Mirrors/grype
2
0
Fork 0
mirror of https://github.com/anchore/grype synced 2024-11-10 06:34:13 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #16 from anchore/add-python-matcher

Browse source 
Add python matcher (egg and wheel)
This commit is contained in:
Alex Goodman 2020-06-10 15:42:09 -04:00 committed by GitHub
commit 35486c148c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 36 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
go.mod
View file

@ -4,7 +4,7 @@ go 1.14
require (
github.com/adrg/xdg v0.2.1
github.com/anchore/imgbom v0.0.0-20200604184352-e88669c536ce
github.com/anchore/imgbom v0.0.0-20200605135927-64a9125895b5
github.com/anchore/stereoscope v0.0.0-20200604133300-7e63b350b6d6
github.com/anchore/vulnscan-db v0.0.0-20200604185950-6a9f5a2c9ddf
github.com/hashicorp/go-version v1.2.0
@ -17,6 +17,7 @@ require (
go.uber.org/zap v1.15.0
golang.org/x/net v0.0.0-20200602114024-627f9648deb9 // indirect
golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980 // indirect
google.golang.org/genproto v0.0.0-20200605102947-12044bf5ea91 // indirect
gopkg.in/ini.v1 v1.57.0 // indirect
gopkg.in/yaml.v2 v2.3.0
)

4
go.sum
View file

@ -110,6 +110,8 @@ github.com/anchore/imgbom v0.0.0-20200603004815-b6122a413ba8 h1:k8e5yQI3mnkoxeEI
github.com/anchore/imgbom v0.0.0-20200603004815-b6122a413ba8/go.mod h1:Ttau0/FsMvXMTlPQvSpyQPi0VZQDosjwuHUv1zUwl7k=
github.com/anchore/imgbom v0.0.0-20200604184352-e88669c536ce h1:t/2K7VPuKX7DrYnPeclLNrH0gsRbW8ZBig7o50pqq50=
github.com/anchore/imgbom v0.0.0-20200604184352-e88669c536ce/go.mod h1:oVcJ4sEuqz/7XTPaJYIZRc4NYVl3zPP96g7RtWG31SE=
github.com/anchore/imgbom v0.0.0-20200605135927-64a9125895b5 h1:0ylgLfUfao/4DiuhuYLV9vX9fs2N+VfmgWZ0d8HqsxA=
github.com/anchore/imgbom v0.0.0-20200605135927-64a9125895b5/go.mod h1:c4LPvBC2SvyzgOdpbjUM6Ys4n10aX6gSOGQUYzfryWw=
github.com/anchore/stereoscope v0.0.0-20200520221116-025e07f1c93e h1:QBwtrM0MXi0z+GcHk3RoSyzaQ+CLgas0bC/uOd1P+PQ=
github.com/anchore/stereoscope v0.0.0-20200520221116-025e07f1c93e/go.mod h1:bkyLl5VITnrmgErv4S1vDfVz/TGAZ5il6161IQo7w2g=
github.com/anchore/stereoscope v0.0.0-20200523232006-be5f3c18958f h1:aPJQyXi8Y7PhnzhUszZfS/23TA5o29UCc3XGreflaqo=
@ -1087,6 +1089,8 @@ google.golang.org/genproto v0.0.0-20200603110839-e855014d5736 h1:+IE3xTD+6Eb7QWG
google.golang.org/genproto v0.0.0-20200603110839-e855014d5736/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
google.golang.org/genproto v0.0.0-20200604104852-0b0486081ffb h1:ek2py5bOqzR7MR/6obzk0rXUgYCLmjyLnaO9ssT+l6w=
google.golang.org/genproto v0.0.0-20200604104852-0b0486081ffb/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
google.golang.org/genproto v0.0.0-20200605102947-12044bf5ea91 h1:ES+5k7Xz+sYByd2L7mvcanaIuY0Iz3L3O6OhN+cRdu8=
google.golang.org/genproto v0.0.0-20200605102947-12044bf5ea91/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=

2
vulnscan/matcher/controller.go
View file

@ -6,6 +6,7 @@ import (
"github.com/anchore/vulnscan/internal/log"
"github.com/anchore/vulnscan/vulnscan/matcher/bundler"
"github.com/anchore/vulnscan/vulnscan/matcher/dpkg"
"github.com/anchore/vulnscan/vulnscan/matcher/python"
"github.com/anchore/vulnscan/vulnscan/result"
"github.com/anchore/vulnscan/vulnscan/vulnerability"
)
@ -26,6 +27,7 @@ func newController() controller {
}
ctrlr.add(&dpkg.Matcher{})
ctrlr.add(&bundler.Matcher{})
ctrlr.add(&python.Matcher{})
return ctrlr
}

24
vulnscan/matcher/python/matcher.go Normal file
View file

@ -0,0 +1,24 @@
package python
import (
"github.com/anchore/imgbom/imgbom/distro"
"github.com/anchore/imgbom/imgbom/pkg"
"github.com/anchore/vulnscan/vulnscan/match"
"github.com/anchore/vulnscan/vulnscan/matcher/common"
"github.com/anchore/vulnscan/vulnscan/vulnerability"
)
type Matcher struct {
}
func (m *Matcher) Types() []pkg.Type {
return []pkg.Type{pkg.EggPkg, pkg.WheelPkg}
}
func (m *Matcher) Name() string {
return "python-matcher"
}
func (m *Matcher) Match(store vulnerability.Provider, d distro.Distro, p *pkg.Package) ([]match.Match, error) {
return common.FindMatchesByPackageLanguage(store, p.Language, p, m.Name())
}

4
vulnscan/version/format.go
View file

@ -42,6 +42,10 @@ func FormatFromPkgType(t pkg.Type) Format {
format = DpkgFormat
case pkg.BundlerPkg:
format = SemanticFormat
case pkg.EggPkg:
format = SemanticFormat
case pkg.WheelPkg:
format = SemanticFormat
default:
format = UnknownFormat
}