From 8b1f30d9b6d5406350deca472cb667e7c46e09b8 Mon Sep 17 00:00:00 2001 From: Oliver Chang Date: Fri, 17 Jan 2025 14:52:25 +1100 Subject: [PATCH] Update snaps --- cmd/osv-scanner/__snapshots__/main_test.snap | 252 +------------------ 1 file changed, 2 insertions(+), 250 deletions(-) diff --git a/cmd/osv-scanner/__snapshots__/main_test.snap b/cmd/osv-scanner/__snapshots__/main_test.snap index 9482c9aa8c..1a1f4266bb 100755 --- a/cmd/osv-scanner/__snapshots__/main_test.snap +++ b/cmd/osv-scanner/__snapshots__/main_test.snap @@ -932,68 +932,6 @@ Scanned /fixtures/call-analysis-go-project/go.mod file and found 4 pack --- -[TestRun_Docker/Fake_alpine_image - 1] -Pulling docker image ("alpine:non-existent-tag")... - ---- - -[TestRun_Docker/Fake_alpine_image - 2] -Docker command exited with code ("/usr/bin/docker pull -q alpine:non-existent-tag"): 1 -STDERR: -> Error response from daemon: manifest for alpine:non-existent-tag not found: manifest unknown: manifest unknown -failed to run docker command - ---- - -[TestRun_Docker/Fake_image_entirely - 1] -Pulling docker image ("this-image-definitely-does-not-exist-abcde")... - ---- - -[TestRun_Docker/Fake_image_entirely - 2] -Docker command exited with code ("/usr/bin/docker pull -q this-image-definitely-does-not-exist-abcde"): 1 -STDERR: -> Error response from daemon: pull access denied for this-image-definitely-does-not-exist-abcde, repository does not exist or may require 'docker login': denied: requested access to the resource is denied -failed to run docker command - ---- - -[TestRun_Docker/Real_Alpine_image - 1] -Pulling docker image ("alpine:3.18.9")... -Saving docker image ("alpine:3.18.9") to temporary file... -Scanning image... -No issues found - ---- - -[TestRun_Docker/Real_Alpine_image - 2] - ---- - -[TestRun_Docker/Real_empty_image - 1] -Pulling docker image ("hello-world")... -Saving docker image ("hello-world") to temporary file... -Scanning image... - ---- - -[TestRun_Docker/Real_empty_image - 2] -No package sources found, --help for usage information. - ---- - -[TestRun_Docker/Real_empty_image_with_tag - 1] -Pulling docker image ("hello-world:linux")... -Saving docker image ("hello-world:linux") to temporary file... -Scanning image... - ---- - -[TestRun_Docker/Real_empty_image_with_tag - 2] -No package sources found, --help for usage information. - ---- - [TestRun_GithubActions/scanning_osv-scanner_custom_format - 1] Scanned /fixtures/locks-insecure/osv-scanner-flutter-deps.json file as a osv-scanner and found 3 packages +--------------------------------+------+-----------+----------------------------+----------------------------+-------------------------------------------------------+ @@ -2001,6 +1939,7 @@ Loaded OSS-Fuzz local db from /osv-scanner/OSS-Fuzz/all.zip | https://osv.dev/DLA-3684-1 | | Debian | tzdata | 2021a-0+deb9u3 | fixtures/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3788-1 | | Debian | tzdata | 2021a-0+deb9u3 | fixtures/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3972-1 | | Debian | tzdata | 2021a-0+deb9u3 | fixtures/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DLA-4016-1 | | Debian | ucf | 3.0036 | fixtures/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/CVE-2016-2779 | 7.8 | Debian | util-linux | 2.29.2-1+deb9u1 | fixtures/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5055-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | fixtures/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5650-1 | | Debian | util-linux | 2.29.2-1+deb9u1 | fixtures/sbom-insecure/postgres-stretch.cdx.xml | @@ -2199,6 +2138,7 @@ Loaded OSS-Fuzz local db from /osv-scanner/OSS-Fuzz/all.zip | https://osv.dev/DLA-3684-1 | | Debian | tzdata | 2021a-0+deb9u3 | fixtures/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3788-1 | | Debian | tzdata | 2021a-0+deb9u3 | fixtures/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DLA-3972-1 | | Debian | tzdata | 2021a-0+deb9u3 | fixtures/sbom-insecure/postgres-stretch.cdx.xml | +| https://osv.dev/DLA-4016-1 | | Debian | ucf | 3.0036 | fixtures/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/CVE-2016-2779 | 7.8 | Debian | util-linux | 2.29.2-1+deb9u1 | fixtures/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5055-1 | 5.5 | Debian | util-linux | 2.29.2-1+deb9u1 | fixtures/sbom-insecure/postgres-stretch.cdx.xml | | https://osv.dev/DSA-5650-1 | | Debian | util-linux | 2.29.2-1+deb9u1 | fixtures/sbom-insecure/postgres-stretch.cdx.xml | @@ -2690,194 +2630,6 @@ Scanned /fixtures/maven-transitive/pom.xml file and found 3 packages --- -[TestRun_OCIImage/Alpine_3.10_image_tar_with_3.18_version_file - 1] -Scanning image ../../internal/image/fixtures/test-alpine.tar -Total 1 packages affected by 2 vulnerabilities (1 Critical, 1 High, 0 Medium, 0 Low, 0 Unknown) from 1 ecosystems. -2 vulnerabilities have fixes available. - -Alpine:v3.18 -+----------------------------------------------------------+ -| Source:docker:../../internal/image/fixtures/test-alpine. | -| tar:/lib/apk/db/installed | -+---------+-------------------+---------------+------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | -+---------+-------------------+---------------+------------+ -| zlib | 1.2.11-r1 | Fix Available | 2 | -+---------+-------------------+---------------+------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner --format html --output results.html`. -You can also view the full vulnerability list in your terminal with: `osv-scanner --format vertical`. - ---- - -[TestRun_OCIImage/Alpine_3.10_image_tar_with_3.18_version_file - 2] - ---- - -[TestRun_OCIImage/Invalid_path - 1] -Scanning image ./fixtures/oci-image/no-file-here.tar - ---- - -[TestRun_OCIImage/Invalid_path - 2] -failed to load image ./fixtures/oci-image/no-file-here.tar: open ./fixtures/oci-image/no-file-here.tar: no such file or directory - ---- - -[TestRun_OCIImage/scanning_node_modules_using_npm_with_no_packages - 1] -Scanning image ../../internal/image/fixtures/test-node_modules-npm-empty.tar -Total 1 packages affected by 4 vulnerabilities (0 Critical, 0 High, 4 Medium, 0 Low, 0 Unknown) from 1 ecosystems. -4 vulnerabilities have fixes available. - -Alpine:v3.19 -+----------------------------------------------------------+ -| Source:docker:../../internal/image/fixtures/test-node_mo | -| dules-npm-empty.tar:/lib/apk/db/installed | -+---------+-------------------+---------------+------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | -+---------+-------------------+---------------+------------+ -| busybox | 1.36.1-r15 | Fix Available | 4 | -+---------+-------------------+---------------+------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner --format html --output results.html`. -You can also view the full vulnerability list in your terminal with: `osv-scanner --format vertical`. - ---- - -[TestRun_OCIImage/scanning_node_modules_using_npm_with_no_packages - 2] - ---- - -[TestRun_OCIImage/scanning_node_modules_using_npm_with_some_packages - 1] -Scanning image ../../internal/image/fixtures/test-node_modules-npm-full.tar -Total 3 packages affected by 6 vulnerabilities (2 Critical, 0 High, 4 Medium, 0 Low, 0 Unknown) from 2 ecosystems. -5 vulnerabilities have fixes available. - -npm -+--------------------------------------------------------------+ -| Source:docker:../../internal/image/fixtures/test-node_module | -| s-npm-full.tar:/prod/app/node_modules/.package-lock.json | -+----------+-------------------+------------------+------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | -+----------+-------------------+------------------+------------+ -| cryo | 0.0.6 | No fix available | 1 | -| minimist | 0.0.8 | Fix Available | 1 | -+----------+-------------------+------------------+------------+ -Alpine:v3.19 -+----------------------------------------------------------+ -| Source:docker:../../internal/image/fixtures/test-node_mo | -| dules-npm-full.tar:/lib/apk/db/installed | -+---------+-------------------+---------------+------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | -+---------+-------------------+---------------+------------+ -| busybox | 1.36.1-r15 | Fix Available | 4 | -+---------+-------------------+---------------+------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner --format html --output results.html`. -You can also view the full vulnerability list in your terminal with: `osv-scanner --format vertical`. - ---- - -[TestRun_OCIImage/scanning_node_modules_using_npm_with_some_packages - 2] - ---- - -[TestRun_OCIImage/scanning_node_modules_using_pnpm_with_no_packages - 1] -Scanning image ../../internal/image/fixtures/test-node_modules-pnpm-empty.tar -Total 1 packages affected by 4 vulnerabilities (0 Critical, 0 High, 4 Medium, 0 Low, 0 Unknown) from 1 ecosystems. -4 vulnerabilities have fixes available. - -Alpine:v3.19 -+----------------------------------------------------------+ -| Source:docker:../../internal/image/fixtures/test-node_mo | -| dules-pnpm-empty.tar:/lib/apk/db/installed | -+---------+-------------------+---------------+------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | -+---------+-------------------+---------------+------------+ -| busybox | 1.36.1-r15 | Fix Available | 4 | -+---------+-------------------+---------------+------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner --format html --output results.html`. -You can also view the full vulnerability list in your terminal with: `osv-scanner --format vertical`. - ---- - -[TestRun_OCIImage/scanning_node_modules_using_pnpm_with_no_packages - 2] - ---- - -[TestRun_OCIImage/scanning_node_modules_using_pnpm_with_some_packages - 1] -Scanning image ../../internal/image/fixtures/test-node_modules-pnpm-full.tar -Total 1 packages affected by 4 vulnerabilities (0 Critical, 0 High, 4 Medium, 0 Low, 0 Unknown) from 1 ecosystems. -4 vulnerabilities have fixes available. - -Alpine:v3.19 -+----------------------------------------------------------+ -| Source:docker:../../internal/image/fixtures/test-node_mo | -| dules-pnpm-full.tar:/lib/apk/db/installed | -+---------+-------------------+---------------+------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | -+---------+-------------------+---------------+------------+ -| busybox | 1.36.1-r15 | Fix Available | 4 | -+---------+-------------------+---------------+------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner --format html --output results.html`. -You can also view the full vulnerability list in your terminal with: `osv-scanner --format vertical`. - ---- - -[TestRun_OCIImage/scanning_node_modules_using_pnpm_with_some_packages - 2] - ---- - -[TestRun_OCIImage/scanning_node_modules_using_yarn_with_no_packages - 1] -Scanning image ../../internal/image/fixtures/test-node_modules-yarn-empty.tar -Total 1 packages affected by 4 vulnerabilities (0 Critical, 0 High, 4 Medium, 0 Low, 0 Unknown) from 1 ecosystems. -4 vulnerabilities have fixes available. - -Alpine:v3.19 -+----------------------------------------------------------+ -| Source:docker:../../internal/image/fixtures/test-node_mo | -| dules-yarn-empty.tar:/lib/apk/db/installed | -+---------+-------------------+---------------+------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | -+---------+-------------------+---------------+------------+ -| busybox | 1.36.1-r15 | Fix Available | 4 | -+---------+-------------------+---------------+------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner --format html --output results.html`. -You can also view the full vulnerability list in your terminal with: `osv-scanner --format vertical`. - ---- - -[TestRun_OCIImage/scanning_node_modules_using_yarn_with_no_packages - 2] - ---- - -[TestRun_OCIImage/scanning_node_modules_using_yarn_with_some_packages - 1] -Scanning image ../../internal/image/fixtures/test-node_modules-yarn-full.tar -Total 1 packages affected by 4 vulnerabilities (0 Critical, 0 High, 4 Medium, 0 Low, 0 Unknown) from 1 ecosystems. -4 vulnerabilities have fixes available. - -Alpine:v3.19 -+----------------------------------------------------------+ -| Source:docker:../../internal/image/fixtures/test-node_mo | -| dules-yarn-full.tar:/lib/apk/db/installed | -+---------+-------------------+---------------+------------+ -| PACKAGE | INSTALLED VERSION | FIX AVAILABLE | VULN COUNT | -+---------+-------------------+---------------+------------+ -| busybox | 1.36.1-r15 | Fix Available | 4 | -+---------+-------------------+---------------+------------+ - -For the most comprehensive scan results, we recommend using the HTML output: `osv-scanner --format html --output results.html`. -You can also view the full vulnerability list in your terminal with: `osv-scanner --format vertical`. - ---- - -[TestRun_OCIImage/scanning_node_modules_using_yarn_with_some_packages - 2] - ---- - [TestRun_SubCommands/scan_with_a_flag - 1] Scanning dir ./fixtures/locks-one-with-nested Scanned /fixtures/locks-one-with-nested/nested/composer.lock file and found 1 package