mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-22 23:26:39 -08:00
6eebed33b2
* Implemented ruby comparison version check. * Added semver package to validate and check version * Added more tests * Replaced go-version with semver * Removing go-version from dependency * Added check for ruby gem version format * Updated semver model and patch rewrite process * Refactoring
59 lines
1.4 KiB
Go
59 lines
1.4 KiB
Go
package python
|
|
|
|
import (
|
|
"strings"
|
|
|
|
"github.com/aquasecurity/trivy-db/pkg/vulnsrc/python"
|
|
"github.com/aquasecurity/trivy/pkg/types"
|
|
|
|
"golang.org/x/xerrors"
|
|
|
|
"github.com/Masterminds/semver/v3"
|
|
"github.com/aquasecurity/trivy/pkg/scanner/utils"
|
|
)
|
|
|
|
type Advisory struct {
|
|
vs python.VulnSrc
|
|
}
|
|
|
|
func NewAdvisory() *Advisory {
|
|
return &Advisory{
|
|
vs: python.NewVulnSrc(),
|
|
}
|
|
}
|
|
|
|
func (s *Advisory) DetectVulnerabilities(pkgName string, pkgVer *semver.Version) ([]types.DetectedVulnerability, error) {
|
|
advisories, err := s.vs.Get(pkgName)
|
|
if err != nil {
|
|
return nil, xerrors.Errorf("failed to get python advisories: %w", err)
|
|
}
|
|
|
|
var vulns []types.DetectedVulnerability
|
|
for _, advisory := range advisories {
|
|
if !utils.MatchVersions(pkgVer, advisory.Specs) {
|
|
continue
|
|
}
|
|
|
|
vuln := types.DetectedVulnerability{
|
|
VulnerabilityID: advisory.VulnerabilityID,
|
|
PkgName: pkgName,
|
|
InstalledVersion: pkgVer.String(),
|
|
FixedVersion: createFixedVersions(advisory.Specs),
|
|
}
|
|
vulns = append(vulns, vuln)
|
|
}
|
|
return vulns, nil
|
|
}
|
|
|
|
func createFixedVersions(specs []string) string {
|
|
var fixedVersions []string
|
|
for _, spec := range specs {
|
|
for _, s := range strings.Split(spec, ",") {
|
|
if !strings.HasPrefix(s, "<=") && strings.HasPrefix(s, "<") {
|
|
fixedVersions = append(fixedVersions, strings.TrimPrefix(s, "<"))
|
|
}
|
|
}
|
|
}
|
|
return strings.Join(fixedVersions, ", ")
|
|
}
|