Skip to content

Commit

Permalink
fix(amazon): save system files for pkgs containing amzn in src (#5951)
Browse files Browse the repository at this point in the history 
Signed-off-by: knqyf263 <[email protected]>
Co-authored-by: knqyf263 <[email protected]>
  • Loading branch information
@DmitriyLewen @knqyf263
DmitriyLewen and knqyf263 authored Jan 17, 2024
1 parent 260aa28 commit fbc1a83
Show file tree
Hide file tree
Showing 2 changed files with 66 additions and 3 deletions.
13 changes: 10 additions & 3 deletions pkg/fanal/analyzer/pkg/rpm/rpm.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ func (a rpmPkgAnalyzer) listPkgs(db RPMDB) (types.Packages, []string, error) {
// Check if the package is vendor-provided.
// If the package is not provided by vendor, the installed files should not be skipped.
var files []string
if packageProvidedByVendor(pkg.Vendor) {
if packageProvidedByVendor(pkg) {
files, err = pkg.InstalledFileNames()
if err != nil {
return nil, nil, xerrors.Errorf("unable to get installed files: %w", err)
Expand Down Expand Up @@ -235,12 +235,19 @@ func splitFileName(filename string) (name, ver, rel string, err error) {
return name, ver, rel, nil
}

func packageProvidedByVendor(pkgVendor string) bool {
func packageProvidedByVendor(pkg *rpmdb.PackageInfo) bool {
if pkg.Vendor == "" {
// Official Amazon packages may not contain `Vendor` field:
// https://github.com/aquasecurity/trivy/issues/5887
return strings.Contains(pkg.Release, "amzn")
}

for _, vendor := range osVendors {
if strings.HasPrefix(pkgVendor, vendor) {
if strings.HasPrefix(pkg.Vendor, vendor) {
return true
}
}

return false
}

Expand Down
56 changes: 56 additions & 0 deletions pkg/fanal/analyzer/pkg/rpm/rpm_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,6 +165,62 @@ func Test_rpmPkgAnalyzer_listPkgs(t *testing.T) {
"/lib64/libm-2.27.so",
},
},
{
name: "Amazon official package without `Vendor` field",
mock: mock{
packages: []*rpmdb.PackageInfo{
{
Name: "curl-minimal",
Version: "8.3.0",
Release: "1.amzn2023.0.2",
Arch: "aarch64",
SourceRpm: "curl-8.3.0-1.amzn2023.0.2.src.rpm",
DirNames: []string{
"/usr/bin/",
"/usr/lib/",
"/usr/lib/.build-id/",
"/usr/lib/.build-id/aa/",
"/usr/share/man/man1/",
},
DirIndexes: []int32{0, 1, 2, 3, 4},
BaseNames: []string{
"curl",
".build-id",
"aa",
"d987ea9bc1c73706d12c7a143ee792117851ff",
"curl.1.gz",
},
Vendor: "",
},
},
},
wantPkgs: types.Packages{
{
ID: "[email protected]",
Name: "curl-minimal",
Version: "8.3.0",
Release: "1.amzn2023.0.2",
Arch: "aarch64",
SrcName: "curl",
SrcVersion: "8.3.0",
SrcRelease: "1.amzn2023.0.2",
InstalledFiles: []string{
"/usr/bin/curl",
"/usr/lib/.build-id",
"/usr/lib/.build-id/aa",
"/usr/lib/.build-id/aa/d987ea9bc1c73706d12c7a143ee792117851ff",
"/usr/share/man/man1/curl.1.gz",
},
},
},
wantFiles: []string{
"/usr/bin/curl",
"/usr/lib/.build-id",
"/usr/lib/.build-id/aa",
"/usr/lib/.build-id/aa/d987ea9bc1c73706d12c7a143ee792117851ff",
"/usr/share/man/man1/curl.1.gz",
},
},
{
name: "invalid source rpm",
mock: mock{
Expand Down

0 comments on commit fbc1a83

Please sign in to comment.