feat(suse): added SUSE Linux Enterprise Micro support

This adds support for the SUSE Linux Enterprise Micro family. This also fixes also purl logic for SUSE and openSUSE to match standard expectations better. aquasecurity#7221 Signed-off-by: Marcus Meissner <[email protected]>
msmeissn · Sep 13, 2024 · 5ae1927 · 5ae1927
1 parent 04a854c
commit 5ae1927
Show file tree

Hide file tree

Showing 22 changed files with 13,435 additions and 732 deletions.
diff --git a/docs/docs/coverage/os/index.md b/docs/docs/coverage/os/index.md
@@ -23,7 +23,8 @@ Trivy supports operating systems for
 | [Amazon Linux](amazon.md)             | 1, 2, 2023                          | dnf/yum/rpm      |
 | [openSUSE Leap](suse.md)              | 42, 15                              | zypper/rpm       |
 | [openSUSE Tumbleweed](suse.md)        | (n/a)                               | zypper/rpm       |
-| [SUSE Enterprise Linux](suse.md)      | 11, 12, 15                          | zypper/rpm       |
+| [SUSE Linux Enterprise](suse.md)      | 11, 12, 15                          | zypper/rpm       |
+| [SUSE Linux Enterprise Micro](suse.md)| 5, 6                                | zypper/rpm       |
 | [Photon OS](photon.md)                | 1.0, 2.0, 3.0, 4.0                  | tndf/yum/rpm     |
 | [Debian GNU/Linux](debian.md)         | 7, 8, 9, 10, 11, 12                 | apt/dpkg         |
 | [Ubuntu](ubuntu.md)                   | All versions supported by Canonical | apt/dpkg         |

diff --git a/docs/docs/coverage/os/suse.md b/docs/docs/coverage/os/suse.md
@@ -3,7 +3,8 @@ Trivy supports the following distributions:
 
 - openSUSE Leap
 - openSUSE Tumbleweed
-- SUSE Enterprise Linux (SLE)
+- SUSE Linux Enterprise (SLE)
+- SUSE Linux Enterprise Micro
 
 Please see [here](index.md#supported-os) for supported versions.
 

diff --git a/integration/client_server_test.go b/integration/client_server_test.go
@@ -220,6 +220,13 @@ func TestClientServer(t *testing.T) {
 			},
 			golden: "testdata/opensuse-tumbleweed.json.golden",
 		},
+		{
+			name: "sle micro rancher 5.4",
+			args: csArgs{
+				Input: "testdata/fixtures/images/sle-micro-rancher-5.4_ndb.tar.gz",
+			},
+			golden: "testdata/sl-micro-rancher5.4.json.golden",
+		},
 		{
 			name: "photon 3.0",
 			args: csArgs{

diff --git a/integration/docker_engine_test.go b/integration/docker_engine_test.go
@@ -198,6 +198,12 @@ func TestDockerEngine(t *testing.T) {
 			input:    "testdata/fixtures/images/opensuse-tumbleweed.tar.gz",
 			golden:   "testdata/opensuse-tumbleweed.json.golden",
 		},
+		{
+			name:     "sle micro rancher 5.4",
+			imageTag: "ghcr.io/aquasecurity/trivy-test-images:sle-micro-rancher-5.4_ndb",
+			input:    "testdata/fixtures/images/sle-micro-rancher-5.4_ndb.tar.gz",
+			golden:   "testdata/sl-micro-rancher5.4.json.golden",
+		},
 		{
 			name:     "photon 3.0",
 			imageTag: "ghcr.io/aquasecurity/trivy-test-images:photon-30",

diff --git a/integration/standalone_tar_test.go b/integration/standalone_tar_test.go
@@ -341,6 +341,14 @@ func TestTar(t *testing.T) {
 			},
 			golden: "testdata/opensuse-tumbleweed.json.golden",
 		},
+		{
+			name: "sle micro rancher 5.4",
+			args: args{
+				Format: types.FormatJSON,
+				Input: "testdata/fixtures/images/sle-micro-rancher-5.4_ndb.tar.gz",
+			},
+			golden: "testdata/sl-micro-rancher5.4.json.golden",
+		},
 		{
 			name: "photon 3.0",
 			args: args{

diff --git a/integration/testdata/opensuse-leap-151.json.golden b/integration/testdata/opensuse-leap-151.json.golden
@@ -66,7 +66,7 @@
           "PkgID": "[email protected]_64",
           "PkgName": "libopenssl1_1",
           "PkgIdentifier": {
-            "PURL": "pkg:rpm/opensuse.leap/[email protected]?arch=x86_64\u0026distro=opensuse.leap-15.1",
+            "PURL": "pkg:rpm/opensuse/[email protected]?arch=x86_64\u0026distro=opensuse.leap-15.1",
             "UID": "898b73ddd0412f57"
           },
           "InstalledVersion": "1.1.0i-lp151.8.3.1",
@@ -99,7 +99,7 @@
           "PkgID": "[email protected]_64",
           "PkgName": "openssl-1_1",
           "PkgIdentifier": {
-            "PURL": "pkg:rpm/opensuse.leap/[email protected]?arch=x86_64\u0026distro=opensuse.leap-15.1",
+            "PURL": "pkg:rpm/opensuse/[email protected]?arch=x86_64\u0026distro=opensuse.leap-15.1",
             "UID": "58980d005de43f54"
           },
           "InstalledVersion": "1.1.0i-lp151.8.3.1",

diff --git a/integration/testdata/opensuse-tumbleweed.json.golden b/integration/testdata/opensuse-tumbleweed.json.golden
@@ -69,7 +69,7 @@
           "PkgID": "[email protected]_64",
           "PkgName": "libopenssl3",
           "PkgIdentifier": {
-            "PURL": "pkg:rpm/opensuse.tumbleweed/[email protected]?arch=x86_64\u0026distro=opensuse.tumbleweed-20240607",
+            "PURL": "pkg:rpm/opensuse/[email protected]?arch=x86_64\u0026distro=opensuse.tumbleweed-20240607",
             "UID": "f051425f385d2b99"
           },
           "InstalledVersion": "3.1.4-9.1",

diff --git a/integration/testdata/sl-micro-rancher5.4.json.golden b/integration/testdata/sl-micro-rancher5.4.json.golden
@@ -0,0 +1,69 @@
+{
+  "SchemaVersion": 2,
+  "CreatedAt": "2021-08-25T12:20:30.000000005Z",
+  "ArtifactName": "testdata/fixtures/images/sle-micro-rancher-5.4_ndb.tar.gz",
+  "ArtifactType": "container_image",
+  "Metadata": {
+    "OS": {
+      "Family": "suse linux enterprise micro",
+      "Name": "5.4"
+    },
+    "ImageID": "sha256:c45ec974938acac29c893b5d273d73e4ebdd7e6a97b6fa861dfbd8dd430b9016",
+    "DiffIDs": [
+      "sha256:7cdd3aec849d122d63dc83a5e1e2fb89b341c67b03e25979131ca335a463bb57"
+    ],
+    "ImageConfig": {
+      "architecture": "amd64",
+      "author": "SUSE LLC (https://www.suse.com/)",
+      "created": "2024-09-03T17:54:39Z",
+      "history": [
+        {
+          "author": "SUSE LLC \u003chttps://www.suse.com/\u003e",
+          "created": "2024-09-03T17:54:39Z",
+          "created_by": "KIWI 9.24.43"
+        }
+      ],
+      "os": "linux",
+      "rootfs": {
+        "type": "layers",
+        "diff_ids": [
+          "sha256:7cdd3aec849d122d63dc83a5e1e2fb89b341c67b03e25979131ca335a463bb57"
+        ]
+      },
+      "config": {
+        "Cmd": [
+          "/bin/bash"
+        ],
+        "Labels": {
+          "com.suse.eula": "sle-eula",
+          "com.suse.image-type": "sle-micro",
+          "com.suse.release-stage": "released",
+          "com.suse.sle.micro.rancher.created": "2024-09-03T17:53:32.129328086Z",
+          "com.suse.sle.micro.rancher.description": "Image containing a micro environment for containers based on the SLE Micro for Rancher.",
+          "com.suse.sle.micro.rancher.disturl": "obs://build.suse.de/SUSE:SLE-15-SP4:Update:Products:Micro54:Update:CR/images/fcaa3a91b132f1955fa900b902aef7f2-SLE-Micro-Rancher",
+          "com.suse.sle.micro.rancher.reference": "registry.suse.com/suse/sle-micro-rancher/5.4:%PKG_VERSION%-%RELEASE",
+          "com.suse.sle.micro.rancher.title": "SLE Micro for Rancher Base Container",
+          "com.suse.sle.micro.rancher.url": "https://www.suse.com/products/micro/",
+          "com.suse.sle.micro.rancher.vendor": "SUSE LLC",
+          "com.suse.sle.micro.rancher.version": "5.4",
+          "com.suse.supportlevel": "l3",
+          "org.openbuildservice.disturl": "obs://build.suse.de/SUSE:SLE-15-SP4:Update:Products:Micro54:Update:CR/images/fcaa3a91b132f1955fa900b902aef7f2-SLE-Micro-Rancher",
+          "org.opencontainers.image.created": "2024-09-03T17:53:32.129328086Z",
+          "org.opencontainers.image.description": "Image containing a micro environment for containers based on the SLE Micro for Rancher.",
+          "org.opencontainers.image.title": "SLE Micro for Rancher Base Container",
+          "org.opencontainers.image.url": "https://www.suse.com/products/micro/",
+          "org.opencontainers.image.vendor": "SUSE LLC",
+          "org.opencontainers.image.version": "5.4",
+          "org.suse.reference": "registry.suse.com/suse/sle-micro-rancher/5.4:%PKG_VERSION%-%RELEASE"
+        }
+      }
+    }
+  },
+  "Results": [
+    {
+      "Target": "testdata/fixtures/images/sle-micro-rancher-5.4_ndb.tar.gz (suse linux enterprise micro 5.4)",
+      "Class": "os-pkgs",
+      "Type": "suse linux enterprise micro"
+    }
+  ]
+}
diff --git a/pkg/detector/ospkg/detect.go b/pkg/detector/ospkg/detect.go
@@ -44,6 +44,7 @@ var (
 		ftypes.OpenSUSETumbleweed: suse.NewScanner(suse.OpenSUSETumbleweed),
 		ftypes.OpenSUSELeap:       suse.NewScanner(suse.OpenSUSE),
 		ftypes.SLES:               suse.NewScanner(suse.SUSEEnterpriseLinux),
+		ftypes.SLEMicro:           suse.NewScanner(suse.SUSEEnterpriseLinuxMicro),
 		ftypes.Photon:             photon.NewScanner(),
 		ftypes.Wolfi:              wolfi.NewScanner(),
 		ftypes.Chainguard:         chainguard.NewScanner(),

diff --git a/pkg/detector/ospkg/suse/suse.go b/pkg/detector/ospkg/suse/suse.go
@@ -44,6 +44,18 @@ var (
 		// 6 months after SLES 15 SP7 release
 		// "15.7": time.Date(2031, 7, 31, 23, 59, 59, 0, time.UTC),
 	}
+	slemicroEolDates = map[string]time.Time{
+		// Source: https://www.suse.com/lifecycle/
+		"5.0": time.Date(2022, 3, 31, 23, 59, 59, 0, time.UTC),
+		"5.1": time.Date(2025, 10, 31, 23, 59, 59, 0, time.UTC),
+		"5.2": time.Date(2026, 4, 30, 23, 59, 59, 0, time.UTC),
+		"5.3": time.Date(2026, 10, 30, 23, 59, 59, 0, time.UTC),
+		"5.4": time.Date(2027, 4, 30, 23, 59, 59, 0, time.UTC),
+		"5.5": time.Date(2027, 10, 31, 23, 59, 59, 0, time.UTC),
+		"6.0": time.Date(2028, 6, 30, 23, 59, 59, 0, time.UTC),
+		// 6.1 will be released late 2024
+		// "6.1": time.Date(2028, 11, 30, 23, 59, 59, 0, time.UTC),
+	}
 
 	opensuseEolDates = map[string]time.Time{
 		// Source: https://en.opensuse.org/Lifetime
@@ -66,6 +78,8 @@ type Type int
 const (
 	// SUSEEnterpriseLinux is Linux Enterprise version
 	SUSEEnterpriseLinux Type = iota
+	// SUSE Linux Enterprise Micro is the micro series
+	SUSEEnterpriseLinuxMicro
 	// OpenSUSE for open versions
 	OpenSUSE
 	OpenSUSETumbleweed
@@ -83,6 +97,10 @@ func NewScanner(t Type) *Scanner {
 		return &Scanner{
 			vs: susecvrf.NewVulnSrc(susecvrf.SUSEEnterpriseLinux),
 		}
+	case SUSEEnterpriseLinuxMicro:
+		return &Scanner{
+			vs: susecvrf.NewVulnSrc(susecvrf.SUSEEnterpriseLinuxMicro),
+		}
 	case OpenSUSE:
 		return &Scanner{
 			vs: susecvrf.NewVulnSrc(susecvrf.OpenSUSE),
@@ -135,6 +153,9 @@ func (s *Scanner) IsSupportedVersion(ctx context.Context, osFamily ftypes.OSType
 	if osFamily == ftypes.SLES {
 		return osver.Supported(ctx, slesEolDates, osFamily, osVer)
 	}
+	if osFamily == ftypes.SLEMicro {
+		return osver.Supported(ctx, slemicroEolDates, osFamily, osVer)
+	}
 	// tumbleweed is a rolling release, it has no version and no eol
 	if osFamily == ftypes.OpenSUSETumbleweed {
 		return true

diff --git a/pkg/fanal/analyzer/os/release/release.go b/pkg/fanal/analyzer/os/release/release.go
@@ -55,6 +55,11 @@ func (a osReleaseAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInp
 			family = types.OpenSUSELeap
 		case "sles":
 			family = types.SLES
+		// There are various rebrands of SLE Micro, there is also one brief (and reverted rebrand)
+		// for SLE Micro 6.0. which was called "SL Micro 6.0" until very short before release
+		// and there is a "SLE Micro for Rancher" rebrand, which is used by SUSEs K8S based offerings.
+		case "sle-micro", "sl-micro", "sle-micro-rancher":
+			family = types.SLEMicro
 		case "photon":
 			family = types.Photon
 		case "wolfi":

diff --git a/pkg/fanal/analyzer/os/release/release_test.go b/pkg/fanal/analyzer/os/release/release_test.go
@@ -70,6 +70,36 @@ func Test_osReleaseAnalyzer_Analyze(t *testing.T) {
 				},
 			},
 		},
+		{
+			name:      "SUSE Linux Enterprise Micro",
+			inputFile: "testdata/slemicro",
+			want: &analyzer.AnalysisResult{
+				OS: types.OS{
+					Family: types.SLEMicro,
+					Name:   "5.3",
+				},
+			},
+		},
+		{
+			name:      "SUSE Linux Enterprise Micro 6.0",
+			inputFile: "testdata/slemicro6.0",
+			want: &analyzer.AnalysisResult{
+				OS: types.OS{
+					Family: types.SLEMicro,
+					Name:   "6.0",
+				},
+			},
+		},
+		{
+			name:      "SUSE Linux Enterprise Micro 5.4 for Rancher",
+			inputFile: "testdata/slemicro-rancher",
+			want: &analyzer.AnalysisResult{
+				OS: types.OS{
+					Family: types.SLEMicro,
+					Name:   "5.4",
+				},
+			},
+		},
 		{
 			name:      "Photon OS",
 			inputFile: "testdata/photon",

diff --git a/pkg/fanal/analyzer/os/release/testdata/slemicro b/pkg/fanal/analyzer/os/release/testdata/slemicro
@@ -0,0 +1,8 @@
+NAME="SLE Micro"
+VERSION="5.3"
+VERSION_ID="5.3"
+PRETTY_NAME="SUSE Linux Enterprise Micro 5.3"
+ID="sle-micro"
+ID_LIKE="suse"
+ANSI_COLOR="0;32"
+CPE_NAME="cpe:/o:suse:sle-micro:5.3"
diff --git a/pkg/fanal/analyzer/os/release/testdata/slemicro-rancher b/pkg/fanal/analyzer/os/release/testdata/slemicro-rancher
@@ -0,0 +1,13 @@
+NAME="SLE Micro"
+VERSION="5.4"
+VERSION_ID="5.4"
+PRETTY_NAME="SUSE Linux Enterprise Micro for Rancher 5.4"
+ID="sle-micro-rancher"
+ID_LIKE="suse"
+ANSI_COLOR="0;32"
+CPE_NAME="cpe:/o:suse:sle-micro-rancher:5.4"
+IMAGE_REPO="registry.suse.com/rancher/elemental-teal/5.4"
+IMAGE_TAG="1.2.3-3.2.153"
+IMAGE="registry.suse.com/rancher/elemental-teal/5.4:1.2.3-3.2.153"
+TIMESTAMP=20240419051540
+GRUB_ENTRY_NAME="Elemental"
diff --git a/pkg/fanal/analyzer/os/release/testdata/slemicro6.0 b/pkg/fanal/analyzer/os/release/testdata/slemicro6.0
@@ -0,0 +1,10 @@
+NAME="SL-Micro"
+VERSION="6.0"
+VERSION_ID="6.0"
+PRETTY_NAME="SUSE Linux Micro 6.0"
+ID="sl-micro"
+ID_LIKE="suse"
+ANSI_COLOR="0;32"
+CPE_NAME="cpe:/o:suse:sl-micro:6.0"
+HOME_URL="https://www.suse.com/products/micro/"
+DOCUMENTATION_URL="https://documentation.suse.com/sl-micro/6.0/"
diff --git a/pkg/fanal/test/integration/library_test.go b/pkg/fanal/test/integration/library_test.go
@@ -117,6 +117,16 @@ var tests = []testCase{
 			Family: "suse linux enterprise server",
 		},
 	},
+	{
+		// from registry.suse.com/suse/sle15:15.3.17.8.16
+		name:            "happy path, suse linux micro for rancher 5.4 (NDB)",
+		remoteImageName: "ghcr.io/aquasecurity/trivy-test-images:sle-micro-rancher-5.4_ndb",
+		imageFile:       "../../../../integration/testdata/fixtures/images/sle-micro-rancher-5.4_ndb.tar.gz",
+		wantOS: types.OS{
+			Name:   "5.4",
+			Family: "suse linux enterprise micro",
+		},
+	},
 	{
 		name:            "happy path, Fedora 35",
 		remoteImageName: "ghcr.io/aquasecurity/trivy-test-images:fedora-35",