mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-12 15:50:15 -08:00
fix(oracle): add architectures support for advisories (#4809)
This commit is contained in:
DmitriyLewen
2
go.mod
2
go.mod
@@ -24,7 +24,7 @@ require (
|
||||
github.com/aquasecurity/testdocker v0.0.0-20240730042311-4642e94c7fc8
|
||||
github.com/aquasecurity/tml v0.6.1
|
||||
github.com/aquasecurity/trivy-checks v1.4.0
|
||||
github.com/aquasecurity/trivy-db v0.0.0-20241120092622-333d808d7e45
|
||||
github.com/aquasecurity/trivy-db v0.0.0-20241209111357-8c398f13db0e
|
||||
github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48
|
||||
github.com/aquasecurity/trivy-kubernetes v0.6.7-0.20241101182546-89bffc3932bc
|
||||
github.com/aws/aws-sdk-go-v2 v1.32.5
|
||||
|
||||
4
go.sum
4
go.sum
@@ -355,8 +355,8 @@ github.com/aquasecurity/tml v0.6.1 h1:y2ZlGSfrhnn7t4ZJ/0rotuH+v5Jgv6BDDO5jB6A9gw
|
||||
github.com/aquasecurity/tml v0.6.1/go.mod h1:OnYMWY5lvI9ejU7yH9LCberWaaTBW7hBFsITiIMY2yY=
|
||||
github.com/aquasecurity/trivy-checks v1.4.0 h1:XFGPuA8C4f31GO9g7xOkubHq4W87y9iXrWnulsIoZFs=
|
||||
github.com/aquasecurity/trivy-checks v1.4.0/go.mod h1:TSUbI3wBy9jgQl5lRUCR+B5pNiOxp6M26Jep8VCL/eM=
|
||||
github.com/aquasecurity/trivy-db v0.0.0-20241120092622-333d808d7e45 h1:ljinbg7JTQvdnzuRsPYS6btA51SyGYWKCQInxSIwbRw=
|
||||
github.com/aquasecurity/trivy-db v0.0.0-20241120092622-333d808d7e45/go.mod h1:Lg2avQhFy5qeGA0eMysI/61REVvWpEltverCarGc3l0=
|
||||
github.com/aquasecurity/trivy-db v0.0.0-20241209111357-8c398f13db0e h1:O5j5SeCNBrXApgBTOobO06q4LMxJxIhcSGE7H6Y154E=
|
||||
github.com/aquasecurity/trivy-db v0.0.0-20241209111357-8c398f13db0e/go.mod h1:gS8VhlNxhraiq60BBnJw9kGtjeMspQ9E8pX24jCL4jg=
|
||||
github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 h1:JVgBIuIYbwG+ekC5lUHUpGJboPYiCcxiz06RCtz8neI=
|
||||
github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8=
|
||||
github.com/aquasecurity/trivy-kubernetes v0.6.7-0.20241101182546-89bffc3932bc h1:/mFBYIK9RY+L8s1CIbQbJ5B3v0YmoDSu5eAzavvMa+Y=
|
||||
|
||||
6
integration/testdata/fixtures/db/oracle.yaml
vendored
6
integration/testdata/fixtures/db/oracle.yaml
vendored
@@ -7,8 +7,14 @@
|
||||
FixedVersion: "7.61.1-11.el8"
|
||||
Entries:
|
||||
- FixedVersion: "7.61.1-11.el8"
|
||||
Arches:
|
||||
- x86_64
|
||||
- aarch64
|
||||
- key: CVE-2019-5436
|
||||
value:
|
||||
FixedVersion: "7.61.1-12.el8"
|
||||
Entries:
|
||||
- FixedVersion: "7.61.1-12.el8"
|
||||
Arches:
|
||||
- x86_64
|
||||
- aarch64
|
||||
|
||||
@@ -50,7 +50,7 @@ func (s *Scanner) Detect(ctx context.Context, osVer string, _ *ftypes.Repository
|
||||
|
||||
var vulns []types.DetectedVulnerability
|
||||
for _, pkg := range pkgs {
|
||||
advisories, err := s.vs.Get(osVer, pkg.Name)
|
||||
advisories, err := s.vs.Get(osVer, pkg.Name, pkg.Arch)
|
||||
if err != nil {
|
||||
return nil, xerrors.Errorf("failed to get Oracle Linux advisory: %w", err)
|
||||
}
|
||||
|
||||
@@ -139,6 +139,60 @@ func TestScanner_Detect(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "different fixed versions for different arches",
|
||||
fixtures: []string{
|
||||
"testdata/fixtures/oracle7.yaml",
|
||||
"testdata/fixtures/data-source.yaml",
|
||||
},
|
||||
args: args{
|
||||
osVer: "7",
|
||||
pkgs: []ftypes.Package{
|
||||
{
|
||||
Name: "rsyslog",
|
||||
Version: "8.24.0",
|
||||
Release: "57.0.0.el7",
|
||||
Arch: "x86_64",
|
||||
SrcName: "rsyslog",
|
||||
SrcVersion: "8.24.0",
|
||||
SrcRelease: "57.0.0.el7",
|
||||
},
|
||||
{
|
||||
Name: "rsyslog",
|
||||
Version: "8.24.0",
|
||||
Release: "57.0.0.el7",
|
||||
Arch: "aarch64",
|
||||
SrcName: "rsyslog",
|
||||
SrcVersion: "8.24.0",
|
||||
SrcRelease: "57.0.0.el7",
|
||||
},
|
||||
},
|
||||
},
|
||||
want: []types.DetectedVulnerability{
|
||||
{
|
||||
VulnerabilityID: "CVE-2022-24903",
|
||||
PkgName: "rsyslog",
|
||||
InstalledVersion: "8.24.0-57.0.0.el7",
|
||||
FixedVersion: "8.24.0-57.0.1.el7_9.3",
|
||||
DataSource: &dbTypes.DataSource{
|
||||
ID: vulnerability.OracleOVAL,
|
||||
Name: "Oracle Linux OVAL definitions",
|
||||
URL: "https://linux.oracle.com/security/oval/",
|
||||
},
|
||||
},
|
||||
{
|
||||
VulnerabilityID: "CVE-2022-24903",
|
||||
PkgName: "rsyslog",
|
||||
InstalledVersion: "8.24.0-57.0.0.el7",
|
||||
FixedVersion: "8.24.0-57.0.4.el7_9.3",
|
||||
DataSource: &dbTypes.DataSource{
|
||||
ID: vulnerability.OracleOVAL,
|
||||
Name: "Oracle Linux OVAL definitions",
|
||||
URL: "https://linux.oracle.com/security/oval/",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "without ksplice",
|
||||
fixtures: []string{
|
||||
|
||||
@@ -7,6 +7,9 @@
|
||||
FixedVersion: "7.29.0-59.0.1.el7_9.1"
|
||||
Entries:
|
||||
- FixedVersion: "7.29.0-59.0.1.el7_9.1"
|
||||
Arches:
|
||||
- x86_64
|
||||
- aarch64
|
||||
- bucket: glibc
|
||||
pairs:
|
||||
- key: CVE-2017-1000364
|
||||
@@ -14,6 +17,9 @@
|
||||
FixedVersion: "2:2.17-157.ksplice1.el7_3.4"
|
||||
Entries:
|
||||
- FixedVersion: "2:2.17-157.ksplice1.el7_3.4"
|
||||
Arches:
|
||||
- x86_64
|
||||
- aarch64
|
||||
- bucket: gnutls
|
||||
pairs:
|
||||
- key: CVE-2021-20232
|
||||
@@ -21,5 +27,20 @@
|
||||
FixedVersion: "3.6.16-4.el8"
|
||||
Entries:
|
||||
- FixedVersion: "10:3.6.16-4.0.1.el8_fips"
|
||||
Arches:
|
||||
- x86_64
|
||||
- FixedVersion: "3.6.16-4.el8"
|
||||
|
||||
Arches:
|
||||
- x86_64
|
||||
- bucket: rsyslog
|
||||
pairs:
|
||||
- key: CVE-2022-24903
|
||||
value:
|
||||
FixedVersion: "8.24.0-57.0.1.el7_9.3"
|
||||
Entries:
|
||||
- FixedVersion: "8.24.0-57.0.1.el7_9.3"
|
||||
Arches:
|
||||
- x86_64
|
||||
- FixedVersion: "8.24.0-57.0.4.el7_9.3"
|
||||
Arches:
|
||||
- aarch64
|
||||
|
||||
Reference in New Issue
Block a user