diff --git a/docs/vulnerability/detection/language.md b/docs/vulnerability/detection/language.md index d0745b9063..27504627c7 100644 --- a/docs/vulnerability/detection/language.md +++ b/docs/vulnerability/detection/language.md @@ -2,23 +2,32 @@ `Trivy` automatically detects the following files in the container and scans vulnerabilities in the application dependencies. -| Language | File | Dev dependencies | -| ---------| ------------------------------------------------| -----------------| -| Ruby | Gemfile.lock | included | -| Python | Pipfile.lock | excluded | -| | poetry.lock | included | -| PHP | composer.lock | excluded | -| Node.js | package-lock.json | excluded | -| | yarn.lock | included | -| .NET | packages.lock.json | included | -| Java | JAR/WAR/EAR (`*.jar`, `*.war`, and `*.ear`)[^1] | included | -| Go | Binaries built by Go[^2] | excluded | -| | go.sum | included | +| Language | File | Image[^6] | Filesystem[^7] | Repository[^8] |Dev dependencies | +|---------|-------------------------|:---------:|:--------------:|:---------------:|-----------------| +| Ruby | Gemfile.lock | ✅ | ✅ | ✅ | included | +| Python | Pipfile.lock | - | ✅ | ✅ |excluded | +| | poetry.lock | - | ✅ | ✅ | included | +| | requirements.txt | - | ✅ | ✅ | included | +| | egg package[^1] | ✅ | ✅ | - | excluded | +| | wheel package[^2] | ✅ | ✅ | - | excluded | +| PHP | composer.lock | ✅ | ✅ | ✅ | excluded | +| Node.js | package-lock.json | ✅ | ✅ | ✅ | excluded | +| | yarn.lock | ✅ | ✅ | ✅ | ncluded | +| .NET | packages.lock.json | ✅ | ✅ | ✅ | included | +| Java | JAR/WAR/EAR[^3][^4] | ✅ | ✅ | ✅ | included | +| Go | Binaries built by Go[^5] | ✅ | ✅ | - | excluded | +| | go.sum | - | ✅ | ✅ | included | The path of these files does not matter. Example: [Dockerfile](https://github.com/aquasecurity/trivy-ci-test/blob/main/Dockerfile) -[^1]: It requires the Internet access -[^2]: UPX-compressed binaries don't work +[^1]: `*.egg-info`, `*.egg-info/PKG-INFO`, `*.egg` and `EGG-INFO/PKG-INFO` +[^2]: `.dist-info/META-DATA` +[^3]: `*.jar`, `*.war`, and `*.ear` +[^4]: It requires the Internet access +[^5]: UPX-compressed binaries don't work +[^6]: ✅ means "enabled" and `-` means "disabled" in the image scanning +[^7]: ✅ means "enabled" and `-` means "disabled" in the filesystem scanning +[^8]: ✅ means "enabled" and `-` means "disabled" in the git repository scanning diff --git a/go.mod b/go.mod index 0190a881c0..6ba23b15ff 100644 --- a/go.mod +++ b/go.mod @@ -7,8 +7,8 @@ require ( github.com/Masterminds/sprig v2.22.0+incompatible github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 - github.com/aquasecurity/fanal v0.0.0-20210815095355-42429a80d0e3 - github.com/aquasecurity/go-dep-parser v0.0.0-20210815080135-5be65146849a + github.com/aquasecurity/fanal v0.0.0-20210913141820-41bee177765e + github.com/aquasecurity/go-dep-parser v0.0.0-20210905090655-b95c2c079bbb github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46 @@ -37,7 +37,7 @@ require ( github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08 github.com/mitchellh/copystructure v1.1.1 // indirect github.com/olekukonko/tablewriter v0.0.5 - github.com/open-policy-agent/opa v0.31.0 + github.com/open-policy-agent/opa v0.32.0 github.com/smartystreets/assertions v1.2.0 // indirect github.com/spf13/afero v1.6.0 github.com/stretchr/objx v0.3.0 // indirect @@ -45,10 +45,10 @@ require ( github.com/testcontainers/testcontainers-go v0.11.1 github.com/twitchtv/twirp v8.1.0+incompatible github.com/urfave/cli/v2 v2.3.0 - go.uber.org/zap v1.17.0 + go.uber.org/zap v1.19.0 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 - google.golang.org/protobuf v1.26.0 + google.golang.org/protobuf v1.27.1 gopkg.in/go-playground/validator.v9 v9.31.0 // indirect gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b k8s.io/utils v0.0.0-20201110183641-67b214c5f920 diff --git a/go.sum b/go.sum index d6300f985c..cd3fbded19 100644 --- a/go.sum +++ b/go.sum @@ -106,8 +106,9 @@ github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6L github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= -github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/toml v0.4.1 h1:GaI7EiDXDRfa8VshkTj7Fym7ha+y8/XxIgD2okUIjLw= +github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/Djarvur/go-err113 v0.0.0-20200410182137-af658d038157/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs= github.com/Djarvur/go-err113 v0.1.0/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs= @@ -179,8 +180,8 @@ github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk5 github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0= github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a h1:HbKu58rmZpUGpz5+4FfNmIU+FmZg2P3Xaj2v2bfNWmk= github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a/go.mod h1:SGnFV6hVsYE877CKEZ6tDNTjaSXYUk6QqoIK6PrAtcc= -github.com/alicebob/miniredis/v2 v2.14.1 h1:GjlbSeoJ24bzdLRs13HoMEeaRZx9kg5nHoRW7QV/nCs= -github.com/alicebob/miniredis/v2 v2.14.1/go.mod h1:uS970Sw5Gs9/iK3yBg0l9Uj9s25wXxSpQUE9EaJ/Blg= +github.com/alicebob/miniredis/v2 v2.15.1 h1:Fw+ixAJPmKhCLBqDwHlTDqxUxp0xjEwXczEpt1B6r7k= +github.com/alicebob/miniredis/v2 v2.15.1/go.mod h1:gquAfGbzn92jvtrSC69+6zZnwSODVXVpYDRaGhWaL6I= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= @@ -200,10 +201,10 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30xLN2sUZcMXl50hg+PJCIDdJgIvIbVcKqLJ/ZrtM= github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8= -github.com/aquasecurity/fanal v0.0.0-20210815095355-42429a80d0e3 h1:Sj8uyDi6omG+446AKWnvgwx42YJmWzU/sGKo/zVU0+0= -github.com/aquasecurity/fanal v0.0.0-20210815095355-42429a80d0e3/go.mod h1:vGz4YGHmtS8CoSxqPVfnxpmXVEMZhPIqAhpSK6M+y/0= -github.com/aquasecurity/go-dep-parser v0.0.0-20210815080135-5be65146849a h1:ZxIH5tanyQJCwNYzhPaq2E6REMssqKVvjQotf2eyglk= -github.com/aquasecurity/go-dep-parser v0.0.0-20210815080135-5be65146849a/go.mod h1:Cv/FOCXy6gwvDbz/KX48+y//SmbnKroFwW5hquXn5G4= +github.com/aquasecurity/fanal v0.0.0-20210913141820-41bee177765e h1:ozWHRu3zoRu0CEtbiam72oHV44Znn634myebzwW+E60= +github.com/aquasecurity/fanal v0.0.0-20210913141820-41bee177765e/go.mod h1:zm7pgAfSLjYHDMBz/wrEusyYmkeio38pMjIW+OIdvZw= +github.com/aquasecurity/go-dep-parser v0.0.0-20210905090655-b95c2c079bbb h1:RYx2+0fUc/3nR4SywvLAs+Sm3dtLhpBw2IeBE8+w1Po= +github.com/aquasecurity/go-dep-parser v0.0.0-20210905090655-b95c2c079bbb/go.mod h1:Zc7Eo6tFl9l4XcqsWeabD7jHnXRBK/LdgZuu9GTSVLU= github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM= github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce/go.mod h1:HXgVzOPvXhVGLJs4ZKO817idqr/xhwsTcj17CLYY74s= github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 h1:eveqE9ivrt30CJ7dOajOfBavhZ4zPqHcZe/4tKp0alc= @@ -240,9 +241,11 @@ github.com/aws/aws-sdk-go v1.20.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN github.com/aws/aws-sdk-go v1.25.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.27.1/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.31.6/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.40.22 h1:iit4tJ1hjL2GlNCrbE4aJza6jTmvEE2pDTnShct/yyY= -github.com/aws/aws-sdk-go v1.40.22/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= +github.com/aws/aws-sdk-go v1.40.37 h1:I+Q6cLctkFyMMrKukcDnj+i2kjrQ37LGiOM6xmsxC48= +github.com/aws/aws-sdk-go v1.40.37/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I= +github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= +github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= @@ -272,8 +275,8 @@ github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8= github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50= github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= -github.com/bytecodealliance/wasmtime-go v0.28.0 h1:JTWP482wkmR79O9T0JiIAllPqmNW5oP0v56v/FwCpaQ= -github.com/bytecodealliance/wasmtime-go v0.28.0/go.mod h1:q320gUxqyI8yB+ZqRuaJOEnGkAnHh6WtJjMaT2CW4wI= +github.com/bytecodealliance/wasmtime-go v0.29.0 h1:NEME96y0YKAUjOkTw5/2w1OZ9TLy9FJ+Q7SWW4L/X0o= +github.com/bytecodealliance/wasmtime-go v0.29.0/go.mod h1:q320gUxqyI8yB+ZqRuaJOEnGkAnHh6WtJjMaT2CW4wI= github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= github.com/caarlos0/env/v6 v6.0.0 h1:NZt6FAoB8ieKO5lEwRdwCzYxWFx7ZYF2R7UcoyaWtyc= github.com/caarlos0/env/v6 v6.0.0/go.mod h1:+wdyOmtjoZIW2GJOc2OYa5NoOFuWD/bIpWqm30NgtRk= @@ -285,8 +288,9 @@ github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= -github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= +github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw= github.com/cheggaaa/pb v1.0.27 h1:wIkZHkNfC7R6GI5w7l/PdAdzXzlrbcI3p8OAlnkTsnc= github.com/cheggaaa/pb v1.0.27/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s= @@ -434,12 +438,17 @@ github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/deckarep/golang-set v1.7.1 h1:SCQV0S6gTtp6itiFrTqI+pfmJ4LN85S1YzhDf9rTHJQ= github.com/deckarep/golang-set v1.7.1/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ= github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY= +github.com/dgraph-io/badger/v3 v3.2103.1 h1:zaX53IRg7ycxVlkd5pYdCeFp1FynD6qBGQoQql3R3Hk= +github.com/dgraph-io/badger/v3 v3.2103.1/go.mod h1:dULbq6ehJ5K0cGW/1TQ9iSfUk0gbSiToDWmWmTsJ53E= +github.com/dgraph-io/ristretto v0.1.0 h1:Jv3CGQHp9OjuMBSne1485aDpUkTKEcUqF+jm/LuerPI= +github.com/dgraph-io/ristretto v0.1.0/go.mod h1:fux0lOrBhrVCJd3lcTHsIJhq1T2rokOu6v9Vcb3Q9ug= github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= +github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= @@ -480,6 +489,7 @@ github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNE github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= +github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= @@ -625,6 +635,8 @@ github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzq github.com/golang-jwt/jwt/v4 v4.0.0 h1:RAqyYixv1p7uEnocuy8P1nru5wprCh/MH2BIlW5z5/o= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ= +github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -662,8 +674,9 @@ github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.3 h1:fHPg5GQYlCeLIPB9BZqMVR5nR9A+IM5zcgeTdjMYmLA= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= +github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4= github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a/go.mod h1:ryS0uhF+x9jgbj/N71xsEqODy9BN81/GonCZiOzirOk= github.com/golangci/errcheck v0.0.0-20181223084120-ef45e06d44b6/go.mod h1:DbHgvLiFKX1Sh2T1w8Q/h4NAI8MHIpzCdnBUDTXU3I0= @@ -687,6 +700,9 @@ github.com/google/btree v0.0.0-20180124185431-e89373fe6b4a/go.mod h1:lNA+9X1NB3Z github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/crfs v0.0.0-20191108021818-71d77da419c9/go.mod h1:etGhoOqfwPkooV6aqoX3eBGQOJblqdoc9XvWOeuxpPw= +github.com/google/flatbuffers v1.12.0/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= +github.com/google/flatbuffers v1.12.1 h1:MVlul7pQNoDzWRLTw5imwYsl+usrS1TXG2H4jg6ImGw= +github.com/google/flatbuffers v1.12.1/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -817,8 +833,8 @@ github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+l github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-retryablehttp v0.6.4/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= -github.com/hashicorp/go-retryablehttp v0.6.8 h1:92lWxgpa+fF3FozM4B3UZtHZMJX8T5XT+TFdCxsPyWs= -github.com/hashicorp/go-retryablehttp v0.6.8/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= +github.com/hashicorp/go-retryablehttp v0.7.0 h1:eu1EI/mbirUgP5C8hVsTNaGZreBDlYiwC1FZWkvQPQ4= +github.com/hashicorp/go-retryablehttp v0.7.0/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhEyExpmo= github.com/hashicorp/go-safetemp v1.0.0/go.mod h1:oaerMy3BhqiTbVye6QuFhFtIceqFoDHxNAB65b+Rj1I= @@ -913,8 +929,9 @@ github.com/klauspost/compress v1.11.2/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYs github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= -github.com/klauspost/compress v1.13.0 h1:2T7tUoQrQT+fQWdaY5rjWztFGAFwbGD04iPJg90ZiOs= github.com/klauspost/compress v1.13.0/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= +github.com/klauspost/compress v1.13.5 h1:9O69jUPDcsT9fEm74W92rZL9FQY7rCdaXVneq+yyzl4= +github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f h1:GvCU5GXhHq+7LeOzx/haG7HSIZokl3/0GkoUFzsRJjg= @@ -923,8 +940,8 @@ github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d h1:X4cedH4 github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d/go.mod h1:o8sgWoz3JADecfc/cTYD92/Et1yMqMy0utV1z+VaZao= github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936 h1:HDjRqotkViMNcGMGicb7cgxklx8OwnjtCBmyWEqrRvM= github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936/go.mod h1:i4sF0l1fFnY1aiw08QQSwVAFxHEm311Me3WsU/X7nL0= -github.com/knqyf263/go-rpmdb v0.0.0-20201215100354-a9e3110d8ee1 h1:sRDvjjWoHLWAxtPXBKYRJp8Ot4ugxYE/ZyADl3jzc1g= -github.com/knqyf263/go-rpmdb v0.0.0-20201215100354-a9e3110d8ee1/go.mod h1:RDPNeIkU5NWXtt0OMEoILyxwUC/DyXeRtK295wpqSi0= +github.com/knqyf263/go-rpmdb v0.0.0-20210911072402-73bd0ce46c49 h1:QazJZdFn/ApQh8OHepQiCKXGZ0QE08Bu8BnS10aHgvE= +github.com/knqyf263/go-rpmdb v0.0.0-20210911072402-73bd0ce46c49/go.mod h1:RDPNeIkU5NWXtt0OMEoILyxwUC/DyXeRtK295wpqSi0= github.com/knqyf263/nested v0.0.1 h1:Sv26CegUMhjt19zqbBKntjwESdxe5hxVPSk0+AKjdUc= github.com/knqyf263/nested v0.0.1/go.mod h1:zwhsIhMkBg90DTOJQvxPkKIypEHPYkgWHs4gybdlUmk= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -1100,8 +1117,8 @@ github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDs github.com/onsi/gomega v1.15.0 h1:WjP/FQ/sk43MRmnEcT+MlDw2TFvkrXlprrPST/IudjU= github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= -github.com/open-policy-agent/opa v0.31.0 h1:sVxgdUZz426hpPfeIP+XGIwy8yfVkETerRojY3nQTc4= -github.com/open-policy-agent/opa v0.31.0/go.mod h1:aeLYiWaZe9ikcX67qLzmtRTOxj7psNYh6YGTbTW6V+s= +github.com/open-policy-agent/opa v0.32.0 h1:AwGxE6FqZ3jJ8udsiU+7YszncmiCnJhPwi/uJUVqVSs= +github.com/open-policy-agent/opa v0.32.0/go.mod h1:5sJdtc+1/U8zy/j30njpQl6u9rM4MzTOhG9EW1uOmsY= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= @@ -1274,6 +1291,7 @@ github.com/sosedoff/gitkit v0.3.0/go.mod h1:V3EpGZ0nvCBhXerPsbDeqtyReNb48cwP9Ktk github.com/sourcegraph/go-diff v0.5.1/go.mod h1:j2dHj3m8aZgQO8lMTcTnBcXkRRRqi34cd2MNlA9u1mE= github.com/sourcegraph/go-diff v0.5.3/go.mod h1:v9JDtjCE4HHHCZGId75rg8gkKKa98RVjBcBGsVmMmak= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= +github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/afero v1.6.0 h1:xoax2sJ2DT8S8xA2paPFjDCScCNeWsg75VG0DLRreiY= @@ -1399,8 +1417,8 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -github.com/yuin/gopher-lua v0.0.0-20191220021717-ab39c6098bdb h1:ZkM6LRnq40pR1Ox0hTHlnpkcOTuFIDQpZ1IN8rKKhX0= -github.com/yuin/gopher-lua v0.0.0-20191220021717-ab39c6098bdb/go.mod h1:gqRgreBUhTSL0GeU64rtZ3Uq3wtjOa/TB2YfrtkCbVQ= +github.com/yuin/gopher-lua v0.0.0-20200816102855-ee81675732da h1:NimzV1aGyq29m5ukMK0AMWEhFaL/lrEOaephfuoiARg= +github.com/yuin/gopher-lua v0.0.0-20200816102855-ee81675732da/go.mod h1:E1AXubJBdNmFERAOucpDIxNzeGfLzg0mYh+UfMWdChA= github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs= github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA= github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg= @@ -1444,6 +1462,8 @@ go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/automaxprocs v1.4.0/go.mod h1:/mTEdr7LvHhs0v7mjdxDreTz1OG5zdZGqgOnhWiR/+Q= +go.uber.org/goleak v1.1.10 h1:z+mqJhf6ss6BSfSM671tgKyZBFPTTJM+HLxnhPC3wu0= +go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= @@ -1451,8 +1471,9 @@ go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9i go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= -go.uber.org/zap v1.17.0 h1:MTjgFu6ZLKvY6Pvaqk97GlxNBuMpV4Hy/3P6tRGlI2U= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= +go.uber.org/zap v1.19.0 h1:mZQZefskPPCMIBCSEH0v2/iUqqLrYtaeqwD6FUGUnFE= +go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI= golang.org/x/build v0.0.0-20190314133821-5284462c4bec/go.mod h1:atTaCNAy0f16Ah5aV1gMSwgiKVHwu/JncqDpuRr7lS4= @@ -1523,8 +1544,9 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.5.0 h1:UG21uOlmZabA4fW5i7ZX6bjw1xELEGg/ZLgZq9auk/Q= +golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1587,8 +1609,9 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210614182718-04defd469f4e h1:XpT3nA5TvE525Ne3hInMh6+GETgn27Zfm9dxsThnX2Q= golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210825183410-e898025ed96a h1:bRuuGXV8wwSdGTB+CtJf+FjgO1APK1CoO39T4BN/XBw= +golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180724155351-3d292e4d0cdc/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -1727,8 +1750,9 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 h1:RqytpXGR1iVNX7psjB3ff8y7sNFinVFvkx1c8SjBkio= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf h1:2ucpDCmfkl8Bd/FsLtiD653Wf96cW37s+iGx93zsu4k= +golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf h1:MZ2shdL+ZM/XzY3ZGOnh4Nlpnxz5GSOhOmtHo3iPU6M= @@ -1987,8 +2011,9 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ= +google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/integration/client_server_test.go b/integration/client_server_test.go index a027201704..490e56ef61 100644 --- a/integration/client_server_test.go +++ b/integration/client_server_test.go @@ -1,3 +1,4 @@ +//go:build integration // +build integration package integration diff --git a/integration/docker_engine_test.go b/integration/docker_engine_test.go index d0ee57e043..da358d3e78 100644 --- a/integration/docker_engine_test.go +++ b/integration/docker_engine_test.go @@ -1,3 +1,4 @@ +//go:build integration // +build integration package integration diff --git a/integration/fs_test.go b/integration/fs_test.go index 40eb41c14f..58ea5ed808 100644 --- a/integration/fs_test.go +++ b/integration/fs_test.go @@ -1,3 +1,4 @@ +//go:build integration // +build integration package integration diff --git a/integration/integration_test.go b/integration/integration_test.go index d5227a9100..6c31bf1529 100644 --- a/integration/integration_test.go +++ b/integration/integration_test.go @@ -1,3 +1,4 @@ +//go:build integration // +build integration package integration diff --git a/integration/registry_test.go b/integration/registry_test.go index 9174644d7d..99981a6627 100644 --- a/integration/registry_test.go +++ b/integration/registry_test.go @@ -1,3 +1,4 @@ +//go:build integration // +build integration package integration diff --git a/integration/standalone_tar_test.go b/integration/standalone_tar_test.go index 36b14a1d16..3aedee1b88 100644 --- a/integration/standalone_tar_test.go +++ b/integration/standalone_tar_test.go @@ -1,3 +1,4 @@ +//go:build integration // +build integration package integration diff --git a/integration/testdata/fluentd-multiple-lockfiles.json.golden b/integration/testdata/fluentd-multiple-lockfiles.json.golden index 256871439e..cceba16d43 100644 --- a/integration/testdata/fluentd-multiple-lockfiles.json.golden +++ b/integration/testdata/fluentd-multiple-lockfiles.json.golden @@ -196,5 +196,29 @@ "LastModifiedDate": "2020-01-28T06:15:00Z" } ] + }, + { + "Target": "", + "Class": "lang-pkgs", + "Type": "gemspec", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2020-8165", + "PkgName": "activesupport", + "PkgPath": "var/lib/gems/2.5.0/specifications/activesupport-6.0.2.1.gemspec", + "InstalledVersion": "6.0.2.1", + "FixedVersion": "~\u003e 5.2.4.3, \u003e= 6.0.3.1", + "Layer": { + "DiffID": "sha256:75e43d55939745950bc3f8fad56c5834617c4339f0f54755e69a0dd5372624e9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-8165", + "Title": "Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore", + "Description": "There is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when\nuntrusted user input is written to the cache store using the `raw: true` parameter, re-reading the result\nfrom the cache can evaluate the user input as a Marshalled object instead of plain text. Vulnerable code looks like:\n\n```\ndata = cache.fetch(\"demo\", raw: true) { untrusted_string }\n```\n\nVersions Affected: rails \u003c 5.2.5, rails \u003c 6.0.4\nNot affected: Applications not using MemCacheStore or RedisCacheStore. Applications that do not use the `raw` option when storing untrusted user input.\nFixed Versions: rails \u003e= 5.2.4.3, rails \u003e= 6.0.3.1\n\nImpact\n------\n\nUnmarshalling of untrusted user input can have impact up to and including RCE. At a minimum,\nthis vulnerability allows an attacker to inject untrusted Ruby objects into a web application.\n\nIn addition to upgrading to the latest versions of Rails, developers should ensure that whenever\nthey are calling `Rails.cache.fetch` they are using consistent values of the `raw` parameter for both\nreading and writing, especially in the case of the RedisCacheStore which does not, prior to these changes,\ndetect if data was serialized using the raw option upon deserialization.\n\nWorkarounds\n-----------\n\nIt is recommended that application developers apply the suggested patch or upgrade to the latest release as\nsoon as possible. If this is not possible, we recommend ensuring that all user-provided strings cached using\nthe `raw` argument should be double-checked to ensure that they conform to the expected format.\n", + "Severity": "UNKNOWN", + "References": [ + "https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c" + ] + } + ] } ] \ No newline at end of file diff --git a/pkg/commands/artifact/fs.go b/pkg/commands/artifact/fs.go index b039e45098..90cacbd17d 100644 --- a/pkg/commands/artifact/fs.go +++ b/pkg/commands/artifact/fs.go @@ -10,12 +10,13 @@ import ( "github.com/aquasecurity/fanal/analyzer" "github.com/aquasecurity/fanal/analyzer/config" "github.com/aquasecurity/fanal/cache" + "github.com/aquasecurity/fanal/hook" "github.com/aquasecurity/trivy/pkg/scanner" ) func filesystemScanner(ctx context.Context, dir string, ac cache.ArtifactCache, lac cache.LocalArtifactCache, - _ time.Duration, disabled []analyzer.Type, opt config.ScannerOption) (scanner.Scanner, func(), error) { - s, cleanup, err := initializeFilesystemScanner(ctx, dir, ac, lac, disabled, opt) + _ time.Duration, disabled []analyzer.Type, disabledHooks []hook.Type, opt config.ScannerOption) (scanner.Scanner, func(), error) { + s, cleanup, err := initializeFilesystemScanner(ctx, dir, ac, lac, disabled, disabledHooks, opt) if err != nil { return scanner.Scanner{}, func() {}, xerrors.Errorf("unable to initialize a filesystem scanner: %w", err) } diff --git a/pkg/commands/artifact/image.go b/pkg/commands/artifact/image.go index 660b1df9a8..ae817e132e 100644 --- a/pkg/commands/artifact/image.go +++ b/pkg/commands/artifact/image.go @@ -10,12 +10,13 @@ import ( "github.com/aquasecurity/fanal/analyzer" "github.com/aquasecurity/fanal/analyzer/config" "github.com/aquasecurity/fanal/cache" + "github.com/aquasecurity/fanal/hook" "github.com/aquasecurity/trivy/pkg/scanner" ) func archiveScanner(ctx context.Context, input string, ac cache.ArtifactCache, lac cache.LocalArtifactCache, - timeout time.Duration, disabled []analyzer.Type, opt config.ScannerOption) (scanner.Scanner, func(), error) { - s, err := initializeArchiveScanner(ctx, input, ac, lac, timeout, disabled, opt) + timeout time.Duration, disabled []analyzer.Type, disabledhook []hook.Type, opt config.ScannerOption) (scanner.Scanner, func(), error) { + s, err := initializeArchiveScanner(ctx, input, ac, lac, timeout, disabled, disabledhook, opt) if err != nil { return scanner.Scanner{}, func() {}, xerrors.Errorf("unable to initialize the archive scanner: %w", err) } @@ -23,8 +24,8 @@ func archiveScanner(ctx context.Context, input string, ac cache.ArtifactCache, l } func dockerScanner(ctx context.Context, imageName string, ac cache.ArtifactCache, lac cache.LocalArtifactCache, - timeout time.Duration, disabled []analyzer.Type, opt config.ScannerOption) (scanner.Scanner, func(), error) { - s, cleanup, err := initializeDockerScanner(ctx, imageName, ac, lac, timeout, disabled, opt) + timeout time.Duration, disabled []analyzer.Type, disabledhook []hook.Type, opt config.ScannerOption) (scanner.Scanner, func(), error) { + s, cleanup, err := initializeDockerScanner(ctx, imageName, ac, lac, timeout, disabled, disabledhook, opt) if err != nil { return scanner.Scanner{}, func() {}, xerrors.Errorf("unable to initialize a docker scanner: %w", err) } diff --git a/pkg/commands/artifact/inject.go b/pkg/commands/artifact/inject.go index dd2fd4c1e3..3ecda2cac1 100644 --- a/pkg/commands/artifact/inject.go +++ b/pkg/commands/artifact/inject.go @@ -11,34 +11,35 @@ import ( "github.com/aquasecurity/fanal/analyzer" "github.com/aquasecurity/fanal/analyzer/config" "github.com/aquasecurity/fanal/cache" + "github.com/aquasecurity/fanal/hook" "github.com/aquasecurity/trivy/pkg/result" "github.com/aquasecurity/trivy/pkg/scanner" ) func initializeDockerScanner(ctx context.Context, imageName string, artifactCache cache.ArtifactCache, localArtifactCache cache.LocalArtifactCache, timeout time.Duration, disableAnalyzers []analyzer.Type, - configScannerOption config.ScannerOption) (scanner.Scanner, func(), error) { + disabledHooks []hook.Type, configScannerOption config.ScannerOption) (scanner.Scanner, func(), error) { wire.Build(scanner.StandaloneDockerSet) return scanner.Scanner{}, nil, nil } func initializeArchiveScanner(ctx context.Context, filePath string, artifactCache cache.ArtifactCache, localArtifactCache cache.LocalArtifactCache, timeout time.Duration, disableAnalyzers []analyzer.Type, - configScannerOption config.ScannerOption) (scanner.Scanner, error) { + disabledHooks []hook.Type, configScannerOption config.ScannerOption) (scanner.Scanner, error) { wire.Build(scanner.StandaloneArchiveSet) return scanner.Scanner{}, nil } func initializeFilesystemScanner(ctx context.Context, dir string, artifactCache cache.ArtifactCache, - localArtifactCache cache.LocalArtifactCache, disableAnalyzers []analyzer.Type, configScannerOption config.ScannerOption) ( - scanner.Scanner, func(), error) { + localArtifactCache cache.LocalArtifactCache, disableAnalyzers []analyzer.Type, disabledHooks []hook.Type, + configScannerOption config.ScannerOption) (scanner.Scanner, func(), error) { wire.Build(scanner.StandaloneFilesystemSet) return scanner.Scanner{}, nil, nil } func initializeRepositoryScanner(ctx context.Context, url string, artifactCache cache.ArtifactCache, - localArtifactCache cache.LocalArtifactCache, disableAnalyzers []analyzer.Type, configScannerOption config.ScannerOption) ( - scanner.Scanner, func(), error) { + localArtifactCache cache.LocalArtifactCache, disableAnalyzers []analyzer.Type, disabledHooks []hook.Type, + configScannerOption config.ScannerOption) (scanner.Scanner, func(), error) { wire.Build(scanner.StandaloneRepositorySet) return scanner.Scanner{}, nil, nil } diff --git a/pkg/commands/artifact/repository.go b/pkg/commands/artifact/repository.go index a6f064df7f..342890c8e1 100644 --- a/pkg/commands/artifact/repository.go +++ b/pkg/commands/artifact/repository.go @@ -10,12 +10,13 @@ import ( "github.com/aquasecurity/fanal/analyzer" "github.com/aquasecurity/fanal/analyzer/config" "github.com/aquasecurity/fanal/cache" + "github.com/aquasecurity/fanal/hook" "github.com/aquasecurity/trivy/pkg/scanner" ) func repositoryScanner(ctx context.Context, dir string, ac cache.ArtifactCache, lac cache.LocalArtifactCache, - _ time.Duration, disabled []analyzer.Type, opt config.ScannerOption) (scanner.Scanner, func(), error) { - s, cleanup, err := initializeRepositoryScanner(ctx, dir, ac, lac, disabled, opt) + _ time.Duration, disabled []analyzer.Type, disabledHooks []hook.Type, opt config.ScannerOption) (scanner.Scanner, func(), error) { + s, cleanup, err := initializeRepositoryScanner(ctx, dir, ac, lac, disabled, disabledHooks, opt) if err != nil { return scanner.Scanner{}, func() {}, xerrors.Errorf("unable to initialize a filesystem scanner: %w", err) } diff --git a/pkg/commands/artifact/run.go b/pkg/commands/artifact/run.go index 16a661061a..eca230c74c 100644 --- a/pkg/commands/artifact/run.go +++ b/pkg/commands/artifact/run.go @@ -11,6 +11,7 @@ import ( "github.com/aquasecurity/fanal/analyzer" "github.com/aquasecurity/fanal/analyzer/config" "github.com/aquasecurity/fanal/cache" + "github.com/aquasecurity/fanal/hook" "github.com/aquasecurity/trivy-db/pkg/db" "github.com/aquasecurity/trivy/pkg/commands/operation" "github.com/aquasecurity/trivy/pkg/log" @@ -26,7 +27,7 @@ var errSkipScan = errors.New("skip subsequent processes") // InitializeScanner type to define initialize function signature type InitializeScanner func(context.Context, string, cache.ArtifactCache, cache.LocalArtifactCache, time.Duration, - []analyzer.Type, config.ScannerOption) (scanner.Scanner, func(), error) + []analyzer.Type, []hook.Type, config.ScannerOption) (scanner.Scanner, func(), error) // InitCache defines cache initializer type InitCache func(c Option) (cache.Cache, error) @@ -174,7 +175,7 @@ func scan(ctx context.Context, opt Option, initializeScanner InitializeScanner, } s, cleanup, err := initializeScanner(ctx, target, cacheClient, cacheClient, opt.Timeout, - disabledAnalyzers, configScannerOptions) + disabledAnalyzers, nil, configScannerOptions) if err != nil { return pkgReport.Report{}, xerrors.Errorf("unable to initialize a scanner: %w", err) } diff --git a/pkg/commands/artifact/wire_gen.go b/pkg/commands/artifact/wire_gen.go index 8d7d422e8d..9531365915 100644 --- a/pkg/commands/artifact/wire_gen.go +++ b/pkg/commands/artifact/wire_gen.go @@ -1,6 +1,6 @@ // Code generated by Wire. DO NOT EDIT. -//go:generate wire +//go:generate go run github.com/google/wire/cmd/wire //+build !wireinject package artifact @@ -14,6 +14,7 @@ import ( local2 "github.com/aquasecurity/fanal/artifact/local" "github.com/aquasecurity/fanal/artifact/remote" "github.com/aquasecurity/fanal/cache" + "github.com/aquasecurity/fanal/hook" "github.com/aquasecurity/fanal/image" "github.com/aquasecurity/trivy-db/pkg/db" "github.com/aquasecurity/trivy/pkg/detector/ospkg" @@ -26,7 +27,7 @@ import ( // Injectors from inject.go: -func initializeDockerScanner(ctx context.Context, imageName string, artifactCache cache.ArtifactCache, localArtifactCache cache.LocalArtifactCache, timeout time.Duration, disableAnalyzers []analyzer.Type, configScannerOption config.ScannerOption) (scanner.Scanner, func(), error) { +func initializeDockerScanner(ctx context.Context, imageName string, artifactCache cache.ArtifactCache, localArtifactCache cache.LocalArtifactCache, timeout time.Duration, disableAnalyzers []analyzer.Type, disabledHooks []hook.Type, configScannerOption config.ScannerOption) (scanner.Scanner, func(), error) { applierApplier := applier.NewApplier(localArtifactCache) detector := ospkg.Detector{} localScanner := local.NewScanner(applierApplier, detector) @@ -38,7 +39,7 @@ func initializeDockerScanner(ctx context.Context, imageName string, artifactCach if err != nil { return scanner.Scanner{}, nil, err } - artifact, err := image2.NewArtifact(imageImage, artifactCache, disableAnalyzers, configScannerOption) + artifact, err := image2.NewArtifact(imageImage, artifactCache, disableAnalyzers, disabledHooks, configScannerOption) if err != nil { cleanup() return scanner.Scanner{}, nil, err @@ -49,7 +50,7 @@ func initializeDockerScanner(ctx context.Context, imageName string, artifactCach }, nil } -func initializeArchiveScanner(ctx context.Context, filePath string, artifactCache cache.ArtifactCache, localArtifactCache cache.LocalArtifactCache, timeout time.Duration, disableAnalyzers []analyzer.Type, configScannerOption config.ScannerOption) (scanner.Scanner, error) { +func initializeArchiveScanner(ctx context.Context, filePath string, artifactCache cache.ArtifactCache, localArtifactCache cache.LocalArtifactCache, timeout time.Duration, disableAnalyzers []analyzer.Type, disabledHooks []hook.Type, configScannerOption config.ScannerOption) (scanner.Scanner, error) { applierApplier := applier.NewApplier(localArtifactCache) detector := ospkg.Detector{} localScanner := local.NewScanner(applierApplier, detector) @@ -57,7 +58,7 @@ func initializeArchiveScanner(ctx context.Context, filePath string, artifactCach if err != nil { return scanner.Scanner{}, err } - artifact, err := image2.NewArtifact(imageImage, artifactCache, disableAnalyzers, configScannerOption) + artifact, err := image2.NewArtifact(imageImage, artifactCache, disableAnalyzers, disabledHooks, configScannerOption) if err != nil { return scanner.Scanner{}, err } @@ -65,11 +66,11 @@ func initializeArchiveScanner(ctx context.Context, filePath string, artifactCach return scannerScanner, nil } -func initializeFilesystemScanner(ctx context.Context, dir string, artifactCache cache.ArtifactCache, localArtifactCache cache.LocalArtifactCache, disableAnalyzers []analyzer.Type, configScannerOption config.ScannerOption) (scanner.Scanner, func(), error) { +func initializeFilesystemScanner(ctx context.Context, dir string, artifactCache cache.ArtifactCache, localArtifactCache cache.LocalArtifactCache, disableAnalyzers []analyzer.Type, disabledHooks []hook.Type, configScannerOption config.ScannerOption) (scanner.Scanner, func(), error) { applierApplier := applier.NewApplier(localArtifactCache) detector := ospkg.Detector{} localScanner := local.NewScanner(applierApplier, detector) - artifact, err := local2.NewArtifact(dir, artifactCache, disableAnalyzers, configScannerOption) + artifact, err := local2.NewArtifact(dir, artifactCache, disableAnalyzers, disabledHooks, configScannerOption) if err != nil { return scanner.Scanner{}, nil, err } @@ -78,11 +79,11 @@ func initializeFilesystemScanner(ctx context.Context, dir string, artifactCache }, nil } -func initializeRepositoryScanner(ctx context.Context, url string, artifactCache cache.ArtifactCache, localArtifactCache cache.LocalArtifactCache, disableAnalyzers []analyzer.Type, configScannerOption config.ScannerOption) (scanner.Scanner, func(), error) { +func initializeRepositoryScanner(ctx context.Context, url string, artifactCache cache.ArtifactCache, localArtifactCache cache.LocalArtifactCache, disableAnalyzers []analyzer.Type, disabledHooks []hook.Type, configScannerOption config.ScannerOption) (scanner.Scanner, func(), error) { applierApplier := applier.NewApplier(localArtifactCache) detector := ospkg.Detector{} localScanner := local.NewScanner(applierApplier, detector) - artifact, cleanup, err := remote.NewArtifact(url, artifactCache, disableAnalyzers, configScannerOption) + artifact, cleanup, err := remote.NewArtifact(url, artifactCache, disableAnalyzers, disabledHooks, configScannerOption) if err != nil { return scanner.Scanner{}, nil, err } diff --git a/pkg/commands/client/inject.go b/pkg/commands/client/inject.go index c897b5a83a..873ed7a526 100644 --- a/pkg/commands/client/inject.go +++ b/pkg/commands/client/inject.go @@ -9,6 +9,7 @@ import ( "github.com/google/wire" "github.com/aquasecurity/fanal/analyzer" + "github.com/aquasecurity/fanal/hook" "github.com/aquasecurity/fanal/analyzer/config" "github.com/aquasecurity/fanal/cache" "github.com/aquasecurity/trivy/pkg/result" @@ -17,7 +18,7 @@ import ( ) func initializeDockerScanner(ctx context.Context, imageName string, artifactCache cache.ArtifactCache, customHeaders client.CustomHeaders, - url client.RemoteURL, timeout time.Duration, disabled []analyzer.Type, configScannerOption config.ScannerOption) ( + url client.RemoteURL, timeout time.Duration, disabled []analyzer.Type, disabledhook []hook.Type, configScannerOption config.ScannerOption) ( scanner.Scanner, func(), error) { wire.Build(scanner.RemoteDockerSet) return scanner.Scanner{}, nil, nil @@ -25,7 +26,7 @@ func initializeDockerScanner(ctx context.Context, imageName string, artifactCach func initializeArchiveScanner(ctx context.Context, filePath string, artifactCache cache.ArtifactCache, customHeaders client.CustomHeaders, url client.RemoteURL, timeout time.Duration, disabled []analyzer.Type, - configScannerOption config.ScannerOption) (scanner.Scanner, error) { + disabledhook []hook.Type, configScannerOption config.ScannerOption) (scanner.Scanner, error) { wire.Build(scanner.RemoteArchiveSet) return scanner.Scanner{}, nil } diff --git a/pkg/commands/client/run.go b/pkg/commands/client/run.go index c2fec18f1a..a038de9225 100644 --- a/pkg/commands/client/run.go +++ b/pkg/commands/client/run.go @@ -144,7 +144,7 @@ func initializeScanner(ctx context.Context, opt Option) (scanner.Scanner, func() if opt.Input != "" { // Scan tar file s, err := initializeArchiveScanner(ctx, opt.Input, remoteCache, client.CustomHeaders(opt.CustomHeaders), - client.RemoteURL(opt.RemoteAddr), opt.Timeout, disabledAnalyzers, configScannerOptions) + client.RemoteURL(opt.RemoteAddr), opt.Timeout, disabledAnalyzers, nil, configScannerOptions) if err != nil { return scanner.Scanner{}, nil, xerrors.Errorf("unable to initialize the archive scanner: %w", err) } @@ -153,7 +153,7 @@ func initializeScanner(ctx context.Context, opt Option) (scanner.Scanner, func() // Scan an image in Docker Engine or Docker Registry s, cleanup, err := initializeDockerScanner(ctx, opt.Target, remoteCache, client.CustomHeaders(opt.CustomHeaders), - client.RemoteURL(opt.RemoteAddr), opt.Timeout, disabledAnalyzers, configScannerOptions) + client.RemoteURL(opt.RemoteAddr), opt.Timeout, disabledAnalyzers, nil, configScannerOptions) if err != nil { return scanner.Scanner{}, nil, xerrors.Errorf("unable to initialize the docker scanner: %w", err) } diff --git a/pkg/commands/client/wire_gen.go b/pkg/commands/client/wire_gen.go index eda84e827d..da2fd6058e 100644 --- a/pkg/commands/client/wire_gen.go +++ b/pkg/commands/client/wire_gen.go @@ -1,6 +1,6 @@ // Code generated by Wire. DO NOT EDIT. -//go:generate wire +//go:generate go run github.com/google/wire/cmd/wire //+build !wireinject package client @@ -11,6 +11,7 @@ import ( "github.com/aquasecurity/fanal/analyzer/config" image2 "github.com/aquasecurity/fanal/artifact/image" "github.com/aquasecurity/fanal/cache" + "github.com/aquasecurity/fanal/hook" "github.com/aquasecurity/fanal/image" "github.com/aquasecurity/trivy-db/pkg/db" "github.com/aquasecurity/trivy/pkg/result" @@ -22,7 +23,7 @@ import ( // Injectors from inject.go: -func initializeDockerScanner(ctx context.Context, imageName string, artifactCache cache.ArtifactCache, customHeaders client.CustomHeaders, url client.RemoteURL, timeout time.Duration, disabled []analyzer.Type, configScannerOption config.ScannerOption) (scanner.Scanner, func(), error) { +func initializeDockerScanner(ctx context.Context, imageName string, artifactCache cache.ArtifactCache, customHeaders client.CustomHeaders, url client.RemoteURL, timeout time.Duration, disabled []analyzer.Type, disabledhook []hook.Type, configScannerOption config.ScannerOption) (scanner.Scanner, func(), error) { scannerScanner := client.NewProtobufClient(url) clientScanner := client.NewScanner(customHeaders, scannerScanner) dockerOption, err := types.GetDockerOption(timeout) @@ -33,7 +34,7 @@ func initializeDockerScanner(ctx context.Context, imageName string, artifactCach if err != nil { return scanner.Scanner{}, nil, err } - artifact, err := image2.NewArtifact(imageImage, artifactCache, disabled, configScannerOption) + artifact, err := image2.NewArtifact(imageImage, artifactCache, disabled, disabledhook, configScannerOption) if err != nil { cleanup() return scanner.Scanner{}, nil, err @@ -44,14 +45,14 @@ func initializeDockerScanner(ctx context.Context, imageName string, artifactCach }, nil } -func initializeArchiveScanner(ctx context.Context, filePath string, artifactCache cache.ArtifactCache, customHeaders client.CustomHeaders, url client.RemoteURL, timeout time.Duration, disabled []analyzer.Type, configScannerOption config.ScannerOption) (scanner.Scanner, error) { +func initializeArchiveScanner(ctx context.Context, filePath string, artifactCache cache.ArtifactCache, customHeaders client.CustomHeaders, url client.RemoteURL, timeout time.Duration, disabled []analyzer.Type, disabledhook []hook.Type, configScannerOption config.ScannerOption) (scanner.Scanner, error) { scannerScanner := client.NewProtobufClient(url) clientScanner := client.NewScanner(customHeaders, scannerScanner) imageImage, err := image.NewArchiveImage(filePath) if err != nil { return scanner.Scanner{}, err } - artifact, err := image2.NewArtifact(imageImage, artifactCache, disabled, configScannerOption) + artifact, err := image2.NewArtifact(imageImage, artifactCache, disabled, disabledhook, configScannerOption) if err != nil { return scanner.Scanner{}, err } diff --git a/pkg/commands/operation/wire_gen.go b/pkg/commands/operation/wire_gen.go index 1cb76c71f7..d7fb8f7516 100644 --- a/pkg/commands/operation/wire_gen.go +++ b/pkg/commands/operation/wire_gen.go @@ -1,6 +1,6 @@ // Code generated by Wire. DO NOT EDIT. -//go:generate wire +//go:generate go run github.com/google/wire/cmd/wire //+build !wireinject package operation diff --git a/pkg/detector/library/detect.go b/pkg/detector/library/detect.go index dea5b85e11..8cd1403f8c 100644 --- a/pkg/detector/library/detect.go +++ b/pkg/detector/library/detect.go @@ -32,6 +32,7 @@ func detect(driver Driver, libs []ftypes.LibraryInfo) ([]types.DetectedVulnerabi for i := range vulns { vulns[i].Layer = lib.Layer + vulns[i].PkgPath = lib.FilePath } vulnerabilities = append(vulnerabilities, vulns...) } diff --git a/pkg/detector/library/driver.go b/pkg/detector/library/driver.go index 738762fe08..ddb4ae6471 100644 --- a/pkg/detector/library/driver.go +++ b/pkg/detector/library/driver.go @@ -25,7 +25,7 @@ type advisory interface { func NewDriver(libType string) (Driver, error) { var driver Driver switch libType { - case ftypes.Bundler: + case ftypes.Bundler, ftypes.GemSpec: driver = newRubyGemsDriver() case ftypes.Cargo: driver = newCargoDriver() @@ -33,7 +33,7 @@ func NewDriver(libType string) (Driver, error) { driver = newComposerDriver() case ftypes.Npm, ftypes.Yarn: driver = newNpmDriver() - case ftypes.Pipenv, ftypes.Poetry, ftypes.Pip: + case ftypes.Pipenv, ftypes.Poetry, ftypes.Pip, ftypes.PythonPkg: driver = newPipDriver() case ftypes.NuGet: driver = newNugetDriver() diff --git a/pkg/rpc/server/wire_gen.go b/pkg/rpc/server/wire_gen.go index ecb35b65a9..9a423ca4c1 100644 --- a/pkg/rpc/server/wire_gen.go +++ b/pkg/rpc/server/wire_gen.go @@ -1,6 +1,6 @@ // Code generated by Wire. DO NOT EDIT. -//go:generate wire +//go:generate go run github.com/google/wire/cmd/wire //+build !wireinject package server diff --git a/pkg/scanner/local/scan.go b/pkg/scanner/local/scan.go index 007c5f9470..a1e774b50a 100644 --- a/pkg/scanner/local/scan.go +++ b/pkg/scanner/local/scan.go @@ -15,6 +15,7 @@ import ( "github.com/aquasecurity/fanal/analyzer" _ "github.com/aquasecurity/fanal/analyzer/all" "github.com/aquasecurity/fanal/applier" + _ "github.com/aquasecurity/fanal/hook/all" ftypes "github.com/aquasecurity/fanal/types" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/detector/library" @@ -25,6 +26,12 @@ import ( "github.com/aquasecurity/trivy/pkg/utils" ) +var ( + pkgTargets = map[string]string{ + ftypes.PythonPkg: "Python", + } +) + // SuperSet binds dependencies for Local scan var SuperSet = wire.NewSet( applier.NewApplier, @@ -198,26 +205,20 @@ func (s Scanner) scanLibrary(apps []ftypes.Application, options types.ScanOption return nil, xerrors.Errorf("failed vulnerability detection of libraries: %w", err) } + target := app.FilePath + if t, ok := pkgTargets[app.Type]; ok && target == "" { + // When the file path is empty, we will overwrite it with the pre-defined value. + target = t + } + libReport := report.Result{ - Target: app.FilePath, + Target: target, Vulnerabilities: vulns, Class: report.ClassLangPkg, Type: app.Type, } if options.ListAllPackages { - var pkgs []ftypes.Package - for _, lib := range app.Libraries { - pkgs = append(pkgs, ftypes.Package{ - Name: lib.Library.Name, - Version: lib.Library.Version, - License: lib.Library.License, - Layer: lib.Layer, - }) - } - sort.Slice(pkgs, func(i, j int) bool { - return strings.Compare(pkgs[i].Name, pkgs[j].Name) <= 0 - }) - libReport.Packages = pkgs + libReport.Packages = s.listAllPkgs(app) } results = append(results, libReport) } @@ -227,6 +228,23 @@ func (s Scanner) scanLibrary(apps []ftypes.Application, options types.ScanOption return results, nil } +func (s Scanner) listAllPkgs(app ftypes.Application) []ftypes.Package { + var pkgs []ftypes.Package + for _, lib := range app.Libraries { + pkgs = append(pkgs, ftypes.Package{ + Name: lib.Library.Name, + Version: lib.Library.Version, + License: lib.Library.License, + Layer: lib.Layer, + }) + } + sort.Slice(pkgs, func(i, j int) bool { + return strings.Compare(pkgs[i].Name, pkgs[j].Name) <= 0 + }) + + return pkgs +} + func (s Scanner) misconfsToResults(misconfs []ftypes.Misconfiguration, options types.ScanOptions) report.Results { log.Logger.Infof("Detected config files: %d", len(misconfs)) var results report.Results diff --git a/pkg/types/vulnerability.go b/pkg/types/vulnerability.go index af6938e5dd..8a2be92b42 100644 --- a/pkg/types/vulnerability.go +++ b/pkg/types/vulnerability.go @@ -9,6 +9,7 @@ import ( type DetectedVulnerability struct { VulnerabilityID string `json:",omitempty"` PkgName string `json:",omitempty"` + PkgPath string `json:",omitempty"` // It will be filled in the case of language-specific packages such as egg/wheel and gemspec InstalledVersion string `json:",omitempty"` FixedVersion string `json:",omitempty"` Layer ftypes.Layer `json:",omitempty"`