mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-23 07:29:00 -08:00
793a1aa3c8
* add linter supports * add only minor version * use latest version * Fix println with format issue * Fix test * Fix tests * For slice with unknown length, preallocating the array * fix code-coverage * Removed linter rules * Reverting linter fixes, adding TODO for later * Ignore linter error for import * Remove another err var. * Ignore shadow error * Fixes * Fix issue * Add back goimports local-prefixes * Update local prefixes * Removed extra spaces and merge the imports * more refactoring * Update photon.go Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
80 lines
2.3 KiB
Go
80 lines
2.3 KiB
Go
package library
|
|
|
|
import (
|
|
"path/filepath"
|
|
"time"
|
|
|
|
"github.com/Masterminds/semver/v3"
|
|
"github.com/google/wire"
|
|
"golang.org/x/xerrors"
|
|
|
|
ftypes "github.com/aquasecurity/fanal/types"
|
|
"github.com/aquasecurity/trivy/pkg/log"
|
|
"github.com/aquasecurity/trivy/pkg/scanner/utils"
|
|
"github.com/aquasecurity/trivy/pkg/types"
|
|
)
|
|
|
|
// SuperSet binds the dependencies for library scan
|
|
var SuperSet = wire.NewSet(
|
|
wire.Struct(new(DriverFactory)),
|
|
wire.Bind(new(Factory), new(DriverFactory)),
|
|
NewDetector,
|
|
wire.Bind(new(Operation), new(Detector)),
|
|
)
|
|
|
|
// Operation defines library scan operations
|
|
type Operation interface {
|
|
Detect(imageName string, filePath string, created time.Time, pkgs []ftypes.LibraryInfo) (vulns []types.DetectedVulnerability, err error)
|
|
}
|
|
|
|
// Detector implements driverFactory
|
|
type Detector struct {
|
|
driverFactory Factory
|
|
}
|
|
|
|
// NewDetector is the factory method for detector
|
|
func NewDetector(factory Factory) Detector {
|
|
return Detector{driverFactory: factory}
|
|
}
|
|
|
|
// Detect scans and returns vulnerabilities of library
|
|
func (d Detector) Detect(_, filePath string, _ time.Time, pkgs []ftypes.LibraryInfo) ([]types.DetectedVulnerability, error) {
|
|
log.Logger.Debugf("Detecting library vulnerabilities, path: %s", filePath)
|
|
driver, err := d.driverFactory.NewDriver(filepath.Base(filePath))
|
|
if err != nil {
|
|
return nil, xerrors.Errorf("failed to new driver: %w", err)
|
|
}
|
|
|
|
vulns, err := detect(driver, pkgs)
|
|
if err != nil {
|
|
return nil, xerrors.Errorf("failed to scan %s vulnerabilities: %w", driver.Type(), err)
|
|
}
|
|
|
|
return vulns, nil
|
|
}
|
|
|
|
func detect(driver Driver, libs []ftypes.LibraryInfo) ([]types.DetectedVulnerability, error) {
|
|
log.Logger.Infof("Detecting %s vulnerabilities...", driver.Type())
|
|
var vulnerabilities []types.DetectedVulnerability
|
|
for _, lib := range libs {
|
|
v, err := semver.NewVersion(utils.FormatPatchVersion(lib.Library.Version))
|
|
if err != nil {
|
|
log.Logger.Debugf("invalid version, library: %s, version: %s, error: %s\n",
|
|
lib.Library.Name, lib.Library.Version, err)
|
|
continue
|
|
}
|
|
|
|
vulns, err := driver.Detect(lib.Library.Name, v)
|
|
if err != nil {
|
|
return nil, xerrors.Errorf("failed to detect %s vulnerabilities: %w", driver.Type(), err)
|
|
}
|
|
|
|
for i := range vulns {
|
|
vulns[i].Layer = lib.Layer
|
|
}
|
|
vulnerabilities = append(vulnerabilities, vulns...)
|
|
}
|
|
|
|
return vulnerabilities, nil
|
|
}
|