Merge branch 'main' into feat/vex-csaf

anchore · juan131 · Apr 25, 2024 · Apr 25, 2024 · Apr 29, 2024 · Apr 29, 2024
commit 7cd816ad0143a67a40cf4ba518358f2f5ec4630f
diff --git a/go.mod b/go.mod
@@ -57,7 +57,7 @@ require (
 	github.com/wagoodman/go-presenter v0.0.0-20211015174752-f9c01afc824b
 	github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0
 	golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa
-	gorm.io/gorm v1.25.9
+	gorm.io/gorm v1.25.10
 )
 
 require (

diff --git a/grype/vex/csaf/csaf.go b/grype/vex/csaf/csaf.go
 				continue
 			}
 			if *pID == m.ProductID {
 				return string(*th.Details)
 			}
 		}
 	}
 type advisories []*csaf.Advisory

 // Matches returns the first CSAF advisory to match for a given vulnerability ID and package URL
 func (advisories advisories) matches(vulnID, purl string) *advisoryMatch {

 	for _, adv := range advisories {
 		if adv == nil || adv.Vulnerabilities == nil {
diff --git a/grype/vex/csaf/implementation.go b/grype/vex/csaf/implementation.go

 	// The collection is sorted by date, so newer advisories are guaranteed to be consumed before.
 	sort.SliceStable(advs, func(i, j int) bool {
 		i_t, _ := time.ParseDateTime(*advs[i].Document.Tracking.CurrentReleaseDate)
 		j_t, _ := time.ParseDateTime(*advs[j].Document.Tracking.CurrentReleaseDate)
 		return i_t.Before(j_t)
 	})

 // the VEX data as fixed or not_affected to the ignored list.
 func (*Processor) FilterMatches(
 	docRaw interface{}, ignoreRules []match.IgnoreRule, _ *pkg.Context, matches *match.Matches, ignoredMatches []match.IgnoredMatch,
 ) (*match.Matches, []match.IgnoredMatch, error) {

 	advisories, ok := docRaw.(advisories)
 	if !ok {
 // are moved from the ignore list or synthesized when no previous data is found.
 func (*Processor) AugmentMatches(
 	docRaw interface{}, ignoreRules []match.IgnoreRule, _ *pkg.Context, matches *match.Matches, ignoredMatches []match.IgnoredMatch,
 ) (*match.Matches, []match.IgnoredMatch, error) {

 	advisories, ok := docRaw.(advisories)
 	if !ok {
	continue
	}
	if *pID == m.ProductID {
	return string(*th.Details)
Check failure on line 58 in grype/vex/csaf/csaf.go GitHub Actions / Static analysis `unnecessary conversion (unconvert)`
	}
	}
	}
	type advisories []*csaf.Advisory

	// Matches returns the first CSAF advisory to match for a given vulnerability ID and package URL
	func (advisories advisories) matches(vulnID, purl string) *advisoryMatch {
Check failure on line 69 in grype/vex/csaf/csaf.go GitHub Actions / Static analysis cognitive complexity 32 of func `(advisories).matches` is high (> 30) (gocognit) Check failure on line 69 in grype/vex/csaf/csaf.go GitHub Actions / Static analysis `unnecessary leading newline (whitespace)`

	for _, adv := range advisories {
	if adv == nil \|\| adv.Vulnerabilities == nil {

	// The collection is sorted by date, so newer advisories are guaranteed to be consumed before.
	sort.SliceStable(advs, func(i, j int) bool {
	i_t, _ := time.ParseDateTime(*advs[i].Document.Tracking.CurrentReleaseDate)
Check failure on line 51 in grype/vex/csaf/implementation.go GitHub Actions / Static analysis `var-naming: don't use underscores in Go names; var i_t should be iT (revive)` Check failure on line 51 in grype/vex/csaf/implementation.go GitHub Actions / Static analysis `ST1003: should not use underscores in Go names; var i_t should be iT (stylecheck)`
	j_t, _ := time.ParseDateTime(*advs[j].Document.Tracking.CurrentReleaseDate)
Check failure on line 52 in grype/vex/csaf/implementation.go GitHub Actions / Static analysis `var-naming: don't use underscores in Go names; var j_t should be jT (revive)` Check failure on line 52 in grype/vex/csaf/implementation.go GitHub Actions / Static analysis `ST1003: should not use underscores in Go names; var j_t should be jT (stylecheck)`
	return i_t.Before(j_t)
	})

	// the VEX data as fixed or not_affected to the ignored list.
	func (*Processor) FilterMatches(
	docRaw interface{}, ignoreRules []match.IgnoreRule, _ pkg.Context, matches match.Matches, ignoredMatches []match.IgnoredMatch,
	) (*match.Matches, []match.IgnoredMatch, error) {
Check failure on line 63 in grype/vex/csaf/implementation.go GitHub Actions / Static analysis `unnecessary leading newline (whitespace)`

	advisories, ok := docRaw.(advisories)
	if !ok {
	// are moved from the ignore list or synthesized when no previous data is found.
	func (*Processor) AugmentMatches(
	docRaw interface{}, ignoreRules []match.IgnoreRule, _ pkg.Context, matches match.Matches, ignoredMatches []match.IgnoredMatch,
	) (*match.Matches, []match.IgnoredMatch, error) {
Check failure on line 107 in grype/vex/csaf/implementation.go GitHub Actions / Static analysis `unnecessary leading newline (whitespace)`

	advisories, ok := docRaw.(advisories)
	if !ok {