Skip to content

Commit

Permalink
Merge branch 'main' into patch-1
Browse files Browse the repository at this point in the history
  • Loading branch information
@SSE4
SSE4 authored Jan 9, 2023
2 parents 75d6361 + f9df1a1 commit c7f4cbf
Show file tree
Hide file tree
Showing 14 changed files with 591 additions and 15 deletions.
7 changes: 6 additions & 1 deletion .github/workflows/lint.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,12 @@

name: lint

on: [pull_request]
on:
push:
branches: [ main ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]

permissions: read-all

Expand Down
21 changes: 11 additions & 10 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,22 +111,23 @@ osv-scanner --sbom=/path/to/your/sbom.json
A wide range of lockfiles are supported by utilizing this [lockfile package](https://github.com/google/osv-scanner/tree/main/pkg/lockfile). This is the current list of supported lockfiles:

- `conan.lock`
- `buildscript-gradle.lockfile`
- `Cargo.lock`
- `package-lock.json`
- `packages.lock.json`
- `yarn.lock`
- `pnpm-lock.yaml`
- `composer.lock`
- `Gemfile.lock`
- `go.mod`
- `gradle.lockfile`
- `mix.lock`
- `package-lock.json`
- `packages.lock.json`
- `Pipfile.lock`
- `pnpm-lock.yaml`
- `poetry.lock`
- `pubspec.lock`
- `pom.xml`[\*](https://github.com/google/osv-scanner/issues/35)
- `pubspec.lock`
- `requirements.txt`[\*](https://github.com/google/osv-scanner/issues/34)
- `gradle.lockfile`
- `buildscript-gradle.lockfile`
- `Pipfile.lock`
- `yarn.lock`
- `/lib/apk/db/installed` (Alpine)

#### Example

Expand Down Expand Up @@ -212,7 +213,7 @@ When using the --json flag, only the JSON output will be printed to stdout, with
},
"packages": [
{
"Package": {
"package": {
"name": "github.com/gogo/protobuf",
"version": "1.3.1",
"ecosystem": "Go"
Expand Down Expand Up @@ -254,7 +255,7 @@ When using the --json flag, only the JSON output will be printed to stdout, with
},
"packages": [
{
"Package": {
"package": {
"name": "regex",
"version": "1.5.1",
"ecosystem": "crates.io"
Expand Down
1 change: 1 addition & 0 deletions pkg/lockfile/ecosystems.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,6 @@ func KnownEcosystems() []Ecosystem {
PipEcosystem,
PubEcosystem,
ConanEcosystem,
AlpineEcosystem,
}
}
Empty file added pkg/lockfile/fixtures/apk/empty_installed
View file
Empty file.
131 changes: 131 additions & 0 deletions pkg/lockfile/fixtures/apk/malformed_installed
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,131 @@

This is a malformed APK installed file



no package:

Z:Q1olh8TpdAi2QnTl4FK3TjdUiSwTo=
R:loader_attic.so
R:afalg.so
Z:Q1mcqLbO6iQe8TmQCoRDozFWScisQ=
F:usr/lib
r:libcrypto1.1
F:etc
F:lib
F:usr/lib/ossl-modules
R:libcrypto.so.3
a:0:0:755
Z:Q1AFDkJxxzzc5SCdOjdbK1BA/vbsY=
o:openssl
I:4206592
R:legacy.so
Z:Q1fqYq/iJ6x71cTpr8fcO4/6IgyQg=
C:Q1TjmrAEa5PKd40PNz6OIpo+bBeW0=
a:0:0:755
R:openssl.cnf
R:openssl.cnf.dist
F:etc/ssl/private
R:padlock.so
Z:Q1zr8y7mYzOdgG1uz+DmGLBLOZ/jM=
a:0:0:755
R:capi.so
S:1707237
F:etc/ssl
a:0:0:777
p:so:libcrypto.so.3=3
R:ct_log_list.cnf.dist
F:usr/lib/engines-3
V:3.0.7-r0
Z:Q1WjKZkr5xeMyOxhVrCQfW04JiiME=
F:etc/ssl/certs
c:37a47708fdd97644624ff4b7238bb3299e037eaf
a:0:0:777
t:1667317778
a:0:0:755
Z:Q1op76VCo7av+GQqk9nT9kEezP1I8=
L:Apache-2.0
R:tsget
a:0:0:755
R:CA.pl
R:ct_log_list.cnf
D:so:libc.musl-x86_64.so.1
Z:Q1XK8nt7AyX7GIGpMOLlkJk5dy81c=
R:libcrypto.so.3
T:Crypto library from openssl
Z:Q1fqYq/iJ6x71cTpr8fcO4/6IgyQg=
Z:Q1olh8TpdAi2QnTl4FK3TjdUiSwTo=
F:usr
Z:Q13NVgfr7dQUuGYxur0tNalH6EIjU=
R:tsget.pl
Z:Q1yzxstq05Nm+4DAS0gR/XScMthRY=
a:0:0:755
a:0:0:755
a:0:0:755
Z:Q1nwKfkE6NiHpVJ8wZRoQYglMEYwQ=
U:https://www.openssl.org/
F:etc/ssl/misc
A:x86_64
Z:Q1Uv35WBwtuePGrdxQuLDKbHVVTT4=

nothing here:
Z:Q1yVNLeeB7VouhCO/kz+dbfL3dY4c=
F:sbin
Z:Q1EgLFjj67ou3eMqp4m3r2ZjnQ7QU=
Z:Q1ORf+lPRKuYgdkBBcKoevR1t60Q4=
M:0:0:1777
Z:Q1mB95Hq2NUTZ599RDiSsj9w5FrOU=
F:etc
F:var
F:etc/network/if-pre-up.d
Z:Q1HWpG3eQD8Uoi4mks2E3SSvOAUhY=
F:usr/sbin








no version
F:var/lib
A:x86_64
F:var/cache
F:etc/network/if-up.d
F:usr/share
t:1668852790
F:etc/network/if-down.d
a:0:0:755
C:Q1NN3sp0yr99btRysqty3nQUrWHaY=
S:509600
a:0:0:755
F:etc/network/if-post-up.d
o:busybox
R:udhcpd.conf
U:https://busybox.net/
F:var/cache/misc
a:0:0:775
F:usr/share/udhcpc
p:cmd:busybox=1.35.0-r29
R:dad
R:securetty
F:etc/network/if-post-down.d
I:962560
F:etc/logrotate.d
D:so:libc.musl-x86_64.so.1
F:bin
c:1dbf7a793afae640ea643a055b6dd4f430ac116b
F:var/lib/udhcpd
F:tmp
Z:Q1TylyCINVmnS+A/Tead4vZhE7Bks=
T:Size optimized toolbox of many common UNIX utilities
F:etc/network/if-pre-down.d
R:default.script
R:acpid
r:busybox-initscripts
R:busybox
L:GPL-2.0-only
F:usr
F:etc/network
P:busybox
123 changes: 123 additions & 0 deletions pkg/lockfile/fixtures/apk/multiple_installed
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,123 @@
C:Q1/JgpM8J6DWI/541tUX+uHEzSjqo=
P:alpine-baselayout-data
V:3.4.0-r0
A:x86_64
S:11664
I:77824
T:Alpine base dir structure and init scripts
U:https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout
L:GPL-2.0-only
o:alpine-baselayout
m:redacted <redacted@redacted.com
t:1667573027
c:bd965a7ebf7fd8f07d7a0cc0d7375bf3e4eb9b24
r:alpine-baselayout
F:etc
R:fstab
Z:Q11Q7hNe8QpDS531guqCdrXBzoA/o=
R:group
Z:Q13K+olJg5ayzHSVNUkggZJXuB+9Y=
R:hostname
Z:Q16nVwYVXP/tChvUPdukVD2ifXOmc=
R:hosts
Z:Q1BD6zJKZTRWyqGnPi4tSfd3krsMU=
R:inittab
Z:Q1TsthbhW7QzWRe1E/NKwTOuD4pHc=
R:modules
Z:Q1toogjUipHGcMgECgPJX64SwUT1M=
R:mtab
a:0:0:777
Z:Q1kiljhXXH1LlQroHsEJIkPZg2eiw=
R:nsswitch.conf
Z:Q19DBsMnv0R2fajaTjoTv0C91NOqo=
R:passwd
Z:Q1TchuuLUfur0izvfZQZxgN/LJhB8=
R:profile
Z:Q1Ia5UTXvRkAH1lTZK8lm8qRBdRF4=
R:protocols
Z:Q11fllRTkIm5bxsZVoSNeDUn2m+0c=
R:services
Z:Q1oNeiKb8En3/hfoRFImI25AJFNdA=
R:shadow
a:0:42:640
Z:Q1ltrPIAW2zHeDiajsex2Bdmq3uqA=
R:shells
Z:Q1ojm2YdpCJ6B/apGDaZ/Sdb2xJkA=
R:sysctl.conf
Z:Q14upz3tfnNxZkIEsUhWn7Xoiw96g=

C:Q1Pk7x1woArbB1nzkMPJPq1TECwus=
P:musl
V:1.2.3-r4
A:x86_64
S:388955
I:634880
T:the musl c library (libc) implementation
U:https://musl.libc.org/
L:MIT
o:musl
m:redacted <redacted@redacted.com>
t:1668104640
c:f93af038c3de7146121c2ea8124ba5ce29b4b058
p:so:libc.musl-x86_64.so.1=1
F:lib
R:ld-musl-x86_64.so.1
a:0:0:755
Z:Q1tGxgx2FLrD+0Uk03NUBwbbEiRCU=
R:libc.musl-x86_64.so.1
a:0:0:777
Z:Q17yJ3JFNypA4mxhJJr0ou6CzsJVI=

C:Q1NN3sp0yr99btRysqty3nQUrWHaY=
P:busybox
V:1.35.0-r29
A:x86_64
S:509600
I:962560
T:Size optimized toolbox of many common UNIX utilities
U:https://busybox.net/
L:GPL-2.0-only
o:busybox
m:redacted <redacted@redacted.com>
t:1668852790
c:1dbf7a793afae640ea643a055b6dd4f430ac116b
D:so:libc.musl-x86_64.so.1
p:cmd:busybox=1.35.0-r29
r:busybox-initscripts
F:bin
R:busybox
a:0:0:755
Z:Q1yVNLeeB7VouhCO/kz+dbfL3dY4c=
F:etc
R:securetty
Z:Q1mB95Hq2NUTZ599RDiSsj9w5FrOU=
R:udhcpd.conf
Z:Q1EgLFjj67ou3eMqp4m3r2ZjnQ7QU=
F:etc/logrotate.d
R:acpid
Z:Q1TylyCINVmnS+A/Tead4vZhE7Bks=
F:etc/network
F:etc/network/if-down.d
F:etc/network/if-post-down.d
F:etc/network/if-post-up.d
F:etc/network/if-pre-down.d
F:etc/network/if-pre-up.d
F:etc/network/if-up.d
R:dad
a:0:0:775
Z:Q1ORf+lPRKuYgdkBBcKoevR1t60Q4=
F:sbin
F:tmp
M:0:0:1777
F:usr
F:usr/sbin
F:usr/share
F:usr/share/udhcpc
R:default.script
a:0:0:755
Z:Q1HWpG3eQD8Uoi4mks2E3SSvOAUhY=
F:var
F:var/cache
F:var/cache/misc
F:var/lib
F:var/lib/udhcpd
12 changes: 12 additions & 0 deletions pkg/lockfile/fixtures/apk/not_installed
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
Not an APK file!
[[package]]
name = "hello_world"
version = "0.1.0"
dependencies = [
"regex 1.5.0 (git+https://github.com/rust-lang/regex.git#9f9f693768c584971a4d53bc3c586c33ed3a6831)",
]

[[package]]
name = "regex"
version = "1.5.0"
source = "git+https://github.com/rust-lang/regex.git#9f9f693768c584971a4d53bc3c586c33ed3a6831"
32 changes: 32 additions & 0 deletions pkg/lockfile/fixtures/apk/shuffled_installed
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
F:lib/apk/exec
F:var/lib
F:sbin
L:GPL-2.0-only
D:musl>=1.2 ca-certificates-bundle so:libc.musl-x86_64.so.1 so:libcrypto.so.3 so:libssl.so.3 so:libz.so.1
m:Natanael Copa <ncopa@alpinelinux.org>
Z:Q1/4bmOPe/H1YhHRzlrj27oufThMw=
I:307200
S:120973
c:0188f510baadbae393472103427b9c1875117136
F:etc
t:1666552494
A:x86_64
V:2.12.10-r1
F:lib/apk
F:var/lib/apk
a:0:0:755
C:Q1Ef3iwt+cMdGngEgaFr2URIJhKzQ=
T:Alpine Package Keeper - package manager for alpine
R:apk
P:apk-tools
F:etc/apk/protected_paths.d
F:etc/apk/keys
F:lib
Z:Q1opjpYqXgzmOVo7EbNe8l5Xol08g=
F:var
p:so:libapk.so.3.12.0=3.12.0 cmd:apk=2.12.10-r1
R:libapk.so.3.12.0
a:0:0:755
F:etc/apk
o:apk-tools
U:https://gitlab.alpinelinux.org/alpine/apk-tools
Loading

0 comments on commit c7f4cbf

Please sign in to comment.