fix(amazon): save system files for pkgs containing amzn in src (aquasecurity#5951)

Signed-off-by: knqyf263 <[email protected]>
Co-authored-by: knqyf263 <[email protected]>

Author: DmitriyLewen

pkg/fanal/analyzer/pkg/rpm/rpm.go

@@ -133,7 +133,7 @@ func (a rpmPkgAnalyzer) listPkgs(db RPMDB) (types.Packages, []string, error) {
 		// Check if the package is vendor-provided.
 		// If the package is not provided by vendor, the installed files should not be skipped.
 		var files []string
-		if packageProvidedByVendor(pkg.Vendor) {
+		if packageProvidedByVendor(pkg) {
 			files, err = pkg.InstalledFileNames()
 			if err != nil {
 				return nil, nil, xerrors.Errorf("unable to get installed files: %w", err)
@@ -235,12 +235,19 @@ func splitFileName(filename string) (name, ver, rel string, err error) {
 	return name, ver, rel, nil
 }
 
-func packageProvidedByVendor(pkgVendor string) bool {
+func packageProvidedByVendor(pkg *rpmdb.PackageInfo) bool {
+	if pkg.Vendor == "" {
+		// Official Amazon packages may not contain `Vendor` field:
+		// https://github.com/aquasecurity/trivy/issues/5887
+		return strings.Contains(pkg.Release, "amzn")
+	}
+
 	for _, vendor := range osVendors {
-		if strings.HasPrefix(pkgVendor, vendor) {
+		if strings.HasPrefix(pkg.Vendor, vendor) {
 			return true
 		}
 	}
+
 	return false
 }
 

pkg/fanal/analyzer/pkg/rpm/rpm_test.go

@@ -165,6 +165,62 @@ func Test_rpmPkgAnalyzer_listPkgs(t *testing.T) {
 				"/lib64/libm-2.27.so",
 			},
 		},
+		{
+			name: "Amazon official package without `Vendor` field",
+			mock: mock{
+				packages: []*rpmdb.PackageInfo{
+					{
+						Name:      "curl-minimal",
+						Version:   "8.3.0",
+						Release:   "1.amzn2023.0.2",
+						Arch:      "aarch64",
+						SourceRpm: "curl-8.3.0-1.amzn2023.0.2.src.rpm",
+						DirNames: []string{
+							"/usr/bin/",
+							"/usr/lib/",
+							"/usr/lib/.build-id/",
+							"/usr/lib/.build-id/aa/",
+							"/usr/share/man/man1/",
+						},
+						DirIndexes: []int32{0, 1, 2, 3, 4},
+						BaseNames: []string{
+							"curl",
+							".build-id",
+							"aa",
+							"d987ea9bc1c73706d12c7a143ee792117851ff",
+							"curl.1.gz",
+						},
+						Vendor: "",
+					},
+				},
+			},
+			wantPkgs: types.Packages{
+				{
+					ID:         "[email protected]",
+					Name:       "curl-minimal",
+					Version:    "8.3.0",
+					Release:    "1.amzn2023.0.2",
+					Arch:       "aarch64",
+					SrcName:    "curl",
+					SrcVersion: "8.3.0",
+					SrcRelease: "1.amzn2023.0.2",
+					InstalledFiles: []string{
+						"/usr/bin/curl",
+						"/usr/lib/.build-id",
+						"/usr/lib/.build-id/aa",
+						"/usr/lib/.build-id/aa/d987ea9bc1c73706d12c7a143ee792117851ff",
+						"/usr/share/man/man1/curl.1.gz",
+					},
+				},
+			},
+			wantFiles: []string{
+				"/usr/bin/curl",
+				"/usr/lib/.build-id",
+				"/usr/lib/.build-id/aa",
+				"/usr/lib/.build-id/aa/d987ea9bc1c73706d12c7a143ee792117851ff",
+				"/usr/share/man/man1/curl.1.gz",
+			},
+		},
 		{
 			name: "invalid source rpm",
 			mock: mock{