gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 15:50:15 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix(server): add Locations for Packages in client/server mode (#6366)

Browse Source
This commit is contained in:
DmitriyLewen
2024-03-24 15:46:56 +06:00
committed by GitHub
parent e866bd5b5d
commit a2482c14e1
5 changed files with 655 additions and 487 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
integration/client_server_test.go
View File

@@ -242,6 +242,16 @@ func TestClientServer(t *testing.T) {
},
golden: "testdata/pom.json.golden",
},
{
name: "scan package-lock.json with repo command in client/server mode",
args: csArgs{
Command: "repo",
RemoteAddrOption: "--server",
Target: "testdata/fixtures/repo/npm/",
ListAllPackages: true,
},
golden: "testdata/npm.json.golden",
},
{
name: "scan sample.pem with repo command in client/server mode",
args: csArgs{
@@ -588,6 +598,10 @@ func setupClient(t *testing.T, c csArgs, addr string, cacheDir string, golden st
osArgs = append(osArgs, "--format", "json")
}
if c.ListAllPackages {
osArgs = append(osArgs, "--list-all-pkgs")
}
if c.IgnoreUnfixed {
osArgs = append(osArgs, "--ignore-unfixed")
}

24
pkg/rpc/convert.go
View File

@@ -65,6 +65,7 @@ func ConvertToRPCPkgs(pkgs []ftypes.Package) []*common.Package {
SrcRelease: pkg.SrcRelease,
SrcEpoch: int32(pkg.SrcEpoch),
Licenses: pkg.Licenses,
Locations: ConvertToRPCLocations(pkg.Locations),
Layer: ConvertToRPCLayer(pkg.Layer),
FilePath: pkg.FilePath,
DependsOn: pkg.DependsOn,
@@ -90,6 +91,17 @@ func ConvertToRPCPkgIdentifier(pkg ftypes.PkgIdentifier) *common.PkgIdentifier {
}
}
func ConvertToRPCLocations(pkgLocs []ftypes.Location) []*common.Location {
var locations []*common.Location
for _, pkgLoc := range pkgLocs {
locations = append(locations, &common.Location{
StartLine: int32(pkgLoc.StartLine),
EndLine: int32(pkgLoc.EndLine),
})
}
return locations
}
func ConvertToRPCCustomResources(resources []ftypes.CustomResource) []*common.CustomResource {
var rpcResources []*common.CustomResource
for _, r := range resources {
@@ -207,6 +219,7 @@ func ConvertFromRPCPkgs(rpcPkgs []*common.Package) []ftypes.Package {
SrcRelease: pkg.SrcRelease,
SrcEpoch: int(pkg.SrcEpoch),
Licenses: pkg.Licenses,
Locations: ConvertFromRPCLocation(pkg.Locations),
Layer: ConvertFromRPCLayer(pkg.Layer),
FilePath: pkg.FilePath,
DependsOn: pkg.DependsOn,
@@ -237,6 +250,17 @@ func ConvertFromRPCPkgIdentifier(pkg *common.PkgIdentifier) ftypes.PkgIdentifier
return pkgID
}
func ConvertFromRPCLocation(locs []*common.Location) []ftypes.Location {
var pkgLocs []ftypes.Location
for _, loc := range locs {
pkgLocs = append(pkgLocs, ftypes.Location{
StartLine: int(loc.StartLine),
EndLine: int(loc.EndLine),
})
}
return pkgLocs
}
// ConvertToRPCVulns returns common.Vulnerability
func ConvertToRPCVulns(vulns []types.DetectedVulnerability) []*common.Vulnerability {
var rpcVulns []*common.Vulnerability

40
pkg/rpc/convert_test.go
View File

@@ -39,6 +39,16 @@ func TestConvertToRpcPkgs(t *testing.T) {
SrcRelease: "1",
SrcEpoch: 2,
Licenses: []string{"MIT"},
Locations: []ftypes.Location{
{
StartLine: 10,
EndLine: 20,
},
{
StartLine: 22,
EndLine: 32,
},
},
Layer: ftypes.Layer{
Digest: "sha256:6a428f9f83b0a29f1fdd2ccccca19a9bab805a925b8eddf432a5a3d3da04afbc",
DiffID: "sha256:39982b2a789afc156fff00c707d0ff1c6ab4af8f1666a8df4787714059ce24e7",
@@ -60,6 +70,16 @@ func TestConvertToRpcPkgs(t *testing.T) {
SrcRelease: "1",
SrcEpoch: 2,
Licenses: []string{"MIT"},
Locations: []*common.Location{
{
StartLine: 10,
EndLine: 20,
},
{
StartLine: 22,
EndLine: 32,
},
},
Layer: &common.Layer{
Digest: "sha256:6a428f9f83b0a29f1fdd2ccccca19a9bab805a925b8eddf432a5a3d3da04afbc",
DiffId: "sha256:39982b2a789afc156fff00c707d0ff1c6ab4af8f1666a8df4787714059ce24e7",
@@ -101,6 +121,16 @@ func TestConvertFromRpcPkgs(t *testing.T) {
SrcRelease: "1",
SrcEpoch: 2,
Licenses: []string{"MIT"},
Locations: []*common.Location{
{
StartLine: 10,
EndLine: 20,
},
{
StartLine: 22,
EndLine: 32,
},
},
Layer: &common.Layer{
Digest: "sha256:6a428f9f83b0a29f1fdd2ccccca19a9bab805a925b8eddf432a5a3d3da04afbc",
DiffId: "sha256:39982b2a789afc156fff00c707d0ff1c6ab4af8f1666a8df4787714059ce24e7",
@@ -122,6 +152,16 @@ func TestConvertFromRpcPkgs(t *testing.T) {
SrcRelease: "1",
SrcEpoch: 2,
Licenses: []string{"MIT"},
Locations: []ftypes.Location{
{
StartLine: 10,
EndLine: 20,
},
{
StartLine: 22,
EndLine: 32,
},
},
Layer: ftypes.Layer{
Digest: "sha256:6a428f9f83b0a29f1fdd2ccccca19a9bab805a925b8eddf432a5a3d3da04afbc",
DiffID: "sha256:39982b2a789afc156fff00c707d0ff1c6ab4af8f1666a8df4787714059ce24e7",

1036
rpc/common/service.pb.go
View File

File diff suppressed because it is too large Load Diff

28
rpc/common/service.proto
View File

@@ -42,17 +42,18 @@ message Package {
string arch = 5;
// src package containing some binary packages
// e.g. bind
string src_name = 6;
string src_version = 7;
string src_release = 8;
int32 src_epoch = 9;
repeated string licenses = 15;
Layer layer = 11;
string file_path = 12;
repeated string depends_on = 14;
string digest = 16;
bool dev = 17;
bool indirect = 18;
string src_name = 6;
string src_version = 7;
string src_release = 8;
int32 src_epoch = 9;
repeated string licenses = 15;
repeated Location locations = 20;
Layer layer = 11;
string file_path = 12;
repeated string depends_on = 14;
string digest = 16;
bool dev = 17;
bool indirect = 18;
}
message PkgIdentifier {
@@ -60,6 +61,11 @@ message PkgIdentifier {
string bom_ref = 2;
}
message Location {
int32 start_line = 1;
int32 end_line = 2;
}
message Misconfiguration {
string file_type = 1;
string file_path = 2;