Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(vuln): report architecture for apk packages #4247

Merged
merged 13 commits into from
May 22, 2023
Merged

fix(vuln): report architecture for apk packages #4247

merged 13 commits into from
May 22, 2023

Conversation

AliDatadog
Copy link
Contributor

Description

The architecture field was always an empty string for apk packages. This PR sets the field correctly.

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@AliDatadog @lebauce
add arch to apk package
45ff7cf 
Co-Authored-by: Sylvain Baubeau <lebauce@gmail.com>
@AliDatadog AliDatadog requested a review from knqyf263 as a code owner May 9, 2023 13:42
knqyf263
knqyf263 reviewed May 9, 2023
View reviewed changes
Copy link
Collaborator

@knqyf263 knqyf263 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your contribution. I left a question.

pkg/fanal/handler/dpkg/dpkg_test.go Outdated
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is this file for?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for sharing. I remember removing this file manually but apparently I didn't push the change.

@AliDatadog AliDatadog marked this pull request as draft May 9, 2023 15:58
@AliDatadog @lebauce
fix unit tests
827fdd6 
Co-Authored-by: Sylvain Baubeau <lebauce@gmail.com>
@AliDatadog
Copy link
Contributor Author

Do you have a command to generate the files under integration/testdata/*.json.golden ?

@knqyf263
Copy link
Collaborator

Yes, you can use -update.

go test -tags=integration ./pkg/fanal/test/integration/... -update

@AliDatadog
Copy link
Contributor Author

AliDatadog commented May 11, 2023
edited
Loading

I think there might be an issue on main branch unrelated to my changes.
As you can see, the integration tests do not pass because of missing Digest for layers in alpine-310.json.golden which is unrelated to my changes.

I ran the command go test -tags=integration ./pkg/fanal/test/integration/... -update on main. It generated a golden file without this field, making the test fail on main as well.

The integration test does not pass since I merged my branch with main. I suspect the issue was introduced in #4168

@AliDatadog AliDatadog requested a review from knqyf263 May 11, 2023 18:29
@AliDatadog AliDatadog marked this pull request as ready for review May 11, 2023 18:29
knqyf263
knqyf263 reviewed May 14, 2023
View reviewed changes
Copy link
Collaborator

@knqyf263 knqyf263 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@DmitriyLewen Can you take a look?

pkg/fanal/test/integration/testdata/goldens/packages/alpine-310.json.golden Outdated
"DependsOn": [
"busybox@1.30.1-r2",
"musl@1.1.22-r3"
],
"Layer": {
"Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is weird. It is gone.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like it is old issue, but all contributors manually updated golden files.
I continue to investigate issue.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I created #4379 to fix this problem.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#4379 got merged.
@AliDatadog Could you merge the main branch and recreate the golden files again?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks it seems to work now 👍

@AliDatadog AliDatadog requested a review from knqyf263 May 16, 2023 16:24
@AliDatadog
Copy link
Contributor Author

It is unclear why the integration tests failed here.

@DmitriyLewen
Copy link
Contributor

Hello @AliDatadog
Looks like problem with test-repo.json.golden file.
This file is empty.

How did you update golden files?
mage test:updateGolden command works correctly with this file on my local PC.

@AliDatadog
Copy link
Contributor Author

Hi @DmitriyLewen, I tried to copy the test-repo.json.golden file from main and run mage test:updateGolden, it failed and deleted the file. I think the error is expected:

2023/05/19 12:38:13 Container is ready id: 33fef91ff319 image: registry:2
--- FAIL: TestTLSRegistry (2.64s)
    --- FAIL: TestTLSRegistry/happy_path (0.53s)
        registry_test.go:187: 
                Error Trace:    /Users/user/trivy/pkg/fanal/test/integration/registry_test.go:187
                Error:          Not equal: 
                                expected: false
                                actual  : true
                Test:           TestTLSRegistry/happy_path
                Messages:       2 errors occurred:
                                        * GET https://localhost:55689/v2/ghcr.io/aquasecurity/trivy-test-images/manifests/alpine-310: MANIFEST_UNKNOWN: manifest unknown; map[Tag:alpine-310]
                                        * GET https://localhost:55689/v2/ghcr.io/aquasecurity/trivy-test-images/manifests/alpine-310: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:ghcr.io/aquasecurity/trivy-test-images Type:repository]]
                            
    --- FAIL: TestTLSRegistry/happy_path_with_docker_login (0.27s)
        registry_test.go:179: 
                Error Trace:    /Users/user/trivy/pkg/fanal/test/integration/registry_test.go:179
                Error:          Received unexpected error:
                                exit status 1
                Test:           TestTLSRegistry/happy_path_with_docker_login
FAIL
FAIL    github.com/aquasecurity/trivy/pkg/fanal/test/integration        26.593s
FAIL
Error: running "go test -tags=integration ./integration/... ./pkg/fanal/test/integration/... -update" failed with exit code 1

I am running the tests with a Mac M1. Perhaps I need to install some more dependencies.

@AliDatadog AliDatadog requested a review from DmitriyLewen May 19, 2023 14:40
@DmitriyLewen
Copy link
Contributor

DmitriyLewen commented May 22, 2023
edited
Loading

hello @AliDatadog
Do you have an error for this test only?
mage test:integration command works correctly on your PC?

test-repo.json.golden file is only used here.

DmitriyLewen
DmitriyLewen approved these changes May 22, 2023
View reviewed changes
Copy link
Contributor

@DmitriyLewen DmitriyLewen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@knqyf263
Copy link
Collaborator

@AliDatadog Are you still facing any issues?

@AliDatadog
Copy link
Contributor Author

Indeed, this test is the only one for which I have an error and test-repo.json.golden gets deleted by mage: test:updateGolden.
I think this PR is ready to be merged now @knqyf263

knqyf263
knqyf263 approved these changes May 22, 2023
View reviewed changes
Copy link
Collaborator

@knqyf263 knqyf263 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your efforts.

@knqyf263 knqyf263 merged commit 63cfb27 into aquasecurity:main May 22, 2023
knqyf263 pushed a commit to knqyf263/trivy that referenced this pull request May 23, 2023
@AliDatadog @lebauce @knqyf263
fix(vuln): report architecture for apk packages (aquasecurity#4247)
a3202e0 
Co-authored-by: Sylvain Baubeau <lebauce@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DmitriyLewen DmitriyLewen DmitriyLewen approved these changes

@knqyf263 knqyf263 knqyf263 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@AliDatadog @knqyf263 @DmitriyLewen