Skip packages from unsupported repository (remi) (#695)

* Skip packages from unsupported repository (remi) * Use HasSuffix instead of regexp match
aquasecurity · Oct 26, 2020 · 7d7784f · 7d7784f
1 parent ca6f196
commit 7d7784f
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 0 deletions.
diff --git a/pkg/detector/ospkg/redhat/redhat.go b/pkg/detector/ospkg/redhat/redhat.go
@@ -34,6 +34,9 @@ var (
 		// N/A
 		"8": time.Date(3000, 6, 30, 23, 59, 59, 0, time.UTC),
 	}
+	excludedVendorsSuffix = []string{
+		".remi",
+	}
 )
 
 // Scanner implements the Redhat scanner
@@ -59,6 +62,11 @@ func (s *Scanner) Detect(osVer string, pkgs []ftypes.Package) ([]types.DetectedV
 
 	var vulns []types.DetectedVulnerability
 	for _, pkg := range pkgs {
+		if !s.isFromSupportedVendor(pkg) {
+			log.Logger.Debugf("Skipping %s: unsupported vendor", pkg.SrcName)
+			continue
+		}
+
 		// For Red Hat Security Data API containing only source package names
 		advisories, err := s.vs.Get(osVer, pkg.SrcName)
 		if err != nil {
@@ -128,3 +136,12 @@ func (s *Scanner) isSupportedVersion(now time.Time, osFamily, osVer string) bool
 	}
 	return now.Before(eolDate)
 }
+
+func (s *Scanner) isFromSupportedVendor(pkg ftypes.Package) bool {
+	for _, s := range excludedVendorsSuffix {
+		if strings.HasSuffix(pkg.Release, s) {
+			return false
+		}
+	}
+	return true
+}
diff --git a/pkg/detector/ospkg/redhat/redhat_test.go b/pkg/detector/ospkg/redhat/redhat_test.go
@@ -208,6 +208,45 @@ func TestScanner_Detect(t *testing.T) {
 			},
 			wantErr: true,
 		},
+		{
+			name: "happy path: packages from remi repository are skipped",
+			args: args{
+				osVer: "7.6",
+				pkgs: []ftypes.Package{
+					{
+						Name:       "php",
+						Version:    "7.3.23",
+						Release:    "1.el7.remi",
+						Arch:       "x86_64",
+						Epoch:      0,
+						SrcName:    "php",
+						SrcVersion: "7.3.23",
+						SrcRelease: "1.el7.remi",
+						SrcEpoch:   0,
+						Layer: ftypes.Layer{
+							DiffID: "sha256:c27b3cf4d516baf5932d5df3a573c6a571ddace3ee2a577492292d2e849c112b",
+						},
+					},
+				},
+			},
+			get: []dbTypes.GetExpectation{
+				{
+					Args: dbTypes.GetArgs{
+						Release: "7",
+						PkgName: "php",
+					},
+					Returns: dbTypes.GetReturns{
+						Advisories: []dbTypes.Advisory{
+							{
+								VulnerabilityID: "CVE-2011-4718",
+								FixedVersion:    "",
+							},
+						},
+					},
+				},
+			},
+			want: []types.DetectedVulnerability(nil),
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {