fix(eol): update EOL dates (#824)

2025-12-12 15:50:15 -08:00 · 2021-01-27 14:46:22 +09:00
parent 6ed03a83a5
commit 7a683bd02e
6 changed files with 91 additions and 5 deletions
--- a/pkg/detector/ospkg/amazon/amazon.go
+++ b/pkg/detector/ospkg/amazon/amazon.go
@@ -2,6 +2,7 @@ package amazon

 import (
 	"strings"
+	"time"

 	version "github.com/knqyf263/go-deb-version"
 	"go.uber.org/zap"
@@ -15,6 +16,14 @@ import (
 	"github.com/aquasecurity/trivy/pkg/types"
 )

+var (
+	eolDates = map[string]time.Time{
+		"1": time.Date(2023, 6, 30, 23, 59, 59, 0, time.UTC),
+		// N/A
+		"2": time.Date(3000, 1, 1, 23, 59, 59, 0, time.UTC),
+	}
+)
+
 // Scanner to scan amazon vulnerabilities
 type Scanner struct {
 	l  *zap.SugaredLogger
@@ -82,5 +91,19 @@ func (s *Scanner) Detect(osVer string, pkgs []ftypes.Package) ([]types.DetectedV

 // IsSupportedVersion checks if os can be scanned using amazon scanner
 func (s *Scanner) IsSupportedVersion(osFamily, osVer string) bool {
-	return true
+	now := time.Now()
+	return s.isSupportedVersion(now, osFamily, osVer)
+}
+
+func (s *Scanner) isSupportedVersion(now time.Time, osFamily, osVer string) bool {
+	osVer = strings.Fields(osVer)[0]
+	if osVer != "2" {
+		osVer = "1"
+	}
+	eol, ok := eolDates[osVer]
+	if !ok {
+		log.Logger.Warnf("This OS version is not on the EOL list: %s %s", osFamily, osVer)
+		return false
+	}
+	return now.Before(eol)
 }
--- a/pkg/detector/ospkg/amazon/amazon_test.go
+++ b/pkg/detector/ospkg/amazon/amazon_test.go
@@ -3,6 +3,7 @@ package amazon
 import (
 	"errors"
 	"testing"
+	"time"

 	"github.com/stretchr/testify/assert"
 	"go.uber.org/zap"
@@ -172,3 +173,42 @@ func getAllLoggedLogs(recorder *observer.ObservedLogs) []string {
 	}
 	return loggedMessages
 }
+
+func TestScanner_IsSupportedVersion(t *testing.T) {
+	vectors := map[string]struct {
+		now       time.Time
+		osFamily  string
+		osVersion string
+		expected  bool
+	}{
+		"1": {
+			now:       time.Date(2022, 5, 31, 23, 59, 59, 0, time.UTC),
+			osFamily:  "amazon",
+			osVersion: "1",
+			expected:  true,
+		},
+		"1 (eol ends)": {
+			now:       time.Date(2024, 5, 31, 23, 59, 59, 0, time.UTC),
+			osFamily:  "amazon",
+			osVersion: "1",
+			expected:  false,
+		},
+		"2": {
+			now:       time.Date(2020, 12, 1, 0, 0, 0, 0, time.UTC),
+			osFamily:  "amazon",
+			osVersion: "2",
+			expected:  true,
+		},
+	}
+
+	for testName, v := range vectors {
+		s := NewScanner()
+		t.Run(testName, func(t *testing.T) {
+			actual := s.isSupportedVersion(v.now, v.osFamily, v.osVersion)
+			if actual != v.expected {
+				t.Errorf("[%s] got %v, want %v", testName, actual, v.expected)
+			}
+		})
+	}
+
+}
--- a/pkg/detector/ospkg/debian/debian.go
+++ b/pkg/detector/ospkg/debian/debian.go
@@ -33,8 +33,8 @@ var (
 		"6.0": time.Date(2016, 2, 29, 23, 59, 59, 0, time.UTC),
 		"7":   time.Date(2018, 5, 31, 23, 59, 59, 0, time.UTC),
 		"8":   time.Date(2020, 6, 30, 23, 59, 59, 0, time.UTC),
-		"9":   time.Date(3000, 1, 1, 23, 59, 59, 0, time.UTC),
-		"10":  time.Date(3000, 1, 1, 23, 59, 59, 0, time.UTC),
+		"9":   time.Date(2022, 6, 30, 23, 59, 59, 0, time.UTC),
+		"10":  time.Date(2024, 6, 30, 23, 59, 59, 0, time.UTC),
 		"11":  time.Date(3000, 1, 1, 23, 59, 59, 0, time.UTC),
 		"12":  time.Date(3000, 1, 1, 23, 59, 59, 0, time.UTC),
 	}
--- a/pkg/detector/ospkg/debian/debian_test.go
+++ b/pkg/detector/ospkg/debian/debian_test.go
@@ -87,6 +87,24 @@ func TestScanner_IsSupportedVersion(t *testing.T) {
 			osVersion: "9",
 			expected:  true,
 		},
+		"debian9 eol ends": {
+			now:       time.Date(2022, 7, 31, 23, 59, 59, 0, time.UTC),
+			osFamily:  "debian",
+			osVersion: "9",
+			expected:  false,
+		},
+		"debian10": {
+			now:       time.Date(2020, 7, 31, 23, 59, 59, 0, time.UTC),
+			osFamily:  "debian",
+			osVersion: "10",
+			expected:  true,
+		},
+		"debian10 eol ends": {
+			now:       time.Date(2024, 7, 31, 23, 59, 59, 0, time.UTC),
+			osFamily:  "debian",
+			osVersion: "10",
+			expected:  false,
+		},
 		"unknown": {
 			now:       time.Date(2020, 7, 31, 23, 59, 59, 0, time.UTC),
 			osFamily:  "debian",
--- a/pkg/detector/ospkg/redhat/redhat.go
+++ b/pkg/detector/ospkg/redhat/redhat.go
@@ -31,8 +31,7 @@ var (
 		"5": time.Date(2017, 3, 31, 23, 59, 59, 0, time.UTC),
 		"6": time.Date(2020, 11, 30, 23, 59, 59, 0, time.UTC),
 		"7": time.Date(2024, 6, 30, 23, 59, 59, 0, time.UTC),
-		// N/A
-		"8": time.Date(3000, 6, 30, 23, 59, 59, 0, time.UTC),
+		"8": time.Date(2021, 12, 31, 23, 59, 59, 0, time.UTC),
 	}
 	excludedVendorsSuffix = []string{
 		".remi",
--- a/pkg/detector/ospkg/redhat/redhat_test.go
+++ b/pkg/detector/ospkg/redhat/redhat_test.go
@@ -349,6 +349,12 @@ func TestScanner_IsSupportedVersion(t *testing.T) {
 			osVersion: "8.0",
 			expected:  true,
 		},
+		"centos8 (eol ends)": {
+			now:       time.Date(2022, 12, 1, 0, 0, 0, 0, time.UTC),
+			osFamily:  "centos",
+			osVersion: "8.0",
+			expected:  false,
+		},
 		"two dots": {
 			now:       time.Date(2019, 5, 31, 23, 59, 59, 0, time.UTC),
 			osFamily:  "centos",