Skip to content

Commit

Permalink
feat: include file location in table output (#1199)
Browse files Browse the repository at this point in the history 
Signed-off-by: James Neate <jamesmneate@gmail.com>
  • Loading branch information
@jneate
jneate committed May 6, 2023
1 parent 2930a18 commit 4e8df15
Show file tree
Hide file tree
Showing 14 changed files with 462 additions and 41 deletions.
51 changes: 47 additions & 4 deletions grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterDir.golden
View file
Expand Up @@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"serialNumber": "urn:uuid:f701dea7-2715-48eb-8d63-878377007e65",
"serialNumber": "urn:uuid:716ad06c-2cad-4ffd-a507-08862a89959a",
"version": 1,
"metadata": {
"timestamp": "2023-05-04T09:41:30-04:00",
"timestamp": "2023-05-06T03:07:35+01:00",
"tools": [
{
"vendor": "anchore",
Expand Down Expand Up @@ -48,11 +48,28 @@
"value": "/foo/bar/somefile-2.txt"
}
]
},
{
"bom-ref": "a8d804be757ae96",
"type": "library",
"name": "package-3",
"version": "3.3.3",
"cpe": "cpe:2.3:a:anchore:engine:3.3.3:*:*:python:*:*:*:*",
"properties": [
{
"name": "syft:package:type",
"value": "npm"
},
{
"name": "syft:location:0:path",
"value": "/foo/bar/somefile-3.txt"
}
]
}
],
"vulnerabilities": [
{
"bom-ref": "urn:uuid:befb74e5-738d-4b2c-adf2-03d276553bca",
"bom-ref": "urn:uuid:61854d6b-1741-4369-b975-b2cad5f9115a",
"id": "CVE-1999-0001",
"source": {},
"references": [
Expand All @@ -78,7 +95,7 @@
]
},
{
"bom-ref": "urn:uuid:9cf43de2-c92a-4f29-add6-29bdd71a0285",
"bom-ref": "urn:uuid:0289344e-4b40-4418-b399-9a709d13819f",
"id": "CVE-1999-0002",
"source": {},
"references": [
Expand All @@ -102,6 +119,32 @@
"ref": "b4013a965511376c"
}
]
},
{
"bom-ref": "urn:uuid:31c2575e-43eb-43e6-bcfa-fc70c36b61e6",
"id": "CVE-1999-0003",
"source": {},
"references": [
{
"id": "CVE-1999-0003",
"source": {}
}
],
"ratings": [
{
"score": 1,
"severity": "high",
"method": "CVSSv3",
"vector": "vector"
}
],
"description": "1999-03 description",
"advisories": [],
"affects": [
{
"ref": "f45d1ab14d63730d"
}
]
}
]
}
51 changes: 47 additions & 4 deletions grype/presenter/cyclonedx/test-fixtures/snapshot/TestCycloneDxPresenterImage.golden
View file
Expand Up @@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"serialNumber": "urn:uuid:102e3928-5e9e-4352-bdfe-b9eb64b837f8",
"serialNumber": "urn:uuid:17d74ef5-13ca-4c95-a8da-cb30698d2098",
"version": 1,
"metadata": {
"timestamp": "2023-05-04T09:41:30-04:00",
"timestamp": "2023-05-06T03:07:35+01:00",
"tools": [
{
"vendor": "anchore",
Expand Down Expand Up @@ -48,11 +48,28 @@
"value": "/foo/bar/somefile-2.txt"
}
]
},
{
"bom-ref": "a8d804be757ae96",
"type": "library",
"name": "package-3",
"version": "3.3.3",
"cpe": "cpe:2.3:a:anchore:engine:3.3.3:*:*:python:*:*:*:*",
"properties": [
{
"name": "syft:package:type",
"value": "npm"
},
{
"name": "syft:location:0:path",
"value": "/foo/bar/somefile-3.txt"
}
]
}
],
"vulnerabilities": [
{
"bom-ref": "urn:uuid:e082487a-f943-4d4a-8f7c-020d4b0838c4",
"bom-ref": "urn:uuid:04040d97-022e-4ffa-bb3d-225a22641a46",
"id": "CVE-1999-0001",
"source": {},
"references": [
Expand All @@ -78,7 +95,7 @@
]
},
{
"bom-ref": "urn:uuid:3d8b0870-5c57-4063-b30d-56102dd49ec1",
"bom-ref": "urn:uuid:778faaaf-dfca-4cb6-adc1-4da361a2f95d",
"id": "CVE-1999-0002",
"source": {},
"references": [
Expand All @@ -102,6 +119,32 @@
"ref": "b4013a965511376c"
}
]
},
{
"bom-ref": "urn:uuid:fa1f0294-6d50-4f81-96ff-9d172332a31a",
"id": "CVE-1999-0003",
"source": {},
"references": [
{
"id": "CVE-1999-0003",
"source": {}
}
],
"ratings": [
{
"score": 1,
"severity": "high",
"method": "CVSSv3",
"vector": "vector"
}
],
"description": "1999-03 description",
"advisories": [],
"affects": [
{
"ref": "f45d1ab14d63730d"
}
]
}
]
}
63 changes: 63 additions & 0 deletions grype/presenter/json/test-fixtures/snapshot/TestJsonDirsPresenter.golden
View file
Expand Up @@ -132,6 +132,69 @@
"purl": "",
"upstreams": []
}
},
{
"vulnerability": {
"id": "CVE-1999-0003",
"dataSource": "",
"severity": "High",
"urls": [],
"description": "1999-03 description",
"cvss": [
{
"version": "3.0",
"vector": "vector",
"metrics": {
"baseScore": 1,
"exploitabilityScore": 2,
"impactScore": 3
},
"vendorMetadata": {
"BaseSeverity": "Low",
"Status": "verified"
}
}
],
"fix": {
"versions": [],
"state": ""
},
"advisories": []
},
"relatedVulnerabilities": [],
"matchDetails": [
{
"type": "exact-indirect-match",
"matcher": "javascript-matcher",
"searchedBy": {
"cpe": "somecpe"
},
"found": {
"constraint": "somecpe"
}
}
],
"artifact": {
"id": "f45d1ab14d63730d",
"name": "package-3",
"version": "3.3.3",
"type": "npm",
"locations": [
{
"path": "/foo/bar/somefile-3.txt"
}
],
"language": "",
"licenses": [
"MIT",
"Apache-2.0"
],
"cpes": [
"cpe:2.3:a:anchore:engine:3.3.3:*:*:python:*:*:*:*"
],
"purl": "",
"upstreams": []
}
}
],
"source": {
Expand Down
63 changes: 63 additions & 0 deletions grype/presenter/json/test-fixtures/snapshot/TestJsonImgsPresenter.golden
View file
Expand Up @@ -132,6 +132,69 @@
"purl": "",
"upstreams": []
}
},
{
"vulnerability": {
"id": "CVE-1999-0003",
"dataSource": "",
"severity": "High",
"urls": [],
"description": "1999-03 description",
"cvss": [
{
"version": "3.0",
"vector": "vector",
"metrics": {
"baseScore": 1,
"exploitabilityScore": 2,
"impactScore": 3
},
"vendorMetadata": {
"BaseSeverity": "Low",
"Status": "verified"
}
}
],
"fix": {
"versions": [],
"state": ""
},
"advisories": []
},
"relatedVulnerabilities": [],
"matchDetails": [
{
"type": "exact-indirect-match",
"matcher": "javascript-matcher",
"searchedBy": {
"cpe": "somecpe"
},
"found": {
"constraint": "somecpe"
}
}
],
"artifact": {
"id": "f45d1ab14d63730d",
"name": "package-3",
"version": "3.3.3",
"type": "npm",
"locations": [
{
"path": "/foo/bar/somefile-3.txt"
}
],
"language": "",
"licenses": [
"MIT",
"Apache-2.0"
],
"cpes": [
"cpe:2.3:a:anchore:engine:3.3.3:*:*:python:*:*:*:*"
],
"purl": "",
"upstreams": []
}
}
],
"source": {
Expand Down
15 changes: 11 additions & 4 deletions grype/presenter/models/document_test.go
View file
Expand Up @@ -30,14 +30,21 @@ func TestPackagesAreSorted(t *testing.T) {
Type: syftPkg.DebPkg,
}

var pkg3 = pkg.Package{
ID: "package-3-id",
Name: "package-3",
Version: "3.3.3",
Type: syftPkg.NpmPkg,
}

var match1 = match.Match{
Vulnerability: vulnerability.Vulnerability{
ID: "CVE-1999-0003",
},
Package: pkg1,
Package: pkg3,
Details: match.Details{
{
Type: match.ExactDirectMatch,
Type: match.ExactIndirectMatch,
},
},
}
Expand All @@ -46,7 +53,7 @@ func TestPackagesAreSorted(t *testing.T) {
Vulnerability: vulnerability.Vulnerability{
ID: "CVE-1999-0002",
},
Package: pkg1,
Package: pkg2,
Details: match.Details{
{
Type: match.ExactIndirectMatch,
Expand All @@ -69,7 +76,7 @@ func TestPackagesAreSorted(t *testing.T) {
matches := match.NewMatches()
matches.Add(match1, match2, match3)

packages := []pkg.Package{pkg1, pkg2}
packages := []pkg.Package{pkg1, pkg2, pkg3}

ctx := pkg.Context{
Source: &syftSource.Metadata{
Expand Down
17 changes: 16 additions & 1 deletion grype/presenter/models/metadata_mock.go
View file
Expand Up @@ -55,9 +55,24 @@ func NewMetadataMock() *MetadataMock {
},
},
"CVE-1999-0003": {
"source-1": {
"source-3": {
Description: "1999-03 description",
Severity: "High",
Cvss: []vulnerability.Cvss{
{
Metrics: vulnerability.NewCvssMetrics(
1,
2,
3,
),
Vector: "vector",
Version: "3.0",
VendorMetadata: MockVendorMetadata{
BaseSeverity: "Low",
Status: "verified",
},
},
},
},
},
},
Expand Down

0 comments on commit 4e8df15

Please sign in to comment.