feat(ruby): support gemspec (#1224)

Co-authored-by: knqyf263 <[email protected]>
aquasecurity · Sep 14, 2021 · d8cc8b5 · d8cc8b5
1 parent dbc7a83
commit d8cc8b5
Show file tree

Hide file tree

Showing 7 changed files with 18 additions and 16 deletions.
diff --git a/docs/vulnerability/detection/language.md b/docs/vulnerability/detection/language.md
@@ -4,7 +4,8 @@
 
 | Language | File                     | Image[^6] | Filesystem[^7] |  Repository[^8] |Dev dependencies |
 |---------|-------------------------|:---------:|:--------------:|:---------------:|-----------------|
-| Ruby     | Gemfile.lock             | ✅        | ✅              | ✅              | included         |
+| Ruby     | Gemfile.lock             | -         | ✅              | ✅              | included         |
+|          | gemspec                  | ✅        | ✅              | -               | included         |
 | Python   | Pipfile.lock             | -         | ✅              | ✅              |excluded         |
 |          | poetry.lock              | -         | ✅              | ✅              | included         |
 |          | requirements.txt         | -         | ✅              | ✅              | included         |
@@ -18,7 +19,6 @@
 | Go       | Binaries built by Go[^5] | ✅        | ✅              | -               | excluded         |
 |          | go.sum                   | -         | ✅              | ✅             | included         |
 
-
 The path of these files does not matter.
 
 Example: [Dockerfile](https://github.com/aquasecurity/trivy-ci-test/blob/main/Dockerfile)

diff --git a/go.mod b/go.mod
@@ -7,7 +7,7 @@ require (
 	github.com/Masterminds/sprig v2.22.0+incompatible
 	github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46
 	github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
-	github.com/aquasecurity/fanal v0.0.0-20210913141820-41bee177765e
+	github.com/aquasecurity/fanal v0.0.0-20210914172041-6ec4fbcfc2e3
 	github.com/aquasecurity/go-dep-parser v0.0.0-20210905090655-b95c2c079bbb
 	github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
 	github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798

diff --git a/go.sum b/go.sum
@@ -201,8 +201,8 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6
 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30xLN2sUZcMXl50hg+PJCIDdJgIvIbVcKqLJ/ZrtM=
 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8=
-github.com/aquasecurity/fanal v0.0.0-20210913141820-41bee177765e h1:ozWHRu3zoRu0CEtbiam72oHV44Znn634myebzwW+E60=
-github.com/aquasecurity/fanal v0.0.0-20210913141820-41bee177765e/go.mod h1:zm7pgAfSLjYHDMBz/wrEusyYmkeio38pMjIW+OIdvZw=
+github.com/aquasecurity/fanal v0.0.0-20210914172041-6ec4fbcfc2e3 h1:ELXkeEQ6d+olRfCig23i3MJWBu/IFLj8StYH8Iqk9aQ=
+github.com/aquasecurity/fanal v0.0.0-20210914172041-6ec4fbcfc2e3/go.mod h1:pkPj0NkblwiXdg7Q5RnNlekcJ935StxImiLsU3tCvno=
 github.com/aquasecurity/go-dep-parser v0.0.0-20210905090655-b95c2c079bbb h1:RYx2+0fUc/3nR4SywvLAs+Sm3dtLhpBw2IeBE8+w1Po=
 github.com/aquasecurity/go-dep-parser v0.0.0-20210905090655-b95c2c079bbb/go.mod h1:Zc7Eo6tFl9l4XcqsWeabD7jHnXRBK/LdgZuu9GTSVLU=
 github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=
@@ -214,8 +214,8 @@ github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46/go.
 github.com/aquasecurity/go-version v0.0.0-20201107203531-5e48ac5d022a/go.mod h1:9Beu8XsUNNfzml7WBf3QmyPToP1wm1Gj/Vc5UJKqTzU=
 github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 h1:rcEG5HI490FF0a7zuvxOxen52ddygCfNVjP0XOCMl+M=
 github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492/go.mod h1:9Beu8XsUNNfzml7WBf3QmyPToP1wm1Gj/Vc5UJKqTzU=
-github.com/aquasecurity/testdocker v0.0.0-20210815094158-097d418f8cdb h1:hIN+NXgHqaqt1iTm0VosBpq6MrEwipleGvdO3WRIjqk=
-github.com/aquasecurity/testdocker v0.0.0-20210815094158-097d418f8cdb/go.mod h1:gTd97VdQ0rg8Mkiic3rPgNOQdprZ7feTAhiD5mGQjgM=
+github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516 h1:moQmzbpLo5dxHQCyEhqzizsDSNrNhn/7uRTCZzo4A1o=
+github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516/go.mod h1:gTd97VdQ0rg8Mkiic3rPgNOQdprZ7feTAhiD5mGQjgM=
 github.com/aquasecurity/tfsec v0.46.0 h1:R9djHTpk+YrFuFv2GRdfU4rRz6uk5wLrgfx1fp9K1es=
 github.com/aquasecurity/tfsec v0.46.0/go.mod h1:Dafx5dX/1QV1d5en62shpzEXfq5F31IG6oNNxhleV5Y=
 github.com/aquasecurity/trivy-db v0.0.0-20210809142931-da8e09204404 h1:6nJle4kjovrm3gK+xl1iuYkv1vbbMRRviHkR7fj3Tjc=
@@ -438,7 +438,6 @@ github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/deckarep/golang-set v1.7.1/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ=
 github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
 github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY=
 github.com/dgraph-io/badger/v3 v3.2103.1 h1:zaX53IRg7ycxVlkd5pYdCeFp1FynD6qBGQoQql3R3Hk=

diff --git a/integration/testdata/fluentd-multiple-lockfiles.json.golden b/integration/testdata/fluentd-multiple-lockfiles.json.golden
@@ -198,7 +198,7 @@
     ]
   },
   {
-    "Target": "",
+    "Target": "Ruby",
     "Class": "lang-pkgs",
     "Type": "gemspec",
     "Vulnerabilities": [

diff --git a/pkg/scanner/local/scan.go b/pkg/scanner/local/scan.go
@@ -29,6 +29,7 @@ import (
 var (
 	pkgTargets = map[string]string{
 		ftypes.PythonPkg: "Python",
+		ftypes.GemSpec:   "Ruby",
 	}
 )
 

diff --git a/pkg/scanner/scan.go b/pkg/scanner/scan.go
@@ -114,8 +114,8 @@ func (s Scanner) ScanArtifact(ctx context.Context, options types.ScanOptions) (r
 		ArtifactType:  artifactInfo.Type,
 		Metadata: report.Metadata{
 			OS:          osFound,
-			RepoTags:    artifactInfo.RepoTags,
-			RepoDigests: artifactInfo.RepoDigests,
+			RepoTags:    artifactInfo.ImageMetadata.RepoTags,
+			RepoDigests: artifactInfo.ImageMetadata.RepoDigests,
 		},
 		Results: results,
 	}, nil

diff --git a/pkg/scanner/scan_test.go b/pkg/scanner/scan_test.go
@@ -37,11 +37,13 @@ func TestScanner_ScanArtifact(t *testing.T) {
 				},
 				Returns: artifact.ArtifactInspectReturns{
 					Reference: ftypes.ArtifactReference{
-						Name:        "alpine:3.11",
-						ID:          "sha256:e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a",
-						BlobIDs:     []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
-						RepoTags:    []string{"alpine:3.11"},
-						RepoDigests: []string{"alpine@sha256:0bd0e9e03a022c3b0226667621da84fc9bf562a9056130424b5bfbd8bcb0397f"},
+						Name:    "alpine:3.11",
+						ID:      "sha256:e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a",
+						BlobIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"},
+						ImageMetadata: ftypes.ImageMetadata{
+							RepoTags:    []string{"alpine:3.11"},
+							RepoDigests: []string{"alpine@sha256:0bd0e9e03a022c3b0226667621da84fc9bf562a9056130424b5bfbd8bcb0397f"},
+						},
 					},
 				},
 			},