Skip to content

Commit

Permalink
fix(vuln): skip empty versions (#6542)
Browse files Browse the repository at this point in the history
Signed-off-by: knqyf263 <[email protected]>
  • Loading branch information
knqyf263 authored Apr 24, 2024
1 parent 5dd9bd4 commit 164b025
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 16 deletions.
26 changes: 17 additions & 9 deletions pkg/detector/library/detect.go
Original file line number Diff line number Diff line change
@@ -1,39 +1,47 @@
package library

import (
"context"

"golang.org/x/xerrors"

ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/types"
)

// Detect scans and returns vulnerabilities of library
func Detect(libType ftypes.LangType, pkgs []ftypes.Package) ([]types.DetectedVulnerability, error) {
// Detect scans language-specific packages and returns vulnerabilities.
func Detect(ctx context.Context, libType ftypes.LangType, pkgs []ftypes.Package) ([]types.DetectedVulnerability, error) {
driver, ok := NewDriver(libType)
if !ok {
return nil, nil
}

vulns, err := detect(driver, pkgs)
vulns, err := detect(ctx, driver, pkgs)
if err != nil {
return nil, xerrors.Errorf("failed to scan %s vulnerabilities: %w", driver.Type(), err)
}

return vulns, nil
}

func detect(driver Driver, libs []ftypes.Package) ([]types.DetectedVulnerability, error) {
func detect(ctx context.Context, driver Driver, pkgs []ftypes.Package) ([]types.DetectedVulnerability, error) {
var vulnerabilities []types.DetectedVulnerability
for _, lib := range libs {
vulns, err := driver.DetectVulnerabilities(lib.ID, lib.Name, lib.Version)
for _, pkg := range pkgs {
if pkg.Version == "" {
log.DebugContext(ctx, "Skipping vulnerability scan as no version is detected for the package",
log.String("name", pkg.Name))
continue
}
vulns, err := driver.DetectVulnerabilities(pkg.ID, pkg.Name, pkg.Version)
if err != nil {
return nil, xerrors.Errorf("failed to detect %s vulnerabilities: %w", driver.Type(), err)
}

for i := range vulns {
vulns[i].Layer = lib.Layer
vulns[i].PkgPath = lib.FilePath
vulns[i].PkgIdentifier = lib.Identifier
vulns[i].Layer = pkg.Layer
vulns[i].PkgPath = pkg.FilePath
vulns[i].PkgIdentifier = pkg.Identifier
}
vulnerabilities = append(vulnerabilities, vulns...)
}
Expand Down
13 changes: 7 additions & 6 deletions pkg/scanner/langpkg/scan.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package langpkg

import (
"context"
"sort"

"golang.org/x/xerrors"
Expand All @@ -24,7 +25,7 @@ var (

type Scanner interface {
Packages(target types.ScanTarget, options types.ScanOptions) types.Results
Scan(target types.ScanTarget, options types.ScanOptions) (types.Results, error)
Scan(ctx context.Context, target types.ScanTarget, options types.ScanOptions) (types.Results, error)
}

type scanner struct{}
Expand All @@ -50,7 +51,7 @@ func (s *scanner) Packages(target types.ScanTarget, _ types.ScanOptions) types.R
return results
}

func (s *scanner) Scan(target types.ScanTarget, _ types.ScanOptions) (types.Results, error) {
func (s *scanner) Scan(ctx context.Context, target types.ScanTarget, _ types.ScanOptions) (types.Results, error) {
apps := target.Applications
log.Info("Number of language-specific files", log.Int("num", len(apps)))
if len(apps) == 0 {
Expand All @@ -64,16 +65,16 @@ func (s *scanner) Scan(target types.ScanTarget, _ types.ScanOptions) (types.Resu
continue
}

logger := log.WithPrefix(string(app.Type))
ctx = log.WithContextPrefix(ctx, string(app.Type))

// Prevent the same log messages from being displayed many times for the same type.
if _, ok := printedTypes[app.Type]; !ok {
logger.Info("Detecting vulnerabilities...")
log.InfoContext(ctx, "Detecting vulnerabilities...")
printedTypes[app.Type] = struct{}{}
}

logger.Debug("Scanning packages from the file", log.String("file_path", app.FilePath))
vulns, err := library.Detect(app.Type, app.Libraries)
log.DebugContext(ctx, "Scanning packages from the file", log.String("file_path", app.FilePath))
vulns, err := library.Detect(ctx, app.Type, app.Libraries)
if err != nil {
return nil, xerrors.Errorf("failed vulnerability detection of libraries: %w", err)
} else if len(vulns) == 0 {
Expand Down
2 changes: 1 addition & 1 deletion pkg/scanner/local/scan.go
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,7 @@ func (s Scanner) scanVulnerabilities(ctx context.Context, target types.ScanTarge
}

if slices.Contains(options.VulnType, types.VulnTypeLibrary) {
vulns, err := s.langPkgScanner.Scan(target, options)
vulns, err := s.langPkgScanner.Scan(ctx, target, options)
if err != nil {
return nil, false, xerrors.Errorf("failed to scan application libraries: %w", err)
}
Expand Down

0 comments on commit 164b025

Please sign in to comment.