gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-23 07:29:00 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
ff873a274beea75730e8354d2995c7a418db85a9
trivy/pkg/scanner/library/python/advisory.go
Teppei Fukuda ff873a274b Support Amazon Linux (#182) 
* Support Amazon Linux

* amazon: Add tests for Scanner Detect functionality

* amazon: Add more test cases for unhappy paths.

This commit also asserts the logged output via observer.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* amazon: Add a test case for invalid fixed pkg version

Signed-off-by: Simarpreet Singh <simar@linux.com>

* mod: go mod tidy

Signed-off-by: Simarpreet Singh <simar@linux.com>

* amazon: Inject dependency seams for exposed db interface and logger.

This commit also exposes an interface for doing db operations.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* amazon: Use injected logger for scanner.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* amazon_test: Add a sample testdata dir

Signed-off-by: Simarpreet Singh <simar@linux.com>

* amazon: Add tests for for Get() for amazon vulns.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* vulnsrc_test: Fix invocation call to SetVersion()

Signed-off-by: Simarpreet Singh <simar@linux.com>

* amazon_test: Add a test for severirtyFromPriority

Signed-off-by: Simarpreet Singh <simar@linux.com>

* amazon_test: Add tests for constructVersion()

Signed-off-by: Simarpreet Singh <simar@linux.com>

* amazon: Refactor walkFunc outside for testability purposes

Signed-off-by: Simarpreet Singh <simar@linux.com>

* amazon: Refactor walkFn and add tests for it.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* amazon: Refactor commitFunc closure and add tests

This commit also introduces an interface for the
vulnerability package to be used as a seam.

Signed-off-by: Simarpreet Singh <simar@linux.com>

* Revert "amazon: Use injected logger for scanner."

This reverts commit 5a81e4d824a95f4de4aae2e2b903eedd0f7e241f.

* test(amazon): fix failed tests

* fix(vulnerability): trim references

* test(amazon): add integration test
2019-10-22 09:31:15 +03:00

95 lines
2.0 KiB
Go
Raw Blame History

package python
import (
"encoding/json"
"os"
"path/filepath"
"github.com/etcd-io/bbolt"
"github.com/aquasecurity/trivy/pkg/db"
"golang.org/x/xerrors"
"github.com/aquasecurity/trivy/pkg/utils"
"github.com/aquasecurity/trivy/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy/pkg/git"
)
const (
dbURL = "https://github.com/pyupio/safety-db.git"
)
var (
repoPath string
)
type AdvisoryDB map[string][]Advisory
type Advisory struct {
ID string
Advisory string
Cve string
Specs []string
Version string `json:"v"`
}
func (s *Scanner) UpdateDB() (err error) {
repoPath = filepath.Join(utils.CacheDir(), "python-safety-db")
if _, err := git.CloneOrPull(dbURL, repoPath); err != nil {
return err
}
s.db, err = s.parse()
if err != nil {
return xerrors.Errorf("failed to parse python safety-db: %w", err)
}
return nil
}
func (s *Scanner) parse() (AdvisoryDB, error) {
advisoryDB := AdvisoryDB{}
f, err := os.Open(filepath.Join(repoPath, "data", "insecure_full.json"))
if err != nil {
return nil, err
}
defer f.Close()
// for detecting vulnerabilities
if err = json.NewDecoder(f).Decode(&advisoryDB); err != nil {
return nil, err
}
// for displaying vulnerability detail
var vulns []vulnerability.Vulnerability
for _, advisories := range advisoryDB {
for _, advisory := range advisories {
vulnerabilityID := advisory.Cve
if vulnerabilityID == "" {
vulnerabilityID = advisory.ID
}
vulns = append(vulns, vulnerability.Vulnerability{
ID: vulnerabilityID,
Title: advisory.Advisory,
})
}
}
if err = s.saveVulnerabilities(vulns); err != nil {
return nil, err
}
return advisoryDB, nil
}
func (s Scanner) saveVulnerabilities(vulns []vulnerability.Vulnerability) error {
vdb := vulnerability.DB{}
return vdb.BatchUpdate(func(b *bbolt.Bucket) error {
for _, vuln := range vulns {
if err := db.Put(b, vuln.ID, vulnerability.PythonSafetyDB, vuln); err != nil {
return xerrors.Errorf("failed to save %s vulnerability: %w", s.Type(), err)
}
}
return nil
})
}
Reference in New Issue View Git Blame Copy Permalink