Skip to content

Commit

Permalink
refactor: move PkgRef under PkgIdentifier (aquasecurity#5831)
Browse files Browse the repository at this point in the history
Signed-off-by: knqyf263 <knqyf263@gmail.com>
  • Loading branch information
knqyf263 authored Dec 29, 2023
1 parent b3d516e commit 1607eee
Show file tree
Hide file tree
Showing 35 changed files with 462 additions and 528 deletions.
55 changes: 22 additions & 33 deletions integration/sbom_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,13 +42,19 @@ func TestSBOM(t *testing.T) {
Target: "testdata/fixtures/sbom/centos-7-cyclonedx.json (centos 7.6.1810)",
Vulnerabilities: []types.DetectedVulnerability{
{
PkgRef: "pkg:rpm/centos/bash@4.2.46-31.el7?arch=x86_64&distro=centos-7.6.1810",
PkgIdentifier: ftypes.PkgIdentifier{
BOMRef: "pkg:rpm/centos/bash@4.2.46-31.el7?arch=x86_64&distro=centos-7.6.1810",
},
},
{
PkgRef: "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64&epoch=1&distro=centos-7.6.1810",
PkgIdentifier: ftypes.PkgIdentifier{
BOMRef: "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64&epoch=1&distro=centos-7.6.1810",
},
},
{
PkgRef: "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64&epoch=1&distro=centos-7.6.1810",
PkgIdentifier: ftypes.PkgIdentifier{
BOMRef: "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64&epoch=1&distro=centos-7.6.1810",
},
},
},
},
Expand Down Expand Up @@ -89,13 +95,19 @@ func TestSBOM(t *testing.T) {
Target: "testdata/fixtures/sbom/centos-7-cyclonedx.intoto.jsonl (centos 7.6.1810)",
Vulnerabilities: []types.DetectedVulnerability{
{
PkgRef: "pkg:rpm/centos/bash@4.2.46-31.el7?arch=x86_64&distro=centos-7.6.1810",
PkgIdentifier: ftypes.PkgIdentifier{
BOMRef: "pkg:rpm/centos/bash@4.2.46-31.el7?arch=x86_64&distro=centos-7.6.1810",
},
},
{
PkgRef: "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64&epoch=1&distro=centos-7.6.1810",
PkgIdentifier: ftypes.PkgIdentifier{
BOMRef: "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64&epoch=1&distro=centos-7.6.1810",
},
},
{
PkgRef: "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64&epoch=1&distro=centos-7.6.1810",
PkgIdentifier: ftypes.PkgIdentifier{
BOMRef: "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64&epoch=1&distro=centos-7.6.1810",
},
},
},
},
Expand All @@ -116,17 +128,6 @@ func TestSBOM(t *testing.T) {
Results: types.Results{
{
Target: "testdata/fixtures/sbom/centos-7-spdx.txt (centos 7.6.1810)",
Vulnerabilities: []types.DetectedVulnerability{
{
PkgRef: "pkg:rpm/centos/bash@4.2.46-31.el7?arch=x86_64&distro=centos-7.6.1810",
},
{
PkgRef: "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64&epoch=1&distro=centos-7.6.1810",
},
{
PkgRef: "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64&epoch=1&distro=centos-7.6.1810",
},
},
},
},
},
Expand All @@ -145,17 +146,6 @@ func TestSBOM(t *testing.T) {
Results: types.Results{
{
Target: "testdata/fixtures/sbom/centos-7-spdx.json (centos 7.6.1810)",
Vulnerabilities: []types.DetectedVulnerability{
{
PkgRef: "pkg:rpm/centos/bash@4.2.46-31.el7?arch=x86_64&distro=centos-7.6.1810",
},
{
PkgRef: "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64&epoch=1&distro=centos-7.6.1810",
},
{
PkgRef: "pkg:rpm/centos/openssl-libs@1.0.2k-16.el7?arch=x86_64&epoch=1&distro=centos-7.6.1810",
},
},
},
},
},
Expand Down Expand Up @@ -223,12 +213,11 @@ func compareSBOMReports(t *testing.T, wantFile, gotFile string, overrideWant typ
for i, result := range overrideWant.Results {
want.Results[i].Target = result.Target
for j, vuln := range result.Vulnerabilities {
want.Results[i].Vulnerabilities[j].PkgRef = vuln.PkgRef
if vuln.PkgIdentifier.Empty() {
continue
if vuln.PkgIdentifier.PURL != nil {
want.Results[i].Vulnerabilities[j].PkgIdentifier.PURL = vuln.PkgIdentifier.PURL
}
want.Results[i].Vulnerabilities[j].PkgIdentifier = ftypes.PkgIdentifier{
PURL: vuln.PkgIdentifier.PURL,
if vuln.PkgIdentifier.BOMRef != "" {
want.Results[i].Vulnerabilities[j].PkgIdentifier.BOMRef = vuln.PkgIdentifier.BOMRef
}
}
}
Expand Down
12 changes: 6 additions & 6 deletions integration/testdata/conda-spdx.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
},
{
"name": "openssl",
"SPDXID": "SPDXRef-Package-a4bad823866cc210",
"SPDXID": "SPDXRef-Package-38e5db7a21fc70a8",
"versionInfo": "1.1.1q",
"supplier": "NOASSERTION",
"downloadLocation": "NONE",
Expand All @@ -43,7 +43,7 @@
},
{
"name": "pip",
"SPDXID": "SPDXRef-Package-e8a0eb2c9979a021",
"SPDXID": "SPDXRef-Package-f9844c873ead5dbe",
"versionInfo": "22.2.2",
"supplier": "NOASSERTION",
"downloadLocation": "NONE",
Expand Down Expand Up @@ -110,21 +110,21 @@
},
{
"spdxElementId": "SPDXRef-Application-ee5ef1aa4ac89125",
"relatedSpdxElement": "SPDXRef-Package-a4bad823866cc210",
"relatedSpdxElement": "SPDXRef-Package-38e5db7a21fc70a8",
"relationshipType": "CONTAINS"
},
{
"spdxElementId": "SPDXRef-Package-a4bad823866cc210",
"spdxElementId": "SPDXRef-Package-38e5db7a21fc70a8",
"relatedSpdxElement": "SPDXRef-File-600e5e0110a84891",
"relationshipType": "CONTAINS"
},
{
"spdxElementId": "SPDXRef-Application-ee5ef1aa4ac89125",
"relatedSpdxElement": "SPDXRef-Package-e8a0eb2c9979a021",
"relatedSpdxElement": "SPDXRef-Package-f9844c873ead5dbe",
"relationshipType": "CONTAINS"
},
{
"spdxElementId": "SPDXRef-Package-e8a0eb2c9979a021",
"spdxElementId": "SPDXRef-Package-f9844c873ead5dbe",
"relatedSpdxElement": "SPDXRef-File-7eb62e2a3edddc0a",
"relationshipType": "CONTAINS"
}
Expand Down
12 changes: 6 additions & 6 deletions integration/testdata/fluentd-multiple-lockfiles.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -29,14 +29,14 @@
"VulnerabilityID": "CVE-2019-18276",
"PkgName": "bash",
"PkgIdentifier": {
"PURL": "pkg:deb/debian/bash@5.0-4?distro=debian-10.2"
"PURL": "pkg:deb/debian/bash@5.0-4?distro=debian-10.2",
"BOMRef": "pkg:deb/debian/bash@5.0-4?distro=debian-10.2"
},
"InstalledVersion": "5.0-4",
"Status": "affected",
"Layer": {},
"SeveritySource": "debian",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276",
"PkgRef": "pkg:deb/debian/bash@5.0-4?distro=debian-10.2",
"DataSource": {
"ID": "debian",
"Name": "Debian Security Tracker",
Expand Down Expand Up @@ -92,15 +92,15 @@
],
"PkgName": "libidn2-0",
"PkgIdentifier": {
"PURL": "pkg:deb/debian/libidn2-0@2.0.5-1?distro=debian-10.2"
"PURL": "pkg:deb/debian/libidn2-0@2.0.5-1?distro=debian-10.2",
"BOMRef": "pkg:deb/debian/libidn2-0@2.0.5-1?distro=debian-10.2"
},
"InstalledVersion": "2.0.5-1",
"FixedVersion": "2.0.5-1+deb10u1",
"Status": "fixed",
"Layer": {},
"SeveritySource": "nvd",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18224",
"PkgRef": "pkg:deb/debian/libidn2-0@2.0.5-1?distro=debian-10.2",
"DataSource": {
"ID": "debian",
"Name": "Debian Security Tracker",
Expand Down Expand Up @@ -161,15 +161,15 @@
"PkgName": "activesupport",
"PkgPath": "var/lib/gems/2.5.0/specifications/activesupport-6.0.2.1.gemspec",
"PkgIdentifier": {
"PURL": "pkg:gem/activesupport@6.0.2.1"
"PURL": "pkg:gem/activesupport@6.0.2.1",
"BOMRef": "pkg:gem/activesupport@6.0.2.1?file_path=var%2Flib%2Fgems%2F2.5.0%2Fspecifications%2Factivesupport-6.0.2.1.gemspec"
},
"InstalledVersion": "6.0.2.1",
"FixedVersion": "6.0.3.1, 5.2.4.3",
"Status": "fixed",
"Layer": {},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-8165",
"PkgRef": "pkg:gem/activesupport@6.0.2.1?file_path=var%2Flib%2Fgems%2F2.5.0%2Fspecifications%2Factivesupport-6.0.2.1.gemspec",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory RubyGems",
Expand Down
4 changes: 2 additions & 2 deletions integration/testdata/minikube-kbom.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -34,15 +34,15 @@
"VulnerabilityID": "CVE-2023-2431",
"PkgName": "k8s.io/kubelet",
"PkgIdentifier": {
"PURL": "pkg:k8s/k8s.io%2Fkubelet@1.27.0"
"PURL": "pkg:k8s/k8s.io%2Fkubelet@1.27.0",
"BOMRef": "pkg:k8s/k8s.io%2Fkubelet@1.27.0"
},
"InstalledVersion": "1.27.0",
"FixedVersion": "1.24.14, 1.25.9, 1.26.4, 1.27.1",
"Status": "fixed",
"Layer": {},
"SeveritySource": "k8s",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2431",
"PkgRef": "pkg:k8s/k8s.io%2Fkubelet@1.27.0",
"DataSource": {
"ID": "k8s",
"Name": "Official Kubernetes CVE Feed",
Expand Down
1 change: 0 additions & 1 deletion pkg/detector/library/detect.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,6 @@ func detect(driver Driver, libs []ftypes.Package) ([]types.DetectedVulnerability
for i := range vulns {
vulns[i].Layer = lib.Layer
vulns[i].PkgPath = lib.FilePath
vulns[i].PkgRef = lib.Ref
vulns[i].PkgIdentifier = lib.Identifier
}
vulnerabilities = append(vulnerabilities, vulns...)
Expand Down
1 change: 0 additions & 1 deletion pkg/detector/ospkg/alma/alma.go
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,6 @@ func (s *Scanner) Detect(osVer string, _ *ftypes.Repository, pkgs []ftypes.Packa
PkgName: pkg.Name,
InstalledVersion: installed,
FixedVersion: fixedVersion.String(),
PkgRef: pkg.Ref,
PkgIdentifier: pkg.Identifier,
Layer: pkg.Layer,
DataSource: adv.DataSource,
Expand Down
1 change: 0 additions & 1 deletion pkg/detector/ospkg/alpine/alpine.go
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,6 @@ func (s *Scanner) Detect(osVer string, repo *ftypes.Repository, pkgs []ftypes.Pa
InstalledVersion: utils.FormatVersion(pkg),
FixedVersion: adv.FixedVersion,
Layer: pkg.Layer,
PkgRef: pkg.Ref,
PkgIdentifier: pkg.Identifier,
Custom: adv.Custom,
DataSource: adv.DataSource,
Expand Down
1 change: 0 additions & 1 deletion pkg/detector/ospkg/amazon/amazon.go
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,6 @@ func (s *Scanner) Detect(osVer string, _ *ftypes.Repository, pkgs []ftypes.Packa
PkgName: pkg.Name,
InstalledVersion: installed,
FixedVersion: adv.FixedVersion,
PkgRef: pkg.Ref,
PkgIdentifier: pkg.Identifier,
Layer: pkg.Layer,
Custom: adv.Custom,
Expand Down
1 change: 0 additions & 1 deletion pkg/detector/ospkg/chainguard/chainguard.go
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,6 @@ func (s *Scanner) Detect(_ string, _ *ftypes.Repository, pkgs []ftypes.Package)
InstalledVersion: installed,
FixedVersion: adv.FixedVersion,
Layer: pkg.Layer,
PkgRef: pkg.Ref,
PkgIdentifier: pkg.Identifier,
Custom: adv.Custom,
DataSource: adv.DataSource,
Expand Down
1 change: 0 additions & 1 deletion pkg/detector/ospkg/debian/debian.go
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,6 @@ func (s *Scanner) Detect(osVer string, _ *ftypes.Repository, pkgs []ftypes.Packa
PkgName: pkg.Name,
InstalledVersion: utils.FormatVersion(pkg),
FixedVersion: adv.FixedVersion,
PkgRef: pkg.Ref,
PkgIdentifier: pkg.Identifier,
Status: adv.Status,
Layer: pkg.Layer,
Expand Down
1 change: 0 additions & 1 deletion pkg/detector/ospkg/mariner/mariner.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,6 @@ func (s *Scanner) Detect(osVer string, _ *ftypes.Repository, pkgs []ftypes.Packa
VulnerabilityID: adv.VulnerabilityID,
PkgName: pkg.Name,
InstalledVersion: utils.FormatVersion(pkg),
PkgRef: pkg.Ref,
PkgIdentifier: pkg.Identifier,
Layer: pkg.Layer,
DataSource: adv.DataSource,
Expand Down
1 change: 0 additions & 1 deletion pkg/detector/ospkg/oracle/oracle.go
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,6 @@ func (s *Scanner) Detect(osVer string, _ *ftypes.Repository, pkgs []ftypes.Packa
PkgID: pkg.ID,
PkgName: pkg.Name,
InstalledVersion: installed,
PkgRef: pkg.Ref,
PkgIdentifier: pkg.Identifier,
Layer: pkg.Layer,
Custom: adv.Custom,
Expand Down
1 change: 0 additions & 1 deletion pkg/detector/ospkg/photon/photon.go
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,6 @@ func (s *Scanner) Detect(osVer string, _ *ftypes.Repository, pkgs []ftypes.Packa
PkgID: pkg.ID,
PkgName: pkg.Name,
InstalledVersion: installed,
PkgRef: pkg.Ref,
PkgIdentifier: pkg.Identifier,
Layer: pkg.Layer,
Custom: adv.Custom,
Expand Down
1 change: 0 additions & 1 deletion pkg/detector/ospkg/redhat/redhat.go
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,6 @@ func (s *Scanner) detect(osVer string, pkg ftypes.Package) ([]types.DetectedVuln
PkgID: pkg.ID,
PkgName: pkg.Name,
InstalledVersion: utils.FormatVersion(pkg),
PkgRef: pkg.Ref,
PkgIdentifier: pkg.Identifier,
Status: adv.Status,
Layer: pkg.Layer,
Expand Down
1 change: 0 additions & 1 deletion pkg/detector/ospkg/rocky/rocky.go
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,6 @@ func (s *Scanner) Detect(osVer string, _ *ftypes.Repository, pkgs []ftypes.Packa
PkgName: pkg.Name,
InstalledVersion: installed,
FixedVersion: fixedVersion.String(),
PkgRef: pkg.Ref,
PkgIdentifier: pkg.Identifier,
Layer: pkg.Layer,
DataSource: adv.DataSource,
Expand Down
1 change: 0 additions & 1 deletion pkg/detector/ospkg/suse/suse.go
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,6 @@ func (s *Scanner) Detect(osVer string, _ *ftypes.Repository, pkgs []ftypes.Packa
PkgID: pkg.ID,
PkgName: pkg.Name,
InstalledVersion: installed,
PkgRef: pkg.Ref,
PkgIdentifier: pkg.Identifier,
Layer: pkg.Layer,
Custom: adv.Custom,
Expand Down
1 change: 0 additions & 1 deletion pkg/detector/ospkg/ubuntu/ubuntu.go
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,6 @@ func (s *Scanner) Detect(osVer string, _ *ftypes.Repository, pkgs []ftypes.Packa
PkgName: pkg.Name,
InstalledVersion: utils.FormatVersion(pkg),
FixedVersion: adv.FixedVersion,
PkgRef: pkg.Ref,
PkgIdentifier: pkg.Identifier,
Layer: pkg.Layer,
Custom: adv.Custom,
Expand Down
1 change: 0 additions & 1 deletion pkg/detector/ospkg/wolfi/wolfi.go
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,6 @@ func (s *Scanner) Detect(_ string, _ *ftypes.Repository, pkgs []ftypes.Package)
InstalledVersion: installed,
FixedVersion: adv.FixedVersion,
Layer: pkg.Layer,
PkgRef: pkg.Ref,
PkgIdentifier: pkg.Identifier,
Custom: adv.Custom,
DataSource: adv.DataSource,
Expand Down
Loading

0 comments on commit 1607eee

Please sign in to comment.