Skip to content

Commit

Permalink
revert: add new classes for vulnerabilities (#2701)
Browse files Browse the repository at this point in the history
  • Loading branch information
@knqyf263
knqyf263 committed Aug 15, 2022
1 parent a5d4f7f commit ed1fa89
Show file tree
Hide file tree
Showing 50 changed files with 127 additions and 142 deletions.
2 changes: 1 addition & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ require (
github.com/NYTimes/gziphandler v1.1.1
github.com/alicebob/miniredis/v2 v2.22.0
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
github.com/aquasecurity/go-dep-parser v0.0.0-20220807122629-b5a21d267b03
github.com/aquasecurity/go-dep-parser v0.0.0-20220815163410-fcf26eb92b86
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46
Expand Down
4 changes: 2 additions & 2 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,8 +206,8 @@ github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30
github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8=
github.com/aquasecurity/defsec v0.71.5 h1:HOao1TaP74lhbsLUmYaNgHx1afdYImDicB8b/f54FIM=
github.com/aquasecurity/defsec v0.71.5/go.mod h1:+ouYrROGLz3lGutl+K+ilXX5V41S76JIi+L8aXPBsAQ=
github.com/aquasecurity/go-dep-parser v0.0.0-20220807122629-b5a21d267b03 h1:Axx5KwV0c83IlPLIIsi/Ht6sGsSJBzABUngXjFHFg4I=
github.com/aquasecurity/go-dep-parser v0.0.0-20220807122629-b5a21d267b03/go.mod h1:SONYN1M+sYu6VIJsZnltmVfcGOCvp09HWbhpnHDn3aY=
github.com/aquasecurity/go-dep-parser v0.0.0-20220815163410-fcf26eb92b86 h1:sc8hDjSxO3aiG0R7HvaAVnY6329NTtv9AqDGpVQxAPQ=
github.com/aquasecurity/go-dep-parser v0.0.0-20220815163410-fcf26eb92b86/go.mod h1:wwxn1SyOEY8W5hy8aDQDoExX+ybVsi+xfIllXz93+Fk=
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=
github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce/go.mod h1:HXgVzOPvXhVGLJs4ZKO817idqr/xhwsTcj17CLYY74s=
github.com/aquasecurity/go-mock-aws v0.0.0-20220726154943-99847deb62b0 h1:tihCUjLWkF0b1SAjAKcFltUs3SpsqGrLtI+Frye0D10=
Expand Down
8 changes: 5 additions & 3 deletions integration/client_server_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ import (
"testing"
"time"

"github.com/samber/lo"

cdx "github.com/CycloneDX/cyclonedx-go"
"github.com/docker/go-connections/nat"
"github.com/stretchr/testify/assert"
Expand Down Expand Up @@ -399,10 +401,10 @@ func TestClientServerWithCycloneDX(t *testing.T) {
err = json.NewDecoder(f).Decode(&got)
require.NoError(t, err)

assert.EqualValues(t, tt.wantComponentsCount, len(*got.Components))
assert.EqualValues(t, tt.wantDependenciesCount, len(*got.Dependencies))
assert.EqualValues(t, tt.wantComponentsCount, len(lo.FromPtr(got.Components)))
assert.EqualValues(t, tt.wantDependenciesCount, len(lo.FromPtr(got.Dependencies)))
for i, dep := range *got.Dependencies {
assert.EqualValues(t, tt.wantDependsOnCount[i], len(*dep.Dependencies))
assert.EqualValues(t, tt.wantDependsOnCount[i], len(lo.FromPtr(dep.Dependencies)))
}
})
}
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/almalinux-8.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/almalinux-8.tar.gz (alma 8.5)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "alma",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/alpine-310-registry.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@
"Results": [
{
"Target": "localhost:63577/alpine:3.10 (alpine 3.10.2)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "alpine",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/alpine-310.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/alpine-310.tar.gz (alpine 3.10.2)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "alpine",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/alpine-39-high-critical.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/alpine-39.tar.gz (alpine 3.9.4)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "alpine",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/alpine-39-ignore-cveids.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/alpine-39.tar.gz (alpine 3.9.4)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "alpine",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/alpine-39.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/alpine-39.tar.gz (alpine 3.9.4)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "alpine",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/alpine-distroless.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/alpine-distroless.tar.gz (alpine 3.16)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "alpine",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/amazon-1.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/amazon-1.tar.gz (amazon AMI release 2018.03)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "amazon",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/amazon-2.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/amazon-2.tar.gz (amazon 2 (Karoo))",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "amazon",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/busybox-with-lockfile.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
"Results": [
{
"Target": "Cargo.lock",
"Class": "vuln-lang-pkgs",
"Class": "lang-pkgs",
"Type": "cargo",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/centos-6.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/centos-6.tar.gz (centos 6.10)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "centos",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/centos-7-cyclonedx.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"specVersion": "1.4",
"version": 1,
"metadata": {
"timestamp": "2022-07-03T08:45:54+00:00",
"timestamp": "2022-08-14T12:39:11+00:00",
"tools": [
{
"vendor": "aquasecurity",
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/centos-7-ignore-unfixed.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/centos-7.tar.gz (centos 7.6.1810)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "centos",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/centos-7-medium.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/centos-7.tar.gz (centos 7.6.1810)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "centos",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/centos-7.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/centos-7.tar.gz (centos 7.6.1810)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "centos",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/debian-buster-ignore-unfixed.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/debian-buster.tar.gz (debian 10.1)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "debian",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/debian-buster.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/debian-buster.tar.gz (debian 10.1)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "debian",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/debian-stretch.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/debian-stretch.tar.gz (debian 9.9)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "debian",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/distroless-base.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/distroless-base.tar.gz (debian 9.9)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "debian",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/distroless-python27.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/distroless-python27.tar.gz (debian 9.9)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "debian",
"Vulnerabilities": [
{
Expand Down
4 changes: 2 additions & 2 deletions integration/testdata/fluentd-gems.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/fluentd-multiple-lockfiles.tar.gz (debian 10.2)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "debian",
"Vulnerabilities": [
{
Expand Down Expand Up @@ -165,7 +165,7 @@
},
{
"Target": "Ruby",
"Class": "vuln-lang-pkgs",
"Class": "lang-pkgs",
"Type": "gemspec",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/fluentd-multiple-lockfiles-cyclonedx.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"specVersion": "1.4",
"version": 1,
"metadata": {
"timestamp": "2022-07-03T08:45:54+00:00",
"timestamp": "2022-08-14T12:39:11+00:00",
"tools": [
{
"vendor": "aquasecurity",
Expand Down
6 changes: 3 additions & 3 deletions integration/testdata/gomod.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
"Results": [
{
"Target": "go.mod",
"Class": "vuln-lang-pkgs",
"Class": "lang-pkgs",
"Type": "gomod",
"Vulnerabilities": [
{
Expand Down Expand Up @@ -103,7 +103,7 @@
},
{
"Target": "submod/go.mod",
"Class": "vuln-lang-pkgs",
"Class": "lang-pkgs",
"Type": "gomod",
"Vulnerabilities": [
{
Expand Down Expand Up @@ -131,7 +131,7 @@
},
{
"Target": "submod2/go.mod",
"Class": "vuln-lang-pkgs",
"Class": "lang-pkgs",
"Type": "gomod",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/mariner-1.0.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/mariner-1.0.tar.gz (cbl-mariner 1.0.20220122)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "cbl-mariner",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/nodejs.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
"Results": [
{
"Target": "package-lock.json",
"Class": "vuln-lang-pkgs",
"Class": "lang-pkgs",
"Type": "npm",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/opensuse-leap-151.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/opensuse-leap-151.tar.gz (opensuse.leap 15.1)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "opensuse.leap",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/oraclelinux-8.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/oraclelinux-8.tar.gz (oracle 8.0)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "oracle",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/photon-30.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/photon-30.tar.gz (photon 3.0)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "photon",
"Vulnerabilities": [
{
Expand Down
7 changes: 1 addition & 6 deletions integration/testdata/pip.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,12 +55,7 @@
"Version": "2.0.0",
"Layer": {}
}
]
},
{
"Target": "requirements.txt",
"Class": "vuln-lang-pkgs",
"Type": "pip",
],
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2019-14806",
Expand Down
14 changes: 13 additions & 1 deletion integration/testdata/pnpm.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,22 @@
"SchemaVersion": 2,
"ArtifactName": "testdata/fixtures/fs/pnpm",
"ArtifactType": "filesystem",
"Metadata": {
"ImageConfig": {
"architecture": "",
"created": "0001-01-01T00:00:00Z",
"os": "",
"rootfs": {
"type": "",
"diff_ids": null
},
"config": {}
}
},
"Results": [
{
"Target": "pnpm-lock.yaml",
"Class": "vuln-lang-pkgs",
"Class": "lang-pkgs",
"Type": "pnpm",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/pom.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
"Results": [
{
"Target": "pom.xml",
"Class": "vuln-lang-pkgs",
"Class": "lang-pkgs",
"Type": "pom",
"Vulnerabilities": [
{
Expand Down
2 changes: 1 addition & 1 deletion integration/testdata/rockylinux-8.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@
"Results": [
{
"Target": "testdata/fixtures/images/rockylinux-8.tar.gz (rocky 8.5)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "rocky",
"Vulnerabilities": [
{
Expand Down
4 changes: 2 additions & 2 deletions integration/testdata/spring4shell-jre11.json.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,12 +185,12 @@
"Results": [
{
"Target": "testdata/fixtures/images/spring4shell-jre11.tar.gz (debian 11.3)",
"Class": "vuln-os-pkgs",
"Class": "os-pkgs",
"Type": "debian"
},
{
"Target": "Java",
"Class": "vuln-lang-pkgs",
"Class": "lang-pkgs",
"Type": "jar",
"Vulnerabilities": [
{
Expand Down
Loading

0 comments on commit ed1fa89

Please sign in to comment.