fix(libscan): include a lockfile path of libs (#1012)

2020-06-24 10:46:00 +09:00
parent 8a611f9ba6
commit c11ba27509
8 changed files with 115 additions and 120 deletions
--- a/models/library.go
+++ b/models/library.go
@@ -19,11 +19,11 @@ import (
 type LibraryScanners []LibraryScanner

 // Find : find by name
-func (lss LibraryScanners) Find(name string) map[string]types.Library {
+func (lss LibraryScanners) Find(path, name string) map[string]types.Library {
 	filtered := map[string]types.Library{}
 	for _, ls := range lss {
 		for _, lib := range ls.Libs {
-			if lib.Name == name {
+			if ls.Path == path && lib.Name == name {
 				filtered[ls.Path] = lib
 				break
 			}
@@ -40,11 +40,10 @@ type LibraryScanner struct {

 // Scan : scan target library
 func (s LibraryScanner) Scan() ([]VulnInfo, error) {
-	scanner := library.DriverFactory{}.NewDriver(filepath.Base(string(s.Path)))
-	if scanner == nil {
-		return nil, xerrors.New("unknown file type")
+	scanner, err := library.DriverFactory{}.NewDriver(filepath.Base(string(s.Path)))
+	if err != nil {
+		return nil, xerrors.Errorf("Faild to new a library driver: %w", err)
 	}
-
 	var vulnerabilities = []VulnInfo{}
 	for _, pkg := range s.Libs {
 		v, err := version.NewVersion(pkg.Version)
@@ -94,6 +93,7 @@ func (s LibraryScanner) getVulnDetail(tvuln types.DetectedVulnerability) (vinfo
 				Key:     s.GetLibraryKey(),
 				Name:    tvuln.PkgName,
 				FixedIn: tvuln.FixedVersion,
+				Path:    s.Path,
 			},
 		}
 	}
@@ -141,4 +141,5 @@ type LibraryFixedIn struct {
 	Key     string `json:"key,omitempty"`
 	Name    string `json:"name,omitempty"`
 	FixedIn string `json:"fixedIn,omitempty"`
+	Path    string `json:"path,omitempty"`
 }
--- a/models/library_test.go
+++ b/models/library_test.go
@@ -9,6 +9,7 @@ import (

 func TestLibraryScanners_Find(t *testing.T) {
 	type args struct {
+		path string
 		name string
 	}
 	tests := []struct {
@@ -30,7 +31,7 @@ func TestLibraryScanners_Find(t *testing.T) {
 					},
 				},
 			},
-			args: args{"libA"},
+			args: args{"/pathA", "libA"},
 			want: map[string]types.Library{
 				"/pathA": {
 					Name:    "libA",
@@ -60,16 +61,12 @@ func TestLibraryScanners_Find(t *testing.T) {
 					},
 				},
 			},
-			args: args{"libA"},
+			args: args{"/pathA", "libA"},
 			want: map[string]types.Library{
 				"/pathA": {
 					Name:    "libA",
 					Version: "1.0.0",
 				},
-				"/pathB": {
-					Name:    "libA",
-					Version: "1.0.5",
-				},
 			},
 		},
 		{
@@ -85,13 +82,13 @@ func TestLibraryScanners_Find(t *testing.T) {
 					},
 				},
 			},
-			args: args{"libB"},
+			args: args{"/pathA", "libB"},
 			want: map[string]types.Library{},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if got := tt.lss.Find(tt.args.name); !reflect.DeepEqual(got, tt.want) {
+			if got := tt.lss.Find(tt.args.path, tt.args.name); !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("LibraryScanners.Find() = %v, want %v", got, tt.want)
 			}
 		})