github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/detector/ospkg/detect.go

github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/detector/ospkg/detect.go (about)

     1  package ospkg
     2  
     3  import (
     4  	"time"
     5  
     6  	"github.com/samber/lo"
     7  	"golang.org/x/xerrors"
     8  
     9  	"github.com/devseccon/trivy/pkg/detector/ospkg/alma"
    10  	"github.com/devseccon/trivy/pkg/detector/ospkg/alpine"
    11  	"github.com/devseccon/trivy/pkg/detector/ospkg/amazon"
    12  	"github.com/devseccon/trivy/pkg/detector/ospkg/chainguard"
    13  	"github.com/devseccon/trivy/pkg/detector/ospkg/debian"
    14  	"github.com/devseccon/trivy/pkg/detector/ospkg/mariner"
    15  	"github.com/devseccon/trivy/pkg/detector/ospkg/oracle"
    16  	"github.com/devseccon/trivy/pkg/detector/ospkg/photon"
    17  	"github.com/devseccon/trivy/pkg/detector/ospkg/redhat"
    18  	"github.com/devseccon/trivy/pkg/detector/ospkg/rocky"
    19  	"github.com/devseccon/trivy/pkg/detector/ospkg/suse"
    20  	"github.com/devseccon/trivy/pkg/detector/ospkg/ubuntu"
    21  	"github.com/devseccon/trivy/pkg/detector/ospkg/wolfi"
    22  	ftypes "github.com/devseccon/trivy/pkg/fanal/types"
    23  	"github.com/devseccon/trivy/pkg/log"
    24  	"github.com/devseccon/trivy/pkg/types"
    25  )
    26  
    27  var (
    28  	// ErrUnsupportedOS defines error for unsupported OS
    29  	ErrUnsupportedOS = xerrors.New("unsupported os")
    30  
    31  	drivers = map[ftypes.OSType]Driver{
    32  		ftypes.Alpine:       alpine.NewScanner(),
    33  		ftypes.Alma:         alma.NewScanner(),
    34  		ftypes.Amazon:       amazon.NewScanner(),
    35  		ftypes.CBLMariner:   mariner.NewScanner(),
    36  		ftypes.Debian:       debian.NewScanner(),
    37  		ftypes.Ubuntu:       ubuntu.NewScanner(),
    38  		ftypes.RedHat:       redhat.NewScanner(),
    39  		ftypes.CentOS:       redhat.NewScanner(),
    40  		ftypes.Rocky:        rocky.NewScanner(),
    41  		ftypes.Oracle:       oracle.NewScanner(),
    42  		ftypes.OpenSUSELeap: suse.NewScanner(suse.OpenSUSE),
    43  		ftypes.SLES:         suse.NewScanner(suse.SUSEEnterpriseLinux),
    44  		ftypes.Photon:       photon.NewScanner(),
    45  		ftypes.Wolfi:        wolfi.NewScanner(),
    46  		ftypes.Chainguard:   chainguard.NewScanner(),
    47  	}
    48  )
    49  
    50  // RegisterDriver is defined for extensibility and not supposed to be used in Trivy.
    51  func RegisterDriver(name ftypes.OSType, driver Driver) {
    52  	drivers[name] = driver
    53  }
    54  
    55  // Driver defines operations for OS package scan
    56  type Driver interface {
    57  	Detect(string, *ftypes.Repository, []ftypes.Package) ([]types.DetectedVulnerability, error)
    58  	IsSupportedVersion(ftypes.OSType, string) bool
    59  }
    60  
    61  // Detect detects the vulnerabilities
    62  func Detect(_, osFamily ftypes.OSType, osName string, repo *ftypes.Repository, _ time.Time, pkgs []ftypes.Package) ([]types.DetectedVulnerability, bool, error) {
    63  	driver, err := newDriver(osFamily)
    64  	if err != nil {
    65  		return nil, false, ErrUnsupportedOS
    66  	}
    67  
    68  	eosl := !driver.IsSupportedVersion(osFamily, osName)
    69  
    70  	// Package `gpg-pubkey` doesn't use the correct version.
    71  	// We don't need to find vulnerabilities for this package.
    72  	filteredPkgs := lo.Filter(pkgs, func(pkg ftypes.Package, index int) bool {
    73  		return pkg.Name != "gpg-pubkey"
    74  	})
    75  	vulns, err := driver.Detect(osName, repo, filteredPkgs)
    76  	if err != nil {
    77  		return nil, false, xerrors.Errorf("failed detection: %w", err)
    78  	}
    79  
    80  	return vulns, eosl, nil
    81  }
    82  
    83  func newDriver(osFamily ftypes.OSType) (Driver, error) {
    84  	if driver, ok := drivers[osFamily]; ok {
    85  		return driver, nil
    86  	}
    87  
    88  	log.Logger.Warnf("unsupported os : %s", osFamily)
    89  	return nil, ErrUnsupportedOS
    90  }