From 331dbcbba08e0bde11f110e0a79e02ff2fc603b2 Mon Sep 17 00:00:00 2001
From: Simar <simar@linux.com>
Date: Tue, 7 May 2024 18:00:18 -0600
Subject: [PATCH 1/2] bump trivy version to v0.51.1

---
 .github/workflows/test.yaml | 2 +-
 Dockerfile                  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 7a2b0a4..9f9cfc7 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -6,7 +6,7 @@ on:
   workflow_dispatch:
 
 env:
-  TRIVY_VERSION: 0.50.2
+  TRIVY_VERSION: 0.51.1
   BATS_LIB_PATH: '/usr/lib/'
 
 jobs:
diff --git a/Dockerfile b/Dockerfile
index 5d89ff6..197973d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM ghcr.io/aquasecurity/trivy:0.50.2
+FROM ghcr.io/aquasecurity/trivy:0.51.1
 COPY entrypoint.sh /
 RUN apk --no-cache add bash curl npm
 RUN chmod +x /entrypoint.sh

From a5742a34702449996e195c97d0264b805ab4222b Mon Sep 17 00:00:00 2001
From: Simar <simar@linux.com>
Date: Tue, 7 May 2024 18:11:08 -0600
Subject: [PATCH 2/2] update tests

---
 test/data/image-scan/report               | 6 +++---
 test/data/with-ignore-files/report        | 6 +++---
 test/data/with-trivy-yaml-cfg/report.json | 3 ++-
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/test/data/image-scan/report b/test/data/image-scan/report
index 6e930cd..8db9602 100644
--- a/test/data/image-scan/report
+++ b/test/data/image-scan/report
@@ -27,7 +27,7 @@ Total: 19 (CRITICAL: 19)
 │             │ CVE-2019-5481  │          │        │                   │ 7.61.1-r3     │ curl: double free due to subsequent call of realloc()        │
 │             │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2019-5481                    │
 │             ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
-│             │ CVE-2019-5482  │          │        │                   │               │ heap buffer overflow in function tftp_receive_packet()       │
+│             │ CVE-2019-5482  │          │        │                   │               │ curl: heap buffer overflow in function tftp_receive_packet() │
 │             │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2019-5482                    │
 ├─────────────┼────────────────┤          │        ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
 │ git         │ CVE-2018-17456 │          │        │ 2.15.2-r0         │ 2.15.3-r0     │ git: arbitrary code execution via .gitmodules                │
@@ -58,7 +58,7 @@ Total: 19 (CRITICAL: 19)
 │             │ CVE-2019-5481  │          │        │                   │ 7.61.1-r3     │ curl: double free due to subsequent call of realloc()        │
 │             │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2019-5481                    │
 │             ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
-│             │ CVE-2019-5482  │          │        │                   │               │ heap buffer overflow in function tftp_receive_packet()       │
+│             │ CVE-2019-5482  │          │        │                   │               │ curl: heap buffer overflow in function tftp_receive_packet() │
 │             │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2019-5482                    │
 ├─────────────┼────────────────┤          │        ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
 │ musl        │ CVE-2019-14697 │          │        │ 1.1.18-r3         │ 1.1.18-r4     │ musl libc through 1.1.23 has an x87 floating-point stack     │
@@ -69,7 +69,7 @@ Total: 19 (CRITICAL: 19)
 │             │                │          │        │                   │               │                                                              │
 │             │                │          │        │                   │               │                                                              │
 ├─────────────┼────────────────┤          │        ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
-│ sqlite-libs │ CVE-2019-8457  │          │        │ 3.21.0-r1         │ 3.25.3-r1     │ heap out-of-bound read in function rtreenode()               │
+│ sqlite-libs │ CVE-2019-8457  │          │        │ 3.21.0-r1         │ 3.25.3-r1     │ sqlite: heap out-of-bound read in function rtreenode()       │
 │             │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2019-8457                    │
 └─────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘
 
diff --git a/test/data/with-ignore-files/report b/test/data/with-ignore-files/report
index 8b26255..b617724 100644
--- a/test/data/with-ignore-files/report
+++ b/test/data/with-ignore-files/report
@@ -27,7 +27,7 @@ Total: 19 (CRITICAL: 19)
 │             │ CVE-2019-5481  │          │        │                   │ 7.61.1-r3     │ curl: double free due to subsequent call of realloc()        │
 │             │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2019-5481                    │
 │             ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
-│             │ CVE-2019-5482  │          │        │                   │               │ heap buffer overflow in function tftp_receive_packet()       │
+│             │ CVE-2019-5482  │          │        │                   │               │ curl: heap buffer overflow in function tftp_receive_packet() │
 │             │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2019-5482                    │
 ├─────────────┼────────────────┤          │        ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
 │ git         │ CVE-2018-17456 │          │        │ 2.15.2-r0         │ 2.15.3-r0     │ git: arbitrary code execution via .gitmodules                │
@@ -58,7 +58,7 @@ Total: 19 (CRITICAL: 19)
 │             │ CVE-2019-5481  │          │        │                   │ 7.61.1-r3     │ curl: double free due to subsequent call of realloc()        │
 │             │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2019-5481                    │
 │             ├────────────────┤          │        │                   │               ├──────────────────────────────────────────────────────────────┤
-│             │ CVE-2019-5482  │          │        │                   │               │ heap buffer overflow in function tftp_receive_packet()       │
+│             │ CVE-2019-5482  │          │        │                   │               │ curl: heap buffer overflow in function tftp_receive_packet() │
 │             │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2019-5482                    │
 ├─────────────┼────────────────┤          │        ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
 │ musl        │ CVE-2019-14697 │          │        │ 1.1.18-r3         │ 1.1.18-r4     │ musl libc through 1.1.23 has an x87 floating-point stack     │
@@ -69,7 +69,7 @@ Total: 19 (CRITICAL: 19)
 │             │                │          │        │                   │               │                                                              │
 │             │                │          │        │                   │               │                                                              │
 ├─────────────┼────────────────┤          │        ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
-│ sqlite-libs │ CVE-2019-8457  │          │        │ 3.21.0-r1         │ 3.25.3-r1     │ heap out-of-bound read in function rtreenode()               │
+│ sqlite-libs │ CVE-2019-8457  │          │        │ 3.21.0-r1         │ 3.25.3-r1     │ sqlite: heap out-of-bound read in function rtreenode()       │
 │             │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2019-8457                    │
 └─────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘
 
diff --git a/test/data/with-trivy-yaml-cfg/report.json b/test/data/with-trivy-yaml-cfg/report.json
index b5e94ad..ec66d25 100644
--- a/test/data/with-trivy-yaml-cfg/report.json
+++ b/test/data/with-trivy-yaml-cfg/report.json
@@ -64,7 +64,8 @@
           "PkgID": "apk-tools@2.10.6-r0",
           "PkgName": "apk-tools",
           "PkgIdentifier": {
-            "PURL": "pkg:apk/alpine/apk-tools@2.10.6-r0?arch=x86_64\u0026distro=3.10.9"
+            "PURL": "pkg:apk/alpine/apk-tools@2.10.6-r0?arch=x86_64\u0026distro=3.10.9",
+            "UID": "a6adb154870b6380"
           },
           "InstalledVersion": "2.10.6-r0",
           "FixedVersion": "2.10.7-r0",