From f715ae40d9e6039fb0294f067cc2d6ba8c2347b2 Mon Sep 17 00:00:00 2001 From: luotianqi777 Date: Thu, 20 Apr 2023 15:47:26 +0800 Subject: [PATCH] =?UTF-8?q?[fix=20bug]=20=E4=BF=AE=E5=A4=8D=E6=A6=82?= =?UTF-8?q?=E8=A7=88=E4=BF=A1=E6=81=AF=E4=B8=8E=E6=8A=A5=E5=91=8A=E4=B8=8D?= =?UTF-8?q?=E7=AC=A6=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cli/main.go | 1 + util/model/dependency.go | 14 +++++++++++--- util/report/cyclonedx.go | 1 - util/report/format.go | 4 ++-- util/report/html.go | 1 - util/report/json.go | 1 - util/report/spdx.go | 3 --- util/report/swid.go | 1 - util/vuln/vuln.go | 6 ++++++ 9 files changed, 20 insertions(+), 12 deletions(-) diff --git a/cli/main.go b/cli/main.go index 22b563a..b21e870 100644 --- a/cli/main.go +++ b/cli/main.go @@ -34,6 +34,7 @@ func main() { // output 输出结果 func output(depRoot *model.DepTree, taskInfo report.TaskInfo) { taskInfo.ToolVersion = version + report.Format(depRoot) // 记录依赖 logs.Debug("\n" + depRoot.String()) // 输出结果 diff --git a/util/model/dependency.go b/util/model/dependency.go index 73cb5c0..8e766ea 100644 --- a/util/model/dependency.go +++ b/util/model/dependency.go @@ -71,10 +71,14 @@ func NewDependency() Dependency { // String 获取用于展示的Dependency字符串 func (dep Dependency) String() string { + ver := dep.VersionStr + if dep.Version != nil { + ver = dep.Version.Org + } if len(dep.Vendor) == 0 { - return fmt.Sprintf("[%s:%s]", dep.Name, dep.Version.Org) + return fmt.Sprintf("[%s:%s]", dep.Name, ver) } else { - return fmt.Sprintf("[%s:%s:%s]", dep.Vendor, dep.Name, dep.Version.Org) + return fmt.Sprintf("[%s:%s:%s]", dep.Vendor, dep.Name, ver) } } @@ -191,7 +195,11 @@ func (root *DepTree) String() string { if len(vulns) > 0 { vuln = fmt.Sprintf(" %v", vulns) } - res += fmt.Sprintf("%s%s<%s>%s%s\n", strings.Repeat("\t", node.Deep), dep.Dependency, dep.Language, dep.Path[strings.Index(dep.Path, "/")+1:], vuln) + lan := dep.LanguageStr + if lan == "" { + lan = dep.Language.String() + } + res += fmt.Sprintf("%s%s<%s>%s%s\n", strings.Repeat("\t", node.Deep), dep.Dependency, lan, dep.Path[strings.Index(dep.Path, "/")+1:], vuln) for i := len(dep.Children) - 1; i >= 0; i-- { stack.Push(newNode(dep.Children[i], node.Deep+1)) } diff --git a/util/report/cyclonedx.go b/util/report/cyclonedx.go index ef6a91c..bdadff8 100644 --- a/util/report/cyclonedx.go +++ b/util/report/cyclonedx.go @@ -9,7 +9,6 @@ import ( ) func buildCycBom(dep *model.DepTree, taskInfo TaskInfo) *cyclonedx.BOM { - format(dep) metadata := cyclonedx.Metadata{} components := []cyclonedx.Component{} dependencies := []cyclonedx.Dependency{} diff --git a/util/report/format.go b/util/report/format.go index f7f70f2..52ccabd 100644 --- a/util/report/format.go +++ b/util/report/format.go @@ -22,8 +22,8 @@ type TaskInfo struct { ErrorString string `json:"error,omitempty"` } -// format 按照输出内容格式化(不可逆) -func format(dep *model.DepTree) { +// Format 按照输出内容格式化(不可逆) +func Format(dep *model.DepTree) { q := []*model.DepTree{dep} // 保留要导出的数据 for len(q) > 0 { diff --git a/util/report/html.go b/util/report/html.go index 527e079..23e4837 100644 --- a/util/report/html.go +++ b/util/report/html.go @@ -31,7 +31,6 @@ func Html(dep *model.DepTree, taskInfo TaskInfo) []byte { } vulnMap := map[string]int{} // 遍历所有组件 - format(dep) q := []*model.DepTree{dep} for len(q) > 0 { n := q[0] diff --git a/util/report/json.go b/util/report/json.go index addc702..3e707bd 100644 --- a/util/report/json.go +++ b/util/report/json.go @@ -8,7 +8,6 @@ import ( // Json 获取json格式报告数据 func Json(dep *model.DepTree, taskInfo TaskInfo) []byte { - format(dep) if taskInfo.Error != nil { taskInfo.ErrorString = taskInfo.Error.Error() } diff --git a/util/report/spdx.go b/util/report/spdx.go index beb1ff0..71405e6 100644 --- a/util/report/spdx.go +++ b/util/report/spdx.go @@ -21,7 +21,6 @@ func init() { replacer = strings.NewReplacer(replacers...) } func Spdx(dep *model.DepTree, taskInfo TaskInfo) []byte { - format(dep) doc := buildDocument(dep, taskInfo) addPkgToDoc(dep, doc) addRelation(dep, doc) @@ -39,7 +38,6 @@ func Spdx(dep *model.DepTree, taskInfo TaskInfo) []byte { return templateBuffer.Bytes() } func SpdxJson(dep *model.DepTree, taskInfo TaskInfo) []byte { - format(dep) doc := buildDocument(dep, taskInfo) addPkgToDoc(dep, doc) addRelation(dep, doc) @@ -54,7 +52,6 @@ func SpdxJson(dep *model.DepTree, taskInfo TaskInfo) []byte { return res } func SpdxXml(dep *model.DepTree, taskInfo TaskInfo) []byte { - format(dep) doc := buildDocument(dep, taskInfo) addPkgToDoc(dep, doc) addRelation(dep, doc) diff --git a/util/report/swid.go b/util/report/swid.go index cbeb39c..6661c55 100644 --- a/util/report/swid.go +++ b/util/report/swid.go @@ -14,7 +14,6 @@ import ( ) func buildSwid(ext string, writer io.Writer, dep *model.DepTree, taskInfo TaskInfo) { - format(dep) w := zip.NewWriter(writer) defer w.Close() q := []*model.DepTree{dep} diff --git a/util/vuln/vuln.go b/util/vuln/vuln.go index 2a17832..032214f 100644 --- a/util/vuln/vuln.go +++ b/util/vuln/vuln.go @@ -44,6 +44,9 @@ func SearchVuln(root *model.DepTree) (err error) { exist := map[string]struct{}{} if len(localVulns) != 0 { for _, vuln := range localVulns[i] { + if vuln.Id == "" { + continue + } if _, ok := exist[vuln.Id]; !ok { exist[vuln.Id] = struct{}{} dep.Vulnerabilities = append(dep.Vulnerabilities, vuln) @@ -52,6 +55,9 @@ func SearchVuln(root *model.DepTree) (err error) { } if len(serverVulns) != 0 { for _, vuln := range serverVulns[i] { + if vuln.Id == "" { + continue + } if _, ok := exist[vuln.Id]; !ok { exist[vuln.Id] = struct{}{} dep.Vulnerabilities = append(dep.Vulnerabilities, vuln) -- Gitee