Skip to content

Commit

Permalink
Fixes for Programming Language Vulnerabilities and SBOM Package Maint…
Browse files Browse the repository at this point in the history
…ainer Details

1. It addresses an issue with programming language vulnerabilities by ensuring that the custom information is sent, which was previously causing a bug on the Aqua side.
2. For the SBOM, it adds the package maintainer details to the results, allowing to show this information.
  • Loading branch information
santhosh1729 committed Nov 18, 2024
1 parent 01fa177 commit 9aa4389
Show file tree
Hide file tree
Showing 4 changed files with 50 additions and 0 deletions.
1 change: 1 addition & 0 deletions pkg/detector/library/driver.go
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,7 @@ func (d *Driver) DetectVulnerabilities(pkgID, pkgName, pkgVer string) ([]types.D
InstalledVersion: pkgVer,
FixedVersion: createFixedVersions(adv),
DataSource: adv.DataSource,
Custom: adv.Custom,
}
vulns = append(vulns, vuln)
}
Expand Down
26 changes: 26 additions & 0 deletions pkg/detector/library/driver_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,32 @@ func TestDriver_Detect(t *testing.T) {
},
},
},
{
name: "Custom data for vulnerability",
fixtures: []string{
"testdata/fixtures/go-custom-data.yaml",
"testdata/fixtures/data-source.yaml",
},
libType: ftypes.GoBinary,
args: args{
pkgName: "github.com/docker/docker",
pkgVer: "23.0.14",
},
want: []types.DetectedVulnerability{
{
VulnerabilityID: "GHSA-v23v-6jw2-98fq",
PkgName: "github.com/docker/docker",
InstalledVersion: "23.0.14",
FixedVersion: "23.0.15, 26.1.5, 27.1.1, 25.0.6",
DataSource: &dbTypes.DataSource{
ID: vulnerability.GHSA,
Name: "GitHub Security Advisory Go",
URL: "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago",
},
Custom: map[string]any{"Severity": 2.0},
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
Expand Down
5 changes: 5 additions & 0 deletions pkg/detector/library/testdata/fixtures/data-source.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,8 @@
ID: "ghsa"
Name: "GitHub Security Advisory Pip"
URL: "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
- key: "go::GitHub Security Advisory Go"
value:
ID: "ghsa"
Name: "GitHub Security Advisory Go"
URL: "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
18 changes: 18 additions & 0 deletions pkg/detector/library/testdata/fixtures/go-custom-data.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
- bucket: "go::GitHub Security Advisory Go"
pairs:
- bucket: github.com/docker/docker
pairs:
- key: "GHSA-v23v-6jw2-98fq"
value:
PatchedVersions:
- "23.0.15"
- "26.1.5"
- "27.1.1"
- "25.0.6"
VulnerableVersions:
- ">=19.03.0, <23.0.15"
- ">=26.0.0, <26.1.5"
- ">=27.0.0, <27.1.1"
- ">=24.0.0, <25.0.6"
Custom:
Severity: 2

0 comments on commit 9aa4389

Please sign in to comment.