Skip to content

Commit

Permalink
fix(oracle): add architectures support for advisories (#4809)
Browse files Browse the repository at this point in the history
  • Loading branch information
DmitriyLewen authored Dec 9, 2024
1 parent 51f2123 commit 90f1d8d
Show file tree
Hide file tree
Showing 6 changed files with 86 additions and 5 deletions.
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ require (
github.com/aquasecurity/testdocker v0.0.0-20240730042311-4642e94c7fc8
github.com/aquasecurity/tml v0.6.1
github.com/aquasecurity/trivy-checks v1.4.0
github.com/aquasecurity/trivy-db v0.0.0-20241120092622-333d808d7e45
github.com/aquasecurity/trivy-db v0.0.0-20241209111357-8c398f13db0e
github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48
github.com/aquasecurity/trivy-kubernetes v0.6.7-0.20241101182546-89bffc3932bc
github.com/aws/aws-sdk-go-v2 v1.32.5
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -355,8 +355,8 @@ github.com/aquasecurity/tml v0.6.1 h1:y2ZlGSfrhnn7t4ZJ/0rotuH+v5Jgv6BDDO5jB6A9gw
github.com/aquasecurity/tml v0.6.1/go.mod h1:OnYMWY5lvI9ejU7yH9LCberWaaTBW7hBFsITiIMY2yY=
github.com/aquasecurity/trivy-checks v1.4.0 h1:XFGPuA8C4f31GO9g7xOkubHq4W87y9iXrWnulsIoZFs=
github.com/aquasecurity/trivy-checks v1.4.0/go.mod h1:TSUbI3wBy9jgQl5lRUCR+B5pNiOxp6M26Jep8VCL/eM=
github.com/aquasecurity/trivy-db v0.0.0-20241120092622-333d808d7e45 h1:ljinbg7JTQvdnzuRsPYS6btA51SyGYWKCQInxSIwbRw=
github.com/aquasecurity/trivy-db v0.0.0-20241120092622-333d808d7e45/go.mod h1:Lg2avQhFy5qeGA0eMysI/61REVvWpEltverCarGc3l0=
github.com/aquasecurity/trivy-db v0.0.0-20241209111357-8c398f13db0e h1:O5j5SeCNBrXApgBTOobO06q4LMxJxIhcSGE7H6Y154E=
github.com/aquasecurity/trivy-db v0.0.0-20241209111357-8c398f13db0e/go.mod h1:gS8VhlNxhraiq60BBnJw9kGtjeMspQ9E8pX24jCL4jg=
github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 h1:JVgBIuIYbwG+ekC5lUHUpGJboPYiCcxiz06RCtz8neI=
github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8=
github.com/aquasecurity/trivy-kubernetes v0.6.7-0.20241101182546-89bffc3932bc h1:/mFBYIK9RY+L8s1CIbQbJ5B3v0YmoDSu5eAzavvMa+Y=
Expand Down
6 changes: 6 additions & 0 deletions integration/testdata/fixtures/db/oracle.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,14 @@
FixedVersion: "7.61.1-11.el8"
Entries:
- FixedVersion: "7.61.1-11.el8"
Arches:
- x86_64
- aarch64
- key: CVE-2019-5436
value:
FixedVersion: "7.61.1-12.el8"
Entries:
- FixedVersion: "7.61.1-12.el8"
Arches:
- x86_64
- aarch64
2 changes: 1 addition & 1 deletion pkg/detector/ospkg/oracle/oracle.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ func (s *Scanner) Detect(ctx context.Context, osVer string, _ *ftypes.Repository

var vulns []types.DetectedVulnerability
for _, pkg := range pkgs {
advisories, err := s.vs.Get(osVer, pkg.Name)
advisories, err := s.vs.Get(osVer, pkg.Name, pkg.Arch)
if err != nil {
return nil, xerrors.Errorf("failed to get Oracle Linux advisory: %w", err)
}
Expand Down
54 changes: 54 additions & 0 deletions pkg/detector/ospkg/oracle/oracle_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,60 @@ func TestScanner_Detect(t *testing.T) {
},
},
},
{
name: "different fixed versions for different arches",
fixtures: []string{
"testdata/fixtures/oracle7.yaml",
"testdata/fixtures/data-source.yaml",
},
args: args{
osVer: "7",
pkgs: []ftypes.Package{
{
Name: "rsyslog",
Version: "8.24.0",
Release: "57.0.0.el7",
Arch: "x86_64",
SrcName: "rsyslog",
SrcVersion: "8.24.0",
SrcRelease: "57.0.0.el7",
},
{
Name: "rsyslog",
Version: "8.24.0",
Release: "57.0.0.el7",
Arch: "aarch64",
SrcName: "rsyslog",
SrcVersion: "8.24.0",
SrcRelease: "57.0.0.el7",
},
},
},
want: []types.DetectedVulnerability{
{
VulnerabilityID: "CVE-2022-24903",
PkgName: "rsyslog",
InstalledVersion: "8.24.0-57.0.0.el7",
FixedVersion: "8.24.0-57.0.1.el7_9.3",
DataSource: &dbTypes.DataSource{
ID: vulnerability.OracleOVAL,
Name: "Oracle Linux OVAL definitions",
URL: "https://linux.oracle.com/security/oval/",
},
},
{
VulnerabilityID: "CVE-2022-24903",
PkgName: "rsyslog",
InstalledVersion: "8.24.0-57.0.0.el7",
FixedVersion: "8.24.0-57.0.4.el7_9.3",
DataSource: &dbTypes.DataSource{
ID: vulnerability.OracleOVAL,
Name: "Oracle Linux OVAL definitions",
URL: "https://linux.oracle.com/security/oval/",
},
},
},
},
{
name: "without ksplice",
fixtures: []string{
Expand Down
23 changes: 22 additions & 1 deletion pkg/detector/ospkg/oracle/testdata/fixtures/oracle7.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,19 +7,40 @@
FixedVersion: "7.29.0-59.0.1.el7_9.1"
Entries:
- FixedVersion: "7.29.0-59.0.1.el7_9.1"
Arches:
- x86_64
- aarch64
- bucket: glibc
pairs:
- key: CVE-2017-1000364
value:
FixedVersion: "2:2.17-157.ksplice1.el7_3.4"
Entries:
- FixedVersion: "2:2.17-157.ksplice1.el7_3.4"
Arches:
- x86_64
- aarch64
- bucket: gnutls
pairs:
- key: CVE-2021-20232
value:
FixedVersion: "3.6.16-4.el8"
Entries:
- FixedVersion: "10:3.6.16-4.0.1.el8_fips"
Arches:
- x86_64
- FixedVersion: "3.6.16-4.el8"

Arches:
- x86_64
- bucket: rsyslog
pairs:
- key: CVE-2022-24903
value:
FixedVersion: "8.24.0-57.0.1.el7_9.3"
Entries:
- FixedVersion: "8.24.0-57.0.1.el7_9.3"
Arches:
- x86_64
- FixedVersion: "8.24.0-57.0.4.el7_9.3"
Arches:
- aarch64

0 comments on commit 90f1d8d

Please sign in to comment.