refactor: use defined types (#5225)

* refactor: replace string with defined types

Signed-off-by: knqyf263 <[email protected]>

* chore: add gci

Signed-off-by: knqyf263 <[email protected]>

* fix(purl): not confuse trivy type with purl type

Signed-off-by: knqyf263 <[email protected]>

* test: fix cyclonedx fixture

Signed-off-by: knqyf263 <[email protected]>

* fix(template): cast TargetType to string

Signed-off-by: knqyf263 <[email protected]>

* chore: bump TinyGo to v0.29.0

Signed-off-by: knqyf263 <[email protected]>

* test: change license to licence

Signed-off-by: knqyf263 <[email protected]>

* use `analyzer.TypeGoMod` for gomod analyzer

* ignore `licence` for misspell linter

---------

Signed-off-by: knqyf263 <[email protected]>
Co-authored-by: DmitriyLewen <[email protected]>

.golangci.yaml

@@ -17,14 +17,21 @@ linters-settings:
     min-occurrences: 3
   misspell:
     locale: US
-  goimports:
-    local-prefixes: github.com/aquasecurity
+    ignore-words:
+      - licence
   gosec:
     excludes:
       - G101
       - G114
       - G204
       - G402
+  gci:
+    sections:
+      - standard
+      - default
+      - prefix(github.com/aquasecurity/)
+      - blank
+      - dot
 
 linters:
   disable-all: true
@@ -39,14 +46,14 @@ linters:
     - goconst
     - gocyclo
     - gofmt
-    - goimports
     - misspell
+    - gci
 
 run:
   go: '1.20'
   skip-files:
     - ".*._mock.go$"
-    - ".*._test.go$"
+    - ".*_test.go$"
     - "integration/*"
     - "examples/*"
 

aqua.yaml

@@ -5,6 +5,6 @@ registries:
 - type: standard
   ref: v3.157.0 # renovate: depName=aquaproj/aqua-registry
 packages:
-- name: tinygo-org/tinygo@v0.27.0
+- name: tinygo-org/tinygo@v0.29.0
 - name: WebAssembly/binaryen@version_112
 - name: magefile/[email protected]

contrib/html.tpl

@@ -85,7 +85,7 @@
     <h1>{{- escapeXML ( index . 0 ).Target }} - Trivy Report - {{ now }}</h1>
     <table>
     {{- range . }}
-      <tr class="group-header"><th colspan="6">{{ escapeXML .Type }}</th></tr>
+      <tr class="group-header"><th colspan="6">{{ .Type | toString | escapeXML }}</th></tr>
       {{- if (eq (len .Vulnerabilities) 0) }}
       <tr><th colspan="6">No Vulnerabilities found</th></tr>
       {{- else }}

pkg/cache/remote_test.go

@@ -8,8 +8,6 @@ import (
 	"testing"
 	"time"
 
-	rpcScanner "github.com/aquasecurity/trivy/rpc/scanner"
-
 	google_protobuf "github.com/golang/protobuf/ptypes/empty"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -20,6 +18,7 @@ import (
 	fcache "github.com/aquasecurity/trivy/pkg/fanal/cache"
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
 	rpcCache "github.com/aquasecurity/trivy/rpc/cache"
+	rpcScanner "github.com/aquasecurity/trivy/rpc/scanner"
 )
 
 type mockCacheServer struct {

pkg/cloud/aws/commands/run_test.go

@@ -7,13 +7,13 @@ import (
 	"testing"
 	"time"
 
-	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
-	"github.com/aquasecurity/trivy/pkg/compliance/spec"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 
+	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
+	"github.com/aquasecurity/trivy/pkg/compliance/spec"
 	"github.com/aquasecurity/trivy/pkg/flag"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 )
 
 const expectedS3ScanResult = `{

pkg/cloud/report/convert_test.go

@@ -4,16 +4,13 @@ import (
 	"sort"
 	"testing"
 
-	fanaltypes "github.com/aquasecurity/trivy/pkg/fanal/types"
-
 	"github.com/aws/aws-sdk-go-v2/aws/arn"
-
-	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
-	"github.com/aquasecurity/trivy/pkg/types"
-
 	"github.com/stretchr/testify/assert"
 
 	"github.com/aquasecurity/defsec/pkg/scan"
+	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
+	fanaltypes "github.com/aquasecurity/trivy/pkg/fanal/types"
+	"github.com/aquasecurity/trivy/pkg/types"
 )
 
 func Test_ResultConversion(t *testing.T) {

pkg/cloud/report/resource.go

@@ -6,11 +6,10 @@ import (
 	"sort"
 	"strconv"
 
-	"github.com/aquasecurity/tml"
-
 	"golang.org/x/term"
 
 	"github.com/aquasecurity/table"
+	"github.com/aquasecurity/tml"
 	pkgReport "github.com/aquasecurity/trivy/pkg/report/table"
 	"github.com/aquasecurity/trivy/pkg/types"
 )

pkg/cloud/report/result.go

@@ -5,10 +5,8 @@ import (
 	"io"
 
 	"github.com/aquasecurity/tml"
-
-	renderer "github.com/aquasecurity/trivy/pkg/report/table"
-
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
+	renderer "github.com/aquasecurity/trivy/pkg/report/table"
 	"github.com/aquasecurity/trivy/pkg/types"
 )
 

pkg/cloud/report/service.go

@@ -7,9 +7,8 @@ import (
 	"strconv"
 	"time"
 
-	"github.com/aquasecurity/tml"
-
 	"github.com/aquasecurity/table"
+	"github.com/aquasecurity/tml"
 	pkgReport "github.com/aquasecurity/trivy/pkg/report/table"
 	"github.com/aquasecurity/trivy/pkg/types"
 )

pkg/cloud/report/service_test.go

@@ -5,18 +5,14 @@ import (
 	"path/filepath"
 	"testing"
 
-	"github.com/aquasecurity/trivy-db/pkg/types"
-
-	"github.com/stretchr/testify/require"
-
-	"github.com/aquasecurity/trivy/pkg/flag"
-
-	"github.com/stretchr/testify/assert"
-
 	"github.com/aws/aws-sdk-go-v2/aws/arn"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 
 	"github.com/aquasecurity/defsec/pkg/scan"
 	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
+	"github.com/aquasecurity/trivy-db/pkg/types"
+	"github.com/aquasecurity/trivy/pkg/flag"
 )
 
 func Test_ServiceReport(t *testing.T) {

pkg/commands/app.go

@@ -14,7 +14,6 @@ import (
 	"golang.org/x/xerrors"
 
 	awsScanner "github.com/aquasecurity/defsec/pkg/scanners/cloud/aws"
-
 	awscommands "github.com/aquasecurity/trivy/pkg/cloud/aws/commands"
 	"github.com/aquasecurity/trivy/pkg/commands/artifact"
 	"github.com/aquasecurity/trivy/pkg/commands/convert"

pkg/compliance/report/report.go

@@ -3,10 +3,9 @@ package report
 import (
 	"io"
 
-	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
-
 	"golang.org/x/xerrors"
 
+	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
 	"github.com/aquasecurity/trivy/pkg/compliance/spec"
 	"github.com/aquasecurity/trivy/pkg/types"

pkg/compliance/report/report_test.go

@@ -4,10 +4,9 @@ import (
 	"fmt"
 	"testing"
 
-	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
-
 	"github.com/stretchr/testify/assert"
 
+	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
 	"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
 	"github.com/aquasecurity/trivy/pkg/compliance/report"

pkg/compliance/spec/compliance_test.go

@@ -4,10 +4,9 @@ import (
 	"sort"
 	"testing"
 
-	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
-
 	"github.com/stretchr/testify/assert"
 
+	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
 	"github.com/aquasecurity/trivy/pkg/compliance/spec"
 	"github.com/aquasecurity/trivy/pkg/types"
 )

pkg/detector/library/compare/maven/compare.go

@@ -1,9 +1,8 @@
 package maven
 
 import (
-	"golang.org/x/xerrors"
-
 	version "github.com/masahiro331/go-mvn-version"
+	"golang.org/x/xerrors"
 
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
 	"github.com/aquasecurity/trivy/pkg/detector/library/compare"

pkg/detector/library/detect.go

@@ -8,7 +8,7 @@ import (
 )
 
 // Detect scans and returns vulnerabilities of library
-func Detect(libType string, pkgs []ftypes.Package) ([]types.DetectedVulnerability, error) {
+func Detect(libType ftypes.LangType, pkgs []ftypes.Package) ([]types.DetectedVulnerability, error) {
 	driver, ok := NewDriver(libType)
 	if !ok {
 		return nil, nil

pkg/detector/library/driver.go

@@ -20,7 +20,7 @@ import (
 )
 
 // NewDriver returns a driver according to the library type
-func NewDriver(libType string) (Driver, bool) {
+func NewDriver(libType ftypes.LangType) (Driver, bool) {
 	var ecosystem dbTypes.Ecosystem
 	var comparer compare.Comparer
 

pkg/detector/library/driver_test.go

@@ -23,7 +23,7 @@ func TestDriver_Detect(t *testing.T) {
 	tests := []struct {
 		name     string
 		fixtures []string
-		libType  string
+		libType  ftypes.LangType
 		args     args
 		want     []types.DetectedVulnerability
 		wantErr  string

pkg/detector/ospkg/alma/alma.go

@@ -108,7 +108,7 @@ func (s *Scanner) Detect(osVer string, _ *ftypes.Repository, pkgs []ftypes.Packa
 }
 
 // IsSupportedVersion checks the OSFamily can be scanned using AlmaLinux scanner
-func (s *Scanner) IsSupportedVersion(osFamily, osVer string) bool {
+func (s *Scanner) IsSupportedVersion(osFamily ftypes.OSType, osVer string) bool {
 	if strings.Count(osVer, ".") > 0 {
 		osVer = osVer[:strings.Index(osVer, ".")]
 	}

pkg/detector/ospkg/alma/alma_test.go

@@ -70,8 +70,11 @@ func TestScanner_Detect(t *testing.T) {
 			},
 		},
 		{
-			name:     "skip modular package",
-			fixtures: []string{"testdata/fixtures/modular.yaml", "testdata/fixtures/data-source.yaml"},
+			name: "skip modular package",
+			fixtures: []string{
+				"testdata/fixtures/modular.yaml",
+				"testdata/fixtures/data-source.yaml",
+			},
 			args: args{
 				osVer: "8.4",
 				pkgs: []ftypes.Package{
@@ -94,8 +97,11 @@ func TestScanner_Detect(t *testing.T) {
 			want: nil,
 		},
 		{
-			name:     "modular package",
-			fixtures: []string{"testdata/fixtures/modular.yaml", "testdata/fixtures/data-source.yaml"},
+			name: "modular package",
+			fixtures: []string{
+				"testdata/fixtures/modular.yaml",
+				"testdata/fixtures/data-source.yaml",
+			},
 			args: args{
 				osVer: "8.6",
 				pkgs: []ftypes.Package{
@@ -131,8 +137,11 @@ func TestScanner_Detect(t *testing.T) {
 			},
 		},
 		{
-			name:     "Get returns an error",
-			fixtures: []string{"testdata/fixtures/invalid.yaml", "testdata/fixtures/data-source.yaml"},
+			name: "Get returns an error",
+			fixtures: []string{
+				"testdata/fixtures/invalid.yaml",
+				"testdata/fixtures/data-source.yaml",
+			},
 			args: args{
 				osVer: "8.4",
 				pkgs: []ftypes.Package{
@@ -167,7 +176,7 @@ func TestScanner_Detect(t *testing.T) {
 
 func TestScanner_IsSupportedVersion(t *testing.T) {
 	type args struct {
-		osFamily string
+		osFamily ftypes.OSType
 		osVer    string
 	}
 	tests := []struct {

pkg/detector/ospkg/alpine/alpine.go

@@ -174,7 +174,7 @@ func (s *Scanner) isVulnerable(installedVersion version.Version, adv dbTypes.Adv
 }
 
 // IsSupportedVersion checks the OSFamily can be scanned using Alpine scanner
-func (s *Scanner) IsSupportedVersion(osFamily, osVer string) bool {
+func (s *Scanner) IsSupportedVersion(osFamily ftypes.OSType, osVer string) bool {
 	if strings.Count(osVer, ".") > 1 {
 		osVer = osVer[:strings.LastIndex(osVer, ".")]
 	}