From 9468056c0f744c560dd3c9dd595774672c552aad Mon Sep 17 00:00:00 2001 From: Teppei Fukuda Date: Mon, 31 Oct 2022 08:54:42 +0200 Subject: [PATCH] feat(vuln): support dependency graph for dpkg and apk (#3093) Co-authored-by: Masahiro331 --- docs/docs/vulnerability/examples/report.md | 2 +- .../testdata/alpine-310-registry.json.golden | 4 + integration/testdata/alpine-310.gsbom.golden | 43 + integration/testdata/alpine-310.json.golden | 4 + .../alpine-39-high-critical.json.golden | 2 + .../alpine-39-ignore-cveids.json.golden | 2 + integration/testdata/alpine-39.json.golden | 6 + .../testdata/alpine-distroless.json.golden | 1 + .../debian-buster-ignore-unfixed.json.golden | 1 + .../testdata/debian-buster.json.golden | 2 + .../testdata/debian-stretch.json.golden | 5 + .../testdata/distroless-base.json.golden | 4 + .../testdata/distroless-python27.json.golden | 4 + integration/testdata/fluentd-gems.json.golden | 1 + .../ubuntu-1804-ignore-unfixed.json.golden | 4 + integration/testdata/ubuntu-1804.json.golden | 5 + pkg/commands/app.go | 3 +- pkg/detector/ospkg/alpine/alpine.go | 1 + pkg/detector/ospkg/debian/debian.go | 1 + pkg/detector/ospkg/ubuntu/ubuntu.go | 1 + pkg/fanal/analyzer/analyzer_test.go | 13 +- pkg/fanal/analyzer/pkg/apk/apk.go | 121 ++- pkg/fanal/analyzer/pkg/apk/apk_test.go | 154 +++- pkg/fanal/analyzer/pkg/dpkg/dpkg.go | 111 ++- pkg/fanal/analyzer/pkg/dpkg/dpkg_test.go | 776 +++++++++++++++--- pkg/fanal/artifact/image/image_test.go | 399 ++++----- pkg/fanal/artifact/local/fs_test.go | 102 +-- pkg/fanal/test/integration/library_test.go | 9 +- .../goldens/packages/alpine-310.json.golden | 57 ++ .../goldens/packages/vulnimage.json.golden | 316 +++++++ .../vuln-image1.2.3.expectedlibs.golden | 47 +- pkg/flag/report_flags.go | 4 +- pkg/report/github/github.go | 2 +- pkg/report/table/vulnerability.go | 20 +- 34 files changed, 1744 insertions(+), 483 deletions(-) diff --git a/docs/docs/vulnerability/examples/report.md b/docs/docs/vulnerability/examples/report.md index 40fbbb3e255..9fc4ee602d2 100644 --- a/docs/docs/vulnerability/examples/report.md +++ b/docs/docs/vulnerability/examples/report.md @@ -18,7 +18,7 @@ To make this task simpler Trivy can show a dependency origin tree with the `--de This flag is only available with the `--format table` flag. !!! note - Only Node.js (package-lock.json) and Rust Binaries built with [cargo-auditable][cargo-auditable] are supported at the moment. + Only OS packages, Node.js (package-lock.json) and Rust Binaries built with [cargo-auditable][cargo-auditable] are supported at the moment. This tree is the reverse of the npm list command. However, if you want to resolve a vulnerability in a particular indirect dependency, the reversed tree is useful to know where that dependency comes from and identify which package you actually need to update. diff --git a/integration/testdata/alpine-310-registry.json.golden b/integration/testdata/alpine-310-registry.json.golden index ea9d38cebbb..b04764c5241 100644 --- a/integration/testdata/alpine-310-registry.json.golden +++ b/integration/testdata/alpine-310-registry.json.golden @@ -61,6 +61,7 @@ "Vulnerabilities": [ { "VulnerabilityID": "CVE-2019-1549", + "PkgID": "libcrypto1.1@1.1.1c-r0", "PkgName": "libcrypto1.1", "InstalledVersion": "1.1.1c-r0", "FixedVersion": "1.1.1d-r0", @@ -120,6 +121,7 @@ }, { "VulnerabilityID": "CVE-2019-1551", + "PkgID": "libcrypto1.1@1.1.1c-r0", "PkgName": "libcrypto1.1", "InstalledVersion": "1.1.1c-r0", "FixedVersion": "1.1.1d-r2", @@ -189,6 +191,7 @@ }, { "VulnerabilityID": "CVE-2019-1549", + "PkgID": "libssl1.1@1.1.1c-r0", "PkgName": "libssl1.1", "InstalledVersion": "1.1.1c-r0", "FixedVersion": "1.1.1d-r0", @@ -248,6 +251,7 @@ }, { "VulnerabilityID": "CVE-2019-1551", + "PkgID": "libssl1.1@1.1.1c-r0", "PkgName": "libssl1.1", "InstalledVersion": "1.1.1c-r0", "FixedVersion": "1.1.1d-r2", diff --git a/integration/testdata/alpine-310.gsbom.golden b/integration/testdata/alpine-310.gsbom.golden index c0153c4abec..d4808b108a3 100644 --- a/integration/testdata/alpine-310.gsbom.golden +++ b/integration/testdata/alpine-310.gsbom.golden @@ -19,6 +19,10 @@ "alpine-baselayout": { "package_url": "pkg:apk/alpine-baselayout@3.1.2-r0", "relationship": "direct", + "dependencies": [ + "busybox@1.30.1-r2", + "musl@1.1.22-r3" + ], "scope": "runtime" }, "alpine-keys": { @@ -29,11 +33,20 @@ "apk-tools": { "package_url": "pkg:apk/apk-tools@2.10.4-r2", "relationship": "direct", + "dependencies": [ + "libcrypto1.1@1.1.1c-r0", + "libssl1.1@1.1.1c-r0", + "musl@1.1.22-r3", + "zlib@1.2.11-r1" + ], "scope": "runtime" }, "busybox": { "package_url": "pkg:apk/busybox@1.30.1-r2", "relationship": "direct", + "dependencies": [ + "musl@1.1.22-r3" + ], "scope": "runtime" }, "ca-certificates-cacert": { @@ -44,21 +57,37 @@ "libc-utils": { "package_url": "pkg:apk/libc-utils@0.7.1-r0", "relationship": "direct", + "dependencies": [ + "musl-utils@1.1.22-r3" + ], "scope": "runtime" }, "libcrypto1.1": { "package_url": "pkg:apk/libcrypto1.1@1.1.1c-r0", "relationship": "direct", + "dependencies": [ + "musl@1.1.22-r3" + ], "scope": "runtime" }, "libssl1.1": { "package_url": "pkg:apk/libssl1.1@1.1.1c-r0", "relationship": "direct", + "dependencies": [ + "libcrypto1.1@1.1.1c-r0", + "musl@1.1.22-r3" + ], "scope": "runtime" }, "libtls-standalone": { "package_url": "pkg:apk/libtls-standalone@2.9.1-r0", "relationship": "direct", + "dependencies": [ + "ca-certificates-cacert@20190108-r0", + "libcrypto1.1@1.1.1c-r0", + "libssl1.1@1.1.1c-r0", + "musl@1.1.22-r3" + ], "scope": "runtime" }, "musl": { @@ -69,21 +98,35 @@ "musl-utils": { "package_url": "pkg:apk/musl-utils@1.1.22-r3", "relationship": "direct", + "dependencies": [ + "musl@1.1.22-r3", + "scanelf@1.2.3-r0" + ], "scope": "runtime" }, "scanelf": { "package_url": "pkg:apk/scanelf@1.2.3-r0", "relationship": "direct", + "dependencies": [ + "musl@1.1.22-r3" + ], "scope": "runtime" }, "ssl_client": { "package_url": "pkg:apk/ssl_client@1.30.1-r2", "relationship": "direct", + "dependencies": [ + "libtls-standalone@2.9.1-r0", + "musl@1.1.22-r3" + ], "scope": "runtime" }, "zlib": { "package_url": "pkg:apk/zlib@1.2.11-r1", "relationship": "direct", + "dependencies": [ + "musl@1.1.22-r3" + ], "scope": "runtime" } } diff --git a/integration/testdata/alpine-310.json.golden b/integration/testdata/alpine-310.json.golden index 3be3ef52286..5e11e777026 100644 --- a/integration/testdata/alpine-310.json.golden +++ b/integration/testdata/alpine-310.json.golden @@ -55,6 +55,7 @@ "Vulnerabilities": [ { "VulnerabilityID": "CVE-2019-1549", + "PkgID": "libcrypto1.1@1.1.1c-r0", "PkgName": "libcrypto1.1", "InstalledVersion": "1.1.1c-r0", "FixedVersion": "1.1.1d-r0", @@ -114,6 +115,7 @@ }, { "VulnerabilityID": "CVE-2019-1551", + "PkgID": "libcrypto1.1@1.1.1c-r0", "PkgName": "libcrypto1.1", "InstalledVersion": "1.1.1c-r0", "FixedVersion": "1.1.1d-r2", @@ -183,6 +185,7 @@ }, { "VulnerabilityID": "CVE-2019-1549", + "PkgID": "libssl1.1@1.1.1c-r0", "PkgName": "libssl1.1", "InstalledVersion": "1.1.1c-r0", "FixedVersion": "1.1.1d-r0", @@ -242,6 +245,7 @@ }, { "VulnerabilityID": "CVE-2019-1551", + "PkgID": "libssl1.1@1.1.1c-r0", "PkgName": "libssl1.1", "InstalledVersion": "1.1.1c-r0", "FixedVersion": "1.1.1d-r2", diff --git a/integration/testdata/alpine-39-high-critical.json.golden b/integration/testdata/alpine-39-high-critical.json.golden index 9d201ded770..80dac431a74 100644 --- a/integration/testdata/alpine-39-high-critical.json.golden +++ b/integration/testdata/alpine-39-high-critical.json.golden @@ -55,6 +55,7 @@ "Vulnerabilities": [ { "VulnerabilityID": "CVE-2019-14697", + "PkgID": "musl@1.1.20-r4", "PkgName": "musl", "InstalledVersion": "1.1.20-r4", "FixedVersion": "1.1.20-r5", @@ -92,6 +93,7 @@ }, { "VulnerabilityID": "CVE-2019-14697", + "PkgID": "musl-utils@1.1.20-r4", "PkgName": "musl-utils", "InstalledVersion": "1.1.20-r4", "FixedVersion": "1.1.20-r5", diff --git a/integration/testdata/alpine-39-ignore-cveids.json.golden b/integration/testdata/alpine-39-ignore-cveids.json.golden index 0c827332a6c..3e9f90d5a5e 100644 --- a/integration/testdata/alpine-39-ignore-cveids.json.golden +++ b/integration/testdata/alpine-39-ignore-cveids.json.golden @@ -55,6 +55,7 @@ "Vulnerabilities": [ { "VulnerabilityID": "CVE-2019-1551", + "PkgID": "libcrypto1.1@1.1.1b-r1", "PkgName": "libcrypto1.1", "InstalledVersion": "1.1.1b-r1", "FixedVersion": "1.1.1d-r2", @@ -124,6 +125,7 @@ }, { "VulnerabilityID": "CVE-2019-1551", + "PkgID": "libssl1.1@1.1.1b-r1", "PkgName": "libssl1.1", "InstalledVersion": "1.1.1b-r1", "FixedVersion": "1.1.1d-r2", diff --git a/integration/testdata/alpine-39.json.golden b/integration/testdata/alpine-39.json.golden index 2a79fe6ec83..8e7acd317a1 100644 --- a/integration/testdata/alpine-39.json.golden +++ b/integration/testdata/alpine-39.json.golden @@ -55,6 +55,7 @@ "Vulnerabilities": [ { "VulnerabilityID": "CVE-2019-1549", + "PkgID": "libcrypto1.1@1.1.1b-r1", "PkgName": "libcrypto1.1", "InstalledVersion": "1.1.1b-r1", "FixedVersion": "1.1.1d-r0", @@ -114,6 +115,7 @@ }, { "VulnerabilityID": "CVE-2019-1551", + "PkgID": "libcrypto1.1@1.1.1b-r1", "PkgName": "libcrypto1.1", "InstalledVersion": "1.1.1b-r1", "FixedVersion": "1.1.1d-r2", @@ -183,6 +185,7 @@ }, { "VulnerabilityID": "CVE-2019-1549", + "PkgID": "libssl1.1@1.1.1b-r1", "PkgName": "libssl1.1", "InstalledVersion": "1.1.1b-r1", "FixedVersion": "1.1.1d-r0", @@ -242,6 +245,7 @@ }, { "VulnerabilityID": "CVE-2019-1551", + "PkgID": "libssl1.1@1.1.1b-r1", "PkgName": "libssl1.1", "InstalledVersion": "1.1.1b-r1", "FixedVersion": "1.1.1d-r2", @@ -311,6 +315,7 @@ }, { "VulnerabilityID": "CVE-2019-14697", + "PkgID": "musl@1.1.20-r4", "PkgName": "musl", "InstalledVersion": "1.1.20-r4", "FixedVersion": "1.1.20-r5", @@ -348,6 +353,7 @@ }, { "VulnerabilityID": "CVE-2019-14697", + "PkgID": "musl-utils@1.1.20-r4", "PkgName": "musl-utils", "InstalledVersion": "1.1.20-r4", "FixedVersion": "1.1.20-r5", diff --git a/integration/testdata/alpine-distroless.json.golden b/integration/testdata/alpine-distroless.json.golden index 7e2b5826d66..614788b22c4 100644 --- a/integration/testdata/alpine-distroless.json.golden +++ b/integration/testdata/alpine-distroless.json.golden @@ -50,6 +50,7 @@ "Vulnerabilities": [ { "VulnerabilityID": "CVE-2022-24765", + "PkgID": "git@2.35.1-r2", "PkgName": "git", "InstalledVersion": "2.35.1-r2", "FixedVersion": "2.35.2-r0", diff --git a/integration/testdata/debian-buster-ignore-unfixed.json.golden b/integration/testdata/debian-buster-ignore-unfixed.json.golden index 20cba9ed33b..9791d1e8f30 100644 --- a/integration/testdata/debian-buster-ignore-unfixed.json.golden +++ b/integration/testdata/debian-buster-ignore-unfixed.json.golden @@ -57,6 +57,7 @@ "VendorIDs": [ "DSA-4613-1" ], + "PkgID": "libidn2-0@2.0.5-1", "PkgName": "libidn2-0", "InstalledVersion": "2.0.5-1", "FixedVersion": "2.0.5-1+deb10u1", diff --git a/integration/testdata/debian-buster.json.golden b/integration/testdata/debian-buster.json.golden index bf33931bd53..9528535baeb 100644 --- a/integration/testdata/debian-buster.json.golden +++ b/integration/testdata/debian-buster.json.golden @@ -54,6 +54,7 @@ "Vulnerabilities": [ { "VulnerabilityID": "CVE-2019-18276", + "PkgID": "bash@5.0-4", "PkgName": "bash", "InstalledVersion": "5.0-4", "Layer": { @@ -106,6 +107,7 @@ "VendorIDs": [ "DSA-4613-1" ], + "PkgID": "libidn2-0@2.0.5-1", "PkgName": "libidn2-0", "InstalledVersion": "2.0.5-1", "FixedVersion": "2.0.5-1+deb10u1", diff --git a/integration/testdata/debian-stretch.json.golden b/integration/testdata/debian-stretch.json.golden index 5167adddfac..97fa5951c3f 100644 --- a/integration/testdata/debian-stretch.json.golden +++ b/integration/testdata/debian-stretch.json.golden @@ -55,6 +55,7 @@ "Vulnerabilities": [ { "VulnerabilityID": "CVE-2019-18276", + "PkgID": "bash@4.4-5", "PkgName": "bash", "InstalledVersion": "4.4-5", "Layer": { @@ -107,6 +108,7 @@ "VendorIDs": [ "DSA-4535-1" ], + "PkgID": "e2fslibs@1.43.4-2", "PkgName": "e2fslibs", "InstalledVersion": "1.43.4-2", "FixedVersion": "1.43.4-2+deb9u1", @@ -166,6 +168,7 @@ "VendorIDs": [ "DSA-4535-1" ], + "PkgID": "e2fsprogs@1.43.4-2", "PkgName": "e2fsprogs", "InstalledVersion": "1.43.4-2", "FixedVersion": "1.43.4-2+deb9u1", @@ -225,6 +228,7 @@ "VendorIDs": [ "DSA-4535-1" ], + "PkgID": "libcomerr2@1.43.4-2", "PkgName": "libcomerr2", "InstalledVersion": "1.43.4-2", "FixedVersion": "1.43.4-2+deb9u1", @@ -284,6 +288,7 @@ "VendorIDs": [ "DSA-4535-1" ], + "PkgID": "libss2@1.43.4-2", "PkgName": "libss2", "InstalledVersion": "1.43.4-2", "FixedVersion": "1.43.4-2+deb9u1", diff --git a/integration/testdata/distroless-base.json.golden b/integration/testdata/distroless-base.json.golden index c8f6a952b86..e5363758fc4 100644 --- a/integration/testdata/distroless-base.json.golden +++ b/integration/testdata/distroless-base.json.golden @@ -53,6 +53,7 @@ "Vulnerabilities": [ { "VulnerabilityID": "CVE-2019-1551", + "PkgID": "libssl1.1@1.1.0k-1~deb9u1", "PkgName": "libssl1.1", "InstalledVersion": "1.1.0k-1~deb9u1", "Layer": { @@ -124,6 +125,7 @@ "VendorIDs": [ "DSA-4539-1" ], + "PkgID": "libssl1.1@1.1.0k-1~deb9u1", "PkgName": "libssl1.1", "InstalledVersion": "1.1.0k-1~deb9u1", "FixedVersion": "1.1.0l-1~deb9u1", @@ -201,6 +203,7 @@ }, { "VulnerabilityID": "CVE-2019-1551", + "PkgID": "openssl@1.1.0k-1~deb9u1", "PkgName": "openssl", "InstalledVersion": "1.1.0k-1~deb9u1", "Layer": { @@ -272,6 +275,7 @@ "VendorIDs": [ "DSA-4539-1" ], + "PkgID": "openssl@1.1.0k-1~deb9u1", "PkgName": "openssl", "InstalledVersion": "1.1.0k-1~deb9u1", "FixedVersion": "1.1.0l-1~deb9u1", diff --git a/integration/testdata/distroless-python27.json.golden b/integration/testdata/distroless-python27.json.golden index 33097414fe5..1e45dae9a96 100644 --- a/integration/testdata/distroless-python27.json.golden +++ b/integration/testdata/distroless-python27.json.golden @@ -70,6 +70,7 @@ "Vulnerabilities": [ { "VulnerabilityID": "CVE-2019-1551", + "PkgID": "libssl1.1@1.1.0k-1~deb9u1", "PkgName": "libssl1.1", "InstalledVersion": "1.1.0k-1~deb9u1", "Layer": { @@ -141,6 +142,7 @@ "VendorIDs": [ "DSA-4539-1" ], + "PkgID": "libssl1.1@1.1.0k-1~deb9u1", "PkgName": "libssl1.1", "InstalledVersion": "1.1.0k-1~deb9u1", "FixedVersion": "1.1.0l-1~deb9u1", @@ -218,6 +220,7 @@ }, { "VulnerabilityID": "CVE-2019-1551", + "PkgID": "openssl@1.1.0k-1~deb9u1", "PkgName": "openssl", "InstalledVersion": "1.1.0k-1~deb9u1", "Layer": { @@ -289,6 +292,7 @@ "VendorIDs": [ "DSA-4539-1" ], + "PkgID": "openssl@1.1.0k-1~deb9u1", "PkgName": "openssl", "InstalledVersion": "1.1.0k-1~deb9u1", "FixedVersion": "1.1.0l-1~deb9u1", diff --git a/integration/testdata/fluentd-gems.json.golden b/integration/testdata/fluentd-gems.json.golden index 8ac3ecee591..3c5c1ae744f 100644 --- a/integration/testdata/fluentd-gems.json.golden +++ b/integration/testdata/fluentd-gems.json.golden @@ -110,6 +110,7 @@ "VendorIDs": [ "DSA-4613-1" ], + "PkgID": "libidn2-0@2.0.5-1", "PkgName": "libidn2-0", "InstalledVersion": "2.0.5-1", "FixedVersion": "2.0.5-1+deb10u1", diff --git a/integration/testdata/ubuntu-1804-ignore-unfixed.json.golden b/integration/testdata/ubuntu-1804-ignore-unfixed.json.golden index d228b69e1af..9fee932b862 100644 --- a/integration/testdata/ubuntu-1804-ignore-unfixed.json.golden +++ b/integration/testdata/ubuntu-1804-ignore-unfixed.json.golden @@ -72,6 +72,7 @@ "Vulnerabilities": [ { "VulnerabilityID": "CVE-2019-5094", + "PkgID": "e2fsprogs@1.44.1-1ubuntu1.1", "PkgName": "e2fsprogs", "InstalledVersion": "1.44.1-1ubuntu1.1", "FixedVersion": "1.44.1-1ubuntu1.2", @@ -128,6 +129,7 @@ }, { "VulnerabilityID": "CVE-2019-5094", + "PkgID": "libcom-err2@1.44.1-1ubuntu1.1", "PkgName": "libcom-err2", "InstalledVersion": "1.44.1-1ubuntu1.1", "FixedVersion": "1.44.1-1ubuntu1.2", @@ -184,6 +186,7 @@ }, { "VulnerabilityID": "CVE-2019-5094", + "PkgID": "libext2fs2@1.44.1-1ubuntu1.1", "PkgName": "libext2fs2", "InstalledVersion": "1.44.1-1ubuntu1.1", "FixedVersion": "1.44.1-1ubuntu1.2", @@ -240,6 +243,7 @@ }, { "VulnerabilityID": "CVE-2019-5094", + "PkgID": "libss2@1.44.1-1ubuntu1.1", "PkgName": "libss2", "InstalledVersion": "1.44.1-1ubuntu1.1", "FixedVersion": "1.44.1-1ubuntu1.2", diff --git a/integration/testdata/ubuntu-1804.json.golden b/integration/testdata/ubuntu-1804.json.golden index b9a47ea39a6..421314d005e 100644 --- a/integration/testdata/ubuntu-1804.json.golden +++ b/integration/testdata/ubuntu-1804.json.golden @@ -72,6 +72,7 @@ "Vulnerabilities": [ { "VulnerabilityID": "CVE-2019-18276", + "PkgID": "bash@4.4.18-2ubuntu1.2", "PkgName": "bash", "InstalledVersion": "4.4.18-2ubuntu1.2", "Layer": { @@ -121,6 +122,7 @@ }, { "VulnerabilityID": "CVE-2019-5094", + "PkgID": "e2fsprogs@1.44.1-1ubuntu1.1", "PkgName": "e2fsprogs", "InstalledVersion": "1.44.1-1ubuntu1.1", "FixedVersion": "1.44.1-1ubuntu1.2", @@ -177,6 +179,7 @@ }, { "VulnerabilityID": "CVE-2019-5094", + "PkgID": "libcom-err2@1.44.1-1ubuntu1.1", "PkgName": "libcom-err2", "InstalledVersion": "1.44.1-1ubuntu1.1", "FixedVersion": "1.44.1-1ubuntu1.2", @@ -233,6 +236,7 @@ }, { "VulnerabilityID": "CVE-2019-5094", + "PkgID": "libext2fs2@1.44.1-1ubuntu1.1", "PkgName": "libext2fs2", "InstalledVersion": "1.44.1-1ubuntu1.1", "FixedVersion": "1.44.1-1ubuntu1.2", @@ -289,6 +293,7 @@ }, { "VulnerabilityID": "CVE-2019-5094", + "PkgID": "libss2@1.44.1-1ubuntu1.1", "PkgName": "libss2", "InstalledVersion": "1.44.1-1ubuntu1.1", "FixedVersion": "1.44.1-1ubuntu1.2", diff --git a/pkg/commands/app.go b/pkg/commands/app.go index f154ecf5a67..88738cca089 100644 --- a/pkg/commands/app.go +++ b/pkg/commands/app.go @@ -208,8 +208,7 @@ func NewRootCommand(version string, globalFlags *flag.GlobalFlagGroup) *cobra.Co func NewImageCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command { reportFlagGroup := flag.NewReportFlagGroup() - reportFlagGroup.DependencyTree = nil // disable '--dependency-tree' - reportFlagGroup.ReportFormat = nil // TODO: support --report summary + reportFlagGroup.ReportFormat = nil // TODO: support --report summary imageFlags := &flag.Flags{ CacheFlagGroup: flag.NewCacheFlagGroup(), diff --git a/pkg/detector/ospkg/alpine/alpine.go b/pkg/detector/ospkg/alpine/alpine.go index f4be0d22e53..5f9faa1b8b1 100644 --- a/pkg/detector/ospkg/alpine/alpine.go +++ b/pkg/detector/ospkg/alpine/alpine.go @@ -125,6 +125,7 @@ func (s *Scanner) Detect(osVer string, repo *ftypes.Repository, pkgs []ftypes.Pa } vulns = append(vulns, types.DetectedVulnerability{ VulnerabilityID: adv.VulnerabilityID, + PkgID: pkg.ID, PkgName: pkg.Name, InstalledVersion: installed, FixedVersion: adv.FixedVersion, diff --git a/pkg/detector/ospkg/debian/debian.go b/pkg/detector/ospkg/debian/debian.go index 751b82e7b77..5c7c5a07163 100644 --- a/pkg/detector/ospkg/debian/debian.go +++ b/pkg/detector/ospkg/debian/debian.go @@ -101,6 +101,7 @@ func (s *Scanner) Detect(osVer string, _ *ftypes.Repository, pkgs []ftypes.Packa vuln := types.DetectedVulnerability{ VulnerabilityID: adv.VulnerabilityID, VendorIDs: adv.VendorIDs, + PkgID: pkg.ID, PkgName: pkg.Name, InstalledVersion: installed, FixedVersion: adv.FixedVersion, diff --git a/pkg/detector/ospkg/ubuntu/ubuntu.go b/pkg/detector/ospkg/ubuntu/ubuntu.go index 26ebbd5962c..c0dbb69b87c 100644 --- a/pkg/detector/ospkg/ubuntu/ubuntu.go +++ b/pkg/detector/ospkg/ubuntu/ubuntu.go @@ -112,6 +112,7 @@ func (s *Scanner) Detect(osVer string, _ *ftypes.Repository, pkgs []ftypes.Packa for _, adv := range advisories { vuln := types.DetectedVulnerability{ VulnerabilityID: adv.VulnerabilityID, + PkgID: pkg.ID, PkgName: pkg.Name, InstalledVersion: installed, FixedVersion: adv.FixedVersion, diff --git a/pkg/fanal/analyzer/analyzer_test.go b/pkg/fanal/analyzer/analyzer_test.go index c4d98b74cde..cf1ef2aaff6 100644 --- a/pkg/fanal/analyzer/analyzer_test.go +++ b/pkg/fanal/analyzer/analyzer_test.go @@ -322,7 +322,14 @@ func TestAnalyzeFile(t *testing.T) { { FilePath: "/lib/apk/db/installed", Packages: []types.Package{ - {Name: "musl", Version: "1.1.24-r2", SrcName: "musl", SrcVersion: "1.1.24-r2", Licenses: []string{"MIT"}}, + { + ID: "musl@1.1.24-r2", + Name: "musl", + Version: "1.1.24-r2", + SrcName: "musl", + SrcVersion: "1.1.24-r2", + Licenses: []string{"MIT"}, + }, }, }, }, @@ -556,7 +563,7 @@ func TestAnalyzer_AnalyzerVersions(t *testing.T) { want: map[string]int{ "alpine": 1, "apk-repo": 1, - "apk": 1, + "apk": 2, "bundler": 1, "ubuntu": 1, }, @@ -565,7 +572,7 @@ func TestAnalyzer_AnalyzerVersions(t *testing.T) { name: "disable analyzers", disabled: []analyzer.Type{analyzer.TypeAlpine, analyzer.TypeApkRepo, analyzer.TypeUbuntu}, want: map[string]int{ - "apk": 1, + "apk": 2, "bundler": 1, }, }, diff --git a/pkg/fanal/analyzer/pkg/apk/apk.go b/pkg/fanal/analyzer/pkg/apk/apk.go index adb7b649395..17ce4df2740 100644 --- a/pkg/fanal/analyzer/pkg/apk/apk.go +++ b/pkg/fanal/analyzer/pkg/apk/apk.go @@ -3,24 +3,27 @@ package apk import ( "bufio" "context" - "log" + "fmt" "os" "path/filepath" + "sort" "strings" apkVersion "github.com/knqyf263/go-apk-version" + "github.com/samber/lo" + "golang.org/x/exp/slices" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/types" - "github.com/aquasecurity/trivy/pkg/fanal/utils" "github.com/aquasecurity/trivy/pkg/licensing" + "github.com/aquasecurity/trivy/pkg/log" ) func init() { analyzer.RegisterAnalyzer(&alpinePkgAnalyzer{}) } -const version = 1 +const analyzerVersion = 2 var requiredFiles = []string{"lib/apk/db/installed"} @@ -48,6 +51,7 @@ func (a alpinePkgAnalyzer) parseApkInfo(scanner *bufio.Scanner) ([]types.Package version string dir string installedFiles []string + provides = map[string]string{} // for dependency graph ) for scanner.Scan() { @@ -62,13 +66,14 @@ func (a alpinePkgAnalyzer) parseApkInfo(scanner *bufio.Scanner) ([]types.Package continue } + // ref. https://wiki.alpinelinux.org/wiki/Apk_spec switch line[:2] { case "P:": pkg.Name = line[2:] case "V:": version = line[2:] if !apkVersion.Valid(version) { - log.Printf("Invalid Version Found : OS %s, Package %s, Version %s", "alpine", pkg.Name, version) + log.Logger.Warnf("Invalid Version Found : OS %s, Package %s, Version %s", "alpine", pkg.Name, version) continue } pkg.Version = version @@ -77,25 +82,23 @@ func (a alpinePkgAnalyzer) parseApkInfo(scanner *bufio.Scanner) ([]types.Package pkg.SrcName = origin pkg.SrcVersion = version case "L:": - if line[2:] != "" { - var licenses []string - // e.g. MPL 2.0 GPL2+ => {"MPL2.0", "GPL2+"} - for i, s := range strings.Fields(line[2:]) { - s = strings.Trim(s, "()") - if s == "AND" || s == "OR" { - continue - } else if i > 0 && (s == "1.0" || s == "2.0" || s == "3.0") { - licenses[i-1] = licensing.Normalize(licenses[i-1] + s) - } else { - licenses = append(licenses, licensing.Normalize(s)) - } - } - pkg.Licenses = licenses - } + pkg.Licenses = a.parseLicense(line) case "F:": dir = line[2:] case "R:": installedFiles = append(installedFiles, filepath.Join(dir, line[2:])) + case "p:": // provides (corresponds to provides in PKGINFO, concatenated by spaces into a single line) + a.parseProvides(line, pkg.ID, provides) + case "D:": // dependencies (corresponds to depend in PKGINFO, concatenated by spaces into a single line) + pkg.DependsOn = a.parseDependencies(line) + } + + if pkg.Name != "" && pkg.Version != "" { + pkg.ID = fmt.Sprintf("%s@%s", pkg.Name, pkg.Version) + + // Dependencies could be package names or provides, so package names are stored as provides here. + // e.g. D:scanelf so:libc.musl-x86_64.so.1 + provides[pkg.Name] = pkg.ID } } // in case of last paragraph @@ -103,7 +106,81 @@ func (a alpinePkgAnalyzer) parseApkInfo(scanner *bufio.Scanner) ([]types.Package pkgs = append(pkgs, pkg) } - return a.uniquePkgs(pkgs), installedFiles + pkgs = a.uniquePkgs(pkgs) + + // Replace dependencies with package IDs + a.consolidateDependencies(pkgs, provides) + + return pkgs, installedFiles +} + +func (a alpinePkgAnalyzer) trimRequirement(s string) string { + // Trim version requirements + // e.g. + // so:libssl.so.1.1=1.1 => so:libssl.so.1.1 + // musl>=1.2 => musl + if strings.ContainsAny(s, "<>=") { + s = s[:strings.IndexAny(s, "><=")] + } + return s +} + +func (a alpinePkgAnalyzer) parseLicense(line string) []string { + line = line[2:] // Remove "L:" + if line == "" { + return nil + } + var licenses []string + // e.g. MPL 2.0 GPL2+ => {"MPL2.0", "GPL2+"} + for i, s := range strings.Fields(line) { + s = strings.Trim(s, "()") + if s == "AND" || s == "OR" { + continue + } else if i > 0 && (s == "1.0" || s == "2.0" || s == "3.0") { + licenses[i-1] = licensing.Normalize(licenses[i-1] + s) + } else { + licenses = append(licenses, licensing.Normalize(s)) + } + } + return licenses +} + +func (a alpinePkgAnalyzer) parseProvides(line, pkgID string, provides map[string]string) { + for _, p := range strings.Fields(line[2:]) { + p = a.trimRequirement(p) + + // Assume name ("P:") and version ("V:") are defined before provides ("p:") + provides[p] = pkgID + } +} + +func (a alpinePkgAnalyzer) parseDependencies(line string) []string { + line = line[2:] // Remove "D:" + return lo.FilterMap(strings.Fields(line), func(d string, _ int) (string, bool) { + // e.g. D:!uclibc-utils scanelf musl=1.1.14-r10 so:libc.musl-x86_64.so.1 + if strings.HasPrefix(d, "!") { + return "", false + } + return a.trimRequirement(d), true + }) +} + +func (a alpinePkgAnalyzer) consolidateDependencies(pkgs []types.Package, provides map[string]string) { + for i := range pkgs { + // e.g. libc6 => libc6@2.31-13+deb11u4 + pkgs[i].DependsOn = lo.FilterMap(pkgs[i].DependsOn, func(d string, _ int) (string, bool) { + if pkgID, ok := provides[d]; ok { + return pkgID, true + } + return "", false + }) + sort.Strings(pkgs[i].DependsOn) + pkgs[i].DependsOn = slices.Compact(pkgs[i].DependsOn) + + if len(pkgs[i].DependsOn) == 0 { + pkgs[i].DependsOn = nil + } + } } func (a alpinePkgAnalyzer) uniquePkgs(pkgs []types.Package) (uniqPkgs []types.Package) { @@ -119,7 +196,7 @@ func (a alpinePkgAnalyzer) uniquePkgs(pkgs []types.Package) (uniqPkgs []types.Pa } func (a alpinePkgAnalyzer) Required(filePath string, _ os.FileInfo) bool { - return utils.StringInSlice(filePath, requiredFiles) + return slices.Contains(requiredFiles, filePath) } func (a alpinePkgAnalyzer) Type() analyzer.Type { @@ -127,5 +204,5 @@ func (a alpinePkgAnalyzer) Type() analyzer.Type { } func (a alpinePkgAnalyzer) Version() int { - return version + return analyzerVersion } diff --git a/pkg/fanal/analyzer/pkg/apk/apk_test.go b/pkg/fanal/analyzer/pkg/apk/apk_test.go index 4c67ee51497..7e9e97972e1 100644 --- a/pkg/fanal/analyzer/pkg/apk/apk_test.go +++ b/pkg/fanal/analyzer/pkg/apk/apk_test.go @@ -19,20 +19,146 @@ func TestParseApkInfo(t *testing.T) { "Valid": { path: "./testdata/apk", wantPkgs: []types.Package{ - {Name: "musl", Version: "1.1.14-r10", SrcName: "musl", SrcVersion: "1.1.14-r10", Licenses: []string{"MIT"}}, - {Name: "busybox", Version: "1.24.2-r9", SrcName: "busybox", SrcVersion: "1.24.2-r9", Licenses: []string{"GPL-2.0"}}, - {Name: "alpine-baselayout", Version: "3.0.3-r0", SrcName: "alpine-baselayout", SrcVersion: "3.0.3-r0", Licenses: []string{"GPL-2.0"}}, - {Name: "alpine-keys", Version: "1.1-r0", SrcName: "alpine-keys", SrcVersion: "1.1-r0", Licenses: []string{"GPL-3.0"}}, - {Name: "zlib", Version: "1.2.8-r2", SrcName: "zlib", SrcVersion: "1.2.8-r2", Licenses: []string{"Zlib"}}, - {Name: "libcrypto1.0", Version: "1.0.2h-r1", SrcName: "openssl", SrcVersion: "1.0.2h-r1", Licenses: []string{"openssl"}}, - {Name: "libssl1.0", Version: "1.0.2h-r1", SrcName: "openssl", SrcVersion: "1.0.2h-r1", Licenses: []string{"openssl"}}, - {Name: "apk-tools", Version: "2.6.7-r0", SrcName: "apk-tools", SrcVersion: "2.6.7-r0", Licenses: []string{"GPL-2.0"}}, - {Name: "scanelf", Version: "1.1.6-r0", SrcName: "pax-utils", SrcVersion: "1.1.6-r0", Licenses: []string{"GPL-2.0"}}, - {Name: "musl-utils", Version: "1.1.14-r10", SrcName: "musl", SrcVersion: "1.1.14-r10", Licenses: []string{"MIT", "BSD-3-Clause", "GPL-2.0"}}, - {Name: "libc-utils", Version: "0.7-r0", SrcName: "libc-dev", SrcVersion: "0.7-r0", Licenses: []string{"GPL-3.0"}}, - {Name: "pkgconf", Version: "1.6.0-r0", SrcName: "pkgconf", SrcVersion: "1.6.0-r0", Licenses: []string{"ISC"}}, - {Name: "sqlite-libs", Version: "3.26.0-r3", SrcName: "sqlite", SrcVersion: "3.26.0-r3", Licenses: []string{"Public-Domain"}}, - {Name: "test", Version: "2.9.11_pre20061021-r2", SrcName: "test-parent", SrcVersion: "2.9.11_pre20061021-r2", Licenses: []string{"Public-Domain"}}, + { + ID: "musl@1.1.14-r10", + Name: "musl", + Version: "1.1.14-r10", + SrcName: "musl", + SrcVersion: "1.1.14-r10", + Licenses: []string{"MIT"}, + }, + { + ID: "busybox@1.24.2-r9", + Name: "busybox", + Version: "1.24.2-r9", + SrcName: "busybox", + SrcVersion: "1.24.2-r9", + Licenses: []string{"GPL-2.0"}, + DependsOn: []string{"musl@1.1.14-r10"}, + }, + { + ID: "alpine-baselayout@3.0.3-r0", + Name: "alpine-baselayout", + Version: "3.0.3-r0", + SrcName: "alpine-baselayout", + SrcVersion: "3.0.3-r0", + Licenses: []string{"GPL-2.0"}, + DependsOn: []string{"busybox@1.24.2-r9", "musl@1.1.14-r10"}, + }, + { + ID: "alpine-keys@1.1-r0", + Name: "alpine-keys", + Version: "1.1-r0", + SrcName: "alpine-keys", + SrcVersion: "1.1-r0", + Licenses: []string{"GPL-3.0"}, + }, + { + ID: "zlib@1.2.8-r2", + Name: "zlib", + Version: "1.2.8-r2", + SrcName: "zlib", + SrcVersion: "1.2.8-r2", + Licenses: []string{"Zlib"}, + DependsOn: []string{"musl@1.1.14-r10"}, + }, + { + ID: "libcrypto1.0@1.0.2h-r1", + Name: "libcrypto1.0", + Version: "1.0.2h-r1", + SrcName: "openssl", + SrcVersion: "1.0.2h-r1", + Licenses: []string{"openssl"}, + DependsOn: []string{"musl@1.1.14-r10", "zlib@1.2.8-r2"}, + }, + { + ID: "libssl1.0@1.0.2h-r1", + Name: "libssl1.0", + Version: "1.0.2h-r1", + SrcName: "openssl", + SrcVersion: "1.0.2h-r1", + Licenses: []string{"openssl"}, + DependsOn: []string{ + "libcrypto1.0@1.0.2h-r1", + "musl@1.1.14-r10", + }, + }, + { + ID: "apk-tools@2.6.7-r0", + Name: "apk-tools", + Version: "2.6.7-r0", + SrcName: "apk-tools", + SrcVersion: "2.6.7-r0", + Licenses: []string{"GPL-2.0"}, + DependsOn: []string{ + "libcrypto1.0@1.0.2h-r1", + "libssl1.0@1.0.2h-r1", + "musl@1.1.14-r10", + "zlib@1.2.8-r2", + }, + }, + { + ID: "scanelf@1.1.6-r0", + Name: "scanelf", + Version: "1.1.6-r0", + SrcName: "pax-utils", + SrcVersion: "1.1.6-r0", + Licenses: []string{"GPL-2.0"}, + DependsOn: []string{"musl@1.1.14-r10"}, + }, + { + ID: "musl-utils@1.1.14-r10", + Name: "musl-utils", + Version: "1.1.14-r10", + SrcName: "musl", + SrcVersion: "1.1.14-r10", + Licenses: []string{"MIT", "BSD-3-Clause", "GPL-2.0"}, + DependsOn: []string{ + "musl@1.1.14-r10", + "scanelf@1.1.6-r0", + }, + }, + { + ID: "libc-utils@0.7-r0", + Name: "libc-utils", + Version: "0.7-r0", + SrcName: "libc-dev", + SrcVersion: "0.7-r0", + Licenses: []string{"GPL-3.0"}, + DependsOn: []string{"musl-utils@1.1.14-r10"}, + }, + { + ID: "pkgconf@1.6.0-r0", + Name: "pkgconf", + Version: "1.6.0-r0", + SrcName: "pkgconf", + SrcVersion: "1.6.0-r0", + Licenses: []string{"ISC"}, + DependsOn: []string{"musl@1.1.14-r10"}, + }, + + { + ID: "sqlite-libs@3.26.0-r3", + Name: "sqlite-libs", + Version: "3.26.0-r3", + SrcName: "sqlite", + SrcVersion: "3.26.0-r3", + Licenses: []string{"Public-Domain"}, + DependsOn: []string{"musl@1.1.14-r10"}, + }, + + { + ID: "test@2.9.11_pre20061021-r2", + Name: "test", + Version: "2.9.11_pre20061021-r2", + SrcName: "test-parent", + SrcVersion: "2.9.11_pre20061021-r2", + Licenses: []string{"Public-Domain"}, + DependsOn: []string{ + "pkgconf@1.6.0-r0", + "sqlite-libs@3.26.0-r3", + }, + }, }, wantFiles: []string{ // musl-1.1.14-r10 diff --git a/pkg/fanal/analyzer/pkg/dpkg/dpkg.go b/pkg/fanal/analyzer/pkg/dpkg/dpkg.go index 5987868502a..dd9770141c0 100644 --- a/pkg/fanal/analyzer/pkg/dpkg/dpkg.go +++ b/pkg/fanal/analyzer/pkg/dpkg/dpkg.go @@ -3,17 +3,20 @@ package dpkg import ( "bufio" "context" - "log" + "fmt" "os" "path/filepath" "regexp" + "sort" "strings" debVersion "github.com/knqyf263/go-deb-version" + "github.com/samber/lo" "golang.org/x/xerrors" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/types" + "github.com/aquasecurity/trivy/pkg/log" ) func init() { @@ -21,7 +24,7 @@ func init() { } const ( - version = 2 + analyzerVersion = 3 statusFile = "var/lib/dpkg/status" statusDir = "var/lib/dpkg/status.d/" @@ -81,7 +84,8 @@ func (a dpkgAnalyzer) parseDpkgInfoList(scanner *bufio.Scanner) (*analyzer.Analy // parseDpkgStatus parses /var/lib/dpkg/status or /var/lib/dpkg/status/* func (a dpkgAnalyzer) parseDpkgStatus(filePath string, scanner *bufio.Scanner) (*analyzer.AnalysisResult, error) { var pkg *types.Package - pkgMap := map[string]*types.Package{} + pkgs := map[string]*types.Package{} + pkgIDs := map[string]string{} for scanner.Scan() { line := strings.TrimSpace(scanner.Text()) @@ -91,7 +95,8 @@ func (a dpkgAnalyzer) parseDpkgStatus(filePath string, scanner *bufio.Scanner) ( pkg = a.parseDpkgPkg(scanner) if pkg != nil { - pkgMap[pkg.Name+"-"+pkg.Version] = pkg + pkgs[pkg.ID] = pkg + pkgIDs[pkg.Name] = pkg.ID } } @@ -99,16 +104,15 @@ func (a dpkgAnalyzer) parseDpkgStatus(filePath string, scanner *bufio.Scanner) ( return nil, xerrors.Errorf("scan error: %w", err) } - pkgs := make([]types.Package, 0, len(pkgMap)) - for _, p := range pkgMap { - pkgs = append(pkgs, *p) - } + a.consolidateDependencies(pkgs, pkgIDs) return &analyzer.AnalysisResult{ PackageInfos: []types.PackageInfo{ { FilePath: filePath, - Packages: pkgs, + Packages: lo.MapToSlice(pkgs, func(_ string, p *types.Package) types.Package { + return *p + }), }, }, }, nil @@ -119,6 +123,7 @@ func (a dpkgAnalyzer) parseDpkgPkg(scanner *bufio.Scanner) (pkg *types.Package) name string version string sourceName string + dependencies []string isInstalled bool sourceVersion string ) @@ -128,9 +133,10 @@ func (a dpkgAnalyzer) parseDpkgPkg(scanner *bufio.Scanner) (pkg *types.Package) if line == "" { break } - if strings.HasPrefix(line, "Package: ") { + switch { + case strings.HasPrefix(line, "Package: "): name = strings.TrimSpace(strings.TrimPrefix(line, "Package: ")) - } else if strings.HasPrefix(line, "Source: ") { + case strings.HasPrefix(line, "Source: "): // Source line (Optional) // Gives the name of the source package // May also specifies a version @@ -145,15 +151,12 @@ func (a dpkgAnalyzer) parseDpkgPkg(scanner *bufio.Scanner) (pkg *types.Package) if md["version"] != "" { sourceVersion = md["version"] } - } else if strings.HasPrefix(line, "Version: ") { + case strings.HasPrefix(line, "Version: "): version = strings.TrimPrefix(line, "Version: ") - } else if strings.HasPrefix(line, "Status: ") { - for _, ss := range strings.Fields(strings.TrimPrefix(line, "Status: ")) { - if ss == "deinstall" || ss == "purge" { - isInstalled = false - break - } - } + case strings.HasPrefix(line, "Status: "): + isInstalled = a.parseStatus(line) + case strings.HasPrefix(line, "Depends: "): + dependencies = a.parseDepends(line) } if !scanner.Scan() { break @@ -163,10 +166,15 @@ func (a dpkgAnalyzer) parseDpkgPkg(scanner *bufio.Scanner) (pkg *types.Package) if name == "" || version == "" || !isInstalled { return nil } else if !debVersion.Valid(version) { - log.Printf("Invalid Version Found : OS %s, Package %s, Version %s", "debian", name, version) + log.Logger.Warnf("Invalid Version Found : OS %s, Package %s, Version %s", "debian", name, version) return nil } - pkg = &types.Package{Name: name, Version: version} + pkg = &types.Package{ + ID: a.pkgID(name, version), + Name: name, + Version: version, + DependsOn: dependencies, // Will be consolidated later + } // Source version and names are computed from binary package names and versions // in dpkg. @@ -183,7 +191,7 @@ func (a dpkgAnalyzer) parseDpkgPkg(scanner *bufio.Scanner) (pkg *types.Package) } if !debVersion.Valid(sourceVersion) { - log.Printf("Invalid Version Found : OS %s, Package %s, Version %s", "debian", sourceName, sourceVersion) + log.Logger.Warnf("Invalid Version Found : OS %s, Package %s, Version %s", "debian", sourceName, sourceVersion) return pkg } pkg.SrcName = sourceName @@ -204,6 +212,63 @@ func (a dpkgAnalyzer) Required(filePath string, _ os.FileInfo) bool { return false } +func (a dpkgAnalyzer) pkgID(name, version string) string { + return fmt.Sprintf("%s@%s", name, version) +} + +func (a dpkgAnalyzer) parseStatus(line string) bool { + for _, ss := range strings.Fields(strings.TrimPrefix(line, "Status: ")) { + if ss == "deinstall" || ss == "purge" { + return false + } + } + return true +} + +func (a dpkgAnalyzer) parseDepends(line string) []string { + line = strings.TrimPrefix(line, "Depends: ") + // e.g. Depends: passwd, debconf (>= 0.5) | debconf-2.0 + + var dependencies []string + depends := strings.Split(line, ",") + for _, dep := range depends { + // e.g. gpgv | gpgv2 | gpgv1 + for _, d := range strings.Split(dep, "|") { + d = a.trimVersionRequirement(d) + + // Store only package names here + dependencies = append(dependencies, strings.TrimSpace(d)) + } + } + return dependencies +} + +func (a dpkgAnalyzer) trimVersionRequirement(s string) string { + // e.g. + // libapt-pkg6.0 (>= 2.2.4) => libapt-pkg6.0 + // adduser => adduser + if strings.Contains(s, "(") { + s = s[:strings.Index(s, "(")] + } + return s +} + +func (a dpkgAnalyzer) consolidateDependencies(pkgs map[string]*types.Package, pkgIDs map[string]string) { + for _, pkg := range pkgs { + // e.g. libc6 => libc6@2.31-13+deb11u4 + pkg.DependsOn = lo.FilterMap(pkg.DependsOn, func(d string, _ int) (string, bool) { + if pkgID, ok := pkgIDs[d]; ok { + return pkgID, true + } + return "", false + }) + sort.Strings(pkg.DependsOn) + if len(pkg.DependsOn) == 0 { + pkg.DependsOn = nil + } + } +} + func (a dpkgAnalyzer) isListFile(dir, fileName string) bool { if dir != infoDir { return false @@ -217,5 +282,5 @@ func (a dpkgAnalyzer) Type() analyzer.Type { } func (a dpkgAnalyzer) Version() int { - return version + return analyzerVersion } diff --git a/pkg/fanal/analyzer/pkg/dpkg/dpkg_test.go b/pkg/fanal/analyzer/pkg/dpkg/dpkg_test.go index 76b89a48159..e2465501005 100644 --- a/pkg/fanal/analyzer/pkg/dpkg/dpkg_test.go +++ b/pkg/fanal/analyzer/pkg/dpkg/dpkg_test.go @@ -30,257 +30,805 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) { { FilePath: "var/lib/dpkg/status", Packages: []types.Package{ - {Name: "adduser", Version: "3.116ubuntu1", SrcName: "adduser", SrcVersion: "3.116ubuntu1"}, - {Name: "apt", Version: "1.6.3ubuntu0.1", SrcName: "apt", SrcVersion: "1.6.3ubuntu0.1"}, { - Name: "base-files", Version: "10.1ubuntu2.2", SrcName: "base-files", + ID: "adduser@3.116ubuntu1", + Name: "adduser", + Version: "3.116ubuntu1", + SrcName: "adduser", + SrcVersion: "3.116ubuntu1", + DependsOn: []string{ + "debconf@1.5.66", + "passwd@1:4.5-1ubuntu1", + }, + }, + { + ID: "apt@1.6.3ubuntu0.1", + Name: "apt", + Version: "1.6.3ubuntu0.1", + SrcName: "apt", + SrcVersion: "1.6.3ubuntu0.1", + DependsOn: []string{ + "adduser@3.116ubuntu1", + "gpgv@2.2.4-1ubuntu1.1", + "libapt-pkg5.0@1.6.3ubuntu0.1", + "libc6@2.27-3ubuntu1", + "libgcc1@1:8-20180414-1ubuntu2", + "libgnutls30@3.5.18-1ubuntu1", + "libseccomp2@2.3.1-2.1ubuntu4", + "libstdc++6@8-20180414-1ubuntu2", + "ubuntu-keyring@2018.02.28", + }, + }, + { + ID: "base-files@10.1ubuntu2.2", + Name: "base-files", + Version: "10.1ubuntu2.2", + SrcName: "base-files", SrcVersion: "10.1ubuntu2.2", }, - {Name: "base-passwd", Version: "3.5.44", SrcName: "base-passwd", SrcVersion: "3.5.44"}, - {Name: "bash", Version: "4.4.18-2ubuntu1", SrcName: "bash", SrcVersion: "4.4.18-2ubuntu1"}, { - Name: "bsdutils", Version: "1:2.31.1-0.4ubuntu3.1", SrcName: "util-linux", + ID: "base-passwd@3.5.44", + Name: "base-passwd", + Version: "3.5.44", + SrcName: "base-passwd", + SrcVersion: "3.5.44", + DependsOn: []string{ + "libc6@2.27-3ubuntu1", + "libdebconfclient0@0.213ubuntu1", + }, + }, + { + ID: "bash@4.4.18-2ubuntu1", + Name: "bash", + Version: "4.4.18-2ubuntu1", + SrcName: "bash", + SrcVersion: "4.4.18-2ubuntu1", + DependsOn: []string{ + "base-files@10.1ubuntu2.2", + "debianutils@4.8.4", + }, + }, + { + ID: "bsdutils@1:2.31.1-0.4ubuntu3.1", + Name: "bsdutils", + Version: "1:2.31.1-0.4ubuntu3.1", + SrcName: "util-linux", SrcVersion: "2.31.1-0.4ubuntu3.1", }, - {Name: "bzip2", Version: "1.0.6-8.1", SrcName: "bzip2", SrcVersion: "1.0.6-8.1"}, { - Name: "coreutils", Version: "8.28-1ubuntu1", SrcName: "coreutils", + ID: "bzip2@1.0.6-8.1", + Name: "bzip2", + Version: "1.0.6-8.1", + SrcName: "bzip2", + SrcVersion: "1.0.6-8.1", + DependsOn: []string{ + "libbz2-1.0@1.0.6-8.1", + "libc6@2.27-3ubuntu1", + }, + }, + { + ID: "coreutils@8.28-1ubuntu1", + Name: "coreutils", + Version: "8.28-1ubuntu1", + SrcName: "coreutils", SrcVersion: "8.28-1ubuntu1", }, - {Name: "dash", Version: "0.5.8-2.10", SrcName: "dash", SrcVersion: "0.5.8-2.10"}, - {Name: "debconf", Version: "1.5.66", SrcName: "debconf", SrcVersion: "1.5.66"}, - {Name: "debianutils", Version: "4.8.4", SrcName: "debianutils", SrcVersion: "4.8.4"}, - {Name: "diffutils", Version: "1:3.6-1", SrcName: "diffutils", SrcVersion: "1:3.6-1"}, - {Name: "dpkg", Version: "1.19.0.5ubuntu2", SrcName: "dpkg", SrcVersion: "1.19.0.5ubuntu2"}, - {Name: "e2fsprogs", Version: "1.44.1-1", SrcName: "e2fsprogs", SrcVersion: "1.44.1-1"}, { - Name: "fdisk", Version: "2.31.1-0.4ubuntu3.1", SrcName: "util-linux", - SrcVersion: "2.31.1-0.4ubuntu3.1", + ID: "dash@0.5.8-2.10", + Name: "dash", + Version: "0.5.8-2.10", + SrcName: "dash", + SrcVersion: "0.5.8-2.10", + DependsOn: []string{ + "debianutils@4.8.4", + "dpkg@1.19.0.5ubuntu2", + }, + }, + {ID: "debconf@1.5.66", + Name: "debconf", + Version: "1.5.66", + SrcName: "debconf", + SrcVersion: "1.5.66", + }, + { + ID: "debianutils@4.8.4", + Name: "debianutils", + Version: "4.8.4", + SrcName: "debianutils", + SrcVersion: "4.8.4", }, { - Name: "findutils", Version: "4.6.0+git+20170828-2", SrcName: "findutils", + ID: "diffutils@1:3.6-1", + Name: "diffutils", + Version: "1:3.6-1", + SrcName: "diffutils", + SrcVersion: "1:3.6-1", + }, + { + ID: "dpkg@1.19.0.5ubuntu2", + Name: "dpkg", + Version: "1.19.0.5ubuntu2", + SrcName: "dpkg", + SrcVersion: "1.19.0.5ubuntu2", + DependsOn: []string{"tar@1.29b-2"}, + }, + { + ID: "e2fsprogs@1.44.1-1", + Name: "e2fsprogs", + Version: "1.44.1-1", + SrcName: "e2fsprogs", + SrcVersion: "1.44.1-1", + }, + { + ID: "fdisk@2.31.1-0.4ubuntu3.1", + Name: "fdisk", + Version: "2.31.1-0.4ubuntu3.1", + SrcName: "util-linux", + SrcVersion: "2.31.1-0.4ubuntu3.1", + DependsOn: []string{ + "libc6@2.27-3ubuntu1", + "libfdisk1@2.31.1-0.4ubuntu3.1", + "libmount1@2.31.1-0.4ubuntu3.1", + "libncursesw5@6.1-1ubuntu1.18.04", + "libsmartcols1@2.31.1-0.4ubuntu3.1", + "libtinfo5@6.1-1ubuntu1.18.04", + }, + }, + { + ID: "findutils@4.6.0+git+20170828-2", + Name: "findutils", + Version: "4.6.0+git+20170828-2", + SrcName: "findutils", SrcVersion: "4.6.0+git+20170828-2", }, { - Name: "gcc-8-base", Version: "8-20180414-1ubuntu2", SrcName: "gcc-8", + ID: "gcc-8-base@8-20180414-1ubuntu2", + Name: "gcc-8-base", + Version: "8-20180414-1ubuntu2", + SrcName: "gcc-8", SrcVersion: "8-20180414-1ubuntu2", }, { - Name: "gpgv", Version: "2.2.4-1ubuntu1.1", SrcName: "gnupg2", + ID: "gpgv@2.2.4-1ubuntu1.1", + Name: "gpgv", + Version: "2.2.4-1ubuntu1.1", + SrcName: "gnupg2", SrcVersion: "2.2.4-1ubuntu1.1", - }, - {Name: "grep", Version: "3.1-2", SrcName: "grep", SrcVersion: "3.1-2"}, - {Name: "gzip", Version: "1.6-5ubuntu1", SrcName: "gzip", SrcVersion: "1.6-5ubuntu1"}, - {Name: "hostname", Version: "3.20", SrcName: "hostname", SrcVersion: "3.20"}, - { - Name: "init-system-helpers", Version: "1.51", SrcName: "init-system-helpers", + DependsOn: []string{ + "libbz2-1.0@1.0.6-8.1", + "libc6@2.27-3ubuntu1", + "libgcrypt20@1.8.1-4ubuntu1.1", + "libgpg-error0@1.27-6", + "zlib1g@1:1.2.11.dfsg-0ubuntu2", + }, + }, + { + ID: "grep@3.1-2", + Name: "grep", + Version: "3.1-2", + SrcName: "grep", + SrcVersion: "3.1-2", + DependsOn: []string{"dpkg@1.19.0.5ubuntu2"}, + }, + { + ID: "gzip@1.6-5ubuntu1", + Name: "gzip", + Version: "1.6-5ubuntu1", + SrcName: "gzip", + SrcVersion: "1.6-5ubuntu1", + DependsOn: []string{"dpkg@1.19.0.5ubuntu2"}, + }, + { + ID: "hostname@3.20", + Name: "hostname", + Version: "3.20", + SrcName: "hostname", + SrcVersion: "3.20", + }, + { + ID: "init-system-helpers@1.51", + Name: "init-system-helpers", + Version: "1.51", + SrcName: "init-system-helpers", SrcVersion: "1.51", + DependsOn: []string{"perl-base@5.26.1-6ubuntu0.2"}, }, - {Name: "libacl1", Version: "2.2.52-3build1", SrcName: "acl", SrcVersion: "2.2.52-3build1"}, { - Name: "libapt-pkg5.0", Version: "1.6.3ubuntu0.1", SrcName: "apt", - SrcVersion: "1.6.3ubuntu0.1", + ID: "libacl1@2.2.52-3build1", + Name: "libacl1", + Version: "2.2.52-3build1", + SrcName: "acl", + SrcVersion: "2.2.52-3build1", + DependsOn: []string{ + "libattr1@1:2.4.47-2build1", + "libc6@2.27-3ubuntu1", + }, }, { - Name: "libattr1", Version: "1:2.4.47-2build1", SrcName: "attr", + ID: "libapt-pkg5.0@1.6.3ubuntu0.1", + Name: "libapt-pkg5.0", + Version: "1.6.3ubuntu0.1", + SrcName: "apt", + SrcVersion: "1.6.3ubuntu0.1", + DependsOn: []string{ + "libbz2-1.0@1.0.6-8.1", + "libc6@2.27-3ubuntu1", + "libgcc1@1:8-20180414-1ubuntu2", + "liblz4-1@0.0~r131-2ubuntu3", + "liblzma5@5.1.1alpha+20120614-2+b3", + "libstdc++6@8-20180414-1ubuntu2", + "libudev1@237-3ubuntu10.3", + "libzstd1@1.3.3+dfsg-2ubuntu1", + "zlib1g@1:1.2.11.dfsg-0ubuntu2", + }, + }, + { + ID: "libattr1@1:2.4.47-2build1", + Name: "libattr1", + Version: "1:2.4.47-2build1", + SrcName: "attr", SrcVersion: "1:2.4.47-2build1", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, }, { - Name: "libaudit-common", Version: "1:2.8.2-1ubuntu1", SrcName: "audit", + ID: "libaudit-common@1:2.8.2-1ubuntu1", + Name: "libaudit-common", + Version: "1:2.8.2-1ubuntu1", + SrcName: "audit", SrcVersion: "1:2.8.2-1ubuntu1", }, { - Name: "libaudit1", Version: "1:2.8.2-1ubuntu1", SrcName: "audit", + ID: "libaudit1@1:2.8.2-1ubuntu1", + Name: "libaudit1", + Version: "1:2.8.2-1ubuntu1", + SrcName: "audit", SrcVersion: "1:2.8.2-1ubuntu1", + DependsOn: []string{"libaudit-common@1:2.8.2-1ubuntu1", + "libc6@2.27-3ubuntu1", + "libcap-ng0@0.7.7-3.1"}, }, { - Name: "libblkid1", Version: "2.31.1-0.4ubuntu3.1", SrcName: "util-linux", + ID: "libblkid1@2.31.1-0.4ubuntu3.1", + Name: "libblkid1", + Version: "2.31.1-0.4ubuntu3.1", + SrcName: "util-linux", SrcVersion: "2.31.1-0.4ubuntu3.1", + DependsOn: []string{"libc6@2.27-3ubuntu1", + "libuuid1@2.31.1-0.4ubuntu3.1"}, + }, + { + ID: "libbz2-1.0@1.0.6-8.1", + Name: "libbz2-1.0", + Version: "1.0.6-8.1", + SrcName: "bzip2", + SrcVersion: "1.0.6-8.1", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, + }, + { + ID: "libc-bin@2.27-3ubuntu1", + Name: "libc-bin", + Version: "2.27-3ubuntu1", + SrcName: "glibc", + SrcVersion: "2.27-3ubuntu1", + DependsOn: []string{"libc6@2.27-3ubuntu1", + "libc6@2.27-3ubuntu1"}, }, - {Name: "libbz2-1.0", Version: "1.0.6-8.1", SrcName: "bzip2", SrcVersion: "1.0.6-8.1"}, - {Name: "libc-bin", Version: "2.27-3ubuntu1", SrcName: "glibc", SrcVersion: "2.27-3ubuntu1"}, - {Name: "libc6", Version: "2.27-3ubuntu1", SrcName: "glibc", SrcVersion: "2.27-3ubuntu1"}, - {Name: "libcap-ng0", Version: "0.7.7-3.1", SrcName: "libcap-ng", SrcVersion: "0.7.7-3.1"}, - {Name: "libcom-err2", Version: "1.44.1-1", SrcName: "e2fsprogs", SrcVersion: "1.44.1-1"}, { - Name: "libdb5.3", Version: "5.3.28-13.1ubuntu1", SrcName: "db5.3", + ID: "libc6@2.27-3ubuntu1", + Name: "libc6", + Version: "2.27-3ubuntu1", + SrcName: "glibc", + SrcVersion: "2.27-3ubuntu1", + DependsOn: []string{"libgcc1@1:8-20180414-1ubuntu2"}, + }, + { + ID: "libcap-ng0@0.7.7-3.1", + Name: "libcap-ng0", + Version: "0.7.7-3.1", + SrcName: "libcap-ng", + SrcVersion: "0.7.7-3.1", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, + }, + { + ID: "libcom-err2@1.44.1-1", + Name: "libcom-err2", + Version: "1.44.1-1", + SrcName: "e2fsprogs", + SrcVersion: "1.44.1-1", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, + }, + { + ID: "libdb5.3@5.3.28-13.1ubuntu1", + Name: "libdb5.3", + Version: "5.3.28-13.1ubuntu1", + SrcName: "db5.3", SrcVersion: "5.3.28-13.1ubuntu1", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, }, { - Name: "libdebconfclient0", Version: "0.213ubuntu1", SrcName: "cdebconf", + ID: "libdebconfclient0@0.213ubuntu1", + Name: "libdebconfclient0", + Version: "0.213ubuntu1", + SrcName: "cdebconf", SrcVersion: "0.213ubuntu1", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, + }, + { + ID: "libext2fs2@1.44.1-1", + Name: "libext2fs2", + Version: "1.44.1-1", + SrcName: "e2fsprogs", + SrcVersion: "1.44.1-1", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, }, - {Name: "libext2fs2", Version: "1.44.1-1", SrcName: "e2fsprogs", SrcVersion: "1.44.1-1"}, { - Name: "libfdisk1", Version: "2.31.1-0.4ubuntu3.1", SrcName: "util-linux", + ID: "libfdisk1@2.31.1-0.4ubuntu3.1", + Name: "libfdisk1", + Version: "2.31.1-0.4ubuntu3.1", + SrcName: "util-linux", SrcVersion: "2.31.1-0.4ubuntu3.1", + DependsOn: []string{"libblkid1@2.31.1-0.4ubuntu3.1", + "libc6@2.27-3ubuntu1", + "libuuid1@2.31.1-0.4ubuntu3.1"}, }, - {Name: "libffi6", Version: "3.2.1-8", SrcName: "libffi", SrcVersion: "3.2.1-8"}, { - Name: "libgcc1", Version: "1:8-20180414-1ubuntu2", SrcName: "gcc-8", + ID: "libffi6@3.2.1-8", + Name: "libffi6", + Version: "3.2.1-8", + SrcName: "libffi", + SrcVersion: "3.2.1-8", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, + }, + { + ID: "libgcc1@1:8-20180414-1ubuntu2", + Name: "libgcc1", + Version: "1:8-20180414-1ubuntu2", + SrcName: "gcc-8", SrcVersion: "8-20180414-1ubuntu2", + DependsOn: []string{"gcc-8-base@8-20180414-1ubuntu2", + "libc6@2.27-3ubuntu1"}, }, { - Name: "libgcrypt20", Version: "1.8.1-4ubuntu1.1", SrcName: "libgcrypt20", + ID: "libgcrypt20@1.8.1-4ubuntu1.1", + Name: "libgcrypt20", + Version: "1.8.1-4ubuntu1.1", + SrcName: "libgcrypt20", SrcVersion: "1.8.1-4ubuntu1.1", + DependsOn: []string{"libc6@2.27-3ubuntu1", + "libgpg-error0@1.27-6"}, }, - {Name: "libgmp10", Version: "2:6.1.2+dfsg-2", SrcName: "gmp", SrcVersion: "2:6.1.2+dfsg-2"}, { - Name: "libgnutls30", Version: "3.5.18-1ubuntu1", SrcName: "gnutls28", - SrcVersion: "3.5.18-1ubuntu1", + ID: "libgmp10@2:6.1.2+dfsg-2", + Name: "libgmp10", + Version: "2:6.1.2+dfsg-2", + SrcName: "gmp", + SrcVersion: "2:6.1.2+dfsg-2", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, }, - {Name: "libgpg-error0", Version: "1.27-6", SrcName: "libgpg-error", SrcVersion: "1.27-6"}, - {Name: "libhogweed4", Version: "3.4-1", SrcName: "nettle", SrcVersion: "3.4-1"}, { - Name: "libidn2-0", Version: "2.0.4-1.1build2", SrcName: "libidn2", + ID: "libgnutls30@3.5.18-1ubuntu1", + Name: "libgnutls30", + Version: "3.5.18-1ubuntu1", + SrcName: "gnutls28", + SrcVersion: "3.5.18-1ubuntu1", + DependsOn: []string{"libc6@2.27-3ubuntu1", + "libgmp10@2:6.1.2+dfsg-2", + "libhogweed4@3.4-1", + "libidn2-0@2.0.4-1.1build2", + "libnettle6@3.4-1", + "libp11-kit0@0.23.9-2", + "libtasn1-6@4.13-2", + "libunistring2@0.9.9-0ubuntu1", + "zlib1g@1:1.2.11.dfsg-0ubuntu2"}, + }, + { + ID: "libgpg-error0@1.27-6", + Name: "libgpg-error0", + Version: "1.27-6", + SrcName: "libgpg-error", + SrcVersion: "1.27-6", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, + }, + { + ID: "libhogweed4@3.4-1", + Name: "libhogweed4", + Version: "3.4-1", + SrcName: "nettle", + SrcVersion: "3.4-1", + DependsOn: []string{"libc6@2.27-3ubuntu1", + "libgmp10@2:6.1.2+dfsg-2", + "libnettle6@3.4-1"}, + }, + { + ID: "libidn2-0@2.0.4-1.1build2", + Name: "libidn2-0", + Version: "2.0.4-1.1build2", + SrcName: "libidn2", SrcVersion: "2.0.4-1.1build2", + DependsOn: []string{"libc6@2.27-3ubuntu1", + "libunistring2@0.9.9-0ubuntu1"}, }, { - Name: "liblz4-1", Version: "0.0~r131-2ubuntu3", SrcName: "lz4", + ID: "liblz4-1@0.0~r131-2ubuntu3", + Name: "liblz4-1", + Version: "0.0~r131-2ubuntu3", + SrcName: "lz4", SrcVersion: "0.0~r131-2ubuntu3", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, }, { - Name: "liblzma5", Version: "5.1.1alpha+20120614-2+b3", SrcName: "xz-utils", + ID: "liblzma5@5.1.1alpha+20120614-2+b3", + Name: "liblzma5", + Version: "5.1.1alpha+20120614-2+b3", + SrcName: "xz-utils", SrcVersion: "5.1.1alpha+20120614-2", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, }, { - Name: "libmount1", Version: "2.31.1-0.4ubuntu3.1", SrcName: "util-linux", + ID: "libmount1@2.31.1-0.4ubuntu3.1", + Name: "libmount1", + Version: "2.31.1-0.4ubuntu3.1", + SrcName: "util-linux", SrcVersion: "2.31.1-0.4ubuntu3.1", + DependsOn: []string{"libblkid1@2.31.1-0.4ubuntu3.1", + "libc6@2.27-3ubuntu1", + "libselinux1@2.7-2build2"}, }, { - Name: "libncurses5", Version: "6.1-1ubuntu1.18.04", SrcName: "ncurses", + ID: "libncurses5@6.1-1ubuntu1.18.04", + Name: "libncurses5", + Version: "6.1-1ubuntu1.18.04", + SrcName: "ncurses", SrcVersion: "6.1-1ubuntu1.18.04", + DependsOn: []string{"libc6@2.27-3ubuntu1", + "libtinfo5@6.1-1ubuntu1.18.04"}, }, { - Name: "libncursesw5", Version: "6.1-1ubuntu1.18.04", SrcName: "ncurses", + ID: "libncursesw5@6.1-1ubuntu1.18.04", + Name: "libncursesw5", + Version: "6.1-1ubuntu1.18.04", + SrcName: "ncurses", SrcVersion: "6.1-1ubuntu1.18.04", + DependsOn: []string{"libc6@2.27-3ubuntu1", + "libtinfo5@6.1-1ubuntu1.18.04"}, + }, + { + ID: "libnettle6@3.4-1", + Name: "libnettle6", + Version: "3.4-1", + SrcName: "nettle", + SrcVersion: "3.4-1", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, + }, + { + ID: "libp11-kit0@0.23.9-2", + Name: "libp11-kit0", + Version: "0.23.9-2", + SrcName: "p11-kit", + SrcVersion: "0.23.9-2", + DependsOn: []string{"libc6@2.27-3ubuntu1", + "libffi6@3.2.1-8"}, }, - {Name: "libnettle6", Version: "3.4-1", SrcName: "nettle", SrcVersion: "3.4-1"}, - {Name: "libp11-kit0", Version: "0.23.9-2", SrcName: "p11-kit", SrcVersion: "0.23.9-2"}, { - Name: "libpam-modules", Version: "1.1.8-3.6ubuntu2", SrcName: "pam", + ID: "libpam-modules@1.1.8-3.6ubuntu2", + Name: "libpam-modules", + Version: "1.1.8-3.6ubuntu2", + SrcName: "pam", SrcVersion: "1.1.8-3.6ubuntu2", }, { - Name: "libpam-modules-bin", Version: "1.1.8-3.6ubuntu2", SrcName: "pam", + ID: "libpam-modules-bin@1.1.8-3.6ubuntu2", + Name: "libpam-modules-bin", + Version: "1.1.8-3.6ubuntu2", + SrcName: "pam", SrcVersion: "1.1.8-3.6ubuntu2", + DependsOn: []string{"libaudit1@1:2.8.2-1ubuntu1", + "libc6@2.27-3ubuntu1", + "libpam0g@1.1.8-3.6ubuntu2", + "libselinux1@2.7-2build2"}, }, { - Name: "libpam-runtime", Version: "1.1.8-3.6ubuntu2", SrcName: "pam", + ID: "libpam-runtime@1.1.8-3.6ubuntu2", + Name: "libpam-runtime", + Version: "1.1.8-3.6ubuntu2", + SrcName: "pam", SrcVersion: "1.1.8-3.6ubuntu2", + DependsOn: []string{"debconf@1.5.66", + "debconf@1.5.66", + "libpam-modules@1.1.8-3.6ubuntu2"}, }, { - Name: "libpam0g", Version: "1.1.8-3.6ubuntu2", SrcName: "pam", + ID: "libpam0g@1.1.8-3.6ubuntu2", + Name: "libpam0g", + Version: "1.1.8-3.6ubuntu2", + SrcName: "pam", SrcVersion: "1.1.8-3.6ubuntu2", + DependsOn: []string{"debconf@1.5.66", + "libaudit1@1:2.8.2-1ubuntu1", + "libc6@2.27-3ubuntu1"}, }, - {Name: "libpcre3", Version: "2:8.39-9", SrcName: "pcre3", SrcVersion: "2:8.39-9"}, { - Name: "libprocps6", Version: "2:3.3.12-3ubuntu1.1", SrcName: "procps", + ID: "libpcre3@2:8.39-9", + Name: "libpcre3", + Version: "2:8.39-9", + SrcName: "pcre3", + SrcVersion: "2:8.39-9", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, + }, + { + ID: "libprocps6@2:3.3.12-3ubuntu1.1", + Name: "libprocps6", + Version: "2:3.3.12-3ubuntu1.1", + SrcName: "procps", SrcVersion: "2:3.3.12-3ubuntu1.1", + DependsOn: []string{"libc6@2.27-3ubuntu1", + "libsystemd0@237-3ubuntu10.3"}, }, { - Name: "libseccomp2", Version: "2.3.1-2.1ubuntu4", SrcName: "libseccomp", + ID: "libseccomp2@2.3.1-2.1ubuntu4", + Name: "libseccomp2", + Version: "2.3.1-2.1ubuntu4", + SrcName: "libseccomp", SrcVersion: "2.3.1-2.1ubuntu4", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, }, { - Name: "libselinux1", Version: "2.7-2build2", SrcName: "libselinux", + ID: "libselinux1@2.7-2build2", + Name: "libselinux1", + Version: "2.7-2build2", + SrcName: "libselinux", SrcVersion: "2.7-2build2", + DependsOn: []string{"libc6@2.27-3ubuntu1", + "libpcre3@2:8.39-9"}, }, { - Name: "libsemanage-common", Version: "2.7-2build2", SrcName: "libsemanage", + ID: "libsemanage-common@2.7-2build2", + Name: "libsemanage-common", + Version: "2.7-2build2", + SrcName: "libsemanage", SrcVersion: "2.7-2build2", }, { - Name: "libsemanage1", Version: "2.7-2build2", SrcName: "libsemanage", + ID: "libsemanage1@2.7-2build2", + Name: "libsemanage1", + Version: "2.7-2build2", + SrcName: "libsemanage", SrcVersion: "2.7-2build2", + DependsOn: []string{"libaudit1@1:2.8.2-1ubuntu1", + "libbz2-1.0@1.0.6-8.1", + "libc6@2.27-3ubuntu1", + "libselinux1@2.7-2build2", + "libsemanage-common@2.7-2build2", + "libsepol1@2.7-1"}, + }, + { + ID: "libsepol1@2.7-1", + Name: "libsepol1", + Version: "2.7-1", + SrcName: "libsepol", + SrcVersion: "2.7-1", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, + }, + { + ID: "libsmartcols1@2.31.1-0.4ubuntu3.1", + Name: "libsmartcols1", + Version: "2.31.1-0.4ubuntu3.1", + SrcName: "util-linux", + SrcVersion: "2.31.1-0.4ubuntu3.1", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, }, - {Name: "libsepol1", Version: "2.7-1", SrcName: "libsepol", SrcVersion: "2.7-1"}, { - Name: "libsmartcols1", Version: "2.31.1-0.4ubuntu3.1", SrcName: "util-linux", - SrcVersion: "2.31.1-0.4ubuntu3.1", + ID: "libss2@1.44.1-1", + Name: "libss2", + Version: "1.44.1-1", + SrcName: "e2fsprogs", + SrcVersion: "1.44.1-1", + DependsOn: []string{"libc6@2.27-3ubuntu1", + "libcom-err2@1.44.1-1"}, }, - {Name: "libss2", Version: "1.44.1-1", SrcName: "e2fsprogs", SrcVersion: "1.44.1-1"}, { - Name: "libstdc++6", Version: "8-20180414-1ubuntu2", SrcName: "gcc-8", + ID: "libstdc++6@8-20180414-1ubuntu2", + Name: "libstdc++6", + Version: "8-20180414-1ubuntu2", + SrcName: "gcc-8", SrcVersion: "8-20180414-1ubuntu2", + DependsOn: []string{"gcc-8-base@8-20180414-1ubuntu2", + "libc6@2.27-3ubuntu1", + "libgcc1@1:8-20180414-1ubuntu2"}, }, { - Name: "libsystemd0", Version: "237-3ubuntu10.3", SrcName: "systemd", + ID: "libsystemd0@237-3ubuntu10.3", + Name: "libsystemd0", + Version: "237-3ubuntu10.3", + SrcName: "systemd", SrcVersion: "237-3ubuntu10.3", }, - {Name: "libtasn1-6", Version: "4.13-2", SrcName: "libtasn1-6", SrcVersion: "4.13-2"}, { - Name: "libtinfo5", Version: "6.1-1ubuntu1.18.04", SrcName: "ncurses", + ID: "libtasn1-6@4.13-2", + Name: "libtasn1-6", + Version: "4.13-2", + SrcName: "libtasn1-6", + SrcVersion: "4.13-2", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, + }, + { + ID: "libtinfo5@6.1-1ubuntu1.18.04", + Name: "libtinfo5", + Version: "6.1-1ubuntu1.18.04", + SrcName: "ncurses", SrcVersion: "6.1-1ubuntu1.18.04", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, }, { - Name: "libudev1", Version: "237-3ubuntu10.3", SrcName: "systemd", + ID: "libudev1@237-3ubuntu10.3", + Name: "libudev1", + Version: "237-3ubuntu10.3", + SrcName: "systemd", SrcVersion: "237-3ubuntu10.3", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, }, { - Name: "libunistring2", Version: "0.9.9-0ubuntu1", SrcName: "libunistring", + ID: "libunistring2@0.9.9-0ubuntu1", + Name: "libunistring2", + Version: "0.9.9-0ubuntu1", + SrcName: "libunistring", SrcVersion: "0.9.9-0ubuntu1", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, + }, + { + ID: "libustr-1.0-1@1.0.4-3+b2", + Name: "libustr-1.0-1", + Version: "1.0.4-3+b2", + SrcName: "ustr", + SrcVersion: "1.0.4-3", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, }, - {Name: "libustr-1.0-1", Version: "1.0.4-3+b2", SrcName: "ustr", SrcVersion: "1.0.4-3"}, { - Name: "libuuid1", Version: "2.31.1-0.4ubuntu3.1", SrcName: "util-linux", + ID: "libuuid1@2.31.1-0.4ubuntu3.1", + Name: "libuuid1", + Version: "2.31.1-0.4ubuntu3.1", + SrcName: "util-linux", SrcVersion: "2.31.1-0.4ubuntu3.1", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, }, { - Name: "libzstd1", Version: "1.3.3+dfsg-2ubuntu1", SrcName: "libzstd", + ID: "libzstd1@1.3.3+dfsg-2ubuntu1", + Name: "libzstd1", + Version: "1.3.3+dfsg-2ubuntu1", + SrcName: "libzstd", SrcVersion: "1.3.3+dfsg-2ubuntu1", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, + }, + { + ID: "login@1:4.5-1ubuntu1", + Name: "login", + Version: "1:4.5-1ubuntu1", + SrcName: "shadow", + SrcVersion: "1:4.5-1ubuntu1", }, - {Name: "login", Version: "1:4.5-1ubuntu1", SrcName: "shadow", SrcVersion: "1:4.5-1ubuntu1"}, { - Name: "lsb-base", Version: "9.20170808ubuntu1", SrcName: "lsb", + ID: "lsb-base@9.20170808ubuntu1", + Name: "lsb-base", + Version: "9.20170808ubuntu1", + SrcName: "lsb", SrcVersion: "9.20170808ubuntu1", }, - {Name: "mawk", Version: "1.3.3-17ubuntu3", SrcName: "mawk", SrcVersion: "1.3.3-17ubuntu3"}, { - Name: "mount", Version: "2.31.1-0.4ubuntu3.1", SrcName: "util-linux", + ID: "mawk@1.3.3-17ubuntu3", + Name: "mawk", + Version: "1.3.3-17ubuntu3", + SrcName: "mawk", + SrcVersion: "1.3.3-17ubuntu3", + }, + { + ID: "mount@2.31.1-0.4ubuntu3.1", + Name: "mount", + Version: "2.31.1-0.4ubuntu3.1", + SrcName: "util-linux", SrcVersion: "2.31.1-0.4ubuntu3.1", + DependsOn: []string{"util-linux@2.31.1-0.4ubuntu3.1"}, }, { - Name: "ncurses-base", Version: "6.1-1ubuntu1.18.04", SrcName: "ncurses", + ID: "ncurses-base@6.1-1ubuntu1.18.04", + Name: "ncurses-base", + Version: "6.1-1ubuntu1.18.04", + SrcName: "ncurses", SrcVersion: "6.1-1ubuntu1.18.04", }, { - Name: "ncurses-bin", Version: "6.1-1ubuntu1.18.04", SrcName: "ncurses", + ID: "ncurses-bin@6.1-1ubuntu1.18.04", + Name: "ncurses-bin", + Version: "6.1-1ubuntu1.18.04", + SrcName: "ncurses", SrcVersion: "6.1-1ubuntu1.18.04", }, { - Name: "passwd", Version: "1:4.5-1ubuntu1", SrcName: "shadow", + ID: "passwd@1:4.5-1ubuntu1", + Name: "passwd", + Version: "1:4.5-1ubuntu1", + SrcName: "shadow", SrcVersion: "1:4.5-1ubuntu1", - }, - { - Name: "perl-base", Version: "5.26.1-6ubuntu0.2", SrcName: "perl", + DependsOn: []string{"libaudit1@1:2.8.2-1ubuntu1", + "libc6@2.27-3ubuntu1", + "libpam-modules@1.1.8-3.6ubuntu2", + "libpam0g@1.1.8-3.6ubuntu2", + "libselinux1@2.7-2build2", + "libsemanage1@2.7-2build2"}, + }, + { + ID: "perl-base@5.26.1-6ubuntu0.2", + Name: "perl-base", + Version: "5.26.1-6ubuntu0.2", + SrcName: "perl", SrcVersion: "5.26.1-6ubuntu0.2", }, { - Name: "procps", Version: "2:3.3.12-3ubuntu1.1", SrcName: "procps", + ID: "procps@2:3.3.12-3ubuntu1.1", + Name: "procps", + Version: "2:3.3.12-3ubuntu1.1", + SrcName: "procps", SrcVersion: "2:3.3.12-3ubuntu1.1", - }, - {Name: "sed", Version: "4.4-2", SrcName: "sed", SrcVersion: "4.4-2"}, - { - Name: "sensible-utils", Version: "0.0.12", SrcName: "sensible-utils", + DependsOn: []string{"init-system-helpers@1.51", + "libc6@2.27-3ubuntu1", + "libncurses5@6.1-1ubuntu1.18.04", + "libncursesw5@6.1-1ubuntu1.18.04", + "libprocps6@2:3.3.12-3ubuntu1.1", + "libtinfo5@6.1-1ubuntu1.18.04", + "lsb-base@9.20170808ubuntu1"}, + }, + { + ID: "sed@4.4-2", + Name: "sed", + Version: "4.4-2", + SrcName: "sed", + SrcVersion: "4.4-2", + }, + { + ID: "sensible-utils@0.0.12", + Name: "sensible-utils", + Version: "0.0.12", + SrcName: "sensible-utils", SrcVersion: "0.0.12", }, { - Name: "sysvinit-utils", Version: "2.88dsf-59.10ubuntu1", SrcName: "sysvinit", + ID: "sysvinit-utils@2.88dsf-59.10ubuntu1", + Name: "sysvinit-utils", + Version: "2.88dsf-59.10ubuntu1", + SrcName: "sysvinit", SrcVersion: "2.88dsf-59.10ubuntu1", + DependsOn: []string{"init-system-helpers@1.51", + "libc6@2.27-3ubuntu1", + "util-linux@2.31.1-0.4ubuntu3.1"}, + }, + { + ID: "tar@1.29b-2", + Name: "tar", + Version: "1.29b-2", + SrcName: "tar", + SrcVersion: "1.29b-2", }, - {Name: "tar", Version: "1.29b-2", SrcName: "tar", SrcVersion: "1.29b-2"}, { - Name: "ubuntu-keyring", Version: "2018.02.28", SrcName: "ubuntu-keyring", + ID: "ubuntu-keyring@2018.02.28", + Name: "ubuntu-keyring", + Version: "2018.02.28", + SrcName: "ubuntu-keyring", SrcVersion: "2018.02.28", }, { - Name: "util-linux", Version: "2.31.1-0.4ubuntu3.1", SrcName: "util-linux", + ID: "util-linux@2.31.1-0.4ubuntu3.1", + Name: "util-linux", + Version: "2.31.1-0.4ubuntu3.1", + SrcName: "util-linux", SrcVersion: "2.31.1-0.4ubuntu3.1", + DependsOn: []string{"fdisk@2.31.1-0.4ubuntu3.1"}, }, { - Name: "zlib1g", Version: "1:1.2.11.dfsg-0ubuntu2", SrcName: "zlib", + ID: "zlib1g@1:1.2.11.dfsg-0ubuntu2", + Name: "zlib1g", + Version: "1:1.2.11.dfsg-0ubuntu2", + SrcName: "zlib", SrcVersion: "1:1.2.11.dfsg-0ubuntu2", + DependsOn: []string{"libc6@2.27-3ubuntu1"}, }, }, }, @@ -297,19 +845,31 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) { FilePath: "var/lib/dpkg/status", Packages: []types.Package{ { - Name: "libgcc1", Version: "1:5.1.1-12ubuntu1", SrcName: "gcc-5", + ID: "libgcc1@1:5.1.1-12ubuntu1", + Name: "libgcc1", + Version: "1:5.1.1-12ubuntu1", + SrcName: "gcc-5", SrcVersion: "5.1.1-12ubuntu1", }, { - Name: "libpam-modules-bin", Version: "1.1.8-3.1ubuntu3", SrcName: "pam", + ID: "libpam-modules-bin@1.1.8-3.1ubuntu3", + Name: "libpam-modules-bin", + Version: "1.1.8-3.1ubuntu3", + SrcName: "pam", SrcVersion: "1.1.8-3.1ubuntu3", }, { - Name: "libpam-runtime", Version: "1.1.8-3.1ubuntu3", SrcName: "pam", + ID: "libpam-runtime@1.1.8-3.1ubuntu3", + Name: "libpam-runtime", + Version: "1.1.8-3.1ubuntu3", + SrcName: "pam", SrcVersion: "1.1.8-3.1ubuntu3", }, { - Name: "makedev", Version: "2.3.1-93ubuntu1", SrcName: "makedev", + ID: "makedev@2.3.1-93ubuntu1", + Name: "makedev", + Version: "2.3.1-93ubuntu1", + SrcName: "makedev", SrcVersion: "2.3.1-93ubuntu1", }, }, @@ -320,13 +880,15 @@ func Test_dpkgAnalyzer_Analyze(t *testing.T) { { name: "only apt", testFile: "./testdata/dpkg_apt", - filePath: "var/lib/dpkg/status.d/apt", + filePath: "var/lib/dpkg/status", want: &analyzer.AnalysisResult{ PackageInfos: []types.PackageInfo{ { - FilePath: "var/lib/dpkg/status.d/apt", + FilePath: "var/lib/dpkg/status", Packages: []types.Package{ - {Name: "apt", Version: "1.6.3ubuntu0.1", SrcName: "apt", SrcVersion: "1.6.3ubuntu0.1"}, + { + ID: "apt@1.6.3ubuntu0.1", Name: "apt", Version: "1.6.3ubuntu0.1", + SrcName: "apt", SrcVersion: "1.6.3ubuntu0.1"}, }, }, }, diff --git a/pkg/fanal/artifact/image/image_test.go b/pkg/fanal/artifact/image/image_test.go index 1b912278a08..019b7d83e9d 100644 --- a/pkg/fanal/artifact/image/image_test.go +++ b/pkg/fanal/artifact/image/image_test.go @@ -33,6 +33,125 @@ import ( ) func TestArtifact_Inspect(t *testing.T) { + alpinePkgs := []types.Package{ + { + ID: "alpine-baselayout@3.2.0-r3", + Name: "alpine-baselayout", Version: "3.2.0-r3", + SrcName: "alpine-baselayout", SrcVersion: "3.2.0-r3", + Licenses: []string{"GPL-2.0"}, + DependsOn: []string{ + "busybox@1.31.1-r9", + "musl@1.1.24-r2", + }, + }, + { + ID: "alpine-keys@2.1-r2", + Name: "alpine-keys", Version: "2.1-r2", SrcName: "alpine-keys", + SrcVersion: "2.1-r2", Licenses: []string{"MIT"}, + }, + { + ID: "apk-tools@2.10.4-r3", + Name: "apk-tools", Version: "2.10.4-r3", SrcName: "apk-tools", + SrcVersion: "2.10.4-r3", Licenses: []string{"GPL-2.0"}, + DependsOn: []string{ + "libcrypto1.1@1.1.1d-r3", + "libssl1.1@1.1.1d-r3", + "musl@1.1.24-r2", + "zlib@1.2.11-r3", + }, + }, + { + ID: "busybox@1.31.1-r9", + Name: "busybox", Version: "1.31.1-r9", SrcName: "busybox", + SrcVersion: "1.31.1-r9", Licenses: []string{"GPL-2.0"}, + DependsOn: []string{ + "musl@1.1.24-r2", + }, + }, + { + ID: "ca-certificates-cacert@20191127-r1", + Name: "ca-certificates-cacert", Version: "20191127-r1", + SrcName: "ca-certificates", SrcVersion: "20191127-r1", + Licenses: []string{"MPL-2.0", "GPL-2.0"}, + }, + { + ID: "libc-utils@0.7.2-r0", + Name: "libc-utils", Version: "0.7.2-r0", SrcName: "libc-dev", + SrcVersion: "0.7.2-r0", Licenses: []string{"BSD-3-Clause"}, + DependsOn: []string{ + "musl-utils@1.1.24-r2", + }, + }, + { + ID: "libcrypto1.1@1.1.1d-r3", + Name: "libcrypto1.1", Version: "1.1.1d-r3", SrcName: "openssl", + SrcVersion: "1.1.1d-r3", Licenses: []string{"OpenSSL"}, + DependsOn: []string{ + "musl@1.1.24-r2", + }, + }, + { + ID: "libssl1.1@1.1.1d-r3", + Name: "libssl1.1", Version: "1.1.1d-r3", SrcName: "openssl", + SrcVersion: "1.1.1d-r3", Licenses: []string{"OpenSSL"}, + DependsOn: []string{ + "libcrypto1.1@1.1.1d-r3", + "musl@1.1.24-r2", + }, + }, + { + ID: "libtls-standalone@2.9.1-r0", + Name: "libtls-standalone", Version: "2.9.1-r0", + SrcName: "libtls-standalone", SrcVersion: "2.9.1-r0", + Licenses: []string{"ISC"}, + DependsOn: []string{ + "ca-certificates-cacert@20191127-r1", + "libcrypto1.1@1.1.1d-r3", + "libssl1.1@1.1.1d-r3", + "musl@1.1.24-r2", + }, + }, + { + ID: "musl@1.1.24-r2", + Name: "musl", Version: "1.1.24-r2", SrcName: "musl", + SrcVersion: "1.1.24-r2", Licenses: []string{"MIT"}, + }, + { + ID: "musl-utils@1.1.24-r2", + Name: "musl-utils", Version: "1.1.24-r2", SrcName: "musl", + SrcVersion: "1.1.24-r2", Licenses: []string{"MIT", "BSD-3-Clause", "GPL-2.0"}, + DependsOn: []string{ + "musl@1.1.24-r2", + "scanelf@1.2.4-r0", + }, + }, + { + ID: "scanelf@1.2.4-r0", + Name: "scanelf", Version: "1.2.4-r0", SrcName: "pax-utils", + SrcVersion: "1.2.4-r0", Licenses: []string{"GPL-2.0"}, + DependsOn: []string{ + "musl@1.1.24-r2", + }, + }, + { + ID: "ssl_client@1.31.1-r9", + Name: "ssl_client", Version: "1.31.1-r9", SrcName: "busybox", + SrcVersion: "1.31.1-r9", Licenses: []string{"GPL-2.0"}, + DependsOn: []string{ + "libtls-standalone@2.9.1-r0", + "musl@1.1.24-r2", + }, + }, + { + ID: "zlib@1.2.11-r3", + Name: "zlib", Version: "1.2.11-r3", SrcName: "zlib", + SrcVersion: "1.2.11-r3", Licenses: []string{"Zlib"}, + DependsOn: []string{ + "musl@1.1.24-r2", + }, + }, + } + tests := []struct { name string imagePath string @@ -52,17 +171,17 @@ func TestArtifact_Inspect(t *testing.T) { missingBlobsExpectation: cache.ArtifactCacheMissingBlobsExpectation{ Args: cache.ArtifactCacheMissingBlobsArgs{ ArtifactID: "sha256:059741cfbdc039e88e337d621e57e03e99b0e0a75df32f2027ebef13f839af65", - BlobIDs: []string{"sha256:bb59015f49048b23e73873f72dc5d0f42b44c64890ba13662849e8e4f9c2f1b7"}, + BlobIDs: []string{"sha256:a07b19e0e0a4339c00d982f6d80f305cd9dbb98f88b3c74e57b97574b9ce9ba3"}, }, Returns: cache.ArtifactCacheMissingBlobsReturns{ MissingArtifact: true, - MissingBlobIDs: []string{"sha256:bb59015f49048b23e73873f72dc5d0f42b44c64890ba13662849e8e4f9c2f1b7"}, + MissingBlobIDs: []string{"sha256:a07b19e0e0a4339c00d982f6d80f305cd9dbb98f88b3c74e57b97574b9ce9ba3"}, }, }, putBlobExpectations: []cache.ArtifactCachePutBlobExpectation{ { Args: cache.ArtifactCachePutBlobArgs{ - BlobID: "sha256:bb59015f49048b23e73873f72dc5d0f42b44c64890ba13662849e8e4f9c2f1b7", + BlobID: "sha256:a07b19e0e0a4339c00d982f6d80f305cd9dbb98f88b3c74e57b97574b9ce9ba3", BlobInfo: types.BlobInfo{ SchemaVersion: types.BlobJSONSchemaVersion, Digest: "", @@ -79,67 +198,7 @@ func TestArtifact_Inspect(t *testing.T) { PackageInfos: []types.PackageInfo{ { FilePath: "lib/apk/db/installed", - Packages: []types.Package{ - { - Name: "alpine-baselayout", Version: "3.2.0-r3", - SrcName: "alpine-baselayout", SrcVersion: "3.2.0-r3", - Licenses: []string{"GPL-2.0"}, - }, - { - Name: "alpine-keys", Version: "2.1-r2", SrcName: "alpine-keys", - SrcVersion: "2.1-r2", Licenses: []string{"MIT"}, - }, - { - Name: "apk-tools", Version: "2.10.4-r3", SrcName: "apk-tools", - SrcVersion: "2.10.4-r3", Licenses: []string{"GPL-2.0"}, - }, - { - Name: "busybox", Version: "1.31.1-r9", SrcName: "busybox", - SrcVersion: "1.31.1-r9", Licenses: []string{"GPL-2.0"}, - }, - { - Name: "ca-certificates-cacert", Version: "20191127-r1", - SrcName: "ca-certificates", SrcVersion: "20191127-r1", - Licenses: []string{"MPL-2.0", "GPL-2.0"}, - }, - { - Name: "libc-utils", Version: "0.7.2-r0", SrcName: "libc-dev", - SrcVersion: "0.7.2-r0", Licenses: []string{"BSD-3-Clause"}, - }, - { - Name: "libcrypto1.1", Version: "1.1.1d-r3", SrcName: "openssl", - SrcVersion: "1.1.1d-r3", Licenses: []string{"OpenSSL"}, - }, - { - Name: "libssl1.1", Version: "1.1.1d-r3", SrcName: "openssl", - SrcVersion: "1.1.1d-r3", Licenses: []string{"OpenSSL"}, - }, - { - Name: "libtls-standalone", Version: "2.9.1-r0", - SrcName: "libtls-standalone", SrcVersion: "2.9.1-r0", - Licenses: []string{"ISC"}, - }, - { - Name: "musl", Version: "1.1.24-r2", SrcName: "musl", - SrcVersion: "1.1.24-r2", Licenses: []string{"MIT"}, - }, - { - Name: "musl-utils", Version: "1.1.24-r2", SrcName: "musl", - SrcVersion: "1.1.24-r2", Licenses: []string{"MIT", "BSD-3-Clause", "GPL-2.0"}, - }, - { - Name: "scanelf", Version: "1.2.4-r0", SrcName: "pax-utils", - SrcVersion: "1.2.4-r0", Licenses: []string{"GPL-2.0"}, - }, - { - Name: "ssl_client", Version: "1.31.1-r9", SrcName: "busybox", - SrcVersion: "1.31.1-r9", Licenses: []string{"GPL-2.0"}, - }, - { - Name: "zlib", Version: "1.2.11-r3", SrcName: "zlib", - SrcVersion: "1.2.11-r3", Licenses: []string{"Zlib"}, - }, - }, + Packages: alpinePkgs, }, }, Licenses: []types.LicenseFile{ @@ -200,7 +259,7 @@ func TestArtifact_Inspect(t *testing.T) { Name: "../../test/testdata/alpine-311.tar.gz", Type: types.ArtifactContainerImage, ID: "sha256:059741cfbdc039e88e337d621e57e03e99b0e0a75df32f2027ebef13f839af65", - BlobIDs: []string{"sha256:bb59015f49048b23e73873f72dc5d0f42b44c64890ba13662849e8e4f9c2f1b7"}, + BlobIDs: []string{"sha256:a07b19e0e0a4339c00d982f6d80f305cd9dbb98f88b3c74e57b97574b9ce9ba3"}, ImageMetadata: types.ImageMetadata{ ID: "sha256:a187dde48cd289ac374ad8539930628314bc581a481cdb41409c9289419ddb72", DiffIDs: []string{ @@ -258,25 +317,25 @@ func TestArtifact_Inspect(t *testing.T) { Args: cache.ArtifactCacheMissingBlobsArgs{ ArtifactID: "sha256:a646bb11d39c149d4aaf9b888233048e0848304e5abd75667ea6f21d540d800c", BlobIDs: []string{ - "sha256:6b7f14517d97567b8424123929188f4a807df7f6ba19cd6fdda4ffd1a2672115", - "sha256:061feee2cc149279b3248dd65d62e8f93b66673751cee4ef9ff4c85d9becab1e", - "sha256:585926dc8c241a62c6def47fe20d193cf95060609518bfdc109190f2e5593cb9", - "sha256:47b1a45c2166e8a760f9c59efdaff94184d96ef278d61f466cece82e35b800b2", + "sha256:3bfd543b4467abb972bfeeaa7a7d75ee18e7c92f077600d48fd1532f09129b54", + "sha256:9f8cf74dff8cad6bb4df8fc0fa81dca446bd6f44c2d811a167ffca34ab90a6f8", + "sha256:7487a77e30f32bd00fc35322a7fa308686bf3da17bb63f6a2bb2e9398a9a0357", + "sha256:9aead687f9207ee718401fef3174f8e5b9a99114f3bcdcae18ddc34d88ed4906", }, }, Returns: cache.ArtifactCacheMissingBlobsReturns{ MissingBlobIDs: []string{ - "sha256:6b7f14517d97567b8424123929188f4a807df7f6ba19cd6fdda4ffd1a2672115", - "sha256:061feee2cc149279b3248dd65d62e8f93b66673751cee4ef9ff4c85d9becab1e", - "sha256:585926dc8c241a62c6def47fe20d193cf95060609518bfdc109190f2e5593cb9", - "sha256:47b1a45c2166e8a760f9c59efdaff94184d96ef278d61f466cece82e35b800b2", + "sha256:3bfd543b4467abb972bfeeaa7a7d75ee18e7c92f077600d48fd1532f09129b54", + "sha256:9f8cf74dff8cad6bb4df8fc0fa81dca446bd6f44c2d811a167ffca34ab90a6f8", + "sha256:7487a77e30f32bd00fc35322a7fa308686bf3da17bb63f6a2bb2e9398a9a0357", + "sha256:9aead687f9207ee718401fef3174f8e5b9a99114f3bcdcae18ddc34d88ed4906", }, }, }, putBlobExpectations: []cache.ArtifactCachePutBlobExpectation{ { Args: cache.ArtifactCachePutBlobArgs{ - BlobID: "sha256:6b7f14517d97567b8424123929188f4a807df7f6ba19cd6fdda4ffd1a2672115", + BlobID: "sha256:3bfd543b4467abb972bfeeaa7a7d75ee18e7c92f077600d48fd1532f09129b54", BlobInfo: types.BlobInfo{ SchemaVersion: types.BlobJSONSchemaVersion, Digest: "", @@ -291,6 +350,7 @@ func TestArtifact_Inspect(t *testing.T) { FilePath: "var/lib/dpkg/status.d/base", Packages: []types.Package{ { + ID: "base-files@9.9+deb9u9", Name: "base-files", Version: "9.9+deb9u9", SrcName: "base-files", SrcVersion: "9.9+deb9u9", }, @@ -299,13 +359,15 @@ func TestArtifact_Inspect(t *testing.T) { { FilePath: "var/lib/dpkg/status.d/netbase", Packages: []types.Package{ - {Name: "netbase", Version: "5.4", SrcName: "netbase", SrcVersion: "5.4"}, + {ID: "netbase@5.4", Name: "netbase", Version: "5.4", + SrcName: "netbase", SrcVersion: "5.4"}, }, }, { FilePath: "var/lib/dpkg/status.d/tzdata", Packages: []types.Package{ { + ID: "tzdata@2019a-0+deb9u1", Name: "tzdata", Version: "2019a-0+deb9u1", SrcName: "tzdata", SrcVersion: "2019a-0+deb9u1", }, @@ -344,7 +406,7 @@ func TestArtifact_Inspect(t *testing.T) { }, { Args: cache.ArtifactCachePutBlobArgs{ - BlobID: "sha256:061feee2cc149279b3248dd65d62e8f93b66673751cee4ef9ff4c85d9becab1e", + BlobID: "sha256:9f8cf74dff8cad6bb4df8fc0fa81dca446bd6f44c2d811a167ffca34ab90a6f8", BlobInfo: types.BlobInfo{ SchemaVersion: types.BlobJSONSchemaVersion, Digest: "", @@ -355,6 +417,7 @@ func TestArtifact_Inspect(t *testing.T) { FilePath: "var/lib/dpkg/status.d/libc6", Packages: []types.Package{ { + ID: "libc6@2.24-11+deb9u4", Name: "libc6", Version: "2.24-11+deb9u4", SrcName: "glibc", SrcVersion: "2.24-11+deb9u4", }, @@ -364,6 +427,7 @@ func TestArtifact_Inspect(t *testing.T) { FilePath: "var/lib/dpkg/status.d/libssl1", Packages: []types.Package{ { + ID: "libssl1.1@1.1.0k-1~deb9u1", Name: "libssl1.1", Version: "1.1.0k-1~deb9u1", SrcName: "openssl", SrcVersion: "1.1.0k-1~deb9u1", }, @@ -373,6 +437,7 @@ func TestArtifact_Inspect(t *testing.T) { FilePath: "var/lib/dpkg/status.d/openssl", Packages: []types.Package{ { + ID: "openssl@1.1.0k-1~deb9u1", Name: "openssl", Version: "1.1.0k-1~deb9u1", SrcName: "openssl", SrcVersion: "1.1.0k-1~deb9u1", }, @@ -411,7 +476,7 @@ func TestArtifact_Inspect(t *testing.T) { }, { Args: cache.ArtifactCachePutBlobArgs{ - BlobID: "sha256:585926dc8c241a62c6def47fe20d193cf95060609518bfdc109190f2e5593cb9", + BlobID: "sha256:7487a77e30f32bd00fc35322a7fa308686bf3da17bb63f6a2bb2e9398a9a0357", BlobInfo: types.BlobInfo{ SchemaVersion: types.BlobJSONSchemaVersion, Digest: "", @@ -444,7 +509,7 @@ func TestArtifact_Inspect(t *testing.T) { }, { Args: cache.ArtifactCachePutBlobArgs{ - BlobID: "sha256:47b1a45c2166e8a760f9c59efdaff94184d96ef278d61f466cece82e35b800b2", + BlobID: "sha256:9aead687f9207ee718401fef3174f8e5b9a99114f3bcdcae18ddc34d88ed4906", BlobInfo: types.BlobInfo{ SchemaVersion: types.BlobJSONSchemaVersion, Digest: "", @@ -523,10 +588,10 @@ func TestArtifact_Inspect(t *testing.T) { Type: types.ArtifactContainerImage, ID: "sha256:a646bb11d39c149d4aaf9b888233048e0848304e5abd75667ea6f21d540d800c", BlobIDs: []string{ - "sha256:6b7f14517d97567b8424123929188f4a807df7f6ba19cd6fdda4ffd1a2672115", - "sha256:061feee2cc149279b3248dd65d62e8f93b66673751cee4ef9ff4c85d9becab1e", - "sha256:585926dc8c241a62c6def47fe20d193cf95060609518bfdc109190f2e5593cb9", - "sha256:47b1a45c2166e8a760f9c59efdaff94184d96ef278d61f466cece82e35b800b2", + "sha256:3bfd543b4467abb972bfeeaa7a7d75ee18e7c92f077600d48fd1532f09129b54", + "sha256:9f8cf74dff8cad6bb4df8fc0fa81dca446bd6f44c2d811a167ffca34ab90a6f8", + "sha256:7487a77e30f32bd00fc35322a7fa308686bf3da17bb63f6a2bb2e9398a9a0357", + "sha256:9aead687f9207ee718401fef3174f8e5b9a99114f3bcdcae18ddc34d88ed4906", }, ImageMetadata: types.ImageMetadata{ ID: "sha256:58701fd185bda36cab0557bb6438661831267aa4a9e0b54211c4d5317a48aff4", @@ -613,25 +678,25 @@ func TestArtifact_Inspect(t *testing.T) { Args: cache.ArtifactCacheMissingBlobsArgs{ ArtifactID: "sha256:a646bb11d39c149d4aaf9b888233048e0848304e5abd75667ea6f21d540d800c", BlobIDs: []string{ - "sha256:57ada28264043324e1f99eb3db63de1a7e3f27f1fa4dcbb1df2f76875b98b9c4", - "sha256:64f08ed6c84283289beb64335f76a4c60a89f62c7937b8ea50fd8bfda304f0e2", - "sha256:da802174ac83921ac629ec623f5f5ad530291fb2420102f6a213322cb257655c", - "sha256:996fcbfcc2964d20456afd0de16747533693b1cbebb72a6d28823a134abf0f5f", + "sha256:ef7f3617f4e698a7378c222861ad779caf39293eb75bc40a297feb0f04997773", + "sha256:47b4982cb2f3465af796707b5d3204ecebff8904a7de34b994b0f349b00749e3", + "sha256:4c59618ffe6b2dd606b9342bc7cf5673d87e562789b7f132e5234b2e7412a01f", + "sha256:3943af1221bbd84efc398958163456fca57e1400c24eeb2db9e2ddad7c1f37c0", }, }, Returns: cache.ArtifactCacheMissingBlobsReturns{ MissingBlobIDs: []string{ - "sha256:57ada28264043324e1f99eb3db63de1a7e3f27f1fa4dcbb1df2f76875b98b9c4", - "sha256:64f08ed6c84283289beb64335f76a4c60a89f62c7937b8ea50fd8bfda304f0e2", - "sha256:da802174ac83921ac629ec623f5f5ad530291fb2420102f6a213322cb257655c", - "sha256:996fcbfcc2964d20456afd0de16747533693b1cbebb72a6d28823a134abf0f5f", + "sha256:ef7f3617f4e698a7378c222861ad779caf39293eb75bc40a297feb0f04997773", + "sha256:47b4982cb2f3465af796707b5d3204ecebff8904a7de34b994b0f349b00749e3", + "sha256:4c59618ffe6b2dd606b9342bc7cf5673d87e562789b7f132e5234b2e7412a01f", + "sha256:3943af1221bbd84efc398958163456fca57e1400c24eeb2db9e2ddad7c1f37c0", }, }, }, putBlobExpectations: []cache.ArtifactCachePutBlobExpectation{ { Args: cache.ArtifactCachePutBlobArgs{ - BlobID: "sha256:57ada28264043324e1f99eb3db63de1a7e3f27f1fa4dcbb1df2f76875b98b9c4", + BlobID: "sha256:ef7f3617f4e698a7378c222861ad779caf39293eb75bc40a297feb0f04997773", BlobInfo: types.BlobInfo{ SchemaVersion: types.BlobJSONSchemaVersion, Digest: "", @@ -642,7 +707,7 @@ func TestArtifact_Inspect(t *testing.T) { }, { Args: cache.ArtifactCachePutBlobArgs{ - BlobID: "sha256:64f08ed6c84283289beb64335f76a4c60a89f62c7937b8ea50fd8bfda304f0e2", + BlobID: "sha256:47b4982cb2f3465af796707b5d3204ecebff8904a7de34b994b0f349b00749e3", BlobInfo: types.BlobInfo{ SchemaVersion: types.BlobJSONSchemaVersion, Digest: "", @@ -653,7 +718,7 @@ func TestArtifact_Inspect(t *testing.T) { }, { Args: cache.ArtifactCachePutBlobArgs{ - BlobID: "sha256:da802174ac83921ac629ec623f5f5ad530291fb2420102f6a213322cb257655c", + BlobID: "sha256:4c59618ffe6b2dd606b9342bc7cf5673d87e562789b7f132e5234b2e7412a01f", BlobInfo: types.BlobInfo{ SchemaVersion: types.BlobJSONSchemaVersion, Digest: "", @@ -665,7 +730,7 @@ func TestArtifact_Inspect(t *testing.T) { }, { Args: cache.ArtifactCachePutBlobArgs{ - BlobID: "sha256:996fcbfcc2964d20456afd0de16747533693b1cbebb72a6d28823a134abf0f5f", + BlobID: "sha256:3943af1221bbd84efc398958163456fca57e1400c24eeb2db9e2ddad7c1f37c0", BlobInfo: types.BlobInfo{ SchemaVersion: types.BlobJSONSchemaVersion, Digest: "", @@ -681,10 +746,10 @@ func TestArtifact_Inspect(t *testing.T) { Type: types.ArtifactContainerImage, ID: "sha256:a646bb11d39c149d4aaf9b888233048e0848304e5abd75667ea6f21d540d800c", BlobIDs: []string{ - "sha256:57ada28264043324e1f99eb3db63de1a7e3f27f1fa4dcbb1df2f76875b98b9c4", - "sha256:64f08ed6c84283289beb64335f76a4c60a89f62c7937b8ea50fd8bfda304f0e2", - "sha256:da802174ac83921ac629ec623f5f5ad530291fb2420102f6a213322cb257655c", - "sha256:996fcbfcc2964d20456afd0de16747533693b1cbebb72a6d28823a134abf0f5f", + "sha256:ef7f3617f4e698a7378c222861ad779caf39293eb75bc40a297feb0f04997773", + "sha256:47b4982cb2f3465af796707b5d3204ecebff8904a7de34b994b0f349b00749e3", + "sha256:4c59618ffe6b2dd606b9342bc7cf5673d87e562789b7f132e5234b2e7412a01f", + "sha256:3943af1221bbd84efc398958163456fca57e1400c24eeb2db9e2ddad7c1f37c0", }, ImageMetadata: types.ImageMetadata{ ID: "sha256:58701fd185bda36cab0557bb6438661831267aa4a9e0b54211c4d5317a48aff4", @@ -767,7 +832,7 @@ func TestArtifact_Inspect(t *testing.T) { missingBlobsExpectation: cache.ArtifactCacheMissingBlobsExpectation{ Args: cache.ArtifactCacheMissingBlobsArgs{ ArtifactID: "sha256:059741cfbdc039e88e337d621e57e03e99b0e0a75df32f2027ebef13f839af65", - BlobIDs: []string{"sha256:bb59015f49048b23e73873f72dc5d0f42b44c64890ba13662849e8e4f9c2f1b7"}, + BlobIDs: []string{"sha256:a07b19e0e0a4339c00d982f6d80f305cd9dbb98f88b3c74e57b97574b9ce9ba3"}, }, Returns: cache.ArtifactCacheMissingBlobsReturns{ Err: xerrors.New("MissingBlobs failed"), @@ -781,16 +846,16 @@ func TestArtifact_Inspect(t *testing.T) { missingBlobsExpectation: cache.ArtifactCacheMissingBlobsExpectation{ Args: cache.ArtifactCacheMissingBlobsArgs{ ArtifactID: "sha256:059741cfbdc039e88e337d621e57e03e99b0e0a75df32f2027ebef13f839af65", - BlobIDs: []string{"sha256:bb59015f49048b23e73873f72dc5d0f42b44c64890ba13662849e8e4f9c2f1b7"}, + BlobIDs: []string{"sha256:a07b19e0e0a4339c00d982f6d80f305cd9dbb98f88b3c74e57b97574b9ce9ba3"}, }, Returns: cache.ArtifactCacheMissingBlobsReturns{ - MissingBlobIDs: []string{"sha256:bb59015f49048b23e73873f72dc5d0f42b44c64890ba13662849e8e4f9c2f1b7"}, + MissingBlobIDs: []string{"sha256:a07b19e0e0a4339c00d982f6d80f305cd9dbb98f88b3c74e57b97574b9ce9ba3"}, }, }, putBlobExpectations: []cache.ArtifactCachePutBlobExpectation{ { Args: cache.ArtifactCachePutBlobArgs{ - BlobID: "sha256:bb59015f49048b23e73873f72dc5d0f42b44c64890ba13662849e8e4f9c2f1b7", + BlobID: "sha256:a07b19e0e0a4339c00d982f6d80f305cd9dbb98f88b3c74e57b97574b9ce9ba3", BlobInfo: types.BlobInfo{ SchemaVersion: types.BlobJSONSchemaVersion, Digest: "", @@ -807,67 +872,7 @@ func TestArtifact_Inspect(t *testing.T) { PackageInfos: []types.PackageInfo{ { FilePath: "lib/apk/db/installed", - Packages: []types.Package{ - { - Name: "alpine-baselayout", Version: "3.2.0-r3", - SrcName: "alpine-baselayout", SrcVersion: "3.2.0-r3", - Licenses: []string{"GPL-2.0"}, - }, - { - Name: "alpine-keys", Version: "2.1-r2", SrcName: "alpine-keys", - SrcVersion: "2.1-r2", Licenses: []string{"MIT"}, - }, - { - Name: "apk-tools", Version: "2.10.4-r3", SrcName: "apk-tools", - SrcVersion: "2.10.4-r3", Licenses: []string{"GPL-2.0"}, - }, - { - Name: "busybox", Version: "1.31.1-r9", SrcName: "busybox", - SrcVersion: "1.31.1-r9", Licenses: []string{"GPL-2.0"}, - }, - { - Name: "ca-certificates-cacert", Version: "20191127-r1", - SrcName: "ca-certificates", SrcVersion: "20191127-r1", - Licenses: []string{"MPL-2.0", "GPL-2.0"}, - }, - { - Name: "libc-utils", Version: "0.7.2-r0", SrcName: "libc-dev", - SrcVersion: "0.7.2-r0", Licenses: []string{"BSD-3-Clause"}, - }, - { - Name: "libcrypto1.1", Version: "1.1.1d-r3", SrcName: "openssl", - SrcVersion: "1.1.1d-r3", Licenses: []string{"OpenSSL"}, - }, - { - Name: "libssl1.1", Version: "1.1.1d-r3", SrcName: "openssl", - SrcVersion: "1.1.1d-r3", Licenses: []string{"OpenSSL"}, - }, - { - Name: "libtls-standalone", Version: "2.9.1-r0", - SrcName: "libtls-standalone", SrcVersion: "2.9.1-r0", - Licenses: []string{"ISC"}, - }, - { - Name: "musl", Version: "1.1.24-r2", SrcName: "musl", - SrcVersion: "1.1.24-r2", Licenses: []string{"MIT"}, - }, - { - Name: "musl-utils", Version: "1.1.24-r2", SrcName: "musl", - SrcVersion: "1.1.24-r2", Licenses: []string{"MIT", "BSD-3-Clause", "GPL-2.0"}, - }, - { - Name: "scanelf", Version: "1.2.4-r0", SrcName: "pax-utils", - SrcVersion: "1.2.4-r0", Licenses: []string{"GPL-2.0"}, - }, - { - Name: "ssl_client", Version: "1.31.1-r9", SrcName: "busybox", - SrcVersion: "1.31.1-r9", Licenses: []string{"GPL-2.0"}, - }, - { - Name: "zlib", Version: "1.2.11-r3", SrcName: "zlib", - SrcVersion: "1.2.11-r3", Licenses: []string{"Zlib"}, - }, - }, + Packages: alpinePkgs, }, }, Licenses: []types.LicenseFile{ @@ -912,17 +917,17 @@ func TestArtifact_Inspect(t *testing.T) { missingBlobsExpectation: cache.ArtifactCacheMissingBlobsExpectation{ Args: cache.ArtifactCacheMissingBlobsArgs{ ArtifactID: "sha256:059741cfbdc039e88e337d621e57e03e99b0e0a75df32f2027ebef13f839af65", - BlobIDs: []string{"sha256:bb59015f49048b23e73873f72dc5d0f42b44c64890ba13662849e8e4f9c2f1b7"}, + BlobIDs: []string{"sha256:a07b19e0e0a4339c00d982f6d80f305cd9dbb98f88b3c74e57b97574b9ce9ba3"}, }, Returns: cache.ArtifactCacheMissingBlobsReturns{ MissingArtifact: true, - MissingBlobIDs: []string{"sha256:bb59015f49048b23e73873f72dc5d0f42b44c64890ba13662849e8e4f9c2f1b7"}, + MissingBlobIDs: []string{"sha256:a07b19e0e0a4339c00d982f6d80f305cd9dbb98f88b3c74e57b97574b9ce9ba3"}, }, }, putBlobExpectations: []cache.ArtifactCachePutBlobExpectation{ { Args: cache.ArtifactCachePutBlobArgs{ - BlobID: "sha256:bb59015f49048b23e73873f72dc5d0f42b44c64890ba13662849e8e4f9c2f1b7", + BlobID: "sha256:a07b19e0e0a4339c00d982f6d80f305cd9dbb98f88b3c74e57b97574b9ce9ba3", BlobInfo: types.BlobInfo{ SchemaVersion: types.BlobJSONSchemaVersion, Digest: "", @@ -939,67 +944,7 @@ func TestArtifact_Inspect(t *testing.T) { PackageInfos: []types.PackageInfo{ { FilePath: "lib/apk/db/installed", - Packages: []types.Package{ - { - Name: "alpine-baselayout", Version: "3.2.0-r3", - SrcName: "alpine-baselayout", SrcVersion: "3.2.0-r3", - Licenses: []string{"GPL-2.0"}, - }, - { - Name: "alpine-keys", Version: "2.1-r2", SrcName: "alpine-keys", - SrcVersion: "2.1-r2", Licenses: []string{"MIT"}, - }, - { - Name: "apk-tools", Version: "2.10.4-r3", SrcName: "apk-tools", - SrcVersion: "2.10.4-r3", Licenses: []string{"GPL-2.0"}, - }, - { - Name: "busybox", Version: "1.31.1-r9", SrcName: "busybox", - SrcVersion: "1.31.1-r9", Licenses: []string{"GPL-2.0"}, - }, - { - Name: "ca-certificates-cacert", Version: "20191127-r1", - SrcName: "ca-certificates", SrcVersion: "20191127-r1", - Licenses: []string{"MPL-2.0", "GPL-2.0"}, - }, - { - Name: "libc-utils", Version: "0.7.2-r0", SrcName: "libc-dev", - SrcVersion: "0.7.2-r0", Licenses: []string{"BSD-3-Clause"}, - }, - { - Name: "libcrypto1.1", Version: "1.1.1d-r3", SrcName: "openssl", - SrcVersion: "1.1.1d-r3", Licenses: []string{"OpenSSL"}, - }, - { - Name: "libssl1.1", Version: "1.1.1d-r3", SrcName: "openssl", - SrcVersion: "1.1.1d-r3", Licenses: []string{"OpenSSL"}, - }, - { - Name: "libtls-standalone", Version: "2.9.1-r0", - SrcName: "libtls-standalone", SrcVersion: "2.9.1-r0", - Licenses: []string{"ISC"}, - }, - { - Name: "musl", Version: "1.1.24-r2", SrcName: "musl", - SrcVersion: "1.1.24-r2", Licenses: []string{"MIT"}, - }, - { - Name: "musl-utils", Version: "1.1.24-r2", SrcName: "musl", - SrcVersion: "1.1.24-r2", Licenses: []string{"MIT", "BSD-3-Clause", "GPL-2.0"}, - }, - { - Name: "scanelf", Version: "1.2.4-r0", SrcName: "pax-utils", - SrcVersion: "1.2.4-r0", Licenses: []string{"GPL-2.0"}, - }, - { - Name: "ssl_client", Version: "1.31.1-r9", SrcName: "busybox", - SrcVersion: "1.31.1-r9", Licenses: []string{"GPL-2.0"}, - }, - { - Name: "zlib", Version: "1.2.11-r3", SrcName: "zlib", - SrcVersion: "1.2.11-r3", Licenses: []string{"Zlib"}, - }, - }, + Packages: alpinePkgs, }, }, Licenses: []types.LicenseFile{ diff --git a/pkg/fanal/artifact/local/fs_test.go b/pkg/fanal/artifact/local/fs_test.go index 17e387ced62..435f69f6b35 100644 --- a/pkg/fanal/artifact/local/fs_test.go +++ b/pkg/fanal/artifact/local/fs_test.go @@ -45,7 +45,7 @@ func TestArtifact_Inspect(t *testing.T) { }, putBlobExpectation: cache.ArtifactCachePutBlobExpectation{ Args: cache.ArtifactCachePutBlobArgs{ - BlobID: "sha256:e29d5c9d3e152cc092c072a2327247c5877b67ef32fa57fe5e809e610581eee8", + BlobID: "sha256:7177f27ce94e21305ba8efe2ced3533ba9be66bd251aaa217615469a29ed86a9", BlobInfo: types.BlobInfo{ SchemaVersion: types.BlobJSONSchemaVersion, OS: &types.OS{ @@ -57,6 +57,7 @@ func TestArtifact_Inspect(t *testing.T) { FilePath: "lib/apk/db/installed", Packages: []types.Package{ { + ID: "musl@1.1.24-r2", Name: "musl", Version: "1.1.24-r2", SrcName: "musl", SrcVersion: "1.1.24-r2", Licenses: []string{"MIT"}, }, @@ -70,9 +71,9 @@ func TestArtifact_Inspect(t *testing.T) { want: types.ArtifactReference{ Name: "host", Type: types.ArtifactFilesystem, - ID: "sha256:e29d5c9d3e152cc092c072a2327247c5877b67ef32fa57fe5e809e610581eee8", + ID: "sha256:7177f27ce94e21305ba8efe2ced3533ba9be66bd251aaa217615469a29ed86a9", BlobIDs: []string{ - "sha256:e29d5c9d3e152cc092c072a2327247c5877b67ef32fa57fe5e809e610581eee8", + "sha256:7177f27ce94e21305ba8efe2ced3533ba9be66bd251aaa217615469a29ed86a9", }, }, }, @@ -109,7 +110,7 @@ func TestArtifact_Inspect(t *testing.T) { }, putBlobExpectation: cache.ArtifactCachePutBlobExpectation{ Args: cache.ArtifactCachePutBlobArgs{ - BlobID: "sha256:e29d5c9d3e152cc092c072a2327247c5877b67ef32fa57fe5e809e610581eee8", + BlobID: "sha256:7177f27ce94e21305ba8efe2ced3533ba9be66bd251aaa217615469a29ed86a9", BlobInfo: types.BlobInfo{ SchemaVersion: types.BlobJSONSchemaVersion, OS: &types.OS{ @@ -121,6 +122,7 @@ func TestArtifact_Inspect(t *testing.T) { FilePath: "lib/apk/db/installed", Packages: []types.Package{ { + ID: "musl@1.1.24-r2", Name: "musl", Version: "1.1.24-r2", SrcName: "musl", SrcVersion: "1.1.24-r2", Licenses: []string{"MIT"}, }, @@ -149,7 +151,7 @@ func TestArtifact_Inspect(t *testing.T) { }, putBlobExpectation: cache.ArtifactCachePutBlobExpectation{ Args: cache.ArtifactCachePutBlobArgs{ - BlobID: "sha256:f7c8f14888e2908b613769b9e98816fa40d84980872f3777b656d11b8fb544fb", + BlobID: "sha256:2d951e57cafb6f05f16ae0c70aad084bc613464d53beb2bfc448a7300f62dc7d", BlobInfo: types.BlobInfo{ SchemaVersion: types.BlobJSONSchemaVersion, Applications: []types.Application{ @@ -171,9 +173,9 @@ func TestArtifact_Inspect(t *testing.T) { want: types.ArtifactReference{ Name: "testdata/requirements.txt", Type: types.ArtifactFilesystem, - ID: "sha256:f7c8f14888e2908b613769b9e98816fa40d84980872f3777b656d11b8fb544fb", + ID: "sha256:2d951e57cafb6f05f16ae0c70aad084bc613464d53beb2bfc448a7300f62dc7d", BlobIDs: []string{ - "sha256:f7c8f14888e2908b613769b9e98816fa40d84980872f3777b656d11b8fb544fb", + "sha256:2d951e57cafb6f05f16ae0c70aad084bc613464d53beb2bfc448a7300f62dc7d", }, }, }, @@ -184,7 +186,7 @@ func TestArtifact_Inspect(t *testing.T) { }, putBlobExpectation: cache.ArtifactCachePutBlobExpectation{ Args: cache.ArtifactCachePutBlobArgs{ - BlobID: "sha256:f7c8f14888e2908b613769b9e98816fa40d84980872f3777b656d11b8fb544fb", + BlobID: "sha256:2d951e57cafb6f05f16ae0c70aad084bc613464d53beb2bfc448a7300f62dc7d", BlobInfo: types.BlobInfo{ SchemaVersion: types.BlobJSONSchemaVersion, Applications: []types.Application{ @@ -206,9 +208,9 @@ func TestArtifact_Inspect(t *testing.T) { want: types.ArtifactReference{ Name: "testdata/requirements.txt", Type: types.ArtifactFilesystem, - ID: "sha256:f7c8f14888e2908b613769b9e98816fa40d84980872f3777b656d11b8fb544fb", + ID: "sha256:2d951e57cafb6f05f16ae0c70aad084bc613464d53beb2bfc448a7300f62dc7d", BlobIDs: []string{ - "sha256:f7c8f14888e2908b613769b9e98816fa40d84980872f3777b656d11b8fb544fb", + "sha256:2d951e57cafb6f05f16ae0c70aad084bc613464d53beb2bfc448a7300f62dc7d", }, }, }, @@ -363,9 +365,9 @@ func TestTerraformMisconfigurationScan(t *testing.T) { want: types.ArtifactReference{ Name: "testdata/misconfig/terraform/single-failure/src", Type: types.ArtifactFilesystem, - ID: "sha256:054ca717161e9042642323fce30d558ea4188280770f3a97f08878732182e2f5", + ID: "sha256:9827e4b06d1efa0853e8d75bafb4f95c4c778012b60cee114ce96042ea7c1b7b", BlobIDs: []string{ - "sha256:054ca717161e9042642323fce30d558ea4188280770f3a97f08878732182e2f5", + "sha256:9827e4b06d1efa0853e8d75bafb4f95c4c778012b60cee114ce96042ea7c1b7b", }, }, }, @@ -486,9 +488,9 @@ func TestTerraformMisconfigurationScan(t *testing.T) { want: types.ArtifactReference{ Name: "testdata/misconfig/terraform/multiple-failures/src", Type: types.ArtifactFilesystem, - ID: "sha256:539a82c7c394c9b4d64580feec160c9422f7d1aa2c7328d43c919e737bffdd70", + ID: "sha256:5280d5ed00b245d916357a365dde2a87430bdef58bf8d3c26a4e9b7e67481f6b", BlobIDs: []string{ - "sha256:539a82c7c394c9b4d64580feec160c9422f7d1aa2c7328d43c919e737bffdd70", + "sha256:5280d5ed00b245d916357a365dde2a87430bdef58bf8d3c26a4e9b7e67481f6b", }, }, }, @@ -524,9 +526,9 @@ func TestTerraformMisconfigurationScan(t *testing.T) { want: types.ArtifactReference{ Name: "testdata/misconfig/terraform/no-results/src", Type: types.ArtifactFilesystem, - ID: "sha256:58371119b88104d4a643bda59a6957e5777174d62a09e179bbad7744e9632128", + ID: "sha256:cd80d8148f9b4cbc026f71a73d8dc1e35f79f6f39e4e52fe5e9a7821e9d09693", BlobIDs: []string{ - "sha256:58371119b88104d4a643bda59a6957e5777174d62a09e179bbad7744e9632128", + "sha256:cd80d8148f9b4cbc026f71a73d8dc1e35f79f6f39e4e52fe5e9a7821e9d09693", }, }, }, @@ -613,9 +615,9 @@ func TestTerraformMisconfigurationScan(t *testing.T) { want: types.ArtifactReference{ Name: "testdata/misconfig/terraform/passed/src", Type: types.ArtifactFilesystem, - ID: "sha256:e21f36991ba1f6b15de2a109d2515faaf97452df74955f143766a6c4f4c9ad98", + ID: "sha256:a765d67b40d8dafad114c8b57d817b3d2f03fce2b0d6cecbf057ac13a2d52662", BlobIDs: []string{ - "sha256:e21f36991ba1f6b15de2a109d2515faaf97452df74955f143766a6c4f4c9ad98", + "sha256:a765d67b40d8dafad114c8b57d817b3d2f03fce2b0d6cecbf057ac13a2d52662", }, }, }, @@ -734,9 +736,9 @@ func TestCloudFormationMisconfigurationScan(t *testing.T) { want: types.ArtifactReference{ Name: "testdata/misconfig/cloudformation/single-failure/src", Type: types.ArtifactFilesystem, - ID: "sha256:4ae00d7180bbf9dcc3d2b4e9f48d7ee39830f1e86cd6069a0dc5c9cf9d2b003f", + ID: "sha256:16af3ef12417f03bab139674ad17636f5fb032a9f4e20f2092aeaa9ff0e3bc38", BlobIDs: []string{ - "sha256:4ae00d7180bbf9dcc3d2b4e9f48d7ee39830f1e86cd6069a0dc5c9cf9d2b003f", + "sha256:16af3ef12417f03bab139674ad17636f5fb032a9f4e20f2092aeaa9ff0e3bc38", }, }, }, @@ -837,9 +839,9 @@ func TestCloudFormationMisconfigurationScan(t *testing.T) { want: types.ArtifactReference{ Name: "testdata/misconfig/cloudformation/multiple-failures/src", Type: types.ArtifactFilesystem, - ID: "sha256:4a3a9c97808bc837c4c0ba4fef933b0b637f5d3c48cecc996b347e1a80f05ec4", + ID: "sha256:10801795d3e822d09f0810255a82deeb572f4e298f91af3abe5fc358c10ba68c", BlobIDs: []string{ - "sha256:4a3a9c97808bc837c4c0ba4fef933b0b637f5d3c48cecc996b347e1a80f05ec4", + "sha256:10801795d3e822d09f0810255a82deeb572f4e298f91af3abe5fc358c10ba68c", }, }, }, @@ -875,9 +877,9 @@ func TestCloudFormationMisconfigurationScan(t *testing.T) { want: types.ArtifactReference{ Name: "testdata/misconfig/cloudformation/no-results/src", Type: types.ArtifactFilesystem, - ID: "sha256:58371119b88104d4a643bda59a6957e5777174d62a09e179bbad7744e9632128", + ID: "sha256:cd80d8148f9b4cbc026f71a73d8dc1e35f79f6f39e4e52fe5e9a7821e9d09693", BlobIDs: []string{ - "sha256:58371119b88104d4a643bda59a6957e5777174d62a09e179bbad7744e9632128", + "sha256:cd80d8148f9b4cbc026f71a73d8dc1e35f79f6f39e4e52fe5e9a7821e9d09693", }, }, }, @@ -965,9 +967,9 @@ func TestCloudFormationMisconfigurationScan(t *testing.T) { want: types.ArtifactReference{ Name: "testdata/misconfig/cloudformation/passed/src", Type: types.ArtifactFilesystem, - ID: "sha256:734733115e3bcda02dd2079cdf30280244260c28744e4a3f2eb5a98e37353573", + ID: "sha256:30bc323c6eb7af47b561df826948fe3981ddd63c27c8a1f5bb516eeb0d361fef", BlobIDs: []string{ - "sha256:734733115e3bcda02dd2079cdf30280244260c28744e4a3f2eb5a98e37353573", + "sha256:30bc323c6eb7af47b561df826948fe3981ddd63c27c8a1f5bb516eeb0d361fef", }, }, }, @@ -1083,9 +1085,9 @@ func TestDockerfileMisconfigurationScan(t *testing.T) { want: types.ArtifactReference{ Name: "testdata/misconfig/dockerfile/single-failure/src", Type: types.ArtifactFilesystem, - ID: "sha256:4b0783905a99a1e645fc00945a008c0d42424a87366dbf99833d8efeafe70361", + ID: "sha256:d93b33f51c455c07767196c2b2eb3312e2b055b0e0db40704092d258fc0ed6ec", BlobIDs: []string{ - "sha256:4b0783905a99a1e645fc00945a008c0d42424a87366dbf99833d8efeafe70361", + "sha256:d93b33f51c455c07767196c2b2eb3312e2b055b0e0db40704092d258fc0ed6ec", }, }, }, @@ -1172,9 +1174,9 @@ func TestDockerfileMisconfigurationScan(t *testing.T) { want: types.ArtifactReference{ Name: "testdata/misconfig/dockerfile/multiple-failures/src", Type: types.ArtifactFilesystem, - ID: "sha256:4b0783905a99a1e645fc00945a008c0d42424a87366dbf99833d8efeafe70361", + ID: "sha256:d93b33f51c455c07767196c2b2eb3312e2b055b0e0db40704092d258fc0ed6ec", BlobIDs: []string{ - "sha256:4b0783905a99a1e645fc00945a008c0d42424a87366dbf99833d8efeafe70361", + "sha256:d93b33f51c455c07767196c2b2eb3312e2b055b0e0db40704092d258fc0ed6ec", }, }, }, @@ -1210,9 +1212,9 @@ func TestDockerfileMisconfigurationScan(t *testing.T) { want: types.ArtifactReference{ Name: "testdata/misconfig/dockerfile/no-results/src", Type: types.ArtifactFilesystem, - ID: "sha256:58371119b88104d4a643bda59a6957e5777174d62a09e179bbad7744e9632128", + ID: "sha256:cd80d8148f9b4cbc026f71a73d8dc1e35f79f6f39e4e52fe5e9a7821e9d09693", BlobIDs: []string{ - "sha256:58371119b88104d4a643bda59a6957e5777174d62a09e179bbad7744e9632128", + "sha256:cd80d8148f9b4cbc026f71a73d8dc1e35f79f6f39e4e52fe5e9a7821e9d09693", }, }, }, @@ -1283,9 +1285,9 @@ func TestDockerfileMisconfigurationScan(t *testing.T) { want: types.ArtifactReference{ Name: "testdata/misconfig/dockerfile/passed/src", Type: types.ArtifactFilesystem, - ID: "sha256:92a2a8fb73136f4f1d5ec38bf66d9b38fd5db288869e727aed5f7516f60633db", + ID: "sha256:7218a8e53d2e3eb08efe9f9864767eb0fe6084eaaaef1480064096bbdc2c3f71", BlobIDs: []string{ - "sha256:92a2a8fb73136f4f1d5ec38bf66d9b38fd5db288869e727aed5f7516f60633db", + "sha256:7218a8e53d2e3eb08efe9f9864767eb0fe6084eaaaef1480064096bbdc2c3f71", }, }, }, @@ -1388,9 +1390,9 @@ func TestKubernetesMisconfigurationScan(t *testing.T) { want: types.ArtifactReference{ Name: "testdata/misconfig/kubernetes/single-failure/src", Type: types.ArtifactFilesystem, - ID: "sha256:af6a4b3a5906ea8495a21a315bc4accd97effb249ccb3e0c75d8720c386e5bfb", + ID: "sha256:599ae82c0d032acbe75e24379b4320fb7f0a9818da50b4635c4f0645504d5a72", BlobIDs: []string{ - "sha256:af6a4b3a5906ea8495a21a315bc4accd97effb249ccb3e0c75d8720c386e5bfb", + "sha256:599ae82c0d032acbe75e24379b4320fb7f0a9818da50b4635c4f0645504d5a72", }, }, }, @@ -1487,9 +1489,9 @@ func TestKubernetesMisconfigurationScan(t *testing.T) { want: types.ArtifactReference{ Name: "testdata/misconfig/kubernetes/multiple-failures/src", Type: types.ArtifactFilesystem, - ID: "sha256:e681637468d8a07c867602047c84b2acceb7da1b36dbc96b6edb3df3fa711788", + ID: "sha256:fd62e7fdfeffa3df4653c100cc87fe0bc83ddbca918c41b73c7a5724a64619df", BlobIDs: []string{ - "sha256:e681637468d8a07c867602047c84b2acceb7da1b36dbc96b6edb3df3fa711788", + "sha256:fd62e7fdfeffa3df4653c100cc87fe0bc83ddbca918c41b73c7a5724a64619df", }, }, }, @@ -1525,9 +1527,9 @@ func TestKubernetesMisconfigurationScan(t *testing.T) { want: types.ArtifactReference{ Name: "testdata/misconfig/kubernetes/no-results/src", Type: types.ArtifactFilesystem, - ID: "sha256:63ee9fc1ce356a810234d884f9056432df7048485565a15bf3448644f4d97abe", + ID: "sha256:b46953af7375260e0bf264328c8b156ee3341ff46794c0f09c65bce78b0eddb9", BlobIDs: []string{ - "sha256:63ee9fc1ce356a810234d884f9056432df7048485565a15bf3448644f4d97abe", + "sha256:b46953af7375260e0bf264328c8b156ee3341ff46794c0f09c65bce78b0eddb9", }, }, }, @@ -1598,9 +1600,9 @@ func TestKubernetesMisconfigurationScan(t *testing.T) { want: types.ArtifactReference{ Name: "testdata/misconfig/kubernetes/passed/src", Type: types.ArtifactFilesystem, - ID: "sha256:0e2a1bd08e49eba4ba3f829b87ab9021b949d4c3983d8c494cd0febfa7adc0cb", + ID: "sha256:5b110611834af3e26a4c7aa5623f9e20098c46b394a29a0881a1a3852a114578", BlobIDs: []string{ - "sha256:0e2a1bd08e49eba4ba3f829b87ab9021b949d4c3983d8c494cd0febfa7adc0cb", + "sha256:5b110611834af3e26a4c7aa5623f9e20098c46b394a29a0881a1a3852a114578", }, }, }, @@ -1718,9 +1720,9 @@ func TestAzureARMMisconfigurationScan(t *testing.T) { want: types.ArtifactReference{ Name: "testdata/misconfig/azurearm/single-failure/src", Type: types.ArtifactFilesystem, - ID: "sha256:4a2b0992144ad47985149073e8807ea38a248da82a36342f78db16cf97254b68", + ID: "sha256:1113fd88abfa3727496c9a5e2e47c522d0197fa0c58d9b0472ff5715aa5dbe79", BlobIDs: []string{ - "sha256:4a2b0992144ad47985149073e8807ea38a248da82a36342f78db16cf97254b68", + "sha256:1113fd88abfa3727496c9a5e2e47c522d0197fa0c58d9b0472ff5715aa5dbe79", }, }, }, @@ -1819,9 +1821,9 @@ func TestAzureARMMisconfigurationScan(t *testing.T) { want: types.ArtifactReference{ Name: "testdata/misconfig/azurearm/multiple-failures/src", Type: types.ArtifactFilesystem, - ID: "sha256:8859b0de1cb155a38e27ecf9f26dd662f2e809fdce48f201f4c1e94d299c0f96", + ID: "sha256:f75d8c2df3cd95fa0972ad064ca7c4c4bfc614b69a1220bb1b0e31b0c97cf2aa", BlobIDs: []string{ - "sha256:8859b0de1cb155a38e27ecf9f26dd662f2e809fdce48f201f4c1e94d299c0f96", + "sha256:f75d8c2df3cd95fa0972ad064ca7c4c4bfc614b69a1220bb1b0e31b0c97cf2aa", }, }, }, @@ -1857,9 +1859,9 @@ func TestAzureARMMisconfigurationScan(t *testing.T) { want: types.ArtifactReference{ Name: "testdata/misconfig/azurearm/no-results/src", Type: types.ArtifactFilesystem, - ID: "sha256:58371119b88104d4a643bda59a6957e5777174d62a09e179bbad7744e9632128", + ID: "sha256:cd80d8148f9b4cbc026f71a73d8dc1e35f79f6f39e4e52fe5e9a7821e9d09693", BlobIDs: []string{ - "sha256:58371119b88104d4a643bda59a6957e5777174d62a09e179bbad7744e9632128", + "sha256:cd80d8148f9b4cbc026f71a73d8dc1e35f79f6f39e4e52fe5e9a7821e9d09693", }, }, }, @@ -1946,9 +1948,9 @@ func TestAzureARMMisconfigurationScan(t *testing.T) { want: types.ArtifactReference{ Name: "testdata/misconfig/azurearm/passed/src", Type: types.ArtifactFilesystem, - ID: "sha256:11bfbe426d39efcefa0bd0ac16a1386967720e1efd00e92012d637b80330821c", + ID: "sha256:1776289fa9295540d5d38fe219a7e565b1d60d7eab2e33331209d9eee88528bb", BlobIDs: []string{ - "sha256:11bfbe426d39efcefa0bd0ac16a1386967720e1efd00e92012d637b80330821c", + "sha256:1776289fa9295540d5d38fe219a7e565b1d60d7eab2e33331209d9eee88528bb", }, }, }, diff --git a/pkg/fanal/test/integration/library_test.go b/pkg/fanal/test/integration/library_test.go index 63623f2c083..77ffa723ba0 100644 --- a/pkg/fanal/test/integration/library_test.go +++ b/pkg/fanal/test/integration/library_test.go @@ -9,7 +9,6 @@ import ( "flag" "fmt" "io" - "io/ioutil" "os" "sort" "strings" @@ -168,7 +167,7 @@ func TestFanal_Library_DockerMode(t *testing.T) { // load image into docker engine resp, err := cli.ImageLoad(ctx, testfile, true) require.NoError(t, err, tt.name) - _, err = io.Copy(ioutil.Discard, resp.Body) + _, err = io.Copy(io.Discard, resp.Body) require.NoError(t, err, tt.name) // Enable only dockerd scanning @@ -265,11 +264,11 @@ func checkOSPackages(t *testing.T, detail types.ArtifactDetail, tc testCase) { if *update { b, err := json.MarshalIndent(detail.Packages, "", " ") require.NoError(t, err) - err = ioutil.WriteFile(goldenFile, b, 0666) + err = os.WriteFile(goldenFile, b, 0666) require.NoError(t, err) return } - data, err := ioutil.ReadFile(goldenFile) + data, err := os.ReadFile(goldenFile) require.NoError(t, err, tc.name) var expectedPkgs []types.Package @@ -334,7 +333,7 @@ func checkLangPkgs(detail types.ArtifactDetail, t *testing.T, tc testCase) { func checkPackageFromCommands(t *testing.T, detail types.ArtifactDetail, tc testCase) { if tc.wantPkgsFromCmds != "" { - data, _ := ioutil.ReadFile(tc.wantPkgsFromCmds) + data, _ := os.ReadFile(tc.wantPkgsFromCmds) var expectedPkgsFromCmds []types.Package err := json.Unmarshal(data, &expectedPkgsFromCmds) diff --git a/pkg/fanal/test/integration/testdata/goldens/packages/alpine-310.json.golden b/pkg/fanal/test/integration/testdata/goldens/packages/alpine-310.json.golden index 340964a739c..cc208c7b87a 100644 --- a/pkg/fanal/test/integration/testdata/goldens/packages/alpine-310.json.golden +++ b/pkg/fanal/test/integration/testdata/goldens/packages/alpine-310.json.golden @@ -1,5 +1,6 @@ [ { + "ID": "alpine-baselayout@3.1.2-r0", "Name": "alpine-baselayout", "Version": "3.1.2-r0", "SrcName": "alpine-baselayout", @@ -7,12 +8,17 @@ "Licenses": [ "GPL-2.0" ], + "DependsOn": [ + "busybox@1.30.1-r2", + "musl@1.1.22-r3" + ], "Layer": { "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" } }, { + "ID": "alpine-keys@2.1-r2", "Name": "alpine-keys", "Version": "2.1-r2", "SrcName": "alpine-keys", @@ -26,6 +32,7 @@ } }, { + "ID": "apk-tools@2.10.4-r2", "Name": "apk-tools", "Version": "2.10.4-r2", "SrcName": "apk-tools", @@ -33,12 +40,19 @@ "Licenses": [ "GPL-2.0" ], + "DependsOn": [ + "libcrypto1.1@1.1.1c-r0", + "libssl1.1@1.1.1c-r0", + "musl@1.1.22-r3", + "zlib@1.2.11-r1" + ], "Layer": { "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" } }, { + "ID": "busybox@1.30.1-r2", "Name": "busybox", "Version": "1.30.1-r2", "SrcName": "busybox", @@ -46,12 +60,16 @@ "Licenses": [ "GPL-2.0" ], + "DependsOn": [ + "musl@1.1.22-r3" + ], "Layer": { "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" } }, { + "ID": "ca-certificates-cacert@20190108-r0", "Name": "ca-certificates-cacert", "Version": "20190108-r0", "SrcName": "ca-certificates", @@ -66,6 +84,7 @@ } }, { + "ID": "libc-utils@0.7.1-r0", "Name": "libc-utils", "Version": "0.7.1-r0", "SrcName": "libc-dev", @@ -73,12 +92,16 @@ "Licenses": [ "BSD-3-Clause" ], + "DependsOn": [ + "musl-utils@1.1.22-r3" + ], "Layer": { "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" } }, { + "ID": "libcrypto1.1@1.1.1c-r0", "Name": "libcrypto1.1", "Version": "1.1.1c-r0", "SrcName": "openssl", @@ -86,12 +109,16 @@ "Licenses": [ "OpenSSL" ], + "DependsOn": [ + "musl@1.1.22-r3" + ], "Layer": { "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" } }, { + "ID": "libssl1.1@1.1.1c-r0", "Name": "libssl1.1", "Version": "1.1.1c-r0", "SrcName": "openssl", @@ -99,12 +126,17 @@ "Licenses": [ "OpenSSL" ], + "DependsOn": [ + "libcrypto1.1@1.1.1c-r0", + "musl@1.1.22-r3" + ], "Layer": { "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" } }, { + "ID": "libtls-standalone@2.9.1-r0", "Name": "libtls-standalone", "Version": "2.9.1-r0", "SrcName": "libtls-standalone", @@ -112,12 +144,19 @@ "Licenses": [ "ISC" ], + "DependsOn": [ + "ca-certificates-cacert@20190108-r0", + "libcrypto1.1@1.1.1c-r0", + "libssl1.1@1.1.1c-r0", + "musl@1.1.22-r3" + ], "Layer": { "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" } }, { + "ID": "musl@1.1.22-r3", "Name": "musl", "Version": "1.1.22-r3", "SrcName": "musl", @@ -131,6 +170,7 @@ } }, { + "ID": "musl-utils@1.1.22-r3", "Name": "musl-utils", "Version": "1.1.22-r3", "SrcName": "musl", @@ -140,12 +180,17 @@ "BSD-3-Clause", "GPL-2.0" ], + "DependsOn": [ + "musl@1.1.22-r3", + "scanelf@1.2.3-r0" + ], "Layer": { "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" } }, { + "ID": "scanelf@1.2.3-r0", "Name": "scanelf", "Version": "1.2.3-r0", "SrcName": "pax-utils", @@ -153,12 +198,16 @@ "Licenses": [ "GPL-2.0" ], + "DependsOn": [ + "musl@1.1.22-r3" + ], "Layer": { "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" } }, { + "ID": "ssl_client@1.30.1-r2", "Name": "ssl_client", "Version": "1.30.1-r2", "SrcName": "busybox", @@ -166,12 +215,17 @@ "Licenses": [ "GPL-2.0" ], + "DependsOn": [ + "libtls-standalone@2.9.1-r0", + "musl@1.1.22-r3" + ], "Layer": { "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" } }, { + "ID": "zlib@1.2.11-r1", "Name": "zlib", "Version": "1.2.11-r1", "SrcName": "zlib", @@ -179,6 +233,9 @@ "Licenses": [ "Zlib" ], + "DependsOn": [ + "musl@1.1.22-r3" + ], "Layer": { "Digest": "sha256:9d48c3bd43c520dc2784e868a780e976b207cbf493eaff8c6596eb871cbd9609", "DiffID": "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0" diff --git a/pkg/fanal/test/integration/testdata/goldens/packages/vulnimage.json.golden b/pkg/fanal/test/integration/testdata/goldens/packages/vulnimage.json.golden index 0e88a9a283c..7bbb3c3a2eb 100644 --- a/pkg/fanal/test/integration/testdata/goldens/packages/vulnimage.json.golden +++ b/pkg/fanal/test/integration/testdata/goldens/packages/vulnimage.json.golden @@ -1,29 +1,55 @@ [ { + "ID": ".composer-phpext-rundeps@0", "Name": ".composer-phpext-rundeps", "Version": "0", + "DependsOn": [ + "libsodium@1.0.15-r0", + "musl@1.1.18-r3", + "zlib@1.2.11-r1" + ], "Layer": { "Digest": "sha256:1eea04acda91d39256def9ea27cb33007e243a1b4f7f8908bcfd9d3de376905d", "DiffID": "sha256:2f4a5c9187c249834ebc28783bd3c65bdcbacaa8baa6620ddaa27846dd3ef708" } }, { + "ID": ".persistent-deps@0", "Name": ".persistent-deps", "Version": "0", + "DependsOn": [ + "ca-certificates@20171114-r0", + "curl@7.61.0-r0", + "libressl@2.6.5-r0", + "tar@1.29-r1", + "xz@5.2.3-r1" + ], "Layer": { "Digest": "sha256:88777455d910410652665cec0149a02db3584d6dc26e306788a3532d480b00ae", "DiffID": "sha256:0ea33a93585cf1917ba522b2304634c3073654062d5282c1346322967790ef33" } }, { + "ID": ".php-rundeps@0", "Name": ".php-rundeps", "Version": "0", + "DependsOn": [ + "libcurl@7.61.1-r0", + "libedit@20170329.3.1-r3", + "libressl2.6-libcrypto@2.6.5-r0", + "libressl2.6-libssl@2.6.5-r0", + "libsodium@1.0.15-r0", + "libxml2@2.9.7-r0", + "musl@1.1.18-r3", + "zlib@1.2.11-r1" + ], "Layer": { "Digest": "sha256:3d6152f6ac208640f9fb494d1c379fe508db1fc5754cd08fefec200bddd13e0e", "DiffID": "sha256:6408527580eade39c2692dbb6b0f6a9321448d06ea1c2eef06bb7f37da9c5013" } }, { + "ID": "alpine-baselayout@3.0.5-r2", "Name": "alpine-baselayout", "Version": "3.0.5-r2", "SrcName": "alpine-baselayout", @@ -31,12 +57,17 @@ "Licenses": [ "GPL-2.0" ], + "DependsOn": [ + "busybox@1.27.2-r11", + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c67f3896b22c1378881cbbb9c9d1edfe881fd07f713371835ef46d93c649684d", "DiffID": "sha256:ebf12965380b39889c99a9c02e82ba465f887b45975b6e389d42e9e6a3857888" } }, { + "ID": "alpine-keys@2.1-r1", "Name": "alpine-keys", "Version": "2.1-r1", "SrcName": "alpine-keys", @@ -50,6 +81,7 @@ } }, { + "ID": "apk-tools@2.10.1-r0", "Name": "apk-tools", "Version": "2.10.1-r0", "SrcName": "apk-tools", @@ -57,12 +89,19 @@ "Licenses": [ "GPL-2.0" ], + "DependsOn": [ + "libressl2.6-libcrypto@2.6.5-r0", + "libressl2.6-libssl@2.6.5-r0", + "musl@1.1.18-r3", + "zlib@1.2.11-r1" + ], "Layer": { "Digest": "sha256:c67f3896b22c1378881cbbb9c9d1edfe881fd07f713371835ef46d93c649684d", "DiffID": "sha256:ebf12965380b39889c99a9c02e82ba465f887b45975b6e389d42e9e6a3857888" } }, { + "ID": "apr@1.6.3-r0", "Name": "apr", "Version": "1.6.3-r0", "SrcName": "apr", @@ -70,12 +109,17 @@ "Licenses": [ "ASL2.0" ], + "DependsOn": [ + "libuuid@2.31-r0", + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "apr-util@1.6.1-r1", "Name": "apr-util", "Version": "1.6.1-r1", "SrcName": "apr-util", @@ -83,12 +127,19 @@ "Licenses": [ "ASL2.0" ], + "DependsOn": [ + "apr@1.6.3-r0", + "expat@2.2.5-r0", + "libressl2.6-libcrypto@2.6.5-r0", + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "bash@4.4.19-r1", "Name": "bash", "Version": "4.4.19-r1", "SrcName": "bash", @@ -96,12 +147,19 @@ "Licenses": [ "GPL-3.0" ], + "DependsOn": [ + "busybox@1.27.2-r11", + "musl@1.1.18-r3", + "pkgconf@1.3.10-r0", + "readline@7.0.003-r0" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "busybox@1.27.2-r11", "Name": "busybox", "Version": "1.27.2-r11", "SrcName": "busybox", @@ -109,12 +167,16 @@ "Licenses": [ "GPL-2.0" ], + "DependsOn": [ + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c67f3896b22c1378881cbbb9c9d1edfe881fd07f713371835ef46d93c649684d", "DiffID": "sha256:ebf12965380b39889c99a9c02e82ba465f887b45975b6e389d42e9e6a3857888" } }, { + "ID": "ca-certificates@20171114-r0", "Name": "ca-certificates", "Version": "20171114-r0", "SrcName": "ca-certificates", @@ -123,12 +185,18 @@ "MPL-2.0", "GPL-2.0" ], + "DependsOn": [ + "busybox@1.27.2-r11", + "libressl2.6-libcrypto@2.6.5-r0", + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:88777455d910410652665cec0149a02db3584d6dc26e306788a3532d480b00ae", "DiffID": "sha256:0ea33a93585cf1917ba522b2304634c3073654062d5282c1346322967790ef33" } }, { + "ID": "curl@7.61.0-r0", "Name": "curl", "Version": "7.61.0-r0", "SrcName": "curl", @@ -136,12 +204,19 @@ "Licenses": [ "MIT" ], + "DependsOn": [ + "ca-certificates@20171114-r0", + "libcurl@7.61.1-r0", + "musl@1.1.18-r3", + "zlib@1.2.11-r1" + ], "Layer": { "Digest": "sha256:88777455d910410652665cec0149a02db3584d6dc26e306788a3532d480b00ae", "DiffID": "sha256:0ea33a93585cf1917ba522b2304634c3073654062d5282c1346322967790ef33" } }, { + "ID": "db@5.3.28-r0", "Name": "db", "Version": "5.3.28-r0", "SrcName": "db", @@ -149,12 +224,16 @@ "Licenses": [ "custom" ], + "DependsOn": [ + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "expat@2.2.5-r0", "Name": "expat", "Version": "2.2.5-r0", "SrcName": "expat", @@ -162,12 +241,16 @@ "Licenses": [ "MIT" ], + "DependsOn": [ + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "gdbm@1.13-r1", "Name": "gdbm", "Version": "1.13-r1", "SrcName": "gdbm", @@ -175,12 +258,16 @@ "Licenses": [ "GPL-3.0" ], + "DependsOn": [ + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "git@2.15.2-r0", "Name": "git", "Version": "2.15.2-r0", "SrcName": "git", @@ -188,12 +275,20 @@ "Licenses": [ "GPL-2.0" ], + "DependsOn": [ + "expat@2.2.5-r0", + "libcurl@7.61.1-r0", + "musl@1.1.18-r3", + "pcre2@10.30-r0", + "zlib@1.2.11-r1" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "libbz2@1.0.6-r6", "Name": "libbz2", "Version": "1.0.6-r6", "SrcName": "bzip2", @@ -201,12 +296,16 @@ "Licenses": [ "BSD-3-Clause" ], + "DependsOn": [ + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "libc-utils@0.7.1-r0", "Name": "libc-utils", "Version": "0.7.1-r0", "SrcName": "libc-dev", @@ -214,12 +313,16 @@ "Licenses": [ "BSD-3-Clause" ], + "DependsOn": [ + "musl-utils@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c67f3896b22c1378881cbbb9c9d1edfe881fd07f713371835ef46d93c649684d", "DiffID": "sha256:ebf12965380b39889c99a9c02e82ba465f887b45975b6e389d42e9e6a3857888" } }, { + "ID": "libcurl@7.61.1-r0", "Name": "libcurl", "Version": "7.61.1-r0", "SrcName": "curl", @@ -227,12 +330,21 @@ "Licenses": [ "MIT" ], + "DependsOn": [ + "ca-certificates@20171114-r0", + "libressl2.6-libcrypto@2.6.5-r0", + "libressl2.6-libssl@2.6.5-r0", + "libssh2@1.8.0-r2", + "musl@1.1.18-r3", + "zlib@1.2.11-r1" + ], "Layer": { "Digest": "sha256:3d6152f6ac208640f9fb494d1c379fe508db1fc5754cd08fefec200bddd13e0e", "DiffID": "sha256:6408527580eade39c2692dbb6b0f6a9321448d06ea1c2eef06bb7f37da9c5013" } }, { + "ID": "libedit@20170329.3.1-r3", "Name": "libedit", "Version": "20170329.3.1-r3", "SrcName": "libedit", @@ -240,12 +352,17 @@ "Licenses": [ "BSD-3-Clause" ], + "DependsOn": [ + "musl@1.1.18-r3", + "ncurses-libs@6.0_p20171125-r1" + ], "Layer": { "Digest": "sha256:3d6152f6ac208640f9fb494d1c379fe508db1fc5754cd08fefec200bddd13e0e", "DiffID": "sha256:6408527580eade39c2692dbb6b0f6a9321448d06ea1c2eef06bb7f37da9c5013" } }, { + "ID": "libffi@3.2.1-r4", "Name": "libffi", "Version": "3.2.1-r4", "SrcName": "libffi", @@ -253,12 +370,16 @@ "Licenses": [ "MIT" ], + "DependsOn": [ + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "libressl@2.6.5-r0", "Name": "libressl", "Version": "2.6.5-r0", "SrcName": "libressl", @@ -266,12 +387,19 @@ "Licenses": [ "custom" ], + "DependsOn": [ + "libressl2.6-libcrypto@2.6.5-r0", + "libressl2.6-libssl@2.6.5-r0", + "libressl2.6-libtls@2.6.5-r0", + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:88777455d910410652665cec0149a02db3584d6dc26e306788a3532d480b00ae", "DiffID": "sha256:0ea33a93585cf1917ba522b2304634c3073654062d5282c1346322967790ef33" } }, { + "ID": "libressl2.6-libcrypto@2.6.5-r0", "Name": "libressl2.6-libcrypto", "Version": "2.6.5-r0", "SrcName": "libressl", @@ -279,12 +407,16 @@ "Licenses": [ "custom" ], + "DependsOn": [ + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c67f3896b22c1378881cbbb9c9d1edfe881fd07f713371835ef46d93c649684d", "DiffID": "sha256:ebf12965380b39889c99a9c02e82ba465f887b45975b6e389d42e9e6a3857888" } }, { + "ID": "libressl2.6-libssl@2.6.5-r0", "Name": "libressl2.6-libssl", "Version": "2.6.5-r0", "SrcName": "libressl", @@ -292,12 +424,17 @@ "Licenses": [ "custom" ], + "DependsOn": [ + "libressl2.6-libcrypto@2.6.5-r0", + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c67f3896b22c1378881cbbb9c9d1edfe881fd07f713371835ef46d93c649684d", "DiffID": "sha256:ebf12965380b39889c99a9c02e82ba465f887b45975b6e389d42e9e6a3857888" } }, { + "ID": "libressl2.6-libtls@2.6.5-r0", "Name": "libressl2.6-libtls", "Version": "2.6.5-r0", "SrcName": "libressl", @@ -305,12 +442,18 @@ "Licenses": [ "custom" ], + "DependsOn": [ + "libressl2.6-libcrypto@2.6.5-r0", + "libressl2.6-libssl@2.6.5-r0", + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c67f3896b22c1378881cbbb9c9d1edfe881fd07f713371835ef46d93c649684d", "DiffID": "sha256:ebf12965380b39889c99a9c02e82ba465f887b45975b6e389d42e9e6a3857888" } }, { + "ID": "libsasl@2.1.26-r11", "Name": "libsasl", "Version": "2.1.26-r11", "SrcName": "cyrus-sasl", @@ -318,12 +461,17 @@ "Licenses": [ "custom" ], + "DependsOn": [ + "db@5.3.28-r0", + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "libsodium@1.0.15-r0", "Name": "libsodium", "Version": "1.0.15-r0", "SrcName": "libsodium", @@ -331,12 +479,16 @@ "Licenses": [ "ISC" ], + "DependsOn": [ + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:3d6152f6ac208640f9fb494d1c379fe508db1fc5754cd08fefec200bddd13e0e", "DiffID": "sha256:6408527580eade39c2692dbb6b0f6a9321448d06ea1c2eef06bb7f37da9c5013" } }, { + "ID": "libssh2@1.8.0-r2", "Name": "libssh2", "Version": "1.8.0-r2", "SrcName": "libssh2", @@ -344,12 +496,18 @@ "Licenses": [ "BSD-3-Clause" ], + "DependsOn": [ + "libressl2.6-libcrypto@2.6.5-r0", + "musl@1.1.18-r3", + "zlib@1.2.11-r1" + ], "Layer": { "Digest": "sha256:88777455d910410652665cec0149a02db3584d6dc26e306788a3532d480b00ae", "DiffID": "sha256:0ea33a93585cf1917ba522b2304634c3073654062d5282c1346322967790ef33" } }, { + "ID": "libuuid@2.31-r0", "Name": "libuuid", "Version": "2.31-r0", "SrcName": "util-linux", @@ -362,12 +520,16 @@ "Public", "Domain" ], + "DependsOn": [ + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "libxml2@2.9.7-r0", "Name": "libxml2", "Version": "2.9.7-r0", "SrcName": "libxml2", @@ -375,12 +537,17 @@ "Licenses": [ "MIT" ], + "DependsOn": [ + "musl@1.1.18-r3", + "zlib@1.2.11-r1" + ], "Layer": { "Digest": "sha256:3d6152f6ac208640f9fb494d1c379fe508db1fc5754cd08fefec200bddd13e0e", "DiffID": "sha256:6408527580eade39c2692dbb6b0f6a9321448d06ea1c2eef06bb7f37da9c5013" } }, { + "ID": "mercurial@4.5.2-r0", "Name": "mercurial", "Version": "4.5.2-r0", "SrcName": "mercurial", @@ -388,12 +555,17 @@ "Licenses": [ "GPL-2.0" ], + "DependsOn": [ + "musl@1.1.18-r3", + "python2@2.7.15-r2" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "musl@1.1.18-r3", "Name": "musl", "Version": "1.1.18-r3", "SrcName": "musl", @@ -407,6 +579,7 @@ } }, { + "ID": "musl-utils@1.1.18-r3", "Name": "musl-utils", "Version": "1.1.18-r3", "SrcName": "musl", @@ -416,12 +589,17 @@ "BSD-3-Clause", "GPL-2.0" ], + "DependsOn": [ + "musl@1.1.18-r3", + "scanelf@1.2.2-r1" + ], "Layer": { "Digest": "sha256:c67f3896b22c1378881cbbb9c9d1edfe881fd07f713371835ef46d93c649684d", "DiffID": "sha256:ebf12965380b39889c99a9c02e82ba465f887b45975b6e389d42e9e6a3857888" } }, { + "ID": "ncurses-libs@6.0_p20171125-r1", "Name": "ncurses-libs", "Version": "6.0_p20171125-r1", "SrcName": "ncurses", @@ -429,12 +607,18 @@ "Licenses": [ "MIT" ], + "DependsOn": [ + "musl@1.1.18-r3", + "ncurses-terminfo-base@6.0_p20171125-r1", + "ncurses-terminfo@6.0_p20171125-r1" + ], "Layer": { "Digest": "sha256:3d6152f6ac208640f9fb494d1c379fe508db1fc5754cd08fefec200bddd13e0e", "DiffID": "sha256:6408527580eade39c2692dbb6b0f6a9321448d06ea1c2eef06bb7f37da9c5013" } }, { + "ID": "ncurses-terminfo@6.0_p20171125-r1", "Name": "ncurses-terminfo", "Version": "6.0_p20171125-r1", "SrcName": "ncurses", @@ -442,12 +626,16 @@ "Licenses": [ "MIT" ], + "DependsOn": [ + "ncurses-terminfo-base@6.0_p20171125-r1" + ], "Layer": { "Digest": "sha256:3d6152f6ac208640f9fb494d1c379fe508db1fc5754cd08fefec200bddd13e0e", "DiffID": "sha256:6408527580eade39c2692dbb6b0f6a9321448d06ea1c2eef06bb7f37da9c5013" } }, { + "ID": "ncurses-terminfo-base@6.0_p20171125-r1", "Name": "ncurses-terminfo-base", "Version": "6.0_p20171125-r1", "SrcName": "ncurses", @@ -461,6 +649,7 @@ } }, { + "ID": "openssh@7.5_p1-r9", "Name": "openssh", "Version": "7.5_p1-r9", "SrcName": "openssh", @@ -468,12 +657,20 @@ "Licenses": [ "as-is" ], + "DependsOn": [ + "libressl2.6-libcrypto@2.6.5-r0", + "musl@1.1.18-r3", + "openssh-client@7.5_p1-r9", + "openssh-server@7.5_p1-r9", + "openssh-sftp-server@7.5_p1-r9" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "openssh-client@7.5_p1-r9", "Name": "openssh-client", "Version": "7.5_p1-r9", "SrcName": "openssh", @@ -481,12 +678,19 @@ "Licenses": [ "as-is" ], + "DependsOn": [ + "libressl2.6-libcrypto@2.6.5-r0", + "musl@1.1.18-r3", + "openssh-keygen@7.5_p1-r9", + "zlib@1.2.11-r1" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "openssh-keygen@7.5_p1-r9", "Name": "openssh-keygen", "Version": "7.5_p1-r9", "SrcName": "openssh", @@ -494,12 +698,17 @@ "Licenses": [ "as-is" ], + "DependsOn": [ + "libressl2.6-libcrypto@2.6.5-r0", + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "openssh-server@7.5_p1-r9", "Name": "openssh-server", "Version": "7.5_p1-r9", "SrcName": "openssh", @@ -507,12 +716,20 @@ "Licenses": [ "as-is" ], + "DependsOn": [ + "libressl2.6-libcrypto@2.6.5-r0", + "musl@1.1.18-r3", + "openssh-keygen@7.5_p1-r9", + "openssh-server-common@7.5_p1-r9", + "zlib@1.2.11-r1" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "openssh-server-common@7.5_p1-r9", "Name": "openssh-server-common", "Version": "7.5_p1-r9", "SrcName": "openssh", @@ -526,6 +743,7 @@ } }, { + "ID": "openssh-sftp-server@7.5_p1-r9", "Name": "openssh-sftp-server", "Version": "7.5_p1-r9", "SrcName": "openssh", @@ -533,12 +751,16 @@ "Licenses": [ "as-is" ], + "DependsOn": [ + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "patch@2.7.5-r2", "Name": "patch", "Version": "2.7.5-r2", "SrcName": "patch", @@ -546,12 +768,16 @@ "Licenses": [ "GPL-3.0" ], + "DependsOn": [ + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "pcre2@10.30-r0", "Name": "pcre2", "Version": "10.30-r0", "SrcName": "pcre2", @@ -559,12 +785,16 @@ "Licenses": [ "BSD-3-Clause" ], + "DependsOn": [ + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "pkgconf@1.3.10-r0", "Name": "pkgconf", "Version": "1.3.10-r0", "SrcName": "pkgconf", @@ -572,12 +802,16 @@ "Licenses": [ "ISC" ], + "DependsOn": [ + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "python2@2.7.15-r2", "Name": "python2", "Version": "2.7.15-r2", "SrcName": "python2", @@ -585,12 +819,26 @@ "Licenses": [ "custom" ], + "DependsOn": [ + "expat@2.2.5-r0", + "gdbm@1.13-r1", + "libbz2@1.0.6-r6", + "libffi@3.2.1-r4", + "libressl2.6-libcrypto@2.6.5-r0", + "libressl2.6-libssl@2.6.5-r0", + "musl@1.1.18-r3", + "ncurses-libs@6.0_p20171125-r1", + "readline@7.0.003-r0", + "sqlite-libs@3.21.0-r1", + "zlib@1.2.11-r1" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "readline@7.0.003-r0", "Name": "readline", "Version": "7.0.003-r0", "SrcName": "readline", @@ -598,12 +846,17 @@ "Licenses": [ "GPL-3.0" ], + "DependsOn": [ + "musl@1.1.18-r3", + "ncurses-libs@6.0_p20171125-r1" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "scanelf@1.2.2-r1", "Name": "scanelf", "Version": "1.2.2-r1", "SrcName": "pax-utils", @@ -611,12 +864,16 @@ "Licenses": [ "GPL-2.0" ], + "DependsOn": [ + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c67f3896b22c1378881cbbb9c9d1edfe881fd07f713371835ef46d93c649684d", "DiffID": "sha256:ebf12965380b39889c99a9c02e82ba465f887b45975b6e389d42e9e6a3857888" } }, { + "ID": "serf@1.3.9-r3", "Name": "serf", "Version": "1.3.9-r3", "SrcName": "serf", @@ -624,12 +881,21 @@ "Licenses": [ "ASL2.0" ], + "DependsOn": [ + "apr-util@1.6.1-r1", + "apr@1.6.3-r0", + "libressl2.6-libcrypto@2.6.5-r0", + "libressl2.6-libssl@2.6.5-r0", + "musl@1.1.18-r3", + "zlib@1.2.11-r1" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "sqlite-libs@3.21.0-r1", "Name": "sqlite-libs", "Version": "3.21.0-r1", "SrcName": "sqlite", @@ -637,12 +903,16 @@ "Licenses": [ "custom" ], + "DependsOn": [ + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "ssl_client@1.27.2-r11", "Name": "ssl_client", "Version": "1.27.2-r11", "SrcName": "busybox", @@ -650,12 +920,17 @@ "Licenses": [ "GPL-2.0" ], + "DependsOn": [ + "libressl2.6-libtls@2.6.5-r0", + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c67f3896b22c1378881cbbb9c9d1edfe881fd07f713371835ef46d93c649684d", "DiffID": "sha256:ebf12965380b39889c99a9c02e82ba465f887b45975b6e389d42e9e6a3857888" } }, { + "ID": "subversion@1.9.7-r0", "Name": "subversion", "Version": "1.9.7-r0", "SrcName": "subversion", @@ -664,12 +939,21 @@ "Apache-2.0", "BSD-3-Clause" ], + "DependsOn": [ + "apr-util@1.6.1-r1", + "apr@1.6.3-r0", + "busybox@1.27.2-r11", + "libsasl@2.1.26-r11", + "musl@1.1.18-r3", + "subversion-libs@1.9.7-r0" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "subversion-libs@1.9.7-r0", "Name": "subversion-libs", "Version": "1.9.7-r0", "SrcName": "subversion", @@ -678,12 +962,24 @@ "Apache-2.0", "BSD-3-Clause" ], + "DependsOn": [ + "apr-util@1.6.1-r1", + "apr@1.6.3-r0", + "db@5.3.28-r0", + "expat@2.2.5-r0", + "libsasl@2.1.26-r11", + "musl@1.1.18-r3", + "serf@1.3.9-r3", + "sqlite-libs@3.21.0-r1", + "zlib@1.2.11-r1" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "tar@1.29-r1", "Name": "tar", "Version": "1.29-r1", "SrcName": "tar", @@ -691,12 +987,16 @@ "Licenses": [ "GPL-3.0" ], + "DependsOn": [ + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:88777455d910410652665cec0149a02db3584d6dc26e306788a3532d480b00ae", "DiffID": "sha256:0ea33a93585cf1917ba522b2304634c3073654062d5282c1346322967790ef33" } }, { + "ID": "tini@0.16.1-r0", "Name": "tini", "Version": "0.16.1-r0", "SrcName": "tini", @@ -704,12 +1004,16 @@ "Licenses": [ "MIT" ], + "DependsOn": [ + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c191915691a422a1b0230c9010165ff655204a9fd95e3b43151132bcb237826b", "DiffID": "sha256:2da3602d664dd3f71fae83cbc566d4e80b432c6ee8bb4efd94c8e85122f503d4" } }, { + "ID": "xz@5.2.3-r1", "Name": "xz", "Version": "5.2.3-r1", "SrcName": "xz", @@ -717,12 +1021,17 @@ "Licenses": [ "custom" ], + "DependsOn": [ + "musl@1.1.18-r3", + "xz-libs@5.2.3-r1" + ], "Layer": { "Digest": "sha256:88777455d910410652665cec0149a02db3584d6dc26e306788a3532d480b00ae", "DiffID": "sha256:0ea33a93585cf1917ba522b2304634c3073654062d5282c1346322967790ef33" } }, { + "ID": "xz-libs@5.2.3-r1", "Name": "xz-libs", "Version": "5.2.3-r1", "SrcName": "xz", @@ -730,12 +1039,16 @@ "Licenses": [ "custom" ], + "DependsOn": [ + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:88777455d910410652665cec0149a02db3584d6dc26e306788a3532d480b00ae", "DiffID": "sha256:0ea33a93585cf1917ba522b2304634c3073654062d5282c1346322967790ef33" } }, { + "ID": "zlib@1.2.11-r1", "Name": "zlib", "Version": "1.2.11-r1", "SrcName": "zlib", @@ -743,6 +1056,9 @@ "Licenses": [ "Zlib" ], + "DependsOn": [ + "musl@1.1.18-r3" + ], "Layer": { "Digest": "sha256:c67f3896b22c1378881cbbb9c9d1edfe881fd07f713371835ef46d93c649684d", "DiffID": "sha256:ebf12965380b39889c99a9c02e82ba465f887b45975b6e389d42e9e6a3857888" diff --git a/pkg/fanal/test/integration/testdata/goldens/vuln-image1.2.3.expectedlibs.golden b/pkg/fanal/test/integration/testdata/goldens/vuln-image1.2.3.expectedlibs.golden index 77d73fa1c3b..e4b0706b088 100644 --- a/pkg/fanal/test/integration/testdata/goldens/vuln-image1.2.3.expectedlibs.golden +++ b/pkg/fanal/test/integration/testdata/goldens/vuln-image1.2.3.expectedlibs.golden @@ -788,14 +788,16 @@ "Name": "loose-envify", "Version": "1.4.0", "Indirect": true, + "DependsOn": [ + "js-tokens@4.0.0" + ], "Layer": {}, "Locations": [ { "StartLine": 26, "EndLine": 33 } - ], - "DependsOn": ["js-tokens@4.0.0"] + ] }, { "ID": "object-assign@4.1.1", @@ -815,83 +817,100 @@ "Name": "promise", "Version": "8.0.3", "Indirect": true, + "DependsOn": [ + "asap@2.0.6" + ], "Layer": {}, "Locations": [ { "StartLine": 39, "EndLine": 46 } - ], - "DependsOn": ["asap@2.0.6"] + ] }, { "ID": "prop-types@15.7.2", "Name": "prop-types", "Version": "15.7.2", "Indirect": true, + "DependsOn": [ + "loose-envify@1.4.0", + "object-assign@4.1.1", + "react-is@16.8.6" + ], "Layer": {}, "Locations": [ { "StartLine": 47, "EndLine": 56 } - ], - "DependsOn": ["loose-envify@1.4.0", "object-assign@4.1.1", "react-is@16.8.6"] + ] }, { "ID": "react@16.8.6", "Name": "react", "Version": "16.8.6", "Indirect": true, + "DependsOn": [ + "loose-envify@1.4.0", + "object-assign@4.1.1", + "prop-types@15.7.2", + "scheduler@0.13.6" + ], "Layer": {}, "Locations": [ { "StartLine": 57, "EndLine": 67 } - ], - "DependsOn": ["loose-envify@1.4.0", "object-assign@4.1.1", "prop-types@15.7.2", "scheduler@0.13.6"] + ] }, { "ID": "react-is@16.8.6", "Name": "react-is", "Version": "16.8.6", "Indirect": true, + "Layer": {}, "Locations": [ { "StartLine": 68, "EndLine": 72 } - ], - "Layer": {} + ] }, { "ID": "redux@4.0.1", "Name": "redux", "Version": "4.0.1", "Indirect": true, + "DependsOn": [ + "loose-envify@1.4.0", + "symbol-observable@1.2.0" + ], "Layer": {}, "Locations": [ { "StartLine": 73, "EndLine": 81 } - ], - "DependsOn": ["loose-envify@1.4.0", "symbol-observable@1.2.0"] + ] }, { "ID": "scheduler@0.13.6", "Name": "scheduler", "Version": "0.13.6", "Indirect": true, + "DependsOn": [ + "loose-envify@1.4.0", + "object-assign@4.1.1" + ], "Layer": {}, "Locations": [ { "StartLine": 82, "EndLine": 90 } - ], - "DependsOn": ["loose-envify@1.4.0", "object-assign@4.1.1"] + ] }, { "ID": "symbol-observable@1.2.0", diff --git a/pkg/flag/report_flags.go b/pkg/flag/report_flags.go index 6380fe9b887..848a8a0fbda 100644 --- a/pkg/flag/report_flags.go +++ b/pkg/flag/report_flags.go @@ -45,7 +45,7 @@ var ( Name: "dependency-tree", ConfigName: "dependency-tree", Value: false, - Usage: "show dependency origin tree (EXPERIMENTAL)", + Usage: "[EXPERIMENTAL] show dependency origin tree of vulnerable packages", } ListAllPkgsFlag = Flag{ Name: "list-all-pkgs", @@ -175,7 +175,7 @@ func (f *ReportFlagGroup) ToOptions(out io.Writer) (ReportOptions, error) { // "--dependency-tree" option is available only with "--format table". if dependencyTree { - log.Logger.Infof(`"--dependency-tree" only shows dependencies for "package-lock.json" files`) + log.Logger.Infof(`"--dependency-tree" only shows vulnerable package dependencies of "package-lock.json", "Cargo.lock" and OS packages`) if format != report.FormatTable { log.Logger.Warn(`"--dependency-tree" can be used only with "--format table".`) } diff --git a/pkg/report/github/github.go b/pkg/report/github/github.go index 4b17c6aba7c..0e1a95dfa8a 100644 --- a/pkg/report/github/github.go +++ b/pkg/report/github/github.go @@ -116,7 +116,7 @@ func (w Writer) Write(report types.Report) error { githubPkg := Package{} githubPkg.Scope = RuntimeScope githubPkg.Relationship = getPkgRelationshipType(pkg) - githubPkg.Dependencies = pkg.DependsOn + githubPkg.Dependencies = pkg.DependsOn // TODO: replace with PURL githubPkg.PackageUrl, err = buildPurl(result.Type, pkg) if err != nil { return xerrors.Errorf("unable to build purl for %s: %w", pkg.Name, err) diff --git a/pkg/report/table/vulnerability.go b/pkg/report/table/vulnerability.go index 8fc1cdd7da4..5ae47aba6a5 100644 --- a/pkg/report/table/vulnerability.go +++ b/pkg/report/table/vulnerability.go @@ -7,7 +7,6 @@ import ( "strings" "sync" - "github.com/fatih/color" "github.com/samber/lo" "github.com/xlab/treeprint" @@ -30,12 +29,12 @@ type vulnerabilityRenderer struct { once *sync.Once } -func NewVulnerabilityRenderer(result types.Result, isTerminal, tree bool, severities []dbTypes.Severity) vulnerabilityRenderer { +func NewVulnerabilityRenderer(result types.Result, isTerminal, tree bool, severities []dbTypes.Severity) *vulnerabilityRenderer { buf := bytes.NewBuffer([]byte{}) if !isTerminal { tml.DisableFormatting() } - return vulnerabilityRenderer{ + return &vulnerabilityRenderer{ w: buf, tableWriter: newTableWriter(buf, isTerminal), result: result, @@ -46,7 +45,7 @@ func NewVulnerabilityRenderer(result types.Result, isTerminal, tree bool, severi } } -func (r vulnerabilityRenderer) Render() string { +func (r *vulnerabilityRenderer) Render() string { r.setHeaders() r.setVulnerabilityRows(r.result.Vulnerabilities) @@ -68,7 +67,7 @@ func (r vulnerabilityRenderer) Render() string { return r.w.String() } -func (r vulnerabilityRenderer) setHeaders() { +func (r *vulnerabilityRenderer) setHeaders() { if len(r.result.Vulnerabilities) == 0 { return } @@ -76,7 +75,7 @@ func (r vulnerabilityRenderer) setHeaders() { r.tableWriter.SetHeaders(header...) } -func (r vulnerabilityRenderer) setVulnerabilityRows(vulns []types.DetectedVulnerability) { +func (r *vulnerabilityRenderer) setVulnerabilityRows(vulns []types.DetectedVulnerability) { for _, v := range vulns { lib := v.PkgName if v.PkgPath != "" { @@ -120,7 +119,7 @@ func (r vulnerabilityRenderer) setVulnerabilityRows(vulns []types.DetectedVulner } } -func (r vulnerabilityRenderer) countSeverities(vulns []types.DetectedVulnerability) map[string]int { +func (r *vulnerabilityRenderer) countSeverities(vulns []types.DetectedVulnerability) map[string]int { severityCount := map[string]int{} for _, v := range vulns { severityCount[v.Severity]++ @@ -128,7 +127,7 @@ func (r vulnerabilityRenderer) countSeverities(vulns []types.DetectedVulnerabili return severityCount } -func (r vulnerabilityRenderer) renderDependencyTree() { +func (r *vulnerabilityRenderer) renderDependencyTree() { // Get parents of each dependency parents := reverseDeps(r.result.Packages) if len(parents) == 0 { @@ -161,10 +160,7 @@ Dependency Origin Tree } _, summaries := summarize(r.severities, pkgSeverityCount[vuln.PkgID]) - topLvlID := fmt.Sprintf("%s, (%s)", vuln.PkgID, strings.Join(summaries, ", ")) - if r.isTerminal { - topLvlID = color.HiRedString(topLvlID) - } + topLvlID := tml.Sprintf("%s, (%s)", vuln.PkgID, strings.Join(summaries, ", ")) seen[vuln.PkgID] = struct{}{} branch := root.AddBranch(topLvlID)