gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-21 14:50:53 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
84dd33f7e9b22f2fa355c8a9b63f40765f819eb7
trivy/pkg/detector/library/npm/advisory.go
Teppei Fukuda 50bb938a21 feat(lang-pkg): add data sources (#1625)
2022-01-27 14:22:06 +02:00

58 lines
1.4 KiB
Go
Raw Blame History

package npm
import (
"strings"
"golang.org/x/xerrors"
"github.com/aquasecurity/trivy-db/pkg/vulnsrc/node"
"github.com/aquasecurity/trivy/pkg/types"
)
// Advisory encapsulate Node vulnerability source
type Advisory struct {
comparer Comparer
vs node.VulnSrc
}
// NewAdvisory is the factory method for Node Advisory
func NewAdvisory() *Advisory {
return &Advisory{
vs: node.NewVulnSrc(),
comparer: Comparer{},
}
}
// DetectVulnerabilities scans and return vulnerability using Node package scanner
func (a *Advisory) DetectVulnerabilities(pkgName, pkgVer string) ([]types.DetectedVulnerability, error) {
advisories, err := a.vs.Get(pkgName)
if err != nil {
return nil, xerrors.Errorf("failed to get node advisories: %w", err)
}
var vulns []types.DetectedVulnerability
for _, advisory := range advisories {
if !a.comparer.IsVulnerable(pkgVer, advisory) {
continue
}
vuln := types.DetectedVulnerability{
VulnerabilityID: advisory.VulnerabilityID,
PkgName: pkgName,
InstalledVersion: pkgVer,
FixedVersion: createFixedVersions(advisory.PatchedVersions),
DataSource: advisory.DataSource,
}
vulns = append(vulns, vuln)
}
return vulns, nil
}
func createFixedVersions(patchedVersions []string) string {
var fixedVersions []string
for _, s := range patchedVersions {
fixedVersions = append(fixedVersions, strings.TrimSpace(s))
}
return strings.Join(fixedVersions, ", ")
}
Reference in New Issue View Git Blame Copy Permalink