Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

formatters/trivy:fix - find correct line of dependency #882

Merged
merged 3 commits into from
Dec 21, 2021
Merged

formatters/trivy:fix - find correct line of dependency #882

merged 3 commits into from
Dec 21, 2021

Conversation

ne0z
Copy link
Contributor

@ne0z ne0z commented Dec 17, 2021

Signed-off-by: Danang Heriyadi danang.heriyadi19@gmail.com

- What I did
Tried to solve #881 bug by adding some code to find where the correct line. I am not sure it's effective or not. But it's work. In my code, I define the start line from 0, is that correct?

- How to verify it

$ git clone https://github.com/sqreen/go-dvwa.git
$ cd go-dvwa
$ horusec generate
$ horusec start -p $(pwd)

Check Horusec report on the go.sum file it will show as below:

==================================================================================

Language: Generic
Severity: UNKNOWN
Line: 73
Column: 0
SecurityTool: Trivy
Confidence: MEDIUM
File: /home/danang/Project/Horusec/go-dvwa/go.sum
Code: github.com/gin-gonic/gin
Details: Installed Version: "1.3.0", Update to Version: "v1.6.0" for fix this issue.
Type: Vulnerability
ReferenceHash: 305e9fe32192f87c2ae313293102c8715fbbbf7e65ff76aa428a9f31c9aca02f

==================================================================================

Language: Generic
Severity: UNKNOWN
Line: 223
Column: 0
SecurityTool: Trivy
Confidence: MEDIUM
File: /home/danang/Project/Horusec/go-dvwa/go.sum
Code: github.com/labstack/echo/v4
Details: Installed Version: "4.1.17", Update to Version: "v4.1.18-0.20201215153152-4422e3b66b9f" for fix this issue.
Type: Vulnerability
ReferenceHash: 9638f420ede278f73f221370043c730b64c2c3dd7dae3ac441425aebe83bba63

==================================================================================

Language: Generic
Severity: UNKNOWN
Line: 309
Column: 0
SecurityTool: Trivy
Confidence: MEDIUM
File: /home/danang/Project/Horusec/go-dvwa/go.sum
Code: github.com/satori/go.uuid
Details: Installed Version: "1.2.0", Update to Version: "v1.2.1-0.20181016170032-d91630c85102" for fix this issue.
Type: Vulnerability
ReferenceHash: da0698507f527a58779a52c478955f4defc6c320bf430840d942ea10a6423c7e

==================================================================================

- Description for the changelog

@ne0z
Add some logic to find where the correct line that should be pinpointed
b5a8449 
Signed-off-by: Danang Heriyadi <danang.heriyadi19@gmail.com>
@ne0z ne0z changed the title Add some logic to find where the correct line that should be pinpointed Add some logic on the Trivy Formatter to find where the correct line that should be pinpointed Dec 17, 2021
matheusalcantarazup
matheusalcantarazup suggested changes Dec 17, 2021
View reviewed changes
Copy link
Contributor

@matheusalcantarazup matheusalcantarazup left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank very much for your contribution @ne0z
Can you also please change your PR and commit title to follow our patterns?
formatters/trivy:fix - find correct line of dependency

internal/services/formatters/generic/trivy/formatter.go Outdated Show resolved Hide resolved
@wiliansilvazup wiliansilvazup added the kind/improvement This issue is not a Bug nor a Feature label Dec 17, 2021
@wiliansilvazup wiliansilvazup linked an issue Dec 17, 2021 that may be closed by this pull request
Horusec Trivy Scan results on go.sum always return line 0 #881
Closed
@ne0z ne0z changed the title Add some logic on the Trivy Formatter to find where the correct line that should be pinpointed formatters/trivy:fix - find correct line of dependency Dec 20, 2021
@ne0z
Replace findLineByFilename with GetDependencyInfo
2627656 
Signed-off-by: Danang Heriyadi <danang.heriyadi19@gmail.com>
matheusalcantarazup
matheusalcantarazup suggested changes Dec 20, 2021
View reviewed changes
internal/utils/file/file.go Outdated Show resolved Hide resolved
@ne0z
Update godoc & implement variadic parameter
274a738 
Signed-off-by: Danang Heriyadi <danang.heriyadi19@gmail.com>
@matheusalcantarazup matheusalcantarazup merged commit b1a96b2 into ZupIT:main Dec 21, 2021
@matheusalcantarazup
Copy link
Contributor

Thanks very much for your contribution @ne0z

nathanmartinszup added a commit that referenced this pull request Jan 18, 2022
@nathanmartinszup
trivy:bugfix - adding func to avoid hash changes in trivy formatter
43a4f0b 
Since the pull request #882 some
changes were made in the line and code of the trivy formatter,
and this data influences directly the hash generation.
This pr will avoid this hash change by using the same data as
before, but for the users the data will be showed with the fixes
made in the pull request 882, leading to no braking changes
and keeping the fixes.

Signed-off-by: Nathan Martins <nathan.martins@zup.com.br>
@nathanmartinszup nathanmartinszup mentioned this pull request Jan 18, 2022
Merged
nathanmartinszup added a commit that referenced this pull request Jan 18, 2022
@nathanmartinszup
trivy:bugfix - adding func to avoid hash changes in trivy formatter
25d831b 
Since the pull request #882 some
changes were made in the line and code of the trivy formatter,
and this data influences directly the hash generation.
This pr will avoid this hash change by using the same data as
before, but for the users the data will be showed with the fixes
made in the pull request 882, leading to no braking changes
and keeping the fixes.

Signed-off-by: Nathan Martins <nathan.martins@zup.com.br>
nathanmartinszup added a commit that referenced this pull request Jan 18, 2022
@nathanmartinszup
trivy:bugfix - adding func to avoid hash changes in trivy formatter
0193de4 
Since the pull request #882 some
changes were made in the line and code of the trivy formatter,
and this data influences directly the hash generation.
This pr will avoid this hash change by using the same data as
before, but for the users the data will be showed with the fixes
made in the pull request 882, leading to no braking changes
and keeping the fixes.

Signed-off-by: Nathan Martins <nathan.martins@zup.com.br>
nathanmartinszup added a commit that referenced this pull request Jan 20, 2022
@nathanmartinszup
trivy:bugfix - adding func to avoid hash changes in trivy formatter (#…
0a2ecee 
…929)

Since the pull request #882 some
changes were made in the line and code of the trivy formatter,
and this data influences directly the hash generation.
This pr will avoid this hash change by using the same data as
before, but for the users the data will be showed with the fixes
made in the pull request 882, leading to no braking changes
and keeping the fixes.

Signed-off-by: Nathan Martins <nathan.martins@zup.com.br>
matheusalcantarazup pushed a commit that referenced this pull request Jan 21, 2022
@nathanmartinszup @matheusalcantarazup
trivy:bugfix - adding func to avoid hash changes in trivy formatter (#…
d39db25 
…929)

Since the pull request #882 some
changes were made in the line and code of the trivy formatter,
and this data influences directly the hash generation.
This pr will avoid this hash change by using the same data as
before, but for the users the data will be showed with the fixes
made in the pull request 882, leading to no braking changes
and keeping the fixes.

Signed-off-by: Nathan Martins <nathan.martins@zup.com.br>
(cherry picked from commit 0a2ecee)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matheusalcantarazup matheusalcantarazup matheusalcantarazup approved these changes

@nathanmartinszup nathanmartinszup nathanmartinszup approved these changes

@iancardosozup iancardosozup Awaiting requested review from iancardosozup

@lucasbrunozup lucasbrunozup Awaiting requested review from lucasbrunozup

@wiliansilvazup wiliansilvazup Awaiting requested review from wiliansilvazup

Assignees
No one assigned
Labels
kind/improvement This issue is not a Bug nor a Feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Horusec Trivy Scan results on go.sum always return line 0
4 participants
@ne0z @matheusalcantarazup @nathanmartinszup @wiliansilvazup