feat(k8s) add support for vulnerability detection

Signed-off-by: knqyf263 <[email protected]>
aquasecurity · Sep 28, 2023 · 5e309e6 · 5e309e6
1 parent 8d6275c
commit 5e309e6
Show file tree

Hide file tree

Showing 4 changed files with 53 additions and 29 deletions.
diff --git a/pkg/detector/library/driver.go b/pkg/detector/library/driver.go
@@ -76,6 +76,9 @@ func NewDriver(libType ftypes.LangType) (Driver, bool) {
 	case ftypes.Bitnami:
 		ecosystem = vulnerability.Bitnami
 		comparer = compare.GenericComparer{}
+	case ftypes.K8sComponent:
+		ecosystem = vulnerability.Kubernetes
+		comparer = compare.GenericComparer{}
 	default:
 		log.Logger.Warnf("The %q library type is not supported for vulnerability scanning", libType)
 		return Driver{}, false

diff --git a/pkg/fanal/types/const.go b/pkg/fanal/types/const.go
@@ -43,34 +43,35 @@ const (
 
 // Programming language dependencies
 const (
-	Bundler    LangType = "bundler"
-	GemSpec    LangType = "gemspec"
-	Cargo      LangType = "cargo"
-	Composer   LangType = "composer"
-	Npm        LangType = "npm"
-	NuGet      LangType = "nuget"
-	DotNetCore LangType = "dotnet-core"
-	Pip        LangType = "pip"
-	Pipenv     LangType = "pipenv"
-	Poetry     LangType = "poetry"
-	CondaPkg   LangType = "conda-pkg"
-	PythonPkg  LangType = "python-pkg"
-	NodePkg    LangType = "node-pkg"
-	Yarn       LangType = "yarn"
-	Pnpm       LangType = "pnpm"
-	Jar        LangType = "jar"
-	Pom        LangType = "pom"
-	Gradle     LangType = "gradle"
-	GoBinary   LangType = "gobinary"
-	GoModule   LangType = "gomod"
-	JavaScript LangType = "javascript"
-	RustBinary LangType = "rustbinary"
-	Conan      LangType = "conan"
-	Cocoapods  LangType = "cocoapods"
-	Swift      LangType = "swift"
-	Pub        LangType = "pub"
-	Hex        LangType = "hex"
-	Bitnami    LangType = "bitnami"
+	Bundler      LangType = "bundler"
+	GemSpec      LangType = "gemspec"
+	Cargo        LangType = "cargo"
+	Composer     LangType = "composer"
+	Npm          LangType = "npm"
+	NuGet        LangType = "nuget"
+	DotNetCore   LangType = "dotnet-core"
+	Pip          LangType = "pip"
+	Pipenv       LangType = "pipenv"
+	Poetry       LangType = "poetry"
+	CondaPkg     LangType = "conda-pkg"
+	PythonPkg    LangType = "python-pkg"
+	NodePkg      LangType = "node-pkg"
+	Yarn         LangType = "yarn"
+	Pnpm         LangType = "pnpm"
+	Jar          LangType = "jar"
+	Pom          LangType = "pom"
+	Gradle       LangType = "gradle"
+	GoBinary     LangType = "gobinary"
+	GoModule     LangType = "gomod"
+	JavaScript   LangType = "javascript"
+	RustBinary   LangType = "rustbinary"
+	Conan        LangType = "conan"
+	Cocoapods    LangType = "cocoapods"
+	Swift        LangType = "swift"
+	Pub          LangType = "pub"
+	Hex          LangType = "hex"
+	Bitnami      LangType = "bitnami"
+	K8sComponent LangType = "kubernetes"
 )
 
 // Config files

diff --git a/pkg/k8s/scanner/scanner.go b/pkg/k8s/scanner/scanner.go
@@ -35,6 +35,8 @@ const (
 	k8sComponentType          = "Type"
 	k8sComponentName          = "Name"
 	k8sComponentNode          = "node"
+
+	k8sLocation = "k8s.io"
 )
 
 type Scanner struct {
@@ -254,6 +256,7 @@ func clusterInfoToReportResources(allArtifact []*artifacts.Artifact) (*core.Comp
 				Type:       cdx.ComponentTypeApplication,
 				Properties: toProperties(comp.Properties, k8sCoreComponentNamespace),
 				Components: imageComponents,
+				PackageURL: generatePURL(comp.Name, comp.Version),
 			}
 			coreComponents = append(coreComponents, rootComponent)
 		case nodeInfo:
@@ -284,6 +287,7 @@ func clusterInfoToReportResources(allArtifact []*artifacts.Artifact) (*core.Comp
 		Type:       cdx.ComponentTypePlatform,
 		Properties: cInfo.Properties,
 		Components: coreComponents,
+		PackageURL: generatePURL(cInfo.Name, cInfo.Version),
 	}
 	return rootComponent, nil
 }
@@ -386,7 +390,7 @@ func nodeComponent(nf bom.NodeInfo) *core.Component {
 							},
 						},
 						PackageURL: &purl.PackageURL{
-							PackageURL: *packageurl.NewPackageURL(golang, "", kubelet, kubeletVersion, packageurl.Qualifiers{}, ""),
+							PackageURL: *packageurl.NewPackageURL(purl.TypeK8s, "k8s.io", "kubelet", kubeletVersion, packageurl.Qualifiers{}, ""),
 						},
 					},
 					{
@@ -428,3 +432,14 @@ func toProperties(props map[string]string, namespace string) []core.Property {
 	})
 	return properties
 }
+
+func generatePURL(name, version string) *purl.PackageURL {
+	if !strings.HasPrefix(name, k8sLocation+"/") {
+		return nil
+	}
+
+	name = strings.TrimPrefix(name, k8sLocation+"/")
+	return &purl.PackageURL{
+		PackageURL: *packageurl.NewPackageURL(purl.TypeK8s, k8sLocation, name, version, packageurl.Qualifiers{}, ""),
+	}
+}
diff --git a/pkg/purl/purl.go b/pkg/purl/purl.go
@@ -19,6 +19,9 @@ const (
 	TypeOCI  = "oci"
 	TypeDart = "dart"
 
+	// TypeK8s is a custom type for Kubernetes PURL
+	TypeK8s = "k8s"
+
 	TypeUnknown = "unknown"
 )
 
@@ -131,6 +134,8 @@ func (p *PackageURL) LangType() ftypes.LangType {
 		return ftypes.Pub
 	case packageurl.TypeBitnami:
 		return ftypes.Bitnami
+	case TypeK8s:
+		return ftypes.K8sComponent
 	default:
 		return TypeUnknown
 	}