mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-22 07:10:41 -08:00
97 lines
3.0 KiB
Go
97 lines
3.0 KiB
Go
package ospkg
|
|
|
|
import (
|
|
"time"
|
|
|
|
"github.com/google/wire"
|
|
"golang.org/x/xerrors"
|
|
|
|
fos "github.com/aquasecurity/fanal/analyzer/os"
|
|
ftypes "github.com/aquasecurity/fanal/types"
|
|
"github.com/aquasecurity/trivy/pkg/detector/ospkg/alma"
|
|
"github.com/aquasecurity/trivy/pkg/detector/ospkg/alpine"
|
|
"github.com/aquasecurity/trivy/pkg/detector/ospkg/amazon"
|
|
"github.com/aquasecurity/trivy/pkg/detector/ospkg/debian"
|
|
"github.com/aquasecurity/trivy/pkg/detector/ospkg/mariner"
|
|
"github.com/aquasecurity/trivy/pkg/detector/ospkg/oracle"
|
|
"github.com/aquasecurity/trivy/pkg/detector/ospkg/photon"
|
|
"github.com/aquasecurity/trivy/pkg/detector/ospkg/redhat"
|
|
"github.com/aquasecurity/trivy/pkg/detector/ospkg/rocky"
|
|
"github.com/aquasecurity/trivy/pkg/detector/ospkg/suse"
|
|
"github.com/aquasecurity/trivy/pkg/detector/ospkg/ubuntu"
|
|
"github.com/aquasecurity/trivy/pkg/log"
|
|
"github.com/aquasecurity/trivy/pkg/types"
|
|
)
|
|
|
|
var (
|
|
// ErrUnsupportedOS defines error for unsupported OS
|
|
ErrUnsupportedOS = xerrors.New("unsupported os")
|
|
|
|
// SuperSet binds dependencies for OS scan
|
|
SuperSet = wire.NewSet(
|
|
wire.Struct(new(Detector)),
|
|
wire.Bind(new(Operation), new(Detector)),
|
|
)
|
|
|
|
drivers = map[string]Driver{
|
|
fos.Alpine: alpine.NewScanner(),
|
|
fos.Alma: alma.NewScanner(),
|
|
fos.Amazon: amazon.NewScanner(),
|
|
fos.CBLMariner: mariner.NewScanner(),
|
|
fos.Debian: debian.NewScanner(),
|
|
fos.Ubuntu: ubuntu.NewScanner(),
|
|
fos.RedHat: redhat.NewScanner(),
|
|
fos.CentOS: redhat.NewScanner(),
|
|
fos.Rocky: rocky.NewScanner(),
|
|
fos.Oracle: oracle.NewScanner(),
|
|
fos.OpenSUSELeap: suse.NewScanner(suse.OpenSUSE),
|
|
fos.SLES: suse.NewScanner(suse.SUSEEnterpriseLinux),
|
|
fos.Photon: photon.NewScanner(),
|
|
}
|
|
)
|
|
|
|
// RegisterDriver is defined for extensibility and not supposed to be used in Trivy.
|
|
func RegisterDriver(name string, driver Driver) {
|
|
drivers[name] = driver
|
|
}
|
|
|
|
// Operation defines operation of OSpkg scan
|
|
type Operation interface {
|
|
Detect(string, string, string, time.Time, []ftypes.Package) ([]types.DetectedVulnerability, bool, error)
|
|
}
|
|
|
|
// Driver defines operations for OS package scan
|
|
type Driver interface {
|
|
Detect(string, *ftypes.Repository, []ftypes.Package) ([]types.DetectedVulnerability, error)
|
|
IsSupportedVersion(string, string) bool
|
|
}
|
|
|
|
// Detector implements Operation
|
|
type Detector struct{}
|
|
|
|
// Detect detects the vulnerabilities
|
|
func (d Detector) Detect(_, osFamily, osName string, repo *ftypes.Repository, _ time.Time, pkgs []ftypes.Package) ([]types.DetectedVulnerability, bool, error) {
|
|
driver, err := newDriver(osFamily)
|
|
if err != nil {
|
|
return nil, false, ErrUnsupportedOS
|
|
}
|
|
|
|
eosl := !driver.IsSupportedVersion(osFamily, osName)
|
|
|
|
vulns, err := driver.Detect(osName, repo, pkgs)
|
|
if err != nil {
|
|
return nil, false, xerrors.Errorf("failed detection: %w", err)
|
|
}
|
|
|
|
return vulns, eosl, nil
|
|
}
|
|
|
|
func newDriver(osFamily string) (Driver, error) {
|
|
if driver, ok := drivers[osFamily]; ok {
|
|
return driver, nil
|
|
}
|
|
|
|
log.Logger.Warnf("unsupported os : %s", osFamily)
|
|
return nil, ErrUnsupportedOS
|
|
}
|