Better detection of Not Affected components

p-rog · Sep 5, 2022 · 5736686 · 5736686
1 parent ba7e675
commit 5736686
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/cmd/cve-analyser/main.go b/cmd/cve-analyser/main.go
@@ -132,7 +132,10 @@ func processLines(wg *sync.WaitGroup, jobs <-chan []string, results chan<- Outpu
  //}
  if lookNotFixed.CPE == cpe {
  for _, rpm := range image_rpm_manifest {
- if rpm == strings.Split(lookNotFixed.RPM, ":")[0] {
+ // If the component is not affected, then the component name might be a little different than the full source rpm package name
+ // hence it's better to check if the container rpm manifest contains a package similar to the not affected rpm package name
+ //if rpm == strings.Split(lookNotFixed.RPM, ":")[0] {
+ if strings.Contains(rpm, lookNotFixed.RPM) {
  if lookNotFixed.Fix_State == "Not affected" {
  info_not_fixed = append(info_not_fixed, fmt.Sprintf("(%+v|%+v|%+v)", lookNotFixed.Product_name, lookNotFixed.Fix_State, lookNotFixed.RPM))
  } else {