fix(vuln): report architecture for apk packages (aquasecurity#4247)

Co-authored-by: Sylvain Baubeau <[email protected]>
rcorre · May 22, 2023 · 63cfb27 · 63cfb27
1 parent e136136
commit 63cfb27
Show file tree

Hide file tree

Showing 12 changed files with 133 additions and 28 deletions.
diff --git a/integration/testdata/alpine-310-registry.json.golden b/integration/testdata/alpine-310-registry.json.golden
@@ -1,6 +1,6 @@
 {
   "SchemaVersion": 2,
-  "ArtifactName": "localhost:32839/alpine:3.10",
+  "ArtifactName": "localhost:55844/alpine:3.10",
   "ArtifactType": "container_image",
   "Metadata": {
     "OS": {
@@ -13,10 +13,10 @@
       "sha256:03901b4a2ea88eeaad62dbe59b072b28b6efa00491962b8741081c5df50c65e0"
     ],
     "RepoTags": [
-      "localhost:32839/alpine:3.10"
+      "localhost:55844/alpine:3.10"
     ],
     "RepoDigests": [
-      "localhost:32839/alpine@sha256:b1c5a500182b21d0bfa5a584a8526b56d8be316f89e87d951be04abed2446e60"
+      "localhost:55844/alpine@sha256:b1c5a500182b21d0bfa5a584a8526b56d8be316f89e87d951be04abed2446e60"
     ],
     "ImageConfig": {
       "architecture": "amd64",
@@ -55,7 +55,7 @@
   },
   "Results": [
     {
-      "Target": "localhost:32839/alpine:3.10 (alpine 3.10.2)",
+      "Target": "localhost:55844/alpine:3.10 (alpine 3.10.2)",
       "Class": "os-pkgs",
       "Type": "alpine",
       "Vulnerabilities": [

diff --git a/integration/testdata/centos-7-cyclonedx.json.golden b/integration/testdata/centos-7-cyclonedx.json.golden
@@ -3,7 +3,7 @@
   "specVersion": "1.4",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-05-15T09:50:02+00:00",
+    "timestamp": "2023-05-19T10:38:43+00:00",
     "tools": [
       {
         "vendor": "aquasecurity",

diff --git a/integration/testdata/conda-cyclonedx.json.golden b/integration/testdata/conda-cyclonedx.json.golden
@@ -1,10 +1,10 @@
 {
   "bomFormat": "CycloneDX",
   "specVersion": "1.4",
-  "serialNumber": "urn:uuid:c283a9bb-93f1-49fb-9605-110b5f005a74",
+  "serialNumber": "urn:uuid:e1f49b6f-018f-4bf3-97c8-85cd92a82c7c",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-05-15T09:49:59+00:00",
+    "timestamp": "2023-05-19T10:38:39+00:00",
     "tools": [
       {
         "vendor": "aquasecurity",
@@ -13,7 +13,7 @@
       }
     ],
     "component": {
-      "bom-ref": "6497c0eb-7ca3-401e-b1f6-29234b2ec32c",
+      "bom-ref": "cd0ebb00-5c53-4b82-a3f7-271add663c51",
       "type": "application",
       "name": "testdata/fixtures/fs/conda",
       "properties": [
@@ -26,53 +26,53 @@
   },
   "components": [
     {
-      "bom-ref": "pkg:conda/[email protected]?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fopenssl-1.1.1q-h7f8727e_0.json",
+      "bom-ref": "pkg:conda/[email protected]?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fpip-22.2.2-py38h06a4308_0.json",
       "type": "library",
-      "name": "openssl",
-      "version": "1.1.1q",
+      "name": "pip",
+      "version": "22.2.2",
       "licenses": [
         {
-          "expression": "OpenSSL"
+          "expression": "MIT"
         }
       ],
-      "purl": "pkg:conda/[email protected]",
+      "purl": "pkg:conda/[email protected]",
       "properties": [
         {
           "name": "aquasecurity:trivy:PkgType",
           "value": "conda-pkg"
         },
         {
           "name": "aquasecurity:trivy:FilePath",
-          "value": "miniconda3/envs/testenv/conda-meta/openssl-1.1.1q-h7f8727e_0.json"
+          "value": "miniconda3/envs/testenv/conda-meta/pip-22.2.2-py38h06a4308_0.json"
         }
       ]
     },
     {
-      "bom-ref": "pkg:conda/[email protected]?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fpip-22.2.2-py38h06a4308_0.json",
+      "bom-ref": "pkg:conda/[email protected]?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fopenssl-1.1.1q-h7f8727e_0.json",
       "type": "library",
-      "name": "pip",
-      "version": "22.2.2",
+      "name": "openssl",
+      "version": "1.1.1q",
       "licenses": [
         {
-          "expression": "MIT"
+          "expression": "OpenSSL"
         }
       ],
-      "purl": "pkg:conda/[email protected]",
+      "purl": "pkg:conda/[email protected]",
       "properties": [
         {
           "name": "aquasecurity:trivy:PkgType",
           "value": "conda-pkg"
         },
         {
           "name": "aquasecurity:trivy:FilePath",
-          "value": "miniconda3/envs/testenv/conda-meta/pip-22.2.2-py38h06a4308_0.json"
+          "value": "miniconda3/envs/testenv/conda-meta/openssl-1.1.1q-h7f8727e_0.json"
         }
       ]
     }
   ],
   "dependencies": [
     {
-      "ref": "6497c0eb-7ca3-401e-b1f6-29234b2ec32c",
+      "ref": "cd0ebb00-5c53-4b82-a3f7-271add663c51",
       "dependsOn": [
         "pkg:conda/[email protected]?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fopenssl-1.1.1q-h7f8727e_0.json",
         "pkg:conda/[email protected]?file_path=miniconda3%2Fenvs%2Ftestenv%2Fconda-meta%2Fpip-22.2.2-py38h06a4308_0.json"

diff --git a/integration/testdata/conda-spdx.json.golden b/integration/testdata/conda-spdx.json.golden
@@ -3,14 +3,14 @@
   "dataLicense": "CC0-1.0",
   "SPDXID": "SPDXRef-DOCUMENT",
   "name": "testdata/fixtures/fs/conda",
-  "documentNamespace": "http://aquasecurity.github.io/trivy/filesystem/testdata/fixtures/fs/conda-f50748fc-93cb-48c4-87c5-25a03e4ddb00",
+  "documentNamespace": "http://aquasecurity.github.io/trivy/filesystem/testdata/fixtures/fs/conda-e854267f-30a6-497d-9183-2f45dee37b09",
   "creationInfo": {
     "licenseListVersion": "",
     "creators": [
       "Organization: aquasecurity",
       "Tool: trivy-dev"
     ],
-    "created": "2023-05-16T05:26:41Z"
+    "created": "2023-05-19T10:38:39Z"
   },
   "packages": [
     {

diff --git a/integration/testdata/fluentd-multiple-lockfiles-cyclonedx.json.golden b/integration/testdata/fluentd-multiple-lockfiles-cyclonedx.json.golden
@@ -3,7 +3,7 @@
   "specVersion": "1.4",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-05-15T09:50:02+00:00",
+    "timestamp": "2023-05-19T10:38:42+00:00",
     "tools": [
       {
         "vendor": "aquasecurity",

diff --git a/pkg/fanal/analyzer/analyzer_test.go b/pkg/fanal/analyzer/analyzer_test.go
@@ -344,6 +344,7 @@ func TestAnalyzerGroup_AnalyzeFile(t *testing.T) {
 								SrcName:    "musl",
 								SrcVersion: "1.1.24-r2",
 								Licenses:   []string{"MIT"},
+								Arch:       "x86_64",
 								Digest:     "sha1:cb2316a189ebee5282c4a9bd98794cc2477a74c6",
 							},
 						},

diff --git a/pkg/fanal/analyzer/pkg/apk/apk.go b/pkg/fanal/analyzer/pkg/apk/apk.go
@@ -94,6 +94,8 @@ func (a alpinePkgAnalyzer) parseApkInfo(scanner *bufio.Scanner) ([]types.Package
 			a.parseProvides(line, pkg.ID, provides)
 		case "D:": // dependencies (corresponds to depend in PKGINFO, concatenated by spaces into a single line)
 			pkg.DependsOn = a.parseDependencies(line)
+		case "A:":
+			pkg.Arch = line[2:]
 		case "C:":
 			d := decodeChecksumLine(line)
 			if d != "" {

diff --git a/pkg/fanal/analyzer/pkg/apk/apk_test.go b/pkg/fanal/analyzer/pkg/apk/apk_test.go
@@ -26,6 +26,7 @@ func TestParseApkInfo(t *testing.T) {
 					SrcName:    "musl",
 					SrcVersion: "1.1.14-r10",
 					Licenses:   []string{"MIT"},
+					Arch:       "x86_64",
 					Digest:     "sha1:d68b402f35f57750f49156b0cb4e886a2ad35d2d",
 				},
 				{
@@ -36,6 +37,7 @@ func TestParseApkInfo(t *testing.T) {
 					SrcVersion: "1.24.2-r9",
 					Licenses:   []string{"GPL-2.0"},
 					DependsOn:  []string{"[email protected]"},
+					Arch:       "x86_64",
 					Digest:     "sha1:ca124719267cd0bedc2f4cb850a286ac13f0ad44",
 				},
 				{
@@ -46,6 +48,7 @@ func TestParseApkInfo(t *testing.T) {
 					SrcVersion: "3.0.3-r0",
 					Licenses:   []string{"GPL-2.0"},
 					DependsOn:  []string{"[email protected]", "[email protected]"},
+					Arch:       "x86_64",
 					Digest:     "sha1:a214896150411d72dd1fafdb32d1c6c4855cccfa",
 				},
 				{
@@ -55,6 +58,7 @@ func TestParseApkInfo(t *testing.T) {
 					SrcName:    "alpine-keys",
 					SrcVersion: "1.1-r0",
 					Licenses:   []string{"GPL-3.0"},
+					Arch:       "x86_64",
 					Digest:     "sha1:4def7ffaee6aeba700c1d62570326f75cbb8fa25",
 				},
 				{
@@ -65,6 +69,7 @@ func TestParseApkInfo(t *testing.T) {
 					SrcVersion: "1.2.8-r2",
 					Licenses:   []string{"Zlib"},
 					DependsOn:  []string{"[email protected]"},
+					Arch:       "x86_64",
 					Digest:     "sha1:efd04d34d40aa8eb331480127364c27a8ba760ef",
 				},
 				{
@@ -75,6 +80,7 @@ func TestParseApkInfo(t *testing.T) {
 					SrcVersion: "1.0.2h-r1",
 					Licenses:   []string{"openssl"},
 					DependsOn:  []string{"[email protected]", "[email protected]"},
+					Arch:       "x86_64",
 					Digest:     "sha1:65c860ff8f103b664f40ba849a3f5a51c69c8beb",
 				},
 				{
@@ -89,6 +95,7 @@ func TestParseApkInfo(t *testing.T) {
 						"[email protected]",
 						"[email protected]",
 					},
+					Arch: "x86_64",
 				},
 				{
 					ID:         "[email protected]",
@@ -104,6 +111,7 @@ func TestParseApkInfo(t *testing.T) {
 						"[email protected]",
 						"[email protected]",
 					},
+					Arch: "x86_64",
 				},
 				{
 					ID:         "[email protected]",
@@ -114,6 +122,7 @@ func TestParseApkInfo(t *testing.T) {
 					Licenses:   []string{"GPL-2.0"},
 					Digest:     "sha1:f9bab817c5ad93e92a6218bc0f7596b657c02d90",
 					DependsOn:  []string{"[email protected]"},
+					Arch:       "x86_64",
 				},
 				{
 					ID:         "[email protected]",
@@ -127,6 +136,7 @@ func TestParseApkInfo(t *testing.T) {
 						"[email protected]",
 						"[email protected]",
 					},
+					Arch: "x86_64",
 				},
 				{
 					ID:         "[email protected]",
@@ -137,6 +147,7 @@ func TestParseApkInfo(t *testing.T) {
 					Licenses:   []string{"GPL-3.0"},
 					Digest:     "sha1:9055bc7afd76cf2672198042f72fc4a5ed4fa961",
 					DependsOn:  []string{"[email protected]"},
+					Arch:       "x86_64",
 				},
 				{
 					ID:         "[email protected]",
@@ -147,6 +158,7 @@ func TestParseApkInfo(t *testing.T) {
 					Licenses:   []string{"ISC"},
 					Digest:     "sha1:e6242ac29589c8a84a4b179b491ea7c29fce66a9",
 					DependsOn:  []string{"[email protected]"},
+					Arch:       "x86_64",
 				},
 
 				{
@@ -158,6 +170,7 @@ func TestParseApkInfo(t *testing.T) {
 					Licenses:   []string{"Public-Domain"},
 					Digest:     "sha1:1464946c3a5f0dd5a67ca1af930fc17af7a74474",
 					DependsOn:  []string{"[email protected]"},
+					Arch:       "x86_64",
 				},
 
 				{
@@ -172,6 +185,7 @@ func TestParseApkInfo(t *testing.T) {
 						"[email protected]",
 						"[email protected]",
 					},
+					Arch: "x86_64",
 				},
 			},
 			wantFiles: []string{

diff --git a/pkg/fanal/artifact/image/image_test.go b/pkg/fanal/artifact/image/image_test.go
@@ -46,6 +46,7 @@ func TestArtifact_Inspect(t *testing.T) {
 				"[email protected]",
 				"[email protected]",
 			},
+			Arch: "x86_64",
 		},
 		{
 			ID:         "[email protected]",
@@ -54,6 +55,7 @@ func TestArtifact_Inspect(t *testing.T) {
 			SrcName:    "alpine-keys",
 			SrcVersion: "2.1-r2",
 			Licenses:   []string{"MIT"},
+			Arch:       "x86_64",
 			Digest:     "sha1:64929f85b7f8b4adbb664d905410312936b79d9b",
 		},
 		{
@@ -70,6 +72,7 @@ func TestArtifact_Inspect(t *testing.T) {
 				"[email protected]",
 				"[email protected]",
 			},
+			Arch: "x86_64",
 		},
 		{
 			ID:         "[email protected]",
@@ -82,6 +85,7 @@ func TestArtifact_Inspect(t *testing.T) {
 			DependsOn: []string{
 				"[email protected]",
 			},
+			Arch: "x86_64",
 		},
 		{
 			ID:         "ca-certificates-cacert@20191127-r1",
@@ -93,6 +97,7 @@ func TestArtifact_Inspect(t *testing.T) {
 				"MPL-2.0",
 				"GPL-2.0",
 			},
+			Arch:   "x86_64",
 			Digest: "sha1:3aeb8a90d7179d2a187782e980a964494e08c5fb",
 		},
 		{
@@ -106,6 +111,7 @@ func TestArtifact_Inspect(t *testing.T) {
 			DependsOn: []string{
 				"[email protected]",
 			},
+			Arch: "x86_64",
 		},
 		{
 			ID:         "[email protected]",
@@ -118,6 +124,7 @@ func TestArtifact_Inspect(t *testing.T) {
 			DependsOn: []string{
 				"[email protected]",
 			},
+			Arch: "x86_64",
 		},
 		{
 			ID:         "[email protected]",
@@ -131,6 +138,7 @@ func TestArtifact_Inspect(t *testing.T) {
 				"[email protected]",
 				"[email protected]",
 			},
+			Arch: "x86_64",
 		},
 		{
 			ID:         "[email protected]",
@@ -146,6 +154,7 @@ func TestArtifact_Inspect(t *testing.T) {
 				"[email protected]",
 				"[email protected]",
 			},
+			Arch: "x86_64",
 		},
 		{
 			ID:         "[email protected]",
@@ -154,6 +163,7 @@ func TestArtifact_Inspect(t *testing.T) {
 			SrcName:    "musl",
 			SrcVersion: "1.1.24-r2",
 			Licenses:   []string{"MIT"},
+			Arch:       "x86_64",
 			Digest:     "sha1:cb2316a189ebee5282c4a9bd98794cc2477a74c6",
 		},
 		{
@@ -172,6 +182,7 @@ func TestArtifact_Inspect(t *testing.T) {
 				"[email protected]",
 				"[email protected]",
 			},
+			Arch: "x86_64",
 		},
 		{
 			ID:         "[email protected]",
@@ -184,6 +195,7 @@ func TestArtifact_Inspect(t *testing.T) {
 			DependsOn: []string{
 				"[email protected]",
 			},
+			Arch: "x86_64",
 		},
 		{
 			ID:         "[email protected]",
@@ -197,6 +209,7 @@ func TestArtifact_Inspect(t *testing.T) {
 				"[email protected]",
 				"[email protected]",
 			},
+			Arch: "x86_64",
 		},
 		{
 			ID:         "[email protected]",
@@ -209,6 +222,7 @@ func TestArtifact_Inspect(t *testing.T) {
 			DependsOn: []string{
 				"[email protected]",
 			},
+			Arch: "x86_64",
 		},
 	}