feat: add support for NDB RPM database used in SLE15.2+ CN-70

Author: adrobuta

lib/analyzer/static-analyzer.ts

@@ -44,6 +44,8 @@ import {
 import {
   getRpmDbFileContent,
   getRpmDbFileContentAction,
+  getRpmNdbFileContent,
+  getRpmNdbFileContentAction,
   getRpmSqliteDbFileContent,
   getRpmSqliteDbFileContentAction,
 } from "../inputs/rpm/static";
@@ -90,6 +92,7 @@ export async function analyze(
     getExtFileContentAction,
     getRpmDbFileContentAction,
     getRpmSqliteDbFileContentAction,
+    getRpmNdbFileContentAction,
     ...getOsReleaseActions,
     getNodeBinariesFileContentAction,
     getOpenJDKBinariesFileContentAction,
@@ -153,11 +156,13 @@ export async function analyze(
     aptDbFileContent,
     rpmDbFileContent,
     rpmSqliteDbFileContent,
+    rpmNdbFileContent,
   ] = await Promise.all([
     getApkDbFileContent(extractedLayers),
     getAptDbFileContent(extractedLayers),
     getRpmDbFileContent(extractedLayers),
     getRpmSqliteDbFileContent(extractedLayers),
+    getRpmNdbFileContent(extractedLayers),
   ]);
 
   const distrolessAptFiles = getAptFiles(extractedLayers);
@@ -187,7 +192,12 @@ export async function analyze(
     results = await Promise.all([
       apkAnalyze(targetImage, apkDbFileContent),
       aptAnalyze(targetImage, aptDbFileContent, osRelease),
-      rpmAnalyze(targetImage, rpmDbFileContent, redHatRepositories, osRelease),
+      rpmAnalyze(
+        targetImage,
+        [...rpmDbFileContent, ...rpmNdbFileContent],
+        redHatRepositories,
+        osRelease,
+      ),
       mapRpmSqlitePackages(
         targetImage,
         rpmSqliteDbFileContent,

lib/inputs/rpm/static.ts

@@ -1,4 +1,8 @@
-import { getPackages, getPackagesSqlite } from "@snyk/rpm-parser";
+import {
+  getPackages,
+  getPackagesNdb,
+  getPackagesSqlite,
+} from "@snyk/rpm-parser";
 import { PackageInfo } from "@snyk/rpm-parser/lib/rpm/types";
 import { Response } from "@snyk/rpm-parser/lib/types";
 import * as Debug from "debug";
@@ -61,6 +65,38 @@ export async function getRpmSqliteDbFileContent(
   }
 }
 
+export const getRpmNdbFileContentAction: ExtractAction = {
+  actionName: "rpm-ndb",
+  filePathMatches: (filePath) =>
+    filePath === normalizePath("/var/lib/rpm/Packages.db") ||
+    filePath === normalizePath("/usr/lib/sysimage/rpm/Packages.db"),
+  callback: streamToBuffer,
+};
+
+export async function getRpmNdbFileContent(
+  extractedLayers: ExtractedLayers,
+): Promise<PackageInfo[]> {
+  const rpmDb = getContentAsBuffer(extractedLayers, getRpmNdbFileContentAction);
+  if (!rpmDb) {
+    return [];
+  }
+
+  try {
+    const results: Response = await getPackagesNdb(rpmDb);
+
+    if (results.error) {
+      throw results.error;
+    }
+    return results.response;
+  } catch (error) {
+    debug(
+      `An error occurred while analysing RPM NDB packages:`,
+      error.stack || error,
+    );
+    return [];
+  }
+}
+
 export const getRpmSqliteDbFileContentAction: ExtractAction = {
   actionName: "rpm-sqlite-db",
   filePathMatches: (filePath) =>

package-lock.json

@@ -31,7 +31,7 @@
     "@snyk/composer-lockfile-parser": "^1.4.1",
     "@snyk/dep-graph": "^2.8.1",
     "@snyk/docker-registry-v2-client": "^2.15.0",
-    "@snyk/rpm-parser": "^3.1.0",
+    "@snyk/rpm-parser": "^3.3.0",
     "@snyk/snyk-docker-pull": "^3.14.2",
     "@swimlane/docker-reference": "^2.0.1",
     "adm-zip": "^0.5.16",