MCPcopy
hub / github.com/aquasecurity/trivy / parseDpkgMd5sums

Method parseDpkgMd5sums

pkg/fanal/analyzer/pkg/dpkg/dpkg.go:191–212  ·  view source on GitHub ↗

parseDpkgMd5sums parses `/var/lib/dpkg/*/*.md5sums` file. `*.md5sums` files don't contain links (see https://github.com/aquasecurity/trivy/pull/9131#discussion_r2182557288). But Trivy doesn't support links, so this will not cause problems. TODO use `*.list` files instead of `*.md5sums` files when T

(scanner *bufio.Scanner)

Source from the content-addressed store, hash-verified

189// But Trivy doesn't support links, so this will not cause problems.
190// TODO use `*.list` files instead of `*.md5sums` files when Trivy will support links.
191func (a dpkgAnalyzer) parseDpkgMd5sums(scanner *bufio.Scanner) ([]string, error) {
192 var installedFiles []string
193 for scanner.Scan() {
194 current := scanner.Text()
195
196 // md5sums file use the following format:
197 // <digest> <filepath> (2 spaces)
198 // cf. https://man7.org/linux/man-pages/man5/deb-md5sums.5.html
199 _, file, ok := strings.Cut(current, " ")
200 if !ok {
201 return nil, xerrors.Errorf("invalid md5sums line format: %s", current)
202 }
203 installedFiles = append(installedFiles, "/"+file) // md5sums files don't contain leading slash
204 }
205
206 if err := scanner.Err(); err != nil {
207 return nil, xerrors.Errorf("scan error: %w", err)
208 }
209
210 sort.Strings(installedFiles)
211 return installedFiles, nil
212}
213
214// parseDpkgAvailable parses /var/lib/dpkg/available
215func (a dpkgAnalyzer) parseDpkgAvailable(fsys fs.FS) (map[string]digest.Digest, error) {

Callers 1

PostAnalyzeMethod · 0.95

Calls 2

ScanMethod · 0.65
ErrMethod · 0.45

Tested by

no test coverage detected