From 44656f285323491a72a37e6a90a203059d891253 Mon Sep 17 00:00:00 2001 From: Teppei Fukuda Date: Fri, 22 Sep 2023 13:44:39 +0300 Subject: [PATCH] refactor: use defined types (#5225) * refactor: replace string with defined types Signed-off-by: knqyf263 * chore: add gci Signed-off-by: knqyf263 * fix(purl): not confuse trivy type with purl type Signed-off-by: knqyf263 * test: fix cyclonedx fixture Signed-off-by: knqyf263 * fix(template): cast TargetType to string Signed-off-by: knqyf263 * chore: bump TinyGo to v0.29.0 Signed-off-by: knqyf263 * test: change license to licence Signed-off-by: knqyf263 * use `analyzer.TypeGoMod` for gomod analyzer * ignore `licence` for misspell linter --------- Signed-off-by: knqyf263 Co-authored-by: DmitriyLewen --- .golangci.yaml | 15 +- aqua.yaml | 2 +- contrib/html.tpl | 2 +- pkg/cache/remote_test.go | 3 +- pkg/cloud/aws/commands/run_test.go | 8 +- pkg/cloud/report/convert_test.go | 9 +- pkg/cloud/report/resource.go | 3 +- pkg/cloud/report/result.go | 4 +- pkg/cloud/report/service.go | 3 +- pkg/cloud/report/service_test.go | 12 +- pkg/commands/app.go | 1 - pkg/compliance/report/report.go | 3 +- pkg/compliance/report/report_test.go | 3 +- pkg/compliance/spec/compliance_test.go | 3 +- pkg/detector/library/compare/maven/compare.go | 3 +- pkg/detector/library/detect.go | 2 +- pkg/detector/library/driver.go | 2 +- pkg/detector/library/driver_test.go | 2 +- pkg/detector/ospkg/alma/alma.go | 2 +- pkg/detector/ospkg/alma/alma_test.go | 23 +- pkg/detector/ospkg/alpine/alpine.go | 2 +- pkg/detector/ospkg/alpine/alpine_test.go | 50 +- pkg/detector/ospkg/amazon/amazon.go | 5 +- pkg/detector/ospkg/amazon/amazon_test.go | 37 +- pkg/detector/ospkg/chainguard/chainguard.go | 5 +- .../ospkg/chainguard/chainguard_test.go | 44 +- pkg/detector/ospkg/debian/debian.go | 2 +- pkg/detector/ospkg/debian/debian_test.go | 16 +- pkg/detector/ospkg/detect.go | 41 +- pkg/detector/ospkg/mariner/mariner.go | 2 +- pkg/detector/ospkg/oracle/oracle.go | 2 +- pkg/detector/ospkg/oracle/oracle_test.go | 37 +- pkg/detector/ospkg/photon/photon.go | 2 +- pkg/detector/ospkg/photon/photon_test.go | 16 +- pkg/detector/ospkg/redhat/redhat.go | 7 +- pkg/detector/ospkg/redhat/redhat_test.go | 12 +- pkg/detector/ospkg/rocky/rocky.go | 2 +- pkg/detector/ospkg/rocky/rocky_test.go | 23 +- pkg/detector/ospkg/suse/suse.go | 10 +- pkg/detector/ospkg/suse/suse_test.go | 16 +- pkg/detector/ospkg/ubuntu/ubuntu.go | 2 +- pkg/detector/ospkg/ubuntu/ubuntu_test.go | 30 +- pkg/detector/ospkg/wolfi/wolfi.go | 2 +- pkg/detector/ospkg/wolfi/wolfi_test.go | 44 +- pkg/fanal/analyzer/analyzer.go | 4 +- pkg/fanal/analyzer/analyzer_test.go | 42 +- .../analyzer/config/azurearm/azurearm_test.go | 3 +- pkg/fanal/analyzer/config/config_test.go | 3 +- pkg/fanal/analyzer/imgconf/apk/apk.go | 3 +- pkg/fanal/analyzer/imgconf/apk/apk_test.go | 6 +- pkg/fanal/analyzer/language/analyze.go | 10 +- pkg/fanal/analyzer/language/analyze_test.go | 26 +- .../language/dart/pub/pubspec_test.go | 10 +- .../analyzer/language/dotnet/nuget/nuget.go | 1 - .../analyzer/language/elixir/mix/mix_test.go | 10 +- pkg/fanal/analyzer/language/golang/mod/mod.go | 2 +- .../analyzer/language/golang/mod/mod_test.go | 5 +- .../analyzer/language/java/gradle/lockfile.go | 4 +- .../analyzer/language/java/jar/jar_test.go | 3 +- pkg/fanal/analyzer/language/java/pom/pom.go | 1 - .../analyzer/language/java/pom/pom_test.go | 3 +- .../analyzer/language/nodejs/yarn/yarn.go | 2 +- .../language/php/composer/composer.go | 2 +- .../language/php/composer/composer_test.go | 10 +- .../analyzer/language/rust/cargo/cargo.go | 5 +- .../language/rust/cargo/cargo_test.go | 10 +- .../language/swift/cocoapods/cocoapods.go | 4 +- .../swift/cocoapods/cocoapods_test.go | 5 +- .../analyzer/language/swift/swift/swift.go | 4 +- .../language/swift/swift/swift_test.go | 10 +- pkg/fanal/analyzer/licensing/license.go | 2 +- pkg/fanal/analyzer/os/alpine/alpine.go | 10 +- pkg/fanal/analyzer/os/alpine/alpine_test.go | 6 +- .../analyzer/os/amazonlinux/amazonlinux.go | 15 +- .../os/amazonlinux/amazonlinux_test.go | 17 +- pkg/fanal/analyzer/os/const.go | 63 -- pkg/fanal/analyzer/os/debian/debian.go | 10 +- pkg/fanal/analyzer/os/debian/debian_test.go | 8 +- pkg/fanal/analyzer/os/mariner/mariner.go | 6 +- pkg/fanal/analyzer/os/mariner/mariner_test.go | 3 +- pkg/fanal/analyzer/os/redhatbase/alma.go | 12 +- pkg/fanal/analyzer/os/redhatbase/centos.go | 12 +- pkg/fanal/analyzer/os/redhatbase/fedora.go | 12 +- pkg/fanal/analyzer/os/redhatbase/oracle.go | 15 +- .../analyzer/os/redhatbase/redhatbase.go | 41 +- pkg/fanal/analyzer/os/redhatbase/rocky.go | 12 +- pkg/fanal/analyzer/os/release/release.go | 22 +- pkg/fanal/analyzer/os/release/release_test.go | 36 +- pkg/fanal/analyzer/os/ubuntu/esm.go | 6 +- pkg/fanal/analyzer/os/ubuntu/esm_test.go | 5 +- pkg/fanal/analyzer/os/ubuntu/ubuntu.go | 6 +- pkg/fanal/analyzer/os/ubuntu/ubuntu_test.go | 3 +- pkg/fanal/analyzer/pkg/dpkg/dpkg_test.go | 5 +- pkg/fanal/analyzer/repo/apk/apk.go | 8 +- pkg/fanal/analyzer/repo/apk/apk_test.go | 41 +- pkg/fanal/analyzer/sbom/sbom_test.go | 5 +- pkg/fanal/applier/docker.go | 2 +- pkg/fanal/artifact/repo/git_test.go | 5 +- pkg/fanal/artifact/vm/ami.go | 5 +- pkg/fanal/artifact/vm/vm_test.go | 2 +- pkg/fanal/handler/handler_test.go | 6 +- pkg/fanal/handler/sysfile/filter.go | 6 +- pkg/fanal/handler/sysfile/filter_test.go | 3 +- pkg/fanal/image/daemon/docker_test.go | 5 +- pkg/fanal/image/daemon/image_test.go | 5 +- pkg/fanal/image/daemon/podman_test.go | 9 +- pkg/fanal/image/registry/azure/azure.go | 3 +- pkg/fanal/image/registry/ecr/ecr.go | 5 +- pkg/fanal/image/registry/ecr/ecr_test.go | 7 +- pkg/fanal/image/registry/google/google.go | 7 +- pkg/fanal/image/registry/token_test.go | 1 - pkg/fanal/secret/scanner_test.go | 5 +- pkg/fanal/types/artifact.go | 9 +- pkg/fanal/types/const.go | 129 ++- pkg/fanal/types/misconf.go | 2 +- pkg/fanal/vm/disk/vmdk_test.go | 4 +- pkg/fanal/walker/tar_test.go | 4 +- pkg/flag/db_flags_test.go | 5 +- pkg/flag/kubernetes_flags.go | 6 +- pkg/k8s/commands/resource.go | 3 +- pkg/k8s/scanner/io.go | 3 +- pkg/k8s/scanner/scanner.go | 60 +- pkg/k8s/scanner/scanner_test.go | 10 +- pkg/licensing/classifier_test.go | 3 +- pkg/licensing/scanner_test.go | 3 +- pkg/misconf/scanner.go | 7 +- pkg/misconf/scanner_test.go | 26 +- pkg/module/serialize/types_easyjson.go | 850 +++++++++++++----- pkg/purl/purl.go | 35 +- pkg/purl/purl_test.go | 14 +- pkg/remote/remote_test.go | 9 +- pkg/report/github/github.go | 4 +- pkg/report/predicate/vuln_test.go | 1 - pkg/report/sarif.go | 36 +- pkg/report/table/licensing.go | 6 +- pkg/report/table/misconfig.go | 5 +- pkg/report/table/secret.go | 1 - pkg/report/table/secret_test.go | 7 +- pkg/report/table/table.go | 3 +- pkg/report/writer.go | 3 +- pkg/result/filter_test.go | 16 +- pkg/rpc/client/client_test.go | 2 +- pkg/rpc/client/headers_test.go | 3 +- pkg/rpc/convert.go | 23 +- pkg/rpc/convert_test.go | 309 ++++--- pkg/rpc/server/server_test.go | 3 +- pkg/sbom/cyclonedx/marshal.go | 8 +- pkg/sbom/cyclonedx/marshal_test.go | 11 +- pkg/sbom/cyclonedx/testdata/happy/bom.json | 35 +- pkg/sbom/cyclonedx/unmarshal.go | 15 +- pkg/sbom/cyclonedx/unmarshal_test.go | 14 +- pkg/sbom/spdx/marshal.go | 10 +- pkg/sbom/spdx/marshal_test.go | 9 +- pkg/sbom/spdx/unmarshal.go | 35 +- pkg/scanner/langpkg/scan.go | 4 +- pkg/scanner/local/scan.go | 5 +- pkg/scanner/local/scan_test.go | 11 +- pkg/scanner/post/post_scan_test.go | 5 +- pkg/types/report.go | 16 +- pkg/version/version_test.go | 3 +- 160 files changed, 1785 insertions(+), 1159 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index ca5be4eb24e0..9c574718fb44 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -17,14 +17,21 @@ linters-settings: min-occurrences: 3 misspell: locale: US - goimports: - local-prefixes: github.com/aquasecurity + ignore-words: + - licence gosec: excludes: - G101 - G114 - G204 - G402 + gci: + sections: + - standard + - default + - prefix(github.com/aquasecurity/) + - blank + - dot linters: disable-all: true @@ -39,14 +46,14 @@ linters: - goconst - gocyclo - gofmt - - goimports - misspell + - gci run: go: '1.20' skip-files: - ".*._mock.go$" - - ".*._test.go$" + - ".*_test.go$" - "integration/*" - "examples/*" diff --git a/aqua.yaml b/aqua.yaml index 66d9d9b12db1..0ffe7fbe2b81 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -5,6 +5,6 @@ registries: - type: standard ref: v3.157.0 # renovate: depName=aquaproj/aqua-registry packages: -- name: tinygo-org/tinygo@v0.27.0 +- name: tinygo-org/tinygo@v0.29.0 - name: WebAssembly/binaryen@version_112 - name: magefile/mage@v1.14.0 diff --git a/contrib/html.tpl b/contrib/html.tpl index 11487c9e6a4a..e92b1b1cf7f5 100644 --- a/contrib/html.tpl +++ b/contrib/html.tpl @@ -85,7 +85,7 @@

{{- escapeXML ( index . 0 ).Target }} - Trivy Report - {{ now }}

{{- range . }} - + {{- if (eq (len .Vulnerabilities) 0) }} {{- else }} diff --git a/pkg/cache/remote_test.go b/pkg/cache/remote_test.go index a7c3272ce7a2..e396b71ae4ef 100644 --- a/pkg/cache/remote_test.go +++ b/pkg/cache/remote_test.go @@ -8,8 +8,6 @@ import ( "testing" "time" - rpcScanner "github.com/aquasecurity/trivy/rpc/scanner" - google_protobuf "github.com/golang/protobuf/ptypes/empty" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -20,6 +18,7 @@ import ( fcache "github.com/aquasecurity/trivy/pkg/fanal/cache" "github.com/aquasecurity/trivy/pkg/fanal/types" rpcCache "github.com/aquasecurity/trivy/rpc/cache" + rpcScanner "github.com/aquasecurity/trivy/rpc/scanner" ) type mockCacheServer struct { diff --git a/pkg/cloud/aws/commands/run_test.go b/pkg/cloud/aws/commands/run_test.go index eb7780ba28bb..70d8dc672368 100644 --- a/pkg/cloud/aws/commands/run_test.go +++ b/pkg/cloud/aws/commands/run_test.go @@ -7,13 +7,13 @@ import ( "testing" "time" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy/pkg/compliance/spec" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + defsecTypes "github.com/aquasecurity/defsec/pkg/types" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" + "github.com/aquasecurity/trivy/pkg/compliance/spec" "github.com/aquasecurity/trivy/pkg/flag" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) const expectedS3ScanResult = `{ diff --git a/pkg/cloud/report/convert_test.go b/pkg/cloud/report/convert_test.go index 6c257f19c407..6b2025209394 100644 --- a/pkg/cloud/report/convert_test.go +++ b/pkg/cloud/report/convert_test.go @@ -4,16 +4,13 @@ import ( "sort" "testing" - fanaltypes "github.com/aquasecurity/trivy/pkg/fanal/types" - "github.com/aws/aws-sdk-go-v2/aws/arn" - - defsecTypes "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy/pkg/types" - "github.com/stretchr/testify/assert" "github.com/aquasecurity/defsec/pkg/scan" + defsecTypes "github.com/aquasecurity/defsec/pkg/types" + fanaltypes "github.com/aquasecurity/trivy/pkg/fanal/types" + "github.com/aquasecurity/trivy/pkg/types" ) func Test_ResultConversion(t *testing.T) { diff --git a/pkg/cloud/report/resource.go b/pkg/cloud/report/resource.go index 999c7cae2464..79b1b8cc2e94 100644 --- a/pkg/cloud/report/resource.go +++ b/pkg/cloud/report/resource.go @@ -6,11 +6,10 @@ import ( "sort" "strconv" - "github.com/aquasecurity/tml" - "golang.org/x/term" "github.com/aquasecurity/table" + "github.com/aquasecurity/tml" pkgReport "github.com/aquasecurity/trivy/pkg/report/table" "github.com/aquasecurity/trivy/pkg/types" ) diff --git a/pkg/cloud/report/result.go b/pkg/cloud/report/result.go index 929fc0d1eccc..103be8a40afc 100644 --- a/pkg/cloud/report/result.go +++ b/pkg/cloud/report/result.go @@ -5,10 +5,8 @@ import ( "io" "github.com/aquasecurity/tml" - - renderer "github.com/aquasecurity/trivy/pkg/report/table" - dbTypes "github.com/aquasecurity/trivy-db/pkg/types" + renderer "github.com/aquasecurity/trivy/pkg/report/table" "github.com/aquasecurity/trivy/pkg/types" ) diff --git a/pkg/cloud/report/service.go b/pkg/cloud/report/service.go index f52fbedb4d97..e25d8ea393f9 100644 --- a/pkg/cloud/report/service.go +++ b/pkg/cloud/report/service.go @@ -7,9 +7,8 @@ import ( "strconv" "time" - "github.com/aquasecurity/tml" - "github.com/aquasecurity/table" + "github.com/aquasecurity/tml" pkgReport "github.com/aquasecurity/trivy/pkg/report/table" "github.com/aquasecurity/trivy/pkg/types" ) diff --git a/pkg/cloud/report/service_test.go b/pkg/cloud/report/service_test.go index cf14466e4d86..6e4ae99c2cd4 100644 --- a/pkg/cloud/report/service_test.go +++ b/pkg/cloud/report/service_test.go @@ -5,18 +5,14 @@ import ( "path/filepath" "testing" - "github.com/aquasecurity/trivy-db/pkg/types" - - "github.com/stretchr/testify/require" - - "github.com/aquasecurity/trivy/pkg/flag" - - "github.com/stretchr/testify/assert" - "github.com/aws/aws-sdk-go-v2/aws/arn" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "github.com/aquasecurity/defsec/pkg/scan" defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy-db/pkg/types" + "github.com/aquasecurity/trivy/pkg/flag" ) func Test_ServiceReport(t *testing.T) { diff --git a/pkg/commands/app.go b/pkg/commands/app.go index 0d2ed8c9727f..c546d605aaa4 100644 --- a/pkg/commands/app.go +++ b/pkg/commands/app.go @@ -14,7 +14,6 @@ import ( "golang.org/x/xerrors" awsScanner "github.com/aquasecurity/defsec/pkg/scanners/cloud/aws" - awscommands "github.com/aquasecurity/trivy/pkg/cloud/aws/commands" "github.com/aquasecurity/trivy/pkg/commands/artifact" "github.com/aquasecurity/trivy/pkg/commands/convert" diff --git a/pkg/compliance/report/report.go b/pkg/compliance/report/report.go index 50ae2460635b..bcadc6fbb168 100644 --- a/pkg/compliance/report/report.go +++ b/pkg/compliance/report/report.go @@ -3,10 +3,9 @@ package report import ( "io" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" - "golang.org/x/xerrors" + defsecTypes "github.com/aquasecurity/defsec/pkg/types" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/compliance/spec" "github.com/aquasecurity/trivy/pkg/types" diff --git a/pkg/compliance/report/report_test.go b/pkg/compliance/report/report_test.go index cbb33fd1d186..b6a1dcc6bcc5 100644 --- a/pkg/compliance/report/report_test.go +++ b/pkg/compliance/report/report_test.go @@ -4,10 +4,9 @@ import ( "fmt" "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" - "github.com/stretchr/testify/assert" + defsecTypes "github.com/aquasecurity/defsec/pkg/types" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" "github.com/aquasecurity/trivy/pkg/compliance/report" diff --git a/pkg/compliance/spec/compliance_test.go b/pkg/compliance/spec/compliance_test.go index 8b04e601a3c9..f34722525e1f 100644 --- a/pkg/compliance/spec/compliance_test.go +++ b/pkg/compliance/spec/compliance_test.go @@ -4,10 +4,9 @@ import ( "sort" "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" - "github.com/stretchr/testify/assert" + defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/pkg/compliance/spec" "github.com/aquasecurity/trivy/pkg/types" ) diff --git a/pkg/detector/library/compare/maven/compare.go b/pkg/detector/library/compare/maven/compare.go index 8e4ca692420c..d36156dce956 100644 --- a/pkg/detector/library/compare/maven/compare.go +++ b/pkg/detector/library/compare/maven/compare.go @@ -1,9 +1,8 @@ package maven import ( - "golang.org/x/xerrors" - version "github.com/masahiro331/go-mvn-version" + "golang.org/x/xerrors" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/detector/library/compare" diff --git a/pkg/detector/library/detect.go b/pkg/detector/library/detect.go index a41c3575d724..121f33284e1a 100644 --- a/pkg/detector/library/detect.go +++ b/pkg/detector/library/detect.go @@ -8,7 +8,7 @@ import ( ) // Detect scans and returns vulnerabilities of library -func Detect(libType string, pkgs []ftypes.Package) ([]types.DetectedVulnerability, error) { +func Detect(libType ftypes.LangType, pkgs []ftypes.Package) ([]types.DetectedVulnerability, error) { driver, ok := NewDriver(libType) if !ok { return nil, nil diff --git a/pkg/detector/library/driver.go b/pkg/detector/library/driver.go index ae290ee503ed..c75c22caf678 100644 --- a/pkg/detector/library/driver.go +++ b/pkg/detector/library/driver.go @@ -20,7 +20,7 @@ import ( ) // NewDriver returns a driver according to the library type -func NewDriver(libType string) (Driver, bool) { +func NewDriver(libType ftypes.LangType) (Driver, bool) { var ecosystem dbTypes.Ecosystem var comparer compare.Comparer diff --git a/pkg/detector/library/driver_test.go b/pkg/detector/library/driver_test.go index d7308b702786..9bfa6ade777d 100644 --- a/pkg/detector/library/driver_test.go +++ b/pkg/detector/library/driver_test.go @@ -23,7 +23,7 @@ func TestDriver_Detect(t *testing.T) { tests := []struct { name string fixtures []string - libType string + libType ftypes.LangType args args want []types.DetectedVulnerability wantErr string diff --git a/pkg/detector/ospkg/alma/alma.go b/pkg/detector/ospkg/alma/alma.go index 55fb020c255e..a29c010ff79f 100644 --- a/pkg/detector/ospkg/alma/alma.go +++ b/pkg/detector/ospkg/alma/alma.go @@ -108,7 +108,7 @@ func (s *Scanner) Detect(osVer string, _ *ftypes.Repository, pkgs []ftypes.Packa } // IsSupportedVersion checks the OSFamily can be scanned using AlmaLinux scanner -func (s *Scanner) IsSupportedVersion(osFamily, osVer string) bool { +func (s *Scanner) IsSupportedVersion(osFamily ftypes.OSType, osVer string) bool { if strings.Count(osVer, ".") > 0 { osVer = osVer[:strings.Index(osVer, ".")] } diff --git a/pkg/detector/ospkg/alma/alma_test.go b/pkg/detector/ospkg/alma/alma_test.go index 5b209c8af7e4..d9cc698f0b15 100644 --- a/pkg/detector/ospkg/alma/alma_test.go +++ b/pkg/detector/ospkg/alma/alma_test.go @@ -70,8 +70,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "skip modular package", - fixtures: []string{"testdata/fixtures/modular.yaml", "testdata/fixtures/data-source.yaml"}, + name: "skip modular package", + fixtures: []string{ + "testdata/fixtures/modular.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "8.4", pkgs: []ftypes.Package{ @@ -94,8 +97,11 @@ func TestScanner_Detect(t *testing.T) { want: nil, }, { - name: "modular package", - fixtures: []string{"testdata/fixtures/modular.yaml", "testdata/fixtures/data-source.yaml"}, + name: "modular package", + fixtures: []string{ + "testdata/fixtures/modular.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "8.6", pkgs: []ftypes.Package{ @@ -131,8 +137,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "Get returns an error", - fixtures: []string{"testdata/fixtures/invalid.yaml", "testdata/fixtures/data-source.yaml"}, + name: "Get returns an error", + fixtures: []string{ + "testdata/fixtures/invalid.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "8.4", pkgs: []ftypes.Package{ @@ -167,7 +176,7 @@ func TestScanner_Detect(t *testing.T) { func TestScanner_IsSupportedVersion(t *testing.T) { type args struct { - osFamily string + osFamily ftypes.OSType osVer string } tests := []struct { diff --git a/pkg/detector/ospkg/alpine/alpine.go b/pkg/detector/ospkg/alpine/alpine.go index 62cb3b3d7660..5095efa98a8d 100644 --- a/pkg/detector/ospkg/alpine/alpine.go +++ b/pkg/detector/ospkg/alpine/alpine.go @@ -174,7 +174,7 @@ func (s *Scanner) isVulnerable(installedVersion version.Version, adv dbTypes.Adv } // IsSupportedVersion checks the OSFamily can be scanned using Alpine scanner -func (s *Scanner) IsSupportedVersion(osFamily, osVer string) bool { +func (s *Scanner) IsSupportedVersion(osFamily ftypes.OSType, osVer string) bool { if strings.Count(osVer, ".") > 1 { osVer = osVer[:strings.LastIndex(osVer, ".")] } diff --git a/pkg/detector/ospkg/alpine/alpine_test.go b/pkg/detector/ospkg/alpine/alpine_test.go index 8617b736efc5..35abfc1f6e98 100644 --- a/pkg/detector/ospkg/alpine/alpine_test.go +++ b/pkg/detector/ospkg/alpine/alpine_test.go @@ -5,8 +5,6 @@ import ( "testing" "time" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" fake "k8s.io/utils/clock/testing" @@ -34,8 +32,11 @@ func TestScanner_Detect(t *testing.T) { wantErr string }{ { - name: "happy path", - fixtures: []string{"testdata/fixtures/alpine.yaml", "testdata/fixtures/data-source.yaml"}, + name: "happy path", + fixtures: []string{ + "testdata/fixtures/alpine.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "3.10.2", pkgs: []ftypes.Package{ @@ -88,8 +89,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "contain rc", - fixtures: []string{"testdata/fixtures/alpine.yaml", "testdata/fixtures/data-source.yaml"}, + name: "contain rc", + fixtures: []string{ + "testdata/fixtures/alpine.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "3.10", pkgs: []ftypes.Package{ @@ -116,8 +120,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "contain pre", - fixtures: []string{"testdata/fixtures/alpine.yaml", "testdata/fixtures/data-source.yaml"}, + name: "contain pre", + fixtures: []string{ + "testdata/fixtures/alpine.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "3.10", pkgs: []ftypes.Package{ @@ -150,12 +157,15 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "repository is newer than OS version", - fixtures: []string{"testdata/fixtures/alpine.yaml", "testdata/fixtures/data-source.yaml"}, + name: "repository is newer than OS version", + fixtures: []string{ + "testdata/fixtures/alpine.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "3.9.3", repo: &ftypes.Repository{ - Family: os.Alpine, + Family: ftypes.Alpine, Release: "3.10", }, pkgs: []ftypes.Package{ @@ -182,8 +192,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "Get returns an error", - fixtures: []string{"testdata/fixtures/invalid.yaml", "testdata/fixtures/data-source.yaml"}, + name: "Get returns an error", + fixtures: []string{ + "testdata/fixtures/invalid.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "3.10.2", pkgs: []ftypes.Package{ @@ -198,12 +211,15 @@ func TestScanner_Detect(t *testing.T) { wantErr: "failed to get alpine advisories", }, { - name: "No src name", - fixtures: []string{"testdata/fixtures/alpine.yaml", "testdata/fixtures/data-source.yaml"}, + name: "No src name", + fixtures: []string{ + "testdata/fixtures/alpine.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "3.9.3", repo: &ftypes.Repository{ - Family: os.Alpine, + Family: ftypes.Alpine, Release: "3.10", }, pkgs: []ftypes.Package{ @@ -253,7 +269,7 @@ func TestScanner_Detect(t *testing.T) { func TestScanner_IsSupportedVersion(t *testing.T) { type args struct { - osFamily string + osFamily ftypes.OSType osVer string } tests := []struct { diff --git a/pkg/detector/ospkg/amazon/amazon.go b/pkg/detector/ospkg/amazon/amazon.go index cdc2702c8286..a77765de8839 100644 --- a/pkg/detector/ospkg/amazon/amazon.go +++ b/pkg/detector/ospkg/amazon/amazon.go @@ -4,11 +4,10 @@ import ( "strings" "time" - "k8s.io/utils/clock" - version "github.com/knqyf263/go-deb-version" "go.uber.org/zap" "golang.org/x/xerrors" + "k8s.io/utils/clock" "github.com/aquasecurity/trivy-db/pkg/vulnsrc/amazon" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" @@ -119,7 +118,7 @@ func (s *Scanner) Detect(osVer string, _ *ftypes.Repository, pkgs []ftypes.Packa } // IsSupportedVersion checks if os can be scanned using amazon scanner -func (s *Scanner) IsSupportedVersion(osFamily, osVer string) bool { +func (s *Scanner) IsSupportedVersion(osFamily ftypes.OSType, osVer string) bool { osVer = strings.Fields(osVer)[0] if osVer != "2" && osVer != "2022" && osVer != "2023" { osVer = "1" diff --git a/pkg/detector/ospkg/amazon/amazon_test.go b/pkg/detector/ospkg/amazon/amazon_test.go index 9dcb8f72e7fd..e9f7b546996b 100644 --- a/pkg/detector/ospkg/amazon/amazon_test.go +++ b/pkg/detector/ospkg/amazon/amazon_test.go @@ -30,8 +30,11 @@ func TestScanner_Detect(t *testing.T) { wantErr string }{ { - name: "amazon linux 1", - fixtures: []string{"testdata/fixtures/amazon.yaml", "testdata/fixtures/data-source.yaml"}, + name: "amazon linux 1", + fixtures: []string{ + "testdata/fixtures/amazon.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "1.2", pkgs: []ftypes.Package{ @@ -64,8 +67,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "amazon linux 2", - fixtures: []string{"testdata/fixtures/amazon.yaml", "testdata/fixtures/data-source.yaml"}, + name: "amazon linux 2", + fixtures: []string{ + "testdata/fixtures/amazon.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "2", pkgs: []ftypes.Package{ @@ -96,8 +102,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "amazon linux 2023", - fixtures: []string{"testdata/fixtures/amazon.yaml", "testdata/fixtures/data-source.yaml"}, + name: "amazon linux 2023", + fixtures: []string{ + "testdata/fixtures/amazon.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "2023", pkgs: []ftypes.Package{ @@ -128,8 +137,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "empty version", - fixtures: []string{"testdata/fixtures/amazon.yaml", "testdata/fixtures/data-source.yaml"}, + name: "empty version", + fixtures: []string{ + "testdata/fixtures/amazon.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "2", pkgs: []ftypes.Package{ @@ -140,8 +152,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "Get returns an error", - fixtures: []string{"testdata/fixtures/invalid.yaml", "testdata/fixtures/data-source.yaml"}, + name: "Get returns an error", + fixtures: []string{ + "testdata/fixtures/invalid.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "1", pkgs: []ftypes.Package{ @@ -176,7 +191,7 @@ func TestScanner_Detect(t *testing.T) { func TestScanner_IsSupportedVersion(t *testing.T) { type args struct { - osFamily string + osFamily ftypes.OSType osVer string } tests := []struct { diff --git a/pkg/detector/ospkg/chainguard/chainguard.go b/pkg/detector/ospkg/chainguard/chainguard.go index 594a62fbcaed..447d7a6f647a 100644 --- a/pkg/detector/ospkg/chainguard/chainguard.go +++ b/pkg/detector/ospkg/chainguard/chainguard.go @@ -5,9 +5,8 @@ import ( "golang.org/x/xerrors" "k8s.io/utils/clock" - "github.com/aquasecurity/trivy-db/pkg/vulnsrc/chainguard" - dbTypes "github.com/aquasecurity/trivy-db/pkg/types" + "github.com/aquasecurity/trivy-db/pkg/vulnsrc/chainguard" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/scanner/utils" @@ -104,7 +103,7 @@ func (s *Scanner) isVulnerable(installedVersion version.Version, adv dbTypes.Adv } // IsSupportedVersion checks the OSFamily can be scanned using Chainguard scanner -func (s *Scanner) IsSupportedVersion(_, _ string) bool { +func (s *Scanner) IsSupportedVersion(_ ftypes.OSType, _ string) bool { // Chainguard doesn't have versions, so there is no case where a given input yields a // result of an unsupported Chainguard version. diff --git a/pkg/detector/ospkg/chainguard/chainguard_test.go b/pkg/detector/ospkg/chainguard/chainguard_test.go index 12165d7c4b15..446693ce2170 100644 --- a/pkg/detector/ospkg/chainguard/chainguard_test.go +++ b/pkg/detector/ospkg/chainguard/chainguard_test.go @@ -4,17 +4,16 @@ import ( "sort" "testing" - "github.com/aquasecurity/trivy/pkg/detector/ospkg/chainguard" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "github.com/aquasecurity/trivy-db/pkg/db" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" "github.com/aquasecurity/trivy/pkg/dbtest" + "github.com/aquasecurity/trivy/pkg/detector/ospkg/chainguard" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/types" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func TestScanner_Detect(t *testing.T) { @@ -30,8 +29,11 @@ func TestScanner_Detect(t *testing.T) { wantErr string }{ { - name: "happy path", - fixtures: []string{"testdata/fixtures/chainguard.yaml", "testdata/fixtures/data-source.yaml"}, + name: "happy path", + fixtures: []string{ + "testdata/fixtures/chainguard.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ pkgs: []ftypes.Package{ { @@ -69,8 +71,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "contain rc", - fixtures: []string{"testdata/fixtures/chainguard.yaml", "testdata/fixtures/data-source.yaml"}, + name: "contain rc", + fixtures: []string{ + "testdata/fixtures/chainguard.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ pkgs: []ftypes.Package{ { @@ -96,8 +101,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "contain pre", - fixtures: []string{"testdata/fixtures/chainguard.yaml", "testdata/fixtures/data-source.yaml"}, + name: "contain pre", + fixtures: []string{ + "testdata/fixtures/chainguard.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ pkgs: []ftypes.Package{ { @@ -129,8 +137,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "Get returns an error", - fixtures: []string{"testdata/fixtures/invalid.yaml", "testdata/fixtures/data-source.yaml"}, + name: "Get returns an error", + fixtures: []string{ + "testdata/fixtures/invalid.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ pkgs: []ftypes.Package{ { @@ -144,11 +155,14 @@ func TestScanner_Detect(t *testing.T) { wantErr: "failed to get Chainguard advisories", }, { - name: "No src name", - fixtures: []string{"testdata/fixtures/chainguard.yaml", "testdata/fixtures/data-source.yaml"}, + name: "No src name", + fixtures: []string{ + "testdata/fixtures/chainguard.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ repo: &ftypes.Repository{ - Family: os.Chainguard, + Family: ftypes.Chainguard, Release: "3.10", }, pkgs: []ftypes.Package{ diff --git a/pkg/detector/ospkg/debian/debian.go b/pkg/detector/ospkg/debian/debian.go index e8bc953c2708..5098e6483336 100644 --- a/pkg/detector/ospkg/debian/debian.go +++ b/pkg/detector/ospkg/debian/debian.go @@ -142,7 +142,7 @@ func (s *Scanner) Detect(osVer string, _ *ftypes.Repository, pkgs []ftypes.Packa } // IsSupportedVersion checks is OSFamily can be scanned using Debian -func (s *Scanner) IsSupportedVersion(osFamily, osVer string) bool { +func (s *Scanner) IsSupportedVersion(osFamily ftypes.OSType, osVer string) bool { if strings.Count(osVer, ".") > 0 { osVer = osVer[:strings.Index(osVer, ".")] } diff --git a/pkg/detector/ospkg/debian/debian_test.go b/pkg/detector/ospkg/debian/debian_test.go index e021d82b79cf..b34d066eccf1 100644 --- a/pkg/detector/ospkg/debian/debian_test.go +++ b/pkg/detector/ospkg/debian/debian_test.go @@ -31,8 +31,11 @@ func TestScanner_Detect(t *testing.T) { wantErr string }{ { - name: "happy path", - fixtures: []string{"testdata/fixtures/debian.yaml", "testdata/fixtures/data-source.yaml"}, + name: "happy path", + fixtures: []string{ + "testdata/fixtures/debian.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "9.1", pkgs: []ftypes.Package{ @@ -84,8 +87,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "invalid bucket", - fixtures: []string{"testdata/fixtures/invalid.yaml", "testdata/fixtures/data-source.yaml"}, + name: "invalid bucket", + fixtures: []string{ + "testdata/fixtures/invalid.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "9.1", pkgs: []ftypes.Package{ @@ -127,7 +133,7 @@ func TestScanner_Detect(t *testing.T) { func TestScanner_IsSupportedVersion(t *testing.T) { type args struct { - osFamily string + osFamily ftypes.OSType osVer string } tests := []struct { diff --git a/pkg/detector/ospkg/detect.go b/pkg/detector/ospkg/detect.go index c4c70600065c..16c3102265c4 100644 --- a/pkg/detector/ospkg/detect.go +++ b/pkg/detector/ospkg/detect.go @@ -19,7 +19,6 @@ import ( "github.com/aquasecurity/trivy/pkg/detector/ospkg/suse" "github.com/aquasecurity/trivy/pkg/detector/ospkg/ubuntu" "github.com/aquasecurity/trivy/pkg/detector/ospkg/wolfi" - fos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/types" @@ -29,38 +28,38 @@ var ( // ErrUnsupportedOS defines error for unsupported OS ErrUnsupportedOS = xerrors.New("unsupported os") - drivers = map[string]Driver{ - fos.Alpine: alpine.NewScanner(), - fos.Alma: alma.NewScanner(), - fos.Amazon: amazon.NewScanner(), - fos.CBLMariner: mariner.NewScanner(), - fos.Debian: debian.NewScanner(), - fos.Ubuntu: ubuntu.NewScanner(), - fos.RedHat: redhat.NewScanner(), - fos.CentOS: redhat.NewScanner(), - fos.Rocky: rocky.NewScanner(), - fos.Oracle: oracle.NewScanner(), - fos.OpenSUSELeap: suse.NewScanner(suse.OpenSUSE), - fos.SLES: suse.NewScanner(suse.SUSEEnterpriseLinux), - fos.Photon: photon.NewScanner(), - fos.Wolfi: wolfi.NewScanner(), - fos.Chainguard: chainguard.NewScanner(), + drivers = map[ftypes.OSType]Driver{ + ftypes.Alpine: alpine.NewScanner(), + ftypes.Alma: alma.NewScanner(), + ftypes.Amazon: amazon.NewScanner(), + ftypes.CBLMariner: mariner.NewScanner(), + ftypes.Debian: debian.NewScanner(), + ftypes.Ubuntu: ubuntu.NewScanner(), + ftypes.RedHat: redhat.NewScanner(), + ftypes.CentOS: redhat.NewScanner(), + ftypes.Rocky: rocky.NewScanner(), + ftypes.Oracle: oracle.NewScanner(), + ftypes.OpenSUSELeap: suse.NewScanner(suse.OpenSUSE), + ftypes.SLES: suse.NewScanner(suse.SUSEEnterpriseLinux), + ftypes.Photon: photon.NewScanner(), + ftypes.Wolfi: wolfi.NewScanner(), + ftypes.Chainguard: chainguard.NewScanner(), } ) // RegisterDriver is defined for extensibility and not supposed to be used in Trivy. -func RegisterDriver(name string, driver Driver) { +func RegisterDriver(name ftypes.OSType, driver Driver) { drivers[name] = driver } // Driver defines operations for OS package scan type Driver interface { Detect(string, *ftypes.Repository, []ftypes.Package) ([]types.DetectedVulnerability, error) - IsSupportedVersion(string, string) bool + IsSupportedVersion(ftypes.OSType, string) bool } // Detect detects the vulnerabilities -func Detect(_, osFamily, osName string, repo *ftypes.Repository, _ time.Time, pkgs []ftypes.Package) ([]types.DetectedVulnerability, bool, error) { +func Detect(_, osFamily ftypes.OSType, osName string, repo *ftypes.Repository, _ time.Time, pkgs []ftypes.Package) ([]types.DetectedVulnerability, bool, error) { driver, err := newDriver(osFamily) if err != nil { return nil, false, ErrUnsupportedOS @@ -81,7 +80,7 @@ func Detect(_, osFamily, osName string, repo *ftypes.Repository, _ time.Time, pk return vulns, eosl, nil } -func newDriver(osFamily string) (Driver, error) { +func newDriver(osFamily ftypes.OSType) (Driver, error) { if driver, ok := drivers[osFamily]; ok { return driver, nil } diff --git a/pkg/detector/ospkg/mariner/mariner.go b/pkg/detector/ospkg/mariner/mariner.go index 5bada4ea9fdf..3043d24eaf2f 100644 --- a/pkg/detector/ospkg/mariner/mariner.go +++ b/pkg/detector/ospkg/mariner/mariner.go @@ -76,7 +76,7 @@ func (s *Scanner) Detect(osVer string, _ *ftypes.Repository, pkgs []ftypes.Packa } // IsSupportedVersion checks the OS version can be scanned using CBL-Mariner scanner -func (s *Scanner) IsSupportedVersion(osFamily, osVer string) bool { +func (s *Scanner) IsSupportedVersion(osFamily ftypes.OSType, osVer string) bool { // EOL is not in public at the moment. return true } diff --git a/pkg/detector/ospkg/oracle/oracle.go b/pkg/detector/ospkg/oracle/oracle.go index 284564105bf5..8eea8aca3a66 100644 --- a/pkg/detector/ospkg/oracle/oracle.go +++ b/pkg/detector/ospkg/oracle/oracle.go @@ -103,7 +103,7 @@ func (s *Scanner) Detect(osVer string, _ *ftypes.Repository, pkgs []ftypes.Packa } // IsSupportedVersion checks is OSFamily can be scanned with Oracle scanner -func (s *Scanner) IsSupportedVersion(osFamily, osVer string) bool { +func (s *Scanner) IsSupportedVersion(osFamily ftypes.OSType, osVer string) bool { if strings.Count(osVer, ".") > 0 { osVer = osVer[:strings.Index(osVer, ".")] } diff --git a/pkg/detector/ospkg/oracle/oracle_test.go b/pkg/detector/ospkg/oracle/oracle_test.go index 518f590317a6..8671d0cf4fd9 100644 --- a/pkg/detector/ospkg/oracle/oracle_test.go +++ b/pkg/detector/ospkg/oracle/oracle_test.go @@ -21,7 +21,7 @@ import ( func TestScanner_IsSupportedVersion(t *testing.T) { vectors := map[string]struct { clock clock.Clock - osFamily string + osFamily ftypes.OSType osVersion string expected bool }{ @@ -109,8 +109,11 @@ func TestScanner_Detect(t *testing.T) { wantErr string }{ { - name: "detected", - fixtures: []string{"testdata/fixtures/oracle7.yaml", "testdata/fixtures/data-source.yaml"}, + name: "detected", + fixtures: []string{ + "testdata/fixtures/oracle7.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "7", pkgs: []ftypes.Package{ @@ -140,8 +143,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "without ksplice", - fixtures: []string{"testdata/fixtures/oracle7.yaml", "testdata/fixtures/data-source.yaml"}, + name: "without ksplice", + fixtures: []string{ + "testdata/fixtures/oracle7.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "7", pkgs: []ftypes.Package{ @@ -159,8 +165,11 @@ func TestScanner_Detect(t *testing.T) { want: nil, }, { - name: "the installed version has ksplice2", - fixtures: []string{"testdata/fixtures/oracle7.yaml", "testdata/fixtures/data-source.yaml"}, + name: "the installed version has ksplice2", + fixtures: []string{ + "testdata/fixtures/oracle7.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "7", pkgs: []ftypes.Package{ @@ -180,8 +189,11 @@ func TestScanner_Detect(t *testing.T) { want: nil, }, { - name: "with ksplice", - fixtures: []string{"testdata/fixtures/oracle7.yaml", "testdata/fixtures/data-source.yaml"}, + name: "with ksplice", + fixtures: []string{ + "testdata/fixtures/oracle7.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "7", pkgs: []ftypes.Package{ @@ -213,8 +225,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "malformed", - fixtures: []string{"testdata/fixtures/invalid-type.yaml", "testdata/fixtures/data-source.yaml"}, + name: "malformed", + fixtures: []string{ + "testdata/fixtures/invalid-type.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "7", pkgs: []ftypes.Package{ diff --git a/pkg/detector/ospkg/photon/photon.go b/pkg/detector/ospkg/photon/photon.go index e665574a3617..54c96b602544 100644 --- a/pkg/detector/ospkg/photon/photon.go +++ b/pkg/detector/ospkg/photon/photon.go @@ -95,7 +95,7 @@ func (s *Scanner) Detect(osVer string, _ *ftypes.Repository, pkgs []ftypes.Packa } // IsSupportedVersion checks if the OS version reached end-of-support. -func (s *Scanner) IsSupportedVersion(osFamily, osVer string) bool { +func (s *Scanner) IsSupportedVersion(osFamily ftypes.OSType, osVer string) bool { eol, ok := eolDates[osVer] if !ok { log.Logger.Warnf("This OS version is not on the EOL list: %s %s", osFamily, osVer) diff --git a/pkg/detector/ospkg/photon/photon_test.go b/pkg/detector/ospkg/photon/photon_test.go index f76d488507da..04884b6a5d0f 100644 --- a/pkg/detector/ospkg/photon/photon_test.go +++ b/pkg/detector/ospkg/photon/photon_test.go @@ -30,8 +30,11 @@ func TestScanner_Detect(t *testing.T) { wantErr string }{ { - name: "happy path", - fixtures: []string{"testdata/fixtures/photon.yaml", "testdata/fixtures/data-source.yaml"}, + name: "happy path", + fixtures: []string{ + "testdata/fixtures/photon.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "1.0", pkgs: []ftypes.Package{ @@ -66,8 +69,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "invalid bucket", - fixtures: []string{"testdata/fixtures/invalid.yaml", "testdata/fixtures/data-source.yaml"}, + name: "invalid bucket", + fixtures: []string{ + "testdata/fixtures/invalid.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "1.0", pkgs: []ftypes.Package{ @@ -102,7 +108,7 @@ func TestScanner_Detect(t *testing.T) { func TestScanner_IsSupportedVersion(t *testing.T) { type args struct { - osFamily string + osFamily ftypes.OSType osVer string } tests := []struct { diff --git a/pkg/detector/ospkg/redhat/redhat.go b/pkg/detector/ospkg/redhat/redhat.go index 9253b407cb5c..696c37c99c51 100644 --- a/pkg/detector/ospkg/redhat/redhat.go +++ b/pkg/detector/ospkg/redhat/redhat.go @@ -16,7 +16,6 @@ import ( ustrings "github.com/aquasecurity/trivy-db/pkg/utils/strings" redhat "github.com/aquasecurity/trivy-db/pkg/vulnsrc/redhat-oval" "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/scanner/utils" @@ -209,16 +208,16 @@ func (s *Scanner) detect(osVer string, pkg ftypes.Package) ([]types.DetectedVuln } // IsSupportedVersion checks is OSFamily can be scanned with Redhat scanner -func (s *Scanner) IsSupportedVersion(osFamily, osVer string) bool { +func (s *Scanner) IsSupportedVersion(osFamily ftypes.OSType, osVer string) bool { if strings.Count(osVer, ".") > 0 { osVer = osVer[:strings.Index(osVer, ".")] } var eolDate time.Time var ok bool - if osFamily == os.RedHat { + if osFamily == ftypes.RedHat { eolDate, ok = redhatEOLDates[osVer] - } else if osFamily == os.CentOS { + } else if osFamily == ftypes.CentOS { eolDate, ok = centosEOLDates[osVer] } if !ok { diff --git a/pkg/detector/ospkg/redhat/redhat_test.go b/pkg/detector/ospkg/redhat/redhat_test.go index 957d4a14c87f..93e08e108bfe 100644 --- a/pkg/detector/ospkg/redhat/redhat_test.go +++ b/pkg/detector/ospkg/redhat/redhat_test.go @@ -5,11 +5,10 @@ import ( "testing" "time" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" fake "k8s.io/utils/clock/testing" - "github.com/stretchr/testify/assert" - dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" "github.com/aquasecurity/trivy/pkg/dbtest" @@ -138,8 +137,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - VulnerabilityID: "CVE-2020-12403", - VendorIDs: []string{"RHSA-2021:0538", "RHSA-2021:0876"}, + VulnerabilityID: "CVE-2020-12403", + VendorIDs: []string{ + "RHSA-2021:0538", + "RHSA-2021:0876", + }, PkgName: "nss", InstalledVersion: "3.36.0-7.1.el7_6", FixedVersion: "3.53.1-17.el7_3", @@ -376,7 +378,7 @@ func TestScanner_Detect(t *testing.T) { func TestScanner_IsSupportedVersion(t *testing.T) { type args struct { - osFamily string + osFamily ftypes.OSType osVer string } tests := []struct { diff --git a/pkg/detector/ospkg/rocky/rocky.go b/pkg/detector/ospkg/rocky/rocky.go index 7a615592a999..11c00472c574 100644 --- a/pkg/detector/ospkg/rocky/rocky.go +++ b/pkg/detector/ospkg/rocky/rocky.go @@ -108,7 +108,7 @@ func (s *Scanner) Detect(osVer string, _ *ftypes.Repository, pkgs []ftypes.Packa } // IsSupportedVersion checks the OSFamily can be scanned using Rocky Linux scanner -func (s *Scanner) IsSupportedVersion(osFamily, osVer string) bool { +func (s *Scanner) IsSupportedVersion(osFamily ftypes.OSType, osVer string) bool { if strings.Count(osVer, ".") > 0 { osVer = osVer[:strings.Index(osVer, ".")] } diff --git a/pkg/detector/ospkg/rocky/rocky_test.go b/pkg/detector/ospkg/rocky/rocky_test.go index 5f74a88de0e0..e5ebe844e2de 100644 --- a/pkg/detector/ospkg/rocky/rocky_test.go +++ b/pkg/detector/ospkg/rocky/rocky_test.go @@ -30,8 +30,11 @@ func TestScanner_Detect(t *testing.T) { wantErr string }{ { - name: "happy path", - fixtures: []string{"testdata/fixtures/rocky.yaml", "testdata/fixtures/data-source.yaml"}, + name: "happy path", + fixtures: []string{ + "testdata/fixtures/rocky.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "8.5", pkgs: []ftypes.Package{ @@ -67,8 +70,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "skip modular package", - fixtures: []string{"testdata/fixtures/modular.yaml", "testdata/fixtures/data-source.yaml"}, + name: "skip modular package", + fixtures: []string{ + "testdata/fixtures/modular.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "8.5", pkgs: []ftypes.Package{ @@ -91,8 +97,11 @@ func TestScanner_Detect(t *testing.T) { want: nil, }, { - name: "Get returns an error", - fixtures: []string{"testdata/fixtures/invalid.yaml", "testdata/fixtures/data-source.yaml"}, + name: "Get returns an error", + fixtures: []string{ + "testdata/fixtures/invalid.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "8.5", pkgs: []ftypes.Package{ @@ -127,7 +136,7 @@ func TestScanner_Detect(t *testing.T) { func TestScanner_IsSupportedVersion(t *testing.T) { type args struct { - osFamily string + osFamily ftypes.OSType osVer string } tests := []struct { diff --git a/pkg/detector/ospkg/suse/suse.go b/pkg/detector/ospkg/suse/suse.go index cbf0c4fd9916..a32de1c76257 100644 --- a/pkg/detector/ospkg/suse/suse.go +++ b/pkg/detector/ospkg/suse/suse.go @@ -3,13 +3,11 @@ package suse import ( "time" + version "github.com/knqyf263/go-rpm-version" "golang.org/x/xerrors" "k8s.io/utils/clock" - version "github.com/knqyf263/go-rpm-version" - susecvrf "github.com/aquasecurity/trivy-db/pkg/vulnsrc/suse-cvrf" - fos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/scanner/utils" @@ -149,13 +147,13 @@ func (s *Scanner) Detect(osVer string, _ *ftypes.Repository, pkgs []ftypes.Packa } // IsSupportedVersion checks if OSFamily can be scanned using SUSE scanner -func (s *Scanner) IsSupportedVersion(osFamily, osVer string) bool { +func (s *Scanner) IsSupportedVersion(osFamily ftypes.OSType, osVer string) bool { var eolDate time.Time var ok bool - if osFamily == fos.SLES { + if osFamily == ftypes.SLES { eolDate, ok = slesEolDates[osVer] - } else if osFamily == fos.OpenSUSELeap { + } else if osFamily == ftypes.OpenSUSELeap { eolDate, ok = opensuseEolDates[osVer] } diff --git a/pkg/detector/ospkg/suse/suse_test.go b/pkg/detector/ospkg/suse/suse_test.go index 3dbb09d59835..2fc8c2a64814 100644 --- a/pkg/detector/ospkg/suse/suse_test.go +++ b/pkg/detector/ospkg/suse/suse_test.go @@ -31,8 +31,11 @@ func TestScanner_Detect(t *testing.T) { wantErr string }{ { - name: "happy path", - fixtures: []string{"testdata/fixtures/suse.yaml", "testdata/fixtures/data-source.yaml"}, + name: "happy path", + fixtures: []string{ + "testdata/fixtures/suse.yaml", + "testdata/fixtures/data-source.yaml", + }, distribution: suse.OpenSUSE, args: args{ osVer: "15.3", @@ -68,8 +71,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "broken bucket", - fixtures: []string{"testdata/fixtures/invalid.yaml", "testdata/fixtures/data-source.yaml"}, + name: "broken bucket", + fixtures: []string{ + "testdata/fixtures/invalid.yaml", + "testdata/fixtures/data-source.yaml", + }, distribution: suse.SUSEEnterpriseLinux, args: args{ osVer: "15.3", @@ -105,7 +111,7 @@ func TestScanner_Detect(t *testing.T) { func TestScanner_IsSupportedVersion(t *testing.T) { type args struct { - osFamily string + osFamily ftypes.OSType osVer string } tests := []struct { diff --git a/pkg/detector/ospkg/ubuntu/ubuntu.go b/pkg/detector/ospkg/ubuntu/ubuntu.go index 3764a07ab704..f8991ff32f09 100644 --- a/pkg/detector/ospkg/ubuntu/ubuntu.go +++ b/pkg/detector/ospkg/ubuntu/ubuntu.go @@ -148,7 +148,7 @@ func (s *Scanner) Detect(osVer string, _ *ftypes.Repository, pkgs []ftypes.Packa } // IsSupportedVersion checks is OSFamily can be scanned using Ubuntu scanner -func (s *Scanner) IsSupportedVersion(osFamily, osVer string) bool { +func (s *Scanner) IsSupportedVersion(osFamily ftypes.OSType, osVer string) bool { eol, ok := eolDates[s.versionFromEolDates(osVer)] if !ok { log.Logger.Warnf("This OS version is not on the EOL list: %s %s", osFamily, osVer) diff --git a/pkg/detector/ospkg/ubuntu/ubuntu_test.go b/pkg/detector/ospkg/ubuntu/ubuntu_test.go index e2c32e511127..42ed9971099a 100644 --- a/pkg/detector/ospkg/ubuntu/ubuntu_test.go +++ b/pkg/detector/ospkg/ubuntu/ubuntu_test.go @@ -32,8 +32,11 @@ func TestScanner_Detect(t *testing.T) { wantErr string }{ { - name: "happy path", - fixtures: []string{"testdata/fixtures/ubuntu.yaml", "testdata/fixtures/data-source.yaml"}, + name: "happy path", + fixtures: []string{ + "testdata/fixtures/ubuntu.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "20.04", now: time.Date(2019, 3, 31, 23, 59, 59, 0, time.UTC), @@ -81,8 +84,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "ubuntu 20.04-ESM. 20.04 is not outdated", - fixtures: []string{"testdata/fixtures/ubuntu.yaml", "testdata/fixtures/data-source.yaml"}, + name: "ubuntu 20.04-ESM. 20.04 is not outdated", + fixtures: []string{ + "testdata/fixtures/ubuntu.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "20.04-ESM", now: time.Date(2019, 3, 31, 23, 59, 59, 0, time.UTC), @@ -130,8 +136,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "ubuntu 20.04-ESM. 20.04 is outdated", - fixtures: []string{"testdata/fixtures/ubuntu.yaml", "testdata/fixtures/data-source.yaml"}, + name: "ubuntu 20.04-ESM. 20.04 is outdated", + fixtures: []string{ + "testdata/fixtures/ubuntu.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "20.04-ESM", now: time.Date(2031, 3, 31, 23, 59, 59, 0, time.UTC), @@ -149,8 +158,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "broken bucket", - fixtures: []string{"testdata/fixtures/invalid.yaml", "testdata/fixtures/data-source.yaml"}, + name: "broken bucket", + fixtures: []string{ + "testdata/fixtures/invalid.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ osVer: "21.04", now: time.Date(2019, 3, 31, 23, 59, 59, 0, time.UTC), @@ -189,7 +201,7 @@ func TestScanner_Detect(t *testing.T) { func TestScanner_IsSupportedVersion(t *testing.T) { type args struct { - osFamily string + osFamily ftypes.OSType osVer string } tests := []struct { diff --git a/pkg/detector/ospkg/wolfi/wolfi.go b/pkg/detector/ospkg/wolfi/wolfi.go index d0535380e2d7..014ab64350be 100644 --- a/pkg/detector/ospkg/wolfi/wolfi.go +++ b/pkg/detector/ospkg/wolfi/wolfi.go @@ -103,7 +103,7 @@ func (s *Scanner) isVulnerable(installedVersion version.Version, adv dbTypes.Adv } // IsSupportedVersion checks the OSFamily can be scanned using Wolfi scanner -func (s *Scanner) IsSupportedVersion(_, _ string) bool { +func (s *Scanner) IsSupportedVersion(_ ftypes.OSType, _ string) bool { // Wolfi doesn't have versions, so there is no case where a given input yields a // result of an unsupported Wolfi version. diff --git a/pkg/detector/ospkg/wolfi/wolfi_test.go b/pkg/detector/ospkg/wolfi/wolfi_test.go index 2dbc2bcaad6c..78c1e4818c31 100644 --- a/pkg/detector/ospkg/wolfi/wolfi_test.go +++ b/pkg/detector/ospkg/wolfi/wolfi_test.go @@ -4,17 +4,16 @@ import ( "sort" "testing" - "github.com/aquasecurity/trivy/pkg/detector/ospkg/wolfi" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "github.com/aquasecurity/trivy-db/pkg/db" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" "github.com/aquasecurity/trivy/pkg/dbtest" + "github.com/aquasecurity/trivy/pkg/detector/ospkg/wolfi" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/types" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func TestScanner_Detect(t *testing.T) { @@ -30,8 +29,11 @@ func TestScanner_Detect(t *testing.T) { wantErr string }{ { - name: "happy path", - fixtures: []string{"testdata/fixtures/wolfi.yaml", "testdata/fixtures/data-source.yaml"}, + name: "happy path", + fixtures: []string{ + "testdata/fixtures/wolfi.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ pkgs: []ftypes.Package{ { @@ -69,8 +71,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "contain rc", - fixtures: []string{"testdata/fixtures/wolfi.yaml", "testdata/fixtures/data-source.yaml"}, + name: "contain rc", + fixtures: []string{ + "testdata/fixtures/wolfi.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ pkgs: []ftypes.Package{ { @@ -96,8 +101,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "contain pre", - fixtures: []string{"testdata/fixtures/wolfi.yaml", "testdata/fixtures/data-source.yaml"}, + name: "contain pre", + fixtures: []string{ + "testdata/fixtures/wolfi.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ pkgs: []ftypes.Package{ { @@ -129,8 +137,11 @@ func TestScanner_Detect(t *testing.T) { }, }, { - name: "Get returns an error", - fixtures: []string{"testdata/fixtures/invalid.yaml", "testdata/fixtures/data-source.yaml"}, + name: "Get returns an error", + fixtures: []string{ + "testdata/fixtures/invalid.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ pkgs: []ftypes.Package{ { @@ -144,11 +155,14 @@ func TestScanner_Detect(t *testing.T) { wantErr: "failed to get Wolfi advisories", }, { - name: "No src name", - fixtures: []string{"testdata/fixtures/wolfi.yaml", "testdata/fixtures/data-source.yaml"}, + name: "No src name", + fixtures: []string{ + "testdata/fixtures/wolfi.yaml", + "testdata/fixtures/data-source.yaml", + }, args: args{ repo: &ftypes.Repository{ - Family: os.Wolfi, + Family: ftypes.Wolfi, Release: "3.10", }, pkgs: []ftypes.Package{ diff --git a/pkg/fanal/analyzer/analyzer.go b/pkg/fanal/analyzer/analyzer.go index 32168e56061a..8b9aed005b09 100644 --- a/pkg/fanal/analyzer/analyzer.go +++ b/pkg/fanal/analyzer/analyzer.go @@ -16,7 +16,7 @@ import ( "golang.org/x/xerrors" dio "github.com/aquasecurity/go-dep-parser/pkg/io" - aos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" + fos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" "github.com/aquasecurity/trivy/pkg/fanal/log" "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/misconf" @@ -434,7 +434,7 @@ func (ag AnalyzerGroup) AnalyzeFile(ctx context.Context, wg *sync.WaitGroup, lim Content: rc, Options: opts, }) - if err != nil && !errors.Is(err, aos.AnalyzeOSError) { + if err != nil && !errors.Is(err, fos.AnalyzeOSError) { log.Logger.Debugf("Analysis error: %s", err) return } diff --git a/pkg/fanal/analyzer/analyzer_test.go b/pkg/fanal/analyzer/analyzer_test.go index 292b2e6090c5..15a2c7da36c4 100644 --- a/pkg/fanal/analyzer/analyzer_test.go +++ b/pkg/fanal/analyzer/analyzer_test.go @@ -14,7 +14,6 @@ import ( dio "github.com/aquasecurity/go-dep-parser/pkg/io" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - aos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/javadb" "github.com/aquasecurity/trivy/pkg/mapfs" @@ -28,7 +27,6 @@ import ( _ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/pkg/apk" _ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/repo/apk" _ "github.com/aquasecurity/trivy/pkg/fanal/handler/all" - _ "modernc.org/sqlite" ) @@ -52,7 +50,7 @@ func TestAnalysisResult_Merge(t *testing.T) { name: "happy path", fields: fields{ OS: types.OS{ - Family: aos.Debian, + Family: types.Debian, Name: "9.8", }, PackageInfos: []types.PackageInfo{ @@ -108,7 +106,7 @@ func TestAnalysisResult_Merge(t *testing.T) { }, want: analyzer.AnalysisResult{ OS: types.OS{ - Family: aos.Debian, + Family: types.Debian, Name: "9.8", }, PackageInfos: []types.PackageInfo{ @@ -159,21 +157,21 @@ func TestAnalysisResult_Merge(t *testing.T) { name: "redhat must be replaced with oracle", fields: fields{ OS: types.OS{ - Family: aos.RedHat, // this must be overwritten + Family: types.RedHat, // this must be overwritten Name: "8.0", }, }, args: args{ new: &analyzer.AnalysisResult{ OS: types.OS{ - Family: aos.Oracle, + Family: types.Oracle, Name: "8.0", }, }, }, want: analyzer.AnalysisResult{ OS: types.OS{ - Family: aos.Oracle, + Family: types.Oracle, Name: "8.0", }, }, @@ -182,21 +180,21 @@ func TestAnalysisResult_Merge(t *testing.T) { name: "debian must be replaced with ubuntu", fields: fields{ OS: types.OS{ - Family: aos.Debian, // this must be overwritten + Family: types.Debian, // this must be overwritten Name: "9.0", }, }, args: args{ new: &analyzer.AnalysisResult{ OS: types.OS{ - Family: aos.Ubuntu, + Family: types.Ubuntu, Name: "18.04", }, }, }, want: analyzer.AnalysisResult{ OS: types.OS{ - Family: aos.Ubuntu, + Family: types.Ubuntu, Name: "18.04", }, }, @@ -206,21 +204,21 @@ func TestAnalysisResult_Merge(t *testing.T) { fields: fields{ // This must be overwritten OS: types.OS{ - Family: aos.Ubuntu, + Family: types.Ubuntu, Name: "16.04", }, }, args: args{ new: &analyzer.AnalysisResult{ OS: types.OS{ - Family: aos.Ubuntu, + Family: types.Ubuntu, Extended: true, }, }, }, want: analyzer.AnalysisResult{ OS: types.OS{ - Family: aos.Ubuntu, + Family: types.Ubuntu, Name: "16.04", Extended: true, }, @@ -230,25 +228,25 @@ func TestAnalysisResult_Merge(t *testing.T) { name: "alpine OS needs to be extended with apk repositories", fields: fields{ OS: types.OS{ - Family: aos.Alpine, + Family: types.Alpine, Name: "3.15.3", }, }, args: args{ new: &analyzer.AnalysisResult{ Repository: &types.Repository{ - Family: aos.Alpine, + Family: types.Alpine, Release: "edge", }, }, }, want: analyzer.AnalysisResult{ OS: types.OS{ - Family: aos.Alpine, + Family: types.Alpine, Name: "3.15.3", }, Repository: &types.Repository{ - Family: aos.Alpine, + Family: types.Alpine, Release: "edge", }, }, @@ -257,21 +255,21 @@ func TestAnalysisResult_Merge(t *testing.T) { name: "alpine must not be replaced with oracle", fields: fields{ OS: types.OS{ - Family: aos.Alpine, // this must not be overwritten + Family: types.Alpine, // this must not be overwritten Name: "3.11", }, }, args: args{ new: &analyzer.AnalysisResult{ OS: types.OS{ - Family: aos.Oracle, + Family: types.Oracle, Name: "8.0", }, }, }, want: analyzer.AnalysisResult{ OS: types.OS{ - Family: aos.Alpine, // this must not be overwritten + Family: types.Alpine, // this must not be overwritten Name: "3.11", }, }, @@ -567,7 +565,7 @@ func TestAnalyzerGroup_PostAnalyze(t *testing.T) { want: &analyzer.AnalysisResult{ Applications: []types.Application{ { - Type: string(analyzer.TypeJar), + Type: types.Jar, FilePath: "testdata/post-apps/jar/jackson-annotations-2.15.0-rc2.jar", Libraries: types.Packages{ { @@ -587,7 +585,7 @@ func TestAnalyzerGroup_PostAnalyze(t *testing.T) { want: &analyzer.AnalysisResult{ Applications: []types.Application{ { - Type: string(analyzer.TypePoetry), + Type: types.Poetry, FilePath: "testdata/post-apps/poetry/happy/poetry.lock", Libraries: types.Packages{ { diff --git a/pkg/fanal/analyzer/config/azurearm/azurearm_test.go b/pkg/fanal/analyzer/config/azurearm/azurearm_test.go index 19039676e32b..5546f492504e 100644 --- a/pkg/fanal/analyzer/config/azurearm/azurearm_test.go +++ b/pkg/fanal/analyzer/config/azurearm/azurearm_test.go @@ -3,9 +3,10 @@ package azurearm import ( "testing" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" ) func Test_azureARMConfigAnalyzer_Required(t *testing.T) { diff --git a/pkg/fanal/analyzer/config/config_test.go b/pkg/fanal/analyzer/config/config_test.go index ef0a86b63017..147b1f4d3201 100644 --- a/pkg/fanal/analyzer/config/config_test.go +++ b/pkg/fanal/analyzer/config/config_test.go @@ -8,7 +8,6 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/aquasecurity/defsec/pkg/detection" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/analyzer/config" @@ -46,7 +45,7 @@ func TestAnalyzer_PostAnalyze(t *testing.T) { want: &analyzer.AnalysisResult{ Misconfigurations: []types.Misconfiguration{ { - FileType: string(detection.FileTypeDockerfile), + FileType: types.Dockerfile, FilePath: "Dockerfile", Successes: types.MisconfResults{ types.MisconfResult{ diff --git a/pkg/fanal/analyzer/imgconf/apk/apk.go b/pkg/fanal/analyzer/imgconf/apk/apk.go index 2eeaf6090d65..20344b89a964 100644 --- a/pkg/fanal/analyzer/imgconf/apk/apk.go +++ b/pkg/fanal/analyzer/imgconf/apk/apk.go @@ -16,7 +16,6 @@ import ( "golang.org/x/xerrors" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" "github.com/aquasecurity/trivy/pkg/fanal/types" ) @@ -284,7 +283,7 @@ func (a alpineCmdAnalyzer) guessVersion(apkIndexArchive *apkIndex, originalPkgs } func (a alpineCmdAnalyzer) Required(targetOS types.OS) bool { - return targetOS.Family == os.Alpine + return targetOS.Family == types.Alpine } func (a alpineCmdAnalyzer) Type() analyzer.Type { diff --git a/pkg/fanal/analyzer/imgconf/apk/apk_test.go b/pkg/fanal/analyzer/imgconf/apk/apk_test.go index 056438af6b53..1cb0e10064da 100644 --- a/pkg/fanal/analyzer/imgconf/apk/apk_test.go +++ b/pkg/fanal/analyzer/imgconf/apk/apk_test.go @@ -11,14 +11,14 @@ import ( "testing" "time" + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/kylelemons/godebug/pretty" "github.com/samber/lo" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/types" - v1 "github.com/google/go-containerregistry/pkg/v1" - "github.com/kylelemons/godebug/pretty" - "github.com/stretchr/testify/assert" ) var ( diff --git a/pkg/fanal/analyzer/language/analyze.go b/pkg/fanal/analyzer/language/analyze.go index 12f6014a7f92..61d9492aa68c 100644 --- a/pkg/fanal/analyzer/language/analyze.go +++ b/pkg/fanal/analyzer/language/analyze.go @@ -17,7 +17,7 @@ import ( ) // Analyze returns an analysis result of the lock file -func Analyze(fileType, filePath string, r dio.ReadSeekerAt, parser godeptypes.Parser) (*analyzer.AnalysisResult, error) { +func Analyze(fileType types.LangType, filePath string, r dio.ReadSeekerAt, parser godeptypes.Parser) (*analyzer.AnalysisResult, error) { app, err := Parse(fileType, filePath, r, parser) if err != nil { return nil, xerrors.Errorf("failed to parse %s: %w", filePath, err) @@ -31,7 +31,7 @@ func Analyze(fileType, filePath string, r dio.ReadSeekerAt, parser godeptypes.Pa } // AnalyzePackage returns an analysis result of the package file other than lock files -func AnalyzePackage(fileType, filePath string, r dio.ReadSeekerAt, parser godeptypes.Parser, checksum bool) (*analyzer.AnalysisResult, error) { +func AnalyzePackage(fileType types.LangType, filePath string, r dio.ReadSeekerAt, parser godeptypes.Parser, checksum bool) (*analyzer.AnalysisResult, error) { app, err := ParsePackage(fileType, filePath, r, parser, checksum) if err != nil { return nil, xerrors.Errorf("failed to parse %s: %w", filePath, err) @@ -45,7 +45,7 @@ func AnalyzePackage(fileType, filePath string, r dio.ReadSeekerAt, parser godept } // Parse returns a parsed result of the lock file -func Parse(fileType, filePath string, r io.Reader, parser godeptypes.Parser) (*types.Application, error) { +func Parse(fileType types.LangType, filePath string, r io.Reader, parser godeptypes.Parser) (*types.Application, error) { rr, err := xio.NewReadSeekerAt(r) if err != nil { return nil, xerrors.Errorf("reader error: %w", err) @@ -61,7 +61,7 @@ func Parse(fileType, filePath string, r io.Reader, parser godeptypes.Parser) (*t } // ParsePackage returns a parsed result of the package file -func ParsePackage(fileType, filePath string, r dio.ReadSeekerAt, parser godeptypes.Parser, checksum bool) (*types.Application, error) { +func ParsePackage(fileType types.LangType, filePath string, r dio.ReadSeekerAt, parser godeptypes.Parser, checksum bool) (*types.Application, error) { parsedLibs, parsedDependencies, err := parser.Parse(r) if err != nil { return nil, xerrors.Errorf("failed to parse %s: %w", filePath, err) @@ -77,7 +77,7 @@ func ParsePackage(fileType, filePath string, r dio.ReadSeekerAt, parser godeptyp return toApplication(fileType, filePath, filePath, r, parsedLibs, parsedDependencies), nil } -func toApplication(fileType, filePath, libFilePath string, r dio.ReadSeekerAt, libs []godeptypes.Library, depGraph []godeptypes.Dependency) *types.Application { +func toApplication(fileType types.LangType, filePath, libFilePath string, r dio.ReadSeekerAt, libs []godeptypes.Library, depGraph []godeptypes.Dependency) *types.Application { if len(libs) == 0 { return nil } diff --git a/pkg/fanal/analyzer/language/analyze_test.go b/pkg/fanal/analyzer/language/analyze_test.go index a0016aa8fd80..caf727e8598d 100644 --- a/pkg/fanal/analyzer/language/analyze_test.go +++ b/pkg/fanal/analyzer/language/analyze_test.go @@ -41,9 +41,9 @@ func (p *mockParser) Parse(r dio.ReadSeekerAt) ([]godeptypes.Library, []godeptyp func TestAnalyze(t *testing.T) { type args struct { - analyzerType string - filePath string - content dio.ReadSeekerAt + fileType types.LangType + filePath string + content dio.ReadSeekerAt } tests := []struct { name string @@ -54,9 +54,9 @@ func TestAnalyze(t *testing.T) { { name: "happy path", args: args{ - analyzerType: types.GoBinary, - filePath: "app/myweb", - content: strings.NewReader("happy"), + fileType: types.GoBinary, + filePath: "app/myweb", + content: strings.NewReader("happy"), }, want: &analyzer.AnalysisResult{ Applications: []types.Application{ @@ -76,18 +76,18 @@ func TestAnalyze(t *testing.T) { { name: "empty", args: args{ - analyzerType: types.GoBinary, - filePath: "app/myweb", - content: strings.NewReader(""), + fileType: types.GoBinary, + filePath: "app/myweb", + content: strings.NewReader(""), }, want: nil, }, { name: "sad path", args: args{ - analyzerType: types.Jar, - filePath: "app/myweb", - content: strings.NewReader("sad"), + fileType: types.Jar, + filePath: "app/myweb", + content: strings.NewReader("sad"), }, wantErr: "unexpected error", }, @@ -96,7 +96,7 @@ func TestAnalyze(t *testing.T) { t.Run(tt.name, func(t *testing.T) { mp := &mockParser{t: t} - got, err := language.Analyze(tt.args.analyzerType, tt.args.filePath, tt.args.content, mp) + got, err := language.Analyze(tt.args.fileType, tt.args.filePath, tt.args.content, mp) if tt.wantErr != "" { require.NotNil(t, err) assert.Contains(t, err.Error(), tt.wantErr) diff --git a/pkg/fanal/analyzer/language/dart/pub/pubspec_test.go b/pkg/fanal/analyzer/language/dart/pub/pubspec_test.go index 73a8b8cc55b1..e03d9c1c8a64 100644 --- a/pkg/fanal/analyzer/language/dart/pub/pubspec_test.go +++ b/pkg/fanal/analyzer/language/dart/pub/pubspec_test.go @@ -1,13 +1,15 @@ package pub import ( - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - "github.com/aquasecurity/trivy/pkg/fanal/types" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" "os" "sort" "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" + "github.com/aquasecurity/trivy/pkg/fanal/types" ) func Test_pubSpecLockAnalyzer_Analyze(t *testing.T) { diff --git a/pkg/fanal/analyzer/language/dotnet/nuget/nuget.go b/pkg/fanal/analyzer/language/dotnet/nuget/nuget.go index 99ee8c0c012f..f53f2da274e2 100644 --- a/pkg/fanal/analyzer/language/dotnet/nuget/nuget.go +++ b/pkg/fanal/analyzer/language/dotnet/nuget/nuget.go @@ -6,7 +6,6 @@ import ( "path/filepath" "golang.org/x/exp/slices" - "golang.org/x/xerrors" "github.com/aquasecurity/go-dep-parser/pkg/nuget/config" diff --git a/pkg/fanal/analyzer/language/elixir/mix/mix_test.go b/pkg/fanal/analyzer/language/elixir/mix/mix_test.go index 9064b8fc0673..5c836c260555 100644 --- a/pkg/fanal/analyzer/language/elixir/mix/mix_test.go +++ b/pkg/fanal/analyzer/language/elixir/mix/mix_test.go @@ -1,12 +1,14 @@ package mix import ( - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - "github.com/aquasecurity/trivy/pkg/fanal/types" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" "os" "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" + "github.com/aquasecurity/trivy/pkg/fanal/types" ) func Test_mixLockAnalyzer_Analyze(t *testing.T) { diff --git a/pkg/fanal/analyzer/language/golang/mod/mod.go b/pkg/fanal/analyzer/language/golang/mod/mod.go index a56e020cc92d..406f60cfef01 100644 --- a/pkg/fanal/analyzer/language/golang/mod/mod.go +++ b/pkg/fanal/analyzer/language/golang/mod/mod.go @@ -30,7 +30,7 @@ import ( ) func init() { - analyzer.RegisterPostAnalyzer(types.GoMod, newGoModAnalyzer) + analyzer.RegisterPostAnalyzer(analyzer.TypeGoMod, newGoModAnalyzer) } const version = 2 diff --git a/pkg/fanal/analyzer/language/golang/mod/mod_test.go b/pkg/fanal/analyzer/language/golang/mod/mod_test.go index ffae4a44d871..25137172cbc2 100644 --- a/pkg/fanal/analyzer/language/golang/mod/mod_test.go +++ b/pkg/fanal/analyzer/language/golang/mod/mod_test.go @@ -6,11 +6,12 @@ import ( "sort" "testing" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/mapfs" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func Test_gomodAnalyzer_Analyze(t *testing.T) { diff --git a/pkg/fanal/analyzer/language/java/gradle/lockfile.go b/pkg/fanal/analyzer/language/java/gradle/lockfile.go index 05320622cfb9..90671e1d7f8a 100644 --- a/pkg/fanal/analyzer/language/java/gradle/lockfile.go +++ b/pkg/fanal/analyzer/language/java/gradle/lockfile.go @@ -5,12 +5,12 @@ import ( "os" "strings" + "golang.org/x/xerrors" + "github.com/aquasecurity/go-dep-parser/pkg/gradle/lockfile" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/analyzer/language" "github.com/aquasecurity/trivy/pkg/fanal/types" - - "golang.org/x/xerrors" ) func init() { diff --git a/pkg/fanal/analyzer/language/java/jar/jar_test.go b/pkg/fanal/analyzer/language/java/jar/jar_test.go index f477f86e848b..63742a3d4f62 100644 --- a/pkg/fanal/analyzer/language/java/jar/jar_test.go +++ b/pkg/fanal/analyzer/language/java/jar/jar_test.go @@ -6,11 +6,12 @@ import ( "path/filepath" "testing" + "github.com/stretchr/testify/assert" + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/javadb" "github.com/aquasecurity/trivy/pkg/mapfs" - "github.com/stretchr/testify/assert" _ "modernc.org/sqlite" ) diff --git a/pkg/fanal/analyzer/language/java/pom/pom.go b/pkg/fanal/analyzer/language/java/pom/pom.go index 557cc58768d0..7d515f2ad20c 100644 --- a/pkg/fanal/analyzer/language/java/pom/pom.go +++ b/pkg/fanal/analyzer/language/java/pom/pom.go @@ -8,7 +8,6 @@ import ( "golang.org/x/xerrors" "github.com/aquasecurity/go-dep-parser/pkg/java/pom" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/analyzer/language" "github.com/aquasecurity/trivy/pkg/fanal/types" diff --git a/pkg/fanal/analyzer/language/java/pom/pom_test.go b/pkg/fanal/analyzer/language/java/pom/pom_test.go index 80b4421b52cf..9a5214e806e5 100644 --- a/pkg/fanal/analyzer/language/java/pom/pom_test.go +++ b/pkg/fanal/analyzer/language/java/pom/pom_test.go @@ -8,9 +8,8 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/aquasecurity/trivy/pkg/fanal/types" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" + "github.com/aquasecurity/trivy/pkg/fanal/types" ) func Test_pomAnalyzer_Analyze(t *testing.T) { diff --git a/pkg/fanal/analyzer/language/nodejs/yarn/yarn.go b/pkg/fanal/analyzer/language/nodejs/yarn/yarn.go index 1065644a86b5..be74ed68c745 100644 --- a/pkg/fanal/analyzer/language/nodejs/yarn/yarn.go +++ b/pkg/fanal/analyzer/language/nodejs/yarn/yarn.go @@ -31,7 +31,7 @@ import ( ) func init() { - analyzer.RegisterPostAnalyzer(types.Yarn, newYarnAnalyzer) + analyzer.RegisterPostAnalyzer(analyzer.TypeYarn, newYarnAnalyzer) } const version = 2 diff --git a/pkg/fanal/analyzer/language/php/composer/composer.go b/pkg/fanal/analyzer/language/php/composer/composer.go index 86014e352293..ac1e1b4226e2 100644 --- a/pkg/fanal/analyzer/language/php/composer/composer.go +++ b/pkg/fanal/analyzer/language/php/composer/composer.go @@ -24,7 +24,7 @@ import ( ) func init() { - analyzer.RegisterPostAnalyzer(types.Composer, newComposerAnalyzer) + analyzer.RegisterPostAnalyzer(analyzer.TypeComposer, newComposerAnalyzer) } const version = 1 diff --git a/pkg/fanal/analyzer/language/php/composer/composer_test.go b/pkg/fanal/analyzer/language/php/composer/composer_test.go index ee493cce2c86..e420375dbaea 100644 --- a/pkg/fanal/analyzer/language/php/composer/composer_test.go +++ b/pkg/fanal/analyzer/language/php/composer/composer_test.go @@ -2,12 +2,14 @@ package composer import ( "context" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - "github.com/aquasecurity/trivy/pkg/fanal/types" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" "os" "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" + "github.com/aquasecurity/trivy/pkg/fanal/types" ) func Test_composerAnalyzer_PostAnalyze(t *testing.T) { diff --git a/pkg/fanal/analyzer/language/rust/cargo/cargo.go b/pkg/fanal/analyzer/language/rust/cargo/cargo.go index 6ce6a2d68612..a407fe3b1d45 100644 --- a/pkg/fanal/analyzer/language/rust/cargo/cargo.go +++ b/pkg/fanal/analyzer/language/rust/cargo/cargo.go @@ -10,13 +10,12 @@ import ( "path/filepath" "sort" + "github.com/BurntSushi/toml" + "github.com/samber/lo" "golang.org/x/exp/maps" "golang.org/x/exp/slices" "golang.org/x/xerrors" - "github.com/BurntSushi/toml" - "github.com/samber/lo" - "github.com/aquasecurity/go-dep-parser/pkg/rust/cargo" godeptypes "github.com/aquasecurity/go-dep-parser/pkg/types" "github.com/aquasecurity/go-version/pkg/semver" diff --git a/pkg/fanal/analyzer/language/rust/cargo/cargo_test.go b/pkg/fanal/analyzer/language/rust/cargo/cargo_test.go index 3e6bf0992e2d..8665b5022e1c 100644 --- a/pkg/fanal/analyzer/language/rust/cargo/cargo_test.go +++ b/pkg/fanal/analyzer/language/rust/cargo/cargo_test.go @@ -2,13 +2,15 @@ package cargo import ( "context" + "os" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/aquasecurity/trivy/pkg/detector/library/compare" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/types" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - "os" - "testing" ) func Test_cargoAnalyzer_Analyze(t *testing.T) { diff --git a/pkg/fanal/analyzer/language/swift/cocoapods/cocoapods.go b/pkg/fanal/analyzer/language/swift/cocoapods/cocoapods.go index 794d1429243f..fdff882281a0 100644 --- a/pkg/fanal/analyzer/language/swift/cocoapods/cocoapods.go +++ b/pkg/fanal/analyzer/language/swift/cocoapods/cocoapods.go @@ -4,12 +4,12 @@ import ( "context" "os" + "golang.org/x/xerrors" + "github.com/aquasecurity/go-dep-parser/pkg/swift/cocoapods" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/analyzer/language" "github.com/aquasecurity/trivy/pkg/fanal/types" - - "golang.org/x/xerrors" ) func init() { diff --git a/pkg/fanal/analyzer/language/swift/cocoapods/cocoapods_test.go b/pkg/fanal/analyzer/language/swift/cocoapods/cocoapods_test.go index 8d8ea5620a6e..fcf2e7254f59 100644 --- a/pkg/fanal/analyzer/language/swift/cocoapods/cocoapods_test.go +++ b/pkg/fanal/analyzer/language/swift/cocoapods/cocoapods_test.go @@ -5,10 +5,11 @@ import ( "sort" "testing" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" + "github.com/aquasecurity/trivy/pkg/fanal/types" ) func Test_cocoaPodsLockAnalyzer_Analyze(t *testing.T) { diff --git a/pkg/fanal/analyzer/language/swift/swift/swift.go b/pkg/fanal/analyzer/language/swift/swift/swift.go index a61e832a8f74..35653ab0645a 100644 --- a/pkg/fanal/analyzer/language/swift/swift/swift.go +++ b/pkg/fanal/analyzer/language/swift/swift/swift.go @@ -5,12 +5,12 @@ import ( "os" "path" + "golang.org/x/xerrors" + "github.com/aquasecurity/go-dep-parser/pkg/swift/swift" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/analyzer/language" "github.com/aquasecurity/trivy/pkg/fanal/types" - - "golang.org/x/xerrors" ) func init() { diff --git a/pkg/fanal/analyzer/language/swift/swift/swift_test.go b/pkg/fanal/analyzer/language/swift/swift/swift_test.go index fe12320bd928..9a7fc981c1fc 100644 --- a/pkg/fanal/analyzer/language/swift/swift/swift_test.go +++ b/pkg/fanal/analyzer/language/swift/swift/swift_test.go @@ -1,12 +1,14 @@ package swift import ( - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - "github.com/aquasecurity/trivy/pkg/fanal/types" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" "os" "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" + "github.com/aquasecurity/trivy/pkg/fanal/types" ) func Test_swiftLockAnalyzer_Analyze(t *testing.T) { diff --git a/pkg/fanal/analyzer/licensing/license.go b/pkg/fanal/analyzer/licensing/license.go index ed85e4e32cf2..dddd0f4af538 100644 --- a/pkg/fanal/analyzer/licensing/license.go +++ b/pkg/fanal/analyzer/licensing/license.go @@ -43,7 +43,7 @@ var ( } acceptedFileNames = []string{ - "license", "licence", "copyright", // nolint: misspell + "license", "licence", "copyright", } ) diff --git a/pkg/fanal/analyzer/os/alpine/alpine.go b/pkg/fanal/analyzer/os/alpine/alpine.go index 1bd00832300e..0caa5189b8f5 100644 --- a/pkg/fanal/analyzer/os/alpine/alpine.go +++ b/pkg/fanal/analyzer/os/alpine/alpine.go @@ -6,11 +6,10 @@ import ( "os" "golang.org/x/exp/slices" - "golang.org/x/xerrors" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - aos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" + fos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" "github.com/aquasecurity/trivy/pkg/fanal/types" ) @@ -29,10 +28,13 @@ func (a alpineOSAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInpu for scanner.Scan() { line := scanner.Text() return &analyzer.AnalysisResult{ - OS: types.OS{Family: aos.Alpine, Name: line}, + OS: types.OS{ + Family: types.Alpine, + Name: line, + }, }, nil } - return nil, xerrors.Errorf("alpine: %w", aos.AnalyzeOSError) + return nil, xerrors.Errorf("alpine: %w", fos.AnalyzeOSError) } func (a alpineOSAnalyzer) Required(filePath string, _ os.FileInfo) bool { diff --git a/pkg/fanal/analyzer/os/alpine/alpine_test.go b/pkg/fanal/analyzer/os/alpine/alpine_test.go index 3b920bfff303..29a2496ba556 100644 --- a/pkg/fanal/analyzer/os/alpine/alpine_test.go +++ b/pkg/fanal/analyzer/os/alpine/alpine_test.go @@ -8,7 +8,6 @@ import ( "github.com/stretchr/testify/assert" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - aos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" "github.com/aquasecurity/trivy/pkg/fanal/types" ) @@ -26,7 +25,10 @@ func TestAlpineReleaseOSAnalyzer_Required(t *testing.T) { Content: strings.NewReader("3.15.4"), }, wantResult: &analyzer.AnalysisResult{ - OS: types.OS{Family: aos.Alpine, Name: "3.15.4"}, + OS: types.OS{ + Family: types.Alpine, + Name: "3.15.4", + }, }, }, } diff --git a/pkg/fanal/analyzer/os/amazonlinux/amazonlinux.go b/pkg/fanal/analyzer/os/amazonlinux/amazonlinux.go index b3c333df1555..2dc96646719f 100644 --- a/pkg/fanal/analyzer/os/amazonlinux/amazonlinux.go +++ b/pkg/fanal/analyzer/os/amazonlinux/amazonlinux.go @@ -9,13 +9,10 @@ import ( "golang.org/x/xerrors" - "github.com/aquasecurity/trivy/pkg/fanal/utils" - - "github.com/aquasecurity/trivy/pkg/fanal/types" - - aos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" + fos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" + "github.com/aquasecurity/trivy/pkg/fanal/types" + "github.com/aquasecurity/trivy/pkg/fanal/utils" ) func init() { @@ -52,17 +49,17 @@ func (a amazonlinuxOSAnalyzer) parseRelease(r io.Reader) (types.OS, error) { continue } return types.OS{ - Family: aos.Amazon, + Family: types.Amazon, Name: strings.Join(fields[3:], " "), }, nil } else if strings.HasPrefix(line, "Amazon Linux") { return types.OS{ - Family: aos.Amazon, + Family: types.Amazon, Name: strings.Join(fields[2:], " "), }, nil } } - return types.OS{}, xerrors.Errorf("amazon: %w", aos.AnalyzeOSError) + return types.OS{}, xerrors.Errorf("amazon: %w", fos.AnalyzeOSError) } func (a amazonlinuxOSAnalyzer) Required(filePath string, _ os.FileInfo) bool { diff --git a/pkg/fanal/analyzer/os/amazonlinux/amazonlinux_test.go b/pkg/fanal/analyzer/os/amazonlinux/amazonlinux_test.go index 0393595d3b56..83fcd25fe76b 100644 --- a/pkg/fanal/analyzer/os/amazonlinux/amazonlinux_test.go +++ b/pkg/fanal/analyzer/os/amazonlinux/amazonlinux_test.go @@ -8,10 +8,9 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - aos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" - "github.com/aquasecurity/trivy/pkg/fanal/types" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" + fos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" + "github.com/aquasecurity/trivy/pkg/fanal/types" ) func Test_amazonlinuxOSAnalyzer_Analyze(t *testing.T) { @@ -29,7 +28,7 @@ func Test_amazonlinuxOSAnalyzer_Analyze(t *testing.T) { }, want: &analyzer.AnalysisResult{ OS: types.OS{ - Family: aos.Amazon, + Family: types.Amazon, Name: "AMI release 2018.03", }, }, @@ -42,7 +41,7 @@ func Test_amazonlinuxOSAnalyzer_Analyze(t *testing.T) { }, want: &analyzer.AnalysisResult{ OS: types.OS{ - Family: aos.Amazon, + Family: types.Amazon, Name: "2 (Karoo)", }, }, @@ -55,7 +54,7 @@ func Test_amazonlinuxOSAnalyzer_Analyze(t *testing.T) { }, want: &analyzer.AnalysisResult{ OS: types.OS{ - Family: aos.Amazon, + Family: types.Amazon, Name: "2022 (Amazon Linux)", }, }, @@ -68,7 +67,7 @@ func Test_amazonlinuxOSAnalyzer_Analyze(t *testing.T) { }, want: &analyzer.AnalysisResult{ OS: types.OS{ - Family: aos.Amazon, + Family: types.Amazon, Name: "2023 (Amazon Linux)", }, }, @@ -79,7 +78,7 @@ func Test_amazonlinuxOSAnalyzer_Analyze(t *testing.T) { FilePath: "etc/system-release", Content: strings.NewReader(`Amazon Linux release 2`), }, - wantErr: aos.AnalyzeOSError.Error(), + wantErr: fos.AnalyzeOSError.Error(), }, { name: "sad path", @@ -87,7 +86,7 @@ func Test_amazonlinuxOSAnalyzer_Analyze(t *testing.T) { FilePath: "etc/system-release", Content: strings.NewReader(`foo bar`), }, - wantErr: aos.AnalyzeOSError.Error(), + wantErr: fos.AnalyzeOSError.Error(), }, } for _, tt := range tests { diff --git a/pkg/fanal/analyzer/os/const.go b/pkg/fanal/analyzer/os/const.go index 1d765e535d01..82f908979b66 100644 --- a/pkg/fanal/analyzer/os/const.go +++ b/pkg/fanal/analyzer/os/const.go @@ -2,67 +2,4 @@ package os import "golang.org/x/xerrors" -const ( - // RedHat is done - RedHat = "redhat" - - // Debian is done - Debian = "debian" - - // Ubuntu is done - Ubuntu = "ubuntu" - - // CentOS is done - CentOS = "centos" - - // Rocky is done - Rocky = "rocky" - - // Alma is done - Alma = "alma" - - // Fedora is done - Fedora = "fedora" - - // Amazon is done - Amazon = "amazon" - - // Oracle is done - Oracle = "oracle" - - // Mariner is done - CBLMariner = "cbl-mariner" - - // FreeBSD currently doesn't support docker - // FreeBSD = "freebsd" - - // Windows only run windows os - // TODO : support windows - Windows = "windows" - - // OpenSUSE is done - OpenSUSE = "opensuse" - - // OpenSUSELeap is done - OpenSUSELeap = "opensuse.leap" - - // OpenSUSETumbleweed is done - OpenSUSETumbleweed = "opensuse.tumbleweed" - - // SUSE Linux Enterplise Server is done - SLES = "suse linux enterprise server" - - // Photon OS done - Photon = "photon" - - // Alpine is done - Alpine = "alpine" - - // Wolfi is done - Wolfi = "wolfi" - - // Chainguard is done - Chainguard = "chainguard" -) - var AnalyzeOSError = xerrors.New("unable to analyze OS information") diff --git a/pkg/fanal/analyzer/os/debian/debian.go b/pkg/fanal/analyzer/os/debian/debian.go index 0697f3ba9c04..5c5f3c766229 100644 --- a/pkg/fanal/analyzer/os/debian/debian.go +++ b/pkg/fanal/analyzer/os/debian/debian.go @@ -8,8 +8,7 @@ import ( "golang.org/x/xerrors" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - aos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" - + fos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/fanal/utils" ) @@ -29,10 +28,13 @@ func (a debianOSAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInpu for scanner.Scan() { line := scanner.Text() return &analyzer.AnalysisResult{ - OS: types.OS{Family: aos.Debian, Name: line}, + OS: types.OS{ + Family: types.Debian, + Name: line, + }, }, nil } - return nil, xerrors.Errorf("debian: %w", aos.AnalyzeOSError) + return nil, xerrors.Errorf("debian: %w", fos.AnalyzeOSError) } func (a debianOSAnalyzer) Required(filePath string, _ os.FileInfo) bool { diff --git a/pkg/fanal/analyzer/os/debian/debian_test.go b/pkg/fanal/analyzer/os/debian/debian_test.go index 4ddb40c29350..0366e87693e4 100644 --- a/pkg/fanal/analyzer/os/debian/debian_test.go +++ b/pkg/fanal/analyzer/os/debian/debian_test.go @@ -5,13 +5,11 @@ import ( "os" "testing" - aos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" - "github.com/aquasecurity/trivy/pkg/fanal/types" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" + "github.com/aquasecurity/trivy/pkg/fanal/types" ) func Test_debianOSAnalyzer_Analyze(t *testing.T) { @@ -26,7 +24,7 @@ func Test_debianOSAnalyzer_Analyze(t *testing.T) { inputFile: "testdata/debian_9/etc/debian_version", want: &analyzer.AnalysisResult{ OS: types.OS{ - Family: aos.Debian, + Family: types.Debian, Name: "9.8", }, }, @@ -36,7 +34,7 @@ func Test_debianOSAnalyzer_Analyze(t *testing.T) { inputFile: "testdata/debian_sid/etc/debian_version", want: &analyzer.AnalysisResult{ OS: types.OS{ - Family: aos.Debian, + Family: types.Debian, Name: "buster/sid", }, }, diff --git a/pkg/fanal/analyzer/os/mariner/mariner.go b/pkg/fanal/analyzer/os/mariner/mariner.go index e0599b672d38..6495d17fdefe 100644 --- a/pkg/fanal/analyzer/os/mariner/mariner.go +++ b/pkg/fanal/analyzer/os/mariner/mariner.go @@ -11,7 +11,7 @@ import ( "golang.org/x/xerrors" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - aos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" + fos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" "github.com/aquasecurity/trivy/pkg/fanal/types" ) @@ -46,12 +46,12 @@ func (a marinerOSAnalyzer) parseRelease(r io.Reader) (types.OS, error) { } if strings.ToLower(fields[0]) == "cbl-mariner" { return types.OS{ - Family: aos.CBLMariner, + Family: types.CBLMariner, Name: fields[1], }, nil } } - return types.OS{}, xerrors.Errorf("cbl-mariner: %w", aos.AnalyzeOSError) + return types.OS{}, xerrors.Errorf("cbl-mariner: %w", fos.AnalyzeOSError) } func (a marinerOSAnalyzer) Required(filePath string, _ os.FileInfo) bool { diff --git a/pkg/fanal/analyzer/os/mariner/mariner_test.go b/pkg/fanal/analyzer/os/mariner/mariner_test.go index 186dd31e5935..e13730a021cb 100644 --- a/pkg/fanal/analyzer/os/mariner/mariner_test.go +++ b/pkg/fanal/analyzer/os/mariner/mariner_test.go @@ -9,7 +9,6 @@ import ( "github.com/stretchr/testify/require" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - aos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" "github.com/aquasecurity/trivy/pkg/fanal/types" ) @@ -25,7 +24,7 @@ func Test_marinerOSAnalyzer_Analyze(t *testing.T) { inputFile: "testdata/1.0/mariner-release", want: &analyzer.AnalysisResult{ OS: types.OS{ - Family: aos.CBLMariner, + Family: types.CBLMariner, Name: "1.0.20220122", }, }, diff --git a/pkg/fanal/analyzer/os/redhatbase/alma.go b/pkg/fanal/analyzer/os/redhatbase/alma.go index 939e6c258f85..eddf7d82f80b 100644 --- a/pkg/fanal/analyzer/os/redhatbase/alma.go +++ b/pkg/fanal/analyzer/os/redhatbase/alma.go @@ -6,11 +6,10 @@ import ( "os" "strings" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - "golang.org/x/xerrors" - aos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" + fos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/fanal/utils" ) @@ -35,12 +34,15 @@ func (a almaOSAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInput) switch strings.ToLower(result[1]) { case "alma", "almalinux", "alma linux": return &analyzer.AnalysisResult{ - OS: types.OS{Family: aos.Alma, Name: result[2]}, + OS: types.OS{ + Family: types.Alma, + Name: result[2], + }, }, nil } } - return nil, xerrors.Errorf("alma: %w", aos.AnalyzeOSError) + return nil, xerrors.Errorf("alma: %w", fos.AnalyzeOSError) } func (a almaOSAnalyzer) Required(filePath string, _ os.FileInfo) bool { diff --git a/pkg/fanal/analyzer/os/redhatbase/centos.go b/pkg/fanal/analyzer/os/redhatbase/centos.go index dea9b7dbb941..4a57e3e9eac1 100644 --- a/pkg/fanal/analyzer/os/redhatbase/centos.go +++ b/pkg/fanal/analyzer/os/redhatbase/centos.go @@ -6,11 +6,10 @@ import ( "os" "strings" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - "golang.org/x/xerrors" - aos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" + fos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/fanal/utils" ) @@ -35,12 +34,15 @@ func (a centOSAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInput) switch strings.ToLower(result[1]) { case "centos", "centos linux": return &analyzer.AnalysisResult{ - OS: types.OS{Family: aos.CentOS, Name: result[2]}, + OS: types.OS{ + Family: types.CentOS, + Name: result[2], + }, }, nil } } - return nil, xerrors.Errorf("centos: %w", aos.AnalyzeOSError) + return nil, xerrors.Errorf("centos: %w", fos.AnalyzeOSError) } func (a centOSAnalyzer) Required(filePath string, _ os.FileInfo) bool { diff --git a/pkg/fanal/analyzer/os/redhatbase/fedora.go b/pkg/fanal/analyzer/os/redhatbase/fedora.go index ab864a7f2e16..d5b2458e1c5b 100644 --- a/pkg/fanal/analyzer/os/redhatbase/fedora.go +++ b/pkg/fanal/analyzer/os/redhatbase/fedora.go @@ -6,11 +6,10 @@ import ( "os" "strings" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - "golang.org/x/xerrors" - aos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" + fos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/fanal/utils" ) @@ -35,11 +34,14 @@ func (a fedoraOSAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInpu switch strings.ToLower(result[1]) { case "fedora", "fedora linux": return &analyzer.AnalysisResult{ - OS: types.OS{Family: aos.Fedora, Name: result[2]}, + OS: types.OS{ + Family: types.Fedora, + Name: result[2], + }, }, nil } } - return nil, xerrors.Errorf("fedora: %w", aos.AnalyzeOSError) + return nil, xerrors.Errorf("fedora: %w", fos.AnalyzeOSError) } func (a fedoraOSAnalyzer) Required(filePath string, _ os.FileInfo) bool { diff --git a/pkg/fanal/analyzer/os/redhatbase/oracle.go b/pkg/fanal/analyzer/os/redhatbase/oracle.go index ff88263f8802..90864aefd848 100644 --- a/pkg/fanal/analyzer/os/redhatbase/oracle.go +++ b/pkg/fanal/analyzer/os/redhatbase/oracle.go @@ -6,14 +6,12 @@ import ( "os" "strings" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - - "github.com/aquasecurity/trivy/pkg/fanal/utils" - "golang.org/x/xerrors" - aos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" + fos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" "github.com/aquasecurity/trivy/pkg/fanal/types" + "github.com/aquasecurity/trivy/pkg/fanal/utils" ) const oracleAnalyzerVersion = 1 @@ -33,11 +31,14 @@ func (a oracleOSAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInpu return nil, xerrors.New("oracle: invalid oracle-release") } return &analyzer.AnalysisResult{ - OS: types.OS{Family: aos.Oracle, Name: result[2]}, + OS: types.OS{ + Family: types.Oracle, + Name: result[2], + }, }, nil } - return nil, xerrors.Errorf("oracle: %w", aos.AnalyzeOSError) + return nil, xerrors.Errorf("oracle: %w", fos.AnalyzeOSError) } func (a oracleOSAnalyzer) Required(filePath string, _ os.FileInfo) bool { diff --git a/pkg/fanal/analyzer/os/redhatbase/redhatbase.go b/pkg/fanal/analyzer/os/redhatbase/redhatbase.go index d1d1de135adf..9fc69a8753ca 100644 --- a/pkg/fanal/analyzer/os/redhatbase/redhatbase.go +++ b/pkg/fanal/analyzer/os/redhatbase/redhatbase.go @@ -8,15 +8,12 @@ import ( "regexp" "strings" - "github.com/aquasecurity/trivy/pkg/fanal/utils" - - "github.com/aquasecurity/trivy/pkg/fanal/types" - "golang.org/x/xerrors" - aos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" + fos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" + "github.com/aquasecurity/trivy/pkg/fanal/types" + "github.com/aquasecurity/trivy/pkg/fanal/utils" ) const redhatAnalyzerVersion = 1 @@ -51,20 +48,38 @@ func (a redhatOSAnalyzer) parseRelease(r io.Reader) (types.OS, error) { switch strings.ToLower(result[1]) { case "centos", "centos linux": - return types.OS{Family: aos.CentOS, Name: result[2]}, nil + return types.OS{ + Family: types.CentOS, + Name: result[2], + }, nil case "rocky", "rocky linux": - return types.OS{Family: aos.Rocky, Name: result[2]}, nil + return types.OS{ + Family: types.Rocky, + Name: result[2], + }, nil case "alma", "almalinux", "alma linux": - return types.OS{Family: aos.Alma, Name: result[2]}, nil + return types.OS{ + Family: types.Alma, + Name: result[2], + }, nil case "oracle", "oracle linux", "oracle linux server": - return types.OS{Family: aos.Oracle, Name: result[2]}, nil + return types.OS{ + Family: types.Oracle, + Name: result[2], + }, nil case "fedora", "fedora linux": - return types.OS{Family: aos.Fedora, Name: result[2]}, nil + return types.OS{ + Family: types.Fedora, + Name: result[2], + }, nil default: - return types.OS{Family: aos.RedHat, Name: result[2]}, nil + return types.OS{ + Family: types.RedHat, + Name: result[2], + }, nil } } - return types.OS{}, xerrors.Errorf("redhatbase: %w", aos.AnalyzeOSError) + return types.OS{}, xerrors.Errorf("redhatbase: %w", fos.AnalyzeOSError) } func (a redhatOSAnalyzer) Required(filePath string, _ os.FileInfo) bool { diff --git a/pkg/fanal/analyzer/os/redhatbase/rocky.go b/pkg/fanal/analyzer/os/redhatbase/rocky.go index 974431c6eee9..ac443d29ae83 100644 --- a/pkg/fanal/analyzer/os/redhatbase/rocky.go +++ b/pkg/fanal/analyzer/os/redhatbase/rocky.go @@ -6,11 +6,10 @@ import ( "os" "strings" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - "golang.org/x/xerrors" - aos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" + fos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/fanal/utils" ) @@ -35,12 +34,15 @@ func (a rockyOSAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInput switch strings.ToLower(result[1]) { case "rocky", "rocky linux": return &analyzer.AnalysisResult{ - OS: types.OS{Family: aos.Rocky, Name: result[2]}, + OS: types.OS{ + Family: types.Rocky, + Name: result[2], + }, }, nil } } - return nil, xerrors.Errorf("rocky: %w", aos.AnalyzeOSError) + return nil, xerrors.Errorf("rocky: %w", fos.AnalyzeOSError) } func (a rockyOSAnalyzer) Required(filePath string, _ os.FileInfo) bool { diff --git a/pkg/fanal/analyzer/os/release/release.go b/pkg/fanal/analyzer/os/release/release.go index 5c035c96d55b..d4b959c3a9b3 100644 --- a/pkg/fanal/analyzer/os/release/release.go +++ b/pkg/fanal/analyzer/os/release/release.go @@ -9,7 +9,6 @@ import ( "golang.org/x/exp/slices" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - aos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" "github.com/aquasecurity/trivy/pkg/fanal/types" ) @@ -47,27 +46,30 @@ func (a osReleaseAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInp continue } - var family string + var family types.OSType switch id { case "alpine": - family = aos.Alpine + family = types.Alpine case "opensuse-tumbleweed": - family = aos.OpenSUSETumbleweed + family = types.OpenSUSETumbleweed case "opensuse-leap", "opensuse": // opensuse for leap:42, opensuse-leap for leap:15 - family = aos.OpenSUSELeap + family = types.OpenSUSELeap case "sles": - family = aos.SLES + family = types.SLES case "photon": - family = aos.Photon + family = types.Photon case "wolfi": - family = aos.Wolfi + family = types.Wolfi case "chainguard": - family = aos.Chainguard + family = types.Chainguard } if family != "" && versionID != "" { return &analyzer.AnalysisResult{ - OS: types.OS{Family: family, Name: versionID}, + OS: types.OS{ + Family: family, + Name: versionID, + }, }, nil } } diff --git a/pkg/fanal/analyzer/os/release/release_test.go b/pkg/fanal/analyzer/os/release/release_test.go index ebf521303c41..615324c200fd 100644 --- a/pkg/fanal/analyzer/os/release/release_test.go +++ b/pkg/fanal/analyzer/os/release/release_test.go @@ -9,7 +9,6 @@ import ( "github.com/stretchr/testify/require" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - aos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" "github.com/aquasecurity/trivy/pkg/fanal/types" ) @@ -25,49 +24,70 @@ func Test_osReleaseAnalyzer_Analyze(t *testing.T) { name: "alpine", inputFile: "testdata/alpine", want: &analyzer.AnalysisResult{ - OS: types.OS{Family: aos.Alpine, Name: "3.15.4"}, + OS: types.OS{ + Family: types.Alpine, + Name: "3.15.4", + }, }, }, { name: "openSUSE-leap 15.2.1", inputFile: "testdata/opensuseleap-15.2.1", want: &analyzer.AnalysisResult{ - OS: types.OS{Family: aos.OpenSUSELeap, Name: "15.2.1"}, + OS: types.OS{ + Family: types.OpenSUSELeap, + Name: "15.2.1", + }, }, }, { name: "openSUSE-leap 42.3", inputFile: "testdata/opensuseleap-42.3", want: &analyzer.AnalysisResult{ - OS: types.OS{Family: aos.OpenSUSELeap, Name: "42.3"}, + OS: types.OS{ + Family: types.OpenSUSELeap, + Name: "42.3", + }, }, }, { name: "openSUSE-tumbleweed", inputFile: "testdata/opensusetumbleweed", want: &analyzer.AnalysisResult{ - OS: types.OS{Family: aos.OpenSUSETumbleweed, Name: "20220412"}, + OS: types.OS{ + Family: types.OpenSUSETumbleweed, + Name: "20220412", + }, }, }, { name: "SUSE Linux Enterprise Server", inputFile: "testdata/sles", want: &analyzer.AnalysisResult{ - OS: types.OS{Family: aos.SLES, Name: "15.3"}, + OS: types.OS{ + Family: types.SLES, + Name: "15.3", + }, }, }, { name: "Photon OS", inputFile: "testdata/photon", want: &analyzer.AnalysisResult{ - OS: types.OS{Family: aos.Photon, Name: "4.0"}, + OS: types.OS{ + Family: types.Photon, + Name: "4.0", + }, }, }, { name: "Photon OS", inputFile: "testdata/photon", want: &analyzer.AnalysisResult{ - OS: types.OS{Family: aos.Photon, Name: "4.0"}, + OS: types.OS{ + Family: types.Photon, + Name: "4.0", + }, }, }, { diff --git a/pkg/fanal/analyzer/os/ubuntu/esm.go b/pkg/fanal/analyzer/os/ubuntu/esm.go index 8520400bed65..9f1dd08f9c6d 100644 --- a/pkg/fanal/analyzer/os/ubuntu/esm.go +++ b/pkg/fanal/analyzer/os/ubuntu/esm.go @@ -2,15 +2,13 @@ package ubuntu import ( "context" - "os" - "encoding/json" + "os" "golang.org/x/exp/slices" "golang.org/x/xerrors" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - aos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" "github.com/aquasecurity/trivy/pkg/fanal/types" ) @@ -40,7 +38,7 @@ func (a ubuntuESMAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInp if esmEnabled(st) { return &analyzer.AnalysisResult{ OS: types.OS{ - Family: aos.Ubuntu, + Family: types.Ubuntu, Extended: true, }, }, nil diff --git a/pkg/fanal/analyzer/os/ubuntu/esm_test.go b/pkg/fanal/analyzer/os/ubuntu/esm_test.go index 2f6af313a70d..1923e4ab8c7f 100644 --- a/pkg/fanal/analyzer/os/ubuntu/esm_test.go +++ b/pkg/fanal/analyzer/os/ubuntu/esm_test.go @@ -5,10 +5,11 @@ import ( "os" "testing" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" + "github.com/aquasecurity/trivy/pkg/fanal/types" ) func Test_ubuntuESMAnalyzer_Analyze(t *testing.T) { diff --git a/pkg/fanal/analyzer/os/ubuntu/ubuntu.go b/pkg/fanal/analyzer/os/ubuntu/ubuntu.go index 6d8a59a3ceb4..2fff3ac8339f 100644 --- a/pkg/fanal/analyzer/os/ubuntu/ubuntu.go +++ b/pkg/fanal/analyzer/os/ubuntu/ubuntu.go @@ -10,7 +10,7 @@ import ( "golang.org/x/xerrors" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - aos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" + fos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" "github.com/aquasecurity/trivy/pkg/fanal/types" ) @@ -42,13 +42,13 @@ func (a ubuntuOSAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInpu if isUbuntu && strings.HasPrefix(line, "DISTRIB_RELEASE=") { return &analyzer.AnalysisResult{ OS: types.OS{ - Family: aos.Ubuntu, + Family: types.Ubuntu, Name: strings.TrimSpace(line[16:]), }, }, nil } } - return nil, xerrors.Errorf("ubuntu: %w", aos.AnalyzeOSError) + return nil, xerrors.Errorf("ubuntu: %w", fos.AnalyzeOSError) } func (a ubuntuOSAnalyzer) Required(filePath string, _ os.FileInfo) bool { diff --git a/pkg/fanal/analyzer/os/ubuntu/ubuntu_test.go b/pkg/fanal/analyzer/os/ubuntu/ubuntu_test.go index e48807d50edf..042d28af9924 100644 --- a/pkg/fanal/analyzer/os/ubuntu/ubuntu_test.go +++ b/pkg/fanal/analyzer/os/ubuntu/ubuntu_test.go @@ -5,12 +5,11 @@ import ( "os" "testing" - "github.com/aquasecurity/trivy/pkg/fanal/types" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" + "github.com/aquasecurity/trivy/pkg/fanal/types" ) func Test_ubuntuOSAnalyzer_Analyze(t *testing.T) { diff --git a/pkg/fanal/analyzer/pkg/dpkg/dpkg_test.go b/pkg/fanal/analyzer/pkg/dpkg/dpkg_test.go index af49cb753075..3d73a550866c 100644 --- a/pkg/fanal/analyzer/pkg/dpkg/dpkg_test.go +++ b/pkg/fanal/analyzer/pkg/dpkg/dpkg_test.go @@ -2,15 +2,16 @@ package dpkg import ( "context" - "github.com/aquasecurity/trivy/pkg/mapfs" "os" "path/filepath" "sort" "testing" + "github.com/stretchr/testify/assert" + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/types" - "github.com/stretchr/testify/assert" + "github.com/aquasecurity/trivy/pkg/mapfs" ) func Test_dpkgAnalyzer_Analyze(t *testing.T) { diff --git a/pkg/fanal/analyzer/repo/apk/apk.go b/pkg/fanal/analyzer/repo/apk/apk.go index 253655938d43..454710d6841b 100644 --- a/pkg/fanal/analyzer/repo/apk/apk.go +++ b/pkg/fanal/analyzer/repo/apk/apk.go @@ -11,7 +11,6 @@ import ( ver "github.com/aquasecurity/go-version/pkg/version" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - aos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" "github.com/aquasecurity/trivy/pkg/fanal/types" ) @@ -31,7 +30,8 @@ type apkRepoAnalyzer struct{} func (a apkRepoAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInput) (*analyzer.AnalysisResult, error) { scanner := bufio.NewScanner(input.Content) - var osFamily, repoVer string + var osFamily types.OSType + var repoVer string for scanner.Scan() { line := scanner.Text() @@ -40,7 +40,7 @@ func (a apkRepoAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInput continue } - newOSFamily := m[2] + newOSFamily := types.OSType(m[2]) newVersion := m[3] // Find OS Family @@ -73,7 +73,7 @@ func (a apkRepoAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInput } // Currently, we support only Alpine Linux in apk repositories. - if osFamily != aos.Alpine || repoVer == "" { + if osFamily != types.Alpine || repoVer == "" { return nil, nil } diff --git a/pkg/fanal/analyzer/repo/apk/apk_test.go b/pkg/fanal/analyzer/repo/apk/apk_test.go index cfe434417bcc..daf60febe639 100644 --- a/pkg/fanal/analyzer/repo/apk/apk_test.go +++ b/pkg/fanal/analyzer/repo/apk/apk_test.go @@ -8,7 +8,6 @@ import ( "github.com/stretchr/testify/assert" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - aos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" "github.com/aquasecurity/trivy/pkg/fanal/types" ) @@ -26,7 +25,10 @@ func Test_apkRepoAnalyzer_Analyze(t *testing.T) { Content: strings.NewReader("http://nl.alpinelinux.org/alpine/v3.7/main"), }, want: &analyzer.AnalysisResult{ - Repository: &types.Repository{Family: aos.Alpine, Release: "3.7"}, + Repository: &types.Repository{ + Family: types.Alpine, + Release: "3.7", + }, }, }, { @@ -44,7 +46,10 @@ func Test_apkRepoAnalyzer_Analyze(t *testing.T) { Content: strings.NewReader("http://nl.alpinelinux.org/alpine/v3.7/main"), }, want: &analyzer.AnalysisResult{ - Repository: &types.Repository{Family: aos.Alpine, Release: "3.7"}, + Repository: &types.Repository{ + Family: types.Alpine, + Release: "3.7", + }, }, }, { @@ -54,7 +59,10 @@ func Test_apkRepoAnalyzer_Analyze(t *testing.T) { Content: strings.NewReader("https://dl-cdn.alpinelinux.org/alpine/v3.15/main"), }, want: &analyzer.AnalysisResult{ - Repository: &types.Repository{Family: aos.Alpine, Release: "3.15"}, + Repository: &types.Repository{ + Family: types.Alpine, + Release: "3.15", + }, }, }, { @@ -64,7 +72,10 @@ func Test_apkRepoAnalyzer_Analyze(t *testing.T) { Content: strings.NewReader("ftp://dl-3.alpinelinux.org/alpine/v2.6/main"), }, want: &analyzer.AnalysisResult{ - Repository: &types.Repository{Family: aos.Alpine, Release: "2.6"}, + Repository: &types.Repository{ + Family: types.Alpine, + Release: "2.6", + }, }, }, { @@ -74,7 +85,10 @@ func Test_apkRepoAnalyzer_Analyze(t *testing.T) { Content: strings.NewReader("https://dl-cdn.alpinelinux.org/alpine/edge/main"), }, want: &analyzer.AnalysisResult{ - Repository: &types.Repository{Family: aos.Alpine, Release: "edge"}, + Repository: &types.Repository{ + Family: types.Alpine, + Release: "edge", + }, }, }, { @@ -87,7 +101,10 @@ https://dl-cdn.alpinelinux.org/alpine/v3.10/main `), }, want: &analyzer.AnalysisResult{ - Repository: &types.Repository{Family: aos.Alpine, Release: "3.10"}, + Repository: &types.Repository{ + Family: types.Alpine, + Release: "3.10", + }, }, }, { @@ -99,7 +116,10 @@ https://dl-cdn.alpinelinux.org/alpine/v3.1/main `), }, want: &analyzer.AnalysisResult{ - Repository: &types.Repository{Family: aos.Alpine, Release: "3.10"}, + Repository: &types.Repository{ + Family: types.Alpine, + Release: "3.10", + }, }, }, { @@ -111,7 +131,10 @@ https://dl-cdn.alpinelinux.org/alpine/v3.10/main `), }, want: &analyzer.AnalysisResult{ - Repository: &types.Repository{Family: aos.Alpine, Release: "edge"}, + Repository: &types.Repository{ + Family: types.Alpine, + Release: "edge", + }, }, }, { diff --git a/pkg/fanal/analyzer/sbom/sbom_test.go b/pkg/fanal/analyzer/sbom/sbom_test.go index e6168cf60711..fe00d31a6ae7 100644 --- a/pkg/fanal/analyzer/sbom/sbom_test.go +++ b/pkg/fanal/analyzer/sbom/sbom_test.go @@ -5,10 +5,11 @@ import ( "os" "testing" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" + "github.com/aquasecurity/trivy/pkg/fanal/types" ) func Test_sbomAnalyzer_Analyze(t *testing.T) { diff --git a/pkg/fanal/applier/docker.go b/pkg/fanal/applier/docker.go index 19ddfb6eb0ad..4cb0277667e6 100644 --- a/pkg/fanal/applier/docker.go +++ b/pkg/fanal/applier/docker.go @@ -236,7 +236,7 @@ func ApplyLayers(layers []types.BlobInfo) types.ArtifactDetail { func aggregate(detail *types.ArtifactDetail) { var apps []types.Application - aggregatedApps := map[string]*types.Application{ + aggregatedApps := map[types.LangType]*types.Application{ types.PythonPkg: {Type: types.PythonPkg}, types.CondaPkg: {Type: types.CondaPkg}, types.GemSpec: {Type: types.GemSpec}, diff --git a/pkg/fanal/artifact/repo/git_test.go b/pkg/fanal/artifact/repo/git_test.go index 5103ba9f2730..ca29941a597d 100644 --- a/pkg/fanal/artifact/repo/git_test.go +++ b/pkg/fanal/artifact/repo/git_test.go @@ -11,11 +11,12 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - _ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/config/all" - _ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/secret" "github.com/aquasecurity/trivy/pkg/fanal/artifact" "github.com/aquasecurity/trivy/pkg/fanal/cache" "github.com/aquasecurity/trivy/pkg/fanal/types" + + _ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/config/all" + _ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/secret" ) func setupGitServer() (*httptest.Server, error) { diff --git a/pkg/fanal/artifact/vm/ami.go b/pkg/fanal/artifact/vm/ami.go index 43ea075ab932..6ce2dbd4ef30 100644 --- a/pkg/fanal/artifact/vm/ami.go +++ b/pkg/fanal/artifact/vm/ami.go @@ -3,13 +3,12 @@ package vm import ( "context" - "github.com/aquasecurity/trivy/pkg/cloud/aws/config" - "github.com/aquasecurity/trivy/pkg/fanal/types" - "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/ec2" "golang.org/x/xerrors" + "github.com/aquasecurity/trivy/pkg/cloud/aws/config" + "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/log" ) diff --git a/pkg/fanal/artifact/vm/vm_test.go b/pkg/fanal/artifact/vm/vm_test.go index dd26b46b96dc..33e83a2c4e08 100644 --- a/pkg/fanal/artifact/vm/vm_test.go +++ b/pkg/fanal/artifact/vm/vm_test.go @@ -7,6 +7,7 @@ import ( "strings" "testing" + ebsfile "github.com/masahiro331/go-ebs-file" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -17,7 +18,6 @@ import ( "github.com/aquasecurity/trivy/pkg/fanal/cache" "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/misconf" - ebsfile "github.com/masahiro331/go-ebs-file" _ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os/amazonlinux" _ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/pkg/rpm" diff --git a/pkg/fanal/handler/handler_test.go b/pkg/fanal/handler/handler_test.go index 084692214db5..b53f885e24e0 100644 --- a/pkg/fanal/handler/handler_test.go +++ b/pkg/fanal/handler/handler_test.go @@ -4,13 +4,11 @@ import ( "context" "testing" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - - "github.com/aquasecurity/trivy/pkg/fanal/artifact" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" + "github.com/aquasecurity/trivy/pkg/fanal/artifact" "github.com/aquasecurity/trivy/pkg/fanal/handler" "github.com/aquasecurity/trivy/pkg/fanal/types" ) diff --git a/pkg/fanal/handler/sysfile/filter.go b/pkg/fanal/handler/sysfile/filter.go index 344511bfdce9..09525aebc1e7 100644 --- a/pkg/fanal/handler/sysfile/filter.go +++ b/pkg/fanal/handler/sysfile/filter.go @@ -4,12 +4,10 @@ import ( "context" "strings" - "github.com/aquasecurity/trivy/pkg/fanal/artifact" - "golang.org/x/exp/slices" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - + "github.com/aquasecurity/trivy/pkg/fanal/artifact" "github.com/aquasecurity/trivy/pkg/fanal/handler" "github.com/aquasecurity/trivy/pkg/fanal/types" ) @@ -29,7 +27,7 @@ var ( "/usr/lib/python2.7/wsgiref.egg-info", } - affectedTypes = []string{ + affectedTypes = []types.LangType{ // ruby types.GemSpec, diff --git a/pkg/fanal/handler/sysfile/filter_test.go b/pkg/fanal/handler/sysfile/filter_test.go index 60c7553b4a16..6dc8d5af7b03 100644 --- a/pkg/fanal/handler/sysfile/filter_test.go +++ b/pkg/fanal/handler/sysfile/filter_test.go @@ -4,11 +4,10 @@ import ( "context" "testing" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/types" ) diff --git a/pkg/fanal/image/daemon/docker_test.go b/pkg/fanal/image/daemon/docker_test.go index a68c935289a3..3ae519bdf938 100644 --- a/pkg/fanal/image/daemon/docker_test.go +++ b/pkg/fanal/image/daemon/docker_test.go @@ -3,12 +3,11 @@ package daemon import ( "testing" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - "github.com/docker/docker/api/types" "github.com/google/go-containerregistry/pkg/name" v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func TestDockerImage(t *testing.T) { diff --git a/pkg/fanal/image/daemon/image_test.go b/pkg/fanal/image/daemon/image_test.go index b6792e23b44c..be6ddd86e525 100644 --- a/pkg/fanal/image/daemon/image_test.go +++ b/pkg/fanal/image/daemon/image_test.go @@ -9,11 +9,10 @@ import ( "time" dimage "github.com/docker/docker/api/types/image" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - "github.com/google/go-containerregistry/pkg/name" v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "github.com/aquasecurity/testdocker/engine" ) diff --git a/pkg/fanal/image/daemon/podman_test.go b/pkg/fanal/image/daemon/podman_test.go index bdd909cd922f..821d10017ffe 100644 --- a/pkg/fanal/image/daemon/podman_test.go +++ b/pkg/fanal/image/daemon/podman_test.go @@ -7,14 +7,13 @@ import ( "runtime" "testing" - "github.com/aquasecurity/testdocker/engine" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - "github.com/docker/docker/api/types" "github.com/google/go-containerregistry/pkg/name" v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/aquasecurity/testdocker/engine" ) func setupPodmanSock(t *testing.T) *httptest.Server { diff --git a/pkg/fanal/image/registry/azure/azure.go b/pkg/fanal/image/registry/azure/azure.go index 9ae460a6ac5a..f77f3f9d9a97 100644 --- a/pkg/fanal/image/registry/azure/azure.go +++ b/pkg/fanal/image/registry/azure/azure.go @@ -7,11 +7,10 @@ import ( "os" "strings" - "golang.org/x/xerrors" - "github.com/Azure/azure-sdk-for-go/profiles/preview/preview/containerregistry/runtime/containerregistry" "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "golang.org/x/xerrors" "github.com/aquasecurity/trivy/pkg/fanal/types" ) diff --git a/pkg/fanal/image/registry/ecr/ecr.go b/pkg/fanal/image/registry/ecr/ecr.go index 9c7a8b8d4bad..72d5204d0375 100644 --- a/pkg/fanal/image/registry/ecr/ecr.go +++ b/pkg/fanal/image/registry/ecr/ecr.go @@ -5,15 +5,14 @@ import ( "encoding/base64" "strings" - "github.com/aquasecurity/trivy/pkg/fanal/types" - "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/credentials" - "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/ecr" "github.com/aws/aws-sdk-go/service/ecr/ecriface" "golang.org/x/xerrors" + + "github.com/aquasecurity/trivy/pkg/fanal/types" ) const ecrURL = "amazonaws.com" diff --git a/pkg/fanal/image/registry/ecr/ecr_test.go b/pkg/fanal/image/registry/ecr/ecr_test.go index 7cb7edc506e1..b55f56d7b179 100644 --- a/pkg/fanal/image/registry/ecr/ecr_test.go +++ b/pkg/fanal/image/registry/ecr/ecr_test.go @@ -5,13 +5,12 @@ import ( "errors" "testing" - "github.com/aquasecurity/trivy/pkg/fanal/types" - - "github.com/aws/aws-sdk-go/aws/request" - "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/service/ecr" "github.com/aws/aws-sdk-go/service/ecr/ecriface" + + "github.com/aquasecurity/trivy/pkg/fanal/types" ) func TestCheckOptions(t *testing.T) { diff --git a/pkg/fanal/image/registry/google/google.go b/pkg/fanal/image/registry/google/google.go index 65e0e86cfe8a..37182f44fecd 100644 --- a/pkg/fanal/image/registry/google/google.go +++ b/pkg/fanal/image/registry/google/google.go @@ -4,13 +4,12 @@ import ( "context" "strings" - "github.com/aquasecurity/trivy/pkg/fanal/types" - - "golang.org/x/xerrors" - "github.com/GoogleCloudPlatform/docker-credential-gcr/config" "github.com/GoogleCloudPlatform/docker-credential-gcr/credhelper" "github.com/GoogleCloudPlatform/docker-credential-gcr/store" + "golang.org/x/xerrors" + + "github.com/aquasecurity/trivy/pkg/fanal/types" ) type Registry struct { diff --git a/pkg/fanal/image/registry/token_test.go b/pkg/fanal/image/registry/token_test.go index 40ddb9e3d373..52bf78d84b9f 100644 --- a/pkg/fanal/image/registry/token_test.go +++ b/pkg/fanal/image/registry/token_test.go @@ -5,7 +5,6 @@ import ( "testing" "github.com/google/go-containerregistry/pkg/authn" - "github.com/stretchr/testify/assert" "github.com/aquasecurity/trivy/pkg/fanal/types" diff --git a/pkg/fanal/secret/scanner_test.go b/pkg/fanal/secret/scanner_test.go index eeb6ab52336b..4cde82f2aee1 100644 --- a/pkg/fanal/secret/scanner_test.go +++ b/pkg/fanal/secret/scanner_test.go @@ -6,11 +6,10 @@ import ( "path/filepath" "testing" - "go.uber.org/zap" - "go.uber.org/zap/zapcore" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "go.uber.org/zap" + "go.uber.org/zap/zapcore" "github.com/aquasecurity/trivy/pkg/fanal/log" "github.com/aquasecurity/trivy/pkg/fanal/secret" diff --git a/pkg/fanal/types/artifact.go b/pkg/fanal/types/artifact.go index 57e94d93dd71..6b46266ae1c5 100644 --- a/pkg/fanal/types/artifact.go +++ b/pkg/fanal/types/artifact.go @@ -7,11 +7,10 @@ import ( "github.com/samber/lo" "github.com/aquasecurity/trivy/pkg/digest" - aos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" ) type OS struct { - Family string + Family OSType Name string Eosl bool `json:"EOSL,omitempty"` @@ -33,7 +32,7 @@ func (o *OS) Merge(new OS) { // OLE also has /etc/redhat-release and it detects OLE as RHEL by mistake. // In that case, OS must be overwritten with the content of /etc/oracle-release. // There is the same problem between Debian and Ubuntu. - case o.Family == aos.RedHat, o.Family == aos.Debian: + case o.Family == RedHat, o.Family == Debian: *o = new default: if o.Family == "" { @@ -52,7 +51,7 @@ func (o *OS) Merge(new OS) { } type Repository struct { - Family string `json:",omitempty"` + Family OSType `json:",omitempty"` Release string `json:",omitempty"` } @@ -166,7 +165,7 @@ type PackageInfo struct { type Application struct { // e.g. bundler and pipenv - Type string + Type LangType // Lock files have the file path here, while each package metadata do not have FilePath string `json:",omitempty"` diff --git a/pkg/fanal/types/const.go b/pkg/fanal/types/const.go index faaece10fb7d..e36fa92c57d9 100644 --- a/pkg/fanal/types/const.go +++ b/pkg/fanal/types/const.go @@ -1,58 +1,93 @@ package types +type ( + // TargetType represents the type of target + TargetType string + + // OSType is an alias of TargetType for operating systems + OSType = TargetType + + // LangType is an alias of TargetType for programming languages + LangType = TargetType + + // ConfigType is an alias of TargetType for configuration files + ConfigType = TargetType +) + const ( ArtifactJSONSchemaVersion = 1 BlobJSONSchemaVersion = 2 ) +// Operating systems +const ( + Alma OSType = "alma" + Alpine OSType = "alpine" + Amazon OSType = "amazon" + CBLMariner OSType = "cbl-mariner" + CentOS OSType = "centos" + Chainguard OSType = "chainguard" + Debian OSType = "debian" + Fedora OSType = "fedora" + OpenSUSE OSType = "opensuse" + OpenSUSELeap OSType = "opensuse.leap" + OpenSUSETumbleweed OSType = "opensuse.tumbleweed" + Oracle OSType = "oracle" + Photon OSType = "photon" + RedHat OSType = "redhat" + Rocky OSType = "rocky" + SLES OSType = "suse linux enterprise server" + Ubuntu OSType = "ubuntu" + Wolfi OSType = "wolfi" +) + +// Programming language dependencies +const ( + Bundler LangType = "bundler" + GemSpec LangType = "gemspec" + Cargo LangType = "cargo" + Composer LangType = "composer" + Npm LangType = "npm" + NuGet LangType = "nuget" + DotNetCore LangType = "dotnet-core" + Pip LangType = "pip" + Pipenv LangType = "pipenv" + Poetry LangType = "poetry" + CondaPkg LangType = "conda-pkg" + PythonPkg LangType = "python-pkg" + NodePkg LangType = "node-pkg" + Yarn LangType = "yarn" + Pnpm LangType = "pnpm" + Jar LangType = "jar" + Pom LangType = "pom" + Gradle LangType = "gradle" + GoBinary LangType = "gobinary" + GoModule LangType = "gomod" + JavaScript LangType = "javascript" + RustBinary LangType = "rustbinary" + Conan LangType = "conan" + Cocoapods LangType = "cocoapods" + Swift LangType = "swift" + Pub LangType = "pub" + Hex LangType = "hex" + Bitnami LangType = "bitnami" +) + +// Config files +const ( + JSON ConfigType = "json" + Dockerfile ConfigType = "dockerfile" + Terraform ConfigType = "terraform" + TerraformPlan ConfigType = "terraformplan" + CloudFormation ConfigType = "cloudformation" + Kubernetes ConfigType = "kubernetes" + Helm ConfigType = "helm" + Cloud ConfigType = "cloud" + AzureARM ConfigType = "azure-arm" +) + +// Language-specific file names const ( - // Programming language dependencies - Bundler = "bundler" - GemSpec = "gemspec" - Cargo = "cargo" - Composer = "composer" - Npm = "npm" - NuGet = "nuget" - DotNetCore = "dotnet-core" - Pip = "pip" - Pipenv = "pipenv" - Poetry = "poetry" - CondaPkg = "conda-pkg" - PythonPkg = "python-pkg" - NodePkg = "node-pkg" - Yarn = "yarn" - Pnpm = "pnpm" - Jar = "jar" - Pom = "pom" - Gradle = "gradle" - GoBinary = "gobinary" - GoModule = "gomod" - JavaScript = "javascript" - RustBinary = "rustbinary" - Conan = "conan" - Cocoapods = "cocoapods" - Swift = "swift" - Pub = "pub" - Hex = "hex" - Bitnami = "bitnami" - - // Config files - YAML = "yaml" - JSON = "json" - Dockerfile = "dockerfile" - Terraform = "terraform" - TerraformPlan = "terraformplan" - CloudFormation = "cloudformation" - Kubernetes = "kubernetes" - Ansible = "ansible" - Helm = "helm" - Cloud = "cloud" - AzureARM = "azure-arm" - - // Licensing - License = "license" - - // Language-specific file names NuGetPkgsLock = "packages.lock.json" NuGetPkgsConfig = "packages.config" diff --git a/pkg/fanal/types/misconf.go b/pkg/fanal/types/misconf.go index 2f18d0b45592..3b4e9b447895 100644 --- a/pkg/fanal/types/misconf.go +++ b/pkg/fanal/types/misconf.go @@ -8,7 +8,7 @@ import ( ) type Misconfiguration struct { - FileType string `json:",omitempty"` + FileType ConfigType `json:",omitempty"` FilePath string `json:",omitempty"` Successes MisconfResults `json:",omitempty"` Warnings MisconfResults `json:",omitempty"` diff --git a/pkg/fanal/vm/disk/vmdk_test.go b/pkg/fanal/vm/disk/vmdk_test.go index 9d2db6d6076c..4c62a202b423 100644 --- a/pkg/fanal/vm/disk/vmdk_test.go +++ b/pkg/fanal/vm/disk/vmdk_test.go @@ -4,10 +4,10 @@ import ( "os" "testing" - "github.com/aquasecurity/trivy/pkg/fanal/vm/disk" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/aquasecurity/trivy/pkg/fanal/vm/disk" ) func TestVMDK_NewReader(t *testing.T) { diff --git a/pkg/fanal/walker/tar_test.go b/pkg/fanal/walker/tar_test.go index 0c8773013941..8f1cb98a8010 100644 --- a/pkg/fanal/walker/tar_test.go +++ b/pkg/fanal/walker/tar_test.go @@ -7,12 +7,10 @@ import ( "strings" "testing" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/walker" ) diff --git a/pkg/flag/db_flags_test.go b/pkg/flag/db_flags_test.go index 50e203307fde..d1ce7c65cbc4 100644 --- a/pkg/flag/db_flags_test.go +++ b/pkg/flag/db_flags_test.go @@ -3,12 +3,11 @@ package flag_test import ( "testing" - "go.uber.org/zap" - "go.uber.org/zap/zaptest/observer" - "github.com/spf13/viper" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "go.uber.org/zap" + "go.uber.org/zap/zaptest/observer" "github.com/aquasecurity/trivy/pkg/flag" "github.com/aquasecurity/trivy/pkg/log" diff --git a/pkg/flag/kubernetes_flags.go b/pkg/flag/kubernetes_flags.go index 41edc741acb5..ed050d01f162 100644 --- a/pkg/flag/kubernetes_flags.go +++ b/pkg/flag/kubernetes_flags.go @@ -1,14 +1,12 @@ package flag import ( - "strconv" - "fmt" + "strconv" "strings" - "golang.org/x/xerrors" - "github.com/samber/lo" + "golang.org/x/xerrors" corev1 "k8s.io/api/core/v1" ) diff --git a/pkg/k8s/commands/resource.go b/pkg/k8s/commands/resource.go index a829ca04bdcd..442649d9ba17 100644 --- a/pkg/k8s/commands/resource.go +++ b/pkg/k8s/commands/resource.go @@ -4,13 +4,12 @@ import ( "context" "strings" - "github.com/aquasecurity/trivy/pkg/flag" - "golang.org/x/xerrors" "github.com/aquasecurity/trivy-kubernetes/pkg/artifacts" "github.com/aquasecurity/trivy-kubernetes/pkg/k8s" "github.com/aquasecurity/trivy-kubernetes/pkg/trivyk8s" + "github.com/aquasecurity/trivy/pkg/flag" "github.com/aquasecurity/trivy/pkg/log" ) diff --git a/pkg/k8s/scanner/io.go b/pkg/k8s/scanner/io.go index 9e7254e62781..38a0673dad6a 100644 --- a/pkg/k8s/scanner/io.go +++ b/pkg/k8s/scanner/io.go @@ -9,9 +9,8 @@ import ( "golang.org/x/xerrors" "gopkg.in/yaml.v3" - "github.com/aquasecurity/trivy/pkg/log" - "github.com/aquasecurity/trivy-kubernetes/pkg/artifacts" + "github.com/aquasecurity/trivy/pkg/log" ) func createTempFile(artifact *artifacts.Artifact) (string, error) { diff --git a/pkg/k8s/scanner/scanner.go b/pkg/k8s/scanner/scanner.go index becd9610d84f..e37256c9edac 100644 --- a/pkg/k8s/scanner/scanner.go +++ b/pkg/k8s/scanner/scanner.go @@ -237,8 +237,14 @@ func clusterInfoToReportResources(allArtifact []*artifacts.Artifact) (*core.Comp Name: name, Version: cDigest, Properties: []core.Property{ - {Name: cyc.PropertyPkgID, Value: fmt.Sprintf("%s:%s", name, version)}, - {Name: cyc.PropertyPkgType, Value: oci}, + { + Name: cyc.PropertyPkgID, + Value: fmt.Sprintf("%s:%s", name, version), + }, + { + Name: cyc.PropertyPkgType, + Value: oci, + }, }, }) } @@ -263,7 +269,11 @@ func clusterInfoToReportResources(allArtifact []*artifacts.Artifact) (*core.Comp if err != nil { return nil, err } - cInfo = &core.Component{Name: cf.Name, Version: cf.Version, Properties: toProperties(cf.Properties, k8sCoreComponentNamespace)} + cInfo = &core.Component{ + Name: cf.Name, + Version: cf.Version, + Properties: toProperties(cf.Properties, k8sCoreComponentNamespace), + } default: return nil, fmt.Errorf("resource kind %s is not supported", artifact.Kind) } @@ -335,16 +345,28 @@ func nodeComponent(nf bom.NodeInfo) *core.Component { Name: osName, Version: osVersion, Properties: []core.Property{ - {Name: "Class", Value: types.ClassOSPkg}, - {Name: "Type", Value: osName}, + { + Name: "Class", + Value: string(types.ClassOSPkg), + }, + { + Name: "Type", + Value: osName, + }, }, }, { Type: cdx.ComponentTypeApplication, Name: nodeCoreComponents, Properties: []core.Property{ - {Name: "Class", Value: types.ClassLangPkg}, - {Name: "Type", Value: golang}, + { + Name: "Class", + Value: string(types.ClassLangPkg), + }, + { + Name: "Type", + Value: golang, + }, }, Components: []*core.Component{ { @@ -352,8 +374,16 @@ func nodeComponent(nf bom.NodeInfo) *core.Component { Name: kubelet, Version: kubeletVersion, Properties: []core.Property{ - {Name: k8sComponentType, Value: k8sComponentNode, Namespace: k8sCoreComponentNamespace}, - {Name: k8sComponentName, Value: kubelet, Namespace: k8sCoreComponentNamespace}, + { + Name: k8sComponentType, + Value: k8sComponentNode, + Namespace: k8sCoreComponentNamespace, + }, + { + Name: k8sComponentName, + Value: kubelet, + Namespace: k8sCoreComponentNamespace, + }, }, PackageURL: &purl.PackageURL{ PackageURL: *packageurl.NewPackageURL(golang, "", kubelet, kubeletVersion, packageurl.Qualifiers{}, ""), @@ -364,8 +394,16 @@ func nodeComponent(nf bom.NodeInfo) *core.Component { Name: runtimeName, Version: runtimeVersion, Properties: []core.Property{ - {Name: k8sComponentType, Value: k8sComponentNode, Namespace: k8sCoreComponentNamespace}, - {Name: k8sComponentName, Value: runtimeName, Namespace: k8sCoreComponentNamespace}, + { + Name: k8sComponentType, + Value: k8sComponentNode, + Namespace: k8sCoreComponentNamespace, + }, + { + Name: k8sComponentName, + Value: runtimeName, + Namespace: k8sCoreComponentNamespace, + }, }, PackageURL: &purl.PackageURL{ PackageURL: *packageurl.NewPackageURL(golang, "", runtimeName, runtimeVersion, packageurl.Qualifiers{}, ""), diff --git a/pkg/k8s/scanner/scanner_test.go b/pkg/k8s/scanner/scanner_test.go index 0963da56f00a..bee414223ddd 100644 --- a/pkg/k8s/scanner/scanner_test.go +++ b/pkg/k8s/scanner/scanner_test.go @@ -6,17 +6,15 @@ import ( "testing" cdx "github.com/CycloneDX/cyclonedx-go" - "github.com/aquasecurity/trivy-kubernetes/pkg/artifacts" - cmd "github.com/aquasecurity/trivy/pkg/commands/artifact" - "github.com/aquasecurity/trivy/pkg/purl" "github.com/package-url/packageurl-go" + "github.com/stretchr/testify/assert" + "github.com/aquasecurity/trivy-kubernetes/pkg/artifacts" + cmd "github.com/aquasecurity/trivy/pkg/commands/artifact" "github.com/aquasecurity/trivy/pkg/flag" - + "github.com/aquasecurity/trivy/pkg/purl" cyc "github.com/aquasecurity/trivy/pkg/sbom/cyclonedx" "github.com/aquasecurity/trivy/pkg/sbom/cyclonedx/core" - - "github.com/stretchr/testify/assert" ) func TestK8sClusterInfoReport(t *testing.T) { diff --git a/pkg/licensing/classifier_test.go b/pkg/licensing/classifier_test.go index b57825cf27f4..0a559f89f486 100644 --- a/pkg/licensing/classifier_test.go +++ b/pkg/licensing/classifier_test.go @@ -4,12 +4,11 @@ import ( "os" "testing" - "github.com/aquasecurity/trivy/pkg/licensing" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/aquasecurity/trivy/pkg/fanal/types" + "github.com/aquasecurity/trivy/pkg/licensing" ) func TestClassifier_FullClassify(t *testing.T) { diff --git a/pkg/licensing/scanner_test.go b/pkg/licensing/scanner_test.go index 5b680af6fb86..11102e27a44a 100644 --- a/pkg/licensing/scanner_test.go +++ b/pkg/licensing/scanner_test.go @@ -3,11 +3,10 @@ package licensing_test import ( "testing" - "github.com/aquasecurity/trivy/pkg/licensing" - "github.com/stretchr/testify/assert" "github.com/aquasecurity/trivy/pkg/fanal/types" + "github.com/aquasecurity/trivy/pkg/licensing" ) func TestScanner_Scan(t *testing.T) { diff --git a/pkg/misconf/scanner.go b/pkg/misconf/scanner.go index 3d638f1764f2..72f97f968e58 100644 --- a/pkg/misconf/scanner.go +++ b/pkg/misconf/scanner.go @@ -2,7 +2,6 @@ package misconf import ( "context" - _ "embed" "errors" "fmt" "io" @@ -30,9 +29,11 @@ import ( "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/mapfs" + + _ "embed" ) -var enabledDefsecTypes = map[detection.FileType]string{ +var enabledDefsecTypes = map[detection.FileType]types.ConfigType{ detection.FileTypeAzureARM: types.AzureARM, detection.FileTypeCloudFormation: types.CloudFormation, detection.FileTypeTerraform: types.Terraform, @@ -356,7 +357,7 @@ func CreateDataFS(dataPaths []string, options ...string) (fs.FS, []string, error } // ResultsToMisconf is exported for trivy-plugin-aqua purposes only -func ResultsToMisconf(configType string, scannerName string, results scan.Results) []types.Misconfiguration { +func ResultsToMisconf(configType types.ConfigType, scannerName string, results scan.Results) []types.Misconfiguration { misconfs := map[string]types.Misconfiguration{} for _, result := range results { diff --git a/pkg/misconf/scanner_test.go b/pkg/misconf/scanner_test.go index e8fd9cbcc55c..3d139e5c6c69 100644 --- a/pkg/misconf/scanner_test.go +++ b/pkg/misconf/scanner_test.go @@ -28,14 +28,30 @@ func TestScannerOption_Sort(t *testing.T) { { name: "happy path", fields: fields{ - Namespaces: []string{"main", "custom", "default"}, + Namespaces: []string{ + "main", + "custom", + "default", + }, PolicyPaths: []string{"policy"}, - DataPaths: []string{"data/b", "data/c", "data/a"}, + DataPaths: []string{ + "data/b", + "data/c", + "data/a", + }, }, want: ScannerOption{ - Namespaces: []string{"custom", "default", "main"}, + Namespaces: []string{ + "custom", + "default", + "main", + }, PolicyPaths: []string{"policy"}, - DataPaths: []string{"data/a", "data/b", "data/c"}, + DataPaths: []string{ + "data/a", + "data/b", + "data/c", + }, }, }, { @@ -79,7 +95,7 @@ func TestScanner_Scan(t *testing.T) { fields fields files []file wantFilePath string - wantFileType string + wantFileType types.ConfigType misconfsExpected int }{ { diff --git a/pkg/module/serialize/types_easyjson.go b/pkg/module/serialize/types_easyjson.go index 9107489e39f7..bbbc0290de1e 100644 --- a/pkg/module/serialize/types_easyjson.go +++ b/pkg/module/serialize/types_easyjson.go @@ -4,15 +4,14 @@ package serialize import ( json "encoding/json" - time "time" - - easyjson "github.com/mailru/easyjson" - jlexer "github.com/mailru/easyjson/jlexer" - jwriter "github.com/mailru/easyjson/jwriter" - types2 "github.com/aquasecurity/trivy-db/pkg/types" + digest "github.com/aquasecurity/trivy/pkg/digest" types1 "github.com/aquasecurity/trivy/pkg/fanal/types" types "github.com/aquasecurity/trivy/pkg/types" + easyjson "github.com/mailru/easyjson" + jlexer "github.com/mailru/easyjson/jlexer" + jwriter "github.com/mailru/easyjson/jwriter" + time "time" ) // suppress unused package warning @@ -179,7 +178,7 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgModuleSerialize2(in *jle case "Class": out.Class = types.ResultClass(in.String()) case "Type": - out.Type = string(in.String()) + out.Type = types1.TargetType(in.String()) case "Packages": if in.IsNull() { in.Skip() @@ -282,6 +281,29 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgModuleSerialize2(in *jle } in.Delim(']') } + case "Licenses": + if in.IsNull() { + in.Skip() + out.Licenses = nil + } else { + in.Delim('[') + if out.Licenses == nil { + if !in.IsDelim(']') { + out.Licenses = make([]types.DetectedLicense, 0, 0) + } else { + out.Licenses = []types.DetectedLicense{} + } + } else { + out.Licenses = (out.Licenses)[:0] + } + for !in.IsDelim(']') { + var v11 types.DetectedLicense + easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgTypes3(in, &v11) + out.Licenses = append(out.Licenses, v11) + in.WantComma() + } + in.Delim(']') + } case "CustomResources": if in.IsNull() { in.Skip() @@ -298,9 +320,9 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgModuleSerialize2(in *jle out.CustomResources = (out.CustomResources)[:0] } for !in.IsDelim(']') { - var v11 types1.CustomResource - easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes2(in, &v11) - out.CustomResources = append(out.CustomResources, v11) + var v12 types1.CustomResource + easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes2(in, &v12) + out.CustomResources = append(out.CustomResources, v12) in.WantComma() } in.Delim(']') @@ -339,11 +361,11 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgModuleSerialize2(out *jw out.RawString(prefix) { out.RawByte('[') - for v12, v13 := range in.Packages { - if v12 > 0 { + for v13, v14 := range in.Packages { + if v13 > 0 { out.RawByte(',') } - easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes(out, v13) + easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes(out, v14) } out.RawByte(']') } @@ -353,11 +375,11 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgModuleSerialize2(out *jw out.RawString(prefix) { out.RawByte('[') - for v14, v15 := range in.Vulnerabilities { - if v14 > 0 { + for v15, v16 := range in.Vulnerabilities { + if v15 > 0 { out.RawByte(',') } - easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgTypes(out, v15) + easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgTypes(out, v16) } out.RawByte(']') } @@ -372,11 +394,11 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgModuleSerialize2(out *jw out.RawString(prefix) { out.RawByte('[') - for v16, v17 := range in.Misconfigurations { - if v16 > 0 { + for v17, v18 := range in.Misconfigurations { + if v17 > 0 { out.RawByte(',') } - easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgTypes2(out, v17) + easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgTypes2(out, v18) } out.RawByte(']') } @@ -386,11 +408,25 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgModuleSerialize2(out *jw out.RawString(prefix) { out.RawByte('[') - for v18, v19 := range in.Secrets { - if v18 > 0 { + for v19, v20 := range in.Secrets { + if v19 > 0 { + out.RawByte(',') + } + easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes1(out, v20) + } + out.RawByte(']') + } + } + if len(in.Licenses) != 0 { + const prefix string = ",\"Licenses\":" + out.RawString(prefix) + { + out.RawByte('[') + for v21, v22 := range in.Licenses { + if v21 > 0 { out.RawByte(',') } - easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes1(out, v19) + easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgTypes3(out, v22) } out.RawByte(']') } @@ -400,11 +436,11 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgModuleSerialize2(out *jw out.RawString(prefix) { out.RawByte('[') - for v20, v21 := range in.CustomResources { - if v20 > 0 { + for v23, v24 := range in.CustomResources { + if v23 > 0 { out.RawByte(',') } - easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes2(out, v21) + easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes2(out, v24) } out.RawByte(']') } @@ -533,6 +569,8 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes3(in *jlexer.L out.Digest = string(in.String()) case "DiffID": out.DiffID = string(in.String()) + case "CreatedBy": + out.CreatedBy = string(in.String()) default: in.SkipRecursive() } @@ -563,6 +601,100 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes3(out *jwriter } out.String(string(in.DiffID)) } + if in.CreatedBy != "" { + const prefix string = ",\"CreatedBy\":" + if first { + first = false + out.RawString(prefix[1:]) + } else { + out.RawString(prefix) + } + out.String(string(in.CreatedBy)) + } + out.RawByte('}') +} +func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgTypes3(in *jlexer.Lexer, out *types.DetectedLicense) { + isTopLevel := in.IsStart() + if in.IsNull() { + if isTopLevel { + in.Consumed() + } + in.Skip() + return + } + in.Delim('{') + for !in.IsDelim('}') { + key := in.UnsafeFieldName(false) + in.WantColon() + if in.IsNull() { + in.Skip() + in.WantComma() + continue + } + switch key { + case "Severity": + out.Severity = string(in.String()) + case "Category": + out.Category = types1.LicenseCategory(in.String()) + case "PkgName": + out.PkgName = string(in.String()) + case "FilePath": + out.FilePath = string(in.String()) + case "Name": + out.Name = string(in.String()) + case "Confidence": + out.Confidence = float64(in.Float64()) + case "Link": + out.Link = string(in.String()) + default: + in.SkipRecursive() + } + in.WantComma() + } + in.Delim('}') + if isTopLevel { + in.Consumed() + } +} +func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgTypes3(out *jwriter.Writer, in types.DetectedLicense) { + out.RawByte('{') + first := true + _ = first + { + const prefix string = ",\"Severity\":" + out.RawString(prefix[1:]) + out.String(string(in.Severity)) + } + { + const prefix string = ",\"Category\":" + out.RawString(prefix) + out.String(string(in.Category)) + } + { + const prefix string = ",\"PkgName\":" + out.RawString(prefix) + out.String(string(in.PkgName)) + } + { + const prefix string = ",\"FilePath\":" + out.RawString(prefix) + out.String(string(in.FilePath)) + } + { + const prefix string = ",\"Name\":" + out.RawString(prefix) + out.String(string(in.Name)) + } + { + const prefix string = ",\"Confidence\":" + out.RawString(prefix) + out.Float64(float64(in.Confidence)) + } + { + const prefix string = ",\"Link\":" + out.RawString(prefix) + out.String(string(in.Link)) + } out.RawByte('}') } func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes1(in *jlexer.Lexer, out *types1.SecretFinding) { @@ -596,8 +728,12 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes1(in *jlexer.L out.StartLine = int(in.Int()) case "EndLine": out.EndLine = int(in.Int()) + case "Code": + easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes4(in, &out.Code) case "Match": out.Match = string(in.String()) + case "Layer": + easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes3(in, &out.Layer) default: in.SkipRecursive() } @@ -623,29 +759,204 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes1(out *jwriter out.String(string(in.Category)) } { - const prefix string = ",\"Severity\":" + const prefix string = ",\"Severity\":" + out.RawString(prefix) + out.String(string(in.Severity)) + } + { + const prefix string = ",\"Title\":" + out.RawString(prefix) + out.String(string(in.Title)) + } + { + const prefix string = ",\"StartLine\":" + out.RawString(prefix) + out.Int(int(in.StartLine)) + } + { + const prefix string = ",\"EndLine\":" + out.RawString(prefix) + out.Int(int(in.EndLine)) + } + { + const prefix string = ",\"Code\":" + out.RawString(prefix) + easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes4(out, in.Code) + } + { + const prefix string = ",\"Match\":" + out.RawString(prefix) + out.String(string(in.Match)) + } + if true { + const prefix string = ",\"Layer\":" + out.RawString(prefix) + easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes3(out, in.Layer) + } + out.RawByte('}') +} +func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes4(in *jlexer.Lexer, out *types1.Code) { + isTopLevel := in.IsStart() + if in.IsNull() { + if isTopLevel { + in.Consumed() + } + in.Skip() + return + } + in.Delim('{') + for !in.IsDelim('}') { + key := in.UnsafeFieldName(false) + in.WantColon() + if in.IsNull() { + in.Skip() + in.WantComma() + continue + } + switch key { + case "Lines": + if in.IsNull() { + in.Skip() + out.Lines = nil + } else { + in.Delim('[') + if out.Lines == nil { + if !in.IsDelim(']') { + out.Lines = make([]types1.Line, 0, 0) + } else { + out.Lines = []types1.Line{} + } + } else { + out.Lines = (out.Lines)[:0] + } + for !in.IsDelim(']') { + var v25 types1.Line + easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes5(in, &v25) + out.Lines = append(out.Lines, v25) + in.WantComma() + } + in.Delim(']') + } + default: + in.SkipRecursive() + } + in.WantComma() + } + in.Delim('}') + if isTopLevel { + in.Consumed() + } +} +func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes4(out *jwriter.Writer, in types1.Code) { + out.RawByte('{') + first := true + _ = first + { + const prefix string = ",\"Lines\":" + out.RawString(prefix[1:]) + if in.Lines == nil && (out.Flags&jwriter.NilSliceAsEmpty) == 0 { + out.RawString("null") + } else { + out.RawByte('[') + for v26, v27 := range in.Lines { + if v26 > 0 { + out.RawByte(',') + } + easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes5(out, v27) + } + out.RawByte(']') + } + } + out.RawByte('}') +} +func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes5(in *jlexer.Lexer, out *types1.Line) { + isTopLevel := in.IsStart() + if in.IsNull() { + if isTopLevel { + in.Consumed() + } + in.Skip() + return + } + in.Delim('{') + for !in.IsDelim('}') { + key := in.UnsafeFieldName(false) + in.WantColon() + if in.IsNull() { + in.Skip() + in.WantComma() + continue + } + switch key { + case "Number": + out.Number = int(in.Int()) + case "Content": + out.Content = string(in.String()) + case "IsCause": + out.IsCause = bool(in.Bool()) + case "Annotation": + out.Annotation = string(in.String()) + case "Truncated": + out.Truncated = bool(in.Bool()) + case "Highlighted": + out.Highlighted = string(in.String()) + case "FirstCause": + out.FirstCause = bool(in.Bool()) + case "LastCause": + out.LastCause = bool(in.Bool()) + default: + in.SkipRecursive() + } + in.WantComma() + } + in.Delim('}') + if isTopLevel { + in.Consumed() + } +} +func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes5(out *jwriter.Writer, in types1.Line) { + out.RawByte('{') + first := true + _ = first + { + const prefix string = ",\"Number\":" + out.RawString(prefix[1:]) + out.Int(int(in.Number)) + } + { + const prefix string = ",\"Content\":" + out.RawString(prefix) + out.String(string(in.Content)) + } + { + const prefix string = ",\"IsCause\":" + out.RawString(prefix) + out.Bool(bool(in.IsCause)) + } + { + const prefix string = ",\"Annotation\":" out.RawString(prefix) - out.String(string(in.Severity)) + out.String(string(in.Annotation)) } { - const prefix string = ",\"Title\":" + const prefix string = ",\"Truncated\":" out.RawString(prefix) - out.String(string(in.Title)) + out.Bool(bool(in.Truncated)) } - { - const prefix string = ",\"StartLine\":" + if in.Highlighted != "" { + const prefix string = ",\"Highlighted\":" out.RawString(prefix) - out.Int(int(in.StartLine)) + out.String(string(in.Highlighted)) } { - const prefix string = ",\"EndLine\":" + const prefix string = ",\"FirstCause\":" out.RawString(prefix) - out.Int(int(in.EndLine)) + out.Bool(bool(in.FirstCause)) } { - const prefix string = ",\"Match\":" + const prefix string = ",\"LastCause\":" out.RawString(prefix) - out.String(string(in.Match)) + out.Bool(bool(in.LastCause)) } out.RawByte('}') } @@ -672,6 +983,8 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgTypes2(in *jlexer.Lexer, out.Type = string(in.String()) case "ID": out.ID = string(in.String()) + case "AVDID": + out.AVDID = string(in.String()) case "Title": out.Title = string(in.String()) case "Description": @@ -704,9 +1017,9 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgTypes2(in *jlexer.Lexer, out.References = (out.References)[:0] } for !in.IsDelim(']') { - var v22 string - v22 = string(in.String()) - out.References = append(out.References, v22) + var v28 string + v28 = string(in.String()) + out.References = append(out.References, v28) in.WantComma() } in.Delim(']') @@ -716,7 +1029,7 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgTypes2(in *jlexer.Lexer, case "Layer": easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes3(in, &out.Layer) case "CauseMetadata": - easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes4(in, &out.CauseMetadata) + easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes6(in, &out.CauseMetadata) case "Traces": if in.IsNull() { in.Skip() @@ -733,9 +1046,9 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgTypes2(in *jlexer.Lexer, out.Traces = (out.Traces)[:0] } for !in.IsDelim(']') { - var v23 string - v23 = string(in.String()) - out.Traces = append(out.Traces, v23) + var v29 string + v29 = string(in.String()) + out.Traces = append(out.Traces, v29) in.WantComma() } in.Delim(']') @@ -770,6 +1083,16 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgTypes2(out *jwriter.Writ } out.String(string(in.ID)) } + if in.AVDID != "" { + const prefix string = ",\"AVDID\":" + if first { + first = false + out.RawString(prefix[1:]) + } else { + out.RawString(prefix) + } + out.String(string(in.AVDID)) + } if in.Title != "" { const prefix string = ",\"Title\":" if first { @@ -860,11 +1183,11 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgTypes2(out *jwriter.Writ } { out.RawByte('[') - for v24, v25 := range in.References { - if v24 > 0 { + for v30, v31 := range in.References { + if v30 > 0 { out.RawByte(',') } - out.String(string(v25)) + out.String(string(v31)) } out.RawByte(']') } @@ -897,7 +1220,7 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgTypes2(out *jwriter.Writ } else { out.RawString(prefix) } - easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes4(out, in.CauseMetadata) + easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes6(out, in.CauseMetadata) } if len(in.Traces) != 0 { const prefix string = ",\"Traces\":" @@ -909,18 +1232,18 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgTypes2(out *jwriter.Writ } { out.RawByte('[') - for v26, v27 := range in.Traces { - if v26 > 0 { + for v32, v33 := range in.Traces { + if v32 > 0 { out.RawByte(',') } - out.String(string(v27)) + out.String(string(v33)) } out.RawByte(']') } } out.RawByte('}') } -func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes4(in *jlexer.Lexer, out *types1.CauseMetadata) { +func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes6(in *jlexer.Lexer, out *types1.CauseMetadata) { isTopLevel := in.IsStart() if in.IsNull() { if isTopLevel { @@ -950,7 +1273,30 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes4(in *jlexer.L case "EndLine": out.EndLine = int(in.Int()) case "Code": - easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes5(in, &out.Code) + easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes4(in, &out.Code) + case "Occurrences": + if in.IsNull() { + in.Skip() + out.Occurrences = nil + } else { + in.Delim('[') + if out.Occurrences == nil { + if !in.IsDelim(']') { + out.Occurrences = make([]types1.Occurrence, 0, 1) + } else { + out.Occurrences = []types1.Occurrence{} + } + } else { + out.Occurrences = (out.Occurrences)[:0] + } + for !in.IsDelim(']') { + var v34 types1.Occurrence + easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes7(in, &v34) + out.Occurrences = append(out.Occurrences, v34) + in.WantComma() + } + in.Delim(']') + } default: in.SkipRecursive() } @@ -961,7 +1307,7 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes4(in *jlexer.L in.Consumed() } } -func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes4(out *jwriter.Writer, in types1.CauseMetadata) { +func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes6(out *jwriter.Writer, in types1.CauseMetadata) { out.RawByte('{') first := true _ = first @@ -1019,11 +1365,30 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes4(out *jwriter } else { out.RawString(prefix) } - easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes5(out, in.Code) + easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes4(out, in.Code) + } + if len(in.Occurrences) != 0 { + const prefix string = ",\"Occurrences\":" + if first { + first = false + out.RawString(prefix[1:]) + } else { + out.RawString(prefix) + } + { + out.RawByte('[') + for v35, v36 := range in.Occurrences { + if v35 > 0 { + out.RawByte(',') + } + easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes7(out, v36) + } + out.RawByte(']') + } } out.RawByte('}') } -func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes5(in *jlexer.Lexer, out *types1.Code) { +func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes7(in *jlexer.Lexer, out *types1.Occurrence) { isTopLevel := in.IsStart() if in.IsNull() { if isTopLevel { @@ -1042,29 +1407,12 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes5(in *jlexer.L continue } switch key { - case "Lines": - if in.IsNull() { - in.Skip() - out.Lines = nil - } else { - in.Delim('[') - if out.Lines == nil { - if !in.IsDelim(']') { - out.Lines = make([]types1.Line, 0, 0) - } else { - out.Lines = []types1.Line{} - } - } else { - out.Lines = (out.Lines)[:0] - } - for !in.IsDelim(']') { - var v28 types1.Line - easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes6(in, &v28) - out.Lines = append(out.Lines, v28) - in.WantComma() - } - in.Delim(']') - } + case "Resource": + out.Resource = string(in.String()) + case "Filename": + out.Filename = string(in.String()) + case "Location": + easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes8(in, &out.Location) default: in.SkipRecursive() } @@ -1075,29 +1423,39 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes5(in *jlexer.L in.Consumed() } } -func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes5(out *jwriter.Writer, in types1.Code) { +func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes7(out *jwriter.Writer, in types1.Occurrence) { out.RawByte('{') first := true _ = first - { - const prefix string = ",\"Lines\":" + if in.Resource != "" { + const prefix string = ",\"Resource\":" + first = false out.RawString(prefix[1:]) - if in.Lines == nil && (out.Flags&jwriter.NilSliceAsEmpty) == 0 { - out.RawString("null") + out.String(string(in.Resource)) + } + if in.Filename != "" { + const prefix string = ",\"Filename\":" + if first { + first = false + out.RawString(prefix[1:]) } else { - out.RawByte('[') - for v29, v30 := range in.Lines { - if v29 > 0 { - out.RawByte(',') - } - easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes6(out, v30) - } - out.RawByte(']') + out.RawString(prefix) + } + out.String(string(in.Filename)) + } + { + const prefix string = ",\"Location\":" + if first { + first = false + out.RawString(prefix[1:]) + } else { + out.RawString(prefix) } + easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes8(out, in.Location) } out.RawByte('}') } -func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes6(in *jlexer.Lexer, out *types1.Line) { +func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes8(in *jlexer.Lexer, out *types1.Location) { isTopLevel := in.IsStart() if in.IsNull() { if isTopLevel { @@ -1116,22 +1474,10 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes6(in *jlexer.L continue } switch key { - case "Number": - out.Number = int(in.Int()) - case "Content": - out.Content = string(in.String()) - case "IsCause": - out.IsCause = bool(in.Bool()) - case "Annotation": - out.Annotation = string(in.String()) - case "Truncated": - out.Truncated = bool(in.Bool()) - case "Highlighted": - out.Highlighted = string(in.String()) - case "FirstCause": - out.FirstCause = bool(in.Bool()) - case "LastCause": - out.LastCause = bool(in.Bool()) + case "StartLine": + out.StartLine = int(in.Int()) + case "EndLine": + out.EndLine = int(in.Int()) default: in.SkipRecursive() } @@ -1142,49 +1488,25 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes6(in *jlexer.L in.Consumed() } } -func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes6(out *jwriter.Writer, in types1.Line) { +func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes8(out *jwriter.Writer, in types1.Location) { out.RawByte('{') first := true _ = first - { - const prefix string = ",\"Number\":" + if in.StartLine != 0 { + const prefix string = ",\"StartLine\":" + first = false out.RawString(prefix[1:]) - out.Int(int(in.Number)) - } - { - const prefix string = ",\"Content\":" - out.RawString(prefix) - out.String(string(in.Content)) - } - { - const prefix string = ",\"IsCause\":" - out.RawString(prefix) - out.Bool(bool(in.IsCause)) - } - { - const prefix string = ",\"Annotation\":" - out.RawString(prefix) - out.String(string(in.Annotation)) - } - { - const prefix string = ",\"Truncated\":" - out.RawString(prefix) - out.Bool(bool(in.Truncated)) - } - if in.Highlighted != "" { - const prefix string = ",\"Highlighted\":" - out.RawString(prefix) - out.String(string(in.Highlighted)) - } - { - const prefix string = ",\"FirstCause\":" - out.RawString(prefix) - out.Bool(bool(in.FirstCause)) + out.Int(int(in.StartLine)) } - { - const prefix string = ",\"LastCause\":" - out.RawString(prefix) - out.Bool(bool(in.LastCause)) + if in.EndLine != 0 { + const prefix string = ",\"EndLine\":" + if first { + first = false + out.RawString(prefix[1:]) + } else { + out.RawString(prefix) + } + out.Int(int(in.EndLine)) } out.RawByte('}') } @@ -1281,9 +1603,9 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgTypes(in *jlexer.Lexer, out.VendorIDs = (out.VendorIDs)[:0] } for !in.IsDelim(']') { - var v31 string - v31 = string(in.String()) - out.VendorIDs = append(out.VendorIDs, v31) + var v37 string + v37 = string(in.String()) + out.VendorIDs = append(out.VendorIDs, v37) in.WantComma() } in.Delim(']') @@ -1298,6 +1620,10 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgTypes(in *jlexer.Lexer, out.InstalledVersion = string(in.String()) case "FixedVersion": out.FixedVersion = string(in.String()) + case "Status": + if data := in.Raw(); in.Ok() { + in.AddError((out.Status).UnmarshalJSON(data)) + } case "Layer": easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes3(in, &out.Layer) case "SeveritySource": @@ -1346,9 +1672,9 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgTypes(in *jlexer.Lexer, out.CweIDs = (out.CweIDs)[:0] } for !in.IsDelim(']') { - var v32 string - v32 = string(in.String()) - out.CweIDs = append(out.CweIDs, v32) + var v38 string + v38 = string(in.String()) + out.CweIDs = append(out.CweIDs, v38) in.WantComma() } in.Delim(']') @@ -1366,9 +1692,9 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgTypes(in *jlexer.Lexer, for !in.IsDelim('}') { key := types2.SourceID(in.String()) in.WantColon() - var v33 types2.Severity - v33 = types2.Severity(in.Int()) - (out.VendorSeverity)[key] = v33 + var v39 types2.Severity + v39 = types2.Severity(in.Int()) + (out.VendorSeverity)[key] = v39 in.WantComma() } in.Delim('}') @@ -1386,9 +1712,9 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgTypes(in *jlexer.Lexer, for !in.IsDelim('}') { key := types2.SourceID(in.String()) in.WantColon() - var v34 types2.CVSS - easyjson6601e8cdDecodeGithubComAquasecurityTrivyDbPkgTypes1(in, &v34) - (out.CVSS)[key] = v34 + var v40 types2.CVSS + easyjson6601e8cdDecodeGithubComAquasecurityTrivyDbPkgTypes1(in, &v40) + (out.CVSS)[key] = v40 in.WantComma() } in.Delim('}') @@ -1409,9 +1735,9 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgTypes(in *jlexer.Lexer, out.References = (out.References)[:0] } for !in.IsDelim(']') { - var v35 string - v35 = string(in.String()) - out.References = append(out.References, v35) + var v41 string + v41 = string(in.String()) + out.References = append(out.References, v41) in.WantComma() } in.Delim(']') @@ -1470,11 +1796,11 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgTypes(out *jwriter.Write } { out.RawByte('[') - for v36, v37 := range in.VendorIDs { - if v36 > 0 { + for v42, v43 := range in.VendorIDs { + if v42 > 0 { out.RawByte(',') } - out.String(string(v37)) + out.String(string(v43)) } out.RawByte(']') } @@ -1529,6 +1855,16 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgTypes(out *jwriter.Write } out.String(string(in.FixedVersion)) } + if in.Status != 0 { + const prefix string = ",\"Status\":" + if first { + first = false + out.RawString(prefix[1:]) + } else { + out.RawString(prefix) + } + out.Raw((in.Status).MarshalJSON()) + } if true { const prefix string = ",\"Layer\":" if first { @@ -1635,11 +1971,11 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgTypes(out *jwriter.Write } { out.RawByte('[') - for v38, v39 := range in.CweIDs { - if v38 > 0 { + for v44, v45 := range in.CweIDs { + if v44 > 0 { out.RawByte(',') } - out.String(string(v39)) + out.String(string(v45)) } out.RawByte(']') } @@ -1654,16 +1990,16 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgTypes(out *jwriter.Write } { out.RawByte('{') - v40First := true - for v40Name, v40Value := range in.VendorSeverity { - if v40First { - v40First = false + v46First := true + for v46Name, v46Value := range in.VendorSeverity { + if v46First { + v46First = false } else { out.RawByte(',') } - out.String(string(v40Name)) + out.String(string(v46Name)) out.RawByte(':') - out.Int(int(v40Value)) + out.Int(int(v46Value)) } out.RawByte('}') } @@ -1678,16 +2014,16 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgTypes(out *jwriter.Write } { out.RawByte('{') - v41First := true - for v41Name, v41Value := range in.CVSS { - if v41First { - v41First = false + v47First := true + for v47Name, v47Value := range in.CVSS { + if v47First { + v47First = false } else { out.RawByte(',') } - out.String(string(v41Name)) + out.String(string(v47Name)) out.RawByte(':') - easyjson6601e8cdEncodeGithubComAquasecurityTrivyDbPkgTypes1(out, v41Value) + easyjson6601e8cdEncodeGithubComAquasecurityTrivyDbPkgTypes1(out, v47Value) } out.RawByte('}') } @@ -1702,11 +2038,11 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgTypes(out *jwriter.Write } { out.RawByte('[') - for v42, v43 := range in.References { - if v42 > 0 { + for v48, v49 := range in.References { + if v48 > 0 { out.RawByte(',') } - out.String(string(v43)) + out.String(string(v49)) } out.RawByte(']') } @@ -1910,6 +2246,8 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes(in *jlexer.Le out.Epoch = int(in.Int()) case "Arch": out.Arch = string(in.String()) + case "Dev": + out.Dev = bool(in.Bool()) case "SrcName": out.SrcName = string(in.String()) case "SrcVersion": @@ -1934,13 +2272,15 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes(in *jlexer.Le out.Licenses = (out.Licenses)[:0] } for !in.IsDelim(']') { - var v44 string - v44 = string(in.String()) - out.Licenses = append(out.Licenses, v44) + var v50 string + v50 = string(in.String()) + out.Licenses = append(out.Licenses, v50) in.WantComma() } in.Delim(']') } + case "Maintainer": + out.Maintainer = string(in.String()) case "Modularitylabel": out.Modularitylabel = string(in.String()) case "BuildInfo": @@ -1951,9 +2291,9 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes(in *jlexer.Le if out.BuildInfo == nil { out.BuildInfo = new(types1.BuildInfo) } - easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes7(in, out.BuildInfo) + easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes9(in, out.BuildInfo) } - case "PkgRef": + case "Ref": out.Ref = string(in.String()) case "Indirect": out.Indirect = bool(in.Bool()) @@ -1973,9 +2313,9 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes(in *jlexer.Le out.DependsOn = (out.DependsOn)[:0] } for !in.IsDelim(']') { - var v45 string - v45 = string(in.String()) - out.DependsOn = append(out.DependsOn, v45) + var v51 string + v51 = string(in.String()) + out.DependsOn = append(out.DependsOn, v51) in.WantComma() } in.Delim(']') @@ -1984,6 +2324,31 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes(in *jlexer.Le easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes3(in, &out.Layer) case "FilePath": out.FilePath = string(in.String()) + case "Digest": + out.Digest = digest.Digest(in.String()) + case "Locations": + if in.IsNull() { + in.Skip() + out.Locations = nil + } else { + in.Delim('[') + if out.Locations == nil { + if !in.IsDelim(']') { + out.Locations = make([]types1.Location, 0, 4) + } else { + out.Locations = []types1.Location{} + } + } else { + out.Locations = (out.Locations)[:0] + } + for !in.IsDelim(']') { + var v52 types1.Location + easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes8(in, &v52) + out.Locations = append(out.Locations, v52) + in.WantComma() + } + in.Delim(']') + } default: in.SkipRecursive() } @@ -2054,6 +2419,16 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes(out *jwriter. } out.String(string(in.Arch)) } + if in.Dev { + const prefix string = ",\"Dev\":" + if first { + first = false + out.RawString(prefix[1:]) + } else { + out.RawString(prefix) + } + out.Bool(bool(in.Dev)) + } if in.SrcName != "" { const prefix string = ",\"SrcName\":" if first { @@ -2104,15 +2479,25 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes(out *jwriter. } { out.RawByte('[') - for v46, v47 := range in.Licenses { - if v46 > 0 { + for v53, v54 := range in.Licenses { + if v53 > 0 { out.RawByte(',') } - out.String(string(v47)) + out.String(string(v54)) } out.RawByte(']') } } + if in.Maintainer != "" { + const prefix string = ",\"Maintainer\":" + if first { + first = false + out.RawString(prefix[1:]) + } else { + out.RawString(prefix) + } + out.String(string(in.Maintainer)) + } if in.Modularitylabel != "" { const prefix string = ",\"Modularitylabel\":" if first { @@ -2131,10 +2516,10 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes(out *jwriter. } else { out.RawString(prefix) } - easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes7(out, *in.BuildInfo) + easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes9(out, *in.BuildInfo) } if in.Ref != "" { - const prefix string = ",\"PkgRef\":" + const prefix string = ",\"Ref\":" if first { first = false out.RawString(prefix[1:]) @@ -2163,11 +2548,11 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes(out *jwriter. } { out.RawByte('[') - for v48, v49 := range in.DependsOn { - if v48 > 0 { + for v55, v56 := range in.DependsOn { + if v55 > 0 { out.RawByte(',') } - out.String(string(v49)) + out.String(string(v56)) } out.RawByte(']') } @@ -2192,9 +2577,38 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes(out *jwriter. } out.String(string(in.FilePath)) } + if in.Digest != "" { + const prefix string = ",\"Digest\":" + if first { + first = false + out.RawString(prefix[1:]) + } else { + out.RawString(prefix) + } + out.String(string(in.Digest)) + } + if len(in.Locations) != 0 { + const prefix string = ",\"Locations\":" + if first { + first = false + out.RawString(prefix[1:]) + } else { + out.RawString(prefix) + } + { + out.RawByte('[') + for v57, v58 := range in.Locations { + if v57 > 0 { + out.RawByte(',') + } + easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes8(out, v58) + } + out.RawByte(']') + } + } out.RawByte('}') } -func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes7(in *jlexer.Lexer, out *types1.BuildInfo) { +func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes9(in *jlexer.Lexer, out *types1.BuildInfo) { isTopLevel := in.IsStart() if in.IsNull() { if isTopLevel { @@ -2229,9 +2643,9 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes7(in *jlexer.L out.ContentSets = (out.ContentSets)[:0] } for !in.IsDelim(']') { - var v50 string - v50 = string(in.String()) - out.ContentSets = append(out.ContentSets, v50) + var v59 string + v59 = string(in.String()) + out.ContentSets = append(out.ContentSets, v59) in.WantComma() } in.Delim(']') @@ -2250,7 +2664,7 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgFanalTypes7(in *jlexer.L in.Consumed() } } -func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes7(out *jwriter.Writer, in types1.BuildInfo) { +func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes9(out *jwriter.Writer, in types1.BuildInfo) { out.RawByte('{') first := true _ = first @@ -2260,11 +2674,11 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgFanalTypes7(out *jwriter out.RawString(prefix[1:]) { out.RawByte('[') - for v51, v52 := range in.ContentSets { - if v51 > 0 { + for v60, v61 := range in.ContentSets { + if v60 > 0 { out.RawByte(',') } - out.String(string(v52)) + out.String(string(v61)) } out.RawByte(']') } @@ -2328,9 +2742,9 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgModuleSerialize3(in *jle out.IDs = (out.IDs)[:0] } for !in.IsDelim(']') { - var v53 string - v53 = string(in.String()) - out.IDs = append(out.IDs, v53) + var v62 string + v62 = string(in.String()) + out.IDs = append(out.IDs, v62) in.WantComma() } in.Delim(']') @@ -2361,11 +2775,11 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgModuleSerialize3(out *jw out.RawString("null") } else { out.RawByte('[') - for v54, v55 := range in.IDs { - if v54 > 0 { + for v63, v64 := range in.IDs { + if v63 > 0 { out.RawByte(',') } - out.String(string(v55)) + out.String(string(v64)) } out.RawByte(']') } @@ -2431,9 +2845,9 @@ func easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgModuleSerialize4(in *jle out.CustomResources = (out.CustomResources)[:0] } for !in.IsDelim(']') { - var v56 CustomResource - easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgModuleSerialize5(in, &v56) - out.CustomResources = append(out.CustomResources, v56) + var v65 CustomResource + easyjson6601e8cdDecodeGithubComAquasecurityTrivyPkgModuleSerialize5(in, &v65) + out.CustomResources = append(out.CustomResources, v65) in.WantComma() } in.Delim(']') @@ -2459,11 +2873,11 @@ func easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgModuleSerialize4(out *jw out.RawString("null") } else { out.RawByte('[') - for v57, v58 := range in.CustomResources { - if v57 > 0 { + for v66, v67 := range in.CustomResources { + if v66 > 0 { out.RawByte(',') } - easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgModuleSerialize5(out, v58) + easyjson6601e8cdEncodeGithubComAquasecurityTrivyPkgModuleSerialize5(out, v67) } out.RawByte(']') } diff --git a/pkg/purl/purl.go b/pkg/purl/purl.go index 92887bb534e5..c1ac67902c7e 100644 --- a/pkg/purl/purl.go +++ b/pkg/purl/purl.go @@ -10,7 +10,6 @@ import ( packageurl "github.com/package-url/packageurl-go" "golang.org/x/xerrors" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/scanner/utils" "github.com/aquasecurity/trivy/pkg/types" @@ -81,7 +80,7 @@ func (p *PackageURL) Package() *ftypes.Package { } // TODO: replace with packageurl.TypeGradle once they add it. - if p.Type == packageurl.TypeMaven || p.Type == ftypes.Gradle { + if p.Type == packageurl.TypeMaven || p.Type == string(ftypes.Gradle) { // Maven and Gradle packages separate ":" // e.g. org.springframework:spring-core pkg.Name = strings.Join([]string{ @@ -98,8 +97,8 @@ func (p *PackageURL) Package() *ftypes.Package { return pkg } -// PackageType returns an application type in Trivy -func (p *PackageURL) PackageType() string { +// LangType returns an application type in Trivy +func (p *PackageURL) LangType() ftypes.LangType { switch p.Type { case packageurl.TypeComposer: return ftypes.Composer @@ -132,7 +131,7 @@ func (p *PackageURL) PackageType() string { case packageurl.TypeBitnami: return ftypes.Bitnami } - return p.Type + return "unknown" } func (p *PackageURL) IsOSPkg() bool { @@ -158,7 +157,7 @@ func (p *PackageURL) BOMRef() string { } // nolint: gocyclo -func NewPackageURL(t string, metadata types.Metadata, pkg ftypes.Package) (PackageURL, error) { +func NewPackageURL(t ftypes.TargetType, metadata types.Metadata, pkg ftypes.Package) (PackageURL, error) { var qualifiers packageurl.Qualifiers if metadata.OS != nil { qualifiers = parseQualifier(pkg) @@ -174,17 +173,17 @@ func NewPackageURL(t string, metadata types.Metadata, pkg ftypes.Package) (Packa switch ptype { case packageurl.TypeRPM: ns, qs := parseRPM(metadata.OS, pkg.Modularitylabel) - namespace = ns + namespace = string(ns) qualifiers = append(qualifiers, qs...) case packageurl.TypeDebian: qualifiers = append(qualifiers, parseDeb(metadata.OS)...) if metadata.OS != nil { - namespace = metadata.OS.Family + namespace = string(metadata.OS.Family) } case TypeAPK: // TODO: replace with packageurl.TypeApk once they add it. qualifiers = append(qualifiers, parseApk(metadata.OS)...) if metadata.OS != nil { - namespace = metadata.OS.Family + namespace = string(metadata.OS.Family) } case packageurl.TypeMaven, string(ftypes.Gradle): // TODO: replace with packageurl.TypeGradle once they add it. namespace, name = parseMaven(name) @@ -277,14 +276,14 @@ func parseDeb(fos *ftypes.OS) packageurl.Qualifiers { } // ref. https://github.com/package-url/purl-spec/blob/a748c36ad415c8aeffe2b8a4a5d8a50d16d6d85f/PURL-TYPES.rst#rpm -func parseRPM(fos *ftypes.OS, modularityLabel string) (string, packageurl.Qualifiers) { +func parseRPM(fos *ftypes.OS, modularityLabel string) (ftypes.OSType, packageurl.Qualifiers) { if fos == nil { return "", packageurl.Qualifiers{} } // SLES string has whitespace family := fos.Family - if fos.Family == os.SLES { + if fos.Family == ftypes.SLES { family = "sles" } @@ -356,7 +355,7 @@ func parseNpm(pkgName string) (string, string) { return parsePkgName(name) } -func purlType(t string) string { +func purlType(t ftypes.TargetType) string { switch t { case ftypes.Jar, ftypes.Pom, ftypes.Gradle: return packageurl.TypeMaven @@ -384,18 +383,18 @@ func purlType(t string) string { return TypeDart // TODO: replace with packageurl.TypeDart once they add it. case ftypes.RustBinary, ftypes.Cargo: return packageurl.TypeCargo - case os.Alpine: + case ftypes.Alpine: return TypeAPK - case os.Debian, os.Ubuntu: + case ftypes.Debian, ftypes.Ubuntu: return packageurl.TypeDebian - case os.RedHat, os.CentOS, os.Rocky, os.Alma, - os.Amazon, os.Fedora, os.Oracle, os.OpenSUSE, - os.OpenSUSELeap, os.OpenSUSETumbleweed, os.SLES, os.Photon: + case ftypes.RedHat, ftypes.CentOS, ftypes.Rocky, ftypes.Alma, + ftypes.Amazon, ftypes.Fedora, ftypes.Oracle, ftypes.OpenSUSE, + ftypes.OpenSUSELeap, ftypes.OpenSUSETumbleweed, ftypes.SLES, ftypes.Photon: return packageurl.TypeRPM case TypeOCI: return packageurl.TypeOCI } - return t + return string(t) } func parseQualifier(pkg ftypes.Package) packageurl.Qualifiers { diff --git a/pkg/purl/purl_test.go b/pkg/purl/purl_test.go index dac5edd0decd..4cdb3f7a2a60 100644 --- a/pkg/purl/purl_test.go +++ b/pkg/purl/purl_test.go @@ -9,17 +9,15 @@ import ( "github.com/stretchr/testify/require" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/purl" "github.com/aquasecurity/trivy/pkg/types" ) func TestNewPackageURL(t *testing.T) { - testCases := []struct { name string - typ string + typ ftypes.TargetType pkg ftypes.Package metadata types.Metadata want purl.PackageURL @@ -272,21 +270,21 @@ func TestNewPackageURL(t *testing.T) { name: "rust binary", typ: ftypes.RustBinary, pkg: ftypes.Package{ - ID: "abomonation@0.7.3", - Name: "abomonation", + ID: "abomination@0.7.3", + Name: "abomination", Version: "0.7.3", }, want: purl.PackageURL{ PackageURL: packageurl.PackageURL{ Type: packageurl.TypeCargo, - Name: "abomonation", + Name: "abomination", Version: "0.7.3", }, }, }, { name: "os package", - typ: os.RedHat, + typ: ftypes.RedHat, pkg: ftypes.Package{ Name: "acl", Version: "2.2.53", @@ -302,7 +300,7 @@ func TestNewPackageURL(t *testing.T) { metadata: types.Metadata{ OS: &ftypes.OS{ - Family: os.RedHat, + Family: ftypes.RedHat, Name: "8", }, }, diff --git a/pkg/remote/remote_test.go b/pkg/remote/remote_test.go index 024d1cacd84e..63a98ba1fce2 100644 --- a/pkg/remote/remote_test.go +++ b/pkg/remote/remote_test.go @@ -4,15 +4,16 @@ import ( "context" "encoding/base64" "fmt" - "github.com/google/go-containerregistry/pkg/name" - v1 "github.com/google/go-containerregistry/pkg/v1" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" "net/http/httptest" "os" "path/filepath" "testing" + "github.com/google/go-containerregistry/pkg/name" + v1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/aquasecurity/testdocker/auth" "github.com/aquasecurity/testdocker/registry" "github.com/aquasecurity/trivy/pkg/fanal/types" diff --git a/pkg/report/github/github.go b/pkg/report/github/github.go index 0e1a95dfa8af..3f1ea7af7b5d 100644 --- a/pkg/report/github/github.go +++ b/pkg/report/github/github.go @@ -101,7 +101,7 @@ func (w Writer) Write(report types.Report) error { } manifest := Manifest{} - manifest.Name = result.Type + manifest.Name = string(result.Type) // show path for language-specific packages only if result.Class == types.ClassLangPkg { manifest.File = &File{ @@ -160,7 +160,7 @@ func getPkgRelationshipType(pkg ftypes.Package) string { return DirectRelationship } -func buildPurl(t string, pkg ftypes.Package) (string, error) { +func buildPurl(t ftypes.TargetType, pkg ftypes.Package) (string, error) { packageUrl, err := purl.NewPackageURL(t, types.Metadata{}, pkg) if err != nil { return "", xerrors.Errorf("purl error: %w", err) diff --git a/pkg/report/predicate/vuln_test.go b/pkg/report/predicate/vuln_test.go index d931622b5998..c574141bfa70 100644 --- a/pkg/report/predicate/vuln_test.go +++ b/pkg/report/predicate/vuln_test.go @@ -10,7 +10,6 @@ import ( dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" - "github.com/aquasecurity/trivy/pkg/clock" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/report/predicate" diff --git a/pkg/report/sarif.go b/pkg/report/sarif.go index 7fb2424ed30b..724691e77886 100644 --- a/pkg/report/sarif.go +++ b/pkg/report/sarif.go @@ -57,7 +57,7 @@ type sarifData struct { fullDescription string helpText string helpMarkdown string - resourceClass string + resourceClass types.ResultClass severity string url string resultIndex int @@ -161,7 +161,7 @@ func (sw *SarifWriter) Write(report types.Report) error { severity: vuln.Severity, cvssScore: getCVSSScore(vuln), url: vuln.PrimaryURL, - resourceClass: string(res.Class), + resourceClass: res.Class, artifactLocation: path, locationMessage: fmt.Sprintf("%v: %v@%v", path, vuln.PkgName, vuln.InstalledVersion), locations: sw.getLocations(vuln.PkgName, vuln.InstalledVersion, path, res.Packages), @@ -183,10 +183,15 @@ func (sw *SarifWriter) Write(report types.Report) error { severity: misconf.Severity, cvssScore: severityToScore(misconf.Severity), url: misconf.PrimaryURL, - resourceClass: string(res.Class), + resourceClass: res.Class, artifactLocation: target, locationMessage: target, - locations: []location{{startLine: misconf.CauseMetadata.StartLine, endLine: misconf.CauseMetadata.EndLine}}, + locations: []location{ + { + startLine: misconf.CauseMetadata.StartLine, + endLine: misconf.CauseMetadata.EndLine, + }, + }, resultIndex: getRuleIndex(misconf.ID, ruleIndexes), shortDescription: html.EscapeString(misconf.Title), fullDescription: html.EscapeString(misconf.Description), @@ -205,10 +210,15 @@ func (sw *SarifWriter) Write(report types.Report) error { severity: secret.Severity, cvssScore: severityToScore(secret.Severity), url: builtinRulesUrl, - resourceClass: string(res.Class), + resourceClass: res.Class, artifactLocation: target, locationMessage: target, - locations: []location{{startLine: secret.StartLine, endLine: secret.EndLine}}, + locations: []location{ + { + startLine: secret.StartLine, + endLine: secret.EndLine, + }, + }, resultIndex: getRuleIndex(secret.RuleID, ruleIndexes), shortDescription: html.EscapeString(secret.Title), fullDescription: html.EscapeString(secret.Match), @@ -229,7 +239,7 @@ func (sw *SarifWriter) Write(report types.Report) error { severity: license.Severity, cvssScore: severityToScore(license.Severity), url: license.Link, - resourceClass: string(res.Class), + resourceClass: res.Class, artifactLocation: target, resultIndex: getRuleIndex(id, ruleIndexes), shortDescription: desc, @@ -256,7 +266,10 @@ func toSarifLocations(locations []location, artifactLocation, locationMessage st var sarifLocs []*sarif.Location // add default (hardcoded) location for vulnerabilities that don't support locations if len(locations) == 0 { - locations = append(locations, location{startLine: 1, endLine: 1}) + locations = append(locations, location{ + startLine: 1, + endLine: 1, + }) } // some dependencies can be placed in multiple places. @@ -279,7 +292,7 @@ func toSarifLocations(locations []location, artifactLocation, locationMessage st return sarifLocs } -func toSarifRuleName(class string) string { +func toSarifRuleName(class types.ResultClass) string { switch class { case types.ClassOSPkg: return sarifOsPackageVulnerability @@ -334,7 +347,10 @@ func (sw *SarifWriter) getLocations(name, version, path string, pkgs []ftypes.Pa for _, pkg := range pkgs { if name == pkg.Name && version == pkg.Version { for _, l := range pkg.Locations { - loc := location{startLine: l.StartLine, endLine: l.EndLine} + loc := location{ + startLine: l.StartLine, + endLine: l.EndLine, + } locs = append(locs, loc) } sw.locationCache[id] = locs diff --git a/pkg/report/table/licensing.go b/pkg/report/table/licensing.go index e87eca732110..e9bce99facdd 100644 --- a/pkg/report/table/licensing.go +++ b/pkg/report/table/licensing.go @@ -6,17 +6,15 @@ import ( "strings" "sync" + "github.com/fatih/color" "golang.org/x/text/cases" "golang.org/x/text/language" "github.com/aquasecurity/table" + "github.com/aquasecurity/tml" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/types" - - "github.com/fatih/color" - - "github.com/aquasecurity/tml" ) type pkgLicenseRenderer struct { diff --git a/pkg/report/table/misconfig.go b/pkg/report/table/misconfig.go index b427c7357de4..6da386c3520a 100644 --- a/pkg/report/table/misconfig.go +++ b/pkg/report/table/misconfig.go @@ -6,13 +6,10 @@ import ( "strings" "github.com/fatih/color" - - dbTypes "github.com/aquasecurity/trivy-db/pkg/types" - "golang.org/x/term" "github.com/aquasecurity/tml" - + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/types" ) diff --git a/pkg/report/table/secret.go b/pkg/report/table/secret.go index f591634080b2..5740e6db8ddb 100644 --- a/pkg/report/table/secret.go +++ b/pkg/report/table/secret.go @@ -8,7 +8,6 @@ import ( "golang.org/x/term" "github.com/aquasecurity/tml" - dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/fanal/types" ) diff --git a/pkg/report/table/secret_test.go b/pkg/report/table/secret_test.go index 5f19db9a0762..3af1b71dde43 100644 --- a/pkg/report/table/secret_test.go +++ b/pkg/report/table/secret_test.go @@ -4,12 +4,11 @@ import ( "strings" "testing" - dbTypes "github.com/aquasecurity/trivy-db/pkg/types" - "github.com/aquasecurity/trivy/pkg/report/table" + "github.com/stretchr/testify/assert" + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" - - "github.com/stretchr/testify/assert" + "github.com/aquasecurity/trivy/pkg/report/table" ) func TestSecretRenderer(t *testing.T) { diff --git a/pkg/report/table/table.go b/pkg/report/table/table.go index 9542c7b6048e..94d63784bca1 100644 --- a/pkg/report/table/table.go +++ b/pkg/report/table/table.go @@ -11,9 +11,8 @@ import ( "github.com/fatih/color" "golang.org/x/exp/slices" - "github.com/aquasecurity/tml" - "github.com/aquasecurity/table" + "github.com/aquasecurity/tml" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/types" xio "github.com/aquasecurity/trivy/pkg/x/io" diff --git a/pkg/report/writer.go b/pkg/report/writer.go index 80fe63980f28..31c606f1e5bf 100644 --- a/pkg/report/writer.go +++ b/pkg/report/writer.go @@ -8,6 +8,7 @@ import ( "golang.org/x/xerrors" cr "github.com/aquasecurity/trivy/pkg/compliance/report" + ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/flag" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/report/cyclonedx" @@ -16,8 +17,6 @@ import ( "github.com/aquasecurity/trivy/pkg/report/spdx" "github.com/aquasecurity/trivy/pkg/report/table" "github.com/aquasecurity/trivy/pkg/types" - - ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" ) const ( diff --git a/pkg/result/filter_test.go b/pkg/result/filter_test.go index a90b6535a23d..96698a1874cd 100644 --- a/pkg/result/filter_test.go +++ b/pkg/result/filter_test.go @@ -57,7 +57,7 @@ func TestFilter(t *testing.T) { }, Misconfigurations: []types.DetectedMisconfiguration{ { - Type: ftypes.Kubernetes, + Type: "Kubernetes Security Check", ID: "ID100", Title: "Bad Deployment", Message: "something bad", @@ -65,7 +65,7 @@ func TestFilter(t *testing.T) { Status: types.StatusFailure, }, { - Type: ftypes.Kubernetes, + Type: "Kubernetes Security Check", ID: "ID200", Title: "Bad Pod", Message: "something bad", @@ -120,7 +120,7 @@ func TestFilter(t *testing.T) { }, Misconfigurations: []types.DetectedMisconfiguration{ { - Type: ftypes.Kubernetes, + Type: "Kubernetes Security Check", ID: "ID100", Title: "Bad Deployment", Message: "something bad", @@ -320,7 +320,7 @@ func TestFilter(t *testing.T) { Class: types.ClassConfig, Misconfigurations: []types.DetectedMisconfiguration{ { - Type: ftypes.Kubernetes, + Type: "Kubernetes Security Check", ID: "ID100", Title: "Bad Deployment", Message: "something bad", @@ -473,7 +473,7 @@ func TestFilter(t *testing.T) { Misconfigurations: []types.DetectedMisconfiguration{ { // this misconfiguration is ignored - Type: ftypes.Kubernetes, + Type: "Kubernetes Security Check", ID: "ID100", Title: "Bad Deployment", Message: "something bad", @@ -482,7 +482,7 @@ func TestFilter(t *testing.T) { }, { // this misconfiguration is ignored - Type: ftypes.Kubernetes, + Type: "Kubernetes Security Check", ID: "ID200", Title: "Bad Deployment", Message: "something bad", @@ -490,7 +490,7 @@ func TestFilter(t *testing.T) { Status: types.StatusFailure, }, { - Type: ftypes.Kubernetes, + Type: "Kubernetes Security Check", ID: "ID300", Title: "Bad Deployment", Message: "something bad", @@ -588,7 +588,7 @@ func TestFilter(t *testing.T) { }, Misconfigurations: []types.DetectedMisconfiguration{ { - Type: ftypes.Kubernetes, + Type: "Kubernetes Security Check", ID: "ID300", Title: "Bad Deployment", Message: "something bad", diff --git a/pkg/rpc/client/client_test.go b/pkg/rpc/client/client_test.go index c6be27d9d305..012d5799ade9 100644 --- a/pkg/rpc/client/client_test.go +++ b/pkg/rpc/client/client_test.go @@ -188,7 +188,7 @@ func TestScanner_Scan(t *testing.T) { b, err := protojson.Marshal(tt.expectation) if err != nil { w.WriteHeader(http.StatusInternalServerError) - fmt.Fprintf(w, "json marshalling error: %v", err) + fmt.Fprintf(w, "json marshaling error: %v", err) return } w.Header().Set("Content-Type", "application/json") diff --git a/pkg/rpc/client/headers_test.go b/pkg/rpc/client/headers_test.go index 4f77c5babde0..8f5ecd6ff607 100644 --- a/pkg/rpc/client/headers_test.go +++ b/pkg/rpc/client/headers_test.go @@ -5,9 +5,8 @@ import ( "net/http" "testing" - "github.com/twitchtv/twirp" - "github.com/stretchr/testify/assert" + "github.com/twitchtv/twirp" ) func TestWithCustomHeaders(t *testing.T) { diff --git a/pkg/rpc/convert.go b/pkg/rpc/convert.go index 3577a5eb2bbf..e5f5362c4e1b 100644 --- a/pkg/rpc/convert.go +++ b/pkg/rpc/convert.go @@ -5,9 +5,8 @@ import ( "time" "github.com/samber/lo" - "google.golang.org/protobuf/types/known/timestamppb" - "google.golang.org/protobuf/types/known/structpb" + "google.golang.org/protobuf/types/known/timestamppb" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/digest" @@ -293,7 +292,7 @@ func ConvertFromRPCResults(rpcResults []*scanner.Result) []types.Result { Vulnerabilities: ConvertFromRPCVulns(result.Vulnerabilities), Misconfigurations: ConvertFromRPCMisconfs(result.Misconfigurations), Class: types.ResultClass(result.Class), - Type: result.Type, + Type: ftypes.TargetType(result.Type), Packages: ConvertFromRPCPkgs(result.Packages), CustomResources: ConvertFromRPCCustomResources(result.CustomResources), Secrets: ConvertFromRPCSecretFindings(result.Secrets), @@ -528,7 +527,7 @@ func ConvertFromRPCOS(rpcOS *common.OS) ftypes.OS { return ftypes.OS{} } return ftypes.OS{ - Family: rpcOS.Family, + Family: ftypes.OSType(rpcOS.Family), Name: rpcOS.Name, Eosl: rpcOS.Eosl, Extended: rpcOS.Extended, @@ -541,7 +540,7 @@ func ConvertFromRPCRepository(rpcRepo *common.Repository) *ftypes.Repository { return nil } return &ftypes.Repository{ - Family: rpcRepo.Family, + Family: ftypes.OSType(rpcRepo.Family), Release: rpcRepo.Release, } } @@ -575,7 +574,7 @@ func ConvertFromRPCApplications(rpcApps []*common.Application) []ftypes.Applicat var apps []ftypes.Application for _, rpcApp := range rpcApps { apps = append(apps, ftypes.Application{ - Type: rpcApp.Type, + Type: ftypes.LangType(rpcApp.Type), FilePath: rpcApp.FilePath, Libraries: ConvertFromRPCPkgs(rpcApp.Libraries), }) @@ -588,7 +587,7 @@ func ConvertFromRPCMisconfigurations(rpcMisconfs []*common.Misconfiguration) []f var misconfs []ftypes.Misconfiguration for _, rpcMisconf := range rpcMisconfs { misconfs = append(misconfs, ftypes.Misconfiguration{ - FileType: rpcMisconf.FileType, + FileType: ftypes.ConfigType(rpcMisconf.FileType), FilePath: rpcMisconf.FilePath, Successes: ConvertFromRPCMisconfResults(rpcMisconf.Successes), Warnings: ConvertFromRPCMisconfResults(rpcMisconf.Warnings), @@ -647,7 +646,7 @@ func ConvertFromRPCPutBlobRequest(req *cache.PutBlobRequest) ftypes.BlobInfo { // ConvertToRPCOS returns common.OS func ConvertToRPCOS(fos ftypes.OS) *common.OS { return &common.OS{ - Family: fos.Family, + Family: string(fos.Family), Name: fos.Name, Eosl: fos.Eosl, Extended: fos.Extended, @@ -660,7 +659,7 @@ func ConvertToRPCRepository(repo *ftypes.Repository) *common.Repository { return nil } return &common.Repository{ - Family: repo.Family, + Family: string(repo.Family), Release: repo.Release, } } @@ -699,7 +698,7 @@ func ConvertToRPCPutBlobRequest(diffID string, blobInfo ftypes.BlobInfo) *cache. var applications []*common.Application for _, app := range blobInfo.Applications { applications = append(applications, &common.Application{ - Type: app.Type, + Type: string(app.Type), FilePath: app.FilePath, Libraries: ConvertToRPCPkgs(app.Libraries), }) @@ -708,7 +707,7 @@ func ConvertToRPCPutBlobRequest(diffID string, blobInfo ftypes.BlobInfo) *cache. var misconfigurations []*common.Misconfiguration for _, m := range blobInfo.Misconfigurations { misconfigurations = append(misconfigurations, &common.Misconfiguration{ - FileType: m.FileType, + FileType: string(m.FileType), FilePath: m.FilePath, Successes: ConvertToMisconfResults(m.Successes), Warnings: ConvertToMisconfResults(m.Warnings), @@ -784,7 +783,7 @@ func ConvertToRPCScanResponse(results types.Results, fos ftypes.OS) *scanner.Sca rpcResults = append(rpcResults, &scanner.Result{ Target: result.Target, Class: string(result.Class), - Type: result.Type, + Type: string(result.Type), Vulnerabilities: ConvertToRPCVulns(result.Vulnerabilities), Misconfigurations: ConvertToRPCMisconfs(result.Misconfigurations), Packages: ConvertToRPCPkgs(result.Packages), diff --git a/pkg/rpc/convert_test.go b/pkg/rpc/convert_test.go index 20fc2661194d..038d24536557 100644 --- a/pkg/rpc/convert_test.go +++ b/pkg/rpc/convert_test.go @@ -9,7 +9,6 @@ import ( dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" - fos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/types" "github.com/aquasecurity/trivy/rpc/common" @@ -300,52 +299,57 @@ func TestConvertFromRPCResults(t *testing.T) { }{ { name: "happy path", - args: args{rpcResults: []*scanner.Result{ - { - Target: "alpine:3.10", - Type: fos.Alpine, - Vulnerabilities: []*common.Vulnerability{ - { - VulnerabilityId: "CVE-2019-0001", - PkgName: "musl", - InstalledVersion: "1.2.3", - FixedVersion: "1.2.4", - Title: "DoS", - Description: "Denial of Service", - Severity: common.Severity_MEDIUM, - SeveritySource: string(vulnerability.NVD), - CweIds: []string{"CWE-123", "CWE-456"}, - VendorSeverity: map[string]common.Severity{ - string(vulnerability.RedHat): common.Severity_MEDIUM, - }, - Cvss: map[string]*common.CVSS{ - string(vulnerability.RedHat): { - V2Vector: "AV:L/AC:L/Au:N/C:C/I:C/A:C", - V3Vector: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - V2Score: 7.2, - V3Score: 7.8, + args: args{ + rpcResults: []*scanner.Result{ + { + Target: "alpine:3.10", + Type: string(ftypes.Alpine), + Vulnerabilities: []*common.Vulnerability{ + { + VulnerabilityId: "CVE-2019-0001", + PkgName: "musl", + InstalledVersion: "1.2.3", + FixedVersion: "1.2.4", + Title: "DoS", + Description: "Denial of Service", + Severity: common.Severity_MEDIUM, + SeveritySource: string(vulnerability.NVD), + CweIds: []string{ + "CWE-123", + "CWE-456", + }, + VendorSeverity: map[string]common.Severity{ + string(vulnerability.RedHat): common.Severity_MEDIUM, + }, + Cvss: map[string]*common.CVSS{ + string(vulnerability.RedHat): { + V2Vector: "AV:L/AC:L/Au:N/C:C/I:C/A:C", + V3Vector: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + V2Score: 7.2, + V3Score: 7.8, + }, + }, + References: []string{"http://example.com"}, + Layer: &common.Layer{ + Digest: "sha256:154ad0735c360b212b167f424d33a62305770a1fcfb6363882f5c436cfbd9812", + DiffId: "sha256:b2a1a2d80bf0c747a4f6b0ca6af5eef23f043fcdb1ed4f3a3e750aef2dc68079", + }, + PrimaryUrl: "https://avd.aquasec.com/nvd/CVE-2019-0001", + PublishedDate: timestamppb.New(fixedPublishedDate), + LastModifiedDate: timestamppb.New(fixedLastModifiedDate), + DataSource: &common.DataSource{ + Name: "GitHub Security Advisory Maven", + Url: "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven", }, - }, - References: []string{"http://example.com"}, - Layer: &common.Layer{ - Digest: "sha256:154ad0735c360b212b167f424d33a62305770a1fcfb6363882f5c436cfbd9812", - DiffId: "sha256:b2a1a2d80bf0c747a4f6b0ca6af5eef23f043fcdb1ed4f3a3e750aef2dc68079", - }, - PrimaryUrl: "https://avd.aquasec.com/nvd/CVE-2019-0001", - PublishedDate: timestamppb.New(fixedPublishedDate), - LastModifiedDate: timestamppb.New(fixedLastModifiedDate), - DataSource: &common.DataSource{ - Name: "GitHub Security Advisory Maven", - Url: "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Amaven", }, }, }, - }}, + }, }, want: []types.Result{ { Target: "alpine:3.10", - Type: fos.Alpine, + Type: ftypes.Alpine, Vulnerabilities: []types.DetectedVulnerability{ { VulnerabilityID: "CVE-2019-0001", @@ -365,7 +369,10 @@ func TestConvertFromRPCResults(t *testing.T) { VendorSeverity: dbTypes.VendorSeverity{ vulnerability.RedHat: dbTypes.SeverityMedium, }, - CweIDs: []string{"CWE-123", "CWE-456"}, + CweIDs: []string{ + "CWE-123", + "CWE-456", + }, CVSS: dbTypes.VendorCVSS{ vulnerability.RedHat: { V2Vector: "AV:L/AC:L/Au:N/C:C/I:C/A:C", @@ -389,45 +396,50 @@ func TestConvertFromRPCResults(t *testing.T) { }, { name: "happy path - with nil dates", - args: args{rpcResults: []*scanner.Result{ - { - Target: "alpine:3.10", - Type: fos.Alpine, - Vulnerabilities: []*common.Vulnerability{ - { - VulnerabilityId: "CVE-2019-0001", - PkgName: "musl", - InstalledVersion: "1.2.3", - FixedVersion: "1.2.4", - Title: "DoS", - Description: "Denial of Service", - Severity: common.Severity_MEDIUM, - SeveritySource: string(vulnerability.NVD), - CweIds: []string{"CWE-123", "CWE-456"}, - Cvss: map[string]*common.CVSS{ - "redhat": { - V2Vector: "AV:L/AC:L/Au:N/C:C/I:C/A:C", - V3Vector: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - V2Score: 7.2, - V3Score: 7.8, + args: args{ + rpcResults: []*scanner.Result{ + { + Target: "alpine:3.10", + Type: string(ftypes.Alpine), + Vulnerabilities: []*common.Vulnerability{ + { + VulnerabilityId: "CVE-2019-0001", + PkgName: "musl", + InstalledVersion: "1.2.3", + FixedVersion: "1.2.4", + Title: "DoS", + Description: "Denial of Service", + Severity: common.Severity_MEDIUM, + SeveritySource: string(vulnerability.NVD), + CweIds: []string{ + "CWE-123", + "CWE-456", }, + Cvss: map[string]*common.CVSS{ + "redhat": { + V2Vector: "AV:L/AC:L/Au:N/C:C/I:C/A:C", + V3Vector: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + V2Score: 7.2, + V3Score: 7.8, + }, + }, + References: []string{"http://example.com"}, + Layer: &common.Layer{ + Digest: "sha256:154ad0735c360b212b167f424d33a62305770a1fcfb6363882f5c436cfbd9812", + DiffId: "sha256:b2a1a2d80bf0c747a4f6b0ca6af5eef23f043fcdb1ed4f3a3e750aef2dc68079", + }, + PrimaryUrl: "https://avd.aquasec.com/nvd/CVE-2019-0001", + PublishedDate: nil, + LastModifiedDate: nil, }, - References: []string{"http://example.com"}, - Layer: &common.Layer{ - Digest: "sha256:154ad0735c360b212b167f424d33a62305770a1fcfb6363882f5c436cfbd9812", - DiffId: "sha256:b2a1a2d80bf0c747a4f6b0ca6af5eef23f043fcdb1ed4f3a3e750aef2dc68079", - }, - PrimaryUrl: "https://avd.aquasec.com/nvd/CVE-2019-0001", - PublishedDate: nil, - LastModifiedDate: nil, }, }, - }}, + }, }, want: []types.Result{ { Target: "alpine:3.10", - Type: fos.Alpine, + Type: ftypes.Alpine, Vulnerabilities: []types.DetectedVulnerability{ { VulnerabilityID: "CVE-2019-0001", @@ -441,10 +453,13 @@ func TestConvertFromRPCResults(t *testing.T) { SeveritySource: vulnerability.NVD, PrimaryURL: "https://avd.aquasec.com/nvd/CVE-2019-0001", Vulnerability: dbTypes.Vulnerability{ - Title: "DoS", - Description: "Denial of Service", - Severity: common.Severity_MEDIUM.String(), - CweIDs: []string{"CWE-123", "CWE-456"}, + Title: "DoS", + Description: "Denial of Service", + Severity: common.Severity_MEDIUM.String(), + CweIDs: []string{ + "CWE-123", + "CWE-456", + }, VendorSeverity: make(dbTypes.VendorSeverity), CVSS: dbTypes.VendorCVSS{ vulnerability.RedHat: { @@ -481,46 +496,48 @@ func TestConvertFromRPCMisconfs(t *testing.T) { }{ { name: "happy path misconf", - args: args{misconfs: []*common.DetectedMisconfiguration{ - { - Type: "Dockerfile Security Check", - Id: "DS005", - AvdId: "AVD-DS-0005", - Title: "ADD instead of COPY", - Description: "You should use COPY instead of ADD unless you want to extract a tar file. Note that an ADD command will extract a tar file, which adds the risk of Zip-based vulnerabilities. Accordingly, it is advised to use a COPY command, which does not extract tar files.", - Message: "Consider using 'COPY . /app' command instead of 'ADD . /app'", - Namespace: "builtin.dockerfile.DS005", - Query: "data.builtin.dockerfile.DS005.deny", - Resolution: "Use COPY instead of ADD", - Severity: common.Severity_LOW, - PrimaryUrl: "https://avd.aquasec.com/misconfig/ds005", - References: []string{ - "https://docs.docker.com/engine/reference/builder/#add", - "https://avd.aquasec.com/misconfig/ds005", - }, - Status: "FAIL", - Layer: &common.Layer{}, - CauseMetadata: &common.CauseMetadata{ - Provider: "Dockerfile", - Service: "general", - StartLine: 3, - EndLine: 3, - Code: &common.Code{ - Lines: []*common.Line{ - { - Number: 3, - Content: "ADD . /app", - IsCause: true, - Annotation: "", - Truncated: false, - FirstCause: true, - LastCause: true, + args: args{ + misconfs: []*common.DetectedMisconfiguration{ + { + Type: "Dockerfile Security Check", + Id: "DS005", + AvdId: "AVD-DS-0005", + Title: "ADD instead of COPY", + Description: "You should use COPY instead of ADD unless you want to extract a tar file. Note that an ADD command will extract a tar file, which adds the risk of Zip-based vulnerabilities. Accordingly, it is advised to use a COPY command, which does not extract tar files.", + Message: "Consider using 'COPY . /app' command instead of 'ADD . /app'", + Namespace: "builtin.dockerfile.DS005", + Query: "data.builtin.dockerfile.DS005.deny", + Resolution: "Use COPY instead of ADD", + Severity: common.Severity_LOW, + PrimaryUrl: "https://avd.aquasec.com/misconfig/ds005", + References: []string{ + "https://docs.docker.com/engine/reference/builder/#add", + "https://avd.aquasec.com/misconfig/ds005", + }, + Status: "FAIL", + Layer: &common.Layer{}, + CauseMetadata: &common.CauseMetadata{ + Provider: "Dockerfile", + Service: "general", + StartLine: 3, + EndLine: 3, + Code: &common.Code{ + Lines: []*common.Line{ + { + Number: 3, + Content: "ADD . /app", + IsCause: true, + Annotation: "", + Truncated: false, + FirstCause: true, + LastCause: true, + }, }, }, }, }, }, - }}, + }, want: []types.DetectedMisconfiguration{ { Type: "Dockerfile Security Check", @@ -583,46 +600,48 @@ func TestConvertToRPCMiconfs(t *testing.T) { }{ { name: "happy path misconf", - args: args{misconfs: []types.DetectedMisconfiguration{ - { - Type: "Dockerfile Security Check", - ID: "DS005", - AVDID: "AVD-DS-0005", - Title: "ADD instead of COPY", - Description: "You should use COPY instead of ADD unless you want to extract a tar file. Note that an ADD command will extract a tar file, which adds the risk of Zip-based vulnerabilities. Accordingly, it is advised to use a COPY command, which does not extract tar files.", - Message: "Consider using 'COPY . /app' command instead of 'ADD . /app'", - Namespace: "builtin.dockerfile.DS005", - Query: "data.builtin.dockerfile.DS005.deny", - Resolution: "Use COPY instead of ADD", - Severity: "LOW", - PrimaryURL: "https://avd.aquasec.com/misconfig/ds005", - References: []string{ - "https://docs.docker.com/engine/reference/builder/#add", - "https://avd.aquasec.com/misconfig/ds005", - }, - Status: "FAIL", - Layer: ftypes.Layer{}, - CauseMetadata: ftypes.CauseMetadata{ - Provider: "Dockerfile", - Service: "general", - StartLine: 3, - EndLine: 3, - Code: ftypes.Code{ - Lines: []ftypes.Line{ - { - Number: 3, - Content: "ADD . /app", - IsCause: true, - Annotation: "", - Truncated: false, - FirstCause: true, - LastCause: true, + args: args{ + misconfs: []types.DetectedMisconfiguration{ + { + Type: "Dockerfile Security Check", + ID: "DS005", + AVDID: "AVD-DS-0005", + Title: "ADD instead of COPY", + Description: "You should use COPY instead of ADD unless you want to extract a tar file. Note that an ADD command will extract a tar file, which adds the risk of Zip-based vulnerabilities. Accordingly, it is advised to use a COPY command, which does not extract tar files.", + Message: "Consider using 'COPY . /app' command instead of 'ADD . /app'", + Namespace: "builtin.dockerfile.DS005", + Query: "data.builtin.dockerfile.DS005.deny", + Resolution: "Use COPY instead of ADD", + Severity: "LOW", + PrimaryURL: "https://avd.aquasec.com/misconfig/ds005", + References: []string{ + "https://docs.docker.com/engine/reference/builder/#add", + "https://avd.aquasec.com/misconfig/ds005", + }, + Status: "FAIL", + Layer: ftypes.Layer{}, + CauseMetadata: ftypes.CauseMetadata{ + Provider: "Dockerfile", + Service: "general", + StartLine: 3, + EndLine: 3, + Code: ftypes.Code{ + Lines: []ftypes.Line{ + { + Number: 3, + Content: "ADD . /app", + IsCause: true, + Annotation: "", + Truncated: false, + FirstCause: true, + LastCause: true, + }, }, }, }, }, }, - }}, + }, want: []*common.DetectedMisconfiguration{ { Type: "Dockerfile Security Check", diff --git a/pkg/rpc/server/server_test.go b/pkg/rpc/server/server_test.go index 39ef341bf6da..3022ff2cdf0a 100644 --- a/pkg/rpc/server/server_test.go +++ b/pkg/rpc/server/server_test.go @@ -6,13 +6,12 @@ import ( "testing" "time" - "google.golang.org/protobuf/types/known/timestamppb" - google_protobuf "github.com/golang/protobuf/ptypes/empty" "github.com/golang/protobuf/ptypes/timestamp" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "golang.org/x/xerrors" + "google.golang.org/protobuf/types/known/timestamppb" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy-db/pkg/utils" diff --git a/pkg/sbom/cyclonedx/marshal.go b/pkg/sbom/cyclonedx/marshal.go index 9ff482a7bdf5..6a523a0d67ae 100644 --- a/pkg/sbom/cyclonedx/marshal.go +++ b/pkg/sbom/cyclonedx/marshal.go @@ -178,7 +178,7 @@ func (e *Marshaler) marshalPackages(metadata types.Metadata, result types.Result type Package struct { ftypes.Package - Type string + Type ftypes.TargetType Metadata types.Metadata Vulnerabilities []types.DetectedVulnerability } @@ -281,7 +281,7 @@ func (e *Marshaler) resultComponent(r types.Result, osFound *ftypes.OS) *core.Co Properties: []core.Property{ { Name: PropertyType, - Value: r.Type, + Value: string(r.Type), }, { Name: PropertyClass, @@ -295,7 +295,7 @@ func (e *Marshaler) resultComponent(r types.Result, osFound *ftypes.OS) *core.Co // UUID needs to be generated since Operating System Component cannot generate PURL. // https://cyclonedx.org/use-cases/#known-vulnerabilities if osFound != nil { - component.Name = osFound.Family + component.Name = string(osFound.Family) component.Version = osFound.Name } component.Type = cdx.ComponentTypeOS @@ -329,7 +329,7 @@ func pkgComponent(pkg Package) (*core.Component, error) { }, { Name: PropertyPkgType, - Value: pkg.Type, + Value: string(pkg.Type), }, { Name: PropertyFilePath, diff --git a/pkg/sbom/cyclonedx/marshal_test.go b/pkg/sbom/cyclonedx/marshal_test.go index fe791509d2de..de41d837f453 100644 --- a/pkg/sbom/cyclonedx/marshal_test.go +++ b/pkg/sbom/cyclonedx/marshal_test.go @@ -13,7 +13,6 @@ import ( dtypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" "github.com/aquasecurity/trivy/pkg/clock" - fos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/report" "github.com/aquasecurity/trivy/pkg/sbom/cyclonedx" @@ -36,7 +35,7 @@ func TestMarshaler_Marshal(t *testing.T) { Metadata: types.Metadata{ Size: 1024, OS: &ftypes.OS{ - Family: fos.CentOS, + Family: ftypes.CentOS, Name: "8.3.2011", Eosl: true, }, @@ -52,7 +51,7 @@ func TestMarshaler_Marshal(t *testing.T) { { Target: "rails:latest (centos 8.3.2011)", Class: types.ClassOSPkg, - Type: fos.CentOS, + Type: ftypes.CentOS, Packages: []ftypes.Package{ { ID: "binutils@2.30-93.el8", @@ -547,7 +546,7 @@ func TestMarshaler_Marshal(t *testing.T) { Metadata: types.Metadata{ Size: 1024, OS: &ftypes.OS{ - Family: fos.CentOS, + Family: ftypes.CentOS, Name: "8.3.2011", Eosl: true, }, @@ -562,7 +561,7 @@ func TestMarshaler_Marshal(t *testing.T) { { Target: "centos:latest (centos 8.3.2011)", Class: types.ClassOSPkg, - Type: fos.CentOS, + Type: ftypes.CentOS, Packages: []ftypes.Package{ { ID: "acl@2.2.53-1.el8", @@ -759,7 +758,7 @@ func TestMarshaler_Marshal(t *testing.T) { { BOMRef: "3ff14136-e09f-4df9-80ea-000000000003", Type: cdx.ComponentTypeOS, - Name: fos.CentOS, + Name: string(ftypes.CentOS), Version: "8.3.2011", Properties: &[]cdx.Property{ { diff --git a/pkg/sbom/cyclonedx/testdata/happy/bom.json b/pkg/sbom/cyclonedx/testdata/happy/bom.json index b9e657c03db1..5b47e49d9f39 100644 --- a/pkg/sbom/cyclonedx/testdata/happy/bom.json +++ b/pkg/sbom/cyclonedx/testdata/happy/bom.json @@ -106,23 +106,15 @@ ] }, { - "bom-ref": "pkg:gradle/com.example/example@0.0.1", + "bom-ref": "pkg:maven/com.example/example@0.0.1", "type": "library", "name": "com.example:example", "version": "0.0.1", - "purl": "pkg:gradle/com.example/example@0.0.1", + "purl": "pkg:maven/com.example/example@0.0.1", "properties": [ - { - "name": "aquasecurity:trivy:FilePath", - "value": "app/gradle/target/gradle.lockfile" - }, { "name": "aquasecurity:trivy:LayerDiffID", "value": "sha256:3c79e832b1b4891a1cb4a326ef8524e0bd14a2537150ac0e203a5677176c1ca1" - }, - { - "name": "aquasecurity:trivy:PkgType", - "value": "gradle" } ] }, @@ -220,6 +212,21 @@ "value": "lang-pkgs" } ] + }, + { + "bom-ref": "43b87f73-4b96-25ab-845b-489321cea146", + "type": "application", + "name": "app/gradle/target/gradle.lockfile", + "properties": [ + { + "name": "aquasecurity:trivy:Type", + "value": "gradle" + }, + { + "name": "aquasecurity:trivy:Class", + "value": "lang-pkgs" + } + ] } ], "dependencies": [ @@ -242,12 +249,18 @@ "pkg:golang/github.com/package-url/packageurl-go@v0.1.1-0.20220203205134-d70459300c8a" ] }, + { + "ref": "43b87f73-4b96-25ab-845b-489321cea146", + "dependsOn": [ + "pkg:maven/com.example/example@0.0.1" + ] + }, { "ref": "0f585d64-4815-4b72-92c5-97dae191fa4a", "dependsOn": [ "60e9f57b-d4a6-4f71-ad14-0893ac609182", "pkg:maven/org.codehaus.mojo/child-project@1.0?file_path=app%2Fmaven%2Ftarget%2Fchild-project-1.0.jar", - "pkg:gradle/com.example/example@0.0.1", + "pkg:maven/com.example/example@0.0.1", "pkg:npm/bootstrap@5.0.2?file_path=app%2Fapp%2Fpackage.json", "100925ff-7c0a-470f-a725-8fb973b40e7b", "1a111e6b-a682-470e-8b0e-aaa49d93cd39" diff --git a/pkg/sbom/cyclonedx/unmarshal.go b/pkg/sbom/cyclonedx/unmarshal.go index 37df2b439fde..f3e03553d59f 100644 --- a/pkg/sbom/cyclonedx/unmarshal.go +++ b/pkg/sbom/cyclonedx/unmarshal.go @@ -8,8 +8,6 @@ import ( "sort" "strconv" - "github.com/aquasecurity/trivy/pkg/sbom/cyclonedx/core" - cdx "github.com/CycloneDX/cyclonedx-go" "github.com/package-url/packageurl-go" "github.com/samber/lo" @@ -19,6 +17,7 @@ import ( ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/purl" + "github.com/aquasecurity/trivy/pkg/sbom/cyclonedx/core" "github.com/aquasecurity/trivy/pkg/types" ) @@ -277,8 +276,8 @@ func dependencyMap(deps *[]cdx.Dependency) map[string][]string { } func aggregatePkgs(libs []cdx.Component) ([]ftypes.PackageInfo, []ftypes.Application, error) { - osPkgMap := map[string]ftypes.Packages{} - langPkgMap := map[string]ftypes.Packages{} + osPkgMap := map[ftypes.OSType]ftypes.Packages{} + langPkgMap := map[ftypes.LangType]ftypes.Packages{} for _, lib := range libs { isOSPkg, pkgType, pkg, err := toPackage(lib) if err != nil { @@ -321,19 +320,19 @@ func aggregatePkgs(libs []cdx.Component) ([]ftypes.PackageInfo, []ftypes.Applica func toOS(component cdx.Component) ftypes.OS { return ftypes.OS{ - Family: component.Name, + Family: ftypes.OSType(component.Name), Name: component.Version, } } func toApplication(component cdx.Component) *ftypes.Application { return &ftypes.Application{ - Type: core.LookupProperty(component.Properties, PropertyType), + Type: ftypes.LangType(core.LookupProperty(component.Properties, PropertyType)), FilePath: component.Name, } } -func toPackage(component cdx.Component) (bool, string, *ftypes.Package, error) { +func toPackage(component cdx.Component) (bool, ftypes.TargetType, *ftypes.Package, error) { if component.PackageURL == "" { log.Logger.Warnf("Skip the component (BOM-Ref: %s) as the PURL is empty", component.BOMRef) return false, "", nil, ErrPURLEmpty @@ -394,7 +393,7 @@ func toPackage(component cdx.Component) (bool, string, *ftypes.Package, error) { } } - return isOSPkg, p.PackageType(), pkg, nil + return isOSPkg, p.LangType(), pkg, nil } func toTrivyCdxComponent(component cdx.Component) ftypes.Component { diff --git a/pkg/sbom/cyclonedx/unmarshal_test.go b/pkg/sbom/cyclonedx/unmarshal_test.go index 8314d95da814..4e3b4d5f01be 100644 --- a/pkg/sbom/cyclonedx/unmarshal_test.go +++ b/pkg/sbom/cyclonedx/unmarshal_test.go @@ -47,7 +47,7 @@ func TestUnmarshaler_Unmarshal(t *testing.T) { }, Applications: []ftypes.Application{ { - Type: "composer", + Type: ftypes.Composer, FilePath: "app/composer/composer.lock", Libraries: ftypes.Packages{ { @@ -70,7 +70,7 @@ func TestUnmarshaler_Unmarshal(t *testing.T) { }, }, { - Type: "gobinary", + Type: ftypes.GoBinary, FilePath: "app/gobinary/gobinary", Libraries: ftypes.Packages{ { @@ -84,21 +84,21 @@ func TestUnmarshaler_Unmarshal(t *testing.T) { }, }, { - Type: "gradle", + Type: ftypes.Gradle, + FilePath: "app/gradle/target/gradle.lockfile", Libraries: ftypes.Packages{ { Name: "com.example:example", - Ref: "pkg:gradle/com.example/example@0.0.1", + Ref: "pkg:maven/com.example/example@0.0.1", Version: "0.0.1", Layer: ftypes.Layer{ DiffID: "sha256:3c79e832b1b4891a1cb4a326ef8524e0bd14a2537150ac0e203a5677176c1ca1", }, - FilePath: "app/gradle/target/gradle.lockfile", }, }, }, { - Type: "jar", + Type: ftypes.Jar, Libraries: ftypes.Packages{ { Name: "org.codehaus.mojo:child-project", @@ -112,7 +112,7 @@ func TestUnmarshaler_Unmarshal(t *testing.T) { }, }, { - Type: "node-pkg", + Type: ftypes.NodePkg, FilePath: "", Libraries: ftypes.Packages{ { diff --git a/pkg/sbom/spdx/marshal.go b/pkg/sbom/spdx/marshal.go index e9793c80663b..437bc8406077 100644 --- a/pkg/sbom/spdx/marshal.go +++ b/pkg/sbom/spdx/marshal.go @@ -202,7 +202,7 @@ func (m *Marshaler) resultToSpdxPackage(result types.Result, os *ftypes.OS, pkgD } return osPkg, nil case types.ClassLangPkg: - langPkg, err := m.langPackage(result.Target, result.Type, pkgDownloadLocation) + langPkg, err := m.langPackage(result.Target, pkgDownloadLocation, result.Type) if err != nil { return spdx.Package{}, xerrors.Errorf("failed to parse application package: %w", err) } @@ -285,7 +285,7 @@ func (m *Marshaler) osPackage(osFound *ftypes.OS, pkgDownloadLocation string) (s } return spdx.Package{ - PackageName: osFound.Family, + PackageName: string(osFound.Family), PackageVersion: osFound.Name, PackageSPDXIdentifier: elementID(ElementOperatingSystem, pkgID), PackageDownloadLocation: pkgDownloadLocation, @@ -293,14 +293,14 @@ func (m *Marshaler) osPackage(osFound *ftypes.OS, pkgDownloadLocation string) (s }, nil } -func (m *Marshaler) langPackage(target, appType, pkgDownloadLocation string) (spdx.Package, error) { +func (m *Marshaler) langPackage(target, pkgDownloadLocation string, appType ftypes.LangType) (spdx.Package, error) { pkgID, err := calcPkgID(m.hasher, fmt.Sprintf("%s-%s", target, appType)) if err != nil { return spdx.Package{}, xerrors.Errorf("failed to get %s package ID: %w", target, err) } return spdx.Package{ - PackageName: appType, + PackageName: string(appType), PackageSourceInfo: target, // TODO: Files seems better PackageSPDXIdentifier: elementID(ElementApplication, pkgID), PackageDownloadLocation: pkgDownloadLocation, @@ -308,7 +308,7 @@ func (m *Marshaler) langPackage(target, appType, pkgDownloadLocation string) (sp }, nil } -func (m *Marshaler) pkgToSpdxPackage(t, pkgDownloadLocation string, class types.ResultClass, metadata types.Metadata, pkg ftypes.Package) (spdx.Package, error) { +func (m *Marshaler) pkgToSpdxPackage(t ftypes.TargetType, pkgDownloadLocation string, class types.ResultClass, metadata types.Metadata, pkg ftypes.Package) (spdx.Package, error) { license := GetLicense(pkg) pkgID, err := calcPkgID(m.hasher, pkg) diff --git a/pkg/sbom/spdx/marshal_test.go b/pkg/sbom/spdx/marshal_test.go index 2efdde8cfa65..3371be69eb48 100644 --- a/pkg/sbom/spdx/marshal_test.go +++ b/pkg/sbom/spdx/marshal_test.go @@ -13,7 +13,6 @@ import ( "github.com/stretchr/testify/require" "github.com/aquasecurity/trivy/pkg/clock" - fos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/report" tspdx "github.com/aquasecurity/trivy/pkg/sbom/spdx" @@ -36,7 +35,7 @@ func TestMarshaler_Marshal(t *testing.T) { Metadata: types.Metadata{ Size: 1024, OS: &ftypes.OS{ - Family: fos.CentOS, + Family: ftypes.CentOS, Name: "8.3.2011", Eosl: true, }, @@ -52,7 +51,7 @@ func TestMarshaler_Marshal(t *testing.T) { { Target: "rails:latest (centos 8.3.2011)", Class: types.ClassOSPkg, - Type: fos.CentOS, + Type: ftypes.CentOS, Packages: []ftypes.Package{ { Name: "binutils", @@ -279,7 +278,7 @@ func TestMarshaler_Marshal(t *testing.T) { Metadata: types.Metadata{ Size: 1024, OS: &ftypes.OS{ - Family: fos.CentOS, + Family: ftypes.CentOS, Name: "8.3.2011", Eosl: true, }, @@ -294,7 +293,7 @@ func TestMarshaler_Marshal(t *testing.T) { { Target: "centos:latest (centos 8.3.2011)", Class: types.ClassOSPkg, - Type: fos.CentOS, + Type: ftypes.CentOS, Packages: []ftypes.Package{ { Name: "acl", diff --git a/pkg/sbom/spdx/unmarshal.go b/pkg/sbom/spdx/unmarshal.go index 3319410213a6..f7dd146ee909 100644 --- a/pkg/sbom/spdx/unmarshal.go +++ b/pkg/sbom/spdx/unmarshal.go @@ -167,21 +167,22 @@ func (s *SPDX) unmarshal(spdxDocument *spdx.Document) error { func (s *SPDX) parsePackages(pkgs map[common.ElementID]*spdx.Package) error { var ( osPkgs []ftypes.Package - apps = map[string]ftypes.Application{} + apps = map[ftypes.LangType]ftypes.Application{} ) for _, p := range pkgs { - pkg, pkgType, err := parsePkg(*p, nil) + pkg, pkgURL, err := parsePkg(*p, nil) if errors.Is(err, errUnknownPackageFormat) { continue } else if err != nil { return xerrors.Errorf("failed to parse package: %w", err) } - switch pkgType { + switch pkgURL.Type { case purl.TypeAPK, packageurl.TypeDebian, packageurl.TypeRPM: osPkgs = append(osPkgs, *pkg) default: // Language-specific packages + pkgType := pkgURL.LangType() app, ok := apps[pkgType] if !ok { app.Type = pkgType @@ -227,8 +228,8 @@ func isFile(elementID spdx.ElementID) bool { } func initApplication(pkg spdx.Package) *ftypes.Application { - app := &ftypes.Application{Type: pkg.PackageName} - switch pkg.PackageName { + app := &ftypes.Application{Type: ftypes.LangType(pkg.PackageName)} + switch app.Type { case ftypes.NodePkg, ftypes.PythonPkg, ftypes.GemSpec, ftypes.Jar, ftypes.CondaPkg: app.FilePath = "" default: @@ -240,15 +241,15 @@ func initApplication(pkg spdx.Package) *ftypes.Application { func parseOS(pkg spdx.Package) ftypes.OS { return ftypes.OS{ - Family: pkg.PackageName, + Family: ftypes.OSType(pkg.PackageName), Name: pkg.PackageVersion, } } -func parsePkg(spdxPkg spdx.Package, packageFilePaths map[string]string) (*ftypes.Package, string, error) { - pkg, pkgType, err := parseExternalReferences(spdxPkg.PackageExternalReferences) +func parsePkg(spdxPkg spdx.Package, packageFilePaths map[string]string) (*ftypes.Package, *purl.PackageURL, error) { + pkg, pkgURL, err := parseExternalReferences(spdxPkg.PackageExternalReferences) if err != nil { - return nil, "", xerrors.Errorf("external references error: %w", err) + return nil, nil, xerrors.Errorf("external references error: %w", err) } if spdxPkg.PackageLicenseDeclared != "NONE" { @@ -257,9 +258,9 @@ func parsePkg(spdxPkg spdx.Package, packageFilePaths map[string]string) (*ftypes if strings.HasPrefix(spdxPkg.PackageSourceInfo, SourcePackagePrefix) { srcPkgName := strings.TrimPrefix(spdxPkg.PackageSourceInfo, fmt.Sprintf("%s: ", SourcePackagePrefix)) - pkg.SrcEpoch, pkg.SrcName, pkg.SrcVersion, pkg.SrcRelease, err = parseSourceInfo(pkgType, srcPkgName) + pkg.SrcEpoch, pkg.SrcName, pkg.SrcVersion, pkg.SrcRelease, err = parseSourceInfo(pkgURL.Type, srcPkgName) if err != nil { - return nil, "", xerrors.Errorf("failed to parse source info: %w", err) + return nil, nil, xerrors.Errorf("failed to parse source info: %w", err) } } @@ -274,23 +275,23 @@ func parsePkg(spdxPkg spdx.Package, packageFilePaths map[string]string) (*ftypes pkg.Layer.Digest = lookupAttributionTexts(spdxPkg.PackageAttributionTexts, PropertyLayerDigest) pkg.Layer.DiffID = lookupAttributionTexts(spdxPkg.PackageAttributionTexts, PropertyLayerDiffID) - return pkg, pkgType, nil + return pkg, pkgURL, nil } -func parseExternalReferences(refs []*spdx.PackageExternalReference) (*ftypes.Package, string, error) { +func parseExternalReferences(refs []*spdx.PackageExternalReference) (*ftypes.Package, *purl.PackageURL, error) { for _, ref := range refs { // Extract the package information from PURL if ref.RefType == RefTypePurl && ref.Category == CategoryPackageManager { packageURL, err := purl.FromString(ref.Locator) if err != nil { - return nil, "", xerrors.Errorf("failed to parse purl from string: %w", err) + return nil, nil, xerrors.Errorf("failed to parse purl from string: %w", err) } pkg := packageURL.Package() pkg.Ref = ref.Locator - return pkg, packageURL.PackageType(), nil + return pkg, packageURL, nil } } - return nil, "", errUnknownPackageFormat + return nil, nil, errUnknownPackageFormat } func lookupAttributionTexts(attributionTexts []string, key string) string { @@ -302,7 +303,7 @@ func lookupAttributionTexts(attributionTexts []string, key string) string { return "" } -func parseSourceInfo(pkgType, sourceInfo string) (epoch int, name, ver, rel string, err error) { +func parseSourceInfo(pkgType string, sourceInfo string) (epoch int, name, ver, rel string, err error) { srcNameVersion := strings.TrimPrefix(sourceInfo, fmt.Sprintf("%s: ", SourcePackagePrefix)) ss := strings.Split(srcNameVersion, " ") if len(ss) != 2 { diff --git a/pkg/scanner/langpkg/scan.go b/pkg/scanner/langpkg/scan.go index 2cca4eef0e9d..8a1783072db6 100644 --- a/pkg/scanner/langpkg/scan.go +++ b/pkg/scanner/langpkg/scan.go @@ -12,7 +12,7 @@ import ( ) var ( - PkgTargets = map[string]string{ + PkgTargets = map[ftypes.LangType]string{ ftypes.PythonPkg: "Python", ftypes.CondaPkg: "Conda", ftypes.GemSpec: "Ruby", @@ -62,7 +62,7 @@ func (s *scanner) Scan(detail ftypes.ArtifactDetail, _ types.ScanOptions) (types } var results types.Results - printedTypes := map[string]struct{}{} + printedTypes := map[ftypes.LangType]struct{}{} for _, app := range apps { if len(app.Libraries) == 0 { continue diff --git a/pkg/scanner/local/scan.go b/pkg/scanner/local/scan.go index 472715ecc3cf..1a81828f7d96 100644 --- a/pkg/scanner/local/scan.go +++ b/pkg/scanner/local/scan.go @@ -14,9 +14,7 @@ import ( dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - _ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/all" "github.com/aquasecurity/trivy/pkg/fanal/applier" - _ "github.com/aquasecurity/trivy/pkg/fanal/handler/all" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/licensing" "github.com/aquasecurity/trivy/pkg/log" @@ -25,6 +23,9 @@ import ( "github.com/aquasecurity/trivy/pkg/scanner/post" "github.com/aquasecurity/trivy/pkg/types" "github.com/aquasecurity/trivy/pkg/vulnerability" + + _ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/all" + _ "github.com/aquasecurity/trivy/pkg/fanal/handler/all" ) // SuperSet binds dependencies for Local scan diff --git a/pkg/scanner/local/scan_test.go b/pkg/scanner/local/scan_test.go index ae177bb106d5..5b5b8e9fd5d3 100644 --- a/pkg/scanner/local/scan_test.go +++ b/pkg/scanner/local/scan_test.go @@ -14,7 +14,6 @@ import ( dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/dbtest" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - fos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/scanner/langpkg" "github.com/aquasecurity/trivy/pkg/scanner/ospkg" @@ -58,7 +57,7 @@ func TestScanner_Scan(t *testing.T) { Returns: ApplierApplyLayersReturns{ Detail: ftypes.ArtifactDetail{ OS: ftypes.OS{ - Family: fos.Alpine, + Family: ftypes.Alpine, Name: "3.11", }, Packages: []ftypes.Package{ @@ -94,7 +93,7 @@ func TestScanner_Scan(t *testing.T) { { Target: "alpine:latest (alpine 3.11)", Class: types.ClassOSPkg, - Type: fos.Alpine, + Type: ftypes.Alpine, Vulnerabilities: []types.DetectedVulnerability{ { VulnerabilityID: "CVE-2020-9999", @@ -216,7 +215,7 @@ func TestScanner_Scan(t *testing.T) { { Target: "alpine:latest (alpine 3.11)", Class: types.ClassOSPkg, - Type: fos.Alpine, + Type: ftypes.Alpine, Packages: []ftypes.Package{ { Name: "ausl", @@ -368,7 +367,7 @@ func TestScanner_Scan(t *testing.T) { { Target: "alpine:latest (alpine 3.11)", Class: types.ClassOSPkg, - Type: fos.Alpine, + Type: ftypes.Alpine, Packages: []ftypes.Package{ { Name: "ausl", @@ -639,7 +638,7 @@ func TestScanner_Scan(t *testing.T) { { Target: "alpine:latest (alpine 3.11)", Class: types.ClassOSPkg, - Type: fos.Alpine, + Type: ftypes.Alpine, }, { Target: "/app/Gemfile.lock", diff --git a/pkg/scanner/post/post_scan_test.go b/pkg/scanner/post/post_scan_test.go index fcb396f302d7..981f74bdfc14 100644 --- a/pkg/scanner/post/post_scan_test.go +++ b/pkg/scanner/post/post_scan_test.go @@ -6,13 +6,10 @@ import ( "testing" "github.com/stretchr/testify/assert" - - dbTypes "github.com/aquasecurity/trivy-db/pkg/types" - "github.com/stretchr/testify/require" + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/scanner/post" - "github.com/aquasecurity/trivy/pkg/types" ) diff --git a/pkg/types/report.go b/pkg/types/report.go index ad3e32925527..13d58646b20c 100644 --- a/pkg/types/report.go +++ b/pkg/types/report.go @@ -41,13 +41,13 @@ type Compliance = string type Format string const ( - ClassOSPkg = "os-pkgs" // For detected packages and vulnerabilities in OS packages - ClassLangPkg = "lang-pkgs" // For detected packages and vulnerabilities in language-specific packages - ClassConfig = "config" // For detected misconfigurations - ClassSecret = "secret" // For detected secrets - ClassLicense = "license" // For detected package licenses - ClassLicenseFile = "license-file" // For detected licenses in files - ClassCustom = "custom" + ClassOSPkg ResultClass = "os-pkgs" // For detected packages and vulnerabilities in OS packages + ClassLangPkg ResultClass = "lang-pkgs" // For detected packages and vulnerabilities in language-specific packages + ClassConfig ResultClass = "config" // For detected misconfigurations + ClassSecret ResultClass = "secret" // For detected secrets + ClassLicense ResultClass = "license" // For detected package licenses + ClassLicenseFile ResultClass = "license-file" // For detected licenses in files + ClassCustom ResultClass = "custom" ComplianceK8sNsa = Compliance("k8s-nsa") ComplianceK8sCIS = Compliance("k8s-cis") @@ -101,7 +101,7 @@ var ( type Result struct { Target string `json:"Target"` Class ResultClass `json:"Class,omitempty"` - Type string `json:"Type,omitempty"` + Type ftypes.TargetType `json:"Type,omitempty"` Packages []ftypes.Package `json:"Packages,omitempty"` Vulnerabilities []DetectedVulnerability `json:"Vulnerabilities,omitempty"` MisconfSummary *MisconfSummary `json:"MisconfSummary,omitempty"` diff --git a/pkg/version/version_test.go b/pkg/version/version_test.go index 458b5f7b89a6..84411593541a 100644 --- a/pkg/version/version_test.go +++ b/pkg/version/version_test.go @@ -4,9 +4,10 @@ import ( "testing" "time" + "github.com/stretchr/testify/assert" + "github.com/aquasecurity/trivy-db/pkg/metadata" "github.com/aquasecurity/trivy/pkg/policy" - "github.com/stretchr/testify/assert" ) func Test_BuildVersionInfo(t *testing.T) {
{{ escapeXML .Type }}
{{ .Type | toString | escapeXML }}
No Vulnerabilities found