Analyze origin (#13)

aquasecurity · May 12, 2019 · 15c98ac · 15c98ac
1 parent a8ba86d
commit 15c98ac
Show file tree

Hide file tree

Showing 4 changed files with 125 additions and 9 deletions.
diff --git a/analyzer/pkg/apk/apk.go b/analyzer/pkg/apk/apk.go
@@ -41,6 +41,7 @@ func (a alpinePkgAnalyzer) Analyze(fileMap extractor.FileMap) (pkgs []analyzer.P
 
 func (a alpinePkgAnalyzer) parseApkInfo(scanner *bufio.Scanner) (pkgs []analyzer.Package, err error) {
 	var pkg analyzer.Package
+	var version string
 	for scanner.Scan() {
 		line := scanner.Text()
 
@@ -57,13 +58,20 @@ func (a alpinePkgAnalyzer) parseApkInfo(scanner *bufio.Scanner) (pkgs []analyzer
 		case "P:":
 			pkg.Name = line[2:]
 		case "V:":
-			version := string(line[2:])
-			err = versionfmt.Valid(clairDpkg.ParserName, version)
-			if err != nil {
+			version = string(line[2:])
+			if err = versionfmt.Valid(clairDpkg.ParserName, version); err != nil {
 				log.Printf("Invalid Version Found : OS %s, Package %s, Version %s", "alpine", pkg.Name, version)
 				continue
-			} else {
-				pkg.Version = version
+			}
+			pkg.Version = version
+		case "o:":
+			origin := string(line[2:])
+			originPkg := analyzer.Package{
+				Name:    origin,
+				Version: version,
+			}
+			if analyzer.CheckPackage(&originPkg) {
+				pkgs = append(pkgs, originPkg)
 			}
 		}
 	}
@@ -72,7 +80,18 @@ func (a alpinePkgAnalyzer) parseApkInfo(scanner *bufio.Scanner) (pkgs []analyzer
 		pkgs = append(pkgs, pkg)
 	}
 
-	return pkgs, nil
+	return a.uniquePkgs(pkgs), nil
+}
+func (a alpinePkgAnalyzer) uniquePkgs(pkgs []analyzer.Package) (uniqPkgs []analyzer.Package) {
+	uniq := map[string]struct{}{}
+	for _, pkg := range pkgs {
+		if _, ok := uniq[pkg.Name]; ok {
+			continue
+		}
+		uniqPkgs = append(uniqPkgs, pkg)
+		uniq[pkg.Name] = struct{}{}
+	}
+	return uniqPkgs
 }
 
 func (a alpinePkgAnalyzer) RequiredFiles() []string {

diff --git a/analyzer/pkg/apk/apk_test.go b/analyzer/pkg/apk/apk_test.go
@@ -6,6 +6,8 @@ import (
 	"reflect"
 	"testing"
 
+	"github.com/kylelemons/godebug/pretty"
+
 	"github.com/knqyf263/fanal/analyzer"
 )
 
@@ -22,12 +24,19 @@ func TestParseApkInfo(t *testing.T) {
 				{Name: "alpine-baselayout", Version: "3.0.3-r0"},
 				{Name: "alpine-keys", Version: "1.1-r0"},
 				{Name: "zlib", Version: "1.2.8-r2"},
+				{Name: "openssl", Version: "1.0.2h-r1"},
 				{Name: "libcrypto1.0", Version: "1.0.2h-r1"},
 				{Name: "libssl1.0", Version: "1.0.2h-r1"},
 				{Name: "apk-tools", Version: "2.6.7-r0"},
+				{Name: "pax-utils", Version: "1.1.6-r0"},
 				{Name: "scanelf", Version: "1.1.6-r0"},
 				{Name: "musl-utils", Version: "1.1.14-r10"},
+				{Name: "libc-dev", Version: "0.7-r0"},
 				{Name: "libc-utils", Version: "0.7-r0"},
+				{Name: "pkgconf", Version: "1.6.0-r0"},
+				{Name: "sqlite", Version: "3.26.0-r3"},
+				{Name: "sqlite-libs", Version: "3.26.0-r3"},
+				{Name: "sqlite-dev", Version: "3.26.0-r3"},
 			},
 		},
 	}
@@ -43,7 +52,7 @@ func TestParseApkInfo(t *testing.T) {
 			t.Errorf("%s : catch the error : %v", testname, err)
 		}
 		if !reflect.DeepEqual(v.pkgs, pkgs) {
-			t.Errorf("[%s]\nexpected : %v\nactual : %v", testname, v.pkgs, pkgs)
+			t.Errorf("[%s]\n%s", testname, pretty.Compare(v.pkgs, pkgs))
 		}
 	}
 }
diff --git a/analyzer/pkg/apk/testdata/apk b/analyzer/pkg/apk/testdata/apk
@@ -448,3 +448,93 @@ m:Natanael Copa <[email protected]>
 t:1461934274
 c:e3725c0af137717d6883265a92db3838900b5cee
 D:musl-utils
+
+C:Q15iQqwpWJyKhKSxebSR6nwp/OZqk=
+P:pkgconf
+V:1.6.0-r0
+A:x86_64
+S:43001
+I:143360
+T:development framework configuration tools
+U:https://git.dereferenced.org/pkgconf/pkgconf
+L:ISC
+o:pkgconf
+m:William Pitcock <[email protected]>
+t:1547496958
+c:810b2b4cab3aad63cb338988d9d976012b6ad062
+D:so:libc.musl-x86_64.so.1
+p:pkgconfig=1 so:libpkgconf.so.3=3.0.0 cmd:pkg-config cmd:pkgconf
+r:pkgconfig
+F:usr
+F:usr/bin
+R:pkgconf
+a:0:0:755
+Z:Q1h2xvgvvUejQFBbqDvOMhcdazFGI=
+R:pkg-config
+a:0:0:777
+Z:Q18oszBu4K1Rwi+tYKAA91sDfWTzE=
+F:usr/lib
+R:libpkgconf.so.3.0.0
+a:0:0:755
+Z:Q1HQLOx86sW3RRtphIYcWcBBmJo6M=
+R:libpkgconf.so.3
+a:0:0:777
+Z:Q1NQYO0TsKR3JRQxUrYhF/izzKEOU=
+F:usr/share
+F:usr/share/aclocal
+R:pkg.m4
+Z:Q1pVlmIMTTArohUPZPu3OCLGaH+e0=
+
+C:Q1FGSUbDpfDdWmfKGvkw/BevenRHQ=
+P:sqlite-libs
+V:3.26.0-r3
+A:x86_64
+S:481468
+I:917504
+T:Sqlite3 library
+U:http://www.sqlite.org
+L:Public-Domain
+o:sqlite
+m:Carlo Landmeter <[email protected]>
+t:1546255353
+c:856c64b1dc1f9b8176c60e28808482f8503c4e98
+D:so:libc.musl-x86_64.so.1
+p:so:libsqlite3.so.0=0.8.6
+r:sqlite
+F:usr
+F:usr/lib
+R:libsqlite3.so.0
+a:0:0:777
+Z:Q1MZwGMEis9uc78EhxmxyozT2ZxZM=
+R:libsqlite3.so.0.8.6
+a:0:0:755
+Z:Q1BOGonxBB2SdxbKENvJNl9ifknaE=
+
+C:Q18L8xXsVIKBiJEOSmZcALxIvb3X0=
+P:sqlite-dev
+V:3.26.0-r3
+A:x86_64
+S:151185
+I:618496
+T:C library that implements an SQL database engine (development files)
+U:http://www.sqlite.org
+L:Public-Domain
+o:sqlite
+m:Carlo Landmeter <[email protected]>
+t:1546255353
+c:856c64b1dc1f9b8176c60e28808482f8503c4e98
+D:pkgconfig sqlite-libs=3.26.0-r3
+p:pc:sqlite3=3.26.0
+F:usr
+F:usr/lib
+R:libsqlite3.so
+a:0:0:777
+Z:Q1MZwGMEis9uc78EhxmxyozT2ZxZM=
+F:usr/lib/pkgconfig
+R:sqlite3.pc
+Z:Q1Gu7uz+QOw0X+WZ8MKc8iNVSnsBA=
+F:usr/include
+R:sqlite3ext.h
+Z:Q1riWNHq9ufQzhyMXm7raBW+ZL9z0=
+R:sqlite3.h
+Z:Q11MT2xE8JuMfBRYu6BDTz2PY95Vw=
diff --git a/go.sum b/go.sum
@@ -95,8 +95,6 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/knqyf263/berkeleydb v0.0.0-20190501065933-fafe01fb9662 h1:UGS0RbPHwXJkq8tcba8OD0nvVUWLf2h7uUJznuHPPB0=
 github.com/knqyf263/berkeleydb v0.0.0-20190501065933-fafe01fb9662/go.mod h1:bu1CcN4tUtoRcI/B/RFHhxMNKFHVq/c3SV+UTyduoXg=
-github.com/knqyf263/go-dep-parser v0.0.0-20190429154931-c377a5391790 h1:c02gG0yRNr25lcLOH+678SuuxxMUq36i48PQnmAweWk=
-github.com/knqyf263/go-dep-parser v0.0.0-20190429154931-c377a5391790/go.mod h1:CtT+dtv38jSz5EYYCX21LgtVXP+J3soF2fzQT8lHCfY=
 github.com/knqyf263/go-dep-parser v0.0.0-20190511063217-d5d543bfc261 h1:RPgPsbEsYj6LuOjZnKl2DvbfodNWRuWKZfWJkrD7l8s=
 github.com/knqyf263/go-dep-parser v0.0.0-20190511063217-d5d543bfc261/go.mod h1:gSiqSkOFPstUZu/qZ4wnNJS69PtQQnPl397vxKHJ5mQ=
 github.com/knqyf263/go-rpmdb v0.0.0-20190501070121-10a1c42a10dc h1:pumO9pqmRAjvic6oove22RGh9wDZQnj96XQjJSbSEPs=