for-go v61.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0=
github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0=
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8=
@@ -87,28 +89,41 @@ github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSW
github.com/Azure/go-autorest v10.15.5+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
github.com/Azure/go-autorest v14.1.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
github.com/Azure/go-autorest/autorest v0.9.3/go.mod h1:GsRuLYvwzLjjjRoWEIyMUaYq8GNUx2nRB378IPt/1p0=
github.com/Azure/go-autorest/autorest v0.9.6/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630=
github.com/Azure/go-autorest/autorest v0.10.2/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630=
github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw=
github.com/Azure/go-autorest/autorest v0.11.6/go.mod h1:V6p3pKZx1KKkJubbxnDWrzNhEIfOy/pTGasLqzHIPHs=
github.com/Azure/go-autorest/autorest v0.11.24 h1:1fIGgHKqVm54KIPT+q8Zmd1QlVsmHqeUGso5qm2BqqE=
github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc=
github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0=
github.com/Azure/go-autorest/autorest/adal v0.8.0/go.mod h1:Z6vX6WXXuyieHAXwMj0S6HY6e6wcHn37qQMBQlvY3lc=
github.com/Azure/go-autorest/autorest/adal v0.8.1/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q=
github.com/Azure/go-autorest/autorest/adal v0.8.2/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q=
github.com/Azure/go-autorest/autorest/adal v0.8.3/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q=
github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg=
github.com/Azure/go-autorest/autorest/adal v0.9.4/go.mod h1:/3SMAM86bP6wC9Ev35peQDUeqFZBMH07vvUOmg4z/fE=
github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
github.com/Azure/go-autorest/autorest/adal v0.9.18 h1:kLnPsRjzZZUF3K5REu/Kc+qMQrvuza2bwSnNdhmzLfQ=
github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
github.com/Azure/go-autorest/autorest/azure/auth v0.4.2/go.mod h1:90gmfKdlmKgfjUpnCEpOJzsUEjrWDSLwHIG73tSXddM=
github.com/Azure/go-autorest/autorest/azure/auth v0.5.2 h1:R1pgoZkhXuv4+0ky9r3e5pcnRXWcXGIuPXpC/xkc7uI=
github.com/Azure/go-autorest/autorest/azure/auth v0.5.2/go.mod h1:q98IH4qgc3eWM4/WOeR5+YPmBuy8Lq0jNRDwSM0CuFk=
github.com/Azure/go-autorest/autorest/azure/cli v0.3.1/go.mod h1:ZG5p860J94/0kI9mNJVoIoLgXcirM2gF5i2kWloofxw=
github.com/Azure/go-autorest/autorest/azure/cli v0.4.1 h1:jwcD1wURu0+hKceV04MubZmKLzwEYOCz6q4aOtVZ+Ng=
github.com/Azure/go-autorest/autorest/azure/cli v0.4.1/go.mod h1:JfDgiIO1/RPu6z42AdQTyjOoCM2MFhLqSBDvMEkDgcg=
github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA=
github.com/Azure/go-autorest/autorest/date v0.2.0/go.mod h1:vcORJHLJEh643/Ioh9+vPmf1Ij9AEBM5FuBIXLmIy0g=
github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
github.com/Azure/go-autorest/autorest/mocks v0.3.0/go.mod h1:a8FDP3DYzQ4RYfVAxAN3SVSiiO77gL2j2ronKKP0syM=
github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPuGXlNkbVvq4cW4nIHk=
github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
github.com/Azure/go-autorest/autorest/to v0.2.0/go.mod h1:GunWKJp1AEqgMaGLV+iocmRAJWqST1wQYhyyjXJ3SJc=
github.com/Azure/go-autorest/autorest/to v0.3.0/go.mod h1:MgwOyqaIuKdG4TL/2ywSsIWKAfJfgHDo8ObuUk3t5sA=
@@ -116,11 +131,15 @@ github.com/Azure/go-autorest/autorest/validation v0.1.0/go.mod h1:Ha3z/SqBeaalWQ
github.com/Azure/go-autorest/autorest/validation v0.2.0/go.mod h1:3EEqHnBxQGHXRYq3HT1WyXAvT7LLY3tl70hw6tQIbjI=
github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc=
github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg=
github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/BurntSushi/toml v0.4.1 h1:GaI7EiDXDRfa8VshkTj7Fym7ha+y8/XxIgD2okUIjLw=
github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
github.com/BurntSushi/toml v1.0.0 h1:dtDWrepsVPfW9H/4y7dDgFc2MBUSeJhlaDtK13CxFlU=
github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
github.com/Djarvur/go-err113 v0.0.0-20200410182137-af658d038157/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs=
@@ -224,8 +243,8 @@ github.com/aquasecurity/cfsec v0.2.2 h1:hq6MZlg7XFZsrerCv297N4HRlnJM7K6LLd/l/xCz
github.com/aquasecurity/cfsec v0.2.2/go.mod h1:sUELRJqIPXTOZiHUx7TzyyFFzuk0W22IG6IWAoV8T6U=
github.com/aquasecurity/defsec v0.0.37 h1:zdZndlKrW257b8VLK1UwfmXiyPuDrNA+wzBilHRk1LA=
github.com/aquasecurity/defsec v0.0.37/go.mod h1:csaBEcJ3AKy44expnW0dCANEZcS/c1vcJjwBCbnKWBM=
github.com/aquasecurity/fanal v0.0.0-20220117141050-4586f4391cac h1:S1I4lTa44zqA7OUmuZUQdIh8k2H75P6LVhyR3nsuAFA=
github.com/aquasecurity/fanal v0.0.0-20220117141050-4586f4391cac/go.mod h1:ACYDJQPZtSl8Hxqf/CmZEbnX2X5CHHccrfjAyyUvbME=
github.com/aquasecurity/fanal v0.0.0-20220128133114-3519fe6e6c21 h1:7nx6j3boy7oawbPvkp2Vma9OvovZWIGvzJw80w1e71E=
github.com/aquasecurity/fanal v0.0.0-20220128133114-3519fe6e6c21/go.mod h1:aU+dKT2D+DLsTEmy/axt19XEIXayz0V9giXCwiypCgQ=
github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff h1:JCKEV3TgUNh9fn+8hXyIdsF9yErA0rUbCkgt2flRKt4=
github.com/aquasecurity/go-dep-parser v0.0.0-20211224170007-df43bca6b6ff/go.mod h1:8fJ//Ob6/03lxbn4xa1F+G/giVtiVLxnZNpBp5xOxNk=
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=
@@ -241,8 +260,8 @@ github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516 h1:moQmzbp
github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516/go.mod h1:gTd97VdQ0rg8Mkiic3rPgNOQdprZ7feTAhiD5mGQjgM=
github.com/aquasecurity/tfsec v0.63.1 h1:KH63HTcUoab7d3PKtqFO6T8K5AY7bzLw7Kiu+EY9U64=
github.com/aquasecurity/tfsec v0.63.1/go.mod h1:g5ZWmsfqW1FsCaPb9ux8Pzjcyss/WUB2XuRd5slqvnc=
github.com/aquasecurity/trivy-db v0.0.0-20220125230746-e5eec5a98bf1 h1:mOaPyX+hVglWFk8TbLA7q01GnqVcf6yPusaQaWnDNjE=
github.com/aquasecurity/trivy-db v0.0.0-20220125230746-e5eec5a98bf1/go.mod h1:rnojVJTK+RySsfLW7xMqmQRSjQpm5fEjS+/N4kf3fcc=
github.com/aquasecurity/trivy-db v0.0.0-20220128150422-5c53ef8a797d h1:vwK774PmorLkSsL/K4WUa9Y9Tn/5Ksmolv8UGHh0Wjc=
github.com/aquasecurity/trivy-db v0.0.0-20220128150422-5c53ef8a797d/go.mod h1:BOulYmf+l2bd+Bjo3tTsdnbWCsh5UsJn1MqdiZzmm/Q=
github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
@@ -505,6 +524,7 @@ github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/r
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8=
github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
github.com/docker/cli v0.0.0-20190925022749-754388324470/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
@@ -710,8 +730,9 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
github.com/golang-jwt/jwt/v4 v4.0.0 h1:RAqyYixv1p7uEnocuy8P1nru5wprCh/MH2BIlW5z5/o=
github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU=
github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ=
github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
@@ -1252,8 +1273,8 @@ github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDs
github.com/onsi/gomega v1.16.0 h1:6gjqkI8iiRHMvdccRJM8rVKjCWk6ZIm6FTm3ddIe4/c=
github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
github.com/open-policy-agent/opa v0.36.0 h1:aNStYrrA8yC74g6ir33EExOUVexWFwfqg9dWjNfw87I=
github.com/open-policy-agent/opa v0.36.0/go.mod h1:/ZcbCeVlsRFp+n7aAvcTfElCL24b53p9v9QGo2y+0RM=
github.com/open-policy-agent/opa v0.36.1 h1:FkopbI3Rlor1nAvu78hgbdOLZyRd4vPepeMY4Tcm1Hc=
github.com/open-policy-agent/opa v0.36.1/go.mod h1:/ZcbCeVlsRFp+n7aAvcTfElCL24b53p9v9QGo2y+0RM=
github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
@@ -1675,7 +1696,7 @@ go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=
go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
go.uber.org/automaxprocs v1.4.0/go.mod h1:/mTEdr7LvHhs0v7mjdxDreTz1OG5zdZGqgOnhWiR/+Q=
go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA=
go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
@@ -1688,8 +1709,8 @@ go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ=
go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
go.uber.org/zap v1.19.1 h1:ue41HOKd1vGURxrmeKIgELGb3jPW9DMUDGtsinblHwI=
go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI=
go.uber.org/zap v1.20.0 h1:N4oPlghZwYG55MlU6LXk/Zp00FVNE9X9wrYO8CEs4lc=
go.uber.org/zap v1.20.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw=
go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE=
gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI=
golang.org/x/build v0.0.0-20190314133821-5284462c4bec/go.mod h1:atTaCNAy0f16Ah5aV1gMSwgiKVHwu/JncqDpuRr7lS4=
@@ -1722,8 +1743,10 @@ golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm
golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce h1:Roh6XWxHFKrPgC/EQhVubSAGQ6Ozk6IdxHSzt1mR0EI=
golang.org/x/crypto v0.0.0-20220112180741-5e0467b6c7ce/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1838,9 +1861,11 @@ golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qx
golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211111083644-e5c967477495/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211118161319-6a13c67c3ce4/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20211216030914-fe4d6282115f h1:hEYJvxw1lSnWIl8X9ofsYMklzaDs90JI2az5YMd4fPM=
golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d h1:1n1fc535VhN8SYtD4cDUyNlfpAF2ROMM9+11equK3hs=
golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/oauth2 v0.0.0-20180724155351-3d292e4d0cdc/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -2005,8 +2030,9 @@ golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20211117180635-dee7805ff2e1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211213223007-03aa0b5f6827 h1:A0Qkn7Z/n8zC1xd9LTw17AiKlBRK64tw3ejWQiEqca0=
golang.org/x/sys v0.0.0-20211213223007-03aa0b5f6827/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0=
golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf h1:MZ2shdL+ZM/XzY3ZGOnh4Nlpnxz5GSOhOmtHo3iPU6M=

77
integration/client_server_test.go
View File

@@ -102,45 +102,44 @@ func TestClientServer(t *testing.T) {
},
golden: "testdata/ubuntu-1804.json.golden",
},
// TODO :fix them after support for Red Hat OVALv2
//{
// name: "centos 7 integration",
// args: csArgs{
// Input: "testdata/fixtures/images/centos-7.tar.gz",
// },
// golden: "testdata/centos-7.json.golden",
//},
//{
// name: "centos 7 integration with --ignore-unfixed option",
// args: csArgs{
// IgnoreUnfixed: true,
// Input: "testdata/fixtures/images/centos-7.tar.gz",
// },
// golden: "testdata/centos-7-ignore-unfixed.json.golden",
//},
//{
// name: "centos 7 integration with low and high severity",
// args: csArgs{
// IgnoreUnfixed: true,
// Severity: []string{"LOW", "HIGH"},
// Input: "testdata/fixtures/images/centos-7.tar.gz",
// },
// golden: "testdata/centos-7-low-high.json.golden",
//},
//{
// name: "centos 6 integration",
// args: csArgs{
// Input: "testdata/fixtures/images/centos-6.tar.gz",
// },
// golden: "testdata/centos-6.json.golden",
//},
//{
// name: "ubi 7 integration",
// args: csArgs{
// Input: "testdata/fixtures/images/ubi-7.tar.gz",
// },
// golden: "testdata/ubi-7.json.golden",
//},
{
name: "centos 7",
args: csArgs{
Input: "testdata/fixtures/images/centos-7.tar.gz",
},
golden: "testdata/centos-7.json.golden",
},
{
name: "centos 7 with --ignore-unfixed option",
args: csArgs{
IgnoreUnfixed: true,
Input: "testdata/fixtures/images/centos-7.tar.gz",
},
golden: "testdata/centos-7-ignore-unfixed.json.golden",
},
{
name: "centos 7 with medium severity",
args: csArgs{
IgnoreUnfixed: true,
Severity: []string{"MEDIUM"},
Input: "testdata/fixtures/images/centos-7.tar.gz",
},
golden: "testdata/centos-7-medium.json.golden",
},
{
name: "centos 6",
args: csArgs{
Input: "testdata/fixtures/images/centos-6.tar.gz",
},
golden: "testdata/centos-6.json.golden",
},
{
name: "ubi 7",
args: csArgs{
Input: "testdata/fixtures/images/ubi-7.tar.gz",
},
golden: "testdata/ubi-7.json.golden",
},
{
name: "almalinux 8",
args: csArgs{

175
integration/docker_engine_test.go
View File

@@ -27,167 +27,166 @@ func TestDockerEngine(t *testing.T) {
ignoreUnfixed bool
severity []string
ignoreIDs []string
testfile string
wantOutputFile string
wantError string
input string
golden string
wantErr string
}{
{
name: "alpine:3.9",
imageTag: "alpine:3.9",
wantOutputFile: "testdata/alpine-39.json.golden",
testfile: "testdata/fixtures/images/alpine-39.tar.gz",
input: "testdata/fixtures/images/alpine-39.tar.gz",
golden: "testdata/alpine-39.json.golden",
},
{
name: "alpine:3.9, with high and critical severity",
severity: []string{"HIGH", "CRITICAL"},
imageTag: "alpine:3.9",
wantOutputFile: "testdata/alpine-39-high-critical.json.golden",
testfile: "testdata/fixtures/images/alpine-39.tar.gz",
input: "testdata/fixtures/images/alpine-39.tar.gz",
golden: "testdata/alpine-39-high-critical.json.golden",
},
{
name: "alpine:3.9, with .trivyignore",
imageTag: "alpine:3.9",
ignoreIDs: []string{"CVE-2019-1549", "CVE-2019-14697"},
wantOutputFile: "testdata/alpine-39-ignore-cveids.json.golden",
testfile: "testdata/fixtures/images/alpine-39.tar.gz",
input: "testdata/fixtures/images/alpine-39.tar.gz",
golden: "testdata/alpine-39-ignore-cveids.json.golden",
},
{
name: "alpine:3.10",
imageTag: "alpine:3.10",
wantOutputFile: "testdata/alpine-310.json.golden",
testfile: "testdata/fixtures/images/alpine-310.tar.gz",
input: "testdata/fixtures/images/alpine-310.tar.gz",
golden: "testdata/alpine-310.json.golden",
},
{
name: "amazonlinux:1",
imageTag: "amazonlinux:1",
wantOutputFile: "testdata/amazon-1.json.golden",
testfile: "testdata/fixtures/images/amazon-1.tar.gz",
input: "testdata/fixtures/images/amazon-1.tar.gz",
golden: "testdata/amazon-1.json.golden",
},
{
name: "amazonlinux:2",
imageTag: "amazonlinux:2",
wantOutputFile: "testdata/amazon-2.json.golden",
testfile: "testdata/fixtures/images/amazon-2.tar.gz",
input: "testdata/fixtures/images/amazon-2.tar.gz",
golden: "testdata/amazon-2.json.golden",
},
// TODO: fix them
//{
// name: "happy path, valid image path, centos:6",
// imageTag: "centos:6",
// wantOutputFile: "testdata/centos-6.json.golden",
// testfile: "testdata/fixtures/images/centos-6.tar.gz",
//},
//{
// name: "happy path, valid image path, centos:7",
// imageTag: "centos:7",
// wantOutputFile: "testdata/centos-7.json.golden",
// testfile: "testdata/fixtures/images/centos-7.tar.gz",
//},
//{
// name: "happy path, valid image path, centos:7, with --ignore-unfixed option",
// imageTag: "centos:7",
// ignoreUnfixed: true,
// wantOutputFile: "testdata/centos-7-ignore-unfixed.json.golden",
// testfile: "testdata/fixtures/images/centos-7.tar.gz",
//},
//{
// name: "happy path, valid image path, centos:7, with --ignore-unfixed option, with low and high severity",
// imageTag: "centos:7",
// ignoreUnfixed: true,
// severity: []string{"LOW", "HIGH"},
// wantOutputFile: "testdata/centos-7-low-high.json.golden",
// testfile: "testdata/fixtures/images/centos-7.tar.gz",
//},
//{
// name: "happy path, valid image path, registry.redhat.io/ubi7",
// imageTag: "registry.redhat.io/ubi7",
// wantOutputFile: "testdata/ubi-7.json.golden",
// testfile: "testdata/fixtures/images/ubi-7.tar.gz",
//},
{
name: "almalinux 8",
imageTag: "almalinux:8",
wantOutputFile: "testdata/almalinux-8.json.golden",
testfile: "testdata/fixtures/images/almalinux-8.tar.gz",
input: "testdata/fixtures/images/almalinux-8.tar.gz",
golden: "testdata/almalinux-8.json.golden",
},
{
name: "rocky linux 8",
imageTag: "rockylinux:8",
testfile: "testdata/fixtures/images/rockylinux-8.tar.gz",
wantOutputFile: "testdata/rockylinux-8.json.golden",
input: "testdata/fixtures/images/rockylinux-8.tar.gz",
golden: "testdata/rockylinux-8.json.golden",
},
{
name: "centos 6",
imageTag: "centos:6",
input: "testdata/fixtures/images/centos-6.tar.gz",
golden: "testdata/centos-6.json.golden",
},
{
name: "centos 7",
imageTag: "centos:7",
input: "testdata/fixtures/images/centos-7.tar.gz",
golden: "testdata/centos-7.json.golden",
},
{
name: "centos 7, with --ignore-unfixed option",
imageTag: "centos:7",
ignoreUnfixed: true,
input: "testdata/fixtures/images/centos-7.tar.gz",
golden: "testdata/centos-7-ignore-unfixed.json.golden",
},
{
name: "centos 7, with --ignore-unfixed option, with medium severity",
imageTag: "centos:7",
ignoreUnfixed: true,
severity: []string{"MEDIUM"},
input: "testdata/fixtures/images/centos-7.tar.gz",
golden: "testdata/centos-7-medium.json.golden",
},
{
name: "registry.redhat.io/ubi7",
imageTag: "registry.redhat.io/ubi7",
input: "testdata/fixtures/images/ubi-7.tar.gz",
golden: "testdata/ubi-7.json.golden",
},
{
name: "debian buster/10",
imageTag: "debian:buster",
wantOutputFile: "testdata/debian-buster.json.golden",
testfile: "testdata/fixtures/images/debian-buster.tar.gz",
input: "testdata/fixtures/images/debian-buster.tar.gz",
golden: "testdata/debian-buster.json.golden",
},
{
name: "debian buster/10, with --ignore-unfixed option",
ignoreUnfixed: true,
imageTag: "debian:buster",
wantOutputFile: "testdata/debian-buster-ignore-unfixed.json.golden",
testfile: "testdata/fixtures/images/debian-buster.tar.gz",
input: "testdata/fixtures/images/debian-buster.tar.gz",
golden: "testdata/debian-buster-ignore-unfixed.json.golden",
},
{
name: "debian stretch/9",
imageTag: "debian:stretch",
wantOutputFile: "testdata/debian-stretch.json.golden",
testfile: "testdata/fixtures/images/debian-stretch.tar.gz",
input: "testdata/fixtures/images/debian-stretch.tar.gz",
golden: "testdata/debian-stretch.json.golden",
},
{
name: "distroless base",
imageTag: "gcr.io/distroless/base:latest",
wantOutputFile: "testdata/distroless-base.json.golden",
testfile: "testdata/fixtures/images/distroless-base.tar.gz",
input: "testdata/fixtures/images/distroless-base.tar.gz",
golden: "testdata/distroless-base.json.golden",
},
{
name: "distroless python2.7",
imageTag: "gcr.io/distroless/python2.7:latest",
wantOutputFile: "testdata/distroless-python27.json.golden",
testfile: "testdata/fixtures/images/distroless-python27.tar.gz",
input: "testdata/fixtures/images/distroless-python27.tar.gz",
golden: "testdata/distroless-python27.json.golden",
},
{
name: "oracle linux 8",
imageTag: "oraclelinux:8-slim",
wantOutputFile: "testdata/oraclelinux-8-slim.json.golden",
testfile: "testdata/fixtures/images/oraclelinux-8-slim.tar.gz",
input: "testdata/fixtures/images/oraclelinux-8-slim.tar.gz",
golden: "testdata/oraclelinux-8-slim.json.golden",
},
{
name: "ubuntu 18.04",
imageTag: "ubuntu:18.04",
wantOutputFile: "testdata/ubuntu-1804.json.golden",
testfile: "testdata/fixtures/images/ubuntu-1804.tar.gz",
input: "testdata/fixtures/images/ubuntu-1804.tar.gz",
golden: "testdata/ubuntu-1804.json.golden",
},
{
name: "ubuntu 18.04, with --ignore-unfixed option",
imageTag: "ubuntu:18.04",
ignoreUnfixed: true,
wantOutputFile: "testdata/ubuntu-1804-ignore-unfixed.json.golden",
testfile: "testdata/fixtures/images/ubuntu-1804.tar.gz",
input: "testdata/fixtures/images/ubuntu-1804.tar.gz",
golden: "testdata/ubuntu-1804-ignore-unfixed.json.golden",
},
{
name: "happy path, valid image path, opensuse leap 15.1",
name: "opensuse leap 15.1",
imageTag: "opensuse/leap:latest",
wantOutputFile: "testdata/opensuse-leap-151.json.golden",
testfile: "testdata/fixtures/images/opensuse-leap-151.tar.gz",
input: "testdata/fixtures/images/opensuse-leap-151.tar.gz",
golden: "testdata/opensuse-leap-151.json.golden",
},
{
name: "happy path, valid image path, photon 3.0",
name: "photon 3.0",
imageTag: "photon:3.0-20190823",
wantOutputFile: "testdata/photon-30.json.golden",
testfile: "testdata/fixtures/images/photon-30.tar.gz",
input: "testdata/fixtures/images/photon-30.tar.gz",
golden: "testdata/photon-30.json.golden",
},
{
name: "buxybox with Cargo.lock",
name: "busybox with Cargo.lock",
imageTag: "busy-cargo:latest",
wantOutputFile: "testdata/busybox-with-lockfile.json.golden",
testfile: "testdata/fixtures/images/busybox-with-lockfile.tar.gz",
input: "testdata/fixtures/images/busybox-with-lockfile.tar.gz",
golden: "testdata/busybox-with-lockfile.json.golden",
},
{
name: "sad path, invalid image",
invalidImage: true,
testfile: "badimage:latest",
wantError: "unable to inspect the image (index.docker.io/library/badimage:latest)",
input: "badimage:latest",
wantErr: "unable to inspect the image (index.docker.io/library/badimage:latest)",
},
}
@@ -203,11 +202,11 @@ func TestDockerEngine(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if !tt.invalidImage {
testfile, err := os.Open(tt.testfile)
testfile, err := os.Open(tt.input)
require.NoError(t, err, tt.name)
// ensure image doesnt already exists
_, _ = cli.ImageRemove(ctx, tt.testfile, types.ImageRemoveOptions{
_, _ = cli.ImageRemove(ctx, tt.input, types.ImageRemoveOptions{
Force: true,
PruneChildren: true,
})
@@ -218,7 +217,7 @@ func TestDockerEngine(t *testing.T) {
io.Copy(io.Discard, res.Body)
// tag our image to something unique
err = cli.ImageTag(ctx, tt.imageTag, tt.testfile)
err = cli.ImageTag(ctx, tt.imageTag, tt.input)
require.NoError(t, err, tt.name)
}
@@ -244,22 +243,22 @@ func TestDockerEngine(t *testing.T) {
assert.NoError(t, err, "failed to write .trivyignore")
defer os.Remove(trivyIgnore)
}
trivyArgs = append(trivyArgs, tt.testfile)
trivyArgs = append(trivyArgs, tt.input)
err = app.Run(trivyArgs)
if tt.wantError != "" {
if tt.wantErr != "" {
require.NotNil(t, err)
assert.Contains(t, err.Error(), tt.wantError, tt.name)
assert.Contains(t, err.Error(), tt.wantErr, tt.name)
return
}
assert.NoError(t, err, tt.name)
// check for vulnerability output info
compareReports(t, tt.wantOutputFile, output)
compareReports(t, tt.golden, output)
// cleanup
_, err = cli.ImageRemove(ctx, tt.testfile, types.ImageRemoveOptions{
_, err = cli.ImageRemove(ctx, tt.input, types.ImageRemoveOptions{
Force: true,
PruneChildren: true,
})

92
integration/standalone_tar_test.go
View File

@@ -124,55 +124,49 @@ func TestTar(t *testing.T) {
},
golden: "testdata/ubuntu-1804-ignore-unfixed.json.golden",
},
// TODO: it will be fixed after support for Red Hat OVALv2
//{
// name: "centos 7 integration",
// testArgs: args{
// Version: "dev",
// Format: "json",
// Input: "testdata/fixtures/images/centos-7.tar.gz",
// },
// golden: "testdata/centos-7.json.golden",
//},
//{
// name: "centos 7 integration with --ignore-unfixed option",
// testArgs: args{
// Version: "dev",
// IgnoreUnfixed: true,
// Format: "json",
// Input: "testdata/fixtures/images/centos-7.tar.gz",
// },
// golden: "testdata/centos-7-ignore-unfixed.json.golden",
//},
//{
// name: "centos 7 integration with low and high severity",
// testArgs: args{
// Version: "dev",
// IgnoreUnfixed: true,
// Severity: []string{"LOW", "HIGH"},
// Format: "json",
// Input: "testdata/fixtures/images/centos-7.tar.gz",
// },
// golden: "testdata/centos-7-low-high.json.golden",
//},
//{
// name: "centos 6 integration",
// testArgs: args{
// Version: "dev",
// Format: "json",
// Input: "testdata/fixtures/images/centos-6.tar.gz",
// },
// golden: "testdata/centos-6.json.golden",
//},
//{
// name: "ubi 7 integration",
// testArgs: args{
// Version: "dev",
// Format: "json",
// Input: "testdata/fixtures/images/ubi-7.tar.gz",
// },
// golden: "testdata/ubi-7.json.golden",
//},
{
name: "centos 7",
testArgs: args{
Format: "json",
Input: "testdata/fixtures/images/centos-7.tar.gz",
},
golden: "testdata/centos-7.json.golden",
},
{
name: "centos 7with --ignore-unfixed option",
testArgs: args{
IgnoreUnfixed: true,
Format: "json",
Input: "testdata/fixtures/images/centos-7.tar.gz",
},
golden: "testdata/centos-7-ignore-unfixed.json.golden",
},
{
name: "centos 7 with medium severity",
testArgs: args{
IgnoreUnfixed: true,
Severity: []string{"MEDIUM"},
Format: "json",
Input: "testdata/fixtures/images/centos-7.tar.gz",
},
golden: "testdata/centos-7-medium.json.golden",
},
{
name: "centos 6",
testArgs: args{
Format: "json",
Input: "testdata/fixtures/images/centos-6.tar.gz",
},
golden: "testdata/centos-6.json.golden",
},
{
name: "ubi 7",
testArgs: args{
Format: "json",
Input: "testdata/fixtures/images/ubi-7.tar.gz",
},
golden: "testdata/ubi-7.json.golden",
},
{
name: "almalinux 8",
testArgs: args{

27215
integration/testdata/centos-6.json.golden vendored
View File

File diff suppressed because it is too large Load Diff

4609
integration/testdata/centos-7-ignore-unfixed.json.golden vendored
View File

File diff suppressed because it is too large Load Diff

2588
integration/testdata/centos-7-low-high.json.golden vendored
View File

File diff suppressed because it is too large Load Diff

149
integration/testdata/centos-7-medium.json.golden vendored Normal file
View File

@@ -0,0 +1,149 @@
{
"SchemaVersion": 2,
"ArtifactName": "testdata/fixtures/images/centos-7.tar.gz",
"ArtifactType": "container_image",
"Metadata": {
"OS": {
"Family": "centos",
"Name": "7.6.1810"
},
"ImageID": "sha256:9f38484d220fa527b1fb19747638497179500a1bed8bf0498eb788229229e6e1",
"DiffIDs": [
"sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854"
],
"ImageConfig": {
"architecture": "amd64",
"container": "958baf5225f586da9c70a21e911a0a875402dd22d83133d78b3b3aa6130e7892",
"created": "2019-03-14T21:19:53.361167852Z",
"docker_version": "18.06.1-ce",
"history": [
{
"created": "2019-03-14T21:19:52.66982152Z",
"created_by": "/bin/sh -c #(nop) ADD file:074f2c974463ab38cf3532134e8ba2c91c9e346457713f2e8b8e2ac0ee9fd83d in / "
},
{
"created": "2019-03-14T21:19:53.099141434Z",
"created_by": "/bin/sh -c #(nop) LABEL org.label-schema.schema-version=1.0 org.label-schema.name=CentOS Base Image org.label-schema.vendor=CentOS org.label-schema.license=GPLv2 org.label-schema.build-date=20190305",
"empty_layer": true
},
{
"created": "2019-03-14T21:19:53.361167852Z",
"created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]",
"empty_layer": true
}
],
"os": "linux",
"rootfs": {
"type": "layers",
"diff_ids": [
"sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854"
]
},
"config": {
"Cmd": [
"/bin/bash"
],
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Image": "sha256:294e8d8145287e70f07328cc09d840fad8980b801223321b983442f097aff0d8",
"Labels": {
"org.label-schema.build-date": "20190305",
"org.label-schema.license": "GPLv2",
"org.label-schema.name": "CentOS Base Image",
"org.label-schema.schema-version": "1.0",
"org.label-schema.vendor": "CentOS"
},
"ArgsEscaped": true
}
}
},
"Results": [
{
"Target": "testdata/fixtures/images/centos-7.tar.gz (centos 7.6.1810)",
"Class": "os-pkgs",
"Type": "centos",
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2019-1559",
"VendorIDs": [
"RHSA-2019:2304"
],
"PkgName": "openssl-libs",
"InstalledVersion": "1:1.0.2k-16.el7",
"FixedVersion": "1:1.0.2k-19.el7",
"Layer": {
"DiffID": "sha256:d69483a6face4499acb974449d1303591fcbb5cdce5420f36f8a6607bda11854"
},
"SeveritySource": "redhat",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1559",
"Title": "openssl: 0-byte record padding oracle",
"Description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-203"
],
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"V2Score": 4.3,
"V3Score": 5.9
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 5.9
}
},
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html",
"http://www.securityfocus.com/bid/107174",
"https://access.redhat.com/errata/RHSA-2019:2304",
"https://access.redhat.com/errata/RHSA-2019:2437",
"https://access.redhat.com/errata/RHSA-2019:2439",
"https://access.redhat.com/errata/RHSA-2019:2471",
"https://access.redhat.com/errata/RHSA-2019:3929",
"https://access.redhat.com/errata/RHSA-2019:3931",
"https://access.redhat.com/security/cve/CVE-2019-1559",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559",
"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e",
"https://github.com/RUB-NDS/TLS-Padding-Oracles",
"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282",
"https://linux.oracle.com/cve/CVE-2019-1559.html",
"https://linux.oracle.com/errata/ELSA-2019-2471.html",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/",
"https://security.gentoo.org/glsa/201903-10",
"https://security.netapp.com/advisory/ntap-20190301-0001/",
"https://security.netapp.com/advisory/ntap-20190301-0002/",
"https://security.netapp.com/advisory/ntap-20190423-0002/",
"https://support.f5.com/csp/article/K18549143",
"https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS",
"https://ubuntu.com/security/notices/USN-3899-1",
"https://ubuntu.com/security/notices/USN-4376-2",
"https://usn.ubuntu.com/3899-1/",
"https://usn.ubuntu.com/4376-2/",
"https://www.debian.org/security/2019/dsa-4400",
"https://www.openssl.org/news/secadv/20190226.txt",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"https://www.oracle.com/security-alerts/cpujan2021.html",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"https://www.tenable.com/security/tns-2019-02",
"https://www.tenable.com/security/tns-2019-03"
],
"PublishedDate": "2019-02-27T23:29:00Z",
"LastModifiedDate": "2021-01-20T15:15:00Z"
}
]
}
]
}

29255
integration/testdata/centos-7.json.golden vendored
View File

File diff suppressed because it is too large Load Diff

1
integration/testdata/debian-buster.json.golden vendored
View File

@@ -81,6 +81,7 @@
},
"References": [
"http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html",
"https://access.redhat.com/security/cve/CVE-2019-18276",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276",
"https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff",
"https://linux.oracle.com/cve/CVE-2019-18276.html",

1
integration/testdata/debian-stretch.json.golden vendored
View File

@@ -81,6 +81,7 @@
},
"References": [
"http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html",
"https://access.redhat.com/security/cve/CVE-2019-18276",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276",
"https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff",
"https://linux.oracle.com/cve/CVE-2019-18276.html",

21
integration/testdata/fixtures/db/cpe.yaml vendored Normal file
View File

@@ -0,0 +1,21 @@
- bucket: Red Hat CPE
pairs:
- bucket: repository
pairs:
- key: "rhel-6-server-rpms"
value:
- 857
- key: "rhel-7-server-rpms"
value:
- 869
- bucket: nvr
pairs:
- key: "ubi7-container-7.7-140-x86_64"
value:
- 869
- bucket: cpe
pairs:
- key: "857"
value: "cpe:/o:redhat:enterprise_linux:6::server"
- key: "869"
value: "cpe:/o:redhat:enterprise_linux:7::server"

73
integration/testdata/fixtures/db/redhat.yaml vendored Normal file
View File

@@ -0,0 +1,73 @@
- bucket: Red Hat
pairs:
- bucket: bash
pairs:
- key: CVE-2019-18276
value:
Entries:
- Affected:
- 596
- 597
- 598
- 601
- 602
- 869
- 870
- 924
Cves:
- Severity: 1.0
- bucket: openssl
pairs:
- key: RHSA-2019:2304
value:
Entries:
- Affected:
- 859
- 860
- 862
- 869
Cves:
- ID: CVE-2018-0734
Severity: 1.0
- ID: CVE-2019-1559
Severity: 2.0
FixedVersion: 1:1.0.2k-19.el7
- key: RHSA-2019:2471
value:
Entries:
- Affected:
- 855
- 857
- 858
- 924
Cves:
- ID: CVE-2019-1559
Severity: 2.0
FixedVersion: 0:1.0.1e-58.el6_10
- bucket: openssl-libs
pairs:
- key: RHSA-2019:2304
value:
Entries:
- Affected:
- 859
- 860
- 862
- 869
Cves:
- ID: CVE-2018-0734
Severity: 1.0
- ID: CVE-2019-1559
Severity: 2.0
FixedVersion: 1:1.0.2k-19.el7
- bucket: glibc
pairs:
- key: CVE-2020-29573
value:
Entries:
- Affected:
- 596
- 857
- 858
Cves:
- Severity: 2.0

163
integration/testdata/fixtures/db/vulnerability.yaml vendored
View File

@@ -39,6 +39,67 @@
photon: 2.0
redhat: 1.0
ubuntu: 1.0
- key: CVE-2018-0734
value:
CVSS:
nvd:
V2Score: 4.3
V2Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
V3Score: 5.9
V3Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
redhat:
V3Score: 5.1
V3Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CweIDs:
- CWE-327
Description: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
LastModifiedDate: 2020-08-24T17:37:00Z
PublishedDate: 2018-10-30T12:29:00Z
References:
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html
- http://www.securityfocus.com/bid/105758
- https://access.redhat.com/errata/RHSA-2019:2304
- https://access.redhat.com/errata/RHSA-2019:3700
- https://access.redhat.com/errata/RHSA-2019:3932
- https://access.redhat.com/errata/RHSA-2019:3933
- https://access.redhat.com/errata/RHSA-2019:3935
- https://access.redhat.com/security/cve/CVE-2018-0734
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7
- https://linux.oracle.com/cve/CVE-2018-0734.html
- https://linux.oracle.com/errata/ELSA-2019-3700.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
- https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
- https://security.netapp.com/advisory/ntap-20181105-0002/
- https://security.netapp.com/advisory/ntap-20190118-0002/
- https://security.netapp.com/advisory/ntap-20190423-0002/
- https://ubuntu.com/security/notices/USN-3840-1
- https://usn.ubuntu.com/3840-1/
- https://www.debian.org/security/2018/dsa-4348
- https://www.debian.org/security/2018/dsa-4355
- https://www.openssl.org/news/secadv/20181030.txt
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.tenable.com/security/tns-2018-16
- https://www.tenable.com/security/tns-2018-17
Severity: MEDIUM
Title: "openssl: timing side channel attack in the DSA signature algorithm"
VendorSeverity:
amazon: 2.0
arch-linux: 1.0
nvd: 2.0
oracle-oval: 1.0
photon: 2.0
redhat: 1.0
ubuntu: 1.0
- key: CVE-2019-10744
value:
CVSS:
@@ -331,6 +392,75 @@
photon: 2.0
redhat: 1.0
ubuntu: 1.0
- key: CVE-2019-1559
value:
CVSS:
nvd:
V2Score: 4.3
V2Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
V3Score: 5.9
V3Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
redhat:
V3Score: 5.9
V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CweIDs:
- CWE-203
Description: If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
LastModifiedDate: 2021-01-20T15:15:00Z
PublishedDate: 2019-02-27T23:29:00Z
References:
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html
- http://www.securityfocus.com/bid/107174
- https://access.redhat.com/errata/RHSA-2019:2304
- https://access.redhat.com/errata/RHSA-2019:2437
- https://access.redhat.com/errata/RHSA-2019:2439
- https://access.redhat.com/errata/RHSA-2019:2471
- https://access.redhat.com/errata/RHSA-2019:3929
- https://access.redhat.com/errata/RHSA-2019:3931
- https://access.redhat.com/security/cve/CVE-2019-1559
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e
- https://github.com/RUB-NDS/TLS-Padding-Oracles
- https://kc.mcafee.com/corporate/index?page=content&id=SB10282
- https://linux.oracle.com/cve/CVE-2019-1559.html
- https://linux.oracle.com/errata/ELSA-2019-2471.html
- https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
- https://security.gentoo.org/glsa/201903-10
- https://security.netapp.com/advisory/ntap-20190301-0001/
- https://security.netapp.com/advisory/ntap-20190301-0002/
- https://security.netapp.com/advisory/ntap-20190423-0002/
- https://support.f5.com/csp/article/K18549143
- https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS
- https://ubuntu.com/security/notices/USN-3899-1
- https://ubuntu.com/security/notices/USN-4376-2
- https://usn.ubuntu.com/3899-1/
- https://usn.ubuntu.com/4376-2/
- https://www.debian.org/security/2019/dsa-4400
- https://www.openssl.org/news/secadv/20190226.txt
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.tenable.com/security/tns-2019-02
- https://www.tenable.com/security/tns-2019-03
Severity: MEDIUM
Title: "openssl: 0-byte record padding oracle"
VendorSeverity:
amazon: 2.0
arch-linux: 2.0
nvd: 2.0
oracle-oval: 2.0
redhat: 2.0
ubuntu: 2.0
- key: CVE-2019-1563
value:
CVSS:
@@ -449,6 +579,7 @@
PublishedDate: 2019-11-28T01:15:00Z
References:
- http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
- https://access.redhat.com/security/cve/CVE-2019-18276
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
- https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
- https://linux.oracle.com/cve/CVE-2019-18276.html
@@ -670,6 +801,38 @@
nvd: 2.0
redhat: 2.0
ubuntu: 2.0
- key: CVE-2020-29573
value:
CVSS:
nvd:
V2Score: 5.0
V2Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
V3Score: 7.5
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
redhat:
V3Score: 7.5
V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CweIDs:
- CWE-787
Description: "sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of \"Fixed for glibc 2.33\" in the 26649 reference."
LastModifiedDate: 2021-01-26T18:15:00Z
PublishedDate: 2020-12-06T00:15:00Z
References:
- https://access.redhat.com/security/cve/CVE-2020-29573
- https://linux.oracle.com/cve/CVE-2020-29573.html
- https://linux.oracle.com/errata/ELSA-2021-0348.html
- https://security.gentoo.org/glsa/202101-20
- https://security.netapp.com/advisory/ntap-20210122-0004/
- https://sourceware.org/bugzilla/show_bug.cgi?id=26649
- https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html
Severity: HIGH
Title: "glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern"
VendorSeverity:
arch-linux: 2.0
nvd: 3.0
oracle-oval: 2.0
photon: 3.0
redhat: 2.0
- key: CVE-2020-8165
value:
CVSS:

1
integration/testdata/photon-30.json.golden vendored
View File

@@ -92,6 +92,7 @@
},
"References": [
"http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html",
"https://access.redhat.com/security/cve/CVE-2019-18276",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276",
"https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff",
"https://linux.oracle.com/cve/CVE-2019-18276.html",

25576
integration/testdata/ubi-7.json.golden vendored
View File

File diff suppressed because it is too large Load Diff

1
integration/testdata/ubuntu-1804.json.golden vendored
View File

@@ -99,6 +99,7 @@
},
"References": [
"http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html",
"https://access.redhat.com/security/cve/CVE-2019-18276",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276",
"https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff",
"https://linux.oracle.com/cve/CVE-2019-18276.html",

120
pkg/detector/ospkg/redhat/redhat.go
View File

@@ -1,6 +1,8 @@
package redhat
import (
"fmt"
"sort"
"strings"
"time"
@@ -10,13 +12,30 @@ import (
"github.com/aquasecurity/fanal/analyzer/os"
ftypes "github.com/aquasecurity/fanal/types"
"github.com/aquasecurity/trivy-db/pkg/vulnsrc/redhat"
dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
ustrings "github.com/aquasecurity/trivy-db/pkg/utils/strings"
redhat "github.com/aquasecurity/trivy-db/pkg/vulnsrc/redhat-oval"
"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/scanner/utils"
"github.com/aquasecurity/trivy/pkg/types"
)
var (
defaultContentSets = map[string][]string{
"6": {
"rhel-6-server-rpms",
"rhel-6-server-extras-rpms",
},
"7": {
"rhel-7-server-rpms",
"rhel-7-server-extras-rpms",
},
"8": {
"rhel-8-for-x86_64-baseos-rpms",
"rhel-8-for-x86_64-appstream-rpms",
},
}
redhatEOLDates = map[string]time.Time{
"4": time.Date(2017, 5, 31, 23, 59, 59, 0, time.UTC),
"5": time.Date(2020, 11, 30, 23, 59, 59, 0, time.UTC),
@@ -77,19 +96,39 @@ func (s *Scanner) Detect(osVer string, pkgs []ftypes.Package) ([]types.DetectedV
if strings.Count(osVer, ".") > 0 {
osVer = osVer[:strings.Index(osVer, ".")]
}
log.Logger.Debugf("redhat: os version: %s", osVer)
log.Logger.Debugf("redhat: the number of packages: %d", len(pkgs))
log.Logger.Debugf("Red Hat: os version: %s", osVer)
log.Logger.Debugf("Red Hat: the number of packages: %d", len(pkgs))
var vulns []types.DetectedVulnerability
for _, pkg := range pkgs {
if !s.isFromSupportedVendor(pkg) {
if !isFromSupportedVendor(pkg) {
log.Logger.Debugf("Skipping %s: unsupported vendor", pkg.Name)
continue
}
// For Red Hat Security Data API containing only source package names
pkgName := addModularNamespace(pkg.SrcName, pkg.Modularitylabel)
advisories, err := s.vs.Get(osVer, pkgName)
detectedVulns, err := s.detect(osVer, pkg)
if err != nil {
return nil, xerrors.Errorf("redhat vulnerability detection error: %w", err)
}
vulns = append(vulns, detectedVulns...)
}
return vulns, nil
}
func (s *Scanner) detect(osVer string, pkg ftypes.Package) ([]types.DetectedVulnerability, error) {
// For Red Hat OVAL v2 containing only binary package names
pkgName := addModularNamespace(pkg.Name, pkg.Modularitylabel)
var contentSets []string
var nvr string
if pkg.BuildInfo == nil {
contentSets = defaultContentSets[osVer]
} else {
contentSets = pkg.BuildInfo.ContentSets
nvr = fmt.Sprintf("%s-%s", pkg.BuildInfo.Nvr, pkg.BuildInfo.Arch)
}
advisories, err := s.vs.Get(pkgName, contentSets, []string{nvr})
if err != nil {
return nil, xerrors.Errorf("failed to get Red Hat advisories: %w", err)
}
@@ -97,41 +136,58 @@ func (s *Scanner) Detect(osVer string, pkgs []ftypes.Package) ([]types.DetectedV
installed := utils.FormatVersion(pkg)
installedVersion := version.NewVersion(installed)
uniqVulns := map[string]types.DetectedVulnerability{}
for _, adv := range advisories {
if adv.FixedVersion != "" {
continue
}
vulnID := adv.VulnerabilityID
vuln := types.DetectedVulnerability{
VulnerabilityID: adv.VulnerabilityID,
VulnerabilityID: vulnID,
PkgName: pkg.Name,
InstalledVersion: installed,
InstalledVersion: utils.FormatVersion(pkg),
Layer: pkg.Layer,
SeveritySource: vulnerability.RedHat,
Vulnerability: dbTypes.Vulnerability{
Severity: adv.Severity.String(),
},
Custom: adv.Custom,
}
vulns = append(vulns, vuln)
// unpatched vulnerabilities
if adv.FixedVersion == "" {
uniqVulns[vulnID] = vuln
continue
}
// For Red Hat OVAL v2 containing only binary package names
pkgName = addModularNamespace(pkg.Name, pkg.Modularitylabel)
advisories, err = s.vs.Get(osVer, pkgName)
if err != nil {
return nil, xerrors.Errorf("failed to get Red Hat advisories: %w", err)
}
for _, adv := range advisories {
// patched vulnerabilities
fixedVersion := version.NewVersion(adv.FixedVersion)
if installedVersion.LessThan(fixedVersion) {
vuln := types.DetectedVulnerability{
VulnerabilityID: adv.VulnerabilityID,
PkgName: pkg.Name,
InstalledVersion: installed,
FixedVersion: fixedVersion.String(),
Layer: pkg.Layer,
vuln.VendorIDs = adv.VendorIDs
vuln.FixedVersion = fixedVersion.String()
if v, ok := uniqVulns[vulnID]; ok {
// In case two advisories resolve the same CVE-ID.
// e.g. The first fix might be incomplete.
v.VendorIDs = ustrings.Unique(append(v.VendorIDs, vuln.VendorIDs...))
// The newer fixed version should be taken.
if version.NewVersion(v.FixedVersion).LessThan(fixedVersion) {
v.FixedVersion = vuln.FixedVersion
}
uniqVulns[vulnID] = v
} else {
uniqVulns[vulnID] = vuln
}
}
}
var vulns []types.DetectedVulnerability
for _, vuln := range uniqVulns {
vulns = append(vulns, vuln)
}
}
}
sort.Slice(vulns, func(i, j int) bool {
return vulns[i].VulnerabilityID < vulns[j].VulnerabilityID
})
return vulns, nil
}
@@ -156,9 +212,9 @@ func (s *Scanner) IsSupportedVersion(osFamily, osVer string) bool {
return s.clock.Now().Before(eolDate)
}
func (s *Scanner) isFromSupportedVendor(pkg ftypes.Package) bool {
for _, s := range excludedVendorsSuffix {
if strings.HasSuffix(pkg.Release, s) {
func isFromSupportedVendor(pkg ftypes.Package) bool {
for _, suffix := range excludedVendorsSuffix {
if strings.HasSuffix(pkg.Release, suffix) {
return false
}
}

190
pkg/detector/ospkg/redhat/redhat_test.go
View File

@@ -1,23 +1,28 @@
package redhat_test
import (
"sort"
"os"
"testing"
"time"
"github.com/aquasecurity/trivy-db/pkg/db"
"github.com/aquasecurity/trivy/pkg/dbtest"
"github.com/aquasecurity/trivy/pkg/detector/ospkg/redhat"
"github.com/stretchr/testify/require"
fake "k8s.io/utils/clock/testing"
ftypes "github.com/aquasecurity/fanal/types"
dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/dbtest"
"github.com/aquasecurity/trivy/pkg/detector/ospkg/redhat"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/types"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestMain(m *testing.M) {
log.InitLogger(false, false)
os.Exit(m.Run())
}
func TestScanner_Detect(t *testing.T) {
type args struct {
osVer string
@@ -28,11 +33,14 @@ func TestScanner_Detect(t *testing.T) {
fixtures []string
args args
want []types.DetectedVulnerability
wantErr string
wantErr bool
}{
{
name: "happy path: src pkg name is different from bin pkg name",
fixtures: []string{"testdata/fixtures/redhat.yaml"},
name: "happy path",
fixtures: []string{
"testdata/fixtures/redhat.yaml",
"testdata/fixtures/cpe.yaml",
},
args: args{
osVer: "7.6",
pkgs: []ftypes.Package{
@@ -49,6 +57,9 @@ func TestScanner_Detect(t *testing.T) {
Layer: ftypes.Layer{
DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
},
BuildInfo: &ftypes.BuildInfo{
ContentSets: []string{"rhel-7-server-rpms"},
},
},
},
},
@@ -57,23 +68,24 @@ func TestScanner_Detect(t *testing.T) {
VulnerabilityID: "CVE-2017-5953",
PkgName: "vim-minimal",
InstalledVersion: "2:7.4.160-5.el7",
Layer: ftypes.Layer{
DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
SeveritySource: vulnerability.RedHat,
Vulnerability: dbTypes.Vulnerability{
Severity: dbTypes.SeverityLow.String(),
},
},
{
VulnerabilityID: "CVE-2017-6350",
PkgName: "vim-minimal",
InstalledVersion: "2:7.4.160-5.el7",
Layer: ftypes.Layer{
DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
},
},
{
VulnerabilityID: "CVE-2019-12735",
VendorIDs: []string{"RHSA-2019:1619"},
PkgName: "vim-minimal",
InstalledVersion: "2:7.4.160-5.el7",
FixedVersion: "2:7.4.160-6.el7_6",
SeveritySource: vulnerability.RedHat,
Vulnerability: dbTypes.Vulnerability{
Severity: dbTypes.SeverityHigh.String(),
},
Layer: ftypes.Layer{
DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
},
@@ -81,10 +93,13 @@ func TestScanner_Detect(t *testing.T) {
},
},
{
name: "happy path: src pkg name is the same as bin pkg name",
fixtures: []string{"testdata/fixtures/redhat.yaml"},
name: "happy path: multiple RHSA-IDs",
fixtures: []string{
"testdata/fixtures/redhat.yaml",
"testdata/fixtures/cpe.yaml",
},
args: args{
osVer: "7.3",
osVer: "7.5",
pkgs: []ftypes.Package{
{
Name: "nss",
@@ -96,57 +111,117 @@ func TestScanner_Detect(t *testing.T) {
SrcVersion: "3.36.0",
SrcRelease: "7.4.160",
SrcEpoch: 0,
Layer: ftypes.Layer{
DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
},
BuildInfo: &ftypes.BuildInfo{
ContentSets: []string{"rhel-7-server-rpms"},
},
},
},
},
want: []types.DetectedVulnerability{
{
VulnerabilityID: "CVE-2015-2808",
VulnerabilityID: "CVE-2019-17007",
VendorIDs: []string{"RHSA-2021:0876"},
PkgName: "nss",
InstalledVersion: "3.36.0-7.1.el7_6",
FixedVersion: "3.36.0-9.el7_6",
SeveritySource: vulnerability.RedHat,
Vulnerability: dbTypes.Vulnerability{
Severity: dbTypes.SeverityMedium.String(),
},
Layer: ftypes.Layer{
DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
},
},
{
VulnerabilityID: "CVE-2016-2183",
VulnerabilityID: "CVE-2020-12403",
VendorIDs: []string{"RHSA-2021:0538", "RHSA-2021:0876"},
PkgName: "nss",
InstalledVersion: "3.36.0-7.1.el7_6",
FixedVersion: "3.53.1-17.el7_3",
SeveritySource: vulnerability.RedHat,
Vulnerability: dbTypes.Vulnerability{
Severity: dbTypes.SeverityHigh.String(),
},
Layer: ftypes.Layer{
DiffID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
},
{
VulnerabilityID: "CVE-2018-12404",
PkgName: "nss",
InstalledVersion: "3.36.0-7.1.el7_6",
FixedVersion: "3.44.0-4.el7",
},
},
},
{
name: "happy path: modular packages",
fixtures: []string{"testdata/fixtures/redhat.yaml"},
name: "no build info",
fixtures: []string{
"testdata/fixtures/redhat.yaml",
"testdata/fixtures/cpe.yaml",
},
args: args{
osVer: "8.3",
pkgs: []ftypes.Package{
{
Name: "vim-minimal",
Version: "7.4.160",
Release: "5.el8",
Epoch: 2,
Arch: "x86_64",
},
},
},
want: []types.DetectedVulnerability{
{
VulnerabilityID: "CVE-2019-12735",
VendorIDs: []string{"RHSA-2019:1619"},
PkgName: "vim-minimal",
InstalledVersion: "2:7.4.160-5.el8",
FixedVersion: "2:7.4.160-7.el8_7",
SeveritySource: vulnerability.RedHat,
Vulnerability: dbTypes.Vulnerability{
Severity: dbTypes.SeverityMedium.String(),
},
},
},
},
{
name: "modular packages",
fixtures: []string{
"testdata/fixtures/redhat.yaml",
"testdata/fixtures/cpe.yaml",
},
args: args{
osVer: "8.3",
pkgs: []ftypes.Package{
{
Name: "php",
Version: "7.2.24",
Version: "7.2.10",
Release: "1.module_el8.2.0+313+b04d0a66",
Arch: "x86_64",
Epoch: 0,
SrcName: "php",
SrcVersion: "7.2.24",
SrcVersion: "7.2.10",
SrcRelease: "1.module_el8.2.0+313+b04d0a66",
SrcEpoch: 0,
Modularitylabel: "php:7.2:8020020200507003613:2c7ca891",
Layer: ftypes.Layer{
DiffID: "sha256:3e968ecc016e1b9aa19023798229bf2d25c813d1bf092533f38b056aff820524",
},
BuildInfo: &ftypes.BuildInfo{
Nvr: "ubi8-init-container-8.0-7",
Arch: "x86_64",
},
},
},
},
want: []types.DetectedVulnerability{
{
VulnerabilityID: "CVE-2019-11043",
VendorIDs: []string{"RHSA-2020:0322"},
PkgName: "php",
InstalledVersion: "7.2.24-1.module_el8.2.0+313+b04d0a66",
FixedVersion: "7.3.5-5.module+el8.1.0+4560+e0eee7d6",
InstalledVersion: "7.2.10-1.module_el8.2.0+313+b04d0a66",
FixedVersion: "7.2.11-1.1.module+el8.0.0+4664+17bd8d65",
SeveritySource: vulnerability.RedHat,
Vulnerability: dbTypes.Vulnerability{
Severity: dbTypes.SeverityCritical.String(),
},
Layer: ftypes.Layer{
DiffID: "sha256:3e968ecc016e1b9aa19023798229bf2d25c813d1bf092533f38b056aff820524",
},
@@ -154,8 +229,7 @@ func TestScanner_Detect(t *testing.T) {
},
},
{
name: "happy path: packages from remi repository are skipped",
fixtures: []string{"testdata/fixtures/redhat.yaml"},
name: "packages from remi repository are skipped",
args: args{
osVer: "7.6",
pkgs: []ftypes.Package{
@@ -164,13 +238,8 @@ func TestScanner_Detect(t *testing.T) {
Version: "7.3.23",
Release: "1.el7.remi",
Arch: "x86_64",
Epoch: 0,
SrcName: "php",
SrcVersion: "7.3.23",
SrcRelease: "1.el7.remi",
SrcEpoch: 0,
Layer: ftypes.Layer{
DiffID: "sha256:c27b3cf4d516baf5932d5df3a573c6a571ddace3ee2a577492292d2e849c112b",
BuildInfo: &ftypes.BuildInfo{
ContentSets: []string{"rhel-7-server-rpms"},
},
},
},
@@ -178,38 +247,35 @@ func TestScanner_Detect(t *testing.T) {
want: []types.DetectedVulnerability(nil),
},
{
name: "invalid bucket",
fixtures: []string{"testdata/fixtures/invalid.yaml"},
name: "broken value",
fixtures: []string{
"testdata/fixtures/invalid-type.yaml",
"testdata/fixtures/cpe.yaml",
},
args: args{
osVer: "6",
osVer: "7",
pkgs: []ftypes.Package{
{
Name: "jq",
Name: "nss",
Version: "3.36.0",
SrcName: "jq",
SrcVersion: "3.36.0",
Release: "7.1.el7_6",
Arch: "x86_64",
BuildInfo: &ftypes.BuildInfo{
ContentSets: []string{"rhel-7-server-rpms"},
},
},
},
wantErr: "failed to get Red Hat advisories",
},
wantErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
_ = dbtest.InitDB(t, tt.fixtures)
defer db.Close()
dbtest.InitDB(t, tt.fixtures)
s := redhat.NewScanner()
got, err := s.Detect(tt.args.osVer, tt.args.pkgs)
if tt.wantErr != "" {
require.Error(t, err)
assert.Contains(t, err.Error(), tt.wantErr)
return
}
sort.Slice(got, func(i, j int) bool {
return got[i].VulnerabilityID < got[j].VulnerabilityID
})
assert.NoError(t, err)
require.Equal(t, tt.wantErr, err != nil, err)
assert.Equal(t, tt.want, got)
})
}

32
pkg/detector/ospkg/redhat/testdata/fixtures/cpe.yaml vendored Normal file
View File

@@ -0,0 +1,32 @@
- bucket: Red Hat CPE
pairs:
- bucket: repository
pairs:
- key: "rhel-8-for-x86_64-baseos-rpms"
value:
- 2
- 4
- key: "3scale-amp-2-rpms-for-rhel-8-x86_64-debug-rpms"
value:
- 4
- key: "rhel-7-server-rpms"
value:
- 0
- bucket: nvr
pairs:
- key: "ubi8-init-container-8.0-7-x86_64"
value:
- 2
- 3
- bucket: cpe
pairs:
- key: "0"
value: "cpe:/o:redhat:enterprise_linux:7::server"
- key: "1"
value: "cpe:/o:redhat:enterprise_linux:7::client"
- key: "2"
value: "cpe:/a:redhat:enterprise_linux:8"
- key: "3"
value: "cpe:/a:redhat:enterprise_linux:8::appstream"
- key: "4"
value: "cpe:/o:redhat:enterprise_linux:8::baseos"

7
pkg/detector/ospkg/redhat/testdata/fixtures/invalid-type.yaml vendored Normal file
View File

@@ -0,0 +1,7 @@
- bucket: Red Hat
pairs:
- bucket: nss
pairs:
- key: RHSA-2021:0538
value:
Entries: broken

93
pkg/detector/ospkg/redhat/testdata/fixtures/redhat.yaml vendored
View File

@@ -1,38 +1,77 @@
- bucket: Red Hat Enterprise Linux 7
- bucket: Red Hat
pairs:
- bucket: php
pairs:
- key: CVE-2011-4718
value:
FixedVersion: ""
- bucket: vim
pairs:
- key: CVE-2017-5953
value:
FixedVersion: ""
- key: CVE-2017-6350
value:
FixedVersion: ""
- bucket: vim-minimal
pairs:
- key: CVE-2019-12735
- key: RHSA-2019:1619
value:
FixedVersion: "2:7.4.160-6.el7_6"
Entries:
- FixedVersion: 2:7.4.160-6.el7_6
Affected:
- 0
- 1
Cves:
- ID: CVE-2019-12735
Severity: 3
- FixedVersion: 2:7.4.160-7.el8_7
Affected:
- 2
- 3
Cves:
- ID: CVE-2019-12735
Severity: 2
- key: CVE-2017-5953
value:
Entries:
- FixedVersion: ""
Affected:
- 0
- 1
Cves:
- Severity: 1
- bucket: nss
pairs:
- key: CVE-2015-2808
- key: RHSA-2021:0538
value:
FixedVersion: ""
- key: CVE-2016-2183
Entries:
- FixedVersion: 0:3.53.1-17.el7_3
Affected:
- 0
- 1
Cves:
- ID: CVE-2020-12403
Severity: 3
- key: RHSA-2021:0876
value:
FixedVersion: ""
- key: CVE-2018-12404
value:
FixedVersion: "3.44.0-4.el7"
- bucket: Red Hat Enterprise Linux 8
pairs:
Entries:
- FixedVersion: 0:3.36.0-9.el7_6
Affected:
- 0
- 1
Cves:
- ID: CVE-2019-17007
Severity: 2
- ID: CVE-2020-12403
Severity: 3
- bucket: "php:7.2::php"
pairs:
- key: CVE-2019-11043
- key: RHSA-2020:0322
value:
FixedVersion: "7.3.5-5.module+el8.1.0+4560+e0eee7d6"
Entries:
- FixedVersion: "0:7.2.11-1.1.module+el8.0.0+4664+17bd8d65"
Affected:
- 2
- 3
Cves:
- ID: CVE-2019-11043
Severity: 4
- bucket: php
pairs:
- key: CVE-2006-4023
value:
Entries:
- FixedVersion: """
Affected:
- 0
- 1
Cves:
- Severity: 1

5
pkg/scanner/local/scan.go
View File

@@ -11,9 +11,7 @@ import (
"golang.org/x/xerrors"
"github.com/aquasecurity/fanal/analyzer"
_ "github.com/aquasecurity/fanal/analyzer/all"
"github.com/aquasecurity/fanal/applier"
_ "github.com/aquasecurity/fanal/hook/all"
ftypes "github.com/aquasecurity/fanal/types"
dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
"github.com/aquasecurity/trivy/pkg/detector/library"
@@ -22,6 +20,9 @@ import (
"github.com/aquasecurity/trivy/pkg/report"
"github.com/aquasecurity/trivy/pkg/types"
"github.com/aquasecurity/trivy/pkg/utils"
_ "github.com/aquasecurity/fanal/analyzer/all"
_ "github.com/aquasecurity/fanal/hook/all"
)
var (