Skip to content

can vuls find jar files in the filesystem when using lockfile module  #1416

New issue
New issue
Closed
#1417
Closed
can vuls find jar files in the filesystem when using lockfile module #1416
#1417
@lunatech

Description

@lunatech
lunatech
opened on Mar 12, 2022

Currently the variable LibraryMap is used to store the list of lockfiles

vuls/models/library.go

Lines 134 to 144 in 77049d6

var LibraryMap = map[string]string{
"package-lock.json": "node",
"yarn.lock": "node",
"Gemfile.lock": "ruby",
"Cargo.lock": "rust",
"composer.lock": "php",
"Pipfile.lock": "python",
"poetry.lock": "python",
"packages.lock.json": ".net",
"go.sum": "gomod",
}

LibraryMap is later used to create the find command to locate the lockfiles.

vuls/scanner/base.go

Lines 594 to 596 in fe8d252

for filename := range models.LibraryMap {
findopt += fmt.Sprintf("-name %q -o ", "*"+filename)
}

If a user wants to scan for jar files, the user is expected to specify the list manually using the lockfiles in the config.toml. Would it be possible to extend LibraryMap is such a way that all the jar files are found and scanned for vulnerabilities?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions