From 80bb416daafb89359a80bb67ce260c2b1391259e Mon Sep 17 00:00:00 2001 From: Alex Goodman Date: Thu, 27 May 2021 14:17:05 -0400 Subject: [PATCH] bump grype-db to pull in v3 schema changes + ensure related vulns are not nil Signed-off-by: Alex Goodman --- go.mod | 4 +--- go.sum | 8 ++++---- grype/presenter/models/document.go | 6 +++--- 3 files changed, 8 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index 742afea6..acc45154 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/adrg/xdg v0.2.1 github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04 github.com/anchore/go-version v1.2.2-0.20200810141238-330bef18dbca - github.com/anchore/grype-db v0.0.0-20210520150424-d5068175bf94 + github.com/anchore/grype-db v0.0.0-20210527140125-6f881b00e927 github.com/anchore/stereoscope v0.0.0-20210413221244-d577f30b19e6 github.com/anchore/syft v0.15.2-0.20210506190909-360eb74cc71c github.com/docker/docker v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible @@ -44,5 +44,3 @@ require ( gopkg.in/ini.v1 v1.57.0 // indirect gopkg.in/yaml.v2 v2.3.0 ) - -replace github.com/anchore/grype-db => ../grype-db diff --git a/go.sum b/go.sum index eefd2085..a07aae2c 100644 --- a/go.sum +++ b/go.sum @@ -122,12 +122,12 @@ github.com/anchore/go-testutils v0.0.0-20200925183923-d5f45b0d3c04/go.mod h1:6dK github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E= github.com/anchore/go-version v1.2.2-0.20200810141238-330bef18dbca h1:rLyc7Rih769rYABQe4nBPt3jHJd/snBuVvKKGoy5HEc= github.com/anchore/go-version v1.2.2-0.20200810141238-330bef18dbca/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E= +github.com/anchore/grype-db v0.0.0-20210527140125-6f881b00e927 h1:4DX6mymMdYIH1ptYEXZupij8x8AeNYR0Q9ILsqbE3nc= +github.com/anchore/grype-db v0.0.0-20210527140125-6f881b00e927/go.mod h1:XSlPf1awNrMpah+rHbWrzgUvnmWLgn/KkdicxERVClg= github.com/anchore/stereoscope v0.0.0-20210413221244-d577f30b19e6 h1:g9ZS2V/T0wxseccI4t1hQTqWBek5DVOQZOzzdWBjwnU= github.com/anchore/stereoscope v0.0.0-20210413221244-d577f30b19e6/go.mod h1:vhh1M99rfWx5ejMvz1lkQiFZUrC5wu32V12R4JXH+ZI= -github.com/anchore/stereoscope v0.0.0-20210524175238-3b7662f3a66f h1:bFadyOLOkzME3BrZFZ5m8cf/b2hsn3aMSS9s+SKubRk= -github.com/anchore/stereoscope v0.0.0-20210524175238-3b7662f3a66f/go.mod h1:vhh1M99rfWx5ejMvz1lkQiFZUrC5wu32V12R4JXH+ZI= -github.com/anchore/syft v0.15.3-0.20210524151556-2ca2f0350133 h1:37KItVunSU9vX8umE0PoH8SKZ+XR7itt2+DehSjxv9A= -github.com/anchore/syft v0.15.3-0.20210524151556-2ca2f0350133/go.mod h1:5k4L4CA5ZFFmRdk64oj0AV1ZqvLFZVOpfCk8DfUOsVc= +github.com/anchore/syft v0.15.2-0.20210506190909-360eb74cc71c h1:+ZGL3hHwPxBhQPEjyBU9rB5+tTVAOd8P6d3NMvpxSNM= +github.com/anchore/syft v0.15.2-0.20210506190909-360eb74cc71c/go.mod h1:5k4L4CA5ZFFmRdk64oj0AV1ZqvLFZVOpfCk8DfUOsVc= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/andybalholm/cascadia v1.1.0/go.mod h1:GsXiBklL0woXo1j/WYWtSYYC4ouU9PqHO0sqidkEA4Y= diff --git a/grype/presenter/models/document.go b/grype/presenter/models/document.go index f304694a..5f5ff793 100644 --- a/grype/presenter/models/document.go +++ b/grype/presenter/models/document.go @@ -44,14 +44,14 @@ func NewDocument(packages []pkg.Package, context pkg.Context, matches match.Matc return Document{}, fmt.Errorf("unable to find package in collection: %+v", p) } - relatedVulnerabilities := make([]VulnerabilityMetadata, len(m.Vulnerability.RelatedVulnerabilities)) - for idx, r := range m.Vulnerability.RelatedVulnerabilities { + relatedVulnerabilities := make([]VulnerabilityMetadata, 0) + for _, r := range m.Vulnerability.RelatedVulnerabilities { relatedMetadata, err := metadataProvider.GetMetadata(r.ID, r.Namespace) if err != nil { return Document{}, fmt.Errorf("unable to fetch related vuln=%q metadata: %+v", r, err) } if relatedMetadata != nil { - relatedVulnerabilities[idx] = NewVulnerabilityMetadata(r.ID, r.Namespace, relatedMetadata) + relatedVulnerabilities = append(relatedVulnerabilities, NewVulnerabilityMetadata(r.ID, r.Namespace, relatedMetadata)) } }