diff --git a/pkg/fanal/analyzer/pkg/apk/apk.go b/pkg/fanal/analyzer/pkg/apk/apk.go index c700121d05d0..a319ebc6717f 100644 --- a/pkg/fanal/analyzer/pkg/apk/apk.go +++ b/pkg/fanal/analyzer/pkg/apk/apk.go @@ -89,7 +89,9 @@ func (a alpinePkgAnalyzer) parseApkInfo(scanner *bufio.Scanner) ([]types.Package case "F:": dir = line[2:] case "R:": - installedFiles = append(installedFiles, path.Join(dir, line[2:])) + absPath := path.Join(dir, line[2:]) + pkg.InstalledFiles = append(pkg.InstalledFiles, absPath) + installedFiles = append(installedFiles, absPath) case "p:": // provides (corresponds to provides in PKGINFO, concatenated by spaces into a single line) a.parseProvides(line, pkg.ID, provides) case "D:": // dependencies (corresponds to depend in PKGINFO, concatenated by spaces into a single line) diff --git a/pkg/fanal/analyzer/pkg/apk/apk_test.go b/pkg/fanal/analyzer/pkg/apk/apk_test.go index 1c1230404574..f7b308fcbd49 100644 --- a/pkg/fanal/analyzer/pkg/apk/apk_test.go +++ b/pkg/fanal/analyzer/pkg/apk/apk_test.go @@ -6,302 +6,415 @@ import ( "testing" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "github.com/aquasecurity/trivy/pkg/fanal/types" ) -func TestParseApkInfo(t *testing.T) { - var tests = map[string]struct { - path string - wantPkgs []types.Package - wantFiles []string - }{ - "Valid": { - path: "./testdata/apk", - wantPkgs: []types.Package{ - { - ID: "musl@1.1.14-r10", - Name: "musl", - Version: "1.1.14-r10", - SrcName: "musl", - SrcVersion: "1.1.14-r10", - Licenses: []string{"MIT"}, - Arch: "x86_64", - Digest: "sha1:d68b402f35f57750f49156b0cb4e886a2ad35d2d", - }, - { - ID: "busybox@1.24.2-r9", - Name: "busybox", - Version: "1.24.2-r9", - SrcName: "busybox", - SrcVersion: "1.24.2-r9", - Licenses: []string{"GPL-2.0"}, - DependsOn: []string{"musl@1.1.14-r10"}, - Arch: "x86_64", - Digest: "sha1:ca124719267cd0bedc2f4cb850a286ac13f0ad44", - }, - { - ID: "alpine-baselayout@3.0.3-r0", - Name: "alpine-baselayout", - Version: "3.0.3-r0", - SrcName: "alpine-baselayout", - SrcVersion: "3.0.3-r0", - Licenses: []string{"GPL-2.0"}, - DependsOn: []string{"busybox@1.24.2-r9", "musl@1.1.14-r10"}, - Arch: "x86_64", - Digest: "sha1:a214896150411d72dd1fafdb32d1c6c4855cccfa", - }, - { - ID: "alpine-keys@1.1-r0", - Name: "alpine-keys", - Version: "1.1-r0", - SrcName: "alpine-keys", - SrcVersion: "1.1-r0", - Licenses: []string{"GPL-3.0"}, - Arch: "x86_64", - Digest: "sha1:4def7ffaee6aeba700c1d62570326f75cbb8fa25", - }, - { - ID: "zlib@1.2.8-r2", - Name: "zlib", - Version: "1.2.8-r2", - SrcName: "zlib", - SrcVersion: "1.2.8-r2", - Licenses: []string{"Zlib"}, - DependsOn: []string{"musl@1.1.14-r10"}, - Arch: "x86_64", - Digest: "sha1:efd04d34d40aa8eb331480127364c27a8ba760ef", - }, - { - ID: "libcrypto1.0@1.0.2h-r1", - Name: "libcrypto1.0", - Version: "1.0.2h-r1", - SrcName: "openssl", - SrcVersion: "1.0.2h-r1", - Licenses: []string{"openssl"}, - DependsOn: []string{"musl@1.1.14-r10", "zlib@1.2.8-r2"}, - Arch: "x86_64", - Digest: "sha1:65c860ff8f103b664f40ba849a3f5a51c69c8beb", - }, - { - ID: "libssl1.0@1.0.2h-r1", - Name: "libssl1.0", - Version: "1.0.2h-r1", - SrcName: "openssl", - SrcVersion: "1.0.2h-r1", - Licenses: []string{"openssl"}, - Digest: "sha1:7120f337e93b2b4c44e0f5f31a15b60dc678ca14", - DependsOn: []string{ - "libcrypto1.0@1.0.2h-r1", - "musl@1.1.14-r10", - }, - Arch: "x86_64", - }, - { - ID: "apk-tools@2.6.7-r0", - Name: "apk-tools", - Version: "2.6.7-r0", - SrcName: "apk-tools", - SrcVersion: "2.6.7-r0", - Licenses: []string{"GPL-2.0"}, - Digest: "sha1:0990c0acd62b4175818c3a4cc60ed11f14e23bd8", - DependsOn: []string{ - "libcrypto1.0@1.0.2h-r1", - "libssl1.0@1.0.2h-r1", - "musl@1.1.14-r10", - "zlib@1.2.8-r2", - }, - Arch: "x86_64", - }, - { - ID: "scanelf@1.1.6-r0", - Name: "scanelf", - Version: "1.1.6-r0", - SrcName: "pax-utils", - SrcVersion: "1.1.6-r0", - Licenses: []string{"GPL-2.0"}, - Digest: "sha1:f9bab817c5ad93e92a6218bc0f7596b657c02d90", - DependsOn: []string{"musl@1.1.14-r10"}, - Arch: "x86_64", - }, - { - ID: "musl-utils@1.1.14-r10", - Name: "musl-utils", - Version: "1.1.14-r10", - SrcName: "musl", - SrcVersion: "1.1.14-r10", - Licenses: []string{"MIT", "BSD-3-Clause", "GPL-2.0"}, - Digest: "sha1:608aa1dd39eff7bc6615d3e5e33383750f8f5ecc", - DependsOn: []string{ - "musl@1.1.14-r10", - "scanelf@1.1.6-r0", - }, - Arch: "x86_64", - }, - { - ID: "libc-utils@0.7-r0", - Name: "libc-utils", - Version: "0.7-r0", - SrcName: "libc-dev", - SrcVersion: "0.7-r0", - Licenses: []string{"GPL-3.0"}, - Digest: "sha1:9055bc7afd76cf2672198042f72fc4a5ed4fa961", - DependsOn: []string{"musl-utils@1.1.14-r10"}, - Arch: "x86_64", - }, - { - ID: "pkgconf@1.6.0-r0", - Name: "pkgconf", - Version: "1.6.0-r0", - SrcName: "pkgconf", - SrcVersion: "1.6.0-r0", - Licenses: []string{"ISC"}, - Digest: "sha1:e6242ac29589c8a84a4b179b491ea7c29fce66a9", - DependsOn: []string{"musl@1.1.14-r10"}, - Arch: "x86_64", - }, +var pkgs = []types.Package{ + { + ID: "musl@1.1.14-r10", + Name: "musl", + Version: "1.1.14-r10", + SrcName: "musl", + SrcVersion: "1.1.14-r10", + Licenses: []string{"MIT"}, + Arch: "x86_64", + Digest: "sha1:d68b402f35f57750f49156b0cb4e886a2ad35d2d", + InstalledFiles: []string{ + "lib/libc.musl-x86_64.so.1", + "lib/ld-musl-x86_64.so.1", + }, + }, + { + ID: "busybox@1.24.2-r9", + Name: "busybox", + Version: "1.24.2-r9", + SrcName: "busybox", + SrcVersion: "1.24.2-r9", + Licenses: []string{"GPL-2.0"}, + DependsOn: []string{"musl@1.1.14-r10"}, + Arch: "x86_64", + Digest: "sha1:ca124719267cd0bedc2f4cb850a286ac13f0ad44", + InstalledFiles: []string{ + "bin/busybox", + "bin/sh", + "etc/securetty", + "etc/udhcpd.conf", + "etc/logrotate.d/acpid", + }, + }, + { + ID: "alpine-baselayout@3.0.3-r0", + Name: "alpine-baselayout", + Version: "3.0.3-r0", + SrcName: "alpine-baselayout", + SrcVersion: "3.0.3-r0", + Licenses: []string{"GPL-2.0"}, + DependsOn: []string{"busybox@1.24.2-r9", "musl@1.1.14-r10"}, + Arch: "x86_64", + Digest: "sha1:a214896150411d72dd1fafdb32d1c6c4855cccfa", + InstalledFiles: []string{ + "etc/hosts", + "etc/sysctl.conf", + "etc/group", + "etc/protocols", + "etc/fstab", + "etc/mtab", + "etc/profile", + "etc/TZ", + "etc/shells", + "etc/motd", + "etc/inittab", + "etc/hostname", + "etc/modules", + "etc/services", + "etc/shadow", + "etc/passwd", + "etc/profile.d/color_prompt", + "etc/sysctl.d/00-alpine.conf", + "etc/modprobe.d/i386.conf", + "etc/modprobe.d/blacklist.conf", + "etc/modprobe.d/aliases.conf", + "etc/modprobe.d/kms.conf", + "etc/crontabs/root", + "sbin/mkmntdirs", + "var/spool/cron/crontabs", + }, + }, + { + ID: "alpine-keys@1.1-r0", + Name: "alpine-keys", + Version: "1.1-r0", + SrcName: "alpine-keys", + SrcVersion: "1.1-r0", + Licenses: []string{"GPL-3.0"}, + Arch: "x86_64", + Digest: "sha1:4def7ffaee6aeba700c1d62570326f75cbb8fa25", + InstalledFiles: []string{ + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4d07755e.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + }, + }, + { + ID: "zlib@1.2.8-r2", + Name: "zlib", + Version: "1.2.8-r2", + SrcName: "zlib", + SrcVersion: "1.2.8-r2", + Licenses: []string{"Zlib"}, + DependsOn: []string{"musl@1.1.14-r10"}, + Arch: "x86_64", + Digest: "sha1:efd04d34d40aa8eb331480127364c27a8ba760ef", + InstalledFiles: []string{ + "lib/libz.so.1.2.8", + "lib/libz.so.1", + }, + }, + { + ID: "libcrypto1.0@1.0.2h-r1", + Name: "libcrypto1.0", + Version: "1.0.2h-r1", + SrcName: "openssl", + SrcVersion: "1.0.2h-r1", + Licenses: []string{"openssl"}, + DependsOn: []string{"musl@1.1.14-r10", "zlib@1.2.8-r2"}, + Arch: "x86_64", + Digest: "sha1:65c860ff8f103b664f40ba849a3f5a51c69c8beb", + InstalledFiles: []string{ + "lib/libcrypto.so.1.0.0", + "usr/bin/c_rehash", + "usr/lib/libcrypto.so.1.0.0", + "usr/lib/engines/libubsec.so", + "usr/lib/engines/libatalla.so", + "usr/lib/engines/libcapi.so", + "usr/lib/engines/libgost.so", + "usr/lib/engines/libcswift.so", + "usr/lib/engines/libchil.so", + "usr/lib/engines/libgmp.so", + "usr/lib/engines/libnuron.so", + "usr/lib/engines/lib4758cca.so", + "usr/lib/engines/libsureware.so", + "usr/lib/engines/libpadlock.so", + "usr/lib/engines/libaep.so", + }, + }, + { + ID: "libssl1.0@1.0.2h-r1", + Name: "libssl1.0", + Version: "1.0.2h-r1", + SrcName: "openssl", + SrcVersion: "1.0.2h-r1", + Licenses: []string{"openssl"}, + Digest: "sha1:7120f337e93b2b4c44e0f5f31a15b60dc678ca14", + DependsOn: []string{ + "libcrypto1.0@1.0.2h-r1", + "musl@1.1.14-r10", + }, + Arch: "x86_64", + InstalledFiles: []string{ + "lib/libssl.so.1.0.0", + "usr/lib/libssl.so.1.0.0", + }, + }, + { + ID: "apk-tools@2.6.7-r0", + Name: "apk-tools", + Version: "2.6.7-r0", + SrcName: "apk-tools", + SrcVersion: "2.6.7-r0", + Licenses: []string{"GPL-2.0"}, + Digest: "sha1:0990c0acd62b4175818c3a4cc60ed11f14e23bd8", + DependsOn: []string{ + "libcrypto1.0@1.0.2h-r1", + "libssl1.0@1.0.2h-r1", + "musl@1.1.14-r10", + "zlib@1.2.8-r2", + }, + Arch: "x86_64", + InstalledFiles: []string{ + "sbin/apk", + }, + }, + { + ID: "scanelf@1.1.6-r0", + Name: "scanelf", + Version: "1.1.6-r0", + SrcName: "pax-utils", + SrcVersion: "1.1.6-r0", + Licenses: []string{"GPL-2.0"}, + Digest: "sha1:f9bab817c5ad93e92a6218bc0f7596b657c02d90", + DependsOn: []string{"musl@1.1.14-r10"}, + Arch: "x86_64", + InstalledFiles: []string{ + "usr/bin/scanelf", + }, + }, + { + ID: "musl-utils@1.1.14-r10", + Name: "musl-utils", + Version: "1.1.14-r10", + SrcName: "musl", + SrcVersion: "1.1.14-r10", + Licenses: []string{"MIT", "BSD-3-Clause", "GPL-2.0"}, + Digest: "sha1:608aa1dd39eff7bc6615d3e5e33383750f8f5ecc", + DependsOn: []string{ + "musl@1.1.14-r10", + "scanelf@1.1.6-r0", + }, + Arch: "x86_64", + InstalledFiles: []string{ + "sbin/ldconfig", + "usr/bin/iconv", + "usr/bin/ldd", + "usr/bin/getconf", + "usr/bin/getent", + }, + }, + { + ID: "libc-utils@0.7-r0", + Name: "libc-utils", + Version: "0.7-r0", + SrcName: "libc-dev", + SrcVersion: "0.7-r0", + Licenses: []string{"GPL-3.0"}, + Digest: "sha1:9055bc7afd76cf2672198042f72fc4a5ed4fa961", + DependsOn: []string{"musl-utils@1.1.14-r10"}, + Arch: "x86_64", + //InstalledFiles: []string{}, + }, + { + ID: "pkgconf@1.6.0-r0", + Name: "pkgconf", + Version: "1.6.0-r0", + SrcName: "pkgconf", + SrcVersion: "1.6.0-r0", + Licenses: []string{"ISC"}, + Digest: "sha1:e6242ac29589c8a84a4b179b491ea7c29fce66a9", + DependsOn: []string{"musl@1.1.14-r10"}, + Arch: "x86_64", + InstalledFiles: []string{ + "usr/bin/pkgconf", + "usr/bin/pkg-config", + "usr/lib/libpkgconf.so.3.0.0", + "usr/lib/libpkgconf.so.3", + "usr/share/aclocal/pkg.m4", + }, + }, - { - ID: "sqlite-libs@3.26.0-r3", - Name: "sqlite-libs", - Version: "3.26.0-r3", - SrcName: "sqlite", - SrcVersion: "3.26.0-r3", - Licenses: []string{"Public-Domain"}, - Digest: "sha1:1464946c3a5f0dd5a67ca1af930fc17af7a74474", - DependsOn: []string{"musl@1.1.14-r10"}, - Arch: "x86_64", - }, + { + ID: "sqlite-libs@3.26.0-r3", + Name: "sqlite-libs", + Version: "3.26.0-r3", + SrcName: "sqlite", + SrcVersion: "3.26.0-r3", + Licenses: []string{"Public-Domain"}, + Digest: "sha1:1464946c3a5f0dd5a67ca1af930fc17af7a74474", + DependsOn: []string{"musl@1.1.14-r10"}, + Arch: "x86_64", + InstalledFiles: []string{ + "usr/lib/libsqlite3.so.0", + "usr/lib/libsqlite3.so.0.8.6", + }, + }, - { - ID: "test@2.9.11_pre20061021-r2", - Name: "test", - Version: "2.9.11_pre20061021-r2", - SrcName: "test-parent", - SrcVersion: "2.9.11_pre20061021-r2", - Licenses: []string{"Public-Domain"}, - Digest: "sha1:f0bf315ec54828188910e4a665c00bc48bdbdd7d", - DependsOn: []string{ - "pkgconf@1.6.0-r0", - "sqlite-libs@3.26.0-r3", - }, - Arch: "x86_64", - }, - }, - wantFiles: []string{ - // musl-1.1.14-r10 - "lib/libc.musl-x86_64.so.1", - "lib/ld-musl-x86_64.so.1", + { + ID: "test@2.9.11_pre20061021-r2", + Name: "test", + Version: "2.9.11_pre20061021-r2", + SrcName: "test-parent", + SrcVersion: "2.9.11_pre20061021-r2", + Licenses: []string{"Public-Domain"}, + Digest: "sha1:f0bf315ec54828188910e4a665c00bc48bdbdd7d", + DependsOn: []string{ + "pkgconf@1.6.0-r0", + "sqlite-libs@3.26.0-r3", + }, + Arch: "x86_64", + InstalledFiles: []string{ + "usr/lib/libsqlite3.so", + "usr/lib/pkgconfig/sqlite3.pc", + "usr/include/sqlite3ext.h", + "usr/include/sqlite3.h", + }, + }, +} + +var files = []string{ + // musl-1.1.14-r10 + "lib/libc.musl-x86_64.so.1", + "lib/ld-musl-x86_64.so.1", - // busybox-1.24.2-r9 - "bin/busybox", - "bin/sh", - "etc/securetty", - "etc/udhcpd.conf", - "etc/logrotate.d/acpid", + // busybox-1.24.2-r9 + "bin/busybox", + "bin/sh", + "etc/securetty", + "etc/udhcpd.conf", + "etc/logrotate.d/acpid", - // alpine-baselayout-3.0.3-r0 - "etc/hosts", - "etc/sysctl.conf", - "etc/group", - "etc/protocols", - "etc/fstab", - "etc/mtab", - "etc/profile", - "etc/TZ", - "etc/shells", - "etc/motd", - "etc/inittab", - "etc/hostname", - "etc/modules", - "etc/services", - "etc/shadow", - "etc/passwd", - "etc/profile.d/color_prompt", - "etc/sysctl.d/00-alpine.conf", - "etc/modprobe.d/i386.conf", - "etc/modprobe.d/blacklist.conf", - "etc/modprobe.d/aliases.conf", - "etc/modprobe.d/kms.conf", - "etc/crontabs/root", - "sbin/mkmntdirs", - "var/spool/cron/crontabs", + // alpine-baselayout-3.0.3-r0 + "etc/hosts", + "etc/sysctl.conf", + "etc/group", + "etc/protocols", + "etc/fstab", + "etc/mtab", + "etc/profile", + "etc/TZ", + "etc/shells", + "etc/motd", + "etc/inittab", + "etc/hostname", + "etc/modules", + "etc/services", + "etc/shadow", + "etc/passwd", + "etc/profile.d/color_prompt", + "etc/sysctl.d/00-alpine.conf", + "etc/modprobe.d/i386.conf", + "etc/modprobe.d/blacklist.conf", + "etc/modprobe.d/aliases.conf", + "etc/modprobe.d/kms.conf", + "etc/crontabs/root", + "sbin/mkmntdirs", + "var/spool/cron/crontabs", - // alpine-keys-1.1-r0 - "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4d07755e.rsa.pub", - "etc/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", - "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", - "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", - "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + // alpine-keys-1.1-r0 + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4d07755e.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", - // zlib-1.2.8-r2 - "lib/libz.so.1.2.8", - "lib/libz.so.1", + // zlib-1.2.8-r2 + "lib/libz.so.1.2.8", + "lib/libz.so.1", - // libcrypto1.0-1.0.2h-r1 - "lib/libcrypto.so.1.0.0", - "usr/bin/c_rehash", - "usr/lib/libcrypto.so.1.0.0", - "usr/lib/engines/libubsec.so", - "usr/lib/engines/libatalla.so", - "usr/lib/engines/libcapi.so", - "usr/lib/engines/libgost.so", - "usr/lib/engines/libcswift.so", - "usr/lib/engines/libchil.so", - "usr/lib/engines/libgmp.so", - "usr/lib/engines/libnuron.so", - "usr/lib/engines/lib4758cca.so", - "usr/lib/engines/libsureware.so", - "usr/lib/engines/libpadlock.so", - "usr/lib/engines/libaep.so", + // libcrypto1.0-1.0.2h-r1 + "lib/libcrypto.so.1.0.0", + "usr/bin/c_rehash", + "usr/lib/libcrypto.so.1.0.0", + "usr/lib/engines/libubsec.so", + "usr/lib/engines/libatalla.so", + "usr/lib/engines/libcapi.so", + "usr/lib/engines/libgost.so", + "usr/lib/engines/libcswift.so", + "usr/lib/engines/libchil.so", + "usr/lib/engines/libgmp.so", + "usr/lib/engines/libnuron.so", + "usr/lib/engines/lib4758cca.so", + "usr/lib/engines/libsureware.so", + "usr/lib/engines/libpadlock.so", + "usr/lib/engines/libaep.so", - // libssl1.0-1.0.2h-r1 - "lib/libssl.so.1.0.0", - "usr/lib/libssl.so.1.0.0", + // libssl1.0-1.0.2h-r1 + "lib/libssl.so.1.0.0", + "usr/lib/libssl.so.1.0.0", - // apk-tools-2.6.7-r0 - "sbin/apk", + // apk-tools-2.6.7-r0 + "sbin/apk", - // scanelf-1.1.6-r0 - "usr/bin/scanelf", + // scanelf-1.1.6-r0 + "usr/bin/scanelf", - // musl-utils-1.1.14-r10 - "sbin/ldconfig", - "usr/bin/iconv", - "usr/bin/ldd", - "usr/bin/getconf", - "usr/bin/getent", + // musl-utils-1.1.14-r10 + "sbin/ldconfig", + "usr/bin/iconv", + "usr/bin/ldd", + "usr/bin/getconf", + "usr/bin/getent", - // libc-utils-0.7-r0 + // libc-utils-0.7-r0 - // pkgconf-1.6.0-r0 - "usr/bin/pkgconf", - "usr/bin/pkg-config", - "usr/lib/libpkgconf.so.3.0.0", - "usr/lib/libpkgconf.so.3", - "usr/share/aclocal/pkg.m4", + // pkgconf-1.6.0-r0 + "usr/bin/pkgconf", + "usr/bin/pkg-config", + "usr/lib/libpkgconf.so.3.0.0", + "usr/lib/libpkgconf.so.3", + "usr/share/aclocal/pkg.m4", - // sqlite-libs-3.26.0-r3 - "usr/lib/libsqlite3.so.0", - "usr/lib/libsqlite3.so.0.8.6", + // sqlite-libs-3.26.0-r3 + "usr/lib/libsqlite3.so.0", + "usr/lib/libsqlite3.so.0.8.6", + + // test-2.9.11_pre20061021-r2 + "usr/lib/libsqlite3.so", + "usr/lib/pkgconfig/sqlite3.pc", + "usr/include/sqlite3ext.h", + "usr/include/sqlite3.h", +} - // test-2.9.11_pre20061021-r2 - "usr/lib/libsqlite3.so", - "usr/lib/pkgconfig/sqlite3.pc", - "usr/include/sqlite3ext.h", - "usr/include/sqlite3.h", - }, +func TestParseApkInfo(t *testing.T) { + var tests = map[string]struct { + path string + wantPkgs []types.Package + wantFiles []string + }{ + "Valid": { + path: "./testdata/apk", + wantPkgs: pkgs, + wantFiles: files, + }, + "do not retain pkg installed files": { + path: "./testdata/apk", + wantPkgs: pkgs, + wantFiles: files, }, } - a := alpinePkgAnalyzer{} - for testname, v := range tests { - read, err := os.Open(v.path) - if err != nil { - t.Errorf("%s : can't open file %s", testname, v.path) - } - scanner := bufio.NewScanner(read) - gotPkgs, gotFiles := a.parseApkInfo(scanner) - assert.Equal(t, v.wantPkgs, gotPkgs) - assert.Equal(t, v.wantFiles, gotFiles) + for testname, tt := range tests { + t.Run(testname, func(t *testing.T) { + a := alpinePkgAnalyzer{} + f, err := os.Open(tt.path) + defer f.Close() + require.NoError(t, err) + scanner := bufio.NewScanner(f) + gotPkgs, gotFiles := a.parseApkInfo(scanner) + + assert.Equal(t, tt.wantPkgs, gotPkgs) + assert.Equal(t, tt.wantFiles, gotFiles) + }) } } diff --git a/pkg/fanal/analyzer/pkg/dpkg/dpkg.go b/pkg/fanal/analyzer/pkg/dpkg/dpkg.go index 763005b50b05..06479c05b9bd 100644 --- a/pkg/fanal/analyzer/pkg/dpkg/dpkg.go +++ b/pkg/fanal/analyzer/pkg/dpkg/dpkg.go @@ -52,7 +52,7 @@ var ( ) func (a dpkgAnalyzer) PostAnalyze(_ context.Context, input analyzer.PostAnalysisInput) (*analyzer.AnalysisResult, error) { - var systemInstalledFiles []string + var SystemInstalledFiles []string var packageInfos []types.PackageInfo // parse `available` file to get digest for packages @@ -74,7 +74,7 @@ func (a dpkgAnalyzer) PostAnalyze(_ context.Context, input analyzer.PostAnalysis if err != nil { return err } - systemInstalledFiles = append(systemInstalledFiles, systemFiles...) + SystemInstalledFiles = append(SystemInstalledFiles, systemFiles...) return nil } // parse status files @@ -91,7 +91,7 @@ func (a dpkgAnalyzer) PostAnalyze(_ context.Context, input analyzer.PostAnalysis return &analyzer.AnalysisResult{ PackageInfos: packageInfos, - SystemInstalledFiles: systemInstalledFiles, + SystemInstalledFiles: SystemInstalledFiles, }, nil } diff --git a/pkg/fanal/analyzer/pkg/dpkg/dpkg_test.go b/pkg/fanal/analyzer/pkg/dpkg/dpkg_test.go index 3d73a550866c..342c7b8f4a63 100644 --- a/pkg/fanal/analyzer/pkg/dpkg/dpkg_test.go +++ b/pkg/fanal/analyzer/pkg/dpkg/dpkg_test.go @@ -7,11 +7,11 @@ import ( "sort" "testing" + "github.com/aquasecurity/trivy/pkg/mapfs" "github.com/stretchr/testify/assert" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/types" - "github.com/aquasecurity/trivy/pkg/mapfs" ) func Test_dpkgAnalyzer_Analyze(t *testing.T) { diff --git a/pkg/fanal/artifact/image/image_test.go b/pkg/fanal/artifact/image/image_test.go index adb1995a38f7..c257fccb30c2 100644 --- a/pkg/fanal/artifact/image/image_test.go +++ b/pkg/fanal/artifact/image/image_test.go @@ -47,6 +47,35 @@ func TestArtifact_Inspect(t *testing.T) { "musl@1.1.24-r2", }, Arch: "x86_64", + InstalledFiles: []string{ + "etc/hosts", + "etc/sysctl.conf", + "etc/group", + "etc/protocols", + "etc/fstab", + "etc/mtab", + "etc/profile", + "etc/shells", + "etc/motd", + "etc/inittab", + "etc/hostname", + "etc/modules", + "etc/services", + "etc/shadow", + "etc/passwd", + "etc/profile.d/locale", + "etc/profile.d/color_prompt", + "etc/sysctl.d/00-alpine.conf", + "etc/modprobe.d/i386.conf", + "etc/modprobe.d/blacklist.conf", + "etc/modprobe.d/aliases.conf", + "etc/modprobe.d/kms.conf", + "etc/crontabs/root", + "sbin/mkmntdirs", + "var/run", + "var/spool/mail", + "var/spool/cron/crontabs", + }, }, { ID: "alpine-keys@2.1-r2", @@ -57,6 +86,26 @@ func TestArtifact_Inspect(t *testing.T) { Licenses: []string{"MIT"}, Arch: "x86_64", Digest: "sha1:64929f85b7f8b4adbb664d905410312936b79d9b", + InstalledFiles: []string{ + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + }, }, { ID: "apk-tools@2.10.4-r3", @@ -73,6 +122,9 @@ func TestArtifact_Inspect(t *testing.T) { "zlib@1.2.11-r3", }, Arch: "x86_64", + InstalledFiles: []string{ + "sbin/apk", + }, }, { ID: "busybox@1.31.1-r9", @@ -86,6 +138,15 @@ func TestArtifact_Inspect(t *testing.T) { "musl@1.1.24-r2", }, Arch: "x86_64", + InstalledFiles: []string{ + "bin/busybox", + "bin/sh", + "etc/securetty", + "etc/udhcpd.conf", + "etc/logrotate.d/acpid", + "etc/network/if-up.d/dad", + "usr/share/udhcpc/default.script", + }, }, { ID: "ca-certificates-cacert@20191127-r1", @@ -99,6 +160,9 @@ func TestArtifact_Inspect(t *testing.T) { }, Arch: "x86_64", Digest: "sha1:3aeb8a90d7179d2a187782e980a964494e08c5fb", + InstalledFiles: []string{ + "etc/ssl/cert.pem", + }, }, { ID: "libc-utils@0.7.2-r0", @@ -125,6 +189,20 @@ func TestArtifact_Inspect(t *testing.T) { "musl@1.1.24-r2", }, Arch: "x86_64", + InstalledFiles: []string{ + "etc/ssl/openssl.cnf.dist", + "etc/ssl/ct_log_list.cnf", + "etc/ssl/ct_log_list.cnf.dist", + "etc/ssl/openssl.cnf", + "etc/ssl/misc/CA.pl", + "etc/ssl/misc/tsget.pl", + "etc/ssl/misc/tsget", + "lib/libcrypto.so.1.1", + "usr/lib/libcrypto.so.1.1", + "usr/lib/engines-1.1/capi.so", + "usr/lib/engines-1.1/padlock.so", + "usr/lib/engines-1.1/afalg.so", + }, }, { ID: "libssl1.1@1.1.1d-r3", @@ -139,6 +217,10 @@ func TestArtifact_Inspect(t *testing.T) { "musl@1.1.24-r2", }, Arch: "x86_64", + InstalledFiles: []string{ + "lib/libssl.so.1.1", + "usr/lib/libssl.so.1.1", + }, }, { ID: "libtls-standalone@2.9.1-r0", @@ -155,6 +237,10 @@ func TestArtifact_Inspect(t *testing.T) { "musl@1.1.24-r2", }, Arch: "x86_64", + InstalledFiles: []string{ + "usr/lib/libtls-standalone.so.1.0.0", + "usr/lib/libtls-standalone.so.1", + }, }, { ID: "musl@1.1.24-r2", @@ -165,6 +251,10 @@ func TestArtifact_Inspect(t *testing.T) { Licenses: []string{"MIT"}, Arch: "x86_64", Digest: "sha1:cb2316a189ebee5282c4a9bd98794cc2477a74c6", + InstalledFiles: []string{ + "lib/libc.musl-x86_64.so.1", + "lib/ld-musl-x86_64.so.1", + }, }, { ID: "musl-utils@1.1.24-r2", @@ -183,6 +273,13 @@ func TestArtifact_Inspect(t *testing.T) { "scanelf@1.2.4-r0", }, Arch: "x86_64", + InstalledFiles: []string{ + "sbin/ldconfig", + "usr/bin/iconv", + "usr/bin/ldd", + "usr/bin/getconf", + "usr/bin/getent", + }, }, { ID: "scanelf@1.2.4-r0", @@ -196,6 +293,9 @@ func TestArtifact_Inspect(t *testing.T) { "musl@1.1.24-r2", }, Arch: "x86_64", + InstalledFiles: []string{ + "usr/bin/scanelf", + }, }, { ID: "ssl_client@1.31.1-r9", @@ -210,6 +310,9 @@ func TestArtifact_Inspect(t *testing.T) { "musl@1.1.24-r2", }, Arch: "x86_64", + InstalledFiles: []string{ + "usr/bin/ssl_client", + }, }, { ID: "zlib@1.2.11-r3", @@ -223,6 +326,10 @@ func TestArtifact_Inspect(t *testing.T) { "musl@1.1.24-r2", }, Arch: "x86_64", + InstalledFiles: []string{ + "lib/libz.so.1.2.11", + "lib/libz.so.1", + }, }, } diff --git a/pkg/fanal/types/artifact.go b/pkg/fanal/types/artifact.go index f4f7c5c8f8c2..c60d68fc75e6 100644 --- a/pkg/fanal/types/artifact.go +++ b/pkg/fanal/types/artifact.go @@ -96,6 +96,9 @@ type Package struct { // lines from the lock file where the dependency is written Locations []Location `json:",omitempty"` + + // Files installed by the package + InstalledFiles []string `json:",omitempty"` } type Location struct {