gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 15:50:15 -08:00
Code Issues Packages Projects Releases Wiki Activity

feat(cli): rename --vuln-type flag to --pkg-types flag (#7104)

Browse Source
This commit is contained in:
DmitriyLewen
2024-07-09 14:06:29 +06:00
committed by GitHub
parent 5a9f1a66ee
commit 7cbdb0a0b5
27 changed files with 161 additions and 200 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/docs/references/configuration/cli/trivy_filesystem.md
View File

@@ -63,6 +63,7 @@ trivy filesystem [flags] PATH
--output-plugin-arg string [EXPERIMENTAL] output plugin arguments
--parallel int number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism (default 5)
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
--pkg-types strings comma-separated list of package types (os,library) (default [os,library])
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
@@ -89,7 +90,6 @@ trivy filesystem [flags] PATH
--trace enable more verbose trace output for custom queries
--username strings username. Comma-separated usernames allowed.
--vex string [EXPERIMENTAL] file path to VEX
--vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library])
```
### Options inherited from parent commands

2
docs/docs/references/configuration/cli/trivy_image.md
View File

@@ -81,6 +81,7 @@ trivy image [flags] IMAGE_NAME
--output-plugin-arg string [EXPERIMENTAL] output plugin arguments
--parallel int number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism (default 5)
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
--pkg-types strings comma-separated list of package types (os,library) (default [os,library])
--platform string set platform in the form os/arch if image is multi-platform capable
--podman-host string unix podman socket path to use for podman scanning
--redis-ca string redis ca file location, if using redis as cache backend
@@ -109,7 +110,6 @@ trivy image [flags] IMAGE_NAME
--trace enable more verbose trace output for custom queries
--username strings username. Comma-separated usernames allowed.
--vex string [EXPERIMENTAL] file path to VEX
--vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library])
```
### Options inherited from parent commands

2
docs/docs/references/configuration/cli/trivy_kubernetes.md
View File

@@ -78,6 +78,7 @@ trivy kubernetes [flags] [CONTEXT]
--output-plugin-arg string [EXPERIMENTAL] output plugin arguments
--parallel int number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism (default 5)
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
--pkg-types strings comma-separated list of package types (os,library) (default [os,library])
--qps float specify the maximum QPS to the master from this client (default 5)
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
@@ -103,7 +104,6 @@ trivy kubernetes [flags] [CONTEXT]
--trace enable more verbose trace output for custom queries
--username strings username. Comma-separated usernames allowed.
--vex string [EXPERIMENTAL] file path to VEX
--vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library])
```
### Options inherited from parent commands

2
docs/docs/references/configuration/cli/trivy_repository.md
View File

@@ -63,6 +63,7 @@ trivy repository [flags] (REPO_PATH | REPO_URL)
--output-plugin-arg string [EXPERIMENTAL] output plugin arguments
--parallel int number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism (default 5)
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
--pkg-types strings comma-separated list of package types (os,library) (default [os,library])
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
@@ -89,7 +90,6 @@ trivy repository [flags] (REPO_PATH | REPO_URL)
--trace enable more verbose trace output for custom queries
--username strings username. Comma-separated usernames allowed.
--vex string [EXPERIMENTAL] file path to VEX
--vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library])
```
### Options inherited from parent commands

2
docs/docs/references/configuration/cli/trivy_rootfs.md
View File

@@ -65,6 +65,7 @@ trivy rootfs [flags] ROOTDIR
--output-plugin-arg string [EXPERIMENTAL] output plugin arguments
--parallel int number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism (default 5)
--password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons.
--pkg-types strings comma-separated list of package types (os,library) (default [os,library])
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
@@ -90,7 +91,6 @@ trivy rootfs [flags] ROOTDIR
--trace enable more verbose trace output for custom queries
--username strings username. Comma-separated usernames allowed.
--vex string [EXPERIMENTAL] file path to VEX
--vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library])
```
### Options inherited from parent commands

2
docs/docs/references/configuration/cli/trivy_sbom.md
View File

@@ -43,6 +43,7 @@ trivy sbom [flags] SBOM_PATH
--offline-scan do not issue API requests to identify dependencies
-o, --output string output file name
--output-plugin-arg string [EXPERIMENTAL] output plugin arguments
--pkg-types strings comma-separated list of package types (os,library) (default [os,library])
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
@@ -61,7 +62,6 @@ trivy sbom [flags] SBOM_PATH
--token string for authentication in client/server mode
--token-header string specify a header name for token in client/server mode (default "Trivy-Token")
--vex string [EXPERIMENTAL] file path to VEX
--vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library])
```
### Options inherited from parent commands

2
docs/docs/references/configuration/cli/trivy_vm.md
View File

@@ -56,6 +56,7 @@ trivy vm [flags] VM_IMAGE
-o, --output string output file name
--output-plugin-arg string [EXPERIMENTAL] output plugin arguments
--parallel int number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism (default 5)
--pkg-types strings comma-separated list of package types (os,library) (default [os,library])
--redis-ca string redis ca file location, if using redis as cache backend
--redis-cert string redis certificate file location, if using redis as cache backend
--redis-key string redis key file location, if using redis as cache backend
@@ -76,7 +77,6 @@ trivy vm [flags] VM_IMAGE
--token string for authentication in client/server mode
--token-header string specify a header name for token in client/server mode (default "Trivy-Token")
--vex string [EXPERIMENTAL] file path to VEX
--vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library])
```
### Options inherited from parent commands

13
docs/docs/references/configuration/config-file.md
View File

@@ -81,6 +81,13 @@ severity:
- MEDIUM
- HIGH
- CRITICAL
# Same as '--pkg-types'
# Default is 'os,library'
pkg-types:
- os
- library
scan:
# Same as '--compliance'
@@ -261,12 +268,6 @@ Available with vulnerability scanning
```yaml
vulnerability:
# Same as '--vuln-type'
# Default is 'os,library'
type:
- os
- library
# Same as '--ignore-unfixed'
# Default is false
ignore-unfixed: false

4
docs/docs/scanner/vulnerability.md
View File

@@ -204,7 +204,7 @@ Other common options are documented [here](../configuration/index.md).
### Enabling a subset of package types
It's possible to only enable certain package types if you prefer.
You can do so by passing the `--vuln-type` option.
You can do so by passing the `--pkg-types` option.
This flag takes a comma-separated list of package types.
Available values:
@@ -215,7 +215,7 @@ Available values:
- Scan language-specific packages (e.g. packages installed by `pip`, `npm`, or `gem`).
```bash
$ trivy image --vuln-type os ruby:2.4.0
$ trivy image --pkg-types os ruby:2.4.0
```

3
pkg/commands/app.go
View File

@@ -512,6 +512,8 @@ func NewConvertCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
ScanFlagGroup: &flag.ScanFlagGroup{},
ReportFlagGroup: flag.NewReportFlagGroup(),
}
convertFlags.ReportFlagGroup.PkgTypes = nil // disable '--pkg-types'
cmd := &cobra.Command{
Use: "convert [flags] RESULT_JSON",
Aliases: []string{"conv"},
@@ -679,6 +681,7 @@ func NewConfigCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
configFlags.ReportFlagGroup.ListAllPkgs = nil // disable '--list-all-pkgs'
configFlags.ReportFlagGroup.ExitOnEOL = nil // disable '--exit-on-eol'
configFlags.ReportFlagGroup.ShowSuppressed = nil // disable '--show-suppressed'
configFlags.ReportFlagGroup.PkgTypes = nil // disable '--pkg-types'
configFlags.ReportFlagGroup.ReportFormat.Usage = "specify a compliance report format for the output" // @TODO: support --report summary for non compliance reports
configFlags.CacheFlagGroup.CacheBackend.Default = string(cache.TypeMemory)

8
pkg/commands/artifact/run.go
View File

@@ -201,7 +201,7 @@ func (r *runner) scanFS(ctx context.Context, opts flag.Options) (types.Report, e
func (r *runner) ScanRepository(ctx context.Context, opts flag.Options) (types.Report, error) {
// Do not scan OS packages
opts.VulnType = []string{types.VulnTypeLibrary}
opts.PkgTypes = []string{types.PkgTypeLibrary}
// Disable the OS analyzers, individual package analyzers and SBOM analyzer
opts.DisabledAnalyzers = append(analyzer.TypeIndividualPkgs, analyzer.TypeOSes...)
@@ -405,7 +405,7 @@ func disabledAnalyzers(opts flag.Options) []analyzer.Type {
}
// Do not analyze programming language packages when not running in 'library'
if !slices.Contains(opts.VulnType, types.VulnTypeLibrary) {
if !slices.Contains(opts.PkgTypes, types.PkgTypeLibrary) {
analyzers = append(analyzers, analyzer.TypeLanguages...)
}
@@ -473,7 +473,7 @@ func (r *runner) initScannerConfig(opts flag.Options) (ScannerConfig, types.Scan
}
scanOptions := types.ScanOptions{
VulnType: opts.VulnType,
PkgTypes: opts.PkgTypes,
Scanners: opts.Scanners,
ImageConfigScanners: opts.ImageConfigScanners, // this is valid only for 'image' subcommand
ScanRemovedPackages: opts.ScanRemovedPkgs, // this is valid only for 'image' subcommand
@@ -488,7 +488,7 @@ func (r *runner) initScannerConfig(opts flag.Options) (ScannerConfig, types.Scan
if opts.Scanners.Enabled(types.VulnerabilityScanner) {
log.Info("Vulnerability scanning is enabled")
log.Debug("Vulnerability type", log.Any("type", scanOptions.VulnType))
log.Debug("Package types", log.Any("types", scanOptions.PkgTypes))
}
// ScannerOption is filled only when config scanning is enabled.

19
pkg/flag/report_flags.go
View File

@@ -106,6 +106,20 @@ var (
ConfigName: "scan.show-suppressed",
Usage: "[EXPERIMENTAL] show suppressed vulnerabilities",
}
PkgTypesFlag = Flag[[]string]{
Name: "pkg-types",
ConfigName: "pkg-types",
Default: types.PkgTypes,
Values: types.PkgTypes,
Usage: "comma-separated list of package types",
Aliases: []Alias{
{
Name: "vuln-type",
ConfigName: "vulnerability.type",
Deprecated: true, // --vuln-type was renamed to --pkg-types
},
},
}
)
// ReportFlagGroup composes common printer flag structs
@@ -125,6 +139,7 @@ type ReportFlagGroup struct {
Severity *Flag[[]string]
Compliance *Flag[string]
ShowSuppressed *Flag[bool]
PkgTypes *Flag[[]string]
}
type ReportOptions struct {
@@ -142,6 +157,7 @@ type ReportOptions struct {
Severities []dbTypes.Severity
Compliance spec.ComplianceSpec
ShowSuppressed bool
PkgTypes []string
}
func NewReportFlagGroup() *ReportFlagGroup {
@@ -160,6 +176,7 @@ func NewReportFlagGroup() *ReportFlagGroup {
Severity: SeverityFlag.Clone(),
Compliance: ComplianceFlag.Clone(),
ShowSuppressed: ShowSuppressedFlag.Clone(),
PkgTypes: PkgTypesFlag.Clone(),
}
}
@@ -183,6 +200,7 @@ func (f *ReportFlagGroup) Flags() []Flagger {
f.Severity,
f.Compliance,
f.ShowSuppressed,
f.PkgTypes,
}
}
@@ -252,6 +270,7 @@ func (f *ReportFlagGroup) ToOptions() (ReportOptions, error) {
Severities: toSeverity(f.Severity.Value()),
Compliance: cs,
ShowSuppressed: f.ShowSuppressed.Value(),
PkgTypes: f.PkgTypes.Value(),
}, nil
}

25
pkg/flag/report_flags_test.go
View File

@@ -31,6 +31,7 @@ func TestReportFlagGroup_ToOptions(t *testing.T) {
severities string
compliance string
debug bool
pkgTypes string
}
tests := []struct {
name string
@@ -159,6 +160,28 @@ func TestReportFlagGroup_ToOptions(t *testing.T) {
Severities: []dbTypes.Severity{dbTypes.SeverityLow},
},
},
{
name: "happy path for OS packages",
fields: fields{
pkgTypes: "os",
},
want: flag.ReportOptions{
PkgTypes: []string{
types.PkgTypeOS,
},
},
},
{
name: "happy path for library packages",
fields: fields{
pkgTypes: "library",
},
want: flag.ReportOptions{
PkgTypes: []string{
types.PkgTypeLibrary,
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
@@ -183,6 +206,7 @@ func TestReportFlagGroup_ToOptions(t *testing.T) {
setValue(flag.OutputPluginArgFlag.ConfigName, tt.fields.outputPluginArgs)
setValue(flag.SeverityFlag.ConfigName, tt.fields.severities)
setValue(flag.ComplianceFlag.ConfigName, tt.fields.compliance)
setValue(flag.PkgTypesFlag.ConfigName, tt.fields.pkgTypes)
// Assert options
f := &flag.ReportFlagGroup{
@@ -198,6 +222,7 @@ func TestReportFlagGroup_ToOptions(t *testing.T) {
OutputPluginArg: flag.OutputPluginArgFlag.Clone(),
Severity: flag.SeverityFlag.Clone(),
Compliance: flag.ComplianceFlag.Clone(),
PkgTypes: flag.PkgTypesFlag.Clone(),
}
got, err := f.ToOptions()

19
pkg/flag/vulnerability_flags.go
View File

@@ -5,23 +5,9 @@ import (
dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/types"
)
var (
VulnTypeFlag = Flag[[]string]{
Name: "vuln-type",
ConfigName: "vulnerability.type",
Default: []string{
types.VulnTypeOS,
types.VulnTypeLibrary,
},
Values: []string{
types.VulnTypeOS,
types.VulnTypeLibrary,
},
Usage: "comma-separated list of vulnerability types",
}
IgnoreUnfixedFlag = Flag[bool]{
Name: "ignore-unfixed",
ConfigName: "vulnerability.ignore-unfixed",
@@ -42,21 +28,18 @@ var (
)
type VulnerabilityFlagGroup struct {
VulnType *Flag[[]string]
IgnoreUnfixed *Flag[bool]
IgnoreStatus *Flag[[]string]
VEXPath *Flag[string]
}
type VulnerabilityOptions struct {
VulnType []string
IgnoreStatuses []dbTypes.Status
VEXPath string
}
func NewVulnerabilityFlagGroup() *VulnerabilityFlagGroup {
return &VulnerabilityFlagGroup{
VulnType: VulnTypeFlag.Clone(),
IgnoreUnfixed: IgnoreUnfixedFlag.Clone(),
IgnoreStatus: IgnoreStatusFlag.Clone(),
VEXPath: VEXFlag.Clone(),
@@ -69,7 +52,6 @@ func (f *VulnerabilityFlagGroup) Name() string {
func (f *VulnerabilityFlagGroup) Flags() []Flagger {
return []Flagger{
f.VulnType,
f.IgnoreUnfixed,
f.IgnoreStatus,
f.VEXPath,
@@ -105,7 +87,6 @@ func (f *VulnerabilityFlagGroup) ToOptions() (VulnerabilityOptions, error) {
log.Debug("Ignore statuses", log.Any("statuses", ignoreStatuses))
return VulnerabilityOptions{
VulnType: f.VulnType.Value(),
IgnoreStatuses: ignoreStatuses,
VEXPath: f.VEXPath.Value(),
}, nil

68
pkg/flag/vulnerability_flags_test.go
View File

@@ -1,68 +0,0 @@
package flag_test
import (
"testing"
"github.com/spf13/viper"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/aquasecurity/trivy/pkg/flag"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/types"
)
func TestVulnerabilityFlagGroup_ToOptions(t *testing.T) {
type fields struct {
vulnType string
}
tests := []struct {
name string
args []string
fields fields
want flag.VulnerabilityOptions
wantLogs []string
}{
{
name: "happy path for OS vulnerabilities",
args: []string{"alpine:latest"},
fields: fields{
vulnType: "os",
},
want: flag.VulnerabilityOptions{
VulnType: []string{types.VulnTypeOS},
},
},
{
name: "happy path for library vulnerabilities",
args: []string{"alpine:latest"},
fields: fields{
vulnType: "library",
},
want: flag.VulnerabilityOptions{
VulnType: []string{types.VulnTypeLibrary},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
out := newLogger(log.LevelWarn)
viper.Set(flag.VulnTypeFlag.ConfigName, tt.fields.vulnType)
// Assert options
f := &flag.VulnerabilityFlagGroup{
VulnType: flag.VulnTypeFlag.Clone(),
}
got, err := f.ToOptions()
require.NoError(t, err)
assert.Equalf(t, tt.want, got, "ToOptions()")
// Assert log messages
assert.Equal(t, tt.wantLogs, out.Messages(), tt.name)
})
}
}

2
pkg/k8s/scanner/scanner.go
View File

@@ -218,7 +218,7 @@ func (s *Scanner) scanK8sVulns(ctx context.Context, artifactsData []*artifacts.A
k8sScanner := k8s.NewKubernetesScanner()
scanOptions := types.ScanOptions{
Scanners: s.opts.Scanners,
VulnType: s.opts.VulnType,
PkgTypes: s.opts.PkgTypes,
}
for _, artifact := range artifactsData {
switch artifact.Kind {

2
pkg/rpc/client/client.go
View File

@@ -82,7 +82,7 @@ func (s Scanner) Scan(ctx context.Context, target, artifactKey string, blobKeys
ArtifactId: artifactKey,
BlobIds: blobKeys,
Options: &rpc.ScanOptions{
VulnType: opts.VulnType,
PkgTypes: opts.PkgTypes,
Scanners: xstrings.ToStringSlice(opts.Scanners),
LicenseCategories: licenseCategories,
IncludeDevDeps: opts.IncludeDevDeps,

4
pkg/rpc/client/client_test.go
View File

@@ -50,7 +50,7 @@ func TestScanner_Scan(t *testing.T) {
imageID: "sha256:e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a",
layerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
options: types.ScanOptions{
VulnType: []string{"os"},
PkgTypes: []string{"os"},
},
},
expectation: &rpc.ScanResponse{
@@ -166,7 +166,7 @@ func TestScanner_Scan(t *testing.T) {
imageID: "sha256:e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a",
layerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
options: types.ScanOptions{
VulnType: []string{"os"},
PkgTypes: []string{"os"},
},
},
wantErr: "failed to detect vulnerabilities via RPC",

2
pkg/rpc/server/server.go
View File

@@ -47,7 +47,7 @@ func (s *ScanServer) Scan(ctx context.Context, in *rpcScanner.ScanRequest) (*rpc
return types.Scanner(s)
})
options := types.ScanOptions{
VulnType: in.Options.VulnType,
PkgTypes: in.Options.PkgTypes,
Scanners: scanners,
IncludeDevDeps: in.Options.IncludeDevDeps,
}

4
pkg/scanner/local/scan.go
View File

@@ -160,7 +160,7 @@ func (s Scanner) scanVulnerabilities(ctx context.Context, target types.ScanTarge
var eosl bool
var results types.Results
if slices.Contains(options.VulnType, types.VulnTypeOS) {
if slices.Contains(options.PkgTypes, types.PkgTypeOS) {
vuln, detectedEOSL, err := s.osPkgScanner.Scan(ctx, target, options)
switch {
case errors.Is(err, ospkgDetector.ErrUnsupportedOS):
@@ -173,7 +173,7 @@ func (s Scanner) scanVulnerabilities(ctx context.Context, target types.ScanTarge
}
}
if slices.Contains(options.VulnType, types.VulnTypeLibrary) {
if slices.Contains(options.PkgTypes, types.PkgTypeLibrary) {
vulns, err := s.langPkgScanner.Scan(ctx, target, options)
if err != nil {
return nil, false, xerrors.Errorf("failed to scan application libraries: %w", err)

42
pkg/scanner/local/scan_test.go
View File

@@ -94,9 +94,9 @@ func TestScanner_Scan(t *testing.T) {
target: "alpine:latest",
layerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
options: types.ScanOptions{
VulnType: []string{
types.VulnTypeOS,
types.VulnTypeLibrary,
PkgTypes: []string{
types.PkgTypeOS,
types.PkgTypeLibrary,
},
Scanners: types.Scanners{types.VulnerabilityScanner},
},
@@ -294,9 +294,9 @@ func TestScanner_Scan(t *testing.T) {
target: "alpine:latest",
layerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
options: types.ScanOptions{
VulnType: []string{
types.VulnTypeOS,
types.VulnTypeLibrary,
PkgTypes: []string{
types.PkgTypeOS,
types.PkgTypeLibrary,
},
Scanners: types.Scanners{types.VulnerabilityScanner},
},
@@ -377,7 +377,7 @@ func TestScanner_Scan(t *testing.T) {
target: "./result.cdx",
layerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
options: types.ScanOptions{
VulnType: []string{types.VulnTypeLibrary},
PkgTypes: []string{types.PkgTypeLibrary},
Scanners: types.Scanners{types.VulnerabilityScanner},
},
},
@@ -473,9 +473,9 @@ func TestScanner_Scan(t *testing.T) {
target: "alpine:latest",
layerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
options: types.ScanOptions{
VulnType: []string{
types.VulnTypeOS,
types.VulnTypeLibrary,
PkgTypes: []string{
types.PkgTypeOS,
types.PkgTypeLibrary,
},
Scanners: types.Scanners{types.VulnerabilityScanner},
},
@@ -554,9 +554,9 @@ func TestScanner_Scan(t *testing.T) {
target: "fedora:27",
layerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
options: types.ScanOptions{
VulnType: []string{
types.VulnTypeOS,
types.VulnTypeLibrary,
PkgTypes: []string{
types.PkgTypeOS,
types.PkgTypeLibrary,
},
Scanners: types.Scanners{types.VulnerabilityScanner},
},
@@ -626,9 +626,9 @@ func TestScanner_Scan(t *testing.T) {
target: "busybox:latest",
layerIDs: []string{"sha256:a6d503001157aedc826853f9b67f26d35966221b158bff03849868ae4a821116"},
options: types.ScanOptions{
VulnType: []string{
types.VulnTypeOS,
types.VulnTypeLibrary,
PkgTypes: []string{
types.PkgTypeOS,
types.PkgTypeLibrary,
},
Scanners: types.Scanners{types.VulnerabilityScanner},
},
@@ -650,7 +650,7 @@ func TestScanner_Scan(t *testing.T) {
target: "alpine:latest",
layerIDs: []string{"sha256:0ea33a93585cf1917ba522b2304634c3073654062d5282c1346322967790ef33"},
options: types.ScanOptions{
VulnType: []string{types.VulnTypeLibrary},
PkgTypes: []string{types.PkgTypeLibrary},
Scanners: types.Scanners{types.VulnerabilityScanner},
},
},
@@ -896,9 +896,9 @@ func TestScanner_Scan(t *testing.T) {
target: "alpine:latest",
layerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
options: types.ScanOptions{
VulnType: []string{
types.VulnTypeOS,
types.VulnTypeLibrary,
PkgTypes: []string{
types.PkgTypeOS,
types.PkgTypeLibrary,
},
Scanners: types.Scanners{types.VulnerabilityScanner},
},
@@ -920,7 +920,7 @@ func TestScanner_Scan(t *testing.T) {
target: "alpine:latest",
layerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
options: types.ScanOptions{
VulnType: []string{types.VulnTypeLibrary},
PkgTypes: []string{types.PkgTypeLibrary},
Scanners: types.Scanners{types.VulnerabilityScanner},
},
},

10
pkg/scanner/scan_test.go
View File

@@ -30,7 +30,7 @@ func TestScanner_ScanArtifact(t *testing.T) {
{
name: "happy path",
args: args{
options: types.ScanOptions{VulnType: []string{"os"}},
options: types.ScanOptions{PkgTypes: []string{"os"}},
},
inspectExpectation: artifact.ArtifactInspectExpectation{
Args: artifact.ArtifactInspectArgs{
@@ -57,7 +57,7 @@ func TestScanner_ScanArtifact(t *testing.T) {
Target: "alpine:3.11",
ImageID: "sha256:e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a",
LayerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
Options: types.ScanOptions{VulnType: []string{"os"}},
Options: types.ScanOptions{PkgTypes: []string{"os"}},
},
Returns: DriverScanReturns{
Results: types.Results{
@@ -146,7 +146,7 @@ func TestScanner_ScanArtifact(t *testing.T) {
{
name: "sad path: AnalyzerAnalyze returns an error",
args: args{
options: types.ScanOptions{VulnType: []string{"os"}},
options: types.ScanOptions{PkgTypes: []string{"os"}},
},
inspectExpectation: artifact.ArtifactInspectExpectation{
Args: artifact.ArtifactInspectArgs{
@@ -161,7 +161,7 @@ func TestScanner_ScanArtifact(t *testing.T) {
{
name: "sad path: Scan returns an error",
args: args{
options: types.ScanOptions{VulnType: []string{"os"}},
options: types.ScanOptions{PkgTypes: []string{"os"}},
},
inspectExpectation: artifact.ArtifactInspectExpectation{
Args: artifact.ArtifactInspectArgs{
@@ -181,7 +181,7 @@ func TestScanner_ScanArtifact(t *testing.T) {
Target: "alpine:3.11",
ImageID: "sha256:e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a",
LayerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
Options: types.ScanOptions{VulnType: []string{"os"}},
Options: types.ScanOptions{PkgTypes: []string{"os"}},
},
Returns: DriverScanReturns{
Err: errors.New("error"),

2
pkg/types/scan.go
View File

@@ -22,7 +22,7 @@ type ScanTarget struct {
// ScanOptions holds the attributes for scanning vulnerabilities
type ScanOptions struct {
VulnType []string
PkgTypes []string
Scanners Scanners
ImageConfigScanners Scanners // Scanners for container image configuration
ScanRemovedPackages bool

22
pkg/types/target.go
View File

@@ -4,8 +4,8 @@ import (
"slices"
)
// VulnType represents vulnerability type
type VulnType = string
// PkgType represents package type
type PkgType = string
// Scanner represents the type of security scanning
type Scanner string
@@ -14,14 +14,14 @@ type Scanner string
type Scanners []Scanner
const (
// VulnTypeUnknown is a vulnerability type of unknown
VulnTypeUnknown = VulnType("unknown")
// PkgTypeUnknown is a package type of unknown
PkgTypeUnknown = PkgType("unknown")
// VulnTypeOS is a vulnerability type of OS packages
VulnTypeOS = VulnType("os")
// PkgTypeOS is a package type of OS packages
PkgTypeOS = PkgType("os")
// VulnTypeLibrary is a vulnerability type of programming language dependencies
VulnTypeLibrary = VulnType("library")
// PkgTypeLibrary is a package type of programming language dependencies
PkgTypeLibrary = PkgType("library")
// UnknownScanner is the scanner of unknown
UnknownScanner = Scanner("unknown")
@@ -49,9 +49,9 @@ const (
)
var (
VulnTypes = []string{
VulnTypeOS,
VulnTypeLibrary,
PkgTypes = []string{
PkgTypeOS,
PkgTypeLibrary,
}
AllScanners = Scanners{

12
rpc/scanner/service.pb.go
View File

@@ -146,7 +146,7 @@ type ScanOptions struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
VulnType []string `protobuf:"bytes,1,rep,name=vuln_type,json=vulnType,proto3" json:"vuln_type,omitempty"`
PkgTypes []string `protobuf:"bytes,1,rep,name=pkg_types,json=pkgTypes,proto3" json:"pkg_types,omitempty"`
Scanners []string `protobuf:"bytes,2,rep,name=scanners,proto3" json:"scanners,omitempty"`
LicenseCategories map[string]*Licenses `protobuf:"bytes,4,rep,name=license_categories,json=licenseCategories,proto3" json:"license_categories,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
IncludeDevDeps bool `protobuf:"varint,5,opt,name=include_dev_deps,json=includeDevDeps,proto3" json:"include_dev_deps,omitempty"`
@@ -184,9 +184,9 @@ func (*ScanOptions) Descriptor() ([]byte, []int) {
return file_rpc_scanner_service_proto_rawDescGZIP(), []int{2}
}
func (x *ScanOptions) GetVulnType() []string {
func (x *ScanOptions) GetPkgTypes() []string {
if x != nil {
return x.VulnType
return x.PkgTypes
}
return nil
}
@@ -399,9 +399,9 @@ var file_rpc_scanner_service_proto_rawDesc = []byte{
0x69, 0x6f, 0x6e, 0x73, 0x22, 0x20, 0x0a, 0x08, 0x4c, 0x69, 0x63, 0x65, 0x6e, 0x73, 0x65, 0x73,
0x12, 0x14, 0x0a, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52,
0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x22, 0xbd, 0x02, 0x0a, 0x0b, 0x53, 0x63, 0x61, 0x6e, 0x4f,
0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x76, 0x75, 0x6c, 0x6e, 0x5f, 0x74,
0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x76, 0x75, 0x6c, 0x6e, 0x54,
0x79, 0x70, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x73, 0x18,
0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x6b, 0x67, 0x5f, 0x74, 0x79,
0x70, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x70, 0x6b, 0x67, 0x54, 0x79,
0x70, 0x65, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x73, 0x18,
0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x73, 0x12,
0x63, 0x0a, 0x12, 0x6c, 0x69, 0x63, 0x65, 0x6e, 0x73, 0x65, 0x5f, 0x63, 0x61, 0x74, 0x65, 0x67,
0x6f, 0x72, 0x69, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x74, 0x72,

2
rpc/scanner/service.proto
View File

@@ -23,7 +23,7 @@ message Licenses {
}
message ScanOptions {
repeated string vuln_type = 1;
repeated string pkg_types = 1;
repeated string scanners = 2;
map<string, Licenses> license_categories = 4;
bool include_dev_deps = 5;

84
rpc/scanner/service.twirp.go
View File

@@ -1094,46 +1094,46 @@ func callClientError(ctx context.Context, h *twirp.ClientHooks, err twirp.Error)
}
var twirpFileDescriptor0 = []byte{
// 648 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x54, 0xdd, 0x4e, 0x1b, 0x3b,
0x10, 0x56, 0x7e, 0x48, 0x36, 0x93, 0xa3, 0x43, 0xb0, 0xce, 0x41, 0x4b, 0x38, 0x9c, 0x46, 0xb9,
0xa8, 0x72, 0x95, 0x94, 0xd0, 0xaa, 0x7f, 0x77, 0x05, 0x5a, 0x51, 0xb5, 0x02, 0x39, 0xa8, 0x17,
0xbd, 0x49, 0x1d, 0xef, 0x90, 0x5a, 0x6c, 0x76, 0x17, 0x8f, 0x37, 0x52, 0x5e, 0xa5, 0xef, 0xd2,
0xc7, 0xe8, 0xfb, 0x54, 0x6b, 0x7b, 0x11, 0x09, 0xd0, 0xab, 0xf5, 0xcc, 0x7c, 0xf3, 0xcd, 0x27,
0xcf, 0xb7, 0x86, 0x3d, 0x9d, 0xc9, 0x11, 0x49, 0x91, 0x24, 0xa8, 0x47, 0x84, 0x7a, 0xa9, 0x24,
0x0e, 0x33, 0x9d, 0x9a, 0x94, 0x75, 0x8c, 0x56, 0xcb, 0xd5, 0xd0, 0x17, 0x87, 0xcb, 0xc3, 0x6e,
0x58, 0x80, 0x65, 0xba, 0x58, 0xa4, 0xc9, 0x3a, 0xb6, 0xff, 0xa3, 0x02, 0xed, 0x89, 0x14, 0x09,
0xc7, 0x9b, 0x1c, 0xc9, 0xb0, 0x5d, 0x68, 0x18, 0xa1, 0xe7, 0x68, 0xc2, 0x4a, 0xaf, 0x32, 0x68,
0x71, 0x1f, 0xb1, 0x27, 0xd0, 0x16, 0xda, 0xa8, 0x2b, 0x21, 0xcd, 0x54, 0x45, 0x61, 0xd5, 0x16,
0xa1, 0x4c, 0x9d, 0x45, 0x6c, 0x0f, 0x82, 0x59, 0x9c, 0xce, 0xa6, 0x2a, 0xa2, 0xb0, 0xd6, 0xab,
0x0d, 0x5a, 0xbc, 0x59, 0xc4, 0x67, 0x11, 0xb1, 0x97, 0xd0, 0x4c, 0x33, 0xa3, 0xd2, 0x84, 0xc2,
0x7a, 0xaf, 0x32, 0x68, 0x8f, 0x0f, 0x86, 0x9b, 0x0a, 0x87, 0x85, 0x86, 0x73, 0x07, 0xe2, 0x25,
0xba, 0xdf, 0x83, 0xe0, 0x93, 0x92, 0x98, 0x10, 0x12, 0xfb, 0x07, 0xb6, 0x12, 0xb1, 0x40, 0x0a,
0x2b, 0x96, 0xdc, 0x05, 0xfd, 0x9f, 0x55, 0x27, 0xdf, 0xb7, 0xb2, 0x7d, 0x68, 0x2d, 0xf3, 0x38,
0x99, 0x9a, 0x55, 0x86, 0x1e, 0x19, 0x14, 0x89, 0xcb, 0x55, 0x86, 0xac, 0x0b, 0x81, 0x9f, 0x48,
0x61, 0xd5, 0xd5, 0xca, 0x98, 0x49, 0x60, 0xb1, 0x1b, 0x35, 0x95, 0xc2, 0xe0, 0x3c, 0xd5, 0x0a,
0x0b, 0xb9, 0xb5, 0x41, 0x7b, 0xfc, 0xfc, 0x8f, 0x72, 0x87, 0x5e, 0xe2, 0xf1, 0x6d, 0xdb, 0x69,
0x62, 0xf4, 0x8a, 0xef, 0xc4, 0x9b, 0x79, 0x36, 0x80, 0x8e, 0x4a, 0x64, 0x9c, 0x47, 0x38, 0x8d,
0x70, 0x39, 0x8d, 0x30, 0xa3, 0x70, 0xab, 0x57, 0x19, 0x04, 0xfc, 0x6f, 0x9f, 0x3f, 0xc1, 0xe5,
0x09, 0x66, 0xd4, 0xfd, 0x06, 0xbb, 0x0f, 0xd3, 0xb2, 0x0e, 0xd4, 0xae, 0x71, 0xe5, 0xb7, 0x53,
0x1c, 0xd9, 0x33, 0xd8, 0x5a, 0x8a, 0x38, 0x47, 0xbb, 0x94, 0xf6, 0xb8, 0x7b, 0x5f, 0x6d, 0x79,
0x89, 0xdc, 0x01, 0xdf, 0x54, 0x5f, 0x55, 0x3e, 0xd6, 0x83, 0x5a, 0xa7, 0xde, 0x8f, 0xe0, 0x2f,
0xb7, 0x7d, 0xca, 0xd2, 0x84, 0x90, 0xf5, 0xa0, 0x9a, 0x92, 0x25, 0x6f, 0x8f, 0x3b, 0x9e, 0xc8,
0xf9, 0x66, 0x78, 0x3e, 0xe1, 0xd5, 0x94, 0xd8, 0x18, 0x9a, 0x1a, 0x29, 0x8f, 0x8d, 0x5b, 0x73,
0x7b, 0x1c, 0xde, 0x9f, 0xc7, 0x2d, 0x80, 0x97, 0xc0, 0xfe, 0xaf, 0x1a, 0x34, 0x5c, 0xee, 0x51,
0x7f, 0x9d, 0xc2, 0x76, 0xb1, 0x27, 0xd4, 0x62, 0xa6, 0x62, 0x65, 0x8a, 0xcb, 0xaf, 0x5a, 0xfa,
0xfd, 0x75, 0x15, 0x5f, 0xee, 0x80, 0x56, 0x7c, 0xb3, 0x87, 0x5d, 0xc2, 0xce, 0x42, 0x91, 0x4c,
0x93, 0x2b, 0x35, 0xcf, 0xb5, 0x28, 0x4d, 0x57, 0x10, 0x3d, 0x5d, 0x27, 0x3a, 0x41, 0x83, 0xd2,
0x60, 0xf4, 0x79, 0x03, 0xce, 0xef, 0x13, 0x14, 0xde, 0x93, 0xb1, 0x20, 0x0a, 0x1b, 0x56, 0xb3,
0x0b, 0x18, 0x83, 0xba, 0xb5, 0x59, 0xcd, 0x26, 0xed, 0x99, 0x1d, 0x42, 0x90, 0x09, 0x79, 0x2d,
0xe6, 0x58, 0x6c, 0xb6, 0x18, 0xfb, 0xef, 0xfa, 0xd8, 0x0b, 0x57, 0xe5, 0xb7, 0x30, 0xf6, 0x01,
0x3a, 0x32, 0x27, 0x93, 0x2e, 0xa6, 0x1a, 0x29, 0xcd, 0xb5, 0x44, 0x0a, 0x9b, 0xb6, 0xf5, 0xbf,
0xf5, 0xd6, 0x63, 0x8b, 0xe2, 0x1e, 0xc4, 0xb7, 0xe5, 0x5a, 0x4c, 0xec, 0x05, 0x34, 0x09, 0xa5,
0x46, 0x43, 0x61, 0xf0, 0xd0, 0xd5, 0x4d, 0x6c, 0xf1, 0xbd, 0x4a, 0x22, 0x95, 0xcc, 0x79, 0x89,
0x65, 0xaf, 0x21, 0xf0, 0x4e, 0xa5, 0xb0, 0x65, 0xfb, 0x0e, 0x1e, 0xbe, 0x29, 0xef, 0x22, 0x7e,
0x0b, 0x1f, 0x5f, 0x40, 0x73, 0xe2, 0xb6, 0xce, 0x4e, 0xa1, 0x5e, 0x1c, 0xd9, 0x23, 0xbf, 0xb6,
0x7f, 0x5e, 0xba, 0xff, 0x3f, 0x56, 0x76, 0xfe, 0x7b, 0x77, 0xf4, 0xf5, 0x70, 0xae, 0xcc, 0xf7,
0x7c, 0x56, 0x0c, 0x1f, 0x89, 0x9b, 0x5c, 0x10, 0xca, 0x5c, 0x2b, 0xb3, 0x1a, 0xd9, 0xc6, 0xd1,
0x9d, 0x57, 0xef, 0xad, 0xff, 0xce, 0x1a, 0xf6, 0x29, 0x3b, 0xfa, 0x1d, 0x00, 0x00, 0xff, 0xff,
0x2e, 0x74, 0xc8, 0xad, 0x13, 0x05, 0x00, 0x00,
// 650 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x54, 0xcd, 0x6e, 0xdb, 0x38,
0x10, 0x86, 0x7f, 0x62, 0xcb, 0xe3, 0xc5, 0xc6, 0x21, 0x76, 0x03, 0xc5, 0xd9, 0x6c, 0x0d, 0x1f,
0x0a, 0x9f, 0xec, 0xc6, 0x69, 0xd1, 0xbf, 0x5b, 0x93, 0xb4, 0x48, 0xd1, 0x22, 0x01, 0x1d, 0xf4,
0xd0, 0x8b, 0x4b, 0x53, 0x13, 0x95, 0xb0, 0x2c, 0x29, 0x1c, 0xca, 0x80, 0x5f, 0xa5, 0xef, 0xd2,
0xc7, 0xe8, 0xfb, 0x14, 0x22, 0x25, 0x23, 0x76, 0x92, 0x9e, 0xc4, 0x99, 0xf9, 0xe6, 0x9b, 0x0f,
0x9c, 0x4f, 0x84, 0x03, 0x9d, 0xca, 0x11, 0x49, 0x11, 0xc7, 0xa8, 0x47, 0x84, 0x7a, 0xa9, 0x24,
0x0e, 0x53, 0x9d, 0x98, 0x84, 0x75, 0x8c, 0x56, 0xcb, 0xd5, 0xb0, 0x28, 0x0e, 0x97, 0xc7, 0x5d,
0x3f, 0x07, 0xcb, 0x64, 0xb1, 0x48, 0xe2, 0x4d, 0x6c, 0xff, 0x47, 0x05, 0xda, 0x13, 0x29, 0x62,
0x8e, 0xb7, 0x19, 0x92, 0x61, 0xfb, 0xd0, 0x30, 0x42, 0x87, 0x68, 0xfc, 0x4a, 0xaf, 0x32, 0x68,
0xf1, 0x22, 0x62, 0x4f, 0xa0, 0x2d, 0xb4, 0x51, 0x37, 0x42, 0x9a, 0xa9, 0x0a, 0xfc, 0xaa, 0x2d,
0x42, 0x99, 0xba, 0x08, 0xd8, 0x01, 0x78, 0xb3, 0x28, 0x99, 0x4d, 0x55, 0x40, 0x7e, 0xad, 0x57,
0x1b, 0xb4, 0x78, 0x33, 0x8f, 0x2f, 0x02, 0x62, 0x2f, 0xa1, 0x99, 0xa4, 0x46, 0x25, 0x31, 0xf9,
0xf5, 0x5e, 0x65, 0xd0, 0x1e, 0x1f, 0x0d, 0xb7, 0x15, 0x0e, 0x73, 0x0d, 0x97, 0x0e, 0xc4, 0x4b,
0x74, 0xbf, 0x07, 0xde, 0x27, 0x25, 0x31, 0x26, 0x24, 0xf6, 0x0f, 0xec, 0xc4, 0x62, 0x81, 0xe4,
0x57, 0x2c, 0xb9, 0x0b, 0xfa, 0x3f, 0xab, 0x4e, 0x7e, 0xd1, 0xca, 0x0e, 0xa1, 0x95, 0xce, 0xc3,
0xa9, 0x59, 0xa5, 0x6b, 0xa4, 0x97, 0xce, 0xc3, 0xeb, 0x3c, 0x66, 0x5d, 0xf0, 0x8a, 0x89, 0xe4,
0x57, 0x5d, 0xad, 0x8c, 0x99, 0x04, 0x16, 0xb9, 0x51, 0x53, 0x29, 0x0c, 0x86, 0x89, 0x56, 0x98,
0xcb, 0xad, 0x0d, 0xda, 0xe3, 0xe7, 0x7f, 0x94, 0x3b, 0x2c, 0x24, 0x9e, 0xae, 0xdb, 0xce, 0x63,
0xa3, 0x57, 0x7c, 0x2f, 0xda, 0xce, 0xb3, 0x01, 0x74, 0x54, 0x2c, 0xa3, 0x2c, 0xc0, 0x69, 0x80,
0xcb, 0x69, 0x80, 0x29, 0xf9, 0x3b, 0xbd, 0xca, 0xc0, 0xe3, 0x7f, 0x17, 0xf9, 0x33, 0x5c, 0x9e,
0x61, 0x4a, 0xdd, 0x6f, 0xb0, 0xff, 0x30, 0x2d, 0xeb, 0x40, 0x6d, 0x8e, 0xab, 0x62, 0x3b, 0xf9,
0x91, 0x3d, 0x83, 0x9d, 0xa5, 0x88, 0x32, 0xb4, 0x4b, 0x69, 0x8f, 0xbb, 0xf7, 0xd5, 0x96, 0x97,
0xc8, 0x1d, 0xf0, 0x4d, 0xf5, 0x55, 0xe5, 0x63, 0xdd, 0xab, 0x75, 0xea, 0xfd, 0x00, 0xfe, 0x72,
0xdb, 0xa7, 0x34, 0x89, 0x09, 0x59, 0x0f, 0xaa, 0x09, 0x59, 0xf2, 0xf6, 0xb8, 0x53, 0x10, 0x39,
0xdf, 0x0c, 0x2f, 0x27, 0xbc, 0x9a, 0x10, 0x1b, 0x43, 0x53, 0x23, 0x65, 0x91, 0x71, 0x6b, 0x6e,
0x8f, 0xfd, 0xfb, 0xf3, 0xb8, 0x05, 0xf0, 0x12, 0xd8, 0xff, 0x55, 0x83, 0x86, 0xcb, 0x3d, 0xea,
0xaf, 0x73, 0xd8, 0x5d, 0x66, 0x51, 0x8c, 0x5a, 0xcc, 0x54, 0xa4, 0x4c, 0x7e, 0xf9, 0x55, 0x4b,
0x7f, 0xb8, 0xa9, 0xe2, 0xcb, 0x1d, 0xd0, 0x8a, 0x6f, 0xf7, 0xb0, 0x6b, 0xd8, 0x5b, 0x28, 0x92,
0x49, 0x7c, 0xa3, 0xc2, 0x4c, 0x8b, 0xd2, 0x74, 0x39, 0xd1, 0xd3, 0x4d, 0xa2, 0x33, 0x34, 0x28,
0x0d, 0x06, 0x9f, 0xb7, 0xe0, 0xfc, 0x3e, 0x41, 0xee, 0x3d, 0x19, 0x09, 0x22, 0xbf, 0x61, 0x35,
0xbb, 0x80, 0x31, 0xa8, 0xe7, 0x3e, 0xf3, 0x6b, 0x36, 0x69, 0xcf, 0xec, 0x18, 0xbc, 0x54, 0xc8,
0xb9, 0x08, 0x31, 0xdf, 0x6c, 0x3e, 0xf6, 0xdf, 0xcd, 0xb1, 0x57, 0xae, 0xca, 0xd7, 0x30, 0xf6,
0x01, 0x3a, 0x32, 0x23, 0x93, 0x2c, 0xa6, 0x1a, 0x29, 0xc9, 0xb4, 0x44, 0xf2, 0x9b, 0xb6, 0xf5,
0xbf, 0xcd, 0xd6, 0x53, 0x8b, 0xe2, 0x05, 0x88, 0xef, 0xca, 0x8d, 0x98, 0xd8, 0x0b, 0x68, 0x12,
0x4a, 0x8d, 0x86, 0x7c, 0xef, 0xa1, 0xab, 0x9b, 0xd8, 0xe2, 0x7b, 0x15, 0x07, 0x2a, 0x0e, 0x79,
0x89, 0x65, 0xaf, 0xc1, 0x2b, 0x9c, 0x4a, 0x7e, 0xcb, 0xf6, 0x1d, 0x3d, 0x7c, 0x53, 0x85, 0x8b,
0xf8, 0x1a, 0x3e, 0xbe, 0x82, 0xe6, 0xc4, 0x6d, 0x9d, 0x9d, 0x43, 0x3d, 0x3f, 0xb2, 0x47, 0x7e,
0xed, 0xe2, 0x79, 0xe9, 0xfe, 0xff, 0x58, 0xd9, 0xf9, 0xef, 0xdd, 0xc9, 0xd7, 0xe3, 0x50, 0x99,
0xef, 0xd9, 0x2c, 0x1f, 0x3e, 0x12, 0xb7, 0x99, 0x20, 0x94, 0x99, 0x56, 0x66, 0x35, 0xb2, 0x8d,
0xa3, 0x3b, 0xaf, 0xde, 0xdb, 0xe2, 0x3b, 0x6b, 0xd8, 0xa7, 0xec, 0xe4, 0x77, 0x00, 0x00, 0x00,
0xff, 0xff, 0x50, 0x58, 0x22, 0xc7, 0x13, 0x05, 0x00, 0x00,
}