Open wjunLu opened 5 months ago
The testing result follows:
=== RUN TestVulnSrc_Update
=== RUN TestVulnSrc_Update/happy_path_with_openEuler
2024/05/17 17:07:02 Saving openEuler CVRF
=== RUN TestVulnSrc_Update/sad_path_(dir_doesn't_exist)
2024/05/17 17:07:02 Saving openEuler CVRF
=== RUN TestVulnSrc_Update/sad_path_(failed_to_decode)
2024/05/17 17:07:02 Saving openEuler CVRF
--- PASS: TestVulnSrc_Update (0.19s)
--- PASS: TestVulnSrc_Update/happy_path_with_openEuler (0.12s)
--- PASS: TestVulnSrc_Update/sad_path_(dir_doesn't_exist) (0.02s)
--- PASS: TestVulnSrc_Update/sad_path_(failed_to_decode) (0.04s)
=== RUN TestVulnSrc_Get
=== RUN TestVulnSrc_Get/happy_path_1
=== RUN TestVulnSrc_Get/happy_path_2
=== RUN TestVulnSrc_Get/no_advisories_are_returned
=== RUN TestVulnSrc_Get/GetAdvisories_returns_an_error
--- PASS: TestVulnSrc_Get (0.36s)
--- PASS: TestVulnSrc_Get/happy_path_1 (0.09s)
--- PASS: TestVulnSrc_Get/happy_path_2 (0.09s)
--- PASS: TestVulnSrc_Get/no_advisories_are_returned (0.09s)
--- PASS: TestVulnSrc_Get/GetAdvisories_returns_an_error (0.09s)
=== RUN TestSeverityFromThreat
--- PASS: TestSeverityFromThreat (0.00s)
=== RUN TestGetOSVersion
=== RUN TestGetOSVersion/cpe:/a:openEuler:openEuler:22.03-LTS-SP2
=== RUN TestGetOSVersion/cpe:/a:openEuler:openEuler:20.03-LTS
=== RUN TestGetOSVersion/cpe:/a:openEuler:openEuler:21.03
=== RUN TestGetOSVersion/cpe:/a:openEuler:openEuler:20.03-LTS-LTS-SP4
2024/05/17 17:07:02 invalid openEuler version: 20.03-LTS-LTS-SP4
=== RUN TestGetOSVersion/cpe:/a:openEuler:23.09
--- PASS: TestGetOSVersion (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:openEuler:22.03-LTS-SP2 (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:openEuler:20.03-LTS (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:openEuler:21.03 (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:openEuler:20.03-LTS-LTS-SP4 (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:23.09 (0.00s)
PASS
ok github.com/aquasecurity/trivy-db/pkg/vulnsrc/openeuler
+1 to add support for openEuler OS! It is a great alternative for CentOS!
Could someone run tests for this PR? Thanks!
@knqyf263 Could you please review this PR currently? Thank you!
@DmitriyLewen Thank you very much! I have changed the code, and the testing result looks good as following:
=== RUN TestVulnSrc_Update
=== RUN TestVulnSrc_Update/happy_path_with_openEuler
2024/07/11 09:44:50 Saving openEuler CVRF
=== RUN TestVulnSrc_Update/sad_path_(dir_doesn't_exist)
2024/07/11 09:44:50 Saving openEuler CVRF
=== RUN TestVulnSrc_Update/sad_path_(failed_to_decode)
2024/07/11 09:44:50 Saving openEuler CVRF
--- PASS: TestVulnSrc_Update (0.20s)
--- PASS: TestVulnSrc_Update/happy_path_with_openEuler (0.16s)
--- PASS: TestVulnSrc_Update/sad_path_(dir_doesn't_exist) (0.02s)
--- PASS: TestVulnSrc_Update/sad_path_(failed_to_decode) (0.02s)
=== RUN TestVulnSrc_Get
=== RUN TestVulnSrc_Get/happy_path
=== RUN TestVulnSrc_Get/no_advisories_are_returned
=== RUN TestVulnSrc_Get/GetAdvisories_returns_an_error
--- PASS: TestVulnSrc_Get (0.26s)
--- PASS: TestVulnSrc_Get/happy_path (0.09s)
--- PASS: TestVulnSrc_Get/no_advisories_are_returned (0.09s)
--- PASS: TestVulnSrc_Get/GetAdvisories_returns_an_error (0.08s)
=== RUN TestSeverityFromThreat
--- PASS: TestSeverityFromThreat (0.00s)
=== RUN TestGetOSVersion
=== RUN TestGetOSVersion/cpe:/a:openEuler:openEuler:22.03-LTS-SP2
=== RUN TestGetOSVersion/cpe:/a:openEuler:openEuler:20.03-LTS
=== RUN TestGetOSVersion/cpe:/a:openEuler:openEuler:21.03
=== RUN TestGetOSVersion/cpe:/a:openEuler:openEuler:20.03-LTS-LTS-SP4
2024/07/11 09:44:50 invalid openEuler version: 20.03-LTS-LTS-SP4
=== RUN TestGetOSVersion/cpe:/a:openEuler:23.09
--- PASS: TestGetOSVersion (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:openEuler:22.03-LTS-SP2 (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:openEuler:20.03-LTS (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:openEuler:21.03 (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:openEuler:20.03-LTS-LTS-SP4 (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:23.09 (0.00s)
PASS
coverage: 84.0% of statements
ok github.com/aquasecurity/trivy-db/pkg/vulnsrc/openeuler 2.264s coverage: 84.0% of statements
@DmitriyLewen I have changed the code as we discussed above. The result looks good
=== RUN TestVulnSrc_Update
=== RUN TestVulnSrc_Update/happy_path_with_openEuler
2024/07/11 20:30:30 Saving openEuler CVRF
=== RUN TestVulnSrc_Update/sad_path_(dir_doesn't_exist)
2024/07/11 20:30:30 Saving openEuler CVRF
=== RUN TestVulnSrc_Update/sad_path_(failed_to_decode)
2024/07/11 20:30:30 Saving openEuler CVRF
--- PASS: TestVulnSrc_Update (0.11s)
--- PASS: TestVulnSrc_Update/happy_path_with_openEuler (0.08s)
--- PASS: TestVulnSrc_Update/sad_path_(dir_doesn't_exist) (0.01s)
--- PASS: TestVulnSrc_Update/sad_path_(failed_to_decode) (0.02s)
=== RUN TestVulnSrc_Get
=== RUN TestVulnSrc_Get/happy_path
=== RUN TestVulnSrc_Get/no_advisories_are_returned
=== RUN TestVulnSrc_Get/GetAdvisories_returns_an_error
--- PASS: TestVulnSrc_Get (0.15s)
--- PASS: TestVulnSrc_Get/happy_path (0.05s)
--- PASS: TestVulnSrc_Get/no_advisories_are_returned (0.05s)
--- PASS: TestVulnSrc_Get/GetAdvisories_returns_an_error (0.04s)
=== RUN TestSeverityFromThreat
--- PASS: TestSeverityFromThreat (0.00s)
=== RUN TestGetOSVersion
=== RUN TestGetOSVersion/cpe:/a:openEuler:openEuler:22.03-LTS-SP2
=== RUN TestGetOSVersion/cpe:/a:openEuler:openEuler:20.03-LTS
=== RUN TestGetOSVersion/cpe:/a:openEuler:openEuler:21.03
=== RUN TestGetOSVersion/cpe:/a:openEuler:openEuler:20.03-LTS-LTS-SP4
2024/07/11 20:30:31 invalid openEuler version: 20.03-LTS-LTS-SP4
=== RUN TestGetOSVersion/cpe:/a:openEuler:23.09
--- PASS: TestGetOSVersion (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:openEuler:22.03-LTS-SP2 (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:openEuler:20.03-LTS (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:openEuler:21.03 (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:openEuler:20.03-LTS-LTS-SP4 (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:23.09 (0.00s)
PASS
coverage: 84.7% of statements
ok github.com/aquasecurity/trivy-db/pkg/vulnsrc/openeuler 2.057s coverage: 84.7% of statements
@DmitriyLewen Do you have some other suggestions for this PR?
Hello @wjunLu I refactored your code a little:
Get
function - https://github.com/aquasecurity/trivy-db/pull/397/commits/66c9b6bf1d44131da4d8ad7507fc20f89d9e4aae
Can you take a look and confirm that i didn't miss anything?If this is okay - please update https://github.com/aquasecurity/trivy/pull/6475 (you can use go mod edit -replace
to use commit from your fork).
Hello @wjunLu I refactored your code a little:
- updated logic for arches (788f43b + d396db7)
- add arch to
Get
function - 66c9b6b Can you take a look and confirm that i didn't miss anything?If this is okay - please update aquasecurity/trivy#6475 (you can use
go mod edit -replace
to use commit from your fork).
Thank you very much! I'm checking this.
Hello @wjunLu I refactored your code a little:
- updated logic for arches (788f43b + d396db7)
- add arch to
Get
function - 66c9b6b Can you take a look and confirm that i didn't miss anything?If this is okay - please update aquasecurity/trivy#6475 (you can use
go mod edit -replace
to use commit from your fork).
Thank you again! I have no problem for this! I will update aquasecurity/trivy#6475 soon.
Hello @wjunLu I refactored your code a little:
- updated logic for arches (788f43b + d396db7)
- add arch to
Get
function - 66c9b6b Can you take a look and confirm that i didn't miss anything?If this is okay - please update aquasecurity/trivy#6475 (you can use
go mod edit -replace
to use commit from your fork).
@DmitriyLewen So sorry! I accidentally closed this PR, please retest it. I have updated https://github.com/aquasecurity/trivy/pull/6475, please check. Thank you very much!
@DmitriyLewen I have updated my branch from upstream, please re-run the tests. Thank you!
I'll take a look today.
@wjunLu and i updated logic to use
src
packages.@knqyf263 take a look, when you have time.
@knqyf263 Could please check this?
@wjunLu and i updated logic to use
src
packages.@knqyf263 take a look, when you have time.
Hi @knqyf263!
If you have some suggestions, please let me know or comment here. Thank you very much!
Hi, @DmitriyLewen @knqyf263 ! Are you busy with other higher-priority things lately? I sincerely hope you can review this PR when you have time. Thank you very much!
Description
What's openEuler?
openEuler is an open source, free Linux distribution platform. The platform provides an open community for global developers to build an open, diversified, and architecture-inclusive software ecosystem. openEuler is also an innovative platform that encourages everyone to propose new ideas, explore new approaches, and practice new solutions.
Learn more, please visit https://www.openeuler.org/en/
Trivy does not support openEuler
We can see that the operating systems currently supported by trivy for security detection does not include openEuler(see https://aquasecurity.github.io/trivy/v0.50/docs/coverage/os/).
To support openEuler
Now, openEuler has 2,345,659 users, 18,072 contributors and 1,501 organization members(see https://datastat.openeuler.org/en/overview). It is necessary to support such a very mature open source operating system.
Discussion
Our discussion is here https://github.com/aquasecurity/trivy/discussions/6400
Relatived PRs
https://github.com/aquasecurity/vuln-list-update/pull/284