Skip to content

Commit 981b0b5

Browse files
michaelkedarmichaelkedar
authored
fix: make Alpine ecosystem fallback to latest release version (#1236)
The latest release of osv.dev enforces the Alpine release version suffix in queries. Make the apk-installed parser use the latest Alpine version (`v3.20`) when it can't find the version file to stop it from erroring.
1 parent b402733 commit 981b0b5

File tree

2 files changed

+15
-10
lines changed

2 files changed

+15
-10
lines changed

pkg/lockfile/apk-installed.go

+7-4
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ import (
99
)
1010

1111
const AlpineEcosystem Ecosystem = "Alpine"
12+
const AlpineFallbackVersion = "v3.20"
1213

1314
func groupApkPackageLines(scanner *bufio.Scanner) [][]string {
1415
var groups [][]string
@@ -83,10 +84,12 @@ func (e ApkInstalledExtractor) Extract(f DepFile) ([]PackageDetails, error) {
8384
}
8485

8586
alpineVersion, alpineVerErr := alpineReleaseExtractor(f)
86-
if alpineVerErr == nil { // TODO: Log error? We might not be on a alpine system
87-
for i := range packages {
88-
packages[i].Ecosystem = Ecosystem(string(packages[i].Ecosystem) + ":" + alpineVersion)
89-
}
87+
if alpineVerErr != nil { // TODO: Log error? We might not be on a alpine system
88+
// Alpine ecosystems MUST have a version suffix. Fallback to the latest version.
89+
alpineVersion = AlpineFallbackVersion
90+
}
91+
for i := range packages {
92+
packages[i].Ecosystem = Ecosystem(string(packages[i].Ecosystem) + ":" + alpineVersion)
9093
}
9194

9295
if err := scanner.Err(); err != nil {

pkg/lockfile/apk-installed_test.go

+8-6
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,8 @@ import (
77
"github.com/google/osv-scanner/pkg/lockfile"
88
)
99

10+
const alpineEcosystem = lockfile.AlpineEcosystem + ":" + lockfile.AlpineFallbackVersion
11+
1012
func TestParseApkInstalled_FileDoesNotExist(t *testing.T) {
1113
t.Parallel()
1214

@@ -54,7 +56,7 @@ func TestParseApkInstalled_Malformed(t *testing.T) {
5456
Name: "busybox",
5557
Version: "",
5658
Commit: "1dbf7a793afae640ea643a055b6dd4f430ac116b",
57-
Ecosystem: lockfile.AlpineEcosystem,
59+
Ecosystem: alpineEcosystem,
5860
CompareAs: lockfile.AlpineEcosystem,
5961
},
6062
})
@@ -74,7 +76,7 @@ func TestParseApkInstalled_Single(t *testing.T) {
7476
Name: "apk-tools",
7577
Version: "2.12.10-r1",
7678
Commit: "0188f510baadbae393472103427b9c1875117136",
77-
Ecosystem: lockfile.AlpineEcosystem,
79+
Ecosystem: alpineEcosystem,
7880
CompareAs: lockfile.AlpineEcosystem,
7981
},
8082
})
@@ -94,7 +96,7 @@ func TestParseApkInstalled_Shuffled(t *testing.T) {
9496
Name: "apk-tools",
9597
Version: "2.12.10-r1",
9698
Commit: "0188f510baadbae393472103427b9c1875117136",
97-
Ecosystem: lockfile.AlpineEcosystem,
99+
Ecosystem: alpineEcosystem,
98100
CompareAs: lockfile.AlpineEcosystem,
99101
},
100102
})
@@ -114,21 +116,21 @@ func TestParseApkInstalled_Multiple(t *testing.T) {
114116
Name: "alpine-baselayout-data",
115117
Version: "3.4.0-r0",
116118
Commit: "bd965a7ebf7fd8f07d7a0cc0d7375bf3e4eb9b24",
117-
Ecosystem: lockfile.AlpineEcosystem,
119+
Ecosystem: alpineEcosystem,
118120
CompareAs: lockfile.AlpineEcosystem,
119121
},
120122
{
121123
Name: "musl",
122124
Version: "1.2.3-r4",
123125
Commit: "f93af038c3de7146121c2ea8124ba5ce29b4b058",
124-
Ecosystem: lockfile.AlpineEcosystem,
126+
Ecosystem: alpineEcosystem,
125127
CompareAs: lockfile.AlpineEcosystem,
126128
},
127129
{
128130
Name: "busybox",
129131
Version: "1.35.0-r29",
130132
Commit: "1dbf7a793afae640ea643a055b6dd4f430ac116b",
131-
Ecosystem: lockfile.AlpineEcosystem,
133+
Ecosystem: alpineEcosystem,
132134
CompareAs: lockfile.AlpineEcosystem,
133135
},
134136
})

0 commit comments

Comments
 (0)