fix(library): fill libraryFixedIns{}.key in ftypes.Pnpm and ftypes.DotNetCore (#1498)

* fix(library): fill key in ftypes.Pnpm and ftypes.DotNetCore * chore(library): change the data structure of LibraryMap
2022-07-26 13:53:50 +09:00
parent d79d138440
commit ab54266f9e
2 changed files with 22 additions and 31 deletions
--- a/models/library.go
+++ b/models/library.go
@@ -1,8 +1,6 @@
 package models

 import (
-	"path/filepath"
-
 	"github.com/aquasecurity/trivy-db/pkg/db"
 	trivyDBTypes "github.com/aquasecurity/trivy-db/pkg/types"
 	"github.com/aquasecurity/trivy/pkg/detector/library"
@@ -131,25 +129,24 @@ func getCveContents(cveID string, vul trivyDBTypes.Vulnerability) (contents map[
 	return contents
 }

-// LibraryMap is filename and library type
-var LibraryMap = map[string]string{
-	ftypes.NpmPkgLock:      "node",
-	ftypes.YarnLock:        "node",
-	ftypes.GemfileLock:     "ruby",
-	ftypes.CargoLock:       "rust",
-	ftypes.ComposerLock:    "php",
-	ftypes.PipRequirements: "python",
-	ftypes.PipfileLock:     "python",
-	ftypes.PoetryLock:      "python",
-	ftypes.NuGetPkgsLock:   ".net",
-	ftypes.NuGetPkgsConfig: ".net",
-	ftypes.GoMod:           "gomod",
-	ftypes.GoSum:           "gomod",
-	ftypes.MavenPom:        "java",
-	"*.jar":                "java",
-	"*.war":                "java",
-	"*.ear":                "java",
-	"*.par":                "java",
+// FindLockFiles is a list of filenames that is the target of findLock
+var FindLockFiles = []string{
+	// node
+	ftypes.NpmPkgLock, ftypes.YarnLock, ftypes.PnpmLock,
+	// ruby
+	ftypes.GemfileLock,
+	// rust
+	ftypes.CargoLock,
+	// php
+	ftypes.ComposerLock,
+	// python
+	ftypes.PipRequirements, ftypes.PipfileLock, ftypes.PoetryLock,
+	// .net
+	ftypes.NuGetPkgsLock, ftypes.NuGetPkgsConfig, "*.deps.json",
+	// gomod
+	ftypes.GoMod, ftypes.GoSum,
+	// java
+	ftypes.MavenPom, "*.jar", "*.war", "*.ear", "*.par",
 }

 // GetLibraryKey returns target library key
@@ -165,20 +162,14 @@ func (s LibraryScanner) GetLibraryKey() string {
 		return "gomod"
 	case ftypes.Jar, ftypes.Pom:
 		return "java"
-	case ftypes.Npm, ftypes.Yarn, ftypes.NodePkg, ftypes.JavaScript:
+	case ftypes.Npm, ftypes.Yarn, ftypes.Pnpm, ftypes.NodePkg, ftypes.JavaScript:
 		return "node"
-	case ftypes.NuGet:
+	case ftypes.NuGet, ftypes.DotNetCore:
 		return ".net"
 	case ftypes.Pipenv, ftypes.Poetry, ftypes.Pip, ftypes.PythonPkg:
 		return "python"
 	default:
-		filename := filepath.Base(s.LockfilePath)
-		switch filepath.Ext(filename) {
-		case ".jar", ".war", ".ear", ".par":
-			return "java"
-		default:
-			return LibraryMap[filename]
-		}
+		return ""
 	}
 }

--- a/scanner/base.go
+++ b/scanner/base.go
@@ -592,7 +592,7 @@ func (l *base) scanLibraries() (err error) {
 	// auto detect lockfile
 	if l.ServerInfo.FindLock {
 		findopt := ""
-		for filename := range models.LibraryMap {
+		for _, filename := range models.FindLockFiles {
 			findopt += fmt.Sprintf("-name %q -o ", filename)
 		}