update trivy, and unsupport image scanning feature (#971)

* update trivy, fanal. unsupport image scanning * Update models/library.go Co-authored-by: Teppei Fukuda <teppei@elab.ic.i.u-tokyo.ac.jp> * add -no-progress flag to report/tui cmd * Display trivy vuln info to tui/report * add detection method to vulninfo detected by trivy * fix(uuid): change uuid lib to go-uuid #929 (#969) * update trivy, fanal. unsupport image scanning * Update models/library.go Co-authored-by: Teppei Fukuda <teppei@elab.ic.i.u-tokyo.ac.jp> * add -no-progress flag to report/tui cmd * Display trivy vuln info to tui/report * add detection method to vulninfo detected by trivy * unique ref links in TUI * download trivy DB only when lock file is specified in config.toml Co-authored-by: Teppei Fukuda <teppei@elab.ic.i.u-tokyo.ac.jp>
2020-05-08 15:24:39 +09:00
parent 9dd025437b
commit ebe5f858c8
22 changed files with 475 additions and 677 deletions
--- a/report/tui.go
+++ b/report/tui.go
@@ -622,6 +622,7 @@ func summaryLines(r models.ScanResult) string {
 		pkgNames = append(pkgNames, vinfo.CpeURIs...)
 		pkgNames = append(pkgNames, vinfo.GitHubSecurityAlerts.Names()...)
 		pkgNames = append(pkgNames, vinfo.WpPackageFixStats.Names()...)
+		pkgNames = append(pkgNames, vinfo.LibraryFixedIns.Names()...)

 		exploits := ""
 		if 0 < len(vinfo.Exploits) {
@@ -752,17 +753,11 @@ func setChangelogLayout(g *gocui.Gui) error {
 			}
 		}

-		// check library fixedin
-		for _, scanner := range r.LibraryScanners {
-			key := scanner.GetLibraryKey()
-			for _, fixedin := range vinfo.LibraryFixedIns {
-				for _, lib := range scanner.Libs {
-					if fixedin.Key == key && lib.Name == fixedin.Name {
-						lines = append(lines, fmt.Sprintf("* %s-%s, FixedIn: %s",
-							lib.Name, lib.Version, fixedin.FixedIn))
-						continue
-					}
-				}
+		for _, l := range vinfo.LibraryFixedIns {
+			libs := r.LibraryScanners.Find(l.Name)
+			for path, lib := range libs {
+				lines = append(lines, fmt.Sprintf("%s-%s, FixedIn: %s (%s)",
+					lib.Name, lib.Version, l.FixedIn, path))
 			}
 		}

@@ -876,15 +871,24 @@ func detailLines() (string, error) {
 		links = append(links, url)
 	}

-	refs := []models.Reference{}
+	refsMap := map[string]models.Reference{}
 	for _, rr := range vinfo.CveContents.References(r.Family) {
 		for _, ref := range rr.Value {
 			if ref.Source == "" {
 				ref.Source = "-"
 			}
-			refs = append(refs, ref)
+			refsMap[ref.Link] = ref
 		}
 	}
+	if cont, found := vinfo.CveContents[models.Trivy]; found {
+		for _, ref := range cont.References {
+			refsMap[ref.Link] = ref
+		}
+	}
+	refs := []models.Reference{}
+	for _, v := range refsMap {
+		refs = append(refs, v)
+	}

 	summary := vinfo.Summaries(r.Lang, r.Family)[0]
 	mitigation := vinfo.Mitigations(r.Family)[0]