IssueHuntFailed to check EOL for alpine linux #1374
mpgportal posted onGitHub
What did you do? (required. The issue will be closed when not provided.)
Alpine Linux scan and/or report
What did you expect to happen?
EOL check are successfull
What happened instead?
The scan/report returned results as expected, but there was an additional warning. For report this does not happen with -format-json. I did not expect this warning.
- Current Output
The warning is:
Warning: [Failed to check EOL. Register the issue to https://github.com/future-architect/vuls/issues with the information in Family: alpine Release: 3.15.0]
Please re-run the command using ```-debug``` and provide the output below.
# Steps to reproduce the behaviour
The problem occurs when I run vuls scan on Alpine linux 13.15.
When I checked the source code, I found that Alpine Linux in vuls/config/os.go was only listed up to 3.13. case constant.Alpine:
// https://github.com/aquasecurity/trivy/blob/master/pkg/detector/ospkg/alpine/alpine.go#L19
// https://wiki.alpinelinux.org/wiki/Alpine_Linux:Releases
eol, found = map[string]EOL{
"2.0": {Ended: true},
"2.1": {Ended: true},
"2.2": {Ended: true},
"2.3": {Ended: true},
"2.4": {Ended: true},
"2.5": {Ended: true},
"2.6": {Ended: true},
"2.7": {Ended: true},
"3.0": {Ended: true},
"3.1": {Ended: true},
"3.2": {Ended: true},
"3.3": {Ended: true},
"3.4": {Ended: true},
"3.5": {Ended: true},
"3.6": {Ended: true},
"3.7": {Ended: true},
"3.8": {Ended: true},
"3.9": {Ended: true},
"3.10": {StandardSupportUntil: time.Date(2021, 5, 1, 23, 59, 59, 0, time.UTC)},
"3.11": {StandardSupportUntil: time.Date(2021, 11, 1, 23, 59, 59, 0, time.UTC)},
"3.12": {StandardSupportUntil: time.Date(2022, 5, 1, 23, 59, 59, 0, time.UTC)},
"3.13": {StandardSupportUntil: time.Date(2022, 11, 1, 23, 59, 59, 0, time.UTC)},
# Configuration (**MUST** fill this out):
* Go version (`go version`):
go version go1.17.3 linux/amd64
* Go environment (`go env`):GO111MODULE="" GOARCH="amd64" GOBIN="" GOCACHE="/home/vuls/.cache/go-build" GOENV="/home/vuls/.config/go/env" GOEXE="" GOEXPERIMENT="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="linux" GOINSECURE="" GOMODCACHE="/home/vuls/go/pkg/mod" GONOPROXY="" GONOSUMDB="" GOOS="linux" GOPATH="/home/vuls/go" GOPRIVATE="" GOPROXY="https://proxy.golang.org,direct" GOROOT="/usr/local/go" GOSUMDB="sum.golang.org" GOTMPDIR="" GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64" GOVCS="" GOVERSION="go1.17.3" GCCGO="gccgo" AR="ar" CC="gcc" CXX="g++" CGO_ENABLED="1" GOMOD="/dev/null" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build3823255931=/tmp/go-build -gno-record-gcc-switches"
- Vuls environment:
Hash : https://github.com/future-architect/vuls/commit/43c05d06fcedc9b88ff2595dd2d7f7d64b8be2ad
To check the commit hash of HEAD $ vuls -v
or
$ cd $GOPATH/src/github.com/future-architect/vuls $ git rev-parse --short HEAD
vuls-v0.19.2-build-20220131_110535_b4c23c1- config.toml:
[servers] # localhost [servers.commserv] host = "localhost" port = "local"
Docker Container
[servers.Docker-Container] host = "localhost" port = "local" containerType = "docker" containersIncluded = ["${running}"] containersOnly= true
[cveDict] type = "sqlite3" sqlite3path = "/home/vuls/cve.sqlite3"
#θΏ½ε [ovalDict] type = "sqlite3" sqlite3path = "/home/vuls/oval.sqlite3"
[exploit] type = "sqlite3" sqlite3Path = "/home/vuls/go-exploitdb.sqlite3"
[metasploit] type = "sqlite3" sqlite3Path = "/home/vuls/go-msfdb.sqlite3"
```
- command:
