Lang advisory order (aquasecurity#1409)

* chore(advisory reorder) Reorder language advisory. * fixed integration tests.
lcostea · Nov 24, 2021 · af3eaef · af3eaef
1 parent 07c9200
commit af3eaef
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 17 deletions.
diff --git a/integration/testdata/nodejs.json.golden b/integration/testdata/nodejs.json.golden
@@ -24,7 +24,7 @@
           "VulnerabilityID": "CVE-2019-11358",
           "PkgName": "jquery",
           "InstalledVersion": "3.3.9",
-          "FixedVersion": "3.4.0",
+          "FixedVersion": ">=3.4.0",
           "SeveritySource": "nodejs-security-wg",
           "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11358",
           "Title": "js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection",
@@ -128,7 +128,7 @@
           "VulnerabilityID": "CVE-2018-16487",
           "PkgName": "lodash",
           "InstalledVersion": "4.17.4",
-          "FixedVersion": "4.17.11",
+          "FixedVersion": ">=4.17.11",
           "SeveritySource": "nodejs-security-wg",
           "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16487",
           "Title": "lodash: Prototype pollution in utilities function",
@@ -195,7 +195,7 @@
           "VulnerabilityID": "CVE-2018-3721",
           "PkgName": "lodash",
           "InstalledVersion": "4.17.4",
-          "FixedVersion": "4.17.5",
+          "FixedVersion": ">=4.17.5",
           "SeveritySource": "nodejs-security-wg",
           "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-3721",
           "Title": "lodash: Prototype pollution in utilities function",

diff --git a/pkg/detector/library/driver.go b/pkg/detector/library/driver.go
@@ -89,41 +89,34 @@ func (d *Driver) Type() string {
 
 func newRubyGemsDriver() Driver {
 	c := bundler.RubyGemsComparer{}
-	return Aggregate(vulnerability.RubyGems, ghsa.NewAdvisory(ecosystem.Rubygems, c), bundler.NewAdvisory(),
-		NewAdvisory(vulnerability.RubyGems, c))
+	return Aggregate(vulnerability.RubyGems, NewAdvisory(vulnerability.RubyGems, c), bundler.NewAdvisory(), ghsa.NewAdvisory(ecosystem.Rubygems, c))
 }
 
 func newComposerDriver() Driver {
 	c := comparer.GenericComparer{}
-	return Aggregate(vulnerability.Composer, ghsa.NewAdvisory(ecosystem.Composer, c), composer.NewAdvisory(),
-		NewAdvisory(vulnerability.Composer, c))
+	return Aggregate(vulnerability.Composer, NewAdvisory(vulnerability.Composer, c), composer.NewAdvisory(), ghsa.NewAdvisory(ecosystem.Composer, c))
 }
 
 func newCargoDriver() Driver {
-	return Aggregate(vulnerability.Cargo, cargo.NewAdvisory(),
-		NewAdvisory(vulnerability.Cargo, comparer.GenericComparer{}))
+	return Aggregate(vulnerability.Cargo, NewAdvisory(vulnerability.Cargo, comparer.GenericComparer{}), cargo.NewAdvisory())
 }
 
 func newNpmDriver() Driver {
 	c := npm.Comparer{}
-	return Aggregate(vulnerability.Npm, ghsa.NewAdvisory(ecosystem.Npm, c),
-		npm.NewAdvisory(), NewAdvisory(vulnerability.Npm, c))
+	return Aggregate(vulnerability.Npm, NewAdvisory(vulnerability.Npm, c), npm.NewAdvisory(), ghsa.NewAdvisory(ecosystem.Npm, c))
 }
 
 func newPipDriver() Driver {
 	c := comparer.GenericComparer{}
-	return Aggregate(vulnerability.Pip, ghsa.NewAdvisory(ecosystem.Pip, c),
-		python.NewAdvisory(), NewAdvisory(vulnerability.Pip, c))
+	return Aggregate(vulnerability.Pip, NewAdvisory(vulnerability.Pip, c), python.NewAdvisory(), ghsa.NewAdvisory(ecosystem.Pip, c))
 }
 
 func newNugetDriver() Driver {
 	c := comparer.GenericComparer{}
-	return Aggregate(vulnerability.NuGet, ghsa.NewAdvisory(ecosystem.Nuget, c),
-		NewAdvisory(vulnerability.NuGet, c))
+	return Aggregate(vulnerability.NuGet, NewAdvisory(vulnerability.NuGet, c), ghsa.NewAdvisory(ecosystem.Nuget, c))
 }
 
 func newMavenDriver() Driver {
 	c := maven.Comparer{}
-	return Aggregate(vulnerability.Maven, ghsa.NewAdvisory(ecosystem.Maven, c),
-		NewAdvisory(vulnerability.Maven, c))
+	return Aggregate(vulnerability.Maven, NewAdvisory(vulnerability.Maven, c), ghsa.NewAdvisory(ecosystem.Maven, c))
 }