Skip to content

Commit

Permalink
check Type when filling pkgs in vulns (#4776)
Browse files Browse the repository at this point in the history
  • Loading branch information
DmitriyLewen committed Jul 6, 2023
1 parent 4b9f310 commit e5bee5c
Show file tree
Hide file tree
Showing 2 changed files with 96 additions and 1 deletion.
2 changes: 1 addition & 1 deletion pkg/scanner/local/scan.go
Original file line number Diff line number Diff line change
Expand Up @@ -205,7 +205,7 @@ func (s Scanner) fillPkgsInVulns(pkgResults, vulnResults types.Results) types.Re
}
for _, result := range pkgResults {
if r, found := lo.Find(vulnResults, func(r types.Result) bool {
return r.Class == result.Class && r.Target == result.Target
return r.Class == result.Class && r.Target == result.Target && r.Type == result.Type
}); found {
r.Packages = result.Packages
results = append(results, r)
Expand Down
95 changes: 95 additions & 0 deletions pkg/scanner/local/scan_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -490,6 +490,101 @@ func TestScanner_Scan(t *testing.T) {
},
wantOS: ftypes.OS{},
},
{
name: "happy path. Empty filePaths (e.g. Scanned SBOM)",
args: args{
target: "./result.cdx",
layerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
options: types.ScanOptions{
VulnType: []string{types.VulnTypeLibrary},
Scanners: types.Scanners{types.VulnerabilityScanner},
ListAllPackages: true,
},
},
fixtures: []string{"testdata/fixtures/happy.yaml"},
applyLayersExpectation: ApplierApplyLayersExpectation{
Args: ApplierApplyLayersArgs{
BlobIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
},
Returns: ApplierApplyLayersReturns{
Detail: ftypes.ArtifactDetail{
Applications: []ftypes.Application{
{
Type: "bundler",
FilePath: "",
Libraries: []ftypes.Package{
{
Name: "rails",
Version: "4.0.2",
},
},
},
{
Type: "composer",
FilePath: "",
Libraries: []ftypes.Package{
{
Name: "laravel/framework",
Version: "6.0.0",
},
},
},
},
},
},
},
wantResults: types.Results{
{
Target: "",
Class: types.ClassLangPkg,
Type: ftypes.Bundler,
Packages: []ftypes.Package{
{
Name: "rails",
Version: "4.0.2",
},
},
Vulnerabilities: []types.DetectedVulnerability{
{
VulnerabilityID: "CVE-2014-0081",
PkgName: "rails",
InstalledVersion: "4.0.2",
FixedVersion: "4.0.3, 3.2.17",
PrimaryURL: "https://avd.aquasec.com/nvd/cve-2014-0081",
Vulnerability: dbTypes.Vulnerability{
Title: "xss",
Description: "xss vulnerability",
Severity: "MEDIUM",
References: []string{
"http://example.com",
},
LastModifiedDate: lo.ToPtr(time.Date(2020, 2, 1, 1, 1, 0, 0, time.UTC)),
PublishedDate: lo.ToPtr(time.Date(2020, 1, 1, 1, 1, 0, 0, time.UTC)),
},
},
},
},
{
Target: "",
Class: types.ClassLangPkg,
Type: ftypes.Composer,
Packages: []ftypes.Package{
{
Name: "laravel/framework",
Version: "6.0.0",
},
},
Vulnerabilities: []types.DetectedVulnerability{
{
VulnerabilityID: "CVE-2021-21263",
PkgName: "laravel/framework",
InstalledVersion: "6.0.0",
FixedVersion: "8.22.1, 7.30.3, 6.20.12",
},
},
},
},
},
{
name: "happy path with no package",
args: args{
Expand Down

0 comments on commit e5bee5c

Please sign in to comment.