Skip to content

Commit

Permalink
feat(rocky): support modular package
Browse files Browse the repository at this point in the history
  • Loading branch information
MaineK00n committed Mar 3, 2022
1 parent 72c736e commit 0c21fb2
Show file tree
Hide file tree
Showing 6 changed files with 179 additions and 65 deletions.
27 changes: 15 additions & 12 deletions pkg/vulnsrc/rocky/rocky.go
Original file line number Diff line number Diff line change
Expand Up @@ -113,25 +113,28 @@ func (vs VulnSrc) save(errataVer map[string][]RLSA) error {
func (vs VulnSrc) commit(tx *bolt.Tx, platformName string, errata []RLSA) error {
for _, erratum := range errata {
for _, cveID := range erratum.CveIDs {
putAdvisoryCount := 0
for _, pkg := range erratum.Packages {
for _, pkglist := range erratum.PkgLists {
// Skip the modular packages until the following bug is fixed.
// https://forums.rockylinux.org/t/some-errata-missing-in-comparison-with-rhel-and-almalinux/3843/8
if strings.Contains(pkg.Release, ".module+el") {
// If erratum.Pkglists is 0, it fails to use modules.yaml to break down the affected package into modules.
if len(erratum.PkgLists) == 0 {
continue
}

advisory := types.Advisory{
FixedVersion: utils.ConstructVersion(pkg.Epoch, pkg.Version, pkg.Release),
for _, pkg := range pkglist.Packages {
pkgName := pkg.Name
if pkglist.Module.Name != "" && pkglist.Module.Stream != "" {
pkgName = fmt.Sprintf("%s:%s::%s", pkglist.Module.Name, pkglist.Module.Stream, pkg.Name)
}

advisory := types.Advisory{
FixedVersion: utils.ConstructVersion(pkg.Epoch, pkg.Version, pkg.Release),
}
if err := vs.dbc.PutAdvisoryDetail(tx, cveID, pkgName, []string{platformName}, advisory); err != nil {
return xerrors.Errorf("failed to save Rocky advisory: %w", err)
}
}
if err := vs.dbc.PutAdvisoryDetail(tx, cveID, pkg.Name, []string{platformName}, advisory); err != nil {
return xerrors.Errorf("failed to save Rocky advisory: %w", err)
}

putAdvisoryCount++
}

if putAdvisoryCount > 0 {
var references []string
for _, ref := range erratum.References {
references = append(references, ref.Href)
Expand Down
45 changes: 43 additions & 2 deletions pkg/vulnsrc/rocky/rocky_test.go
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
package rocky

import (
"github.com/aquasecurity/trivy-db/pkg/vulnsrctest"
"path/filepath"
"testing"

"github.com/aquasecurity/trivy-db/pkg/types"
"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
"github.com/aquasecurity/trivy-db/pkg/vulnsrctest"
)

func TestVulnSrc_Update(t *testing.T) {
Expand Down Expand Up @@ -57,9 +57,50 @@ func TestVulnSrc_Update(t *testing.T) {
},
},
},
{
name: "happy modular package",
dir: filepath.Join("testdata", "modular"),
wantValues: []vulnsrctest.WantValues{
{
Key: []string{"data-source", "rocky 8"},
Value: types.DataSource{
ID: vulnerability.Rocky,
Name: "Rocky Linux updateinfo",
URL: "https://download.rockylinux.org/pub/rocky/",
},
},
{
Key: []string{"advisory-detail", "CVE-2020-25097", "rocky 8", "squid:4::libecap"},
Value: types.Advisory{
FixedVersion: "1.0.1-2.module+el8.4.0+404+316a0dc5",
},
},
{
Key: []string{"advisory-detail", "CVE-2020-25097", "rocky 8", "squid:4::libecap-devel"},
Value: types.Advisory{
FixedVersion: "1.0.1-2.module+el8.4.0+404+316a0dc5",
},
},
{
Key: []string{"vulnerability-detail", "CVE-2020-25097", string(vulnerability.Rocky)},
Value: types.VulnerabilityDetail{
Severity: types.SeverityHigh,
References: []string{
"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25097.json",
},
Title: "Important: squid:4 security update",
Description: "For more information visit https://errata.rockylinux.org/RLSA-2021:1979",
},
},
{
Key: []string{"vulnerability-id", "CVE-2020-25097"},
Value: map[string]interface{}{},
},
},
},
{
name: "skip advisories for modular package",
dir: filepath.Join("testdata", "modular"),
dir: filepath.Join("testdata", "no_moduleinfo"),
wantValues: []vulnsrctest.WantValues{},
},
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,38 +9,43 @@
},
"severity": "Important",
"description": "For more information visit https://errata.rockylinux.org/RLSA-2021:1989",
"packages": [
"pkglists": [
{
"name": "bind-export-libs",
"epoch": "32",
"version": "9.11.26",
"release": "4.el8_4",
"arch": "i686",
"filename": "bind-export-libs-9.11.26-4.el8_4.i686.rpm"
},
{
"name": "bind-export-libs",
"epoch": "32",
"version": "9.11.26",
"release": "4.el8_4",
"arch": "x86_64",
"filename": "bind-export-libs-9.11.26-4.el8_4.x86_64.rpm"
},
{
"name": "bind-export-devel",
"epoch": "32",
"version": "9.11.26",
"release": "4.el8_4",
"arch": "x86_64",
"filename": "bind-export-devel-9.11.26-4.el8_4.x86_64.rpm"
},
{
"name": "bind-export-devel",
"epoch": "32",
"version": "9.11.26",
"release": "4.el8_4",
"arch": "i686",
"filename": "bind-export-devel-9.11.26-4.el8_4.i686.rpm"
"packages": [
{
"name": "bind-export-libs",
"epoch": "32",
"version": "9.11.26",
"release": "4.el8_4",
"arch": "i686",
"filename": "bind-export-libs-9.11.26-4.el8_4.i686.rpm"
},
{
"name": "bind-export-libs",
"epoch": "32",
"version": "9.11.26",
"release": "4.el8_4",
"arch": "x86_64",
"filename": "bind-export-libs-9.11.26-4.el8_4.x86_64.rpm"
},
{
"name": "bind-export-devel",
"epoch": "32",
"version": "9.11.26",
"release": "4.el8_4",
"arch": "x86_64",
"filename": "bind-export-devel-9.11.26-4.el8_4.x86_64.rpm"
},
{
"name": "bind-export-devel",
"epoch": "32",
"version": "9.11.26",
"release": "4.el8_4",
"arch": "i686",
"filename": "bind-export-devel-9.11.26-4.el8_4.i686.rpm"
}
],
"module": {}
}
],
"references": [
Expand All @@ -51,7 +56,5 @@
"type": "cve"
}
],
"cveids": [
"CVE-2021-25215"
]
}
"cveids": ["CVE-2021-25215"]
}
Original file line number Diff line number Diff line change
Expand Up @@ -9,22 +9,35 @@
},
"severity": "Important",
"description": "For more information visit https://errata.rockylinux.org/RLSA-2021:1979",
"packages": [
"pkglists": [
{
"name": "libecap",
"epoch": "0",
"version": "1.0.1",
"release": "2.module+el8.4.0+404+316a0dc5",
"arch": "x86_64",
"filename": "libecap-1.0.1-2.module+el8.4.0+404+316a0dc5.x86_64.rpm"
},
{
"name": "libecap-devel",
"epoch": "0",
"version": "1.0.1",
"release": "2.module+el8.4.0+404+316a0dc5",
"arch": "x86_64",
"filename": "libecap-devel-1.0.1-2.module+el8.4.0+404+316a0dc5.x86_64.rpm"
"packages": [
{
"name": "libecap",
"epoch": "0",
"version": "1.0.1",
"release": "2.module+el8.4.0+404+316a0dc5",
"arch": "x86_64",
"src": "libecap-1.0.1-2.module+el8.4.0+404+316a0dc5.src.rpm",
"filename": "libecap-1.0.1-2.module+el8.4.0+404+316a0dc5.x86_64.rpm"
},
{
"name": "libecap-devel",
"epoch": "0",
"version": "1.0.1",
"release": "2.module+el8.4.0+404+316a0dc5",
"arch": "x86_64",
"src": "libecap-1.0.1-2.module+el8.4.0+404+316a0dc5.src.rpm",
"filename": "libecap-devel-1.0.1-2.module+el8.4.0+404+316a0dc5.x86_64.rpm"
}
],
"module": {
"stream": "4",
"name": "squid",
"version": 8050020211109223548,
"arch": "x86_64",
"context": "b4937e53"
}
}
],
"references": [
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
{
"id": "RLSA-2021:1979",
"title": "Important: squid:4 security update",
"issued": {
"date": "2021-07-22 03:16:49"
},
"updated": {
"date": "2021-05-18 00:00:00"
},
"severity": "Important",
"description": "For more information visit https://errata.rockylinux.org/RLSA-2021:1979",
"packages": [
{
"name": "libecap",
"epoch": "0",
"version": "1.0.1",
"release": "2.module+el8.4.0+404+316a0dc5",
"arch": "x86_64",
"filename": "libecap-1.0.1-2.module+el8.4.0+404+316a0dc5.x86_64.rpm"
},
{
"name": "libecap-devel",
"epoch": "0",
"version": "1.0.1",
"release": "2.module+el8.4.0+404+316a0dc5",
"arch": "x86_64",
"filename": "libecap-devel-1.0.1-2.module+el8.4.0+404+316a0dc5.x86_64.rpm"
}
],
"references": [
{
"href": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25097.json",
"id": "CVE-2020-25097",
"title": "Update information for CVE-2020-25097 is retrieved from Red Hat",
"type": "cve"
}
],
"cveids": ["CVE-2020-25097"]
}
17 changes: 16 additions & 1 deletion pkg/vulnsrc/rocky/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ type RLSA struct {
Title string `json:"title,omitempty"`
Severity string `json:"severity,omitempty"`
Description string `json:"description,omitempty"`
Packages []Package `json:"packages,omitempty"`
PkgLists []PkgList `json:"pkglists,omitempty"`
References []Reference `json:"references,omitempty"`
CveIDs []string `json:"cveids,omitempty"`
}
Expand All @@ -19,6 +19,12 @@ type Reference struct {
Type string `json:"type,omitempty"`
}

// PkgList has modular package information
type PkgList struct {
Packages []Package `json:"packages,omitempty"`
Module Module `json:"module,omitempty"`
}

// Package has affected package information
type Package struct {
Name string `json:"name,omitempty"`
Expand All @@ -28,3 +34,12 @@ type Package struct {
Arch string `json:"arch,omitempty"`
Filename string `json:"filename,omitempty"`
}

// Module has module information
type Module struct {
Stream string `json:"stream,omitempty"`
Name string `json:"name,omitempty"`
Version int64 `json:"version,omitempty"`
Arch string `json:"arch,omitempty"`
Context string `json:"context,omitempty"`
}

0 comments on commit 0c21fb2

Please sign in to comment.