github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/detector/library/compare/pep440/compare.go

github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/detector/library/compare/pep440/compare.go (about)

     1  package pep440
     2  
     3  import (
     4  	"golang.org/x/xerrors"
     5  
     6  	version "github.com/aquasecurity/go-pep440-version"
     7  	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
     8  	"github.com/devseccon/trivy/pkg/detector/library/compare"
     9  )
    10  
    11  // Comparer represents a comparer for PEP 440
    12  type Comparer struct{}
    13  
    14  // IsVulnerable checks if the package version is vulnerable to the advisory.
    15  func (n Comparer) IsVulnerable(ver string, advisory dbTypes.Advisory) bool {
    16  	return compare.IsVulnerable(ver, advisory, n.matchVersion)
    17  }
    18  
    19  // matchVersion checks if the package version satisfies the given constraint.
    20  func (n Comparer) matchVersion(currentVersion, constraint string) (bool, error) {
    21  	v, err := version.Parse(currentVersion)
    22  	if err != nil {
    23  		return false, xerrors.Errorf("python version error (%s): %s", currentVersion, err)
    24  	}
    25  
    26  	c, err := version.NewSpecifiers(constraint, version.WithPreRelease(true))
    27  	if err != nil {
    28  		return false, xerrors.Errorf("python constraint error (%s): %s", constraint, err)
    29  	}
    30  
    31  	return c.Check(v), nil
    32  }