diff --git a/tools/apitester/__snapshots__/cassette_TestCommand.snap b/tools/apitester/__snapshots__/cassette_TestCommand.snap index 7d239cd8d29..66f53651a78 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand.snap @@ -2,8 +2,26 @@ [Test/cassette_TestCommand/TestCommand/.gitignored_files - 1] { "results": [ - {}, - {} + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + } ] } @@ -12,7 +30,16 @@ [Test/cassette_TestCommand/TestCommand/Empty_cyclonedx_1.4_output - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -21,7 +48,16 @@ [Test/cassette_TestCommand/TestCommand/Empty_cyclonedx_1.5_output - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -30,7 +66,16 @@ [Test/cassette_TestCommand/TestCommand/Empty_gh-annotations_output - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -39,7 +84,16 @@ [Test/cassette_TestCommand/TestCommand/Empty_sarif_output - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -48,7 +102,16 @@ [Test/cassette_TestCommand/TestCommand/Empty_spdx_2.3_output - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -58,6 +121,13 @@ { "results": [ { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.21.7" + }, "vulns": [ { "id": "GO-2024-2598", @@ -119,6 +189,10 @@ "id": "GO-2025-3447", "modified": "" }, + { + "id": "GO-2025-3503", + "modified": "" + }, { "id": "GO-2025-3563", "modified": "" @@ -218,6 +292,30 @@ { "id": "GO-2026-4603", "modified": "" + }, + { + "id": "GO-2026-4864", + "modified": "" + }, + { + "id": "GO-2026-4865", + "modified": "" + }, + { + "id": "GO-2026-4869", + "modified": "" + }, + { + "id": "GO-2026-4870", + "modified": "" + }, + { + "id": "GO-2026-4946", + "modified": "" + }, + { + "id": "GO-2026-4947", + "modified": "" } ] } @@ -230,6 +328,13 @@ { "results": [ { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.21.7" + }, "vulns": [ { "id": "GO-2024-2598", @@ -291,6 +396,10 @@ "id": "GO-2025-3447", "modified": "" }, + { + "id": "GO-2025-3503", + "modified": "" + }, { "id": "GO-2025-3563", "modified": "" @@ -390,10 +499,41 @@ { "id": "GO-2026-4603", "modified": "" + }, + { + "id": "GO-2026-4864", + "modified": "" + }, + { + "id": "GO-2026-4865", + "modified": "" + }, + { + "id": "GO-2026-4869", + "modified": "" + }, + { + "id": "GO-2026-4870", + "modified": "" + }, + { + "id": "GO-2026-4946", + "modified": "" + }, + { + "id": "GO-2026-4947", + "modified": "" } ] }, { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.21.7" + }, "vulns": [ { "id": "GO-2024-2598", @@ -455,6 +595,10 @@ "id": "GO-2025-3447", "modified": "" }, + { + "id": "GO-2025-3503", + "modified": "" + }, { "id": "GO-2025-3563", "modified": "" @@ -554,6 +698,30 @@ { "id": "GO-2026-4603", "modified": "" + }, + { + "id": "GO-2026-4864", + "modified": "" + }, + { + "id": "GO-2026-4865", + "modified": "" + }, + { + "id": "GO-2026-4869", + "modified": "" + }, + { + "id": "GO-2026-4870", + "modified": "" + }, + { + "id": "GO-2026-4946", + "modified": "" + }, + { + "id": "GO-2026-4947", + "modified": "" } ] } @@ -566,6 +734,13 @@ { "results": [ { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.21.7" + }, "vulns": [ { "id": "GO-2024-2598", @@ -627,6 +802,10 @@ "id": "GO-2025-3447", "modified": "" }, + { + "id": "GO-2025-3503", + "modified": "" + }, { "id": "GO-2025-3563", "modified": "" @@ -726,6 +905,30 @@ { "id": "GO-2026-4603", "modified": "" + }, + { + "id": "GO-2026-4864", + "modified": "" + }, + { + "id": "GO-2026-4865", + "modified": "" + }, + { + "id": "GO-2026-4869", + "modified": "" + }, + { + "id": "GO-2026-4870", + "modified": "" + }, + { + "id": "GO-2026-4946", + "modified": "" + }, + { + "id": "GO-2026-4947", + "modified": "" } ] } @@ -737,27 +940,157 @@ [Test/cassette_TestCommand/TestCommand/PURL_SBOM_case_sensitivity_(api) - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", "modified": "" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "" } ] }, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.10-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2018-25032", @@ -786,6 +1119,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -801,10 +1141,44 @@ [Test/cassette_TestCommand/TestCommand/Scan_locks-many - 1] { "results": [ - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -812,27 +1186,157 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", "modified": "" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "" } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -852,10 +1356,46 @@ [Test/cassette_TestCommand/TestCommand/Scan_locks-many#01 - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -864,8 +1404,26 @@ [Test/cassette_TestCommand/TestCommand/all_supported_lockfiles_in_the_directory_should_be_checked - 1] { "results": [ - {}, - {} + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + } ] } @@ -874,8 +1432,18 @@ [Test/cassette_TestCommand/TestCommand/config_file_can_be_broad - 1] { "results": [ - {}, { + "query": { + "commit": "4579d5538f06c5ef615a15bc67ebb9ac0523a973", + "package": {} + }, + "vulns": [] + }, + { + "query": { + "commit": "9de7a0544457c6aba755ccb65abb41b0dc1db70d", + "package": {} + }, "vulns": [ { "id": "CVE-2023-39137", @@ -887,15 +1455,91 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "commit": "5d60bd2eb4642b64d00c845e5ca9f1ea41fd6db6", + "package": {} + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "league/flysystem", + "ecosystem": "Packagist" + }, + "version": "1.0.8" + }, "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", @@ -903,24 +1547,127 @@ } ] }, - {}, - {}, - {}, { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", "modified": "" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "" } ] }, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "toolchain", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -940,7 +1687,16 @@ [Test/cassette_TestCommand/TestCommand/config_file_is_invalid - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -949,10 +1705,44 @@ [Test/cassette_TestCommand/TestCommand/config_files_should_not_have_multiple_ignores_with_the_same_id - 1] { "results": [ - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -960,37 +1750,167 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { - "vulns": [ - { - "id": "ALPINE-CVE-2025-26519", - "modified": "" - } - ] + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] }, - {}, - {}, - {}, - {}, { - "vulns": [ - { - "id": "ALPINE-CVE-2026-22184", - "modified": "" - }, - { - "id": "ALPINE-CVE-2026-27171", - "modified": "" - } - ] + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [ + { + "id": "ALPINE-CVE-2025-26519", + "modified": "" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "" + } + ] + }, + { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, + "vulns": [ + { + "id": "ALPINE-CVE-2026-22184", + "modified": "" + }, + { + "id": "ALPINE-CVE-2026-27171", + "modified": "" + } + ] } ] } @@ -1000,10 +1920,46 @@ [Test/cassette_TestCommand/TestCommand/config_files_should_not_have_multiple_ignores_with_the_same_id#01 - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -1012,8 +1968,24 @@ [Test/cassette_TestCommand/TestCommand/cyclonedx_1.4_output - 1] { "results": [ - {}, { + "query": { + "package": { + "name": "has-flag", + "ecosystem": "npm" + }, + "version": "4.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "league/flysystem", + "ecosystem": "Packagist" + }, + "version": "1.0.8" + }, "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", @@ -1021,9 +1993,36 @@ } ] }, - {}, - {}, - {} + { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "toolchain", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "wrappy", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + } ] } @@ -1032,8 +2031,24 @@ [Test/cassette_TestCommand/TestCommand/cyclonedx_1.5_output - 1] { "results": [ - {}, { + "query": { + "package": { + "name": "has-flag", + "ecosystem": "npm" + }, + "version": "4.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "league/flysystem", + "ecosystem": "Packagist" + }, + "version": "1.0.8" + }, "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", @@ -1041,9 +2056,36 @@ } ] }, - {}, - {}, - {} + { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "toolchain", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "wrappy", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + } ] } @@ -1053,6 +2095,13 @@ { "results": [ { + "query": { + "package": { + "name": "pcre3", + "ecosystem": "Ubuntu" + }, + "version": "2:8.39-12ubuntu0.1" + }, "vulns": [ { "id": "UBUNTU-CVE-2017-11164", @@ -1069,6 +2118,13 @@ { "results": [ { + "query": { + "package": { + "name": "pcre3", + "ecosystem": "Ubuntu" + }, + "version": "2:8.39-12ubuntu0.1" + }, "vulns": [ { "id": "UBUNTU-CVE-2017-11164", @@ -1084,19 +2140,134 @@ [Test/cassette_TestCommand/TestCommand/folder_of_supported_sbom_with_vulns - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "adduser", + "ecosystem": "Debian" + }, + "version": "3.115" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apt", + "ecosystem": "Debian" + }, + "version": "1.4.11" + }, "vulns": [ { "id": "DEBIAN-CVE-2011-3374", @@ -1128,9 +2299,34 @@ } ] }, - {}, - {}, { + "query": { + "package": { + "name": "base-files", + "ecosystem": "Debian" + }, + "version": "9.9+deb9u13" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "base-passwd", + "ecosystem": "Debian" + }, + "version": "3.5.43" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "bash", + "ecosystem": "Debian" + }, + "version": "4.4-5" + }, "vulns": [ { "id": "DEBIAN-CVE-2019-18276", @@ -1142,13 +2338,74 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "bsdutils", + "ecosystem": "Debian" + }, + "version": "1:2.29.2-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "coreutils", + "ecosystem": "Debian" + }, + "version": "8.26-3" + }, "vulns": [ { "id": "DEBIAN-CVE-2016-2781", @@ -1168,9 +2425,34 @@ } ] }, - {}, - {}, { + "query": { + "package": { + "name": "dash", + "ecosystem": "Debian" + }, + "version": "0.5.8-2.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "debconf", + "ecosystem": "Debian" + }, + "version": "1.5.61" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "debian-archive-keyring", + "ecosystem": "Debian" + }, + "version": "2017.5+deb9u2" + }, "vulns": [ { "id": "DLA-3482-1", @@ -1178,10 +2460,44 @@ } ] }, - {}, - {}, - {}, { + "query": { + "package": { + "name": "debianutils", + "ecosystem": "Debian" + }, + "version": "4.8.1.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "diffutils", + "ecosystem": "Debian" + }, + "version": "1:3.5-3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "dirmngr", + "ecosystem": "Debian" + }, + "version": "2.1.18-8~deb9u4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "dpkg", + "ecosystem": "Debian" + }, + "version": "1.18.25" + }, "vulns": [ { "id": "DEBIAN-CVE-2022-1664", @@ -1205,8 +2521,24 @@ } ] }, - {}, { + "query": { + "package": { + "name": "e2fslibs", + "ecosystem": "Debian" + }, + "version": "1.43.4-2+deb9u2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "e2fsprogs", + "ecosystem": "Debian" + }, + "version": "1.43.4-2+deb9u2" + }, "vulns": [ { "id": "DEBIAN-CVE-2019-5094", @@ -1230,9 +2562,34 @@ } ] }, - {}, - {}, { + "query": { + "package": { + "name": "findutils", + "ecosystem": "Debian" + }, + "version": "4.6.0+git+20161106-2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "gcc-6-base", + "ecosystem": "Debian" + }, + "version": "6.3.0-18+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "github.com/opencontainers/runc", + "ecosystem": "Go" + }, + "version": "v1.0.1" + }, "vulns": [ { "id": "GHSA-9493-h29p-rfm2", @@ -1316,10 +2673,44 @@ } ] }, - {}, - {}, - {}, { + "query": { + "package": { + "name": "github.com/tianon/gosu", + "ecosystem": "Go" + }, + "version": "(devel)" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "gnupg", + "ecosystem": "Debian" + }, + "version": "2.1.18-8~deb9u4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "gnupg-agent", + "ecosystem": "Debian" + }, + "version": "2.1.18-8~deb9u4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "golang.org/x/sys", + "ecosystem": "Go" + }, + "version": "v0.0.0-20210817142637-7d9622a276b7" + }, "vulns": [ { "id": "GHSA-p782-xgp4-8hr8", @@ -1331,9 +2722,34 @@ } ] }, - {}, - {}, { + "query": { + "package": { + "name": "gpgv", + "ecosystem": "Debian" + }, + "version": "2.1.18-8~deb9u4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "grep", + "ecosystem": "Debian" + }, + "version": "2.27-2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "gzip", + "ecosystem": "Debian" + }, + "version": "1.6-5+deb9u1" + }, "vulns": [ { "id": "DEBIAN-CVE-2022-1271", @@ -1345,35 +2761,294 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "hostname", + "ecosystem": "Debian" + }, + "version": "3.18+b1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "init-system-helpers", + "ecosystem": "Debian" + }, + "version": "1.48" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libacl1", + "ecosystem": "Debian" + }, + "version": "2.2.52-3+b1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libapt-pkg5.0", + "ecosystem": "Debian" + }, + "version": "1.4.11" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libassuan0", + "ecosystem": "Debian" + }, + "version": "2.4.3-2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libattr1", + "ecosystem": "Debian" + }, + "version": "1:2.4.47-2+b2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libaudit-common", + "ecosystem": "Debian" + }, + "version": "1:2.6.7-2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libaudit1", + "ecosystem": "Debian" + }, + "version": "1:2.6.7-2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libblkid1", + "ecosystem": "Debian" + }, + "version": "2.29.2-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libbsd0", + "ecosystem": "Debian" + }, + "version": "0.8.3-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libbz2-1.0", + "ecosystem": "Debian" + }, + "version": "1.0.6-8.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-bin", + "ecosystem": "Debian" + }, + "version": "2.24-11+deb9u4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-l10n", + "ecosystem": "Debian" + }, + "version": "2.24-11+deb9u4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc6", + "ecosystem": "Debian" + }, + "version": "2.24-11+deb9u4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcap-ng0", + "ecosystem": "Debian" + }, + "version": "0.7.7-3+b1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcomerr2", + "ecosystem": "Debian" + }, + "version": "1.43.4-2+deb9u2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libdb5.3", + "ecosystem": "Debian" + }, + "version": "5.3.28-12+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libdebconfclient0", + "ecosystem": "Debian" + }, + "version": "0.227" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libedit2", + "ecosystem": "Debian" + }, + "version": "3.1-20160903-3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libfdisk1", + "ecosystem": "Debian" + }, + "version": "2.29.2-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libffi6", + "ecosystem": "Debian" + }, + "version": "3.2.1-6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libgcc1", + "ecosystem": "Debian" + }, + "version": "1:6.3.0-18+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libgcrypt20", + "ecosystem": "Debian" + }, + "version": "1.7.6-2+deb9u4" + }, "vulns": [ { "id": "DEBIAN-CVE-2017-0379", @@ -1409,56 +3084,504 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "libgdbm3", + "ecosystem": "Debian" + }, + "version": "1.8.3-14" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libgmp10", + "ecosystem": "Debian" + }, + "version": "2:6.1.2+dfsg-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libgnutls30", + "ecosystem": "Debian" + }, + "version": "3.5.8-5+deb9u6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libgpg-error0", + "ecosystem": "Debian" + }, + "version": "1.26-2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libgssapi-krb5-2", + "ecosystem": "Debian" + }, + "version": "1.15-1+deb9u3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libhogweed4", + "ecosystem": "Debian" + }, + "version": "3.3-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libicu57", + "ecosystem": "Debian" + }, + "version": "57.1-6+deb9u5" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libidn11", + "ecosystem": "Debian" + }, + "version": "1.33-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libjson-perl", + "ecosystem": "Debian" + }, + "version": "2.90-1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libk5crypto3", + "ecosystem": "Debian" + }, + "version": "1.15-1+deb9u3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libkeyutils1", + "ecosystem": "Debian" + }, + "version": "1.5.9-9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libkrb5-3", + "ecosystem": "Debian" + }, + "version": "1.15-1+deb9u3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libkrb5support0", + "ecosystem": "Debian" + }, + "version": "1.15-1+deb9u3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libksba8", + "ecosystem": "Debian" + }, + "version": "1.3.5-2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libldap-2.4-2", + "ecosystem": "Debian" + }, + "version": "2.4.44+dfsg-5+deb9u8" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libldap-common", + "ecosystem": "Debian" + }, + "version": "2.4.44+dfsg-5+deb9u8" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libllvm6.0", + "ecosystem": "Debian" + }, + "version": "1:6.0-1~bpo9+1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "liblz4-1", + "ecosystem": "Debian" + }, + "version": "0.0~r131-2+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "liblzma5", + "ecosystem": "Debian" + }, + "version": "5.2.2-1.2+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libmount1", + "ecosystem": "Debian" + }, + "version": "2.29.2-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libncurses5", + "ecosystem": "Debian" + }, + "version": "6.0+20161126-1+deb9u2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libncursesw5", + "ecosystem": "Debian" + }, + "version": "6.0+20161126-1+deb9u2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libnettle6", + "ecosystem": "Debian" + }, + "version": "3.3-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libnpth0", + "ecosystem": "Debian" + }, + "version": "1.3-1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libnss-wrapper", + "ecosystem": "Debian" + }, + "version": "1.1.3-1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libp11-kit0", + "ecosystem": "Debian" + }, + "version": "0.23.3-2+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libpam-modules", + "ecosystem": "Debian" + }, + "version": "1.1.8-3.6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libpam-modules-bin", + "ecosystem": "Debian" + }, + "version": "1.1.8-3.6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libpam-runtime", + "ecosystem": "Debian" + }, + "version": "1.1.8-3.6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libpam0g", + "ecosystem": "Debian" + }, + "version": "1.1.8-3.6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libpcre3", + "ecosystem": "Debian" + }, + "version": "2:8.39-3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libperl5.24", + "ecosystem": "Debian" + }, + "version": "5.24.1-3+deb9u7" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libpq5", + "ecosystem": "Debian" + }, + "version": "14.2-1.pgdg90+1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libreadline7", + "ecosystem": "Debian" + }, + "version": "7.0-3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libsasl2-2", + "ecosystem": "Debian" + }, + "version": "2.1.27~101-g0780600+dfsg-3+deb9u2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libsasl2-modules-db", + "ecosystem": "Debian" + }, + "version": "2.1.27~101-g0780600+dfsg-3+deb9u2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libselinux1", + "ecosystem": "Debian" + }, + "version": "2.6-3+b3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libsemanage-common", + "ecosystem": "Debian" + }, + "version": "2.6-2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libsemanage1", + "ecosystem": "Debian" + }, + "version": "2.6-2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libsepol1", + "ecosystem": "Debian" + }, + "version": "2.6-2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libsmartcols1", + "ecosystem": "Debian" + }, + "version": "2.29.2-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libsqlite3-0", + "ecosystem": "Debian" + }, + "version": "3.16.2-5+deb9u3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libss2", + "ecosystem": "Debian" + }, + "version": "1.43.4-2+deb9u2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl1.1", + "ecosystem": "Debian" + }, + "version": "1.1.0l-1~deb9u5" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libstdc++6", + "ecosystem": "Debian" + }, + "version": "6.3.0-18+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libsystemd0", + "ecosystem": "Debian" + }, + "version": "232-25+deb9u13" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libtasn1-6", + "ecosystem": "Debian" + }, + "version": "4.10-1.1+deb9u1" + }, "vulns": [ { "id": "DEBIAN-CVE-2017-10790", @@ -1498,11 +3621,54 @@ } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "libtinfo5", + "ecosystem": "Debian" + }, + "version": "6.0+20161126-1+deb9u2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libudev1", + "ecosystem": "Debian" + }, + "version": "232-25+deb9u13" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libustr-1.0-1", + "ecosystem": "Debian" + }, + "version": "1.0.4-6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libuuid1", + "ecosystem": "Debian" + }, + "version": "2.29.2-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libxml2", + "ecosystem": "Debian" + }, + "version": "2.9.4+dfsg1-2.2+deb9u6" + }, "vulns": [ { "id": "DEBIAN-CVE-2016-3709", @@ -1774,37 +3940,200 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "libxslt1.1", + "ecosystem": "Debian" + }, + "version": "1.1.29-2.1+deb9u2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libzstd1", + "ecosystem": "Debian" + }, + "version": "1.1.2-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "locales", + "ecosystem": "Debian" + }, + "version": "2.24-11+deb9u4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "login", + "ecosystem": "Debian" + }, + "version": "1:4.4-4.1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "lsb-base", + "ecosystem": "Debian" + }, + "version": "9.20161125" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "mawk", + "ecosystem": "Debian" + }, + "version": "1.3.3-17+b3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "mount", + "ecosystem": "Debian" + }, + "version": "2.29.2-1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "multiarch-support", + "ecosystem": "Debian" + }, + "version": "2.24-11+deb9u4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [ + { + "id": "ALPINE-CVE-2025-26519", + "modified": "" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "" + } + ] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", "modified": "" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "" } ] }, { - "vulns": [ - { - "id": "ALPINE-CVE-2025-26519", - "modified": "" - } - ] + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ncurses-base", + "ecosystem": "Debian" + }, + "version": "6.0+20161126-1+deb9u2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ncurses-bin", + "ecosystem": "Debian" + }, + "version": "6.0+20161126-1+deb9u2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "netbase", + "ecosystem": "Debian" + }, + "version": "5.4" + }, + "vulns": [] }, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "openssl", + "ecosystem": "Debian" + }, + "version": "1.1.0l-1~deb9u5" + }, "vulns": [ { "id": "DEBIAN-CVE-2018-0732", @@ -2102,6 +4431,34 @@ "id": "DEBIAN-CVE-2026-2673", "modified": "" }, + { + "id": "DEBIAN-CVE-2026-28386", + "modified": "" + }, + { + "id": "DEBIAN-CVE-2026-28387", + "modified": "" + }, + { + "id": "DEBIAN-CVE-2026-28388", + "modified": "" + }, + { + "id": "DEBIAN-CVE-2026-28389", + "modified": "" + }, + { + "id": "DEBIAN-CVE-2026-28390", + "modified": "" + }, + { + "id": "DEBIAN-CVE-2026-31789", + "modified": "" + }, + { + "id": "DEBIAN-CVE-2026-31790", + "modified": "" + }, { "id": "DLA-3008-1", "modified": "" @@ -2204,8 +4561,24 @@ } ] }, - {}, { + "query": { + "package": { + "name": "passwd", + "ecosystem": "Debian" + }, + "version": "1:4.4-4.1+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "pcre3", + "ecosystem": "Ubuntu" + }, + "version": "2:8.39-12ubuntu0.1" + }, "vulns": [ { "id": "UBUNTU-CVE-2017-11164", @@ -2214,6 +4587,13 @@ ] }, { + "query": { + "package": { + "name": "perl", + "ecosystem": "Debian" + }, + "version": "5.24.1-3+deb9u7" + }, "vulns": [ { "id": "DEBIAN-CVE-2011-4116", @@ -2313,12 +4693,64 @@ } ] }, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "perl-base", + "ecosystem": "Debian" + }, + "version": "5.24.1-3+deb9u7" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "perl-modules-5.24", + "ecosystem": "Debian" + }, + "version": "5.24.1-3+deb9u7" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "pgdg-keyring", + "ecosystem": "Debian" + }, + "version": "2018.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "pinentry-curses", + "ecosystem": "Debian" + }, + "version": "1.0.0-2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "postgresql", + "ecosystem": "OSS-Fuzz" + }, + "version": "11.15" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "postgresql-11", + "ecosystem": "Debian" + }, + "version": "11.15-1.pgdg90+1" + }, "vulns": [ { "id": "DLA-3072-1", @@ -2354,15 +4786,99 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "postgresql-client-11", + "ecosystem": "Debian" + }, + "version": "11.15-1.pgdg90+1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "postgresql-client-common", + "ecosystem": "Debian" + }, + "version": "238.pgdg90+1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "postgresql-common", + "ecosystem": "Debian" + }, + "version": "238.pgdg90+1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "readline-common", + "ecosystem": "Debian" + }, + "version": "7.0-3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sed", + "ecosystem": "Debian" + }, + "version": "4.4-1" + }, + "vulns": [ + { + "id": "DEBIAN-CVE-2026-5958", + "modified": "" + } + ] + }, + { + "query": { + "package": { + "name": "sensible-utils", + "ecosystem": "Debian" + }, + "version": "0.0.9+deb9u1" + }, "vulns": [ { "id": "DEBIAN-CVE-2017-17512", @@ -2370,11 +4886,54 @@ } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "ssl-cert", + "ecosystem": "Debian" + }, + "version": "1.0.39" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sysvinit-utils", + "ecosystem": "Debian" + }, + "version": "2.88dsf-59.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "tar", + "ecosystem": "Debian" + }, + "version": "1.29b-1.1+deb9u1" + }, "vulns": [ { "id": "DEBIAN-CVE-2005-2541", @@ -2400,6 +4959,10 @@ "id": "DEBIAN-CVE-2023-39804", "modified": "" }, + { + "id": "DEBIAN-CVE-2026-5704", + "modified": "" + }, { "id": "DLA-3755-1", "modified": "" @@ -2407,6 +4970,13 @@ ] }, { + "query": { + "package": { + "name": "tzdata", + "ecosystem": "Debian" + }, + "version": "2021a-0+deb9u3" + }, "vulns": [ { "id": "DLA-3051-1", @@ -2455,6 +5025,13 @@ ] }, { + "query": { + "package": { + "name": "ucf", + "ecosystem": "Debian" + }, + "version": "3.0036" + }, "vulns": [ { "id": "DLA-4016-1", @@ -2463,6 +5040,13 @@ ] }, { + "query": { + "package": { + "name": "util-linux", + "ecosystem": "Debian" + }, + "version": "2.29.2-1+deb9u1" + }, "vulns": [ { "id": "DEBIAN-CVE-2016-2779", @@ -2496,6 +5080,10 @@ "id": "DEBIAN-CVE-2025-14104", "modified": "" }, + { + "id": "DEBIAN-CVE-2026-27456", + "modified": "" + }, { "id": "DEBIAN-CVE-2026-3184", "modified": "" @@ -2515,6 +5103,13 @@ ] }, { + "query": { + "package": { + "name": "xz-utils", + "ecosystem": "Debian" + }, + "version": "5.2.2-1.2+deb9u1" + }, "vulns": [ { "id": "DEBIAN-CVE-2022-1271", @@ -2528,6 +5123,10 @@ "id": "DEBIAN-CVE-2025-31115", "modified": "" }, + { + "id": "DEBIAN-CVE-2026-34743", + "modified": "" + }, { "id": "DSA-5123-1", "modified": "" @@ -2539,6 +5138,13 @@ ] }, { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.10-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2018-25032", @@ -2559,6 +5165,13 @@ ] }, { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.10-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2018-25032", @@ -2579,6 +5192,13 @@ ] }, { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.10-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2018-25032", @@ -2599,6 +5219,13 @@ ] }, { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.12-r1" + }, "vulns": [ { "id": "ALPINE-CVE-2022-37434", @@ -2614,8 +5241,26 @@ } ] }, - {}, - {} + { + "query": { + "package": { + "name": "zlib1g", + "ecosystem": "Debian" + }, + "version": "1:1.2.8.dfsg-5+deb9u1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zstd", + "ecosystem": "Debian" + }, + "version": "1.1.2-1+deb9u1" + }, + "vulns": [] + } ] } @@ -2625,6 +5270,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -2641,6 +5293,13 @@ { "results": [ { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.24.4" + }, "vulns": [ { "id": "GO-2025-3849", @@ -2725,10 +5384,41 @@ { "id": "GO-2026-4603", "modified": "" + }, + { + "id": "GO-2026-4864", + "modified": "" + }, + { + "id": "GO-2026-4865", + "modified": "" + }, + { + "id": "GO-2026-4869", + "modified": "" + }, + { + "id": "GO-2026-4870", + "modified": "" + }, + { + "id": "GO-2026-4946", + "modified": "" + }, + { + "id": "GO-2026-4947", + "modified": "" } ] }, { + "query": { + "package": { + "name": "toolchain", + "ecosystem": "Go" + }, + "version": "1.24.4" + }, "vulns": [ { "id": "GO-2025-3828", @@ -2741,6 +5431,18 @@ { "id": "GO-2026-4433", "modified": "" + }, + { + "id": "GO-2026-4867", + "modified": "" + }, + { + "id": "GO-2026-4868", + "modified": "" + }, + { + "id": "GO-2026-4871", + "modified": "" } ] } @@ -2753,6 +5455,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -2768,14 +5477,86 @@ [Test/cassette_TestCommand/TestCommand/ignoring_.gitignore - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -2784,7 +5565,16 @@ [Test/cassette_TestCommand/TestCommand/json_output - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -2793,8 +5583,26 @@ [Test/cassette_TestCommand/TestCommand/nested_directories_are_checked_when_`--recursive`_is_passed - 1] { "results": [ - {}, - {} + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -2803,7 +5611,16 @@ [Test/cassette_TestCommand/TestCommand/no_lockfiles_with_recursion_and_with_allow_flag_are_fine - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -2812,7 +5629,16 @@ [Test/cassette_TestCommand/TestCommand/no_lockfiles_with_recursion_but_without_allow_flag_are_fine - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -2821,7 +5647,16 @@ [Test/cassette_TestCommand/TestCommand/one_specific_supported_lockfile - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -2831,6 +5666,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -2846,7 +5688,16 @@ [Test/cassette_TestCommand/TestCommand/one_specific_supported_lockfile_with_offline_explicitly_false - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -2855,27 +5706,157 @@ [Test/cassette_TestCommand/TestCommand/one_specific_supported_sbom_with_duplicate_PURLs - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", "modified": "" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "" } ] }, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.10-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2018-25032", @@ -2903,27 +5884,157 @@ [Test/cassette_TestCommand/TestCommand/one_specific_supported_sbom_with_duplicate_PURLs_using_-L_flag - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", "modified": "" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "" } ] }, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.10-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2018-25032", @@ -2948,33 +6059,177 @@ --- -[Test/cassette_TestCommand/TestCommand/one_specific_supported_sbom_with_invalid_PURLs - 1] -{ - "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {} - ] -} - ---- - +[Test/cassette_TestCommand/TestCommand/one_specific_supported_sbom_with_invalid_PURLs - 1] +{ + "results": [ + { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + } + ] +} + +--- + [Test/cassette_TestCommand/TestCommand/one_specific_supported_sbom_with_invalid_PURLs_using_-L_flag - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + } ] } @@ -2983,27 +6238,157 @@ [Test/cassette_TestCommand/TestCommand/one_specific_supported_sbom_with_vulns - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", "modified": "" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "" } ] }, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.10-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2018-25032", @@ -3031,27 +6416,157 @@ [Test/cassette_TestCommand/TestCommand/one_specific_supported_sbom_with_vulns_using_-L_flag - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", "modified": "" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "" } ] }, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.10-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2018-25032", @@ -3079,7 +6594,16 @@ [Test/cassette_TestCommand/TestCommand/only_the_files_in_the_given_directories_are_checked_by_default_(no_recursion) - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + } ] } @@ -3089,6 +6613,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -3105,6 +6636,13 @@ { "results": [ { + "query": { + "package": { + "name": "black", + "ecosystem": "PyPI" + }, + "version": "25.1.0" + }, "vulns": [ { "id": "GHSA-3936-cmfr-pm3m", @@ -3112,15 +6650,94 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "certifi", + "ecosystem": "PyPI" + }, + "version": "2025.10.5" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "certifi", + "ecosystem": "PyPI" + }, + "version": "2025.10.5" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "chardet", + "ecosystem": "PyPI" + }, + "version": "3.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "chardet", + "ecosystem": "PyPI" + }, + "version": "3.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "click", + "ecosystem": "PyPI" + }, + "version": "8.3.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "click", + "ecosystem": "PyPI" + }, + "version": "8.3.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "click", + "ecosystem": "PyPI" + }, + "version": "8.3.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "click", + "ecosystem": "PyPI" + }, + "version": "8.3.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "django", + "ecosystem": "PyPI" + }, + "version": "1.11.29" + }, "vulns": [ { "id": "GHSA-68w8-qjq3-2gfm", @@ -3157,6 +6774,13 @@ ] }, { + "query": { + "package": { + "name": "django", + "ecosystem": "PyPI" + }, + "version": "1.11.29" + }, "vulns": [ { "id": "GHSA-68w8-qjq3-2gfm", @@ -3193,6 +6817,13 @@ ] }, { + "query": { + "package": { + "name": "django", + "ecosystem": "PyPI" + }, + "version": "2.2.24" + }, "vulns": [ { "id": "GHSA-2gwj-7jmv-h26r", @@ -3285,6 +6916,13 @@ ] }, { + "query": { + "package": { + "name": "flask", + "ecosystem": "PyPI" + }, + "version": "1.0" + }, "vulns": [ { "id": "GHSA-68rp-wp8r-4726", @@ -3301,6 +6939,13 @@ ] }, { + "query": { + "package": { + "name": "flask", + "ecosystem": "PyPI" + }, + "version": "1.0" + }, "vulns": [ { "id": "GHSA-68rp-wp8r-4726", @@ -3317,6 +6962,13 @@ ] }, { + "query": { + "package": { + "name": "flask", + "ecosystem": "PyPI" + }, + "version": "1.0" + }, "vulns": [ { "id": "GHSA-68rp-wp8r-4726", @@ -3333,6 +6985,13 @@ ] }, { + "query": { + "package": { + "name": "flask", + "ecosystem": "PyPI" + }, + "version": "1.0.0" + }, "vulns": [ { "id": "GHSA-68rp-wp8r-4726", @@ -3349,6 +7008,13 @@ ] }, { + "query": { + "package": { + "name": "flask-cors", + "ecosystem": "PyPI" + }, + "version": "1.0.0" + }, "vulns": [ { "id": "GHSA-43qf-4rqw-9q2g", @@ -3385,6 +7051,13 @@ ] }, { + "query": { + "package": { + "name": "idna", + "ecosystem": "PyPI" + }, + "version": "2.7" + }, "vulns": [ { "id": "GHSA-jjg7-2v4v-x38h", @@ -3397,6 +7070,13 @@ ] }, { + "query": { + "package": { + "name": "idna", + "ecosystem": "PyPI" + }, + "version": "2.7" + }, "vulns": [ { "id": "GHSA-jjg7-2v4v-x38h", @@ -3408,20 +7088,144 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "itsdangerous", + "ecosystem": "PyPI" + }, + "version": "2.2.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "itsdangerous", + "ecosystem": "PyPI" + }, + "version": "2.2.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "itsdangerous", + "ecosystem": "PyPI" + }, + "version": "2.2.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "jinja2", + "ecosystem": "PyPI" + }, + "version": "3.1.6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "jinja2", + "ecosystem": "PyPI" + }, + "version": "3.1.6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "jinja2", + "ecosystem": "PyPI" + }, + "version": "3.1.6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "markupsafe", + "ecosystem": "PyPI" + }, + "version": "3.0.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "markupsafe", + "ecosystem": "PyPI" + }, + "version": "3.0.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "markupsafe", + "ecosystem": "PyPI" + }, + "version": "3.0.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "mypy-extensions", + "ecosystem": "PyPI" + }, + "version": "1.1.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "numpy", + "ecosystem": "PyPI" + }, + "version": "2.3.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "numpy", + "ecosystem": "PyPI" + }, + "version": "2.3.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "packaging", + "ecosystem": "PyPI" + }, + "version": "25.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "pandas", + "ecosystem": "PyPI" + }, + "version": "0.23.4" + }, "vulns": [ { "id": "PYSEC-2020-73", @@ -3429,12 +7233,64 @@ } ] }, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "pathspec", + "ecosystem": "PyPI" + }, + "version": "0.12.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "platformdirs", + "ecosystem": "PyPI" + }, + "version": "4.4.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "pytz", + "ecosystem": "PyPI" + }, + "version": "2025.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "pytz", + "ecosystem": "PyPI" + }, + "version": "2025.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "pytz", + "ecosystem": "PyPI" + }, + "version": "2025.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "requests", + "ecosystem": "PyPI" + }, + "version": "2.20.0" + }, "vulns": [ { "id": "GHSA-9hjg-9r4m-mvj7", @@ -3459,6 +7315,13 @@ ] }, { + "query": { + "package": { + "name": "requests", + "ecosystem": "PyPI" + }, + "version": "2.20.0" + }, "vulns": [ { "id": "GHSA-9hjg-9r4m-mvj7", @@ -3483,6 +7346,13 @@ ] }, { + "query": { + "package": { + "name": "sqlparse", + "ecosystem": "PyPI" + }, + "version": "0.5.3" + }, "vulns": [ { "id": "GHSA-27jp-wm6q-gp25", @@ -3490,9 +7360,34 @@ } ] }, - {}, - {}, { + "query": { + "package": { + "name": "tomli", + "ecosystem": "PyPI" + }, + "version": "2.2.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "typing-extensions", + "ecosystem": "PyPI" + }, + "version": "4.15.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "urllib3", + "ecosystem": "PyPI" + }, + "version": "1.24.3" + }, "vulns": [ { "id": "GHSA-2xpw-w6gg-jr37", @@ -3545,6 +7440,13 @@ ] }, { + "query": { + "package": { + "name": "urllib3", + "ecosystem": "PyPI" + }, + "version": "1.24.3" + }, "vulns": [ { "id": "GHSA-2xpw-w6gg-jr37", @@ -3597,6 +7499,13 @@ ] }, { + "query": { + "package": { + "name": "werkzeug", + "ecosystem": "PyPI" + }, + "version": "3.1.3" + }, "vulns": [ { "id": "GHSA-29vq-49wr-vm6x", @@ -3613,6 +7522,13 @@ ] }, { + "query": { + "package": { + "name": "werkzeug", + "ecosystem": "PyPI" + }, + "version": "3.1.3" + }, "vulns": [ { "id": "GHSA-29vq-49wr-vm6x", @@ -3629,6 +7545,13 @@ ] }, { + "query": { + "package": { + "name": "werkzeug", + "ecosystem": "PyPI" + }, + "version": "3.1.3" + }, "vulns": [ { "id": "GHSA-29vq-49wr-vm6x", @@ -3653,6 +7576,13 @@ { "results": [ { + "query": { + "package": { + "name": "black", + "ecosystem": "PyPI" + }, + "version": "25.1.0" + }, "vulns": [ { "id": "GHSA-3936-cmfr-pm3m", @@ -3660,15 +7590,94 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "certifi", + "ecosystem": "PyPI" + }, + "version": "2025.10.5" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "certifi", + "ecosystem": "PyPI" + }, + "version": "2025.10.5" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "chardet", + "ecosystem": "PyPI" + }, + "version": "3.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "chardet", + "ecosystem": "PyPI" + }, + "version": "3.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "click", + "ecosystem": "PyPI" + }, + "version": "8.3.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "click", + "ecosystem": "PyPI" + }, + "version": "8.3.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "click", + "ecosystem": "PyPI" + }, + "version": "8.3.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "click", + "ecosystem": "PyPI" + }, + "version": "8.3.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "django", + "ecosystem": "PyPI" + }, + "version": "1.11.29" + }, "vulns": [ { "id": "GHSA-68w8-qjq3-2gfm", @@ -3705,6 +7714,13 @@ ] }, { + "query": { + "package": { + "name": "django", + "ecosystem": "PyPI" + }, + "version": "1.11.29" + }, "vulns": [ { "id": "GHSA-68w8-qjq3-2gfm", @@ -3741,6 +7757,13 @@ ] }, { + "query": { + "package": { + "name": "django", + "ecosystem": "PyPI" + }, + "version": "2.2.24" + }, "vulns": [ { "id": "GHSA-2gwj-7jmv-h26r", @@ -3833,6 +7856,13 @@ ] }, { + "query": { + "package": { + "name": "flask", + "ecosystem": "PyPI" + }, + "version": "1.0" + }, "vulns": [ { "id": "GHSA-68rp-wp8r-4726", @@ -3849,6 +7879,13 @@ ] }, { + "query": { + "package": { + "name": "flask", + "ecosystem": "PyPI" + }, + "version": "1.0" + }, "vulns": [ { "id": "GHSA-68rp-wp8r-4726", @@ -3865,6 +7902,13 @@ ] }, { + "query": { + "package": { + "name": "flask", + "ecosystem": "PyPI" + }, + "version": "1.0" + }, "vulns": [ { "id": "GHSA-68rp-wp8r-4726", @@ -3881,6 +7925,13 @@ ] }, { + "query": { + "package": { + "name": "flask", + "ecosystem": "PyPI" + }, + "version": "1.0.0" + }, "vulns": [ { "id": "GHSA-68rp-wp8r-4726", @@ -3897,6 +7948,13 @@ ] }, { + "query": { + "package": { + "name": "flask-cors", + "ecosystem": "PyPI" + }, + "version": "1.0.0" + }, "vulns": [ { "id": "GHSA-43qf-4rqw-9q2g", @@ -3933,6 +7991,13 @@ ] }, { + "query": { + "package": { + "name": "idna", + "ecosystem": "PyPI" + }, + "version": "2.7" + }, "vulns": [ { "id": "GHSA-jjg7-2v4v-x38h", @@ -3945,6 +8010,13 @@ ] }, { + "query": { + "package": { + "name": "idna", + "ecosystem": "PyPI" + }, + "version": "2.7" + }, "vulns": [ { "id": "GHSA-jjg7-2v4v-x38h", @@ -3956,20 +8028,144 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "itsdangerous", + "ecosystem": "PyPI" + }, + "version": "2.2.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "itsdangerous", + "ecosystem": "PyPI" + }, + "version": "2.2.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "itsdangerous", + "ecosystem": "PyPI" + }, + "version": "2.2.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "jinja2", + "ecosystem": "PyPI" + }, + "version": "3.1.6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "jinja2", + "ecosystem": "PyPI" + }, + "version": "3.1.6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "jinja2", + "ecosystem": "PyPI" + }, + "version": "3.1.6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "markupsafe", + "ecosystem": "PyPI" + }, + "version": "3.0.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "markupsafe", + "ecosystem": "PyPI" + }, + "version": "3.0.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "markupsafe", + "ecosystem": "PyPI" + }, + "version": "3.0.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "mypy-extensions", + "ecosystem": "PyPI" + }, + "version": "1.1.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "numpy", + "ecosystem": "PyPI" + }, + "version": "2.3.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "numpy", + "ecosystem": "PyPI" + }, + "version": "2.3.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "packaging", + "ecosystem": "PyPI" + }, + "version": "25.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "pandas", + "ecosystem": "PyPI" + }, + "version": "0.23.4" + }, "vulns": [ { "id": "PYSEC-2020-73", @@ -3977,12 +8173,64 @@ } ] }, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "pathspec", + "ecosystem": "PyPI" + }, + "version": "0.12.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "platformdirs", + "ecosystem": "PyPI" + }, + "version": "4.5.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "pytz", + "ecosystem": "PyPI" + }, + "version": "2025.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "pytz", + "ecosystem": "PyPI" + }, + "version": "2025.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "pytz", + "ecosystem": "PyPI" + }, + "version": "2025.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "requests", + "ecosystem": "PyPI" + }, + "version": "2.20.0" + }, "vulns": [ { "id": "GHSA-9hjg-9r4m-mvj7", @@ -4007,6 +8255,13 @@ ] }, { + "query": { + "package": { + "name": "requests", + "ecosystem": "PyPI" + }, + "version": "2.20.0" + }, "vulns": [ { "id": "GHSA-9hjg-9r4m-mvj7", @@ -4031,6 +8286,13 @@ ] }, { + "query": { + "package": { + "name": "sqlparse", + "ecosystem": "PyPI" + }, + "version": "0.5.3" + }, "vulns": [ { "id": "GHSA-27jp-wm6q-gp25", @@ -4038,9 +8300,34 @@ } ] }, - {}, - {}, { + "query": { + "package": { + "name": "tomli", + "ecosystem": "PyPI" + }, + "version": "2.3.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "typing-extensions", + "ecosystem": "PyPI" + }, + "version": "4.15.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "urllib3", + "ecosystem": "PyPI" + }, + "version": "1.24.3" + }, "vulns": [ { "id": "GHSA-2xpw-w6gg-jr37", @@ -4093,6 +8380,13 @@ ] }, { + "query": { + "package": { + "name": "urllib3", + "ecosystem": "PyPI" + }, + "version": "1.24.3" + }, "vulns": [ { "id": "GHSA-2xpw-w6gg-jr37", @@ -4145,6 +8439,13 @@ ] }, { + "query": { + "package": { + "name": "werkzeug", + "ecosystem": "PyPI" + }, + "version": "3.1.3" + }, "vulns": [ { "id": "GHSA-29vq-49wr-vm6x", @@ -4161,6 +8462,13 @@ ] }, { + "query": { + "package": { + "name": "werkzeug", + "ecosystem": "PyPI" + }, + "version": "3.1.3" + }, "vulns": [ { "id": "GHSA-29vq-49wr-vm6x", @@ -4177,6 +8485,13 @@ ] }, { + "query": { + "package": { + "name": "werkzeug", + "ecosystem": "PyPI" + }, + "version": "3.1.3" + }, "vulns": [ { "id": "GHSA-29vq-49wr-vm6x", @@ -4200,8 +8515,24 @@ [Test/cassette_TestCommand/TestCommand/spdx_2.3_output - 1] { "results": [ - {}, { + "query": { + "package": { + "name": "has-flag", + "ecosystem": "npm" + }, + "version": "4.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "league/flysystem", + "ecosystem": "Packagist" + }, + "version": "1.0.8" + }, "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", @@ -4209,9 +8540,36 @@ } ] }, - {}, - {}, - {} + { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "toolchain", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "wrappy", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + } ] } @@ -4220,7 +8578,16 @@ [Test/cassette_TestCommand/TestCommand/verbosity_level_=_error - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -4229,7 +8596,16 @@ [Test/cassette_TestCommand/TestCommand/verbosity_level_=_info - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } diff --git a/tools/apitester/__snapshots__/cassette_TestCommandNonGit.snap b/tools/apitester/__snapshots__/cassette_TestCommandNonGit.snap index b9a796d03fa..f193232e42a 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommandNonGit.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommandNonGit.snap @@ -2,7 +2,16 @@ [Test/cassette_TestCommandNonGit/TestCommandNonGit/one_specific_supported_lockfile - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_CallAnalysis.snap b/tools/apitester/__snapshots__/cassette_TestCommand_CallAnalysis.snap index 71dcf91312c..555c2de25d0 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_CallAnalysis.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_CallAnalysis.snap @@ -3,6 +3,13 @@ { "results": [ { + "query": { + "package": { + "name": "github.com/gogo/protobuf", + "ecosystem": "Go" + }, + "version": "1.3.1" + }, "vulns": [ { "id": "GHSA-c3h9-896r-86jm", @@ -15,6 +22,13 @@ ] }, { + "query": { + "package": { + "name": "github.com/ipfs/go-bitfield", + "ecosystem": "Go" + }, + "version": "1.0.0" + }, "vulns": [ { "id": "GHSA-2h6c-j3gf-xp9r", @@ -27,7 +41,18 @@ ] }, { + "query": { + "package": { + "name": "golang.org/x/image", + "ecosystem": "Go" + }, + "version": "0.4.0" + }, "vulns": [ + { + "id": "GHSA-44p7-9xx4-hf2g", + "modified": "" + }, { "id": "GHSA-9phm-fm57-rhg8", "modified": "" @@ -63,6 +88,14 @@ { "id": "GO-2026-4815", "modified": "" + }, + { + "id": "GO-2026-4961", + "modified": "" + }, + { + "id": "GO-2026-4962", + "modified": "" } ] } @@ -75,6 +108,13 @@ { "results": [ { + "query": { + "package": { + "name": "github.com/gogo/protobuf", + "ecosystem": "Go" + }, + "version": "1.3.1" + }, "vulns": [ { "id": "GHSA-c3h9-896r-86jm", @@ -95,6 +135,13 @@ { "results": [ { + "query": { + "package": { + "name": "github.com/gogo/protobuf", + "ecosystem": "Go" + }, + "version": "1.3.1" + }, "vulns": [ { "id": "GHSA-c3h9-896r-86jm", diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_ExplicitExtractors.snap b/tools/apitester/__snapshots__/cassette_TestCommand_ExplicitExtractors.snap index 6e0b1fe025d..cb06fba66c8 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_ExplicitExtractors.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_ExplicitExtractors.snap @@ -3,6 +3,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -10,7 +17,16 @@ } ] }, - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -20,6 +36,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -27,7 +50,16 @@ } ] }, - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -37,6 +69,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -52,30 +91,187 @@ [Test/cassette_TestCommand_ExplicitExtractors/TestCommand_ExplicitExtractors/scanning_directory_with_one_specific_extractor_disabled - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", "modified": "" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "" } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -96,6 +292,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -112,6 +315,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_ExplicitExtractors_WithDefaults.snap b/tools/apitester/__snapshots__/cassette_TestCommand_ExplicitExtractors_WithDefaults.snap index fc04e207e37..fb73b4f18d3 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_ExplicitExtractors_WithDefaults.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_ExplicitExtractors_WithDefaults.snap @@ -2,10 +2,46 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithDefaults/TestCommand_ExplicitExtractors_WithDefaults/scanning_directory_with_a_couple_of_specific_extractors_enabled_individually - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -14,10 +50,44 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithDefaults/TestCommand_ExplicitExtractors_WithDefaults/scanning_directory_with_a_couple_of_specific_extractors_enabled_individually#01 - 1] { "results": [ - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -25,27 +95,157 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", "modified": "" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "" } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -65,10 +265,44 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithDefaults/TestCommand_ExplicitExtractors_WithDefaults/scanning_directory_with_a_couple_of_specific_extractors_enabled_specified_together - 1] { "results": [ - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -76,27 +310,157 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", "modified": "" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "" } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -116,10 +480,46 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithDefaults/TestCommand_ExplicitExtractors_WithDefaults/scanning_directory_with_a_couple_of_specific_extractors_enabled_specified_together#01 - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -128,10 +528,44 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithDefaults/TestCommand_ExplicitExtractors_WithDefaults/scanning_directory_with_an_extractor_that_does_not_exist - 1] { "results": [ - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -139,27 +573,157 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", "modified": "" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "" } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -179,10 +743,46 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithDefaults/TestCommand_ExplicitExtractors_WithDefaults/scanning_directory_with_an_extractor_that_does_not_exist#01 - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -191,9 +791,36 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithDefaults/TestCommand_ExplicitExtractors_WithDefaults/scanning_directory_with_one_specific_extractor_disabled - 1] { "results": [ - {}, - {}, - {} + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -202,30 +829,187 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithDefaults/TestCommand_ExplicitExtractors_WithDefaults/scanning_directory_with_one_specific_extractor_disabled#01 - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", "modified": "" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "" } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -245,10 +1029,44 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithDefaults/TestCommand_ExplicitExtractors_WithDefaults/scanning_directory_with_one_specific_extractor_enabled_and_the_defaults - 1] { "results": [ - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -256,27 +1074,157 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", "modified": "" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "" } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -296,10 +1244,46 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithDefaults/TestCommand_ExplicitExtractors_WithDefaults/scanning_directory_with_one_specific_extractor_enabled_and_the_defaults#01 - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -308,7 +1292,16 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithDefaults/TestCommand_ExplicitExtractors_WithDefaults/scanning_file_with_one_different_extractor_enabled - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -318,6 +1311,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -333,7 +1333,16 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithDefaults/TestCommand_ExplicitExtractors_WithDefaults/scanning_file_with_one_specific_extractor_enabled#01 - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + } ] } diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_ExplicitExtractors_WithoutDefaults.snap b/tools/apitester/__snapshots__/cassette_TestCommand_ExplicitExtractors_WithoutDefaults.snap index 01985806a83..f5df6221f99 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_ExplicitExtractors_WithoutDefaults.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_ExplicitExtractors_WithoutDefaults.snap @@ -3,6 +3,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -10,7 +17,16 @@ } ] }, - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -19,8 +35,26 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithoutDefaults/TestCommand_ExplicitExtractors_WithoutDefaults/scanning_directory_with_a_couple_of_specific_extractors_enabled_individually#01 - 1] { "results": [ - {}, - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -30,6 +64,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -37,7 +78,16 @@ } ] }, - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -46,8 +96,26 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithoutDefaults/TestCommand_ExplicitExtractors_WithoutDefaults/scanning_directory_with_a_couple_of_specific_extractors_enabled_specified_together#01 - 1] { "results": [ - {}, - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -57,6 +125,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -72,7 +147,16 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithoutDefaults/TestCommand_ExplicitExtractors_WithoutDefaults/scanning_directory_with_an_extractor_that_does_not_exist#01 - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + } ] } @@ -81,30 +165,187 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithoutDefaults/TestCommand_ExplicitExtractors_WithoutDefaults/scanning_directory_with_one_specific_extractor_disabled - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", "modified": "" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "" } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -124,9 +365,36 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithoutDefaults/TestCommand_ExplicitExtractors_WithoutDefaults/scanning_directory_with_one_specific_extractor_disabled#01 - 1] { "results": [ - {}, - {}, - {} + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -136,6 +404,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -151,7 +426,16 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithoutDefaults/TestCommand_ExplicitExtractors_WithoutDefaults/scanning_directory_with_one_specific_extractor_enabled_and_no_defaults#01 - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + } ] } @@ -161,6 +445,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -176,7 +467,16 @@ [Test/cassette_TestCommand_ExplicitExtractors_WithoutDefaults/TestCommand_ExplicitExtractors_WithoutDefaults/scanning_file_with_one_specific_extractor_enabled#01 - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + } ] } diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_GithubActions.snap b/tools/apitester/__snapshots__/cassette_TestCommand_GithubActions.snap index 7fd2a6eed15..e465495f3aa 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_GithubActions.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_GithubActions.snap @@ -2,8 +2,18 @@ [Test/cassette_TestCommand_GithubActions/TestCommand_GithubActions/scanning_osv-scanner_custom_format - 1] { "results": [ - {}, { + "query": { + "commit": "4579d5538f06c5ef615a15bc67ebb9ac0523a973", + "package": {} + }, + "vulns": [] + }, + { + "query": { + "commit": "9de7a0544457c6aba755ccb65abb41b0dc1db70d", + "package": {} + }, "vulns": [ { "id": "CVE-2023-39137", @@ -15,7 +25,13 @@ } ] }, - {} + { + "query": { + "commit": "5d60bd2eb4642b64d00c845e5ca9f1ea41fd6db6", + "package": {} + }, + "vulns": [] + } ] } @@ -24,8 +40,18 @@ [Test/cassette_TestCommand_GithubActions/TestCommand_GithubActions/scanning_osv-scanner_custom_format_output_json - 1] { "results": [ - {}, { + "query": { + "commit": "4579d5538f06c5ef615a15bc67ebb9ac0523a973", + "package": {} + }, + "vulns": [] + }, + { + "query": { + "commit": "9de7a0544457c6aba755ccb65abb41b0dc1db70d", + "package": {} + }, "vulns": [ { "id": "CVE-2023-39137", @@ -37,7 +63,13 @@ } ] }, - {} + { + "query": { + "commit": "5d60bd2eb4642b64d00c845e5ca9f1ea41fd6db6", + "package": {} + }, + "vulns": [] + } ] } diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_HtmlFile.snap b/tools/apitester/__snapshots__/cassette_TestCommand_HtmlFile.snap index 1345c968ffd..82849f1c519 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_HtmlFile.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_HtmlFile.snap @@ -2,7 +2,16 @@ [Test/cassette_TestCommand_HtmlFile/TestCommand_HtmlFile - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_JavareachArchive.snap b/tools/apitester/__snapshots__/cassette_TestCommand_JavareachArchive.snap index 14a3130fa68..3a3f0796a57 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_JavareachArchive.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_JavareachArchive.snap @@ -2,9 +2,34 @@ [Test/cassette_TestCommand_JavareachArchive/TestCommand_JavareachArchive/jars_can_be_scanned_with_call_analysis - 1] { "results": [ - {}, - {}, { + "query": { + "package": { + "name": "com.amazonaws:aws-java-sdk-core", + "ecosystem": "Maven" + }, + "version": "1.11.327" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.amazonaws:aws-java-sdk-kms", + "ecosystem": "Maven" + }, + "version": "1.11.327" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.amazonaws:aws-java-sdk-s3", + "ecosystem": "Maven" + }, + "version": "1.11.327" + }, "vulns": [ { "id": "GHSA-c28r-hw5m-5gv3", @@ -12,10 +37,44 @@ } ] }, - {}, - {}, - {}, { + "query": { + "package": { + "name": "com.amazonaws:jmespath-java", + "ecosystem": "Maven" + }, + "version": "1.11.327" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.example:hello-tester", + "ecosystem": "Maven" + }, + "version": "1.0-SNAPSHOT" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.fasterxml.jackson.core:jackson-annotations", + "ecosystem": "Maven" + }, + "version": "2.6.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.fasterxml.jackson.core:jackson-core", + "ecosystem": "Maven" + }, + "version": "2.14.0" + }, "vulns": [ { "id": "GHSA-72hv-8253-57qq", @@ -28,6 +87,13 @@ ] }, { + "query": { + "package": { + "name": "com.fasterxml.jackson.core:jackson-databind", + "ecosystem": "Maven" + }, + "version": "2.6.7.1" + }, "vulns": [ { "id": "GHSA-288c-cq4h-88gq", @@ -223,11 +289,54 @@ } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "com.fasterxml.jackson.dataformat:jackson-dataformat-cbor", + "ecosystem": "Maven" + }, + "version": "2.6.7" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "commons-codec:commons-codec", + "ecosystem": "Maven" + }, + "version": "1.10" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "commons-logging:commons-logging", + "ecosystem": "Maven" + }, + "version": "1.1.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "joda-time:joda-time", + "ecosystem": "Maven" + }, + "version": "2.8.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.apache.commons:commons-lang3", + "ecosystem": "Maven" + }, + "version": "3.12.0" + }, "vulns": [ { "id": "GHSA-j288-q9x7-2f5v", @@ -236,6 +345,13 @@ ] }, { + "query": { + "package": { + "name": "org.apache.httpcomponents:httpclient", + "ecosystem": "Maven" + }, + "version": "4.5.5" + }, "vulns": [ { "id": "GHSA-7r82-7xv7-xcpj", @@ -243,10 +359,39 @@ } ] }, - {}, - {}, { + "query": { + "package": { + "name": "org.apache.httpcomponents:httpcore", + "ecosystem": "Maven" + }, + "version": "4.4.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.eclipse.jetty:jetty-continuation", + "ecosystem": "Maven" + }, + "version": "9.4.40.v20210413" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.eclipse.jetty:jetty-http", + "ecosystem": "Maven" + }, + "version": "9.4.40.v20210413" + }, "vulns": [ + { + "id": "GHSA-355h-qmc2-wpwf", + "modified": "" + }, { "id": "GHSA-cj7v-27pg-wf7q", "modified": "" @@ -265,8 +410,24 @@ } ] }, - {}, { + "query": { + "package": { + "name": "org.eclipse.jetty:jetty-io", + "ecosystem": "Maven" + }, + "version": "9.4.40.v20210413" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.eclipse.jetty:jetty-servlets", + "ecosystem": "Maven" + }, + "version": "9.4.40.v20210413" + }, "vulns": [ { "id": "GHSA-3gh6-v5v9-6v9j", @@ -282,8 +443,24 @@ } ] }, - {}, { + "query": { + "package": { + "name": "org.eclipse.jetty:jetty-util", + "ecosystem": "Maven" + }, + "version": "9.4.40.v20210413" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "software.amazon.ion:ion-java", + "ecosystem": "Maven" + }, + "version": "1.0.2" + }, "vulns": [ { "id": "GHSA-264p-99wq-f4j6", @@ -299,9 +476,34 @@ [Test/cassette_TestCommand_JavareachArchive/TestCommand_JavareachArchive/jars_can_be_scanned_without_call_analysis - 1] { "results": [ - {}, - {}, { + "query": { + "package": { + "name": "com.amazonaws:aws-java-sdk-core", + "ecosystem": "Maven" + }, + "version": "1.11.327" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.amazonaws:aws-java-sdk-kms", + "ecosystem": "Maven" + }, + "version": "1.11.327" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.amazonaws:aws-java-sdk-s3", + "ecosystem": "Maven" + }, + "version": "1.11.327" + }, "vulns": [ { "id": "GHSA-c28r-hw5m-5gv3", @@ -309,10 +511,44 @@ } ] }, - {}, - {}, - {}, { + "query": { + "package": { + "name": "com.amazonaws:jmespath-java", + "ecosystem": "Maven" + }, + "version": "1.11.327" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.example:hello-tester", + "ecosystem": "Maven" + }, + "version": "1.0-SNAPSHOT" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.fasterxml.jackson.core:jackson-annotations", + "ecosystem": "Maven" + }, + "version": "2.6.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.fasterxml.jackson.core:jackson-core", + "ecosystem": "Maven" + }, + "version": "2.14.0" + }, "vulns": [ { "id": "GHSA-72hv-8253-57qq", @@ -325,6 +561,13 @@ ] }, { + "query": { + "package": { + "name": "com.fasterxml.jackson.core:jackson-databind", + "ecosystem": "Maven" + }, + "version": "2.6.7.1" + }, "vulns": [ { "id": "GHSA-288c-cq4h-88gq", @@ -520,11 +763,54 @@ } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "com.fasterxml.jackson.dataformat:jackson-dataformat-cbor", + "ecosystem": "Maven" + }, + "version": "2.6.7" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "commons-codec:commons-codec", + "ecosystem": "Maven" + }, + "version": "1.10" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "commons-logging:commons-logging", + "ecosystem": "Maven" + }, + "version": "1.1.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "joda-time:joda-time", + "ecosystem": "Maven" + }, + "version": "2.8.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.apache.commons:commons-lang3", + "ecosystem": "Maven" + }, + "version": "3.12.0" + }, "vulns": [ { "id": "GHSA-j288-q9x7-2f5v", @@ -533,6 +819,13 @@ ] }, { + "query": { + "package": { + "name": "org.apache.httpcomponents:httpclient", + "ecosystem": "Maven" + }, + "version": "4.5.5" + }, "vulns": [ { "id": "GHSA-7r82-7xv7-xcpj", @@ -540,10 +833,39 @@ } ] }, - {}, - {}, { + "query": { + "package": { + "name": "org.apache.httpcomponents:httpcore", + "ecosystem": "Maven" + }, + "version": "4.4.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.eclipse.jetty:jetty-continuation", + "ecosystem": "Maven" + }, + "version": "9.4.40.v20210413" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.eclipse.jetty:jetty-http", + "ecosystem": "Maven" + }, + "version": "9.4.40.v20210413" + }, "vulns": [ + { + "id": "GHSA-355h-qmc2-wpwf", + "modified": "" + }, { "id": "GHSA-cj7v-27pg-wf7q", "modified": "" @@ -562,8 +884,24 @@ } ] }, - {}, { + "query": { + "package": { + "name": "org.eclipse.jetty:jetty-io", + "ecosystem": "Maven" + }, + "version": "9.4.40.v20210413" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.eclipse.jetty:jetty-servlets", + "ecosystem": "Maven" + }, + "version": "9.4.40.v20210413" + }, "vulns": [ { "id": "GHSA-3gh6-v5v9-6v9j", @@ -579,8 +917,24 @@ } ] }, - {}, { + "query": { + "package": { + "name": "org.eclipse.jetty:jetty-util", + "ecosystem": "Maven" + }, + "version": "9.4.40.v20210413" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "software.amazon.ion:ion-java", + "ecosystem": "Maven" + }, + "version": "1.0.2" + }, "vulns": [ { "id": "GHSA-264p-99wq-f4j6", diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_Licenses.snap b/tools/apitester/__snapshots__/cassette_TestCommand_Licenses.snap index 638a909f050..4b7a1909afe 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_Licenses.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_Licenses.snap @@ -2,10 +2,46 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/Licenses_in_summary_mode_json - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "babel", + "ecosystem": "npm" + }, + "version": "6.23.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "human-signals", + "ecosystem": "npm" + }, + "version": "5.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ms", + "ecosystem": "npm" + }, + "version": "2.1.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "type-fest", + "ecosystem": "npm" + }, + "version": "4.26.1" + }, + "vulns": [] + } ] } @@ -14,10 +50,46 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/Licenses_with_expressions - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "babel", + "ecosystem": "npm" + }, + "version": "6.23.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "human-signals", + "ecosystem": "npm" + }, + "version": "5.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ms", + "ecosystem": "npm" + }, + "version": "2.1.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "type-fest", + "ecosystem": "npm" + }, + "version": "4.26.1" + }, + "vulns": [] + } ] } @@ -26,10 +98,46 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/Licenses_with_invalid_expression_in_config - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "babel", + "ecosystem": "npm" + }, + "version": "6.23.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "human-signals", + "ecosystem": "npm" + }, + "version": "5.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ms", + "ecosystem": "npm" + }, + "version": "2.1.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "type-fest", + "ecosystem": "npm" + }, + "version": "4.26.1" + }, + "vulns": [] + } ] } @@ -38,10 +146,46 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/No_license_violations_and_show-all-packages_in_json - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "babel", + "ecosystem": "npm" + }, + "version": "6.23.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "human-signals", + "ecosystem": "npm" + }, + "version": "5.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ms", + "ecosystem": "npm" + }, + "version": "2.1.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "type-fest", + "ecosystem": "npm" + }, + "version": "4.26.1" + }, + "vulns": [] + } ] } @@ -50,7 +194,16 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/No_vulnerabilities_but_license_violations_with_allowlist - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + } ] } @@ -59,10 +212,46 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/No_vulnerabilities_with_license_summary - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -71,10 +260,44 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/No_vulnerabilities_with_license_summary#01 - 1] { "results": [ - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -82,27 +305,157 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", "modified": "" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "" } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -122,10 +475,44 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/No_vulnerabilities_with_license_summary_in_markdown - 1] { "results": [ - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -133,27 +520,157 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", "modified": "" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "" } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -173,10 +690,46 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/No_vulnerabilities_with_license_summary_in_markdown#01 - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.8" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -185,10 +738,46 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/Show_all_Packages_with_license_summary_in_json - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "babel", + "ecosystem": "npm" + }, + "version": "6.23.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "human-signals", + "ecosystem": "npm" + }, + "version": "5.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ms", + "ecosystem": "npm" + }, + "version": "2.1.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "type-fest", + "ecosystem": "npm" + }, + "version": "4.26.1" + }, + "vulns": [] + } ] } @@ -197,14 +786,84 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/Some_packages_with_ignored_licenses - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "alpine-baselayout", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-baselayout-data", + "ecosystem": "Alpine" + }, + "version": "3.4.0-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "alpine-keys", + "ecosystem": "Alpine" + }, + "version": "2.4-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "apk-tools", + "ecosystem": "Alpine" + }, + "version": "2.12.10-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "busybox-binsh", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ca-certificates-bundle", + "ecosystem": "Alpine" + }, + "version": "20220614-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "league/flysystem", + "ecosystem": "Packagist" + }, + "version": "1.0.8" + }, "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", @@ -212,24 +871,127 @@ } ] }, - {}, - {}, - {}, { + "query": { + "package": { + "name": "libc-utils", + "ecosystem": "Alpine" + }, + "version": "0.7.2-r3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libcrypto3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "libssl3", + "ecosystem": "Alpine" + }, + "version": "3.0.8-r0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "musl", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, "vulns": [ { "id": "ALPINE-CVE-2025-26519", "modified": "" + }, + { + "id": "ALPINE-CVE-2026-40200", + "modified": "" + }, + { + "id": "ALPINE-CVE-2026-6042", + "modified": "" } ] }, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "musl-utils", + "ecosystem": "Alpine" + }, + "version": "1.2.3-r4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "scanelf", + "ecosystem": "Alpine" + }, + "version": "1.3.5-r1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ssl_client", + "ecosystem": "Alpine" + }, + "version": "1.36.1-r27" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "toolchain", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "zlib", + "ecosystem": "Alpine" + }, + "version": "1.2.13-r0" + }, "vulns": [ { "id": "ALPINE-CVE-2026-22184", @@ -249,8 +1011,24 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/Some_packages_with_ignored_licenses#01 - 1] { "results": [ - {}, { + "query": { + "package": { + "name": "ast", + "ecosystem": "RubyGems" + }, + "version": "2.4.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "league/flysystem", + "ecosystem": "Packagist" + }, + "version": "1.0.8" + }, "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", @@ -258,9 +1036,36 @@ } ] }, - {}, - {}, - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "toolchain", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + } ] } @@ -269,10 +1074,46 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/Some_packages_with_license_violations_and_show-all-packages_in_json - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "babel", + "ecosystem": "npm" + }, + "version": "6.23.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "human-signals", + "ecosystem": "npm" + }, + "version": "5.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ms", + "ecosystem": "npm" + }, + "version": "2.1.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "type-fest", + "ecosystem": "npm" + }, + "version": "4.26.1" + }, + "vulns": [] + } ] } @@ -281,10 +1122,46 @@ [Test/cassette_TestCommand_Licenses/TestCommand_Licenses/Some_packages_with_license_violations_in_json - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "babel", + "ecosystem": "npm" + }, + "version": "6.23.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "human-signals", + "ecosystem": "npm" + }, + "version": "5.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ms", + "ecosystem": "npm" + }, + "version": "2.1.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "type-fest", + "ecosystem": "npm" + }, + "version": "4.26.1" + }, + "vulns": [] + } ] } @@ -294,6 +1171,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -310,6 +1194,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -326,6 +1217,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_LockfileWithExplicitParseAs.snap b/tools/apitester/__snapshots__/cassette_TestCommand_LockfileWithExplicitParseAs.snap index a932c0f8e5d..05b0b961347 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_LockfileWithExplicitParseAs.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_LockfileWithExplicitParseAs.snap @@ -2,7 +2,16 @@ [Test/cassette_TestCommand_LockfileWithExplicitParseAs/TestCommand_LockfileWithExplicitParseAs/absolute_paths_are_automatically_escaped_on_windows - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + } ] } @@ -11,7 +20,16 @@ [Test/cassette_TestCommand_LockfileWithExplicitParseAs/TestCommand_LockfileWithExplicitParseAs/absolute_paths_work_with_explicit_escaping - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "balanced-match", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + } ] } @@ -20,7 +38,16 @@ [Test/cassette_TestCommand_LockfileWithExplicitParseAs/TestCommand_LockfileWithExplicitParseAs/empty_is_default - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -30,6 +57,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -38,6 +72,13 @@ ] }, { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -45,8 +86,24 @@ } ] }, - {}, { + "query": { + "package": { + "name": "has-flag", + "ecosystem": "npm" + }, + "version": "4.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "league/flysystem", + "ecosystem": "Packagist" + }, + "version": "1.0.8" + }, "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", @@ -54,9 +111,36 @@ } ] }, - {}, - {}, - {} + { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "toolchain", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "wrappy", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + } ] } @@ -66,6 +150,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -74,6 +165,13 @@ ] }, { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -81,8 +179,24 @@ } ] }, - {}, { + "query": { + "package": { + "name": "has-flag", + "ecosystem": "npm" + }, + "version": "4.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "league/flysystem", + "ecosystem": "Packagist" + }, + "version": "1.0.8" + }, "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", @@ -90,9 +204,36 @@ } ] }, - {}, - {}, - {} + { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "toolchain", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "wrappy", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + } ] } @@ -107,6 +248,13 @@ { "results": [ { + "query": { + "package": { + "name": "ansi-html", + "ecosystem": "npm" + }, + "version": "0.0.1" + }, "vulns": [ { "id": "GHSA-whgm-jr23-g3j9", @@ -114,8 +262,24 @@ } ] }, - {}, { + "query": { + "package": { + "name": "has-flag", + "ecosystem": "npm" + }, + "version": "4.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "league/flysystem", + "ecosystem": "Packagist" + }, + "version": "1.0.8" + }, "vulns": [ { "id": "GHSA-9f46-5r25-5wfm", @@ -123,9 +287,36 @@ } ] }, - {}, - {}, - {} + { + "query": { + "package": { + "name": "stdlib", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "toolchain", + "ecosystem": "Go" + }, + "version": "1.99.9" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "wrappy", + "ecosystem": "npm" + }, + "version": "1.0.2" + }, + "vulns": [] + } ] } diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_MoreLockfiles.snap b/tools/apitester/__snapshots__/cassette_TestCommand_MoreLockfiles.snap index 69e9d2e386f..c10c9a313a9 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_MoreLockfiles.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_MoreLockfiles.snap @@ -2,12 +2,64 @@ [Test/cassette_TestCommand_MoreLockfiles/TestCommand_MoreLockfiles/cabal.project.freeze - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "AC-Angle", + "ecosystem": "Hackage" + }, + "version": "1.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ALUT", + "ecosystem": "Hackage" + }, + "version": "2.4.0.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "ANum", + "ecosystem": "Hackage" + }, + "version": "0.2.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "Agda", + "ecosystem": "Hackage" + }, + "version": "2.6.4.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "Allure", + "ecosystem": "Hackage" + }, + "version": "0.11.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "biscuit-haskell", + "ecosystem": "Hackage" + }, + "version": "0.3.0.0" + }, "vulns": [ { "id": "HSEC-2024-0009", @@ -23,9 +75,34 @@ [Test/cassette_TestCommand_MoreLockfiles/TestCommand_MoreLockfiles/depsjson - 1] { "results": [ - {}, - {}, { + "query": { + "package": { + "name": "AWSSDK.Core", + "ecosystem": "NuGet" + }, + "version": "3.7.10.6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "Microsoft.Extensions.DependencyInjection", + "ecosystem": "NuGet" + }, + "version": "6.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "System.Linq.Dynamic.Core", + "ecosystem": "NuGet" + }, + "version": "1.3.7" + }, "vulns": [ { "id": "GHSA-4cv2-4hjh-77rx", @@ -33,7 +110,16 @@ } ] }, - {} + { + "query": { + "package": { + "name": "TestLibrary", + "ecosystem": "NuGet" + }, + "version": "1.0.0" + }, + "vulns": [] + } ] } @@ -42,19 +128,134 @@ [Test/cassette_TestCommand_MoreLockfiles/TestCommand_MoreLockfiles/gems.locked - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "async", + "ecosystem": "RubyGems" + }, + "version": "2.23.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "async-dns", + "ecosystem": "RubyGems" + }, + "version": "1.4.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "async-http", + "ecosystem": "RubyGems" + }, + "version": "0.87.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "async-pool", + "ecosystem": "RubyGems" + }, + "version": "0.10.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "console", + "ecosystem": "RubyGems" + }, + "version": "1.29.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "fiber-annotation", + "ecosystem": "RubyGems" + }, + "version": "0.2.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "fiber-local", + "ecosystem": "RubyGems" + }, + "version": "1.1.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "fiber-storage", + "ecosystem": "RubyGems" + }, + "version": "1.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "geoip", + "ecosystem": "RubyGems" + }, + "version": "1.6.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "io-endpoint", + "ecosystem": "RubyGems" + }, + "version": "0.15.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "io-event", + "ecosystem": "RubyGems" + }, + "version": "1.9.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "io-stream", + "ecosystem": "RubyGems" + }, + "version": "0.6.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "json", + "ecosystem": "RubyGems" + }, + "version": "2.10.1" + }, "vulns": [ { "id": "GHSA-9m3q-rhmv-5q44", @@ -62,8 +263,24 @@ } ] }, - {}, { + "query": { + "package": { + "name": "metrics", + "ecosystem": "RubyGems" + }, + "version": "0.12.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "nokogiri", + "ecosystem": "RubyGems" + }, + "version": "1.18.2" + }, "vulns": [ { "id": "GHSA-353f-x4gh-cqq8", @@ -87,16 +304,106 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "process-daemon", + "ecosystem": "RubyGems" + }, + "version": "1.0.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "protocol-hpack", + "ecosystem": "RubyGems" + }, + "version": "1.5.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "protocol-http", + "ecosystem": "RubyGems" + }, + "version": "0.49.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "protocol-http1", + "ecosystem": "RubyGems" + }, + "version": "0.30.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "protocol-http2", + "ecosystem": "RubyGems" + }, + "version": "0.22.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "racc", + "ecosystem": "RubyGems" + }, + "version": "1.8.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "rainbow", + "ecosystem": "RubyGems" + }, + "version": "2.2.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "rake", + "ecosystem": "RubyGems" + }, + "version": "13.2.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "rubydns", + "ecosystem": "RubyGems" + }, + "version": "2.0.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "traces", + "ecosystem": "RubyGems" + }, + "version": "0.15.2" + }, + "vulns": [] + } ] } @@ -105,8 +412,26 @@ [Test/cassette_TestCommand_MoreLockfiles/TestCommand_MoreLockfiles/packages.config - 1] { "results": [ - {}, - {} + { + "query": { + "package": { + "name": "Microsoft.CodeDom.Providers.DotNetCompilerPlatform", + "ecosystem": "NuGet" + }, + "version": "1.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "Microsoft.Net.Compilers", + "ecosystem": "NuGet" + }, + "version": "1.0.0" + }, + "vulns": [] + } ] } @@ -115,7 +440,16 @@ [Test/cassette_TestCommand_MoreLockfiles/TestCommand_MoreLockfiles/packages.lock.json - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "Newtonsoft.Json", + "ecosystem": "NuGet" + }, + "version": "13.0.3" + }, + "vulns": [] + } ] } @@ -124,10 +458,46 @@ [Test/cassette_TestCommand_MoreLockfiles/TestCommand_MoreLockfiles/stack.yaml.lock - 1] { "results": [ - {}, - {}, - {}, - {} + { + "query": { + "package": { + "name": "fuzzyset", + "ecosystem": "Hackage" + }, + "version": "0.2.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "hasql-pool", + "ecosystem": "Hackage" + }, + "version": "1.0.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "jose-jwt", + "ecosystem": "Hackage" + }, + "version": "0.10.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "postgresql-libpq", + "ecosystem": "Hackage" + }, + "version": "0.10.1.0" + }, + "vulns": [] + } ] } @@ -136,8 +506,24 @@ [Test/cassette_TestCommand_MoreLockfiles/TestCommand_MoreLockfiles/uv.lock - 1] { "results": [ - {}, { + "query": { + "package": { + "name": "emoji", + "ecosystem": "PyPI" + }, + "version": "2.14.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "protobuf", + "ecosystem": "PyPI" + }, + "version": "4.25.5" + }, "vulns": [ { "id": "GHSA-7gcm-g887-7qv7", diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_Transitive.snap b/tools/apitester/__snapshots__/cassette_TestCommand_Transitive.snap index ce816a27e42..0d1e2b2c348 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_Transitive.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_Transitive.snap @@ -2,7 +2,16 @@ [Test/cassette_TestCommand_Transitive/TestCommand_Transitive/does_not_scan_transitive_dependencies_for_pom.xml_with_no-resolve - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-web", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, + "vulns": [] + } ] } @@ -12,6 +21,13 @@ { "results": [ { + "query": { + "package": { + "name": "django", + "ecosystem": "PyPI" + }, + "version": "1.11.29" + }, "vulns": [ { "id": "GHSA-68w8-qjq3-2gfm", @@ -48,6 +64,13 @@ ] }, { + "query": { + "package": { + "name": "flask", + "ecosystem": "PyPI" + }, + "version": "1.0.0" + }, "vulns": [ { "id": "GHSA-68rp-wp8r-4726", @@ -64,6 +87,13 @@ ] }, { + "query": { + "package": { + "name": "requests", + "ecosystem": "PyPI" + }, + "version": "2.20.0" + }, "vulns": [ { "id": "GHSA-9hjg-9r4m-mvj7", @@ -96,6 +126,13 @@ { "results": [ { + "query": { + "package": { + "name": "flask", + "ecosystem": "PyPI" + }, + "version": "1.0.0" + }, "vulns": [ { "id": "GHSA-68rp-wp8r-4726", @@ -112,6 +149,13 @@ ] }, { + "query": { + "package": { + "name": "flask-cors", + "ecosystem": "PyPI" + }, + "version": "1.0.0" + }, "vulns": [ { "id": "GHSA-43qf-4rqw-9q2g", @@ -148,6 +192,13 @@ ] }, { + "query": { + "package": { + "name": "pandas", + "ecosystem": "PyPI" + }, + "version": "0.23.4" + }, "vulns": [ { "id": "PYSEC-2020-73", @@ -163,24 +214,184 @@ [Test/cassette_TestCommand_Transitive/TestCommand_Transitive/resolves_transitive_dependencies_with_native_data_source - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "com.android.support:animated-vector-drawable", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.android.support:appcompat-v7", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.android.support:mediarouter-v7", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.android.support:palette-v7", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.android.support:support-annotations", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.android.support:support-v4", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.android.support:support-vector-drawable", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-ads", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-ads-lite", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-analytics", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-analytics-impl", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-appinvite", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-auth", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-auth-base", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-awareness", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-base", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-basement", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, "vulns": [ { "id": "GHSA-cm6r-892j-jv2g", @@ -188,47 +399,413 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "com.google.android.gms:play-services-cast", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-cast-framework", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-clearcut", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-drive", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-fitness", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-games", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-gass", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-gcm", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-identity", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-iid", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-instantapps", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-location", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-maps", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-nearby", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-panorama", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-places", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-plus", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-safetynet", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-tagmanager", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-tagmanager-api", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-tagmanager-v4-impl", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-tasks", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-vision", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-wallet", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-wearable", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-analytics", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-analytics-impl", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-appindexing", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-auth", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-common", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-config", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-crash", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-database", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-database-connection", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-iid", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-messaging", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-storage", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-storage-common", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-api", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-core", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, "vulns": [ + { + "id": "GHSA-3pxv-7cmr-fjr4", + "modified": "" + }, + { + "id": "GHSA-6hg6-v5c8-fphq", + "modified": "" + }, { "id": "GHSA-7rjr-3q55-vv33", "modified": "" @@ -251,7 +828,16 @@ } ] }, - {} + { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-web", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, + "vulns": [] + } ] } @@ -261,6 +847,13 @@ { "results": [ { + "query": { + "package": { + "name": "django", + "ecosystem": "PyPI" + }, + "version": "1.11.29" + }, "vulns": [ { "id": "GHSA-68w8-qjq3-2gfm", @@ -297,6 +890,13 @@ ] }, { + "query": { + "package": { + "name": "flask", + "ecosystem": "PyPI" + }, + "version": "1.0.0" + }, "vulns": [ { "id": "GHSA-68rp-wp8r-4726", @@ -312,8 +912,24 @@ } ] }, - {}, { + "query": { + "package": { + "name": "numpy", + "ecosystem": "PyPI" + }, + "version": "2.3.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "requests", + "ecosystem": "PyPI" + }, + "version": "2.20.0" + }, "vulns": [ { "id": "GHSA-9hjg-9r4m-mvj7", @@ -345,24 +961,184 @@ [Test/cassette_TestCommand_Transitive/TestCommand_Transitive/scans_dependencies_from_multiple_registries - 1] { "results": [ - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "com.android.support:animated-vector-drawable", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.android.support:appcompat-v7", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.android.support:mediarouter-v7", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.android.support:palette-v7", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.android.support:support-annotations", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.android.support:support-v4", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.android.support:support-vector-drawable", + "ecosystem": "Maven" + }, + "version": "24.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-ads", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-ads-lite", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-analytics", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-analytics-impl", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-appinvite", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-auth", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-auth-base", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-awareness", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-base", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-basement", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, "vulns": [ { "id": "GHSA-cm6r-892j-jv2g", @@ -370,47 +1146,413 @@ } ] }, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "com.google.android.gms:play-services-cast", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-cast-framework", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-clearcut", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-drive", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-fitness", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-games", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-gass", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-gcm", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-identity", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-iid", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-instantapps", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-location", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-maps", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-nearby", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-panorama", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-places", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-plus", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-safetynet", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-tagmanager", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-tagmanager-api", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-tagmanager-v4-impl", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-tasks", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-vision", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-wallet", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.android.gms:play-services-wearable", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-analytics", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-analytics-impl", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-appindexing", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-auth", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-common", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-config", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-crash", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-database", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-database-connection", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-iid", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-messaging", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-storage", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "com.google.firebase:firebase-storage-common", + "ecosystem": "Maven" + }, + "version": "10.0.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-api", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-core", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, "vulns": [ + { + "id": "GHSA-3pxv-7cmr-fjr4", + "modified": "" + }, + { + "id": "GHSA-6hg6-v5c8-fphq", + "modified": "" + }, { "id": "GHSA-7rjr-3q55-vv33", "modified": "" @@ -433,7 +1575,16 @@ } ] }, - {} + { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-web", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, + "vulns": [] + } ] } @@ -443,6 +1594,13 @@ { "results": [ { + "query": { + "package": { + "name": "junit:junit", + "ecosystem": "Maven" + }, + "version": "4.12" + }, "vulns": [ { "id": "GHSA-269g-pwp5-87pp", @@ -450,7 +1608,16 @@ } ] }, - {} + { + "query": { + "package": { + "name": "org.hamcrest:hamcrest-core", + "ecosystem": "Maven" + }, + "version": "1.3" + }, + "vulns": [] + } ] } @@ -459,9 +1626,33 @@ [Test/cassette_TestCommand_Transitive/TestCommand_Transitive/scans_transitive_dependencies_by_specifying_pom.xml - 1] { "results": [ - {}, { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-api", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-core", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, "vulns": [ + { + "id": "GHSA-3pxv-7cmr-fjr4", + "modified": "" + }, + { + "id": "GHSA-6hg6-v5c8-fphq", + "modified": "" + }, { "id": "GHSA-7rjr-3q55-vv33", "modified": "" @@ -484,7 +1675,16 @@ } ] }, - {} + { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-web", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, + "vulns": [] + } ] } @@ -493,9 +1693,33 @@ [Test/cassette_TestCommand_Transitive/TestCommand_Transitive/scans_transitive_dependencies_for_pom.xml_by_default - 1] { "results": [ - {}, { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-api", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-core", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, "vulns": [ + { + "id": "GHSA-3pxv-7cmr-fjr4", + "modified": "" + }, + { + "id": "GHSA-6hg6-v5c8-fphq", + "modified": "" + }, { "id": "GHSA-7rjr-3q55-vv33", "modified": "" @@ -518,7 +1742,16 @@ } ] }, - {} + { + "query": { + "package": { + "name": "org.apache.logging.log4j:log4j-web", + "ecosystem": "Maven" + }, + "version": "2.14.1" + }, + "vulns": [] + } ] } @@ -527,10 +1760,44 @@ [Test/cassette_TestCommand_Transitive/TestCommand_Transitive/uses_native_data_source_for_requirements.txt - 1] { "results": [ - {}, - {}, - {}, { + "query": { + "package": { + "name": "certifi", + "ecosystem": "PyPI" + }, + "version": "2025.10.5" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "chardet", + "ecosystem": "PyPI" + }, + "version": "3.0.4" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "click", + "ecosystem": "PyPI" + }, + "version": "8.3.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "django", + "ecosystem": "PyPI" + }, + "version": "1.11.29" + }, "vulns": [ { "id": "GHSA-68w8-qjq3-2gfm", @@ -567,6 +1834,13 @@ ] }, { + "query": { + "package": { + "name": "flask", + "ecosystem": "PyPI" + }, + "version": "1.0" + }, "vulns": [ { "id": "GHSA-68rp-wp8r-4726", @@ -583,6 +1857,13 @@ ] }, { + "query": { + "package": { + "name": "idna", + "ecosystem": "PyPI" + }, + "version": "2.7" + }, "vulns": [ { "id": "GHSA-jjg7-2v4v-x38h", @@ -594,11 +1875,54 @@ } ] }, - {}, - {}, - {}, - {}, { + "query": { + "package": { + "name": "itsdangerous", + "ecosystem": "PyPI" + }, + "version": "2.2.0" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "jinja2", + "ecosystem": "PyPI" + }, + "version": "3.1.6" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "markupsafe", + "ecosystem": "PyPI" + }, + "version": "3.0.3" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "pytz", + "ecosystem": "PyPI" + }, + "version": "2025.2" + }, + "vulns": [] + }, + { + "query": { + "package": { + "name": "requests", + "ecosystem": "PyPI" + }, + "version": "2.20.0" + }, "vulns": [ { "id": "GHSA-9hjg-9r4m-mvj7", @@ -623,6 +1947,13 @@ ] }, { + "query": { + "package": { + "name": "urllib3", + "ecosystem": "PyPI" + }, + "version": "1.24.3" + }, "vulns": [ { "id": "GHSA-2xpw-w6gg-jr37", @@ -675,6 +2006,13 @@ ] }, { + "query": { + "package": { + "name": "werkzeug", + "ecosystem": "PyPI" + }, + "version": "3.1.3" + }, "vulns": [ { "id": "GHSA-29vq-49wr-vm6x", diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_WithDetector_OffLinux.snap b/tools/apitester/__snapshots__/cassette_TestCommand_WithDetector_OffLinux.snap index 1045a195aab..765065a2e0b 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_WithDetector_OffLinux.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_WithDetector_OffLinux.snap @@ -2,7 +2,16 @@ [Test/cassette_TestCommand_WithDetector_OffLinux/TestCommand_WithDetector_OffLinux/ssh_version_errors - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -11,7 +20,16 @@ [Test/cassette_TestCommand_WithDetector_OffLinux/TestCommand_WithDetector_OffLinux/ssh_version_is_after_last_vuln_version - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -20,7 +38,16 @@ [Test/cassette_TestCommand_WithDetector_OffLinux/TestCommand_WithDetector_OffLinux/ssh_version_is_before_first_vuln_version - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_WithDetector_OnLinux.snap b/tools/apitester/__snapshots__/cassette_TestCommand_WithDetector_OnLinux.snap index 24522cb11d2..474dcc14444 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_WithDetector_OnLinux.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_WithDetector_OnLinux.snap @@ -2,7 +2,16 @@ [Test/cassette_TestCommand_WithDetector_OnLinux/TestCommand_WithDetector_OnLinux/ssh_version_errors - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -11,7 +20,16 @@ [Test/cassette_TestCommand_WithDetector_OnLinux/TestCommand_WithDetector_OnLinux/ssh_version_is_after_last_vuln_version - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } @@ -20,7 +38,16 @@ [Test/cassette_TestCommand_WithDetector_OnLinux/TestCommand_WithDetector_OnLinux/ssh_version_is_before_first_vuln_version - 1] { "results": [ - {} + { + "query": { + "package": { + "name": "sentry/sdk", + "ecosystem": "Packagist" + }, + "version": "2.0.4" + }, + "vulns": [] + } ] } diff --git a/tools/apitester/__snapshots__/cassette_batch_query.snap b/tools/apitester/__snapshots__/cassette_batch_query.snap old mode 100644 new mode 100755 index 059b9c07312..9ece27b5e24 --- a/tools/apitester/__snapshots__/cassette_batch_query.snap +++ b/tools/apitester/__snapshots__/cassette_batch_query.snap @@ -3,6 +3,9 @@ { "results": [ { + "query": { + "commit": "17b30e96476be70b8773b2b807bab857fd3ceb39" + }, "vulns": [ { "id": "CVE-2021-22569", @@ -23,18 +26,6 @@ { "id": "CVE-2022-3510", "modified": "" - }, - { - "id": "CVE-2024-2410", - "modified": "" - }, - { - "id": "CVE-2024-7254", - "modified": "" - }, - { - "id": "CVE-2025-4565", - "modified": "" } ] } diff --git a/tools/apitester/__snapshots__/cassette_single_query.snap b/tools/apitester/__snapshots__/cassette_single_query.snap index 7d4c9e9d441..28a0a906406 100755 --- a/tools/apitester/__snapshots__/cassette_single_query.snap +++ b/tools/apitester/__snapshots__/cassette_single_query.snap @@ -1,6 +1,9 @@ [Test/cassette_single_query/TestQueryEndpoint/CommitQuery - 1] { + "query": { + "commit": "6879efc2c1596d11a6a6ad296f80063b558d5e0f" + }, "vulns": [ { "id": "CVE-2021-45931", @@ -66,7 +69,7 @@ ] } ], - "versions": 138, + "versions": 135, "database_specific": "" } ], @@ -145,7 +148,7 @@ ] } ], - "versions": 154, + "versions": 151, "database_specific": "" } ], @@ -160,6 +163,7 @@ { "id": "CVE-2023-25193", "details": "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", + "aliases": ["ECHO-4f23-7a7e-c10a"], "modified": "", "published": "2023-02-04T20:15:08.027Z", "related": [ @@ -170,7 +174,6 @@ "ALSA-2024:2410", "ALSA-2024:2980", "CGA-8h2f-cgw9-hwqf", - "MGASA-2023-0272", "SUSE-SU-2023:1820-1", "SUSE-SU-2023:1821-1", "SUSE-SU-2023:1822-1", @@ -242,7 +245,7 @@ ] } ], - "versions": 163, + "versions": 160, "database_specific": "" } ], @@ -262,10 +265,11 @@ "modified": "", "published": "2026-01-10T05:53:21.019Z", "related": [ - "MGASA-2026-0015", "SUSE-SU-2026:0287-1", "SUSE-SU-2026:20762-1", - "openSUSE-SU-2026:10065-1" + "SUSE-SU-2026:20922-1", + "openSUSE-SU-2026:10065-1", + "openSUSE-SU-2026:20409-1" ], "database_specific": "", "references": [ @@ -311,7 +315,7 @@ "database_specific": "" } ], - "versions": 206, + "versions": 194, "database_specific": "" }, { @@ -329,7 +333,7 @@ ] } ], - "versions": 206, + "versions": 194, "database_specific": "" } ], @@ -390,6 +394,13 @@ [Test/cassette_single_query/TestQueryEndpoint/GitQueryByTag - 1] { + "query": { + "package": { + "name": "https://github.com/curl/curl.git", + "ecosystem": "GIT" + }, + "version": "8.5.0" + }, "vulns": [ { "id": "CURL-CVE-2024-0853", @@ -854,8 +865,8 @@ "id": "CURL-CVE-2025-0725", "summary": "gzip integer overflow", "details": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", - "aliases": ["CVE-2025-0725"], - "modified": "", + "aliases": ["CVE-2025-0725", "ECHO-f69f-cbd4-841a"], + "modified": "", "published": "2025-02-05T08:00:00Z", "database_specific": "", "affected": [ @@ -906,7 +917,7 @@ "summary": "missing SFTP host verification with wolfSSH", "details": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", "aliases": ["CVE-2025-10966"], - "modified": "", + "modified": "", "published": "2025-11-05T08:00:00Z", "database_specific": "", "affected": [ @@ -1058,7 +1069,7 @@ "id": "CURL-CVE-2025-14819", "summary": "OpenSSL partial chain store policy bypass", "details": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", - "aliases": ["CVE-2025-14819"], + "aliases": ["CVE-2025-14819", "ECHO-2c28-953d-b5a0"], "modified": "", "published": "2026-01-07T08:00:00Z", "database_specific": "", @@ -1461,7 +1472,7 @@ "database_specific": "" } ], - "versions": 204, + "versions": 203, "database_specific": "" } ], @@ -1483,7 +1494,6 @@ "ALSA-2025:1671", "ALSA-2025:1673", "CGA-q2m3-p84r-4g5w", - "MGASA-2024-0391", "SUSE-SU-2024:4284-1", "SUSE-SU-2024:4284-2", "SUSE-SU-2024:4287-1", @@ -1493,10 +1503,11 @@ "SUSE-SU-2025:20239-1", "openSUSE-SU-2024:14575-1" ], + "database_specific": "", "references": [ { "type": "ADVISORY", - "url": "https://security.netapp.com/advisory/ntap-20250131-0004/" + "url": "http://www.openwall.com/lists/oss-security/2024/12/11/1" }, { "type": "ADVISORY", @@ -1508,15 +1519,15 @@ }, { "type": "ADVISORY", - "url": "http://www.openwall.com/lists/oss-security/2024/12/11/1" + "url": "https://security.netapp.com/advisory/ntap-20250124-0012/" }, { "type": "ADVISORY", - "url": "https://security.netapp.com/advisory/ntap-20250124-0012/" + "url": "https://security.netapp.com/advisory/ntap-20250131-0003/" }, { "type": "ADVISORY", - "url": "https://security.netapp.com/advisory/ntap-20250131-0003/" + "url": "https://security.netapp.com/advisory/ntap-20250131-0004/" }, { "type": "REPORT", @@ -1560,7 +1571,6 @@ "published": "2024-03-27T08:15:41.173Z", "related": [ "CGA-j3wv-j4m4-gx9m", - "MGASA-2024-0099", "SUSE-SU-2024:1120-1", "SUSE-SU-2024:1150-1", "SUSE-SU-2024:1151-1", @@ -1655,12 +1665,11 @@ { "id": "CVE-2024-2379", "details": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.", - "aliases": ["CURL-CVE-2024-2379"], + "aliases": ["CURL-CVE-2024-2379", "ECHO-b0de-6c4f-e1fd"], "modified": "", "published": "2024-03-27T08:15:41.230Z", "related": [ "CGA-6rjf-f6x6-r857", - "MGASA-2024-0099", "SUSE-SU-2025:20029-1", "openSUSE-SU-2024:13805-1" ], @@ -1727,7 +1736,7 @@ "database_specific": "" } ], - "versions": 205, + "versions": 204, "database_specific": "" } ], @@ -1749,7 +1758,6 @@ "ALSA-2024:5529", "ALSA-2024:5654", "CGA-wp82-qqgp-vfc7", - "MGASA-2024-0099", "SUSE-SU-2024:1120-1", "SUSE-SU-2024:1150-1", "SUSE-SU-2024:1151-1", @@ -1849,7 +1857,6 @@ "published": "2024-03-27T08:15:41.343Z", "related": [ "CGA-9ch7-64c5-2ffr", - "MGASA-2024-0099", "SUSE-SU-2025:20029-1", "openSUSE-SU-2024:13805-1" ], @@ -1978,7 +1985,7 @@ "database_specific": "" } ], - "versions": 208, + "versions": 207, "database_specific": "" } ], @@ -2153,7 +2160,6 @@ "published": "2024-11-06T08:15:03.740Z", "related": [ "CGA-v39g-9hmw-2647", - "MGASA-2024-0360", "SUSE-SU-2024:3925-1", "SUSE-SU-2024:3926-1", "SUSE-SU-2024:3927-1", @@ -2253,7 +2259,6 @@ "published": "2025-02-05T10:15:22.710Z", "related": [ "CGA-v826-97c2-87gj", - "MGASA-2025-0123", "SUSE-SU-2025:0369-1", "SUSE-SU-2025:0370-1", "SUSE-SU-2025:0371-1", @@ -2315,7 +2320,6 @@ "published": "2025-02-05T10:15:22.857Z", "related": [ "CGA-pp5p-89c7-m76c", - "MGASA-2025-0123", "SUSE-SU-2025:03198-1", "SUSE-SU-2025:20239-1", "openSUSE-SU-2025:14809-1" @@ -2363,7 +2367,7 @@ "database_specific": "" } ], - "versions": 214, + "versions": 213, "database_specific": "" } ], @@ -2378,12 +2382,11 @@ { "id": "CVE-2025-0725", "details": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", - "aliases": ["CURL-CVE-2025-0725"], + "aliases": ["CURL-CVE-2025-0725", "ECHO-f69f-cbd4-841a"], "modified": "", "published": "2025-02-05T10:15:22.980Z", "related": [ "CGA-25q2-2hvj-grx8", - "MGASA-2025-0123", "SUSE-SU-2025:0369-1", "SUSE-SU-2025:0370-1", "SUSE-SU-2025:0371-1", @@ -2450,7 +2453,7 @@ "database_specific": "" } ], - "versions": 164, + "versions": 163, "database_specific": "" } ], @@ -2523,7 +2526,6 @@ "modified": "", "published": "2026-01-08T10:15:45.667Z", "related": [ - "MGASA-2026-0003", "SUSE-SU-2026:0077-1", "SUSE-SU-2026:0078-1", "SUSE-SU-2026:0119-1", @@ -2567,7 +2569,7 @@ "database_specific": "" } ], - "versions": 146, + "versions": 145, "database_specific": "" } ], @@ -2586,7 +2588,6 @@ "modified": "", "published": "2026-01-08T10:15:46.607Z", "related": [ - "MGASA-2026-0003", "SUSE-SU-2026:0050-1", "SUSE-SU-2026:0051-1", "SUSE-SU-2026:0052-1", @@ -2649,11 +2650,10 @@ { "id": "CVE-2025-14819", "details": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", - "aliases": ["CURL-CVE-2025-14819"], + "aliases": ["CURL-CVE-2025-14819", "ECHO-2c28-953d-b5a0"], "modified": "", "published": "2026-01-08T10:15:46.730Z", "related": [ - "MGASA-2026-0003", "SUSE-SU-2026:0050-1", "SUSE-SU-2026:0051-1", "SUSE-SU-2026:0052-1", @@ -2716,7 +2716,6 @@ "modified": "", "published": "2026-01-08T10:15:47.100Z", "related": [ - "MGASA-2026-0003", "SUSE-SU-2026:0050-1", "SUSE-SU-2026:0051-1", "SUSE-SU-2026:0052-1", @@ -2783,7 +2782,6 @@ "modified": "", "published": "2026-01-08T10:15:47.207Z", "related": [ - "MGASA-2026-0003", "SUSE-SU-2026:0050-1", "SUSE-SU-2026:0051-1", "SUSE-SU-2026:0052-1", @@ -2915,7 +2913,9 @@ "SUSE-SU-2026:20668-1", "SUSE-SU-2026:20722-1", "SUSE-SU-2026:20760-1", - "openSUSE-SU-2026:10371-1" + "SUSE-SU-2026:20918-1", + "openSUSE-SU-2026:10371-1", + "openSUSE-SU-2026:20404-1" ], "references": [ { @@ -2944,7 +2944,7 @@ "database_specific": "" } ], - "versions": 181, + "versions": 177, "database_specific": "" } ], @@ -2971,7 +2971,9 @@ "SUSE-SU-2026:20668-1", "SUSE-SU-2026:20722-1", "SUSE-SU-2026:20760-1", - "openSUSE-SU-2026:10371-1" + "SUSE-SU-2026:20918-1", + "openSUSE-SU-2026:10371-1", + "openSUSE-SU-2026:20404-1" ], "references": [ { @@ -3008,7 +3010,7 @@ "database_specific": "" } ], - "versions": 116, + "versions": 113, "database_specific": "" } ], @@ -3035,7 +3037,9 @@ "SUSE-SU-2026:20668-1", "SUSE-SU-2026:20722-1", "SUSE-SU-2026:20760-1", - "openSUSE-SU-2026:10371-1" + "SUSE-SU-2026:20918-1", + "openSUSE-SU-2026:10371-1", + "openSUSE-SU-2026:20404-1" ], "references": [ { @@ -3072,7 +3076,7 @@ "database_specific": "" } ], - "versions": 207, + "versions": 203, "database_specific": "" } ], @@ -3092,13 +3096,26 @@ [Test/cassette_single_query/TestQueryEndpoint/Invalid1 - 1] { "code": 3, - "message": "version specified in params and PURL query" + "message": "version specified in params and PURL query", + "query": { + "package": { + "purl": "pkg:pypi/jinja2@3.1.4" + }, + "version": "3.1.4" + } } --- [Test/cassette_single_query/TestQueryEndpoint/PackageAndVersionQuery - 1] { + "query": { + "package": { + "name": "nokogiri", + "ecosystem": "RubyGems" + }, + "version": "1.18.2" + }, "vulns": [ { "id": "GHSA-353f-x4gh-cqq8", @@ -3395,6 +3412,13 @@ [Test/cassette_single_query/TestQueryEndpoint/Valid1 - 1] { + "query": { + "package": { + "name": "jinja2", + "ecosystem": "PyPI" + }, + "version": "3.1.4" + }, "vulns": [ { "id": "GHSA-cpwx-vrp4-4pq7", @@ -3467,7 +3491,7 @@ "id": "GHSA-gmj6-6f8f-6699", "summary": "Jinja has a sandbox breakout through malicious filenames", "details": "A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used.\n\nTo exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename.", - "aliases": ["CVE-2024-56201"], + "aliases": ["CVE-2024-56201", "ECHO-2933-1e79-af27"], "modified": "", "published": "2024-12-23T17:54:12Z", "related": ["CGA-cxrh-g24g-3973"], @@ -3538,7 +3562,7 @@ "id": "GHSA-q2x7-8rv6-6q7h", "summary": "Jinja has a sandbox breakout through indirect reference to format method", "details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.", - "aliases": ["CVE-2024-56326"], + "aliases": ["CVE-2024-56326", "ECHO-1d31-dacb-27da"], "modified": "", "published": "2024-12-23T17:56:08Z", "related": ["CGA-vf88-6cvh-mxch"], @@ -3612,6 +3636,11 @@ [Test/cassette_single_query/TestQueryEndpoint/Valid2 - 1] { + "query": { + "package": { + "purl": "pkg:pypi/jinja2@3.1.4" + } + }, "vulns": [ { "id": "GHSA-cpwx-vrp4-4pq7", @@ -3684,7 +3713,7 @@ "id": "GHSA-gmj6-6f8f-6699", "summary": "Jinja has a sandbox breakout through malicious filenames", "details": "A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used.\n\nTo exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename.", - "aliases": ["CVE-2024-56201"], + "aliases": ["CVE-2024-56201", "ECHO-2933-1e79-af27"], "modified": "", "published": "2024-12-23T17:54:12Z", "related": ["CGA-cxrh-g24g-3973"], @@ -3755,7 +3784,7 @@ "id": "GHSA-q2x7-8rv6-6q7h", "summary": "Jinja has a sandbox breakout through indirect reference to format method", "details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.", - "aliases": ["CVE-2024-56326"], + "aliases": ["CVE-2024-56326", "ECHO-1d31-dacb-27da"], "modified": "", "published": "2024-12-23T17:56:08Z", "related": ["CGA-vf88-6cvh-mxch"], @@ -3829,6 +3858,12 @@ [Test/cassette_single_query/TestQueryEndpoint/Valid3 - 1] { + "query": { + "package": { + "purl": "pkg:pypi/jinja2" + }, + "version": "3.1.4" + }, "vulns": [ { "id": "GHSA-cpwx-vrp4-4pq7", @@ -3901,7 +3936,7 @@ "id": "GHSA-gmj6-6f8f-6699", "summary": "Jinja has a sandbox breakout through malicious filenames", "details": "A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used.\n\nTo exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename.", - "aliases": ["CVE-2024-56201"], + "aliases": ["CVE-2024-56201", "ECHO-2933-1e79-af27"], "modified": "", "published": "2024-12-23T17:54:12Z", "related": ["CGA-cxrh-g24g-3973"], @@ -3972,7 +4007,7 @@ "id": "GHSA-q2x7-8rv6-6q7h", "summary": "Jinja has a sandbox breakout through indirect reference to format method", "details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.", - "aliases": ["CVE-2024-56326"], + "aliases": ["CVE-2024-56326", "ECHO-1d31-dacb-27da"], "modified": "", "published": "2024-12-23T17:56:08Z", "related": ["CGA-vf88-6cvh-mxch"], diff --git a/tools/apitester/main_test.go b/tools/apitester/main_test.go index 3aa82bfeaa8..548e03cab6e 100644 --- a/tools/apitester/main_test.go +++ b/tools/apitester/main_test.go @@ -13,6 +13,7 @@ import ( "github.com/google/apitester/internal/vcr" "github.com/tidwall/gjson" "github.com/tidwall/pretty" + "github.com/tidwall/sjson" ) var ( @@ -79,7 +80,7 @@ func jsonReplaceRules(t *testing.T, resp *http.Response) []jsonreplace.Rule { } } -func normalizeJSONBody(t *testing.T, resp *http.Response) string { +func normalizeJSONBody(t *testing.T, reqBody []byte, resp *http.Response) string { t.Helper() body, err := io.ReadAll(resp.Body) @@ -90,6 +91,47 @@ func normalizeJSONBody(t *testing.T, resp *http.Response) string { body = jsonreplace.DoBytes(t, body, jsonReplaceRules(t, resp)) + switch resp.Request.URL.Path { + case "/v1/query": + if len(reqBody) > 0 { + res, err := sjson.SetRawBytes(body, "query", reqBody) + if err == nil { + body = res + } + } + if !gjson.GetBytes(body, "vulns").Exists() && !gjson.GetBytes(body, "code").Exists() { + res, err := sjson.SetRawBytes(body, "vulns", []byte("[]")) + if err == nil { + body = res + } + } else if vulns := gjson.GetBytes(body, "vulns"); vulns.Exists() { + body, _ = sjson.DeleteBytes(body, "vulns") + body, _ = sjson.SetRawBytes(body, "vulns", []byte(vulns.Raw)) + } + case "/v1/querybatch": + queries := gjson.GetBytes(reqBody, "queries") + results := gjson.GetBytes(body, "results") + if queries.IsArray() && results.IsArray() { + for i, query := range queries.Array() { + if i < len(results.Array()) { + res, err := sjson.SetRawBytes(body, fmt.Sprintf("results.%d.query", i), []byte(query.Raw)) + if err == nil { + body = res + } + if !gjson.GetBytes(body, fmt.Sprintf("results.%d.vulns", i)).Exists() && !gjson.GetBytes(body, "code").Exists() { + res, err := sjson.SetRawBytes(body, fmt.Sprintf("results.%d.vulns", i), []byte("[]")) + if err == nil { + body = res + } + } else if vulns := gjson.GetBytes(body, fmt.Sprintf("results.%d.vulns", i)); vulns.Exists() { + body, _ = sjson.DeleteBytes(body, fmt.Sprintf("results.%d.vulns", i)) + body, _ = sjson.SetRawBytes(body, fmt.Sprintf("results.%d.vulns", i), []byte(vulns.Raw)) + } + } + } + } + } + return string(pretty.Pretty(body)) } @@ -105,8 +147,9 @@ func Test(t *testing.T) { t.Run(vcr.DetermineInteractionName(interaction), func(t *testing.T) { t.Parallel() + reqBody := []byte(interaction.Request.Body) resp := vcr.Play(t, interaction) - body := normalizeJSONBody(t, resp) + body := normalizeJSONBody(t, reqBody, resp) resp.Body.Close()