Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(vuln): include pkg identifier on detected vulnerabilities #5439

Merged
merged 69 commits into from
Dec 27, 2023
Merged

feat(vuln): include pkg identifier on detected vulnerabilities #5439

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
69 commits
Select commit Hold shift + click to select a range
8a92c7c
feat: include pkg identifier on detected vulnerabilities
juan131 Oct 24, 2023
23665fe
fix: integration tests
juan131 Oct 24, 2023
b6655d4
fix: unit tests
juan131 Oct 25, 2023
ab66a74
fix: remove reference to deprecated PkgRef
juan131 Oct 25, 2023
5e2926c
Merge branch 'main' into feat/pkg-identifier
juan131 Nov 8, 2023
9e17ef4
feat: PkgIdentifier as part of Package
juan131 Nov 9, 2023
05c806a
fix: rpm unit test
juan131 Nov 9, 2023
65ff77e
fix: vm unit test
juan131 Nov 9, 2023
0c2499c
fix: artifact unit test
juan131 Nov 9, 2023
a2c00b9
linter: skip gocyclo
juan131 Nov 9, 2023
77b8f68
Merge branch 'main' into feat/pkg-identifier
juan131 Nov 9, 2023
f330577
fix: linter warning
juan131 Nov 10, 2023
1508092
fix: update golden files
juan131 Nov 10, 2023
bd3d150
fix: update golden files (ii)
juan131 Nov 10, 2023
5172cd6
Merge branch 'main' into feat/pkg-identifier
juan131 Nov 15, 2023
c03e9f6
fix: adapt rpm tests
juan131 Nov 15, 2023
861a38d
fix: revert localhost references
juan131 Nov 15, 2023
fdc9c93
fix: update vm golden images
juan131 Nov 15, 2023
86ebbd1
test(containerd): update golden file
DmitriyLewen Nov 16, 2023
55178ef
Merge branch 'main' into feat/pkg-identifier
juan131 Nov 16, 2023
54f7967
fix: update RPC
juan131 Nov 16, 2023
75266a9
fix: avoid nil pointer dereferences
juan131 Nov 16, 2023
36a443c
fix: VM tests after merging main branch
juan131 Nov 16, 2023
221e1ca
Merge branch 'main' into feat/pkg-identifier
juan131 Nov 16, 2023
7d29afd
fix: do not remove pkgref
juan131 Nov 16, 2023
6eeaba5
fix: sbom integration tests
juan131 Nov 16, 2023
7ab8e69
fix: sbom integration tests - ii
juan131 Nov 16, 2023
b70cec9
fix: sbom integration tests - iii
juan131 Nov 16, 2023
37a098c
fix: proto field numbers
juan131 Nov 17, 2023
d104f87
fix: proto (linter)
juan131 Nov 17, 2023
add17e8
fix: PkgIdentifier as value instead of pointer
juan131 Nov 17, 2023
0cb4631
fix: move logic to add pkg identifier
juan131 Nov 17, 2023
1a80d34
fix: epoc to qualifiers
juan131 Nov 17, 2023
ff58e66
fix: remove unused consts
juan131 Nov 17, 2023
f507592
fix: update golden images
juan131 Nov 17, 2023
ac7164b
test(containerd): update golden file
DmitriyLewen Nov 20, 2023
5e72c5a
feat: add unit test for NewPackageIdentifier
juan131 Nov 20, 2023
ee005f0
feat: use identifier info to marshall spdx/cyclonedx docs
juan131 Nov 20, 2023
59b1198
fix: update cache fs test
juan131 Nov 20, 2023
cdd281e
fix: SPDX/CycloneDX marshalling to exclusively use identifier to crea…
juan131 Nov 21, 2023
56d52ff
fix: update golden images
juan131 Nov 21, 2023
a777f50
fix: add deprecation notes
juan131 Nov 21, 2023
8141d33
fix: update golden images
juan131 Nov 21, 2023
4a83a34
fix: cyclonedx - bom-ref to include file_path
juan131 Nov 22, 2023
015e9a5
fix: overwite pkg identifiers for system packages on post handler
juan131 Nov 23, 2023
bc2e8d6
Merge branch 'main' into feat/pkg-identifier
juan131 Nov 23, 2023
9a162b2
fix: only overwrite identifiers on blob
juan131 Nov 24, 2023
7078670
feat: new posthandler
juan131 Nov 24, 2023
d2c2e9a
Merge branch 'main' into feat/pkg-identifier
juan131 Dec 1, 2023
c819917
fix: rename handler to ospkgid
juan131 Dec 1, 2023
7408570
fix: update golden images
juan131 Dec 1, 2023
052555c
fix: merge layer OS info before post handlers
juan131 Dec 4, 2023
5704a8f
fix: remove unrequired logic
juan131 Dec 4, 2023
d222219
fix: move PURL overwrite to applylayers
juan131 Dec 12, 2023
40674b3
fix: update golden images
juan131 Dec 12, 2023
2e8200b
Merge branch 'main' into feat/pkg-identifier
juan131 Dec 13, 2023
19fbf7b
fix: do not generate PURL on pkg analyzers
juan131 Dec 13, 2023
795bc2e
Merge branch 'main' into feat/pkg-identifier
juan131 Dec 13, 2023
fe4ce6c
fix: update golden images after #5784
juan131 Dec 13, 2023
c95cff4
fix: unit tests
juan131 Dec 13, 2023
f96248b
feat(imgConf): add support pkgID for apk from image config
DmitriyLewen Dec 14, 2023
e50c7b2
test(containerd): update golden file
DmitriyLewen Dec 14, 2023
b0a14f9
refactor
DmitriyLewen Dec 14, 2023
cff5f71
refactor(sbom): disable html escaping for CycloneDX (#5764)
DmitriyLewen Dec 17, 2023
bd0d54b
fix(bitnami): use a different comparer for detecting vulnerabilities …
juan131 Dec 17, 2023
20bd30f
chore(deps): bump trivy-iac to v0.7.1 (#5797)
nikpivkin Dec 18, 2023
a53ffd5
fix: update golden images
juan131 Dec 19, 2023
aee3d09
Merge branch 'main' into feat/pkg-identifier
juan131 Dec 19, 2023
4a4b37e
refactor: use the PURL struct
knqyf263 Dec 25, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion integration/client_server_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -539,7 +539,7 @@ func TestClientServerWithRedis(t *testing.T) {
// Run Trivy client
err := execute(osArgs)
require.Error(t, err)
assert.Contains(t, err.Error(), "connect: connection refused")
assert.Contains(t, err.Error(), "unable to store cache")
})
}

Expand Down
54 changes: 42 additions & 12 deletions integration/sbom_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,9 +41,15 @@ func TestSBOM(t *testing.T) {
{
Target: "testdata/fixtures/sbom/centos-7-cyclonedx.json (centos 7.6.1810)",
Vulnerabilities: []types.DetectedVulnerability{
{PkgRef: "pkg:rpm/centos/[email protected]?arch=x86_64&distro=centos-7.6.1810"},
{PkgRef: "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&distro=centos-7.6.1810"},
{PkgRef: "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&distro=centos-7.6.1810"},
{
PkgRef: "pkg:rpm/centos/[email protected]?arch=x86_64&distro=centos-7.6.1810",
},
{
PkgRef: "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&distro=centos-7.6.1810",
},
{
PkgRef: "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&distro=centos-7.6.1810",
},
},
},
},
Expand Down Expand Up @@ -82,9 +88,15 @@ func TestSBOM(t *testing.T) {
{
Target: "testdata/fixtures/sbom/centos-7-cyclonedx.intoto.jsonl (centos 7.6.1810)",
Vulnerabilities: []types.DetectedVulnerability{
{PkgRef: "pkg:rpm/centos/[email protected]?arch=x86_64&distro=centos-7.6.1810"},
{PkgRef: "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&distro=centos-7.6.1810"},
{PkgRef: "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&distro=centos-7.6.1810"},
{
PkgRef: "pkg:rpm/centos/[email protected]?arch=x86_64&distro=centos-7.6.1810",
},
{
PkgRef: "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&distro=centos-7.6.1810",
},
{
PkgRef: "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&distro=centos-7.6.1810",
},
},
},
},
Expand All @@ -105,9 +117,15 @@ func TestSBOM(t *testing.T) {
{
Target: "testdata/fixtures/sbom/centos-7-spdx.txt (centos 7.6.1810)",
Vulnerabilities: []types.DetectedVulnerability{
{PkgRef: "pkg:rpm/centos/[email protected]?arch=x86_64&distro=centos-7.6.1810"},
{PkgRef: "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&distro=centos-7.6.1810"},
{PkgRef: "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&distro=centos-7.6.1810"},
{
PkgRef: "pkg:rpm/centos/[email protected]?arch=x86_64&distro=centos-7.6.1810",
},
{
PkgRef: "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&distro=centos-7.6.1810",
},
{
PkgRef: "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&distro=centos-7.6.1810",
},
},
},
},
Expand All @@ -128,9 +146,15 @@ func TestSBOM(t *testing.T) {
{
Target: "testdata/fixtures/sbom/centos-7-spdx.json (centos 7.6.1810)",
Vulnerabilities: []types.DetectedVulnerability{
{PkgRef: "pkg:rpm/centos/[email protected]?arch=x86_64&distro=centos-7.6.1810"},
{PkgRef: "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&distro=centos-7.6.1810"},
{PkgRef: "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&distro=centos-7.6.1810"},
{
PkgRef: "pkg:rpm/centos/[email protected]?arch=x86_64&distro=centos-7.6.1810",
},
{
PkgRef: "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&distro=centos-7.6.1810",
},
{
PkgRef: "pkg:rpm/centos/[email protected]?arch=x86_64&epoch=1&distro=centos-7.6.1810",
},
},
},
},
Expand Down Expand Up @@ -200,6 +224,12 @@ func compareSBOMReports(t *testing.T, wantFile, gotFile string, overrideWant typ
want.Results[i].Target = result.Target
for j, vuln := range result.Vulnerabilities {
want.Results[i].Vulnerabilities[j].PkgRef = vuln.PkgRef
if vuln.PkgIdentifier.Empty() {
continue
}
want.Results[i].Vulnerabilities[j].PkgIdentifier = ftypes.PkgIdentifier{
PURL: vuln.PkgIdentifier.PURL,
}
}
}

Expand Down
3 changes: 3 additions & 0 deletions integration/testdata/almalinux-8.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,9 @@
"VulnerabilityID": "CVE-2021-3712",
"PkgID": "[email protected]_64",
"PkgName": "openssl-libs",
"PkgIdentifier": {
"PURL": "pkg:rpm/alma/[email protected]?arch=x86_64\u0026distro=alma-8.5\u0026epoch=1"
},
"InstalledVersion": "1:1.1.1k-4.el8",
"FixedVersion": "1:1.1.1k-5.el8_5",
"Status": "fixed",
Expand Down
12 changes: 12 additions & 0 deletions integration/testdata/alpine-310-registry.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,9 @@
"VulnerabilityID": "CVE-2019-1549",
"PkgID": "[email protected]",
"PkgName": "libcrypto1.1",
"PkgIdentifier": {
"PURL": "pkg:apk/alpine/[email protected]?arch=x86_64\u0026distro=3.10.2"
},
"InstalledVersion": "1.1.1c-r0",
"FixedVersion": "1.1.1d-r0",
"Status": "fixed",
Expand Down Expand Up @@ -133,6 +136,9 @@
"VulnerabilityID": "CVE-2019-1551",
"PkgID": "[email protected]",
"PkgName": "libcrypto1.1",
"PkgIdentifier": {
"PURL": "pkg:apk/alpine/[email protected]?arch=x86_64\u0026distro=3.10.2"
},
"InstalledVersion": "1.1.1c-r0",
"FixedVersion": "1.1.1d-r2",
"Status": "fixed",
Expand Down Expand Up @@ -212,6 +218,9 @@
"VulnerabilityID": "CVE-2019-1549",
"PkgID": "[email protected]",
"PkgName": "libssl1.1",
"PkgIdentifier": {
"PURL": "pkg:apk/alpine/[email protected]?arch=x86_64\u0026distro=3.10.2"
},
"InstalledVersion": "1.1.1c-r0",
"FixedVersion": "1.1.1d-r0",
"Status": "fixed",
Expand Down Expand Up @@ -281,6 +290,9 @@
"VulnerabilityID": "CVE-2019-1551",
"PkgID": "[email protected]",
"PkgName": "libssl1.1",
"PkgIdentifier": {
"PURL": "pkg:apk/alpine/[email protected]?arch=x86_64\u0026distro=3.10.2"
},
"InstalledVersion": "1.1.1c-r0",
"FixedVersion": "1.1.1d-r2",
"Status": "fixed",
Expand Down
12 changes: 12 additions & 0 deletions integration/testdata/alpine-310.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,9 @@
"VulnerabilityID": "CVE-2019-1549",
"PkgID": "[email protected]",
"PkgName": "libcrypto1.1",
"PkgIdentifier": {
"PURL": "pkg:apk/alpine/[email protected]?arch=x86_64\u0026distro=3.10.2"
},
"InstalledVersion": "1.1.1c-r0",
"FixedVersion": "1.1.1d-r0",
"Status": "fixed",
Expand Down Expand Up @@ -127,6 +130,9 @@
"VulnerabilityID": "CVE-2019-1551",
"PkgID": "[email protected]",
"PkgName": "libcrypto1.1",
"PkgIdentifier": {
"PURL": "pkg:apk/alpine/[email protected]?arch=x86_64\u0026distro=3.10.2"
},
"InstalledVersion": "1.1.1c-r0",
"FixedVersion": "1.1.1d-r2",
"Status": "fixed",
Expand Down Expand Up @@ -206,6 +212,9 @@
"VulnerabilityID": "CVE-2019-1549",
"PkgID": "[email protected]",
"PkgName": "libssl1.1",
"PkgIdentifier": {
"PURL": "pkg:apk/alpine/[email protected]?arch=x86_64\u0026distro=3.10.2"
},
"InstalledVersion": "1.1.1c-r0",
"FixedVersion": "1.1.1d-r0",
"Status": "fixed",
Expand Down Expand Up @@ -275,6 +284,9 @@
"VulnerabilityID": "CVE-2019-1551",
"PkgID": "[email protected]",
"PkgName": "libssl1.1",
"PkgIdentifier": {
"PURL": "pkg:apk/alpine/[email protected]?arch=x86_64\u0026distro=3.10.2"
},
"InstalledVersion": "1.1.1c-r0",
"FixedVersion": "1.1.1d-r2",
"Status": "fixed",
Expand Down
6 changes: 6 additions & 0 deletions integration/testdata/alpine-39-high-critical.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,9 @@
"VulnerabilityID": "CVE-2019-14697",
"PkgID": "[email protected]",
"PkgName": "musl",
"PkgIdentifier": {
"PURL": "pkg:apk/alpine/[email protected]?arch=x86_64\u0026distro=3.9.4"
},
"InstalledVersion": "1.1.20-r4",
"FixedVersion": "1.1.20-r5",
"Status": "fixed",
Expand Down Expand Up @@ -100,6 +103,9 @@
"VulnerabilityID": "CVE-2019-14697",
"PkgID": "[email protected]",
"PkgName": "musl-utils",
"PkgIdentifier": {
"PURL": "pkg:apk/alpine/[email protected]?arch=x86_64\u0026distro=3.9.4"
},
"InstalledVersion": "1.1.20-r4",
"FixedVersion": "1.1.20-r5",
"Status": "fixed",
Expand Down
6 changes: 6 additions & 0 deletions integration/testdata/alpine-39-ignore-cveids.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,9 @@
"VulnerabilityID": "CVE-2019-1551",
"PkgID": "[email protected]",
"PkgName": "libcrypto1.1",
"PkgIdentifier": {
"PURL": "pkg:apk/alpine/[email protected]?arch=x86_64\u0026distro=3.9.4"
},
"InstalledVersion": "1.1.1b-r1",
"FixedVersion": "1.1.1d-r2",
"Status": "fixed",
Expand Down Expand Up @@ -137,6 +140,9 @@
"VulnerabilityID": "CVE-2019-1551",
"PkgID": "[email protected]",
"PkgName": "libssl1.1",
"PkgIdentifier": {
"PURL": "pkg:apk/alpine/[email protected]?arch=x86_64\u0026distro=3.9.4"
},
"InstalledVersion": "1.1.1b-r1",
"FixedVersion": "1.1.1d-r2",
"Status": "fixed",
Expand Down
18 changes: 18 additions & 0 deletions integration/testdata/alpine-39.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,9 @@
"VulnerabilityID": "CVE-2019-1549",
"PkgID": "[email protected]",
"PkgName": "libcrypto1.1",
"PkgIdentifier": {
"PURL": "pkg:apk/alpine/[email protected]?arch=x86_64\u0026distro=3.9.4"
},
"InstalledVersion": "1.1.1b-r1",
"FixedVersion": "1.1.1d-r0",
"Status": "fixed",
Expand Down Expand Up @@ -127,6 +130,9 @@
"VulnerabilityID": "CVE-2019-1551",
"PkgID": "[email protected]",
"PkgName": "libcrypto1.1",
"PkgIdentifier": {
"PURL": "pkg:apk/alpine/[email protected]?arch=x86_64\u0026distro=3.9.4"
},
"InstalledVersion": "1.1.1b-r1",
"FixedVersion": "1.1.1d-r2",
"Status": "fixed",
Expand Down Expand Up @@ -206,6 +212,9 @@
"VulnerabilityID": "CVE-2019-1549",
"PkgID": "[email protected]",
"PkgName": "libssl1.1",
"PkgIdentifier": {
"PURL": "pkg:apk/alpine/[email protected]?arch=x86_64\u0026distro=3.9.4"
},
"InstalledVersion": "1.1.1b-r1",
"FixedVersion": "1.1.1d-r0",
"Status": "fixed",
Expand Down Expand Up @@ -275,6 +284,9 @@
"VulnerabilityID": "CVE-2019-1551",
"PkgID": "[email protected]",
"PkgName": "libssl1.1",
"PkgIdentifier": {
"PURL": "pkg:apk/alpine/[email protected]?arch=x86_64\u0026distro=3.9.4"
},
"InstalledVersion": "1.1.1b-r1",
"FixedVersion": "1.1.1d-r2",
"Status": "fixed",
Expand Down Expand Up @@ -354,6 +366,9 @@
"VulnerabilityID": "CVE-2019-14697",
"PkgID": "[email protected]",
"PkgName": "musl",
"PkgIdentifier": {
"PURL": "pkg:apk/alpine/[email protected]?arch=x86_64\u0026distro=3.9.4"
},
"InstalledVersion": "1.1.20-r4",
"FixedVersion": "1.1.20-r5",
"Status": "fixed",
Expand Down Expand Up @@ -396,6 +411,9 @@
"VulnerabilityID": "CVE-2019-14697",
"PkgID": "[email protected]",
"PkgName": "musl-utils",
"PkgIdentifier": {
"PURL": "pkg:apk/alpine/[email protected]?arch=x86_64\u0026distro=3.9.4"
},
"InstalledVersion": "1.1.20-r4",
"FixedVersion": "1.1.20-r5",
"Status": "fixed",
Expand Down
3 changes: 3 additions & 0 deletions integration/testdata/alpine-distroless.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,9 @@
"VulnerabilityID": "CVE-2022-24765",
"PkgID": "[email protected]",
"PkgName": "git",
"PkgIdentifier": {
"PURL": "pkg:apk/alpine/[email protected]?arch=x86_64\u0026distro=3.16"
},
"InstalledVersion": "2.35.1-r2",
"FixedVersion": "2.35.2-r0",
"Status": "fixed",
Expand Down
3 changes: 3 additions & 0 deletions integration/testdata/amazon-1.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,9 @@
"VulnerabilityID": "CVE-2019-5481",
"PkgID": "[email protected]_64",
"PkgName": "curl",
"PkgIdentifier": {
"PURL": "pkg:rpm/amazon/[email protected]?arch=x86_64\u0026distro=amazon-AMI+release+2018.03"
},
"InstalledVersion": "7.61.1-11.91.amzn1",
"FixedVersion": "7.61.1-12.93.amzn1",
"Status": "fixed",
Expand Down
6 changes: 6 additions & 0 deletions integration/testdata/amazon-2.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,9 @@
"VulnerabilityID": "CVE-2019-5481",
"PkgID": "[email protected]_64",
"PkgName": "curl",
"PkgIdentifier": {
"PURL": "pkg:rpm/amazon/[email protected]?arch=x86_64\u0026distro=amazon-2+%28Karoo%29"
},
"InstalledVersion": "7.61.1-9.amzn2.0.1",
"FixedVersion": "7.61.1-12.amzn2.0.1",
"Status": "fixed",
Expand Down Expand Up @@ -125,6 +128,9 @@
"VulnerabilityID": "CVE-2019-5436",
"PkgID": "[email protected]_64",
"PkgName": "curl",
"PkgIdentifier": {
"PURL": "pkg:rpm/amazon/[email protected]?arch=x86_64\u0026distro=amazon-2+%28Karoo%29"
},
"InstalledVersion": "7.61.1-9.amzn2.0.1",
"FixedVersion": "7.61.1-11.amzn2.0.2",
"Status": "fixed",
Expand Down
3 changes: 3 additions & 0 deletions integration/testdata/amazonlinux2-gp2-x86-vm.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,9 @@
"VulnerabilityID": "CVE-2022-38177",
"PkgID": "[email protected]_64",
"PkgName": "bind-export-libs",
"PkgIdentifier": {
"PURL": "pkg:rpm/amazon/[email protected]?arch=x86_64\u0026distro=amazon-2+%28Karoo%29\u0026epoch=32"
},
"InstalledVersion": "32:9.11.4-26.P2.amzn2.5.2",
"FixedVersion": "99:9.11.4-26.P2.amzn2.13",
"Status": "fixed",
Expand Down
6 changes: 6 additions & 0 deletions integration/testdata/busybox-with-lockfile.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,9 @@
"VulnerabilityID": "CVE-2019-15542",
"PkgID": "[email protected]",
"PkgName": "ammonia",
"PkgIdentifier": {
"PURL": "pkg:cargo/[email protected]"
},
"InstalledVersion": "1.9.0",
"FixedVersion": "\u003e= 2.1.0",
"Status": "fixed",
Expand Down Expand Up @@ -99,6 +102,9 @@
"VulnerabilityID": "CVE-2021-38193",
"PkgID": "[email protected]",
"PkgName": "ammonia",
"PkgIdentifier": {
"PURL": "pkg:cargo/[email protected]"
},
"InstalledVersion": "1.9.0",
"FixedVersion": "\u003e= 3.1.0, \u003e= 2.1.3, \u003c 3.0.0",
"Status": "fixed",
Expand Down
6 changes: 6 additions & 0 deletions integration/testdata/centos-6.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,9 @@
"VulnerabilityID": "CVE-2020-29573",
"PkgID": "[email protected]_64",
"PkgName": "glibc",
"PkgIdentifier": {
"PURL": "pkg:rpm/centos/[email protected]?arch=x86_64\u0026distro=centos-6.10"
},
"InstalledVersion": "2.12-1.212.el6",
"Status": "end_of_life",
"Layer": {
Expand Down Expand Up @@ -132,6 +135,9 @@
],
"PkgID": "[email protected]_64",
"PkgName": "openssl",
"PkgIdentifier": {
"PURL": "pkg:rpm/centos/[email protected]?arch=x86_64\u0026distro=centos-6.10"
},
"InstalledVersion": "1.0.1e-57.el6",
"FixedVersion": "1.0.1e-58.el6_10",
"Status": "fixed",
Expand Down
6 changes: 6 additions & 0 deletions integration/testdata/centos-7-ignore-unfixed.json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,9 @@
],
"PkgID": "[email protected]_64",
"PkgName": "openssl-libs",
"PkgIdentifier": {
"PURL": "pkg:rpm/centos/[email protected]?arch=x86_64\u0026distro=centos-7.6.1810\u0026epoch=1"
},
"InstalledVersion": "1:1.0.2k-16.el7",
"FixedVersion": "1:1.0.2k-19.el7",
"Status": "fixed",
Expand Down Expand Up @@ -162,6 +165,9 @@
],
"PkgID": "[email protected]_64",
"PkgName": "openssl-libs",
"PkgIdentifier": {
"PURL": "pkg:rpm/centos/[email protected]?arch=x86_64\u0026distro=centos-7.6.1810\u0026epoch=1"
},
"InstalledVersion": "1:1.0.2k-16.el7",
"FixedVersion": "1:1.0.2k-19.el7",
"Status": "fixed",
Expand Down
Loading