diff --git a/src/anchore_security_cli/identifiers/aliases.py b/src/anchore_security_cli/identifiers/aliases.py index af101df..940c5ff 100644 --- a/src/anchore_security_cli/identifiers/aliases.py +++ b/src/anchore_security_cli/identifiers/aliases.py @@ -89,6 +89,9 @@ class Aliases: cpan: list[str] = field(default_factory=list) archlinux: list[str] = field(default_factory=list) bellsoft: list[str] = field(default_factory=list) + fedora: list[str] = field(default_factory=list) + fedora_epel: list[str] = field(default_factory=list) + photon: list[str] = field(default_factory=list) @classmethod def normalize(cls, alias: str) -> str: @@ -137,6 +140,9 @@ def from_list(cls, aliases: list[str]): # noqa: C901, PLR0912, PLR0915 cpan = set() archlinux = set() bellsoft = set() + fedora = set() + fedora_epel = set() + photon = set() for a in aliases: a = cls.normalize(a) @@ -213,6 +219,12 @@ def from_list(cls, aliases: list[str]): # noqa: C901, PLR0912, PLR0915 elif a.startswith("BELL-SA-"): for v in generate_all_bellsoft_id_variants(a): bellsoft.add(v) + elif a.startswith("FEDORA-EPEL-"): + fedora_epel.add(a) + elif a.startswith("FEDORA-"): + fedora.add(a) + elif a.startswith("PHSA-"): + photon.add(a) else: logging.warning(f"encountered unsupported alias: {a!r}") @@ -246,6 +258,9 @@ def from_list(cls, aliases: list[str]): # noqa: C901, PLR0912, PLR0915 cpan=list(cpan), archlinux=list(archlinux), bellsoft=list(bellsoft), + fedora=list(fedora), + fedora_epel=list(fedora_epel), + photon=list(photon), ) def to_list(self, exclude: set[str] | None = None) -> list[str]: diff --git a/src/anchore_security_cli/identifiers/providers/grypedb.py b/src/anchore_security_cli/identifiers/providers/grypedb.py index ffcf43e..8b05cb9 100644 --- a/src/anchore_security_cli/identifiers/providers/grypedb.py +++ b/src/anchore_security_cli/identifiers/providers/grypedb.py @@ -32,22 +32,43 @@ def _fetch(self) -> list[ProviderRecord]: # lack of convenient bulk downloads: chainguard libs, oracle linux, and amazon linux cur.execute(""" SELECT - a.name as id, - json_group_array(a.alias) as aliases, - min(v.published_date) as published + advisory, + json_group_array(alias) aliases, + min(published) as published FROM - vulnerability_aliases a - inner join vulnerability_handles v - on v.name=a.name - WHERE - a.name like "CGA-%" - or a.name like "ELSA-%" - or a.name like "ALAS%" - GROUP BY a.name + ( + SELECT + a.name as advisory, + a.alias as alias, + v.published_date as published + FROM + vulnerability_aliases a + INNER JOIN vulnerability_handles v + ON v.name=a.name + WHERE + a.name like "CGA-%" + or a.name like "ELSA-%" + or a.name like "ALAS%" + UNION ALL + SELECT + json_extract(refs.value, '$.id') as advisory, + v.name as alias, + COALESCE(json_extract(ranges.value, '$.fix.detail.available.date'), v.published_date) as published + FROM + blobs b + INNER JOIN affected_package_handles aph + ON aph.blob_id = b.id + INNER JOIN vulnerability_handles v + ON v.id = aph.vulnerability_id, + json_each(json_extract(b.value, '$.ranges')) ranges, + json_each(json_extract(ranges.value, '$.fix.detail.references')) refs + WHERE v.name != json_extract(refs.value, '$.id') + ) + GROUP BY advisory ; """) for row in cur.fetchall(): - record_id = row["id"] + record_id = row["advisory"] aliases = row["aliases"] if aliases: aliases = json.loads(aliases)