CLAassistant
commented
5 months ago
All committers have signed the CLA.
Open wjunLu opened 5 months ago
CLAassistant
commented
5 months ago
All committers have signed the CLA.
wjunLu
commented
4 months ago The testing result follows:
=== RUN TestVulnSrc_Update
=== RUN TestVulnSrc_Update/happy_path_with_openEuler
2024/05/17 17:07:02 Saving openEuler CVRF
=== RUN TestVulnSrc_Update/sad_path_(dir_doesn't_exist)
2024/05/17 17:07:02 Saving openEuler CVRF
=== RUN TestVulnSrc_Update/sad_path_(failed_to_decode)
2024/05/17 17:07:02 Saving openEuler CVRF
--- PASS: TestVulnSrc_Update (0.19s)
--- PASS: TestVulnSrc_Update/happy_path_with_openEuler (0.12s)
--- PASS: TestVulnSrc_Update/sad_path_(dir_doesn't_exist) (0.02s)
--- PASS: TestVulnSrc_Update/sad_path_(failed_to_decode) (0.04s)
=== RUN TestVulnSrc_Get
=== RUN TestVulnSrc_Get/happy_path_1
=== RUN TestVulnSrc_Get/happy_path_2
=== RUN TestVulnSrc_Get/no_advisories_are_returned
=== RUN TestVulnSrc_Get/GetAdvisories_returns_an_error
--- PASS: TestVulnSrc_Get (0.36s)
--- PASS: TestVulnSrc_Get/happy_path_1 (0.09s)
--- PASS: TestVulnSrc_Get/happy_path_2 (0.09s)
--- PASS: TestVulnSrc_Get/no_advisories_are_returned (0.09s)
--- PASS: TestVulnSrc_Get/GetAdvisories_returns_an_error (0.09s)
=== RUN TestSeverityFromThreat
--- PASS: TestSeverityFromThreat (0.00s)
=== RUN TestGetOSVersion
=== RUN TestGetOSVersion/cpe:/a:openEuler:openEuler:22.03-LTS-SP2
=== RUN TestGetOSVersion/cpe:/a:openEuler:openEuler:20.03-LTS
=== RUN TestGetOSVersion/cpe:/a:openEuler:openEuler:21.03
=== RUN TestGetOSVersion/cpe:/a:openEuler:openEuler:20.03-LTS-LTS-SP4
2024/05/17 17:07:02 invalid openEuler version: 20.03-LTS-LTS-SP4
=== RUN TestGetOSVersion/cpe:/a:openEuler:23.09
--- PASS: TestGetOSVersion (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:openEuler:22.03-LTS-SP2 (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:openEuler:20.03-LTS (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:openEuler:21.03 (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:openEuler:20.03-LTS-LTS-SP4 (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:23.09 (0.00s)
PASS
ok github.com/aquasecurity/trivy-db/pkg/vulnsrc/openeuler
julien-faye
commented
2 months ago +1 to add support for openEuler OS! It is a great alternative for CentOS!
wjunLu
commented
2 months ago Could someone run tests for this PR? Thanks!
wjunLu
commented
2 months ago @knqyf263 Could you please review this PR currently? Thank you!
wjunLu
commented
2 months ago @DmitriyLewen Thank you very much! I have changed the code, and the testing result looks good as following:
=== RUN TestVulnSrc_Update
=== RUN TestVulnSrc_Update/happy_path_with_openEuler
2024/07/11 09:44:50 Saving openEuler CVRF
=== RUN TestVulnSrc_Update/sad_path_(dir_doesn't_exist)
2024/07/11 09:44:50 Saving openEuler CVRF
=== RUN TestVulnSrc_Update/sad_path_(failed_to_decode)
2024/07/11 09:44:50 Saving openEuler CVRF
--- PASS: TestVulnSrc_Update (0.20s)
--- PASS: TestVulnSrc_Update/happy_path_with_openEuler (0.16s)
--- PASS: TestVulnSrc_Update/sad_path_(dir_doesn't_exist) (0.02s)
--- PASS: TestVulnSrc_Update/sad_path_(failed_to_decode) (0.02s)
=== RUN TestVulnSrc_Get
=== RUN TestVulnSrc_Get/happy_path
=== RUN TestVulnSrc_Get/no_advisories_are_returned
=== RUN TestVulnSrc_Get/GetAdvisories_returns_an_error
--- PASS: TestVulnSrc_Get (0.26s)
--- PASS: TestVulnSrc_Get/happy_path (0.09s)
--- PASS: TestVulnSrc_Get/no_advisories_are_returned (0.09s)
--- PASS: TestVulnSrc_Get/GetAdvisories_returns_an_error (0.08s)
=== RUN TestSeverityFromThreat
--- PASS: TestSeverityFromThreat (0.00s)
=== RUN TestGetOSVersion
=== RUN TestGetOSVersion/cpe:/a:openEuler:openEuler:22.03-LTS-SP2
=== RUN TestGetOSVersion/cpe:/a:openEuler:openEuler:20.03-LTS
=== RUN TestGetOSVersion/cpe:/a:openEuler:openEuler:21.03
=== RUN TestGetOSVersion/cpe:/a:openEuler:openEuler:20.03-LTS-LTS-SP4
2024/07/11 09:44:50 invalid openEuler version: 20.03-LTS-LTS-SP4
=== RUN TestGetOSVersion/cpe:/a:openEuler:23.09
--- PASS: TestGetOSVersion (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:openEuler:22.03-LTS-SP2 (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:openEuler:20.03-LTS (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:openEuler:21.03 (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:openEuler:20.03-LTS-LTS-SP4 (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:23.09 (0.00s)
PASS
coverage: 84.0% of statements
ok github.com/aquasecurity/trivy-db/pkg/vulnsrc/openeuler 2.264s coverage: 84.0% of statements@DmitriyLewen I have changed the code as we discussed above. The result looks good
=== RUN TestVulnSrc_Update
=== RUN TestVulnSrc_Update/happy_path_with_openEuler
2024/07/11 20:30:30 Saving openEuler CVRF
=== RUN TestVulnSrc_Update/sad_path_(dir_doesn't_exist)
2024/07/11 20:30:30 Saving openEuler CVRF
=== RUN TestVulnSrc_Update/sad_path_(failed_to_decode)
2024/07/11 20:30:30 Saving openEuler CVRF
--- PASS: TestVulnSrc_Update (0.11s)
--- PASS: TestVulnSrc_Update/happy_path_with_openEuler (0.08s)
--- PASS: TestVulnSrc_Update/sad_path_(dir_doesn't_exist) (0.01s)
--- PASS: TestVulnSrc_Update/sad_path_(failed_to_decode) (0.02s)
=== RUN TestVulnSrc_Get
=== RUN TestVulnSrc_Get/happy_path
=== RUN TestVulnSrc_Get/no_advisories_are_returned
=== RUN TestVulnSrc_Get/GetAdvisories_returns_an_error
--- PASS: TestVulnSrc_Get (0.15s)
--- PASS: TestVulnSrc_Get/happy_path (0.05s)
--- PASS: TestVulnSrc_Get/no_advisories_are_returned (0.05s)
--- PASS: TestVulnSrc_Get/GetAdvisories_returns_an_error (0.04s)
=== RUN TestSeverityFromThreat
--- PASS: TestSeverityFromThreat (0.00s)
=== RUN TestGetOSVersion
=== RUN TestGetOSVersion/cpe:/a:openEuler:openEuler:22.03-LTS-SP2
=== RUN TestGetOSVersion/cpe:/a:openEuler:openEuler:20.03-LTS
=== RUN TestGetOSVersion/cpe:/a:openEuler:openEuler:21.03
=== RUN TestGetOSVersion/cpe:/a:openEuler:openEuler:20.03-LTS-LTS-SP4
2024/07/11 20:30:31 invalid openEuler version: 20.03-LTS-LTS-SP4
=== RUN TestGetOSVersion/cpe:/a:openEuler:23.09
--- PASS: TestGetOSVersion (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:openEuler:22.03-LTS-SP2 (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:openEuler:20.03-LTS (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:openEuler:21.03 (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:openEuler:20.03-LTS-LTS-SP4 (0.00s)
--- PASS: TestGetOSVersion/cpe:/a:openEuler:23.09 (0.00s)
PASS
coverage: 84.7% of statements
ok github.com/aquasecurity/trivy-db/pkg/vulnsrc/openeuler 2.057s coverage: 84.7% of statements
@DmitriyLewen Do you have some other suggestions for this PR?
DmitriyLewen
commented
2 months ago Hello @wjunLu I refactored your code a little:
Get function - https://github.com/aquasecurity/trivy-db/pull/397/commits/66c9b6bf1d44131da4d8ad7507fc20f89d9e4aae
Can you take a look and confirm that i didn't miss anything?If this is okay - please update https://github.com/aquasecurity/trivy/pull/6475 (you can use go mod edit -replace to use commit from your fork).
wjunLu
commented
2 months ago Hello @wjunLu I refactored your code a little:
- updated logic for arches (788f43b + d396db7)
- add arch to
Getfunction - 66c9b6b Can you take a look and confirm that i didn't miss anything?If this is okay - please update aquasecurity/trivy#6475 (you can use
go mod edit -replaceto use commit from your fork).
Thank you very much! I'm checking this.
wjunLu
commented
2 months ago Hello @wjunLu I refactored your code a little:
- updated logic for arches (788f43b + d396db7)
- add arch to
Getfunction - 66c9b6b Can you take a look and confirm that i didn't miss anything?If this is okay - please update aquasecurity/trivy#6475 (you can use
go mod edit -replaceto use commit from your fork).
Thank you again! I have no problem for this! I will update aquasecurity/trivy#6475 soon.
wjunLu
commented
2 months ago Hello @wjunLu I refactored your code a little:
- updated logic for arches (788f43b + d396db7)
- add arch to
Getfunction - 66c9b6b Can you take a look and confirm that i didn't miss anything?If this is okay - please update aquasecurity/trivy#6475 (you can use
go mod edit -replaceto use commit from your fork).
wjunLu
commented
2 months ago @DmitriyLewen So sorry! I accidentally closed this PR, please retest it. I have updated https://github.com/aquasecurity/trivy/pull/6475, please check. Thank you very much!
wjunLu
commented
2 months ago @DmitriyLewen I have updated my branch from upstream, please re-run the tests. Thank you!
knqyf263
commented
2 months ago I'll take a look today.
wjunLu
commented
1 month ago @wjunLu and i updated logic to use
srcpackages.@knqyf263 take a look, when you have time.
@knqyf263 Could please check this?
wjunLu
commented
2 weeks ago @wjunLu and i updated logic to use
srcpackages.@knqyf263 take a look, when you have time.
Hi @knqyf263!
If you have some suggestions, please let me know or comment here. Thank you very much!
wjunLu
commented
1 week ago Hi, @DmitriyLewen @knqyf263 ! Are you busy with other higher-priority things lately? I sincerely hope you can review this PR when you have time. Thank you very much!
Description
What's openEuler?
openEuler is an open source, free Linux distribution platform. The platform provides an open community for global developers to build an open, diversified, and architecture-inclusive software ecosystem. openEuler is also an innovative platform that encourages everyone to propose new ideas, explore new approaches, and practice new solutions.
Learn more, please visit https://www.openeuler.org/en/
Trivy does not support openEuler
We can see that the operating systems currently supported by trivy for security detection does not include openEuler(see https://aquasecurity.github.io/trivy/v0.50/docs/coverage/os/).
To support openEuler
Now, openEuler has 2,345,659 users, 18,072 contributors and 1,501 organization members(see https://datastat.openeuler.org/en/overview). It is necessary to support such a very mature open source operating system.
Discussion
Our discussion is here https://github.com/aquasecurity/trivy/discussions/6400
Relatived PRs
https://github.com/aquasecurity/vuln-list-update/pull/284