github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/detector/ospkg/photon/photon.go

github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/detector/ospkg/photon/photon.go (about)

     1  package photon
     2  
     3  import (
     4  	"time"
     5  
     6  	version "github.com/knqyf263/go-rpm-version"
     7  	"golang.org/x/xerrors"
     8  	"k8s.io/utils/clock"
     9  
    10  	"github.com/aquasecurity/trivy-db/pkg/vulnsrc/photon"
    11  	osver "github.com/devseccon/trivy/pkg/detector/ospkg/version"
    12  	ftypes "github.com/devseccon/trivy/pkg/fanal/types"
    13  	"github.com/devseccon/trivy/pkg/log"
    14  	"github.com/devseccon/trivy/pkg/scanner/utils"
    15  	"github.com/devseccon/trivy/pkg/types"
    16  )
    17  
    18  var (
    19  	eolDates = map[string]time.Time{
    20  		"1.0": time.Date(2022, 2, 28, 23, 59, 59, 0, time.UTC),
    21  		"2.0": time.Date(2022, 12, 31, 23, 59, 59, 0, time.UTC),
    22  		// The following versions don't have the EOL dates yet.
    23  		// See https://blogs.vmware.com/vsphere/2022/01/photon-1-x-end-of-support-announcement.html
    24  		"3.0": time.Date(2024, 6, 30, 23, 59, 59, 0, time.UTC),
    25  		"4.0": time.Date(2025, 12, 31, 23, 59, 59, 0, time.UTC),
    26  	}
    27  )
    28  
    29  type options struct {
    30  	clock clock.Clock
    31  }
    32  
    33  type option func(*options)
    34  
    35  func WithClock(c clock.Clock) option {
    36  	return func(opts *options) {
    37  		opts.clock = c
    38  	}
    39  }
    40  
    41  // Scanner implements the Photon scanner
    42  type Scanner struct {
    43  	vs photon.VulnSrc
    44  	*options
    45  }
    46  
    47  // NewScanner is the factory method for Scanner
    48  func NewScanner(opts ...option) *Scanner {
    49  	o := &options{
    50  		clock: clock.RealClock{},
    51  	}
    52  
    53  	for _, opt := range opts {
    54  		opt(o)
    55  	}
    56  	return &Scanner{
    57  		vs:      photon.NewVulnSrc(),
    58  		options: o,
    59  	}
    60  }
    61  
    62  // Detect scans and returns vulnerabilities using photon scanner
    63  func (s *Scanner) Detect(osVer string, _ *ftypes.Repository, pkgs []ftypes.Package) ([]types.DetectedVulnerability, error) {
    64  	log.Logger.Info("Detecting Photon Linux vulnerabilities...")
    65  	log.Logger.Debugf("Photon Linux: os version: %s", osVer)
    66  	log.Logger.Debugf("Photon Linux: the number of packages: %d", len(pkgs))
    67  
    68  	var vulns []types.DetectedVulnerability
    69  	for _, pkg := range pkgs {
    70  		advisories, err := s.vs.Get(osVer, pkg.SrcName)
    71  		if err != nil {
    72  			return nil, xerrors.Errorf("failed to get Photon Linux advisory: %w", err)
    73  		}
    74  
    75  		installed := utils.FormatVersion(pkg)
    76  		installedVersion := version.NewVersion(installed)
    77  		for _, adv := range advisories {
    78  			fixedVersion := version.NewVersion(adv.FixedVersion)
    79  			vuln := types.DetectedVulnerability{
    80  				VulnerabilityID:  adv.VulnerabilityID,
    81  				PkgID:            pkg.ID,
    82  				PkgName:          pkg.Name,
    83  				InstalledVersion: installed,
    84  				PkgRef:           pkg.Ref,
    85  				Layer:            pkg.Layer,
    86  				Custom:           adv.Custom,
    87  				DataSource:       adv.DataSource,
    88  			}
    89  			if installedVersion.LessThan(fixedVersion) {
    90  				vuln.FixedVersion = adv.FixedVersion
    91  				vulns = append(vulns, vuln)
    92  			}
    93  		}
    94  	}
    95  	return vulns, nil
    96  }
    97  
    98  // IsSupportedVersion checks if the version is supported.
    99  func (s *Scanner) IsSupportedVersion(osFamily ftypes.OSType, osVer string) bool {
   100  	return osver.Supported(s.clock, eolDates, osFamily, osVer)
   101  }