diff --git a/.github/workflows/semantic-pr.yaml b/.github/workflows/semantic-pr.yaml index b3cde58e2243..0b84c110abb5 100644 --- a/.github/workflows/semantic-pr.yaml +++ b/.github/workflows/semantic-pr.yaml @@ -100,4 +100,5 @@ jobs: helm report db + parser deps diff --git a/docs/community/contribute/pr.md b/docs/community/contribute/pr.md index 2982e3cecd72..2538cce3327f 100644 --- a/docs/community/contribute/pr.md +++ b/docs/community/contribute/pr.md @@ -178,6 +178,7 @@ others: - helm - report - db +- parser - deps The `` can be empty (e.g. if the change is a global or difficult to assign to a single component), in which case the parentheses are omitted. diff --git a/pkg/dependency/parser/c/conan/parse.go b/pkg/dependency/parser/c/conan/parse.go index 5113dfceae67..88e98e0b91dc 100644 --- a/pkg/dependency/parser/c/conan/parse.go +++ b/pkg/dependency/parser/c/conan/parse.go @@ -9,9 +9,9 @@ import ( "golang.org/x/exp/slices" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" - "github.com/aquasecurity/trivy/pkg/dependency/parser/log" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" + "github.com/aquasecurity/trivy/pkg/log" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) type LockFile struct { @@ -35,7 +35,7 @@ func NewParser() types.Parser { return &Parser{} } -func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { var lock LockFile input, err := io.ReadAll(r) if err != nil { diff --git a/pkg/dependency/parser/conda/meta/parse.go b/pkg/dependency/parser/conda/meta/parse.go index b78bcdb27058..4acdcf6c94c3 100644 --- a/pkg/dependency/parser/conda/meta/parse.go +++ b/pkg/dependency/parser/conda/meta/parse.go @@ -5,8 +5,8 @@ import ( "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) type packageJSON struct { @@ -24,7 +24,7 @@ func NewParser() types.Parser { // Parse parses Anaconda (a.k.a. conda) environment metadata. // e.g. /envs//conda-meta/.json // For details see https://conda.io/projects/conda/en/latest/user-guide/concepts/environments.html -func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { var data packageJSON err := json.NewDecoder(r).Decode(&data) if err != nil { @@ -35,9 +35,11 @@ func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, return nil, nil, xerrors.Errorf("unable to parse conda package") } - return []types.Library{{ - Name: data.Name, - Version: data.Version, - License: data.License, // can be empty - }}, nil, nil + return []types.Library{ + { + Name: data.Name, + Version: data.Version, + License: data.License, // can be empty + }, + }, nil, nil } diff --git a/pkg/dependency/parser/dart/pub/parse.go b/pkg/dependency/parser/dart/pub/parse.go index 57d468d98304..3b6ef40280e7 100644 --- a/pkg/dependency/parser/dart/pub/parse.go +++ b/pkg/dependency/parser/dart/pub/parse.go @@ -6,8 +6,8 @@ import ( "golang.org/x/xerrors" "gopkg.in/yaml.v3" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) const ( @@ -31,7 +31,7 @@ type Dep struct { Version string `yaml:"version"` } -func (Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { l := &lock{} if err := yaml.NewDecoder(r).Decode(&l); err != nil { return nil, nil, xerrors.Errorf("failed to decode pubspec.lock: %w", err) diff --git a/pkg/dependency/parser/dotnet/core_deps/parse.go b/pkg/dependency/parser/dotnet/core_deps/parse.go index 6e7fb46bb576..a8d44b8939e3 100644 --- a/pkg/dependency/parser/dotnet/core_deps/parse.go +++ b/pkg/dependency/parser/dotnet/core_deps/parse.go @@ -7,9 +7,9 @@ import ( "github.com/liamg/jfather" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" - "github.com/aquasecurity/trivy/pkg/dependency/parser/log" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" + "github.com/aquasecurity/trivy/pkg/log" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) type Parser struct{} @@ -18,7 +18,7 @@ func NewParser() types.Parser { return &Parser{} } -func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { var depsFile dotNetDependencies input, err := io.ReadAll(r) @@ -43,9 +43,14 @@ func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, } libraries = append(libraries, types.Library{ - Name: split[0], - Version: split[1], - Locations: []types.Location{{StartLine: lib.StartLine, EndLine: lib.EndLine}}, + Name: split[0], + Version: split[1], + Locations: []types.Location{ + { + StartLine: lib.StartLine, + EndLine: lib.EndLine, + }, + }, }) } diff --git a/pkg/dependency/parser/golang/binary/parse.go b/pkg/dependency/parser/golang/binary/parse.go index c4549e686933..bd31cec9ad1c 100644 --- a/pkg/dependency/parser/golang/binary/parse.go +++ b/pkg/dependency/parser/golang/binary/parse.go @@ -6,8 +6,8 @@ import ( "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) var ( @@ -36,7 +36,7 @@ func NewParser() types.Parser { } // Parse scans file to try to report the Go and module versions. -func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { info, err := buildinfo.Read(r) if err != nil { return nil, nil, convertError(err) diff --git a/pkg/dependency/parser/golang/mod/parse.go b/pkg/dependency/parser/golang/mod/parse.go index 9469efbccda9..716eed249534 100644 --- a/pkg/dependency/parser/golang/mod/parse.go +++ b/pkg/dependency/parser/golang/mod/parse.go @@ -11,8 +11,8 @@ import ( "golang.org/x/mod/modfile" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) var ( @@ -65,7 +65,7 @@ func resolveVCSUrl(modulePath string) string { } // Parse parses a go.mod file -func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { libs := make(map[string]types.Library) goModData, err := io.ReadAll(r) diff --git a/pkg/dependency/parser/golang/sum/parse.go b/pkg/dependency/parser/golang/sum/parse.go index c3653fc521bc..7a5eee5c6f0c 100644 --- a/pkg/dependency/parser/golang/sum/parse.go +++ b/pkg/dependency/parser/golang/sum/parse.go @@ -7,8 +7,8 @@ import ( "golang.org/x/xerrors" "github.com/aquasecurity/trivy/pkg/dependency/parser/golang/mod" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) type Parser struct{} @@ -18,7 +18,7 @@ func NewParser() types.Parser { } // Parse parses a go.sum file -func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { var libs []types.Library uniqueLibs := make(map[string]string) diff --git a/pkg/dependency/parser/gradle/lockfile/parse.go b/pkg/dependency/parser/gradle/lockfile/parse.go index 725d0a142d93..d88aab6bf461 100644 --- a/pkg/dependency/parser/gradle/lockfile/parse.go +++ b/pkg/dependency/parser/gradle/lockfile/parse.go @@ -5,9 +5,9 @@ import ( "fmt" "strings" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" "github.com/aquasecurity/trivy/pkg/dependency/parser/utils" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) type Parser struct{} @@ -16,7 +16,7 @@ func NewParser() types.Parser { return &Parser{} } -func (Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { var libs []types.Library scanner := bufio.NewScanner(r) var lineNum int diff --git a/pkg/dependency/parser/hex/mix/parse.go b/pkg/dependency/parser/hex/mix/parse.go index 2c72b98485d0..6430d406e0af 100644 --- a/pkg/dependency/parser/hex/mix/parse.go +++ b/pkg/dependency/parser/hex/mix/parse.go @@ -6,10 +6,10 @@ import ( "strings" "unicode" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" - "github.com/aquasecurity/trivy/pkg/dependency/parser/log" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" "github.com/aquasecurity/trivy/pkg/dependency/parser/utils" + "github.com/aquasecurity/trivy/pkg/log" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) // Parser is a parser for mix.lock @@ -19,7 +19,7 @@ func NewParser() types.Parser { return &Parser{} } -func (Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { var libs []types.Library scanner := bufio.NewScanner(r) var lineNumber int // It is used to save dependency location diff --git a/pkg/dependency/parser/io/io.go b/pkg/dependency/parser/io/io.go deleted file mode 100644 index 9601a6ec2ca3..000000000000 --- a/pkg/dependency/parser/io/io.go +++ /dev/null @@ -1,25 +0,0 @@ -package io - -import "io" - -type ReadSeekerAt interface { - io.ReadSeeker - io.ReaderAt -} - -type ReadSeekCloserAt interface { - io.ReadSeekCloser - io.ReaderAt -} - -// NopCloser returns a ReadSeekCloserAt with a no-op Close method wrapping -// the provided Reader r. -func NopCloser(r ReadSeekerAt) ReadSeekCloserAt { - return nopCloser{r} -} - -type nopCloser struct { - ReadSeekerAt -} - -func (nopCloser) Close() error { return nil } diff --git a/pkg/dependency/parser/java/jar/parse.go b/pkg/dependency/parser/java/jar/parse.go index 1ae709b1997e..800fc648c14e 100644 --- a/pkg/dependency/parser/java/jar/parse.go +++ b/pkg/dependency/parser/java/jar/parse.go @@ -18,9 +18,9 @@ import ( "go.uber.org/zap" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" - "github.com/aquasecurity/trivy/pkg/dependency/parser/log" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" + "github.com/aquasecurity/trivy/pkg/log" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) var ( @@ -73,7 +73,7 @@ func NewParser(c Client, opts ...Option) types.Parser { return p } -func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { libs, deps, err := p.parseArtifact(p.rootFilePath, p.size, r) if err != nil { return nil, nil, xerrors.Errorf("unable to parse %s: %w", p.rootFilePath, err) @@ -81,7 +81,7 @@ func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, return removeLibraryDuplicates(libs), deps, nil } -func (p *Parser) parseArtifact(filePath string, size int64, r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (p *Parser) parseArtifact(filePath string, size int64, r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { log.Logger.Debugw("Parsing Java artifacts...", zap.String("file", filePath)) // Try to extract artifactId and version from the file name @@ -147,7 +147,7 @@ func (p *Parser) parseArtifact(filePath string, size int64, r dio.ReadSeekerAt) return libs, nil, nil } -func (p *Parser) traverseZip(filePath string, size int64, r dio.ReadSeekerAt, fileProps Properties) ( +func (p *Parser) traverseZip(filePath string, size int64, r xio.ReadSeekerAt, fileProps Properties) ( []types.Library, manifest, bool, error) { var libs []types.Library var m manifest diff --git a/pkg/dependency/parser/java/jar/sonatype/log.go b/pkg/dependency/parser/java/jar/sonatype/log.go index c26cbb355baa..9d4ef0b7db87 100644 --- a/pkg/dependency/parser/java/jar/sonatype/log.go +++ b/pkg/dependency/parser/java/jar/sonatype/log.go @@ -1,6 +1,6 @@ package sonatype -import "github.com/aquasecurity/trivy/pkg/dependency/parser/log" +import "github.com/aquasecurity/trivy/pkg/log" // logger implements LeveledLogger // https://github.com/hashicorp/go-retryablehttp/blob/991b9d0a42d13014e3689dd49a94c02be01f4237/client.go#L285-L290 diff --git a/pkg/dependency/parser/java/pom/artifact.go b/pkg/dependency/parser/java/pom/artifact.go index 0c47336bbac9..86448170f910 100644 --- a/pkg/dependency/parser/java/pom/artifact.go +++ b/pkg/dependency/parser/java/pom/artifact.go @@ -9,8 +9,8 @@ import ( "github.com/samber/lo" "golang.org/x/exp/slices" - "github.com/aquasecurity/trivy/pkg/dependency/parser/log" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" + "github.com/aquasecurity/trivy/pkg/log" ) var ( diff --git a/pkg/dependency/parser/java/pom/parse.go b/pkg/dependency/parser/java/pom/parse.go index ec935b37988c..979801313d3e 100644 --- a/pkg/dependency/parser/java/pom/parse.go +++ b/pkg/dependency/parser/java/pom/parse.go @@ -18,10 +18,10 @@ import ( "golang.org/x/net/html/charset" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" - "github.com/aquasecurity/trivy/pkg/dependency/parser/log" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" "github.com/aquasecurity/trivy/pkg/dependency/parser/utils" + "github.com/aquasecurity/trivy/pkg/log" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) const ( @@ -83,7 +83,7 @@ func NewParser(filePath string, opts ...option) types.Parser { } } -func (p *parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (p *parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { content, err := parsePom(r) if err != nil { return nil, nil, xerrors.Errorf("failed to parse POM: %w", err) diff --git a/pkg/dependency/parser/java/pom/pom.go b/pkg/dependency/parser/java/pom/pom.go index e041cb10fddd..6a2a3148f322 100644 --- a/pkg/dependency/parser/java/pom/pom.go +++ b/pkg/dependency/parser/java/pom/pom.go @@ -12,9 +12,9 @@ import ( "github.com/samber/lo" "golang.org/x/xerrors" - "github.com/aquasecurity/trivy/pkg/dependency/parser/log" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" "github.com/aquasecurity/trivy/pkg/dependency/parser/utils" + "github.com/aquasecurity/trivy/pkg/log" ) type pom struct { diff --git a/pkg/dependency/parser/julia/manifest/parse.go b/pkg/dependency/parser/julia/manifest/parse.go index 8c61ab8d4fb8..3fc99d5ab0b3 100644 --- a/pkg/dependency/parser/julia/manifest/parse.go +++ b/pkg/dependency/parser/julia/manifest/parse.go @@ -8,8 +8,8 @@ import ( "golang.org/x/exp/maps" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) type primitiveManifest struct { @@ -31,7 +31,7 @@ func NewParser() types.Parser { return &Parser{} } -func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { var oldDeps map[string][]primitiveDependency var primMan primitiveManifest var manMetadata toml.MetaData diff --git a/pkg/dependency/parser/log/log.go b/pkg/dependency/parser/log/log.go deleted file mode 100644 index afe149e3b6d5..000000000000 --- a/pkg/dependency/parser/log/log.go +++ /dev/null @@ -1,24 +0,0 @@ -package log - -import ( - "go.uber.org/zap" -) - -var Logger *zap.SugaredLogger - -func init() { - config := zap.Config{ - Level: zap.NewAtomicLevelAt(zap.InfoLevel), - Development: false, - Encoding: "console", - EncoderConfig: zap.NewDevelopmentEncoderConfig(), - OutputPaths: []string{"stderr"}, - ErrorOutputPaths: []string{"stderr"}, - } - logger, _ := config.Build() - Logger = logger.Sugar() -} - -func SetLogger(l *zap.SugaredLogger) { - Logger = l -} diff --git a/pkg/dependency/parser/nodejs/npm/parse.go b/pkg/dependency/parser/nodejs/npm/parse.go index 42157b496b0e..0dbc1b1b2bac 100644 --- a/pkg/dependency/parser/nodejs/npm/parse.go +++ b/pkg/dependency/parser/nodejs/npm/parse.go @@ -12,10 +12,10 @@ import ( "golang.org/x/exp/maps" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" - "github.com/aquasecurity/trivy/pkg/dependency/parser/log" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" "github.com/aquasecurity/trivy/pkg/dependency/parser/utils" + "github.com/aquasecurity/trivy/pkg/log" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) const nodeModulesDir = "node_modules" @@ -55,7 +55,7 @@ func NewParser() types.Parser { return &Parser{} } -func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { var lockFile LockFile input, err := io.ReadAll(r) if err != nil { diff --git a/pkg/dependency/parser/nodejs/pnpm/parse.go b/pkg/dependency/parser/nodejs/pnpm/parse.go index dd1a7a8ef3bd..e36166f84782 100644 --- a/pkg/dependency/parser/nodejs/pnpm/parse.go +++ b/pkg/dependency/parser/nodejs/pnpm/parse.go @@ -9,9 +9,9 @@ import ( "gopkg.in/yaml.v3" "github.com/aquasecurity/go-version/pkg/semver" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" - "github.com/aquasecurity/trivy/pkg/dependency/parser/log" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" + "github.com/aquasecurity/trivy/pkg/log" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) type PackageResolution struct { @@ -44,7 +44,7 @@ func (p *Parser) ID(name, version string) string { return fmt.Sprintf("%s@%s", name, version) } -func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { var lockFile LockFile if err := yaml.NewDecoder(r).Decode(&lockFile); err != nil { return nil, nil, xerrors.Errorf("decode error: %w", err) diff --git a/pkg/dependency/parser/nodejs/yarn/parse.go b/pkg/dependency/parser/nodejs/yarn/parse.go index fe74bc678607..0264afc7cefa 100644 --- a/pkg/dependency/parser/nodejs/yarn/parse.go +++ b/pkg/dependency/parser/nodejs/yarn/parse.go @@ -10,10 +10,10 @@ import ( "github.com/samber/lo" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" - "github.com/aquasecurity/trivy/pkg/dependency/parser/log" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" "github.com/aquasecurity/trivy/pkg/dependency/parser/utils" + "github.com/aquasecurity/trivy/pkg/log" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) var ( @@ -265,7 +265,7 @@ func parseDependency(line string) (string, error) { } } -func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { lineNumber := 1 var libs []types.Library diff --git a/pkg/dependency/parser/nuget/config/parse.go b/pkg/dependency/parser/nuget/config/parse.go index 5720a373ec7f..ff6bafd31a03 100644 --- a/pkg/dependency/parser/nuget/config/parse.go +++ b/pkg/dependency/parser/nuget/config/parse.go @@ -5,9 +5,9 @@ import ( "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" "github.com/aquasecurity/trivy/pkg/dependency/parser/utils" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) type cfgPackageReference struct { @@ -29,7 +29,7 @@ func NewParser() types.Parser { return &Parser{} } -func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { var cfgData config if err := xml.NewDecoder(r).Decode(&cfgData); err != nil { return nil, nil, xerrors.Errorf("failed to decode .config file: %w", err) diff --git a/pkg/dependency/parser/nuget/lock/parse.go b/pkg/dependency/parser/nuget/lock/parse.go index f456f3edb2a8..8b3a238178d0 100644 --- a/pkg/dependency/parser/nuget/lock/parse.go +++ b/pkg/dependency/parser/nuget/lock/parse.go @@ -6,9 +6,9 @@ import ( "github.com/liamg/jfather" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" "github.com/aquasecurity/trivy/pkg/dependency/parser/utils" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) type LockFile struct { @@ -32,7 +32,7 @@ func NewParser() types.Parser { return &Parser{} } -func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { var lockFile LockFile input, err := io.ReadAll(r) if err != nil { diff --git a/pkg/dependency/parser/nuget/packagesprops/parse.go b/pkg/dependency/parser/nuget/packagesprops/parse.go index 6096c8948fb4..2471d6faf7db 100644 --- a/pkg/dependency/parser/nuget/packagesprops/parse.go +++ b/pkg/dependency/parser/nuget/packagesprops/parse.go @@ -6,9 +6,9 @@ import ( "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" "github.com/aquasecurity/trivy/pkg/dependency/parser/utils" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) type pkg struct { @@ -66,7 +66,7 @@ func isVariable(s string) bool { return strings.HasPrefix(s, "$(") && strings.HasSuffix(s, ")") } -func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { var configData project if err := xml.NewDecoder(r).Decode(&configData); err != nil { return nil, nil, xerrors.Errorf("failed to decode '*.packages.props' file: %w", err) diff --git a/pkg/dependency/parser/php/composer/parse.go b/pkg/dependency/parser/php/composer/parse.go index 05c5bf096ee2..849a67941d34 100644 --- a/pkg/dependency/parser/php/composer/parse.go +++ b/pkg/dependency/parser/php/composer/parse.go @@ -9,10 +9,10 @@ import ( "golang.org/x/exp/maps" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" - "github.com/aquasecurity/trivy/pkg/dependency/parser/log" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" "github.com/aquasecurity/trivy/pkg/dependency/parser/utils" + "github.com/aquasecurity/trivy/pkg/log" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) type lockFile struct { @@ -33,7 +33,7 @@ func NewParser() types.Parser { return &Parser{} } -func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { var lockFile lockFile input, err := io.ReadAll(r) if err != nil { diff --git a/pkg/dependency/parser/python/packaging/parse.go b/pkg/dependency/parser/python/packaging/parse.go index e61a6ac79ce0..4c68e11a9029 100644 --- a/pkg/dependency/parser/python/packaging/parse.go +++ b/pkg/dependency/parser/python/packaging/parse.go @@ -9,9 +9,9 @@ import ( "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" - "github.com/aquasecurity/trivy/pkg/dependency/parser/log" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" + "github.com/aquasecurity/trivy/pkg/log" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) type Parser struct{} @@ -22,7 +22,7 @@ func NewParser() types.Parser { // Parse parses egg and wheel metadata. // e.g. .egg-info/PKG-INFO and dist-info/METADATA -func (*Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (*Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { rd := textproto.NewReader(bufio.NewReader(r)) h, err := rd.ReadMIMEHeader() if e := textproto.ProtocolError(""); errors.As(err, &e) { diff --git a/pkg/dependency/parser/python/pip/parse.go b/pkg/dependency/parser/python/pip/parse.go index 159218d330a4..ca7b412f3817 100644 --- a/pkg/dependency/parser/python/pip/parse.go +++ b/pkg/dependency/parser/python/pip/parse.go @@ -10,8 +10,8 @@ import ( "golang.org/x/text/transform" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) const ( @@ -28,7 +28,7 @@ func NewParser() types.Parser { return &Parser{} } -func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { // `requirements.txt` can use byte order marks (BOM) // e.g. on Windows `requirements.txt` can use UTF-16LE with BOM // We need to override them to avoid the file being read incorrectly diff --git a/pkg/dependency/parser/python/pipenv/parse.go b/pkg/dependency/parser/python/pipenv/parse.go index 8556aadf6aa6..7b773fb1dbf6 100644 --- a/pkg/dependency/parser/python/pipenv/parse.go +++ b/pkg/dependency/parser/python/pipenv/parse.go @@ -7,8 +7,8 @@ import ( "github.com/liamg/jfather" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) type lockFile struct { @@ -26,7 +26,7 @@ func NewParser() types.Parser { return &Parser{} } -func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { var lockFile lockFile input, err := io.ReadAll(r) if err != nil { diff --git a/pkg/dependency/parser/python/poetry/parse.go b/pkg/dependency/parser/python/poetry/parse.go index 63f522aa01d5..38dcac2e1870 100644 --- a/pkg/dependency/parser/python/poetry/parse.go +++ b/pkg/dependency/parser/python/poetry/parse.go @@ -8,10 +8,10 @@ import ( "golang.org/x/xerrors" version "github.com/aquasecurity/go-pep440-version" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" - "github.com/aquasecurity/trivy/pkg/dependency/parser/log" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" "github.com/aquasecurity/trivy/pkg/dependency/parser/utils" + "github.com/aquasecurity/trivy/pkg/log" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) type Lockfile struct { @@ -34,7 +34,7 @@ func NewParser() types.Parser { return &Parser{} } -func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { var lockfile Lockfile if _, err := toml.NewDecoder(r).Decode(&lockfile); err != nil { return nil, nil, xerrors.Errorf("failed to decode poetry.lock: %w", err) diff --git a/pkg/dependency/parser/ruby/bundler/parse.go b/pkg/dependency/parser/ruby/bundler/parse.go index c90ccd095891..24b05d4aca38 100644 --- a/pkg/dependency/parser/ruby/bundler/parse.go +++ b/pkg/dependency/parser/ruby/bundler/parse.go @@ -8,9 +8,9 @@ import ( "golang.org/x/exp/maps" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" "github.com/aquasecurity/trivy/pkg/dependency/parser/utils" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) type Parser struct{} @@ -19,7 +19,7 @@ func NewParser() types.Parser { return &Parser{} } -func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { libs := make(map[string]types.Library) var dependsOn, directDeps []string var deps []types.Dependency diff --git a/pkg/dependency/parser/ruby/gemspec/parse.go b/pkg/dependency/parser/ruby/gemspec/parse.go index 904de138b2e2..65c94c6d2cef 100644 --- a/pkg/dependency/parser/ruby/gemspec/parse.go +++ b/pkg/dependency/parser/ruby/gemspec/parse.go @@ -8,8 +8,8 @@ import ( "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) const specNewStr = "Gem::Specification.new" @@ -47,7 +47,7 @@ func NewParser() types.Parser { return &Parser{} } -func (p *Parser) Parse(r dio.ReadSeekerAt) (libs []types.Library, deps []types.Dependency, err error) { +func (p *Parser) Parse(r xio.ReadSeekerAt) (libs []types.Library, deps []types.Dependency, err error) { var newVar, name, version, license string scanner := bufio.NewScanner(r) diff --git a/pkg/dependency/parser/rust/binary/parse.go b/pkg/dependency/parser/rust/binary/parse.go index 17ec2eb0fccc..71acbb2d5dce 100644 --- a/pkg/dependency/parser/rust/binary/parse.go +++ b/pkg/dependency/parser/rust/binary/parse.go @@ -5,9 +5,9 @@ import ( rustaudit "github.com/microsoft/go-rustaudit" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" "github.com/aquasecurity/trivy/pkg/dependency/parser/utils" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) var ( @@ -36,7 +36,7 @@ func NewParser() types.Parser { // Parse scans files to try to report Rust crates and version injected into Rust binaries // via https://github.com/rust-secure-code/cargo-auditable -func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { info, err := rustaudit.GetDependencyInfo(r) if err != nil { return nil, nil, convertError(err) diff --git a/pkg/dependency/parser/rust/cargo/parse.go b/pkg/dependency/parser/rust/cargo/parse.go index 3a75641c7eb6..e9426f5069d2 100644 --- a/pkg/dependency/parser/rust/cargo/parse.go +++ b/pkg/dependency/parser/rust/cargo/parse.go @@ -9,10 +9,10 @@ import ( "github.com/samber/lo" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" - "github.com/aquasecurity/trivy/pkg/dependency/parser/log" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" "github.com/aquasecurity/trivy/pkg/dependency/parser/utils" + "github.com/aquasecurity/trivy/pkg/log" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) type cargoPkg struct { @@ -31,7 +31,7 @@ func NewParser() types.Parser { return &Parser{} } -func (p *Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (p *Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { var lockfile Lockfile decoder := toml.NewDecoder(r) if _, err := decoder.Decode(&lockfile); err != nil { diff --git a/pkg/dependency/parser/swift/cocoapods/parse.go b/pkg/dependency/parser/swift/cocoapods/parse.go index ae3679ffcfb3..3caeeec04366 100644 --- a/pkg/dependency/parser/swift/cocoapods/parse.go +++ b/pkg/dependency/parser/swift/cocoapods/parse.go @@ -8,10 +8,10 @@ import ( "golang.org/x/xerrors" "gopkg.in/yaml.v3" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" - "github.com/aquasecurity/trivy/pkg/dependency/parser/log" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" "github.com/aquasecurity/trivy/pkg/dependency/parser/utils" + "github.com/aquasecurity/trivy/pkg/log" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) type Parser struct{} @@ -24,7 +24,7 @@ type lockFile struct { Pods []any `yaml:"PODS"` // pod can be string or map[string]interface{} } -func (Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { lock := &lockFile{} decoder := yaml.NewDecoder(r) if err := decoder.Decode(&lock); err != nil { diff --git a/pkg/dependency/parser/swift/swift/parse.go b/pkg/dependency/parser/swift/swift/parse.go index e8848da24e7d..19f5943b6b78 100644 --- a/pkg/dependency/parser/swift/swift/parse.go +++ b/pkg/dependency/parser/swift/swift/parse.go @@ -9,10 +9,10 @@ import ( "github.com/samber/lo" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" - "github.com/aquasecurity/trivy/pkg/dependency/parser/log" "github.com/aquasecurity/trivy/pkg/dependency/parser/types" "github.com/aquasecurity/trivy/pkg/dependency/parser/utils" + "github.com/aquasecurity/trivy/pkg/log" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) // Parser is a parser for Package.resolved files @@ -22,7 +22,7 @@ func NewParser() types.Parser { return &Parser{} } -func (Parser) Parse(r dio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { +func (Parser) Parse(r xio.ReadSeekerAt) ([]types.Library, []types.Dependency, error) { var lockFile LockFile input, err := io.ReadAll(r) if err != nil { diff --git a/pkg/dependency/parser/types/types.go b/pkg/dependency/parser/types/types.go index 1936012d8f48..b55d2c7df6ee 100644 --- a/pkg/dependency/parser/types/types.go +++ b/pkg/dependency/parser/types/types.go @@ -1,7 +1,7 @@ package types import ( - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) type Library struct { @@ -63,7 +63,7 @@ func (deps Dependencies) Swap(i, j int) { deps[i], deps[j] = deps[j], deps[i] } type Parser interface { // Parse parses the dependency file - Parse(r dio.ReadSeekerAt) ([]Library, []Dependency, error) + Parse(r xio.ReadSeekerAt) ([]Library, []Dependency, error) } type RefType string diff --git a/pkg/fanal/analyzer/analyzer.go b/pkg/fanal/analyzer/analyzer.go index b44ef3959dfd..c5f55fd5fa15 100644 --- a/pkg/fanal/analyzer/analyzer.go +++ b/pkg/fanal/analyzer/analyzer.go @@ -15,11 +15,11 @@ import ( "golang.org/x/sync/semaphore" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" fos "github.com/aquasecurity/trivy/pkg/fanal/analyzer/os" "github.com/aquasecurity/trivy/pkg/fanal/log" "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/misconf" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) var ( @@ -117,7 +117,7 @@ type CustomGroup interface { Group() Group } -type Opener func() (dio.ReadSeekCloserAt, error) +type Opener func() (xio.ReadSeekCloserAt, error) type AnalyzerGroup struct { analyzers []analyzer @@ -133,7 +133,7 @@ type AnalysisInput struct { Dir string FilePath string Info os.FileInfo - Content dio.ReadSeekerAt + Content xio.ReadSeekerAt Options AnalysisOptions } @@ -422,7 +422,7 @@ func (ag AnalyzerGroup) AnalyzeFile(ctx context.Context, wg *sync.WaitGroup, lim } wg.Add(1) - go func(a analyzer, rc dio.ReadSeekCloserAt) { + go func(a analyzer, rc xio.ReadSeekCloserAt) { defer limit.Release(1) defer wg.Done() defer rc.Close() diff --git a/pkg/fanal/analyzer/analyzer_test.go b/pkg/fanal/analyzer/analyzer_test.go index 9b8e889eba22..2c7284a1ae83 100644 --- a/pkg/fanal/analyzer/analyzer_test.go +++ b/pkg/fanal/analyzer/analyzer_test.go @@ -12,7 +12,7 @@ import ( "golang.org/x/sync/semaphore" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" + xio "github.com/aquasecurity/trivy/pkg/x/io" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/javadb" @@ -525,7 +525,7 @@ func TestAnalyzerGroup_AnalyzeFile(t *testing.T) { ctx := context.Background() err = a.AnalyzeFile(ctx, &wg, limit, got, "", tt.args.filePath, info, - func() (dio.ReadSeekCloserAt, error) { + func() (xio.ReadSeekCloserAt, error) { if tt.args.testFilePath == "testdata/error" { return nil, xerrors.New("error") } else if tt.args.testFilePath == "testdata/no-permission" { diff --git a/pkg/fanal/analyzer/language/analyze.go b/pkg/fanal/analyzer/language/analyze.go index 460254151bff..b60eebafc5d0 100644 --- a/pkg/fanal/analyzer/language/analyze.go +++ b/pkg/fanal/analyzer/language/analyze.go @@ -6,7 +6,6 @@ import ( "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" godeptypes "github.com/aquasecurity/trivy/pkg/dependency/parser/types" "github.com/aquasecurity/trivy/pkg/digest" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" @@ -17,7 +16,7 @@ import ( ) // Analyze returns an analysis result of the lock file -func Analyze(fileType types.LangType, filePath string, r dio.ReadSeekerAt, parser godeptypes.Parser) (*analyzer.AnalysisResult, error) { +func Analyze(fileType types.LangType, filePath string, r xio.ReadSeekerAt, parser godeptypes.Parser) (*analyzer.AnalysisResult, error) { app, err := Parse(fileType, filePath, r, parser) if err != nil { return nil, xerrors.Errorf("failed to parse %s: %w", filePath, err) @@ -31,7 +30,7 @@ func Analyze(fileType types.LangType, filePath string, r dio.ReadSeekerAt, parse } // AnalyzePackage returns an analysis result of the package file other than lock files -func AnalyzePackage(fileType types.LangType, filePath string, r dio.ReadSeekerAt, parser godeptypes.Parser, checksum bool) (*analyzer.AnalysisResult, error) { +func AnalyzePackage(fileType types.LangType, filePath string, r xio.ReadSeekerAt, parser godeptypes.Parser, checksum bool) (*analyzer.AnalysisResult, error) { app, err := ParsePackage(fileType, filePath, r, parser, checksum) if err != nil { return nil, xerrors.Errorf("failed to parse %s: %w", filePath, err) @@ -61,7 +60,7 @@ func Parse(fileType types.LangType, filePath string, r io.Reader, parser godepty } // ParsePackage returns a parsed result of the package file -func ParsePackage(fileType types.LangType, filePath string, r dio.ReadSeekerAt, parser godeptypes.Parser, checksum bool) (*types.Application, error) { +func ParsePackage(fileType types.LangType, filePath string, r xio.ReadSeekerAt, parser godeptypes.Parser, checksum bool) (*types.Application, error) { parsedLibs, parsedDependencies, err := parser.Parse(r) if err != nil { return nil, xerrors.Errorf("failed to parse %s: %w", filePath, err) @@ -77,7 +76,7 @@ func ParsePackage(fileType types.LangType, filePath string, r dio.ReadSeekerAt, return toApplication(fileType, filePath, filePath, r, parsedLibs, parsedDependencies), nil } -func toApplication(fileType types.LangType, filePath, libFilePath string, r dio.ReadSeekerAt, libs []godeptypes.Library, depGraph []godeptypes.Dependency) *types.Application { +func toApplication(fileType types.LangType, filePath, libFilePath string, r xio.ReadSeekerAt, libs []godeptypes.Library, depGraph []godeptypes.Dependency) *types.Application { if len(libs) == 0 { return nil } @@ -139,7 +138,7 @@ func toApplication(fileType types.LangType, filePath, libFilePath string, r dio. } } -func calculateDigest(r dio.ReadSeekerAt) (digest.Digest, error) { +func calculateDigest(r xio.ReadSeekerAt) (digest.Digest, error) { if r == nil { return "", nil } diff --git a/pkg/fanal/analyzer/language/analyze_test.go b/pkg/fanal/analyzer/language/analyze_test.go index fc47867eac76..b1dc6654db86 100644 --- a/pkg/fanal/analyzer/language/analyze_test.go +++ b/pkg/fanal/analyzer/language/analyze_test.go @@ -9,7 +9,7 @@ import ( "github.com/stretchr/testify/require" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" + xio "github.com/aquasecurity/trivy/pkg/x/io" godeptypes "github.com/aquasecurity/trivy/pkg/dependency/parser/types" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/analyzer/language" @@ -20,7 +20,7 @@ type mockParser struct { t *testing.T } -func (p *mockParser) Parse(r dio.ReadSeekerAt) ([]godeptypes.Library, []godeptypes.Dependency, error) { +func (p *mockParser) Parse(r xio.ReadSeekerAt) ([]godeptypes.Library, []godeptypes.Dependency, error) { b, err := io.ReadAll(r) require.NoError(p.t, err) @@ -43,7 +43,7 @@ func TestAnalyze(t *testing.T) { type args struct { fileType types.LangType filePath string - content dio.ReadSeekerAt + content xio.ReadSeekerAt } tests := []struct { name string diff --git a/pkg/fanal/analyzer/language/golang/mod/mod.go b/pkg/fanal/analyzer/language/golang/mod/mod.go index a75f3548815d..beb2f9f1213e 100644 --- a/pkg/fanal/analyzer/language/golang/mod/mod.go +++ b/pkg/fanal/analyzer/language/golang/mod/mod.go @@ -19,7 +19,6 @@ import ( "github.com/aquasecurity/trivy/pkg/dependency/parser/golang/mod" "github.com/aquasecurity/trivy/pkg/dependency/parser/golang/sum" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" godeptypes "github.com/aquasecurity/trivy/pkg/dependency/parser/types" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/analyzer/language" @@ -27,6 +26,7 @@ import ( "github.com/aquasecurity/trivy/pkg/licensing" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/utils/fsutils" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) func init() { @@ -216,7 +216,7 @@ func parse(fsys fs.FS, path string, parser godeptypes.Parser) (*types.Applicatio } defer f.Close() - file, ok := f.(dio.ReadSeekCloserAt) + file, ok := f.(xio.ReadSeekCloserAt) if !ok { return nil, xerrors.Errorf("type assertion error: %w", err) } diff --git a/pkg/fanal/analyzer/language/java/jar/jar.go b/pkg/fanal/analyzer/language/java/jar/jar.go index b41e92fb462b..42d1004a2f44 100644 --- a/pkg/fanal/analyzer/language/java/jar/jar.go +++ b/pkg/fanal/analyzer/language/java/jar/jar.go @@ -9,13 +9,13 @@ import ( "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/dependency/parser/java/jar" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/analyzer/language" "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/javadb" "github.com/aquasecurity/trivy/pkg/parallel" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) func init() { @@ -56,7 +56,7 @@ func (a *javaLibraryAnalyzer) PostAnalyze(ctx context.Context, input analyzer.Po } // It will be called on each JAR file - onFile := func(path string, info fs.FileInfo, r dio.ReadSeekerAt) (*types.Application, error) { + onFile := func(path string, info fs.FileInfo, r xio.ReadSeekerAt) (*types.Application, error) { p := jar.NewParser(client, jar.WithSize(info.Size()), jar.WithFilePath(path)) return language.ParsePackage(types.Jar, path, r, p, input.Options.FileChecksum) } diff --git a/pkg/fanal/analyzer/language/nodejs/npm/npm.go b/pkg/fanal/analyzer/language/nodejs/npm/npm.go index 6057fa2b4195..ecca16aa1996 100644 --- a/pkg/fanal/analyzer/language/nodejs/npm/npm.go +++ b/pkg/fanal/analyzer/language/nodejs/npm/npm.go @@ -11,7 +11,6 @@ import ( "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/dependency/parser/nodejs/npm" "github.com/aquasecurity/trivy/pkg/dependency/parser/nodejs/packagejson" godeptypes "github.com/aquasecurity/trivy/pkg/dependency/parser/types" @@ -20,6 +19,7 @@ import ( "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/utils/fsutils" + xio "github.com/aquasecurity/trivy/pkg/x/io" xpath "github.com/aquasecurity/trivy/pkg/x/path" ) @@ -114,7 +114,7 @@ func (a npmLibraryAnalyzer) parseNpmPkgLock(fsys fs.FS, filePath string) (*types } defer func() { _ = f.Close() }() - file, ok := f.(dio.ReadSeekCloserAt) + file, ok := f.(xio.ReadSeekCloserAt) if !ok { return nil, xerrors.Errorf("type assertion error: %w", err) } diff --git a/pkg/fanal/analyzer/language/nodejs/pkg/pkg.go b/pkg/fanal/analyzer/language/nodejs/pkg/pkg.go index 4dd1bfd26d79..d8c87b9b60ad 100644 --- a/pkg/fanal/analyzer/language/nodejs/pkg/pkg.go +++ b/pkg/fanal/analyzer/language/nodejs/pkg/pkg.go @@ -5,12 +5,12 @@ import ( "os" "path/filepath" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/dependency/parser/nodejs/packagejson" godeptypes "github.com/aquasecurity/trivy/pkg/dependency/parser/types" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/analyzer/language" "github.com/aquasecurity/trivy/pkg/fanal/types" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) func init() { @@ -24,7 +24,7 @@ const ( type parser struct{} -func (*parser) Parse(r dio.ReadSeekerAt) ([]godeptypes.Library, []godeptypes.Dependency, error) { +func (*parser) Parse(r xio.ReadSeekerAt) ([]godeptypes.Library, []godeptypes.Dependency, error) { p := packagejson.NewParser() pkg, err := p.Parse(r) if err != nil { diff --git a/pkg/fanal/analyzer/language/python/packaging/packaging.go b/pkg/fanal/analyzer/language/python/packaging/packaging.go index 35fdc544d8bb..b5e505140fd0 100644 --- a/pkg/fanal/analyzer/language/python/packaging/packaging.go +++ b/pkg/fanal/analyzer/language/python/packaging/packaging.go @@ -15,7 +15,6 @@ import ( "github.com/samber/lo" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/dependency/parser/python/packaging" godeptypes "github.com/aquasecurity/trivy/pkg/dependency/parser/types" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" @@ -24,6 +23,7 @@ import ( "github.com/aquasecurity/trivy/pkg/licensing" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/utils/fsutils" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) func init() { @@ -68,7 +68,7 @@ func (a packagingAnalyzer) PostAnalyze(_ context.Context, input analyzer.PostAna } err := fsutils.WalkDir(input.FS, ".", required, func(path string, d fs.DirEntry, r io.Reader) error { - rsa, ok := r.(dio.ReadSeekerAt) + rsa, ok := r.(xio.ReadSeekerAt) if !ok { return xerrors.New("invalid reader") } @@ -167,11 +167,11 @@ func classifyLicense(dir, licPath string, classifierConfidenceLevel float64, fsy return l.Findings, nil } -func (a packagingAnalyzer) parse(filePath string, r dio.ReadSeekerAt, checksum bool) (*types.Application, error) { +func (a packagingAnalyzer) parse(filePath string, r xio.ReadSeekerAt, checksum bool) (*types.Application, error) { return language.ParsePackage(types.PythonPkg, filePath, r, a.pkgParser, checksum) } -func (a packagingAnalyzer) analyzeEggZip(r io.ReaderAt, size int64) (dio.ReadSeekerAt, error) { +func (a packagingAnalyzer) analyzeEggZip(r io.ReaderAt, size int64) (xio.ReadSeekerAt, error) { zr, err := zip.NewReader(r, size) if err != nil { return nil, xerrors.Errorf("zip reader error: %w", err) @@ -187,7 +187,7 @@ func (a packagingAnalyzer) analyzeEggZip(r io.ReaderAt, size int64) (dio.ReadSee } // open reads the file content in the zip archive to make it seekable. -func (a packagingAnalyzer) open(file *zip.File) (dio.ReadSeekerAt, error) { +func (a packagingAnalyzer) open(file *zip.File) (xio.ReadSeekerAt, error) { f, err := file.Open() if err != nil { return nil, err diff --git a/pkg/fanal/analyzer/licensing/license.go b/pkg/fanal/analyzer/licensing/license.go index 188752a7efab..3e3986d732f8 100644 --- a/pkg/fanal/analyzer/licensing/license.go +++ b/pkg/fanal/analyzer/licensing/license.go @@ -11,11 +11,11 @@ import ( "golang.org/x/exp/slices" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/log" "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/licensing" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) const version = 1 @@ -96,7 +96,7 @@ func (a licenseFileAnalyzer) Required(filePath string, _ os.FileInfo) bool { return slices.Contains(acceptedFileNames, baseName) } -func isHumanReadable(content dio.ReadSeekerAt, fileSize int64) (bool, error) { +func isHumanReadable(content xio.ReadSeekerAt, fileSize int64) (bool, error) { headSize := int(math.Min(float64(fileSize), 300)) head := make([]byte, headSize) if _, err := content.Read(head); err != nil { diff --git a/pkg/fanal/analyzer/pkg/dpkg/copyright.go b/pkg/fanal/analyzer/pkg/dpkg/copyright.go index 4a6ef0602ea1..193fd5efe8d6 100644 --- a/pkg/fanal/analyzer/pkg/dpkg/copyright.go +++ b/pkg/fanal/analyzer/pkg/dpkg/copyright.go @@ -13,10 +13,10 @@ import ( "golang.org/x/exp/slices" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/licensing" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) func init() { @@ -75,7 +75,7 @@ func (a *dpkgLicenseAnalyzer) Analyze(_ context.Context, input analyzer.Analysis } // parseCopyright parses /usr/share/doc/*/copyright files -func (a *dpkgLicenseAnalyzer) parseCopyright(r dio.ReadSeekerAt) ([]types.LicenseFinding, error) { +func (a *dpkgLicenseAnalyzer) parseCopyright(r xio.ReadSeekerAt) ([]types.LicenseFinding, error) { scanner := bufio.NewScanner(r) var licenses []string for scanner.Scan() { diff --git a/pkg/fanal/analyzer/pkg/rpm/rpmqa.go b/pkg/fanal/analyzer/pkg/rpm/rpmqa.go index 16fa64e9edc6..83b06f16823b 100644 --- a/pkg/fanal/analyzer/pkg/rpm/rpmqa.go +++ b/pkg/fanal/analyzer/pkg/rpm/rpmqa.go @@ -9,9 +9,9 @@ import ( "golang.org/x/exp/slices" "golang.org/x/xerrors" - "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/types" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) func init() { @@ -44,7 +44,7 @@ func (a rpmqaPkgAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInpu }, nil } -func (a rpmqaPkgAnalyzer) parseRpmqaManifest(r io.ReadSeekerAt) ([]types.Package, error) { +func (a rpmqaPkgAnalyzer) parseRpmqaManifest(r xio.ReadSeekerAt) ([]types.Package, error) { var pkgs []types.Package scanner := bufio.NewScanner(r) for scanner.Scan() { diff --git a/pkg/fanal/artifact/vm/vm_test.go b/pkg/fanal/artifact/vm/vm_test.go index 28c4bf37d20a..2c47c756e6e5 100644 --- a/pkg/fanal/artifact/vm/vm_test.go +++ b/pkg/fanal/artifact/vm/vm_test.go @@ -14,7 +14,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" + xio "github.com/aquasecurity/trivy/pkg/x/io" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/artifact" "github.com/aquasecurity/trivy/pkg/fanal/artifact/vm" @@ -48,7 +48,7 @@ func (m *mockWalker) Walk(_ *io.SectionReader, _ string, fn walker.WalkFunc) err if err != nil { return err } - opener := func() (dio.ReadSeekCloserAt, error) { + opener := func() (xio.ReadSeekCloserAt, error) { return os.Open(path) } relPath, err := filepath.Rel(m.root, path) diff --git a/pkg/fanal/utils/utils.go b/pkg/fanal/utils/utils.go index fe16c2f4702f..1c5ea54b2612 100644 --- a/pkg/fanal/utils/utils.go +++ b/pkg/fanal/utils/utils.go @@ -9,7 +9,7 @@ import ( "os/exec" "path/filepath" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) var ( @@ -74,7 +74,7 @@ func IsExecutable(fileInfo os.FileInfo) bool { return false } -func IsBinary(content dio.ReadSeekerAt, fileSize int64) (bool, error) { +func IsBinary(content xio.ReadSeekerAt, fileSize int64) (bool, error) { headSize := int(math.Min(float64(fileSize), 300)) head := make([]byte, headSize) if _, err := content.Read(head); err != nil { diff --git a/pkg/fanal/walker/cached_file.go b/pkg/fanal/walker/cached_file.go index 5ff94a20d255..05cfa1443c39 100644 --- a/pkg/fanal/walker/cached_file.go +++ b/pkg/fanal/walker/cached_file.go @@ -8,7 +8,7 @@ import ( "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) // cachedFile represents a file cached in memory or storage according to the file size. @@ -36,7 +36,7 @@ func newCachedFile(size int64, r io.Reader, threshold int64) *cachedFile { // Open opens a file and cache the file. // If the file size is greater than or equal to threshold, it copies the content to a temp file and opens it next time. // If the file size is less than threshold, it opens the file once and the content will be shared so that others analyzers can use the same data. -func (o *cachedFile) Open() (dio.ReadSeekCloserAt, error) { +func (o *cachedFile) Open() (xio.ReadSeekCloserAt, error) { o.once.Do(func() { // When the file is large, it will be written down to a temp file. if o.size >= o.threshold { @@ -68,7 +68,7 @@ func (o *cachedFile) Open() (dio.ReadSeekCloserAt, error) { return o.open() } -func (o *cachedFile) open() (dio.ReadSeekCloserAt, error) { +func (o *cachedFile) open() (xio.ReadSeekCloserAt, error) { if o.filePath != "" { f, err := os.Open(o.filePath) if err != nil { @@ -77,7 +77,7 @@ func (o *cachedFile) open() (dio.ReadSeekCloserAt, error) { return f, nil } - return dio.NopCloser(bytes.NewReader(o.content)), nil + return xio.NopCloser(bytes.NewReader(o.content)), nil } func (o *cachedFile) Clean() error { diff --git a/pkg/fanal/walker/fs.go b/pkg/fanal/walker/fs.go index 19b265f26d9c..5397c1bdfc10 100644 --- a/pkg/fanal/walker/fs.go +++ b/pkg/fanal/walker/fs.go @@ -8,8 +8,8 @@ import ( swalker "github.com/saracen/walker" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/log" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) type ErrorCallback func(pathname string, err error) error @@ -114,8 +114,8 @@ func (w FS) walkSlow(root string, walkFn fastWalkFunc) error { } // fileOpener returns a function opening a file. -func (w *walker) fileOpener(pathname string) func() (dio.ReadSeekCloserAt, error) { - return func() (dio.ReadSeekCloserAt, error) { +func (w *walker) fileOpener(pathname string) func() (xio.ReadSeekCloserAt, error) { + return func() (xio.ReadSeekCloserAt, error) { return os.Open(pathname) } } diff --git a/pkg/fanal/walker/vm.go b/pkg/fanal/walker/vm.go index 5b64fdc19142..8d13e0aee57c 100644 --- a/pkg/fanal/walker/vm.go +++ b/pkg/fanal/walker/vm.go @@ -14,9 +14,9 @@ import ( "golang.org/x/exp/slices" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/fanal/vm/filesystem" "github.com/aquasecurity/trivy/pkg/log" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) var requiredDiskName = []string{ @@ -167,7 +167,7 @@ func newCachedVMFile(fsys fs.FS, filePath string, threshold int64) *cachedVMFile } } -func (cvf *cachedVMFile) Open() (dio.ReadSeekCloserAt, error) { +func (cvf *cachedVMFile) Open() (xio.ReadSeekCloserAt, error) { if cvf.cf != nil { return cvf.cf.Open() } diff --git a/pkg/log/logger.go b/pkg/log/logger.go index 7e300cdd8be8..89354def9185 100644 --- a/pkg/log/logger.go +++ b/pkg/log/logger.go @@ -10,7 +10,6 @@ import ( "go.uber.org/zap/zapcore" "golang.org/x/xerrors" - dlog "github.com/aquasecurity/trivy/pkg/dependency/parser/log" flog "github.com/aquasecurity/trivy/pkg/fanal/log" ) @@ -33,9 +32,6 @@ func InitLogger(debug, disable bool) (err error) { return xerrors.Errorf("failed to initialize a logger: %w", err) } - // Set logger for dependency/parser - dlog.SetLogger(Logger) - // Set logger for fanal flog.SetLogger(Logger) diff --git a/pkg/module/memfs.go b/pkg/module/memfs.go index e663eec44045..0a3b37452f91 100644 --- a/pkg/module/memfs.go +++ b/pkg/module/memfs.go @@ -7,8 +7,8 @@ import ( "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/mapfs" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) // memFS is a wrapper of mapfs.FS and can change its underlying file system @@ -29,7 +29,7 @@ func (m *memFS) Open(name string) (fs.File, error) { // // Note: it is always to safe swap the underlying FS with this API since this is called only at the beginning of // Analyze interface call, which is not concurrently called per module instance. -func (m *memFS) initialize(filePath string, content dio.ReadSeekerAt) error { +func (m *memFS) initialize(filePath string, content xio.ReadSeekerAt) error { mfs := mapfs.New() if err := mfs.MkdirAll(filepath.Dir(filePath), fs.ModePerm); err != nil { return xerrors.Errorf("mapfs mkdir error: %w", err) diff --git a/pkg/parallel/walk.go b/pkg/parallel/walk.go index ba92b1965a50..1156560a7212 100644 --- a/pkg/parallel/walk.go +++ b/pkg/parallel/walk.go @@ -8,13 +8,13 @@ import ( "golang.org/x/sync/errgroup" "golang.org/x/xerrors" - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" "github.com/aquasecurity/trivy/pkg/log" + xio "github.com/aquasecurity/trivy/pkg/x/io" ) const defaultParallel = 5 -type onFile[T any] func(string, fs.FileInfo, dio.ReadSeekerAt) (T, error) +type onFile[T any] func(string, fs.FileInfo, xio.ReadSeekerAt) (T, error) type onWalkResult[T any] func(T) error func WalkDir[T any](ctx context.Context, fsys fs.FS, root string, parallel int, @@ -100,7 +100,7 @@ func walk[T any](ctx context.Context, fsys fs.FS, path string, c chan T, onFile return xerrors.Errorf("stat error: %w", err) } - rsa, ok := f.(dio.ReadSeekerAt) + rsa, ok := f.(xio.ReadSeekerAt) if !ok { return xerrors.New("type assertion failed") } diff --git a/pkg/x/io/io.go b/pkg/x/io/io.go index b0fe586f0de1..c4ba4bfe4c59 100644 --- a/pkg/x/io/io.go +++ b/pkg/x/io/io.go @@ -5,12 +5,20 @@ import ( "io" "golang.org/x/xerrors" - - dio "github.com/aquasecurity/trivy/pkg/dependency/parser/io" ) -func NewReadSeekerAt(r io.Reader) (dio.ReadSeekerAt, error) { - if rr, ok := r.(dio.ReadSeekerAt); ok { +type ReadSeekerAt interface { + io.ReadSeeker + io.ReaderAt +} + +type ReadSeekCloserAt interface { + io.ReadSeekCloser + io.ReaderAt +} + +func NewReadSeekerAt(r io.Reader) (ReadSeekerAt, error) { + if rr, ok := r.(ReadSeekerAt); ok { return rr, nil } @@ -21,3 +29,15 @@ func NewReadSeekerAt(r io.Reader) (dio.ReadSeekerAt, error) { return bytes.NewReader(buff.Bytes()), nil } + +// NopCloser returns a ReadSeekCloserAt with a no-op Close method wrapping +// the provided Reader r. +func NopCloser(r ReadSeekerAt) ReadSeekCloserAt { + return nopCloser{r} +} + +type nopCloser struct { + ReadSeekerAt +} + +func (nopCloser) Close() error { return nil }