gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-21 23:00:42 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
11a5b91a1a4951bcd17d896830734b876eb6fc72
trivy/pkg/detector/ospkg/photon/photon.go
Teppei Fukuda 11a5b91a1a feat(sbom): add VEX support (#4053)
2023-04-27 10:21:06 +03:00

106 lines
2.8 KiB
Go
Raw Blame History

package photon
import (
"time"
version "github.com/knqyf263/go-rpm-version"
"golang.org/x/xerrors"
"k8s.io/utils/clock"
"github.com/aquasecurity/trivy-db/pkg/vulnsrc/photon"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/scanner/utils"
"github.com/aquasecurity/trivy/pkg/types"
)
var (
eolDates = map[string]time.Time{
"1.0": time.Date(2022, 2, 28, 23, 59, 59, 0, time.UTC),
"2.0": time.Date(2022, 12, 31, 23, 59, 59, 0, time.UTC),
// The following versions don't have the EOL dates yet.
// See https://blogs.vmware.com/vsphere/2022/01/photon-1-x-end-of-support-announcement.html
"3.0": time.Date(2024, 6, 30, 23, 59, 59, 0, time.UTC),
"4.0": time.Date(2025, 12, 31, 23, 59, 59, 0, time.UTC),
}
)
type options struct {
clock clock.Clock
}
type option func(*options)
func WithClock(clock clock.Clock) option {
return func(opts *options) {
opts.clock = clock
}
}
// Scanner implements the Photon scanner
type Scanner struct {
vs photon.VulnSrc
*options
}
// NewScanner is the factory method for Scanner
func NewScanner(opts ...option) *Scanner {
o := &options{
clock: clock.RealClock{},
}
for _, opt := range opts {
opt(o)
}
return &Scanner{
vs: photon.NewVulnSrc(),
options: o,
}
}
// Detect scans and returns vulnerabilities using photon scanner
func (s *Scanner) Detect(osVer string, _ *ftypes.Repository, pkgs []ftypes.Package) ([]types.DetectedVulnerability, error) {
log.Logger.Info("Detecting Photon Linux vulnerabilities...")
log.Logger.Debugf("Photon Linux: os version: %s", osVer)
log.Logger.Debugf("Photon Linux: the number of packages: %d", len(pkgs))
var vulns []types.DetectedVulnerability
for _, pkg := range pkgs {
advisories, err := s.vs.Get(osVer, pkg.SrcName)
if err != nil {
return nil, xerrors.Errorf("failed to get Photon Linux advisory: %w", err)
}
installed := utils.FormatVersion(pkg)
installedVersion := version.NewVersion(installed)
for _, adv := range advisories {
fixedVersion := version.NewVersion(adv.FixedVersion)
vuln := types.DetectedVulnerability{
VulnerabilityID: adv.VulnerabilityID,
PkgID: pkg.ID,
PkgName: pkg.Name,
InstalledVersion: installed,
PkgRef: pkg.Ref,
Layer: pkg.Layer,
Custom: adv.Custom,
DataSource: adv.DataSource,
}
if installedVersion.LessThan(fixedVersion) {
vuln.FixedVersion = adv.FixedVersion
vulns = append(vulns, vuln)
}
}
}
return vulns, nil
}
// IsSupportedVersion checks if the OS version reached end-of-support.
func (s *Scanner) IsSupportedVersion(osFamily, osVer string) bool {
eol, ok := eolDates[osVer]
if !ok {
log.Logger.Warnf("This OS version is not on the EOL list: %s %s", osFamily, osVer)
return false
}
return s.clock.Now().Before(eol)
}
Reference in New Issue View Git Blame Copy Permalink