diff --git a/.github/workflows/cache-test-images.yaml b/.github/workflows/cache-test-images.yaml index e342a8098923..6190b225a2f9 100644 --- a/.github/workflows/cache-test-images.yaml +++ b/.github/workflows/cache-test-images.yaml @@ -57,10 +57,8 @@ jobs: go-version-file: go.mod cache: false - - name: Install tools - uses: aquaproj/aqua-installer@v3.1.1 - with: - aqua_version: v1.25.0 + - name: Install Go tools + run: go install tool # GOBIN is added to the PATH by the setup-go action - name: Generate image list digest if: github.ref_name == 'main' diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 109f9beaaf52..69916e8e45ce 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -51,10 +51,7 @@ jobs: if: ${{ failure() && steps.lint.conclusion == 'failure' }} - name: Install tools - uses: aquaproj/aqua-installer@v3.1.1 - with: - aqua_version: v1.25.0 - aqua_opts: "" + run: go install tool # GOBIN is added to the PATH by the setup-go action - name: Check if CLI references are up-to-date run: | @@ -136,10 +133,7 @@ jobs: cache: false - name: Install tools - uses: aquaproj/aqua-installer@v3.1.1 - with: - aqua_version: v1.25.0 - aqua_opts: "" + run: go install tool # GOBIN is added to the PATH by the setup-go action - name: Generate image list digest id: image-digest diff --git a/aqua.yaml b/aqua.yaml deleted file mode 100644 index d226226c6784..000000000000 --- a/aqua.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -# aqua - Declarative CLI Version Manager -# https://aquaproj.github.io/ -registries: -- type: standard - ref: v3.157.0 # renovate: depName=aquaproj/aqua-registry -packages: -- name: tinygo-org/tinygo@v0.36.0 -- name: WebAssembly/binaryen@version_112 -- name: magefile/mage@v1.14.0 \ No newline at end of file diff --git a/docs/docs/advanced/modules.md b/docs/docs/advanced/modules.md index f12d87b8df79..cac8cec0b7f5 100644 --- a/docs/docs/advanced/modules.md +++ b/docs/docs/advanced/modules.md @@ -12,7 +12,7 @@ They provide a way to extend the core feature set of Trivy, but without updating - They can be added and removed from a Trivy installation without impacting the core Trivy tool. - They can be written in any programming language supporting WebAssembly. - - It supports only [TinyGo][tinygo] at the moment. + - It supports only Go at the moment. You can write your own detection logic. @@ -94,9 +94,9 @@ $ trivy module uninstall ghcr.io/aquasecurity/trivy-module-spring4shell ``` ## Building Modules -It supports TinyGo only at the moment. +It supports Go only at the moment. -### TinyGo +### Go Trivy provides Go SDK including three interfaces. Your own module needs to implement either or both `Analyzer` and `PostScanner` in addition to `Module`. @@ -113,7 +113,7 @@ type Analyzer interface { type PostScanner interface { PostScanSpec() serialize.PostScanSpec - PostScan(serialize.Results) (serialize.Results, error) + PostScan(types.Results) (types.Results, error) } ``` @@ -142,6 +142,9 @@ const ( name = "wordpress-module" ) +// main is required for Go to compile the Wasm module +func main() {} + type WordpressModule struct{ // Cannot define fields as modules can't keep state. } @@ -203,7 +206,7 @@ func (WordpressModule) Analyze(filePath string) (*serialize.AnalysisResult, erro } return &serialize.AnalysisResult{ - CustomResources: []serialize.CustomResource{ + CustomResources: []ftypes.CustomResource{ { Type: typeWPVersion, FilePath: filePath, @@ -246,7 +249,7 @@ func (WordpressModule) PostScanSpec() serialize.PostScanSpec { } } -func (WordpressModule) PostScan(results serialize.Results) (serialize.Results, error) { +func (WordpressModule) PostScan(results types.Results) (types.Results, error) { // e.g. results // [ // { @@ -288,7 +291,7 @@ func (WordpressModule) PostScan(results serialize.Results) (serialize.Results, e if vulnerable { // Add CVE-2020-36326 - results = append(results, serialize.Result{ + results = append(results, types.Result{ Target: wpPath, Class: types.ClassLangPkg, Type: "wordpress", @@ -318,10 +321,10 @@ In the `Delete` action, `PostScan` needs to return results you want to delete. If `PostScan` returns an empty, Trivy will not delete anything. #### Build -Follow [the install guide][tinygo-installation] and install TinyGo. +Follow [the install guide][go-installation] and install Go. ```bash -$ tinygo build -o wordpress.wasm -scheduler=none -target=wasi --no-debug wordpress.go +$ GOOS=wasip1 GOARCH=wasm go build -o wordpress.wasm -buildmode=c-shared wordpress.go ``` Put the built binary to the module directory that is under the home directory by default. @@ -347,12 +350,11 @@ Digest: sha256:6416d0199d66ce52ced19f01d75454b22692ff3aa7737e45f7a189880840424f [regexp]: https://github.com/google/re2/wiki/Syntax -[tinygo]: https://tinygo.org/ [spring4shell]: https://blog.aquasec.com/zero-day-rce-vulnerability-spring4shell [wazero]: https://github.com/tetratelabs/wazero [trivy-module-spring4shell]: https://github.com/aquasecurity/trivy/tree/main/examples/module/spring4shell [trivy-module-wordpress]: https://github.com/aquasecurity/trivy-module-wordpress -[tinygo-installation]: https://tinygo.org/getting-started/install/ +[go-installation]: https://go.dev/doc/install [oras]: https://oras.land/cli/ \ No newline at end of file diff --git a/examples/module/spring4shell/README.md b/examples/module/spring4shell/README.md index 77b28697fce7..5f5db83e4c30 100644 --- a/examples/module/spring4shell/README.md +++ b/examples/module/spring4shell/README.md @@ -5,7 +5,7 @@ This module provides a more in-depth investigation of Spring4Shell detection. ## Set up ``` -$ tinygo build -o spring4shell.wasm -scheduler=none -target=wasi --no-debug spring4shell.go +$ GOOS=wasip1 GOARCH=wasm go build -o spring4shell.wasm -buildmode=c-shared spring4shell.go $ mkdir -p ~/.trivy/modules $ cp spring4shell.wasm ~/.trivy/modules ``` diff --git a/examples/module/spring4shell/spring4shell.go b/examples/module/spring4shell/spring4shell.go index e4f8c5a858c7..67520c37e366 100644 --- a/examples/module/spring4shell/spring4shell.go +++ b/examples/module/spring4shell/spring4shell.go @@ -1,5 +1,5 @@ -//go:generate tinygo build -o spring4shell.wasm -target=wasip1 --buildmode=c-shared spring4shell.go -//go:build tinygo.wasm +//go:generate go build -o spring4shell.wasm -buildmode=c-shared spring4shell.go +//go:build wasip1 package main @@ -13,9 +13,11 @@ import ( "strconv" "strings" + ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/module/api" "github.com/aquasecurity/trivy/pkg/module/serialize" "github.com/aquasecurity/trivy/pkg/module/wasm" + "github.com/aquasecurity/trivy/pkg/types" ) const ( @@ -29,6 +31,9 @@ var ( tomcatVersionRegex = regexp.MustCompile(`Apache Tomcat Version ([\d.]+)`) ) +// main is required for Go to compile the Wasm module +func main() {} + func init() { wasm.RegisterModule(Spring4Shell{}) } @@ -94,7 +99,7 @@ func (Spring4Shell) parseJavaRelease(f *os.File, filePath string) (*serialize.An } return &serialize.AnalysisResult{ - CustomResources: []serialize.CustomResource{ + CustomResources: []ftypes.CustomResource{ { Type: TypeJavaMajor, FilePath: filePath, @@ -116,7 +121,7 @@ func (Spring4Shell) parseTomcatReleaseNotes(f *os.File, filePath string) (*seria } return &serialize.AnalysisResult{ - CustomResources: []serialize.CustomResource{ + CustomResources: []ftypes.CustomResource{ { Type: TypeTomcatVersion, FilePath: filePath, @@ -221,7 +226,7 @@ func (Spring4Shell) PostScanSpec() serialize.PostScanSpec { // } // // ] -func (Spring4Shell) PostScan(results serialize.Results) (serialize.Results, error) { +func (Spring4Shell) PostScan(results types.Results) (types.Results, error) { var javaMajorVersion int var tomcatVersion string for _, result := range results { diff --git a/go.mod b/go.mod index 44bc48b124b4..10d78fcc0d5c 100644 --- a/go.mod +++ b/go.mod @@ -421,11 +421,7 @@ require ( ) require ( - github.com/STARRY-S/zip v0.2.1 // indirect - github.com/adrg/xdg v0.5.3 // indirect github.com/alessio/shellescape v1.4.1 // indirect - github.com/andybalholm/brotli v1.1.1 // indirect - github.com/aquaproj/aqua/v2 v2.45.0 // indirect github.com/aws/aws-sdk-go v1.55.6 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 // indirect @@ -437,55 +433,20 @@ require ( github.com/aws/aws-sdk-go-v2/service/sso v1.25.1 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.1 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.33.17 // indirect - github.com/bahlo/generic-list-go v0.2.0 // indirect - github.com/bodgit/plumbing v1.3.0 // indirect - github.com/bodgit/sevenzip v1.6.0 // indirect - github.com/bodgit/windows v1.0.1 // indirect - github.com/buger/jsonparser v1.1.1 // indirect github.com/evanphx/json-patch/v5 v5.6.0 // indirect - github.com/expr-lang/expr v1.16.9 // indirect - github.com/forPelevin/gomoji v1.3.0 // indirect - github.com/gdamore/encoding v1.0.0 // indirect - github.com/gdamore/tcell/v2 v2.6.0 // indirect github.com/google/go-github/v31 v31.0.0 // indirect - github.com/google/go-github/v69 v69.2.0 // indirect github.com/google/safetext v0.0.0-20220905092116-b49f7bc46da2 // indirect github.com/google/subcommands v1.2.0 // indirect - github.com/invopop/jsonschema v0.13.0 // indirect - github.com/klauspost/pgzip v1.2.6 // indirect github.com/knqyf263/labeler v0.0.0-20200423181506-7a6e545148c3 // indirect - github.com/ktr0731/go-ansisgr v0.1.0 // indirect - github.com/ktr0731/go-fuzzyfinder v0.8.0 // indirect - github.com/lucasb-eyer/go-colorful v1.2.0 // indirect - github.com/mholt/archives v0.1.0 // indirect - github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db // indirect - github.com/nsf/termbox-go v1.1.1 // indirect - github.com/nwaples/rardecode/v2 v2.0.0-beta.4.0.20241112120701-034e449c6e78 // indirect github.com/oklog/ulid/v2 v2.1.0 // indirect - github.com/otiai10/copy v1.14.1 // indirect - github.com/otiai10/mint v1.6.3 // indirect github.com/pelletier/go-toml v1.9.5 // indirect - github.com/pierrec/lz4/v4 v4.1.21 // indirect github.com/samber/oops v1.15.0 // indirect - github.com/schollz/progressbar/v3 v3.18.0 // indirect - github.com/sorairolake/lzip-go v0.3.5 // indirect - github.com/suzuki-shunsuke/go-error-with-exit-code v1.0.0 // indirect - github.com/suzuki-shunsuke/go-findconfig v1.2.0 // indirect - github.com/suzuki-shunsuke/go-osenv v0.1.0 // indirect - github.com/suzuki-shunsuke/logrus-error v0.1.4 // indirect - github.com/suzuki-shunsuke/urfave-cli-help-all v0.0.4 // indirect - github.com/therootcompany/xz v1.0.1 // indirect github.com/tonglil/versioning v0.0.0-20170205083536-8b2a4334bd1d // indirect - github.com/urfave/cli/v2 v2.27.5 // indirect - github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect - github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect - go4.org v0.0.0-20230225012048-214862532bf5 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect sigs.k8s.io/kind v0.19.0 // indirect ) tool ( - github.com/aquaproj/aqua/v2/cmd/aqua github.com/google/wire/cmd/wire github.com/knqyf263/labeler github.com/magefile/mage diff --git a/go.sum b/go.sum index 9c6853784614..f90f243939f7 100644 --- a/go.sum +++ b/go.sum @@ -721,16 +721,12 @@ github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMo github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/ProtonMail/go-crypto v1.1.5 h1:eoAQfK2dwL+tFSFpr7TbOaPNUbPiJj4fLYwwGE1FQO4= github.com/ProtonMail/go-crypto v1.1.5/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= -github.com/STARRY-S/zip v0.2.1 h1:pWBd4tuSGm3wtpoqRZZ2EAwOmcHK6XFf7bU9qcJXyFg= -github.com/STARRY-S/zip v0.2.1/go.mod h1:xNvshLODWtC4EJ702g7cTYn13G53o1+X9BWnPFpcWV4= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= github.com/ThalesIgnite/crypto11 v1.2.5 h1:1IiIIEqYmBvUYFeMnHqRft4bwf/O36jryEUpY+9ef8E= github.com/ThalesIgnite/crypto11 v1.2.5/go.mod h1:ILDKtnCKiQ7zRoNxcp36Y1ZR8LBPmR2E23+wTQe/MlE= github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow= github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4= -github.com/adrg/xdg v0.5.3 h1:xRnxJXne7+oWDatRhR1JLnvuccuIeCoBu2rtuLqQB78= -github.com/adrg/xdg v0.5.3/go.mod h1:nlTsY+NNiCBGCK2tpm09vRqfVzrc2fLmXGpBLF0zlTQ= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/agnivade/levenshtein v1.2.1 h1:EHBY3UOn1gwdy/VbFwgo4cxecRznFk7fKWN1KOX7eoM= @@ -774,8 +770,6 @@ github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTs github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 h1:aM1rlcoLz8y5B2r4tTLMiVTrMtpfY0O8EScKJxaSaEc= github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092/go.mod h1:rYqSE9HbjzpHTI74vwPvae4ZVYZd1lue2ta6xHPdblA= github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= -github.com/andybalholm/brotli v1.1.1 h1:PR2pgnyFznKEugtsUo0xLdDop5SKXd5Qf5ysW+7XdTA= -github.com/andybalholm/brotli v1.1.1/go.mod h1:05ib4cKhjx3OQYUY22hTVd34Bc8upXjOLL2rKwwZBoA= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= @@ -787,8 +781,6 @@ github.com/apparentlymart/go-cidr v1.1.0/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/Y github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= -github.com/aquaproj/aqua/v2 v2.45.0 h1:QxpKtRhzlX/EmJ2RzM91ykMX/XiPjDMLOWPdyaUhteE= -github.com/aquaproj/aqua/v2 v2.45.0/go.mod h1:gvFToZdfXXypvvVEuYOk9hO7TIvsZO4TWSLQkfK0aIY= github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30xLN2sUZcMXl50hg+PJCIDdJgIvIbVcKqLJ/ZrtM= github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8= github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM= @@ -867,8 +859,6 @@ github.com/aws/smithy-go v1.22.3 h1:Z//5NuZCSW6R4PhQ93hShNbyBbn8BWCmCVCt+Q8Io5k= github.com/aws/smithy-go v1.22.3/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI= github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 h1:SoFYaT9UyGkR0+nogNyD/Lj+bsixB+SNuAS4ABlEs6M= github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8/go.mod h1:2JF49jcDOrLStIXN/j/K1EKRq8a8R2qRnlZA6/o/c7c= -github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk= -github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -883,12 +873,6 @@ github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/bmatcuk/doublestar/v4 v4.8.1 h1:54Bopc5c2cAvhLRAzqOGCYHYyhcDHsFF4wWIR5wKP38= github.com/bmatcuk/doublestar/v4 v4.8.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= -github.com/bodgit/plumbing v1.3.0 h1:pf9Itz1JOQgn7vEOE7v7nlEfBykYqvUYioC61TwWCFU= -github.com/bodgit/plumbing v1.3.0/go.mod h1:JOTb4XiRu5xfnmdnDJo6GmSbSbtSyufrsyZFByMtKEs= -github.com/bodgit/sevenzip v1.6.0 h1:a4R0Wu6/P1o1pP/3VV++aEOcyeBxeO/xE2Y9NSTrr6A= -github.com/bodgit/sevenzip v1.6.0/go.mod h1:zOBh9nJUof7tcrlqJFv1koWRrhz3LbDbUNngkuZxLMc= -github.com/bodgit/windows v1.0.1 h1:tF7K6KOluPYygXa3Z2594zxlkbKPAOvqr97etrGNIz4= -github.com/bodgit/windows v1.0.1/go.mod h1:a6JLwrB4KrTR5hBpp8FI9/9W9jJfeQ2h4XDXU74ZCdM= github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= @@ -897,8 +881,6 @@ github.com/briandowns/spinner v1.23.0 h1:alDF2guRWqa/FOZZYWjlMIx2L6H0wyewPxo/CH4 github.com/briandowns/spinner v1.23.0/go.mod h1:rPG4gmXeN3wQV/TsAY4w8lPdIM6RX3yqeBQJSrbXjuE= github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70= github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= -github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= -github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZkEHchZRSq9OQbsSzIT/OrI8YFFmRIng= github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8= github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ= @@ -929,8 +911,6 @@ github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHe github.com/cheggaaa/pb v1.0.27/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s= github.com/cheggaaa/pb/v3 v3.1.7 h1:2FsIW307kt7A/rz/ZI2lvPO+v3wKazzE4K/0LtTWsOI= github.com/cheggaaa/pb/v3 v3.1.7/go.mod h1:/Ji89zfVPeC/u5j8ukD0MBPHt2bzTYp74lQ7KlgFWTQ= -github.com/chengxilo/virtualterm v1.0.4 h1:Z6IpERbRVlfB8WkOmtbHiDbBANU7cimRIof7mk9/PwM= -github.com/chengxilo/virtualterm v1.0.4/go.mod h1:DyxxBZz/x1iqJjFxTFcr6/x+jSpqN0iwWCOK1q10rlY= github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 h1:krfRl01rzPzxSxyLyrChD+U+MzsBXbm0OwYYB67uF+4= github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589/go.mod h1:OuDyvmLnMCwa2ep4Jkm6nyA0ocJuZlGyk2gGseVzERM= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= @@ -1091,8 +1071,6 @@ github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJ github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4= github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc= -github.com/expr-lang/expr v1.16.9 h1:WUAzmR0JNI9JCiF0/ewwHB1gmcGw5wW7nWt8gc6PpCI= -github.com/expr-lang/expr v1.16.9/go.mod h1:8/vRC7+7HBzESEqt5kKpYXxrxkr31SaO8r40VO/1IT4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= @@ -1101,8 +1079,6 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= -github.com/forPelevin/gomoji v1.3.0 h1:WPIOLWB1bvRYlKZnSSEevLt3IfKlLs+tK+YA9fFYlkE= -github.com/forPelevin/gomoji v1.3.0/go.mod h1:mM6GtmCgpoQP2usDArc6GjbXrti5+FffolyQfGgPboQ= github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7DlmewI= @@ -1116,10 +1092,6 @@ github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/ github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= -github.com/gdamore/encoding v1.0.0 h1:+7OoQ1Bc6eTm5niUzBa0Ctsh6JbMW6Ra+YNuAtDBdko= -github.com/gdamore/encoding v1.0.0/go.mod h1:alR0ol34c49FCSBLjhosxzcPHQbf2trDkoo5dl+VrEg= -github.com/gdamore/tcell/v2 v2.6.0 h1:OKbluoP9VYmJwZwq/iLb4BxwKcwGthaa1YNBJIyCySg= -github.com/gdamore/tcell/v2 v2.6.0/go.mod h1:be9omFATkdr0D9qewWW3d+MEvl5dha+Etb5y65J2H8Y= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/glebarez/go-sqlite v1.20.3 h1:89BkqGOXR9oRmG58ZrzgoY/Fhy5x0M+/WV48U5zVrZ4= github.com/glebarez/go-sqlite v1.20.3/go.mod h1:u3N6D/wftiAzIOJtZl6BmedqxmmkDfH3q+ihjqxC9u0= @@ -1311,8 +1283,6 @@ github.com/google/go-github/v55 v55.0.0 h1:4pp/1tNMB9X/LuAhs5i0KQAE40NmiR/y6prLN github.com/google/go-github/v55 v55.0.0/go.mod h1:JLahOTA1DnXzhxEymmFF5PP2tSS9JVNj68mSZNDwskA= github.com/google/go-github/v62 v62.0.0 h1:/6mGCaRywZz9MuHyw9gD1CwsbmBX8GWsbFkwMmHdhl4= github.com/google/go-github/v62 v62.0.0/go.mod h1:EMxeUqGJq2xRu9DYBMwel/mr7kZrzUOfQmmpYrZn2a4= -github.com/google/go-github/v69 v69.2.0 h1:wR+Wi/fN2zdUx9YxSmYE0ktiX9IAR/BeePzeaUUbEHE= -github.com/google/go-github/v69 v69.2.0/go.mod h1:xne4jymxLR6Uj9b7J7PyTpkMYstEMMwGZa0Aehh1azM= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= @@ -1463,8 +1433,6 @@ github.com/in-toto/in-toto-golang v0.9.0/go.mod h1:xsBVrVsHNsB61++S6Dy2vWosKhuA3 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/invopop/jsonschema v0.13.0 h1:KvpoAJWEjR3uD9Kbm2HWJmqsEaHt8lBUpd0qHcIi21E= -github.com/invopop/jsonschema v0.13.0/go.mod h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 h1:TMtDYDHKYY15rFihtRfck/bfFqNfvcabqvXAFQfAUpY= @@ -1507,8 +1475,6 @@ github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IX github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU= -github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f h1:GvCU5GXhHq+7LeOzx/haG7HSIZokl3/0GkoUFzsRJjg= github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f/go.mod h1:q59u9px8b7UTj0nIjEjvmTWekazka6xIt6Uogz5Dm+8= github.com/knqyf263/go-deb-version v0.0.0-20241115132648-6f4aee6ccd23 h1:dWzdsqjh1p2gNtRKqNwuBvKqMNwnLOPLzVZT1n6DK7s= @@ -1533,10 +1499,6 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/ktr0731/go-ansisgr v0.1.0 h1:fbuupput8739hQbEmZn1cEKjqQFwtCCZNznnF6ANo5w= -github.com/ktr0731/go-ansisgr v0.1.0/go.mod h1:G9lxwgBwH0iey0Dw5YQd7n6PmQTwTuTM/X5Sgm/UrzE= -github.com/ktr0731/go-fuzzyfinder v0.8.0 h1:+yobwo9lqZZ7jd1URPdCgZXTE2U1mpIVTkQoo4roi6w= -github.com/ktr0731/go-fuzzyfinder v0.8.0/go.mod h1:Bjpz5im+tppKE9Ii6UK1h+6RaX/lUvJ0ruO4LIYRkqo= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq6+3iTQz8KNCLtVX6idSoTLdUw= @@ -1552,8 +1514,6 @@ github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= -github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= -github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I= github.com/lufia/plan9stats v0.0.0-20240226150601-1dcf7310316a h1:3Bm7EwfUQUvhNeKIkUct/gl9eod1TcXuj8stxvi/GoI= github.com/lufia/plan9stats v0.0.0-20240226150601-1dcf7310316a/go.mod h1:ilwx/Dta8jXAgpFYFvSWEMwxmbWXyiUHkd5FwyKhb5k= @@ -1594,9 +1554,6 @@ github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= -github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= -github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk= @@ -1606,16 +1563,12 @@ github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxU github.com/mattn/go-sqlite3 v1.14.24 h1:tpSp2G2KyMnnQu99ngJ47EIkWVmliIizyZBfPrBWDRM= github.com/mattn/go-sqlite3 v1.14.24/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/mholt/archives v0.1.0 h1:FacgJyrjiuyomTuNA92X5GyRBRZjE43Y/lrzKIlF35Q= -github.com/mholt/archives v0.1.0/go.mod h1:j/Ire/jm42GN7h90F5kzj6hf6ZFzEH66de+hmjEKu+I= github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4= github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY= github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU= github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY= github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE= -github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ= -github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= @@ -1675,10 +1628,6 @@ github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJm github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 h1:Up6+btDp321ZG5/zdSLo48H9Iaq0UQGthrhWC6pCxzE= github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481/go.mod h1:yKZQO8QE2bHlgozqWDiRVqTFlLQSj30K/6SAK8EeYFw= -github.com/nsf/termbox-go v1.1.1 h1:nksUPLCb73Q++DwbYUBEglYBRPZyoXJdrj5L+TkjyZY= -github.com/nsf/termbox-go v1.1.1/go.mod h1:T0cTdVuOwf7pHQNtfhnEbzHbcNyCEcVU4YPpouCbVxo= -github.com/nwaples/rardecode/v2 v2.0.0-beta.4.0.20241112120701-034e449c6e78 h1:MYzLheyVx1tJVDqfu3YnN4jtnyALNzLvwl+f58TcvQY= -github.com/nwaples/rardecode/v2 v2.0.0-beta.4.0.20241112120701-034e449c6e78/go.mod h1:yntwv/HfMc/Hbvtq9I19D1n58te3h6KsqCf3GxyfBGY= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY= @@ -1719,10 +1668,6 @@ github.com/openvex/discovery v0.1.1-0.20240802171711-7c54efc57553 h1:c4u0GIH0w2Q github.com/openvex/discovery v0.1.1-0.20240802171711-7c54efc57553/go.mod h1:z4b//Qi7p7zcM/c41ogeTy+/nqfMbbeYnfZ+EMCTCD0= github.com/openvex/go-vex v0.2.5 h1:41utdp2rHgAGCsG+UbjmfMG5CWQxs15nGqir1eRgSrQ= github.com/openvex/go-vex v0.2.5/go.mod h1:j+oadBxSUELkrKh4NfNb+BPo77U3q7gdKME88IO/0Wo= -github.com/otiai10/copy v1.14.1 h1:5/7E6qsUMBaH5AnQ0sSLzzTg1oTECmcCmT6lvF45Na8= -github.com/otiai10/copy v1.14.1/go.mod h1:oQwrEDDOci3IM8dJF0d8+jnbfPDllW6vUjNc3DoZm9I= -github.com/otiai10/mint v1.6.3 h1:87qsV/aw1F5as1eH1zS/yqHY85ANKVMgkDrf9rcxbQs= -github.com/otiai10/mint v1.6.3/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.3 h1:ubWDJcF5i3L/EIOER+ZyQ03IfplbSU1BLOE26uKQIIU= github.com/owenrumney/go-sarif/v2 v2.3.3/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= @@ -1746,8 +1691,6 @@ github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2 github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= github.com/phpdave11/gofpdi v1.0.13/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= github.com/pierrec/lz4/v4 v4.1.15/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= -github.com/pierrec/lz4/v4 v4.1.21 h1:yOVMLb6qSIDP67pl/5F7RepeKYu/VmTyEXvuMI5d9mQ= -github.com/pierrec/lz4/v4 v4.1.21/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= github.com/pjbgf/sha1cd v0.3.2 h1:a9wb0bp1oC2TGwStyn0Umc/IGKQnEgF0vVaZ8QF8eo4= github.com/pjbgf/sha1cd v0.3.2/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxuCS6A= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= @@ -1802,7 +1745,6 @@ github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qq github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE= github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= -github.com/rivo/uniseg v0.4.3/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= @@ -1820,7 +1762,6 @@ github.com/rust-secure-code/go-rustaudit v0.0.0-20250226111315-e20ec32e963c h1:8 github.com/rust-secure-code/go-rustaudit v0.0.0-20250226111315-e20ec32e963c/go.mod h1:kwM/7r/rVluTE8qJbHAffduuqmSv4knVQT2IajGvSiA= github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w= github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245/go.mod h1:pQAZKsJ8yyVxGRWYNEm9oFB8ieLgKFnamEyDmSA0BRk= -github.com/rwcarlsen/goexif v0.0.0-20190401172101-9e8deecbddbd/go.mod h1:hPqNNc0+uJM6H+SuU8sEs5K5IQeKccPqeSjfgcKGgPk= github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/sagikazarmark/locafero v0.6.0 h1:ON7AQg37yzcRPU69mt7gwhFEBwxI6P9T4Qu3N51bwOk= @@ -1839,8 +1780,6 @@ github.com/sassoftware/relic v7.2.1+incompatible h1:Pwyh1F3I0r4clFJXkSI8bOyJINGq github.com/sassoftware/relic v7.2.1+incompatible/go.mod h1:CWfAxv73/iLZ17rbyhIEq3K9hs5w6FpNMdUT//qR+zk= github.com/sassoftware/relic/v7 v7.6.2 h1:rS44Lbv9G9eXsukknS4mSjIAuuX+lMq/FnStgmZlUv4= github.com/sassoftware/relic/v7 v7.6.2/go.mod h1:kjmP0IBVkJZ6gXeAu35/KCEfca//+PKM6vTAsyDPY+k= -github.com/schollz/progressbar/v3 v3.18.0 h1:uXdoHABRFmNIjUfte/Ex7WtuyVslrw2wVPQmCN62HpA= -github.com/schollz/progressbar/v3 v3.18.0/go.mod h1:IsO3lpbaGuzh8zIMzgY3+J8l4C8GjO0Y9S69eFvNsec= github.com/secure-systems-lab/go-securesystemslib v0.9.0 h1:rf1HIbL64nUpEIZnjLZ3mcNEL9NBPB0iuVjyxvq3LZc= github.com/secure-systems-lab/go-securesystemslib v0.9.0/go.mod h1:DVHKMcZ+V4/woA/peqr+L0joiRXbPpQ042GgJckkFgw= github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c= @@ -1886,8 +1825,6 @@ github.com/skeema/knownhosts v1.3.1 h1:X2osQ+RAjK76shCbvhHHHVl3ZlgDm8apHEHFqRjnB github.com/skeema/knownhosts v1.3.1/go.mod h1:r7KTdC8l4uxWRyK2TpQZ/1o5HaSzh06ePQNxPwTcfiY= github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA= github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog= -github.com/sorairolake/lzip-go v0.3.5 h1:ms5Xri9o1JBIWvOFAorYtUNik6HI3HgBTkISiqu0Cwg= -github.com/sorairolake/lzip-go v0.3.5/go.mod h1:N0KYq5iWrMXI0ZEXKXaS9hCyOjZUQdBDEIbXfoUwbdk= github.com/sosedoff/gitkit v0.4.0 h1:opyQJ/h9xMRLsz2ca/2CRXtstePcpldiZN8DpLLF8Os= github.com/sosedoff/gitkit v0.4.0/go.mod h1:V3EpGZ0nvCBhXerPsbDeqtyReNb48cwP9KtkUYTKT5I= github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo= @@ -1939,20 +1876,6 @@ github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOf github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8= github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= -github.com/suzuki-shunsuke/flute v1.0.1 h1:qzxSX2WQ8ih378zeCrjDMW5mVCsYyEmjicYuCy4aiLk= -github.com/suzuki-shunsuke/flute v1.0.1/go.mod h1:lQKcCgbjiIzH4lar2V2UX1IdEwAB5KTfTckgWN1rtFg= -github.com/suzuki-shunsuke/go-error-with-exit-code v1.0.0 h1:oVXrrYNGBq4POyITQNWKzwsYz7B2nUcqtDbeX4BfeEc= -github.com/suzuki-shunsuke/go-error-with-exit-code v1.0.0/go.mod h1:kDFtLeftDiIUUHXGI3xq5eJ+uAOi50FPrxPENTHktJ0= -github.com/suzuki-shunsuke/go-findconfig v1.2.0 h1:PWHIyKZEsVmZVh6+K+rHVw0/XjTFmQEYfa8ZIzIJd0c= -github.com/suzuki-shunsuke/go-findconfig v1.2.0/go.mod h1:lXzJUZQXrgsMmpHxXMVrWUAQpE4EopgDEJbwslvKbzs= -github.com/suzuki-shunsuke/go-jsoneq v0.1.2 h1:A4czEbmFqSELTbrEtXVo4dSgfz2e2Z0y6G3OpExUML8= -github.com/suzuki-shunsuke/go-jsoneq v0.1.2/go.mod h1:ETXAwfruZTqMMKDxc9CYoS34CNSsnzcdcVIAW3+RujI= -github.com/suzuki-shunsuke/go-osenv v0.1.0 h1:hBQ7yaeO1WBZsEWuDj1wrOWF+N7HSWSOpEiEZqfCjjk= -github.com/suzuki-shunsuke/go-osenv v0.1.0/go.mod h1:ZlSVi4kYvV51JEtYpdHh9hAxXKLOWExXel3Jo74aacQ= -github.com/suzuki-shunsuke/logrus-error v0.1.4 h1:nWo98uba1fANHdZ9Y5pJ2RKs/PpVjrLzRp5m+mRb9KE= -github.com/suzuki-shunsuke/logrus-error v0.1.4/go.mod h1:WsVvvw6SKSt08/fB2qbnsKIMJA4K1MYCUprqsBJbMiM= -github.com/suzuki-shunsuke/urfave-cli-help-all v0.0.4 h1:YGHgrVjGTYHY98II6zijXUHP+OyvrzSCvd8m9iUcaK8= -github.com/suzuki-shunsuke/urfave-cli-help-all v0.0.4/go.mod h1:sSi6xaUaHfaqu32ECLeyE7NTMv+ZM5dW0JikhllaalY= github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d h1:vfofYNRScrDdvS342BElfbETmL1Aiz3i2t0zfRj16Hs= github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d/go.mod h1:RRCYJbIwD5jmqPI9XoAFR0OcDxqUctll6zUj/+B4S48= github.com/tchap/go-patricia/v2 v2.3.2 h1:xTHFutuitO2zqKAQ5rCROYgUb7Or/+IC3fts9/Yc7nM= @@ -1967,8 +1890,6 @@ github.com/tetratelabs/wazero v1.9.0 h1:IcZ56OuxrtaEz8UYNRHBrUa9bYeX9oVY93KspZZB github.com/tetratelabs/wazero v1.9.0/go.mod h1:TSbcXCfFP0L2FGkRPxHphadXPjo1T6W+CseNNY7EkjM= github.com/thales-e-security/pool v0.0.2 h1:RAPs4q2EbWsTit6tpzuvTFlgFRJ3S8Evf5gtvVDbmPg= github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU= -github.com/therootcompany/xz v1.0.1 h1:CmOtsn1CbtmyYiusbfmhmkpAAETj0wBIH6kCYaX+xzw= -github.com/therootcompany/xz v1.0.1/go.mod h1:3K3UH1yCKgBneZYhuQUvJ9HPD19UEXEI0BWbMn8qNMY= github.com/theupdateframework/go-tuf v0.7.0 h1:CqbQFrWo1ae3/I0UCblSbczevCCbS31Qvs5LdxRWqRI= github.com/theupdateframework/go-tuf v0.7.0/go.mod h1:uEB7WSY+7ZIugK6R1hiBMBjQftaFzn7ZCDJcp1tCUug= github.com/tink-crypto/tink-go-awskms/v2 v2.1.0 h1:N9UxlsOzu5mttdjhxkDLbzwtEecuXmlxZVo/ds7JKJI= @@ -2000,8 +1921,6 @@ github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0o github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI= -github.com/urfave/cli/v2 v2.27.5 h1:WoHEJLdsXr6dDWoJgMq/CboDmyY/8HMMH1fTECbih+w= -github.com/urfave/cli/v2 v2.27.5/go.mod h1:3Sevf16NykTbInEnD0yKkjDAeZDS0A6bzhBH5hrMvTQ= github.com/vbatts/tar-split v0.11.6 h1:4SjTW5+PU11n6fZenf2IPoV8/tz3AaYHMWjf23envGs= github.com/vbatts/tar-split v0.11.6/go.mod h1:dqKNtesIOr2j2Qv3W/cHjnvk9I8+G7oAkFDFN6TCBEI= github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= @@ -2010,8 +1929,6 @@ github.com/vmihailenco/msgpack/v5 v5.4.1/go.mod h1:GaZTsDaehaPpQVyxrf5mtQlH+pc21 github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g= github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds= -github.com/wk8/go-ordered-map/v2 v2.1.8 h1:5h/BUHu93oj4gIdvHHHGsScSTMijfx5PeYkE/fJgbpc= -github.com/wk8/go-ordered-map/v2 v2.1.8/go.mod h1:5nJHM5DyteebpVlHnWMV0rPz6Zp7+xBAnxjb1X5vnTw= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xanzy/go-gitlab v0.102.0 h1:ExHuJ1OTQ2yt25zBMMj0G96ChBirGYv8U7HyUiYkZ+4= @@ -2029,10 +1946,6 @@ github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 h1:nIPpBwaJSVYIxUFsDv3M8ofm github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos= github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= -github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 h1:gEOO8jv9F4OT7lGCjxCBTO/36wtF6j2nSip77qHd4x4= -github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM= -github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU= -github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E= github.com/yashtewari/glob-intersection v0.2.0 h1:8iuHdN88yYuCzCdjt0gDe+6bAhUwBeEWqThExu54RFg= github.com/yashtewari/glob-intersection v0.2.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -2118,8 +2031,6 @@ go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= -go4.org v0.0.0-20230225012048-214862532bf5 h1:nifaUDeh+rPaBCMPMQHZmvJf+QdpLFnuQPwx+LxVmtc= -go4.org v0.0.0-20230225012048-214862532bf5/go.mod h1:F57wTi5Lrj6WLyswp5EYV1ncrEbFGHD4hhz6S1ZYeaU= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= diff --git a/integration/repo_test.go b/integration/repo_test.go index bd19e09976b5..5a87d196f6db 100644 --- a/integration/repo_test.go +++ b/integration/repo_test.go @@ -10,7 +10,7 @@ import ( "github.com/stretchr/testify/require" - "github.com/aquasecurity/trivy/pkg/fanal/artifact" + ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/types" ) @@ -431,7 +431,7 @@ func TestRepository(t *testing.T) { }, golden: "testdata/gomod-skip.json.golden", override: func(_ *testing.T, want, _ *types.Report) { - want.ArtifactType = artifact.TypeFilesystem + want.ArtifactType = ftypes.TypeFilesystem }, }, { @@ -445,7 +445,7 @@ func TestRepository(t *testing.T) { }, golden: "testdata/dockerfile-custom-policies.json.golden", override: func(_ *testing.T, want, got *types.Report) { - want.ArtifactType = artifact.TypeFilesystem + want.ArtifactType = ftypes.TypeFilesystem }, }, { diff --git a/integration/sbom_test.go b/integration/sbom_test.go index 1bc41f58639b..9ee8f187af98 100644 --- a/integration/sbom_test.go +++ b/integration/sbom_test.go @@ -10,7 +10,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/aquasecurity/trivy/pkg/fanal/artifact" + ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/types" ) @@ -38,7 +38,7 @@ func TestSBOM(t *testing.T) { golden: "testdata/centos-7.json.golden", override: func(t *testing.T, want, got *types.Report) { want.ArtifactName = "testdata/fixtures/sbom/centos-7-cyclonedx.json" - want.ArtifactType = artifact.TypeCycloneDX + want.ArtifactType = ftypes.TypeCycloneDX require.Len(t, got.Results, 1) want.Results[0].Target = "testdata/fixtures/sbom/centos-7-cyclonedx.json (centos 7.6.1810)" @@ -87,7 +87,7 @@ func TestSBOM(t *testing.T) { golden: "testdata/centos-7.json.golden", override: func(t *testing.T, want, got *types.Report) { want.ArtifactName = "testdata/fixtures/sbom/centos-7-cyclonedx.intoto.jsonl" - want.ArtifactType = artifact.TypeCycloneDX + want.ArtifactType = ftypes.TypeCycloneDX require.Len(t, got.Results, 1) want.Results[0].Target = "testdata/fixtures/sbom/centos-7-cyclonedx.intoto.jsonl (centos 7.6.1810)" @@ -108,7 +108,7 @@ func TestSBOM(t *testing.T) { golden: "testdata/centos-7.json.golden", override: func(t *testing.T, want, got *types.Report) { want.ArtifactName = "testdata/fixtures/sbom/centos-7-spdx.txt" - want.ArtifactType = artifact.TypeSPDX + want.ArtifactType = ftypes.TypeSPDX require.Len(t, got.Results, 1) want.Results[0].Target = "testdata/fixtures/sbom/centos-7-spdx.txt (centos 7.6.1810)" @@ -124,7 +124,7 @@ func TestSBOM(t *testing.T) { golden: "testdata/centos-7.json.golden", override: func(t *testing.T, want, got *types.Report) { want.ArtifactName = "testdata/fixtures/sbom/centos-7-spdx.json" - want.ArtifactType = artifact.TypeSPDX + want.ArtifactType = ftypes.TypeSPDX require.Len(t, got.Results, 1) want.Results[0].Target = "testdata/fixtures/sbom/centos-7-spdx.json (centos 7.6.1810)" diff --git a/magefiles/magefile.go b/magefiles/magefile.go index 89d9e891650b..de706e0a8c6c 100644 --- a/magefiles/magefile.go +++ b/magefiles/magefile.go @@ -224,11 +224,11 @@ func compileWasmModules(pattern string) error { } else if !updated { continue } - // Check if TinyGo is installed - if !installed("tinygo") { - return errors.New("need to install TinyGo, follow https://tinygo.org/getting-started/install/") + envs := map[string]string{ + "GOOS": "wasip1", + "GOARCH": "wasm", } - if err = sh.Run("go", "generate", src); err != nil { + if err = sh.RunWith(envs, "go", "generate", src); err != nil { return err } } diff --git a/pkg/db/db_test.go b/pkg/db/db_test.go index 98a00b380217..30d99f894320 100644 --- a/pkg/db/db_test.go +++ b/pkg/db/db_test.go @@ -143,6 +143,9 @@ func TestClient_NeedsUpdate(t *testing.T) { if tt.dbFileExists { err := db.Init(dbDir) require.NoError(t, err) + t.Cleanup(func() { + require.NoError(t, db.Close()) + }) } // Set a fake time @@ -199,7 +202,6 @@ func TestClient_Download(t *testing.T) { client := db.NewClient(dbDir, true, db.WithOCIArtifact(art)) err := client.Download(ctx, dbDir, ftypes.RegistryOptions{}) if tt.wantErr != "" { - require.Error(t, err) assert.ErrorContains(t, err, tt.wantErr) return } diff --git a/pkg/fanal/artifact/artifact.go b/pkg/fanal/artifact/artifact.go index 6dfa81fa735c..cde1a3ea611f 100644 --- a/pkg/fanal/artifact/artifact.go +++ b/pkg/fanal/artifact/artifact.go @@ -14,7 +14,7 @@ import ( ) type Option struct { - Type Type + Type types.ArtifactType AnalyzerGroup analyzer.Group // It is empty in OSS DisabledAnalyzers []analyzer.Type DisabledHandlers []types.HandlerType @@ -86,23 +86,10 @@ type Artifact interface { Clean(reference Reference) error } -// Type represents a type of artifact -type Type string - -const ( - TypeContainerImage Type = "container_image" - TypeFilesystem Type = "filesystem" - TypeRepository Type = "repository" - TypeCycloneDX Type = "cyclonedx" - TypeSPDX Type = "spdx" - TypeAWSAccount Type = "aws_account" - TypeVM Type = "vm" -) - // Reference represents a reference of container image, local filesystem and repository type Reference struct { Name string // image name, tar file name, directory or repository name - Type Type + Type types.ArtifactType ID string BlobIDs []string ImageMetadata ImageMetadata diff --git a/pkg/fanal/artifact/image/image.go b/pkg/fanal/artifact/image/image.go index cfded3028c78..30f446476dbf 100644 --- a/pkg/fanal/artifact/image/image.go +++ b/pkg/fanal/artifact/image/image.go @@ -149,7 +149,7 @@ func (a Artifact) Inspect(ctx context.Context) (ref artifact.Reference, err erro return artifact.Reference{ Name: a.image.Name(), - Type: artifact.TypeContainerImage, + Type: types.TypeContainerImage, ID: imageKey, BlobIDs: layerKeys, ImageMetadata: artifact.ImageMetadata{ diff --git a/pkg/fanal/artifact/image/image_test.go b/pkg/fanal/artifact/image/image_test.go index 3550292e48fd..c5f2988f9f6a 100644 --- a/pkg/fanal/artifact/image/image_test.go +++ b/pkg/fanal/artifact/image/image_test.go @@ -412,7 +412,7 @@ func TestArtifact_Inspect(t *testing.T) { }, want: artifact.Reference{ Name: "../../test/testdata/alpine-311.tar.gz", - Type: artifact.TypeContainerImage, + Type: types.TypeContainerImage, ID: "sha256:c232b7d8ac8aa08aa767313d0b53084c4380d1c01a213a5971bdb039e6538313", BlobIDs: []string{"sha256:24a7af33784fabfedf01999d9e0dc456e8e1c1943f7d4421f7c05164026788a4"}, ImageMetadata: artifact.ImageMetadata{ @@ -1730,7 +1730,7 @@ func TestArtifact_Inspect(t *testing.T) { }, want: artifact.Reference{ Name: "../../test/testdata/vuln-image.tar.gz", - Type: artifact.TypeContainerImage, + Type: types.TypeContainerImage, ID: "sha256:33f9415ed2cd5a9cef5d5144333619745b9ec0f851f0684dd45fa79c6b26a650", BlobIDs: []string{ "sha256:4a26915356c961f038d5a7b7f73f24cd1eec53dcf6fdeecd39b310ddc066faec", @@ -1881,7 +1881,7 @@ func TestArtifact_Inspect(t *testing.T) { }, want: artifact.Reference{ Name: "../../test/testdata/vuln-image.tar.gz", - Type: artifact.TypeContainerImage, + Type: types.TypeContainerImage, ID: "sha256:33f9415ed2cd5a9cef5d5144333619745b9ec0f851f0684dd45fa79c6b26a650", BlobIDs: []string{ "sha256:139bc12e936e0c46090b9380c4a29456d3ad8d8abd50c7bdc6160018cd887462", diff --git a/pkg/fanal/artifact/image/remote_sbom_test.go b/pkg/fanal/artifact/image/remote_sbom_test.go index e90c60f83d4e..036a4b3a68e1 100644 --- a/pkg/fanal/artifact/image/remote_sbom_test.go +++ b/pkg/fanal/artifact/image/remote_sbom_test.go @@ -116,7 +116,7 @@ func TestArtifact_InspectRekorAttestation(t *testing.T) { }, want: artifact.Reference{ Name: "test/image:10", - Type: artifact.TypeCycloneDX, + Type: types.TypeCycloneDX, ID: "sha256:066b9998617ffb7dfe0a3219ac5c3efc1008a6223606fcf474e7d5c965e4e8da", BlobIDs: []string{ "sha256:066b9998617ffb7dfe0a3219ac5c3efc1008a6223606fcf474e7d5c965e4e8da", @@ -266,7 +266,7 @@ func TestArtifact_inspectOCIReferrerSBOM(t *testing.T) { }, want: artifact.Reference{ Name: registry + "/test/image:10", - Type: artifact.TypeCycloneDX, + Type: types.TypeCycloneDX, ID: "sha256:a06ed679a3289fba254040e1ce8f3467fadcc454ee3d0d4720f6978065f56684", BlobIDs: []string{ "sha256:a06ed679a3289fba254040e1ce8f3467fadcc454ee3d0d4720f6978065f56684", diff --git a/pkg/fanal/artifact/local/fs.go b/pkg/fanal/artifact/local/fs.go index a0f220bbe9cf..716dc18b6a35 100644 --- a/pkg/fanal/artifact/local/fs.go +++ b/pkg/fanal/artifact/local/fs.go @@ -66,8 +66,8 @@ func NewArtifact(rootPath string, c cache.ArtifactCache, w Walker, opt artifact. return nil, xerrors.Errorf("analyzer group error: %w", err) } - opt.Type = cmp.Or(opt.Type, artifact.TypeFilesystem) - prefix := lo.Ternary(opt.Type == artifact.TypeRepository, "repo", "fs") + opt.Type = cmp.Or(opt.Type, types.TypeFilesystem) + prefix := lo.Ternary(opt.Type == types.TypeRepository, "repo", "fs") art := Artifact{ rootPath: filepath.ToSlash(filepath.Clean(rootPath)), diff --git a/pkg/fanal/artifact/local/fs_test.go b/pkg/fanal/artifact/local/fs_test.go index f9dd3261b44c..6e6107c272f8 100644 --- a/pkg/fanal/artifact/local/fs_test.go +++ b/pkg/fanal/artifact/local/fs_test.go @@ -81,7 +81,7 @@ func TestArtifact_Inspect(t *testing.T) { }, want: artifact.Reference{ Name: "host", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -110,7 +110,7 @@ func TestArtifact_Inspect(t *testing.T) { }, want: artifact.Reference{ Name: "host", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -169,7 +169,7 @@ func TestArtifact_Inspect(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/requirements.txt", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -209,7 +209,7 @@ func TestArtifact_Inspect(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/requirements.txt", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -297,7 +297,7 @@ func TestTerraformMisconfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/terraform/single-failure", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -372,7 +372,7 @@ func TestTerraformMisconfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/terraform/multiple-failures", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -394,7 +394,7 @@ func TestTerraformMisconfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/terraform/no-results", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -433,7 +433,7 @@ func TestTerraformMisconfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/terraform/passed", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -489,7 +489,7 @@ func TestTerraformMisconfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/terraform/busted-relative-paths/child/main.tf", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -533,7 +533,7 @@ func TestTerraformMisconfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/terraform/tfvar-outside/tf", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -614,7 +614,7 @@ func TestTerraformMisconfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/terraform/relative-paths/child", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -737,7 +737,7 @@ func TestTerraformPlanSnapshotMisconfScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/terraformplan/snapshots/single-failure", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -812,7 +812,7 @@ func TestTerraformPlanSnapshotMisconfScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/terraformplan/snapshots/multiple-failures", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -851,7 +851,7 @@ func TestTerraformPlanSnapshotMisconfScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/terraformplan/snapshots/passed", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -962,7 +962,7 @@ func TestCloudFormationMisconfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/cloudformation/single-failure/src", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -1043,7 +1043,7 @@ func TestCloudFormationMisconfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/cloudformation/multiple-failures/src", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -1072,7 +1072,7 @@ func TestCloudFormationMisconfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/cloudformation/no-results/src", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -1127,7 +1127,7 @@ func TestCloudFormationMisconfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/cloudformation/params/code/src", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -1182,7 +1182,7 @@ func TestCloudFormationMisconfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/cloudformation/passed/src", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -1270,7 +1270,7 @@ func TestDockerfileMisconfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/dockerfile/single-failure/src", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -1325,7 +1325,7 @@ func TestDockerfileMisconfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/dockerfile/multiple-failures/src", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -1353,7 +1353,7 @@ func TestDockerfileMisconfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/dockerfile/no-results/src", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -1410,7 +1410,7 @@ func TestDockerfileMisconfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/dockerfile/passed/src", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -1503,7 +1503,7 @@ func TestKubernetesMisconfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/kubernetes/single-failure/src", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -1586,7 +1586,7 @@ func TestKubernetesMisconfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/kubernetes/multiple-failures/src", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -1614,7 +1614,7 @@ func TestKubernetesMisconfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/kubernetes/no-results/src", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -1671,7 +1671,7 @@ func TestKubernetesMisconfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/kubernetes/passed/src", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -1762,7 +1762,7 @@ func TestAzureARMMisconfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/azurearm/single-failure/src", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -1842,7 +1842,7 @@ func TestAzureARMMisconfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/azurearm/multiple-failures/src", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -1870,7 +1870,7 @@ func TestAzureARMMisconfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/azurearm/no-results/src", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -1924,7 +1924,7 @@ func TestAzureARMMisconfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/azurearm/passed/src", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -2044,7 +2044,7 @@ func TestMixedConfigurationScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/mixed/src", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, }, }, } @@ -2153,7 +2153,7 @@ func TestJSONConfigScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/json/passed/src", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, }, }, { @@ -2202,7 +2202,7 @@ func TestJSONConfigScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/json/with-schema/src", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, }, }, } @@ -2315,7 +2315,7 @@ func TestYAMLConfigScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/yaml/passed/src", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, }, }, { @@ -2364,7 +2364,7 @@ func TestYAMLConfigScan(t *testing.T) { }, want: artifact.Reference{ Name: "testdata/misconfig/yaml/with-schema/src", - Type: artifact.TypeFilesystem, + Type: types.TypeFilesystem, }, }, } diff --git a/pkg/fanal/artifact/repo/git.go b/pkg/fanal/artifact/repo/git.go index ebd7458f33c7..0bd96be423e8 100644 --- a/pkg/fanal/artifact/repo/git.go +++ b/pkg/fanal/artifact/repo/git.go @@ -14,6 +14,7 @@ import ( "github.com/aquasecurity/trivy/pkg/cache" "github.com/aquasecurity/trivy/pkg/fanal/artifact" "github.com/aquasecurity/trivy/pkg/fanal/artifact/local" + "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/fanal/walker" ) @@ -35,7 +36,7 @@ func NewArtifact(target string, c cache.ArtifactCache, w Walker, artifactOpt art var cleanup func() var errs error - artifactOpt.Type = artifact.TypeRepository + artifactOpt.Type = types.TypeRepository // Try the local repository art, err := tryLocalRepo(target, c, w, artifactOpt) diff --git a/pkg/fanal/artifact/repo/git_test.go b/pkg/fanal/artifact/repo/git_test.go index 4725adf51f44..664ed036a67f 100644 --- a/pkg/fanal/artifact/repo/git_test.go +++ b/pkg/fanal/artifact/repo/git_test.go @@ -180,7 +180,7 @@ func TestArtifact_Inspect(t *testing.T) { rawurl: ts.URL + "/test-repo.git", want: artifact.Reference{ Name: ts.URL + "/test-repo.git", - Type: artifact.TypeRepository, + Type: types.TypeRepository, ID: "sha256:dc7c6039424c9fce969d3c2972d261af442a33f13e7494464386dbe280612d4c", // Calculated from commit hash BlobIDs: []string{ "sha256:dc7c6039424c9fce969d3c2972d261af442a33f13e7494464386dbe280612d4c", // Calculated from commit hash @@ -195,7 +195,7 @@ func TestArtifact_Inspect(t *testing.T) { rawurl: "../../../../internal/gittest/testdata/test-repo", want: artifact.Reference{ Name: "../../../../internal/gittest/testdata/test-repo", - Type: artifact.TypeRepository, + Type: types.TypeRepository, ID: "sha256:dc7c6039424c9fce969d3c2972d261af442a33f13e7494464386dbe280612d4c", // Calculated from commit hash BlobIDs: []string{ "sha256:dc7c6039424c9fce969d3c2972d261af442a33f13e7494464386dbe280612d4c", // Calculated from commit hash @@ -216,7 +216,7 @@ func TestArtifact_Inspect(t *testing.T) { }, want: artifact.Reference{ Name: "../../../../internal/gittest/testdata/test-repo", - Type: artifact.TypeRepository, + Type: types.TypeRepository, ID: "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", BlobIDs: []string{ "sha256:6f4672e139d4066fd00391df614cdf42bda5f7a3f005d39e1d8600be86157098", @@ -244,7 +244,7 @@ func TestArtifact_Inspect(t *testing.T) { }, want: artifact.Reference{ Name: "../../../../internal/gittest/testdata/test-repo", - Type: artifact.TypeRepository, + Type: types.TypeRepository, ID: "sha256:dc7c6039424c9fce969d3c2972d261af442a33f13e7494464386dbe280612d4c", BlobIDs: []string{ "sha256:dc7c6039424c9fce969d3c2972d261af442a33f13e7494464386dbe280612d4c", diff --git a/pkg/fanal/artifact/sbom/sbom.go b/pkg/fanal/artifact/sbom/sbom.go index 782a32d9b1f8..f964eb12f9e1 100644 --- a/pkg/fanal/artifact/sbom/sbom.go +++ b/pkg/fanal/artifact/sbom/sbom.go @@ -73,12 +73,12 @@ func (a Artifact) Inspect(ctx context.Context) (artifact.Reference, error) { return artifact.Reference{}, xerrors.Errorf("failed to store blob (%s) in cache: %w", cacheKey, err) } - var artifactType artifact.Type + var artifactType types.ArtifactType switch format { case sbom.FormatCycloneDXJSON, sbom.FormatCycloneDXXML, sbom.FormatAttestCycloneDXJSON, sbom.FormatLegacyCosignAttestCycloneDXJSON: - artifactType = artifact.TypeCycloneDX + artifactType = types.TypeCycloneDX case sbom.FormatSPDXTV, sbom.FormatSPDXJSON: - artifactType = artifact.TypeSPDX + artifactType = types.TypeSPDX } diff --git a/pkg/fanal/artifact/sbom/sbom_test.go b/pkg/fanal/artifact/sbom/sbom_test.go index ceee657db67a..c52c7fb2d8fb 100644 --- a/pkg/fanal/artifact/sbom/sbom_test.go +++ b/pkg/fanal/artifact/sbom/sbom_test.go @@ -189,7 +189,7 @@ func TestArtifact_Inspect(t *testing.T) { }, want: artifact.Reference{ Name: filepath.Join("testdata", "bom.json"), - Type: artifact.TypeCycloneDX, + Type: types.TypeCycloneDX, ID: "sha256:76bc49ae239d24c6a122e730bafb9d5295d0af380492aeb92a3bf34bea3a14ca", BlobIDs: []string{ "sha256:76bc49ae239d24c6a122e730bafb9d5295d0af380492aeb92a3bf34bea3a14ca", @@ -360,7 +360,7 @@ func TestArtifact_Inspect(t *testing.T) { }, want: artifact.Reference{ Name: filepath.Join("testdata", "sbom.cdx.intoto.jsonl"), - Type: artifact.TypeCycloneDX, + Type: types.TypeCycloneDX, ID: "sha256:76bc49ae239d24c6a122e730bafb9d5295d0af380492aeb92a3bf34bea3a14ca", BlobIDs: []string{ "sha256:76bc49ae239d24c6a122e730bafb9d5295d0af380492aeb92a3bf34bea3a14ca", diff --git a/pkg/fanal/artifact/vm/ebs.go b/pkg/fanal/artifact/vm/ebs.go index 280236cb371f..a4c47c676eaf 100644 --- a/pkg/fanal/artifact/vm/ebs.go +++ b/pkg/fanal/artifact/vm/ebs.go @@ -11,6 +11,7 @@ import ( "github.com/aquasecurity/trivy/pkg/cache" "github.com/aquasecurity/trivy/pkg/cloud/aws/config" "github.com/aquasecurity/trivy/pkg/fanal/artifact" + "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/log" ) @@ -54,7 +55,7 @@ func (a *EBS) Inspect(ctx context.Context) (artifact.Reference, error) { if a.hasCache(cacheKey) { return artifact.Reference{ Name: a.snapshotID, - Type: artifact.TypeVM, + Type: types.TypeVM, ID: cacheKey, // use a cache key as pseudo artifact ID BlobIDs: []string{cacheKey}, }, nil @@ -71,7 +72,7 @@ func (a *EBS) Inspect(ctx context.Context) (artifact.Reference, error) { return artifact.Reference{ Name: a.snapshotID, - Type: artifact.TypeVM, + Type: types.TypeVM, ID: cacheKey, // use a cache key as pseudo artifact ID BlobIDs: []string{cacheKey}, }, nil diff --git a/pkg/fanal/artifact/vm/file.go b/pkg/fanal/artifact/vm/file.go index a3cb262a98c8..3793c528972b 100644 --- a/pkg/fanal/artifact/vm/file.go +++ b/pkg/fanal/artifact/vm/file.go @@ -86,7 +86,7 @@ func (a *ImageFile) Inspect(ctx context.Context) (artifact.Reference, error) { return artifact.Reference{ Name: a.filePath, - Type: artifact.TypeVM, + Type: types.TypeVM, ID: cacheKey, // use a cache key as pseudo artifact ID BlobIDs: []string{cacheKey}, }, nil diff --git a/pkg/fanal/artifact/vm/vm_test.go b/pkg/fanal/artifact/vm/vm_test.go index 317fd77551ad..ab74d389dfbb 100644 --- a/pkg/fanal/artifact/vm/vm_test.go +++ b/pkg/fanal/artifact/vm/vm_test.go @@ -124,7 +124,7 @@ func TestArtifact_Inspect(t *testing.T) { }, want: artifact.Reference{ Name: "rawdata.img", - Type: artifact.TypeVM, + Type: types.TypeVM, ID: "sha256:84a726d23c36d0e1857101969b257c1199de5432489d44581750d54ea8eff8cd", BlobIDs: []string{ "sha256:84a726d23c36d0e1857101969b257c1199de5432489d44581750d54ea8eff8cd", @@ -143,7 +143,7 @@ func TestArtifact_Inspect(t *testing.T) { }, want: artifact.Reference{ Name: "ebs-012345", - Type: artifact.TypeVM, + Type: types.TypeVM, ID: "sha256:c28da2df41e019b5d18459440178341ec05e9082b12b6f11afe73f0600bfe96a", BlobIDs: []string{ "sha256:c28da2df41e019b5d18459440178341ec05e9082b12b6f11afe73f0600bfe96a", diff --git a/pkg/fanal/types/artifact.go b/pkg/fanal/types/artifact.go index 7c70d6f955aa..24ff13ba0500 100644 --- a/pkg/fanal/types/artifact.go +++ b/pkg/fanal/types/artifact.go @@ -7,6 +7,19 @@ import ( "github.com/samber/lo" ) +// ArtifactType represents a type of artifact +type ArtifactType string + +const ( + TypeContainerImage ArtifactType = "container_image" + TypeFilesystem ArtifactType = "filesystem" + TypeRepository ArtifactType = "repository" + TypeCycloneDX ArtifactType = "cyclonedx" + TypeSPDX ArtifactType = "spdx" + TypeAWSAccount ArtifactType = "aws_account" + TypeVM ArtifactType = "vm" +) + type OS struct { Family OSType Name string diff --git a/pkg/module/api/api.go b/pkg/module/api/api.go index 84c3bdd20b59..9a7337ed8899 100644 --- a/pkg/module/api/api.go +++ b/pkg/module/api/api.go @@ -1,6 +1,9 @@ package api -import "github.com/aquasecurity/trivy/pkg/module/serialize" +import ( + "github.com/aquasecurity/trivy/pkg/module/serialize" + "github.com/aquasecurity/trivy/pkg/types" +) const ( Version = 1 @@ -22,5 +25,5 @@ type Analyzer interface { type PostScanner interface { PostScanSpec() serialize.PostScanSpec - PostScan(serialize.Results) (serialize.Results, error) + PostScan(results types.Results) (types.Results, error) } diff --git a/pkg/module/module.go b/pkg/module/module.go index b755ef9ca7ee..c9a7772bdc7e 100644 --- a/pkg/module/module.go +++ b/pkg/module/module.go @@ -42,49 +42,37 @@ var ( // logDebug is defined as an api.GoModuleFunc for lower overhead vs reflection. func logDebug(_ context.Context, mod api.Module, params []uint64) { offset, size := uint32(params[0]), uint32(params[1]) - buf := readMemory(mod.Memory(), offset, size) if buf != nil { log.Debug(string(buf)) } - - return } // logInfo is defined as an api.GoModuleFunc for lower overhead vs reflection. func logInfo(_ context.Context, mod api.Module, params []uint64) { offset, size := uint32(params[0]), uint32(params[1]) - buf := readMemory(mod.Memory(), offset, size) if buf != nil { log.Info(string(buf)) } - - return } // logWarn is defined as an api.GoModuleFunc for lower overhead vs reflection. func logWarn(_ context.Context, mod api.Module, params []uint64) { offset, size := uint32(params[0]), uint32(params[1]) - buf := readMemory(mod.Memory(), offset, size) if buf != nil { log.Warn(string(buf)) } - - return } // logError is defined as an api.GoModuleFunc for lower overhead vs reflection. func logError(_ context.Context, mod api.Module, params []uint64) { offset, size := uint32(params[0]), uint32(params[1]) - buf := readMemory(mod.Memory(), offset, size) if buf != nil { log.Error(string(buf)) } - - return } func readMemory(mem api.Memory, offset, size uint32) []byte { @@ -154,6 +142,9 @@ func (m *Manager) loadModules(ctx context.Context) error { p, err := newWASMPlugin(ctx, m.cache, wasmCode) if err != nil { return xerrors.Errorf("WASM module init error %s: %w", rel, err) + } else if p == nil { + // Skip if nil => mismatch of API version etc. + return nil } // Skip Loading WASM modules if not in the list of enable modules flag. @@ -163,7 +154,6 @@ func (m *Manager) loadModules(ctx context.Context) error { log.Info("Module loaded", log.String("path", rel)) m.modules = append(m.modules, p) - return nil }) if err != nil { @@ -196,6 +186,8 @@ func splitPtrSize(u uint64) (uint32, uint32) { return ptr, size } +// ptrSizeToString reads the memory pointed by ptrSize, converting it to string. +// IMPORTANT: If the WASM function allocated this string, the caller must free it (using freePtr). func ptrSizeToString(mem api.Memory, ptrSize uint64) (string, error) { ptr, size := splitPtrSize(ptrSize) buf := readMemory(mem, ptr, size) @@ -206,6 +198,7 @@ func ptrSizeToString(mem api.Memory, ptrSize uint64) (string, error) { } // stringToPtr returns a pointer and size pair for the given string in a way compatible with WebAssembly numeric types. +// The caller is responsible for calling free at some point if needed. func stringToPtrSize(ctx context.Context, s string, mod api.Module, malloc api.Function) (uint64, uint64, error) { size := uint64(len(s)) results, err := malloc.Call(ctx, size) @@ -219,10 +212,23 @@ func stringToPtrSize(ctx context.Context, s string, mod api.Module, malloc api.F return 0, 0, xerrors.Errorf("Memory.Write(%d, %d) out of range of memory size %d", ptr, size, mod.Memory().Size()) } - return ptr, size, nil } +func freePtr(ctx context.Context, freeFn api.Function, ptrSize uint64) { + if ptrSize == 0 || freeFn == nil { + return + } + ptr, size := splitPtrSize(ptrSize) + if ptr == 0 { + return + } + // We're ignoring the error result to avoid overshadowing any preceding error. + _, _ = freeFn.Call(ctx, uint64(ptr), uint64(size)) +} + +// unmarshal reads memory at ptrSize, unmarshals JSON into v, but does not free automatically. +// The caller must ensure the pointer is freed if needed. func unmarshal(mem api.Memory, ptrSize uint64, v any) error { ptr, size := splitPtrSize(ptrSize) buf := readMemory(mem, ptr, size) @@ -232,10 +238,11 @@ func unmarshal(mem api.Memory, ptrSize uint64, v any) error { if err := json.Unmarshal(buf, v); err != nil { return xerrors.Errorf("unmarshal error: %w", err) } - return nil } +// marshal JSON-encodes v, calls malloc, writes the data into memory, and returns ptr+size in 64-bit. +// The caller must free that pointer if the WASM side expects it freed. func marshal(ctx context.Context, m api.Module, malloc api.Function, v any) (uint64, uint64, error) { b, err := json.Marshal(v) if err != nil { @@ -247,14 +254,11 @@ func marshal(ctx context.Context, m api.Module, malloc api.Function, v any) (uin if err != nil { return 0, 0, xerrors.Errorf("malloc error: %w", err) } - - // The pointer is a linear memory offset, which is where we write the marshaled value. ptr := results[0] if !m.Memory().Write(uint32(ptr), b) { return 0, 0, xerrors.Errorf("Memory.Write(%d, %d) out of range of memory size %d", ptr, size, m.Memory().Size()) } - return ptr, size, nil } @@ -274,8 +278,8 @@ type wasmModule struct { // Exported functions analyze api.Function postScan api.Function - malloc api.Function // TinyGo specific - free api.Function // TinyGo specific + malloc api.Function // Exported by Trivy Wasm SDK + free api.Function // Exported by Trivy Wasm SDK } func newWASMPlugin(ctx context.Context, ccache wazero.CompilationCache, code []byte) (*wasmModule, error) { @@ -313,19 +317,17 @@ func newWASMPlugin(ctx context.Context, ccache wazero.CompilationCache, code []b return nil, xerrors.Errorf("module compile error: %w", err) } - // InstantiateModule runs the "_start" function which is what TinyGo compiles "main" to. + // InstantiateModule runs the "_initialize" function mod, err := r.InstantiateModule(ctx, compiled, config) if err != nil { return nil, xerrors.Errorf("module init error: %w", err) } - // These are undocumented, but exported. See tinygo-org/tinygo#2788 - // TODO: improve TinyGo specific code malloc := mod.ExportedFunction("malloc") free := mod.ExportedFunction("free") // Get a module name - name, err := moduleName(ctx, mod) + name, err := moduleName(ctx, mod, free) if err != nil { return nil, xerrors.Errorf("failed to get a module name: %w", err) } @@ -372,7 +374,7 @@ func newWASMPlugin(ctx context.Context, ccache wazero.CompilationCache, code []b var requiredFiles []*regexp.Regexp if isAnalyzer { // Get required files - requiredFiles, err = moduleRequiredFiles(ctx, mod) + requiredFiles, err = moduleRequiredFiles(ctx, mod, free) if err != nil { return nil, xerrors.Errorf("failed to get required files: %w", err) } @@ -381,7 +383,7 @@ func newWASMPlugin(ctx context.Context, ccache wazero.CompilationCache, code []b var postScanSpec serialize.PostScanSpec if isPostScanner { // This spec defines how the module works in post scanning like INSERT, UPDATE and DELETE. - postScanSpec, err = modulePostScanSpec(ctx, mod) + postScanSpec, err = modulePostScanSpec(ctx, mod, free) if err != nil { return nil, xerrors.Errorf("failed to get a post scan spec: %w", err) } @@ -456,12 +458,14 @@ func (m *wasmModule) Analyze(ctx context.Context, input analyzer.AnalysisInput) return nil, err } + // 1. Convert filePath -> WASM memory inputPtr, inputSize, err := stringToPtrSize(ctx, filePath, m.mod, m.malloc) if err != nil { return nil, xerrors.Errorf("failed to write string to memory: %w", err) } defer m.free.Call(ctx, inputPtr) // nolint: errcheck + // 2. Call analyze analyzeRes, err := m.analyze.Call(ctx, inputPtr, inputSize) if err != nil { return nil, xerrors.Errorf("analyze error: %w", err) @@ -469,8 +473,13 @@ func (m *wasmModule) Analyze(ctx context.Context, input analyzer.AnalysisInput) return nil, xerrors.New("invalid signature: analyze") } + // 3. The returned pointer/size from analyze must be freed after reading + resultPtrSize := analyzeRes[0] + defer freePtr(ctx, m.free, resultPtrSize) + + // 4. Unmarshal the returned data var result analyzer.AnalysisResult - if err = unmarshal(m.mod.Memory(), analyzeRes[0], &result); err != nil { + if err = unmarshal(m.mod.Memory(), resultPtrSize, &result); err != nil { return nil, xerrors.Errorf("invalid return value: %w", err) } @@ -510,8 +519,13 @@ func (m *wasmModule) PostScan(ctx context.Context, results types.Results) (types return nil, xerrors.New("invalid signature: post_scan") } + // The returned pointer/size from post_scan must be freed after reading + postScanPtrSize := analyzeRes[0] + defer freePtr(ctx, m.free, postScanPtrSize) + + // Unmarshal the result var got types.Results - if err = unmarshal(m.mod.Memory(), analyzeRes[0], &got); err != nil { + if err = unmarshal(m.mod.Memory(), postScanPtrSize, &got); err != nil { return nil, xerrors.Errorf("post scan unmarshal error: %w", err) } @@ -621,7 +635,7 @@ func deleteResults(gotResults, results types.Results) { } } -func moduleName(ctx context.Context, mod api.Module) (string, error) { +func moduleName(ctx context.Context, mod api.Module, freeFn api.Function) (string, error) { nameFunc := mod.ExportedFunction("name") if nameFunc == nil { return "", xerrors.New("name() must be exported") @@ -634,7 +648,10 @@ func moduleName(ctx context.Context, mod api.Module) (string, error) { return "", xerrors.New("invalid signature: name()") } - name, err := ptrSizeToString(mod.Memory(), nameRes[0]) + ptrSize := nameRes[0] + defer freePtr(ctx, freeFn, ptrSize) + + name, err := ptrSizeToString(mod.Memory(), ptrSize) if err != nil { return "", xerrors.Errorf("invalid return value: %w", err) } @@ -653,7 +670,7 @@ func moduleVersion(ctx context.Context, mod api.Module) (int, error) { } else if len(versionRes) != 1 { return 0, xerrors.New("invalid signature: version") } - + // version is an int, not a pointer return int(uint32(versionRes[0])), nil } @@ -669,11 +686,11 @@ func moduleAPIVersion(ctx context.Context, mod api.Module) (int, error) { } else if len(versionRes) != 1 { return 0, xerrors.New("invalid signature: api_version") } - + // not a pointer return int(uint32(versionRes[0])), nil } -func moduleRequiredFiles(ctx context.Context, mod api.Module) ([]*regexp.Regexp, error) { +func moduleRequiredFiles(ctx context.Context, mod api.Module, freeFn api.Function) ([]*regexp.Regexp, error) { requiredFilesFunc := mod.ExportedFunction("required") if requiredFilesFunc == nil { return nil, xerrors.New("required() must be exported") @@ -683,11 +700,14 @@ func moduleRequiredFiles(ctx context.Context, mod api.Module) ([]*regexp.Regexp, if err != nil { return nil, xerrors.Errorf("wasm function required() invocation error: %w", err) } else if len(requiredFilesRes) != 1 { - return nil, xerrors.New("invalid signature: required_files") + return nil, xerrors.New("invalid signature: required") } - var fileRegexps serialize.StringSlice - if err = unmarshal(mod.Memory(), requiredFilesRes[0], &fileRegexps); err != nil { + ptrSize := requiredFilesRes[0] + defer freePtr(ctx, freeFn, ptrSize) + + var fileRegexps []string + if err = unmarshal(mod.Memory(), ptrSize, &fileRegexps); err != nil { return nil, xerrors.Errorf("invalid return value: %w", err) } @@ -716,7 +736,6 @@ func isType(ctx context.Context, mod api.Module, name string) (bool, error) { if isFunc == nil { return false, xerrors.Errorf("%s() must be exported", name) } - isRes, err := isFunc.Call(ctx) if err != nil { return false, xerrors.Errorf("wasm function %s() invocation error: %w", name, err) @@ -731,7 +750,7 @@ func dir() string { return filepath.Join(fsutils.HomeDir(), RelativeDir) } -func modulePostScanSpec(ctx context.Context, mod api.Module) (serialize.PostScanSpec, error) { +func modulePostScanSpec(ctx context.Context, mod api.Module, freeFn api.Function) (serialize.PostScanSpec, error) { postScanSpecFunc := mod.ExportedFunction("post_scan_spec") if postScanSpecFunc == nil { return serialize.PostScanSpec{}, xerrors.New("post_scan_spec() must be exported") @@ -744,8 +763,11 @@ func modulePostScanSpec(ctx context.Context, mod api.Module) (serialize.PostScan return serialize.PostScanSpec{}, xerrors.New("invalid signature: post_scan_spec") } + ptrSize := postScanSpecRes[0] + defer freePtr(ctx, freeFn, ptrSize) + var spec serialize.PostScanSpec - if err = unmarshal(mod.Memory(), postScanSpecRes[0], &spec); err != nil { + if err = unmarshal(mod.Memory(), ptrSize, &spec); err != nil { return serialize.PostScanSpec{}, xerrors.Errorf("invalid return value: %w", err) } diff --git a/pkg/module/serialize/types.go b/pkg/module/serialize/types.go index b34a222f67b7..57ca0c45ede5 100644 --- a/pkg/module/serialize/types.go +++ b/pkg/module/serialize/types.go @@ -1,11 +1,10 @@ package serialize import ( - "github.com/aquasecurity/trivy-db/pkg/types" + ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" ) -type StringSlice []string - +// TODO: replace with analyzer.AnalysisResult type AnalysisResult struct { // TODO: support other fields as well // OS *types.OS @@ -16,13 +15,7 @@ type AnalysisResult struct { // SystemInstalledFiles []string // A list of files installed by OS package manager // Currently it supports custom resources only - CustomResources []CustomResource -} - -type CustomResource struct { - Type string - FilePath string - Data any + CustomResources []ftypes.CustomResource } type PostScanAction string @@ -36,101 +29,3 @@ type PostScanSpec struct { // When the action is UPDATE, the matched result will be passed to the module. IDs []string } - -type Results []Result - -// Result re-defines the Result struct from 'pkg/types/' so TinyGo can compile the code. -// See https://github.com/aquasecurity/trivy/issues/6654 for more details. -type Result struct { - Target string `json:"Target"` - Class string `json:"Class,omitempty"` - Type string `json:"Type,omitempty"` - Vulnerabilities []DetectedVulnerability `json:"Vulnerabilities,omitempty"` - CustomResources []CustomResource `json:"CustomResources,omitempty"` -} - -type DetectedVulnerability struct { - VulnerabilityID string `json:",omitempty"` - VendorIDs []string `json:",omitempty"` - PkgID string `json:",omitempty"` - PkgName string `json:",omitempty"` - PkgPath string `json:",omitempty"` - InstalledVersion string `json:",omitempty"` - FixedVersion string `json:",omitempty"` - Status types.Status `json:",omitempty"` - Layer Layer `json:",omitempty"` - SeveritySource types.SourceID `json:",omitempty"` - PrimaryURL string `json:",omitempty"` - - // DataSource holds where the advisory comes from - DataSource *types.DataSource `json:",omitempty"` - - // Custom is for extensibility and not supposed to be used in OSS - Custom any `json:",omitempty"` - - // Embed vulnerability details - types.Vulnerability -} - -type DetectedMisconfiguration struct { - Type string `json:",omitempty"` - ID string `json:",omitempty"` - AVDID string `json:",omitempty"` - Title string `json:",omitempty"` - Description string `json:",omitempty"` - Message string `json:",omitempty"` - Namespace string `json:",omitempty"` - Query string `json:",omitempty"` - Resolution string `json:",omitempty"` - Severity string `json:",omitempty"` - PrimaryURL string `json:",omitempty"` - References []string `json:",omitempty"` - Status string `json:",omitempty"` - Layer Layer `json:",omitempty"` - CauseMetadata CauseMetadata `json:",omitempty"` - - // For debugging - Traces []string `json:",omitempty"` -} - -type CauseMetadata struct { - Resource string `json:",omitempty"` - Provider string `json:",omitempty"` - Service string `json:",omitempty"` - StartLine int `json:",omitempty"` - EndLine int `json:",omitempty"` - Code Code `json:",omitempty"` - Occurrences []Occurrence `json:",omitempty"` -} - -type Occurrence struct { - Resource string `json:",omitempty"` - Filename string `json:",omitempty"` - Location Location -} - -type Location struct { - StartLine int `json:",omitempty"` - EndLine int `json:",omitempty"` -} - -type Code struct { - Lines []Line -} - -type Line struct { - Number int `json:"Number"` - Content string `json:"Content"` - IsCause bool `json:"IsCause"` - Annotation string `json:"Annotation"` - Truncated bool `json:"Truncated"` - Highlighted string `json:"Highlighted,omitempty"` - FirstCause bool `json:"FirstCause"` - LastCause bool `json:"LastCause"` -} - -type Layer struct { - Digest string `json:",omitempty"` - DiffID string `json:",omitempty"` - CreatedBy string `json:",omitempty"` -} diff --git a/pkg/module/testdata/analyzer/analyzer.go b/pkg/module/testdata/analyzer/analyzer.go index e657680582d6..07baa2784d14 100644 --- a/pkg/module/testdata/analyzer/analyzer.go +++ b/pkg/module/testdata/analyzer/analyzer.go @@ -1,5 +1,5 @@ -//go:generate tinygo build -o analyzer.wasm -target=wasip1 --buildmode=c-shared analyzer.go -//go:build tinygo.wasm +//go:generate go build -o analyzer.wasm -buildmode=c-shared analyzer.go +//go:build wasip1 package main @@ -13,6 +13,8 @@ const ( moduleName = "analyzer" ) +func main() {} + func init() { wasm.RegisterModule(AnalyzerModule{}) } diff --git a/pkg/module/testdata/happy/happy.go b/pkg/module/testdata/happy/happy.go index 00905d232f7f..fc0f91c27887 100644 --- a/pkg/module/testdata/happy/happy.go +++ b/pkg/module/testdata/happy/happy.go @@ -1,5 +1,5 @@ -//go:generate tinygo build -o happy.wasm -target=wasip1 --buildmode=c-shared happy.go -//go:build tinygo.wasm +//go:generate go build -o happy.wasm -buildmode=c-shared happy.go +//go:build wasip1 package main @@ -7,6 +7,7 @@ import ( "github.com/aquasecurity/trivy/pkg/module/api" "github.com/aquasecurity/trivy/pkg/module/serialize" "github.com/aquasecurity/trivy/pkg/module/wasm" + "github.com/aquasecurity/trivy/pkg/types" ) const ( @@ -14,6 +15,8 @@ const ( moduleName = "happy" ) +func main() {} + func init() { wasm.RegisterModule(HappyModule{}) } @@ -42,6 +45,6 @@ func (HappyModule) PostScanSpec() serialize.PostScanSpec { } } -func (HappyModule) PostScan(_ serialize.Results) (serialize.Results, error) { +func (HappyModule) PostScan(_ types.Results) (types.Results, error) { return nil, nil } diff --git a/pkg/module/testdata/scanner/scanner.go b/pkg/module/testdata/scanner/scanner.go index 4c23a7732a00..1e6bcb0a5b7f 100644 --- a/pkg/module/testdata/scanner/scanner.go +++ b/pkg/module/testdata/scanner/scanner.go @@ -1,5 +1,5 @@ -//go:generate tinygo build -o scanner.wasm -target=wasip1 --buildmode=c-shared scanner.go -//go:build tinygo.wasm +//go:generate go build -o scanner.wasm -buildmode=c-shared scanner.go +//go:build wasip1 package main @@ -7,6 +7,7 @@ import ( "github.com/aquasecurity/trivy/pkg/module/api" "github.com/aquasecurity/trivy/pkg/module/serialize" "github.com/aquasecurity/trivy/pkg/module/wasm" + "github.com/aquasecurity/trivy/pkg/types" ) const ( @@ -14,6 +15,8 @@ const ( moduleName = "scanner" ) +func main() {} + func init() { wasm.RegisterModule(PostScannerModule{}) } @@ -34,6 +37,6 @@ func (PostScannerModule) PostScanSpec() serialize.PostScanSpec { } } -func (PostScannerModule) PostScan(_ serialize.Results) (serialize.Results, error) { +func (PostScannerModule) PostScan(_ types.Results) (types.Results, error) { return nil, nil } diff --git a/pkg/module/wasm/sdk.go b/pkg/module/wasm/sdk.go index 2ada2a345cd1..d6e6cdb6c3c2 100644 --- a/pkg/module/wasm/sdk.go +++ b/pkg/module/wasm/sdk.go @@ -1,19 +1,50 @@ -//go:build tinygo.wasm +//go:build wasip1 package wasm -// This package is designed to be imported by WASM modules. -// TinyGo can build this package, but Go cannot. - import ( "encoding/json" "fmt" "unsafe" "github.com/aquasecurity/trivy/pkg/module/api" - "github.com/aquasecurity/trivy/pkg/module/serialize" + "github.com/aquasecurity/trivy/pkg/types" ) +// allocations holds byte slices keyed by their 32-bit pointers (offsets in WASM memory). +// This map ensures that the allocated slices are not garbage-collected as long as we need them. +var allocations = make(map[uint32][]byte) + +// allocate creates a byte slice on the Go heap, which resides in WASM linear memory when compiled for WASI. +// It returns a 32-bit pointer (offset) that can be used to access this memory. +func allocate(size uint32) uint32 { + if size == 0 { + return 0 + } + buf := make([]byte, size) + ptr := uint32(uintptr(unsafe.Pointer(&buf[0]))) + allocations[ptr] = buf + return ptr +} + +// malloc exposes a C-style malloc to the host. +// It returns an offset in WASM linear memory where the requested size is allocated. +// +//go:wasmexport malloc +func _malloc(size uint32) uint32 { + return allocate(size) +} + +// free exposes a C-style free to the host. +// It deletes the slice from the allocations map so the memory can be reclaimed by the GC. +// +//go:wasmexport free +func _free(ptr uint32, size uint32) { + delete(allocations, ptr) +} + +// Debug, Info, Warn, Error functions ----------------------------------------- + func Debug(message string) { message = fmt.Sprintf("Module %s: %s", module.Name(), message) ptr, size := stringToPtr(message) @@ -38,6 +69,8 @@ func Error(message string) { _error(ptr, size) } +// Imported host functions --------------------------------------------------- + //go:wasmimport env debug func _debug(ptr uint32, size uint32) @@ -56,11 +89,13 @@ func RegisterModule(p api.Module) { module = p } +// Exported functions -------------------------------------------------------- + //go:wasmexport name func _name() uint64 { name := module.Name() ptr, size := stringToPtr(name) - return (uint64(ptr) << uint64(32)) | uint64(size) + return (uint64(ptr) << 32) | uint64(size) } //go:wasmexport api_version @@ -84,8 +119,7 @@ func _isAnalyzer() uint64 { //go:wasmexport required func _required() uint64 { files := module.(api.Analyzer).RequiredFiles() - ss := serialize.StringSlice(files) - return marshal(ss) + return marshal(files) } //go:wasmexport analyze @@ -114,7 +148,7 @@ func _post_scan_spec() uint64 { //go:wasmexport post_scan func _post_scan(ptr, size uint32) uint64 { - var results serialize.Results + var results types.Results if err := unmarshal(ptr, size, &results); err != nil { Error(fmt.Sprintf("post scan error: %s", err)) return 0 @@ -128,17 +162,24 @@ func _post_scan(ptr, size uint32) uint64 { return marshal(results) } +// marshal converts the given value to JSON and allocates memory for it in WASM, +// returning a 64-bit packed pointer and size (high 32 bits = pointer, low 32 bits = length). func marshal(v any) uint64 { b, err := json.Marshal(v) if err != nil { Error(fmt.Sprintf("marshal error: %s", err)) return 0 } + // Allocate space in WASM for the JSON-encoded data + ptr := allocate(uint32(len(b))) + // Copy the JSON bytes into the allocated slice + copy(allocations[ptr], b) - p := uintptr(unsafe.Pointer(&b[0])) - return (uint64(p) << uint64(32)) | uint64(len(b)) + // Pack the pointer and length into a single uint64 + return (uint64(ptr) << 32) | uint64(len(b)) } +// unmarshal reads the data from WASM memory and unmarshals JSON into v. func unmarshal(ptr, size uint32, v any) error { s := ptrToString(ptr, size) if err := json.Unmarshal([]byte(s), v); err != nil { @@ -147,16 +188,17 @@ func unmarshal(ptr, size uint32, v any) error { return nil } -// ptrToString returns a string from WebAssembly compatible numeric types representing its pointer and length. +// ptrToString constructs a Go string from a pointer and size in WASM memory. +// This uses unsafe.Slice to wrap the memory, then builds a string without an extra copy. func ptrToString(ptr uint32, size uint32) string { b := unsafe.Slice((*byte)(unsafe.Pointer(uintptr(ptr))), size) return *(*string)(unsafe.Pointer(&b)) } -// stringToPtr returns a pointer and size pair for the given string in a way compatible with WebAssembly numeric types. +// stringToPtr converts a Go string into a pointer and size so that we can return +// them as numeric values in WASM-compatible form. func stringToPtr(s string) (uint32, uint32) { buf := []byte(s) - ptr := &buf[0] - unsafePtr := uintptr(unsafe.Pointer(ptr)) - return uint32(unsafePtr), uint32(len(buf)) + p := uintptr(unsafe.Pointer(&buf[0])) + return uint32(p), uint32(len(buf)) } diff --git a/pkg/report/github/github.go b/pkg/report/github/github.go index 87c74639bcba..72af018e3c2d 100644 --- a/pkg/report/github/github.go +++ b/pkg/report/github/github.go @@ -12,7 +12,6 @@ import ( "golang.org/x/xerrors" "github.com/aquasecurity/trivy/pkg/clock" - "github.com/aquasecurity/trivy/pkg/fanal/artifact" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/purl" "github.com/aquasecurity/trivy/pkg/types" @@ -106,7 +105,7 @@ func (w Writer) Write(ctx context.Context, report types.Report) error { manifest.Name = string(result.Type) // show path for language-specific packages only if result.Class == types.ClassLangPkg { - if report.ArtifactType == artifact.TypeContainerImage { + if report.ArtifactType == ftypes.TypeContainerImage { // `RepoDigests` ~= /@sha256: // `RepoTag` ~= /: // By concatenating the hash from `RepoDigests` at the end of `RepoTag` we get all the information diff --git a/pkg/report/predicate/vuln_test.go b/pkg/report/predicate/vuln_test.go index 181e32d73909..1937efc1d9a2 100644 --- a/pkg/report/predicate/vuln_test.go +++ b/pkg/report/predicate/vuln_test.go @@ -11,7 +11,7 @@ import ( dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" "github.com/aquasecurity/trivy/pkg/clock" - "github.com/aquasecurity/trivy/pkg/fanal/artifact" + ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/report/predicate" "github.com/aquasecurity/trivy/pkg/types" ) @@ -48,7 +48,7 @@ func TestWriter_Write(t *testing.T) { Result: types.Report{ SchemaVersion: 2, ArtifactName: "alpine:3.14", - ArtifactType: artifact.Type(""), + ArtifactType: ftypes.ArtifactType(""), Metadata: types.Metadata{}, Results: types.Results{ { diff --git a/pkg/report/sarif.go b/pkg/report/sarif.go index 06c62b18353a..dadec92db4cb 100644 --- a/pkg/report/sarif.go +++ b/pkg/report/sarif.go @@ -13,7 +13,6 @@ import ( "github.com/owenrumney/go-sarif/v2/sarif" "golang.org/x/xerrors" - "github.com/aquasecurity/trivy/pkg/fanal/artifact" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/types" @@ -133,7 +132,7 @@ func (sw *SarifWriter) Write(ctx context.Context, report types.Report) error { sw.run.Tool.Driver.WithVersion(sw.Version) sw.run.Tool.Driver.WithFullName("Trivy Vulnerability Scanner") sw.locationCache = make(map[string][]location) - if report.ArtifactType == artifact.TypeContainerImage { + if report.ArtifactType == ftypes.TypeContainerImage { sw.run.Properties = sarif.Properties{ "imageName": report.ArtifactName, "repoTags": report.Metadata.RepoTags, diff --git a/pkg/report/sarif_test.go b/pkg/report/sarif_test.go index 729d20e9f2bf..cf3682b0097a 100644 --- a/pkg/report/sarif_test.go +++ b/pkg/report/sarif_test.go @@ -12,7 +12,6 @@ import ( dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" - "github.com/aquasecurity/trivy/pkg/fanal/artifact" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/report" "github.com/aquasecurity/trivy/pkg/types" @@ -28,7 +27,7 @@ func TestReportWriter_Sarif(t *testing.T) { name: "report with vulnerabilities", input: types.Report{ ArtifactName: "debian:9", - ArtifactType: artifact.TypeContainerImage, + ArtifactType: ftypes.TypeContainerImage, Metadata: types.Metadata{ ImageID: "sha256:7640c3f9e75002deb419d5e32738eeff82cf2b3edca3781b4fe1f1f626d11b20", RepoTags: []string{ diff --git a/pkg/report/writer.go b/pkg/report/writer.go index 6a7e83d4a093..023470ca9789 100644 --- a/pkg/report/writer.go +++ b/pkg/report/writer.go @@ -9,7 +9,7 @@ import ( "golang.org/x/xerrors" cr "github.com/aquasecurity/trivy/pkg/compliance/report" - "github.com/aquasecurity/trivy/pkg/fanal/artifact" + ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/flag" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/report/cyclonedx" @@ -88,7 +88,7 @@ func Write(ctx context.Context, report types.Report, option flag.Options) (err e } case types.FormatSarif: target := "" - if report.ArtifactType == artifact.TypeFilesystem { + if report.ArtifactType == ftypes.TypeFilesystem { target = option.Target } writer = &SarifWriter{ diff --git a/pkg/result/filter_test.go b/pkg/result/filter_test.go index 7d3015e6702a..d51f18d27054 100644 --- a/pkg/result/filter_test.go +++ b/pkg/result/filter_test.go @@ -10,7 +10,6 @@ import ( dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/clock" - "github.com/aquasecurity/trivy/pkg/fanal/artifact" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/result" "github.com/aquasecurity/trivy/pkg/types" @@ -250,7 +249,7 @@ func TestFilter(t *testing.T) { args: args{ report: types.Report{ ArtifactName: ".", - ArtifactType: artifact.TypeFilesystem, + ArtifactType: ftypes.TypeFilesystem, Results: types.Results{ types.Result{ Target: "gobinary", @@ -275,7 +274,7 @@ func TestFilter(t *testing.T) { }, want: types.Report{ ArtifactName: ".", - ArtifactType: artifact.TypeFilesystem, + ArtifactType: ftypes.TypeFilesystem, Results: types.Results{ types.Result{ Target: "gobinary", diff --git a/pkg/result/ignore_test.go b/pkg/result/ignore_test.go index 20d2b20878ac..3daf01532713 100644 --- a/pkg/result/ignore_test.go +++ b/pkg/result/ignore_test.go @@ -35,7 +35,7 @@ func TestParseIgnoreFile(t *testing.T) { t.Run("empty YAML file passed", func(t *testing.T) { f, err := os.CreateTemp(t.TempDir(), "TestParseIgnoreFile-*.yaml") require.NoError(t, err) - defer os.Remove(f.Name()) + defer f.Close() _, err = ParseIgnoreFile(t.Context(), f.Name()) require.NoError(t, err) @@ -44,8 +44,10 @@ func TestParseIgnoreFile(t *testing.T) { t.Run("invalid YAML file passed", func(t *testing.T) { f, err := os.CreateTemp(t.TempDir(), "TestParseIgnoreFile-*.yaml") require.NoError(t, err) - defer os.Remove(f.Name()) - _, _ = f.WriteString("this file is not a yaml file") + defer f.Close() + + _, err = f.WriteString("this file is not a yaml file") + require.NoError(t, err) got, err := ParseIgnoreFile(t.Context(), f.Name()) require.ErrorContains(t, err, "yaml decode error") @@ -55,8 +57,10 @@ func TestParseIgnoreFile(t *testing.T) { t.Run("invalid file passed", func(t *testing.T) { f, err := os.CreateTemp(t.TempDir(), "TestParseIgnoreFile-*") require.NoError(t, err) - defer os.Remove(f.Name()) - _, _ = f.WriteString("this file is not a valid trivyignore file") + defer f.Close() + + _, err = f.WriteString("this file is not a valid trivyignore file") + require.NoError(t, err) _, err = ParseIgnoreFile(t.Context(), f.Name()) require.NoError(t, err) // TODO(simar7): We don't verify correctness, should we? diff --git a/pkg/sbom/cyclonedx/marshal_test.go b/pkg/sbom/cyclonedx/marshal_test.go index 7324d8db4beb..e3c7afdd1239 100644 --- a/pkg/sbom/cyclonedx/marshal_test.go +++ b/pkg/sbom/cyclonedx/marshal_test.go @@ -14,7 +14,6 @@ import ( dtypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" "github.com/aquasecurity/trivy/pkg/clock" - "github.com/aquasecurity/trivy/pkg/fanal/artifact" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/report" "github.com/aquasecurity/trivy/pkg/sbom/core" @@ -90,7 +89,7 @@ func TestMarshaler_MarshalReport(t *testing.T) { inputReport: types.Report{ SchemaVersion: report.SchemaVersion, ArtifactName: "rails:latest", - ArtifactType: artifact.TypeContainerImage, + ArtifactType: ftypes.TypeContainerImage, Metadata: types.Metadata{ Size: 1024, OS: &ftypes.OS{ @@ -691,7 +690,7 @@ func TestMarshaler_MarshalReport(t *testing.T) { inputReport: types.Report{ SchemaVersion: report.SchemaVersion, ArtifactName: "centos:latest", - ArtifactType: artifact.TypeContainerImage, + ArtifactType: ftypes.TypeContainerImage, Metadata: types.Metadata{ Size: 1024, OS: &ftypes.OS{ @@ -1228,7 +1227,7 @@ func TestMarshaler_MarshalReport(t *testing.T) { inputReport: types.Report{ SchemaVersion: report.SchemaVersion, ArtifactName: "masahiro331/CVE-2021-41098", - ArtifactType: artifact.TypeFilesystem, + ArtifactType: ftypes.TypeFilesystem, Results: types.Results{ { Target: "Gemfile.lock", @@ -1447,7 +1446,7 @@ func TestMarshaler_MarshalReport(t *testing.T) { inputReport: types.Report{ SchemaVersion: report.SchemaVersion, ArtifactName: "./report.cdx.json", - ArtifactType: artifact.TypeCycloneDX, + ArtifactType: ftypes.TypeCycloneDX, Results: types.Results{ { Target: "Java", @@ -1633,7 +1632,7 @@ func TestMarshaler_MarshalReport(t *testing.T) { inputReport: types.Report{ SchemaVersion: report.SchemaVersion, ArtifactName: "CVE-2023-34468", - ArtifactType: artifact.TypeFilesystem, + ArtifactType: ftypes.TypeFilesystem, Results: types.Results{ { Target: "Java", @@ -1934,7 +1933,7 @@ func TestMarshaler_MarshalReport(t *testing.T) { inputReport: types.Report{ SchemaVersion: report.SchemaVersion, ArtifactName: "test-aggregate", - ArtifactType: artifact.TypeRepository, + ArtifactType: ftypes.TypeRepository, Results: types.Results{ { Target: "Node.js", @@ -2048,7 +2047,7 @@ func TestMarshaler_MarshalReport(t *testing.T) { inputReport: types.Report{ SchemaVersion: report.SchemaVersion, ArtifactName: "empty/path", - ArtifactType: artifact.TypeFilesystem, + ArtifactType: ftypes.TypeFilesystem, Results: types.Results{}, }, want: &cdx.BOM{ diff --git a/pkg/sbom/io/encode.go b/pkg/sbom/io/encode.go index 5c0f59afbb20..e80bb0571102 100644 --- a/pkg/sbom/io/encode.go +++ b/pkg/sbom/io/encode.go @@ -11,7 +11,6 @@ import ( "golang.org/x/xerrors" "github.com/aquasecurity/trivy/pkg/digest" - "github.com/aquasecurity/trivy/pkg/fanal/artifact" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/purl" "github.com/aquasecurity/trivy/pkg/sbom/core" @@ -71,7 +70,7 @@ func (e *Encoder) rootComponent(r types.Report) (*core.Component, error) { } switch r.ArtifactType { - case artifact.TypeContainerImage: + case ftypes.TypeContainerImage: root.Type = core.TypeContainerImage props = append(props, core.Property{ Name: core.PropertyImageID, @@ -95,13 +94,13 @@ func (e *Encoder) rootComponent(r types.Report) (*core.Component, error) { root.PkgIdentifier.PURL = p.Unwrap() } - case artifact.TypeVM: + case ftypes.TypeVM: root.Type = core.TypeVM - case artifact.TypeFilesystem: + case ftypes.TypeFilesystem: root.Type = core.TypeFilesystem - case artifact.TypeRepository: + case ftypes.TypeRepository: root.Type = core.TypeRepository - case artifact.TypeCycloneDX, artifact.TypeSPDX: + case ftypes.TypeCycloneDX, ftypes.TypeSPDX: // When we scan SBOM file // If SBOM file doesn't contain root component - use filesystem if r.BOM != nil && r.BOM.Root() != nil { diff --git a/pkg/sbom/io/encode_test.go b/pkg/sbom/io/encode_test.go index ad555e3d6df2..c89ead10e22f 100644 --- a/pkg/sbom/io/encode_test.go +++ b/pkg/sbom/io/encode_test.go @@ -9,7 +9,6 @@ import ( "github.com/stretchr/testify/require" dtypes "github.com/aquasecurity/trivy-db/pkg/types" - "github.com/aquasecurity/trivy/pkg/fanal/artifact" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/sbom/core" sbomio "github.com/aquasecurity/trivy/pkg/sbom/io" @@ -31,7 +30,7 @@ func TestEncoder_Encode(t *testing.T) { report: types.Report{ SchemaVersion: 2, ArtifactName: "debian:12", - ArtifactType: artifact.TypeContainerImage, + ArtifactType: ftypes.TypeContainerImage, Metadata: types.Metadata{ OS: &ftypes.OS{ Family: ftypes.Debian, @@ -595,7 +594,7 @@ func TestEncoder_Encode(t *testing.T) { report: types.Report{ SchemaVersion: 2, ArtifactName: "gobinary", - ArtifactType: artifact.TypeFilesystem, + ArtifactType: ftypes.TypeFilesystem, Results: []types.Result{ { Target: "test", @@ -843,7 +842,7 @@ func TestEncoder_Encode(t *testing.T) { report: types.Report{ SchemaVersion: 2, ArtifactName: "test", - ArtifactType: artifact.TypeFilesystem, + ArtifactType: ftypes.TypeFilesystem, Results: []types.Result{ { Target: "poetry.lock", @@ -1000,7 +999,7 @@ func TestEncoder_Encode(t *testing.T) { report: types.Report{ SchemaVersion: 2, ArtifactName: "report.cdx.json", - ArtifactType: artifact.TypeCycloneDX, + ArtifactType: ftypes.TypeCycloneDX, Results: []types.Result{ { Target: "Java", @@ -1047,7 +1046,7 @@ func TestEncoder_Encode(t *testing.T) { report: types.Report{ SchemaVersion: 2, ArtifactName: "report.cdx.json", - ArtifactType: artifact.TypeCycloneDX, + ArtifactType: ftypes.TypeCycloneDX, Results: []types.Result{ { Target: "Java", @@ -1094,7 +1093,7 @@ func TestEncoder_Encode(t *testing.T) { report: types.Report{ SchemaVersion: 2, ArtifactName: "pom.xml", - ArtifactType: artifact.TypeFilesystem, + ArtifactType: ftypes.TypeFilesystem, Results: []types.Result{ { Target: "pom.xml", @@ -1454,7 +1453,7 @@ func TestEncoder_Encode(t *testing.T) { report: types.Report{ SchemaVersion: 2, ArtifactName: "report.cdx.json", - ArtifactType: artifact.TypeCycloneDX, + ArtifactType: ftypes.TypeCycloneDX, Results: []types.Result{ { Target: "Java", @@ -1500,7 +1499,7 @@ func TestEncoder_Encode(t *testing.T) { report: types.Report{ SchemaVersion: 2, ArtifactName: "debian:12", - ArtifactType: artifact.TypeContainerImage, + ArtifactType: ftypes.TypeContainerImage, Metadata: types.Metadata{ OS: &ftypes.OS{ Family: ftypes.Debian, diff --git a/pkg/sbom/spdx/marshal_test.go b/pkg/sbom/spdx/marshal_test.go index 04236012e702..3a7a6dd8ce04 100644 --- a/pkg/sbom/spdx/marshal_test.go +++ b/pkg/sbom/spdx/marshal_test.go @@ -15,7 +15,6 @@ import ( "github.com/stretchr/testify/require" "github.com/aquasecurity/trivy/pkg/clock" - "github.com/aquasecurity/trivy/pkg/fanal/artifact" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/report" "github.com/aquasecurity/trivy/pkg/sbom/core" @@ -49,7 +48,7 @@ func TestMarshaler_Marshal(t *testing.T) { inputReport: types.Report{ SchemaVersion: report.SchemaVersion, ArtifactName: "rails:latest", - ArtifactType: artifact.TypeContainerImage, + ArtifactType: ftypes.TypeContainerImage, Metadata: types.Metadata{ Size: 1024, OS: &ftypes.OS{ @@ -383,7 +382,7 @@ func TestMarshaler_Marshal(t *testing.T) { inputReport: types.Report{ SchemaVersion: report.SchemaVersion, ArtifactName: "centos:latest", - ArtifactType: artifact.TypeContainerImage, + ArtifactType: ftypes.TypeContainerImage, Metadata: types.Metadata{ Size: 1024, OS: &ftypes.OS{ @@ -677,7 +676,7 @@ func TestMarshaler_Marshal(t *testing.T) { inputReport: types.Report{ SchemaVersion: report.SchemaVersion, ArtifactName: "masahiro331/CVE-2021-41098", - ArtifactType: artifact.TypeFilesystem, + ArtifactType: ftypes.TypeFilesystem, Results: types.Results{ { Target: "Gemfile.lock", @@ -846,7 +845,7 @@ func TestMarshaler_Marshal(t *testing.T) { inputReport: types.Report{ SchemaVersion: report.SchemaVersion, ArtifactName: "pom.xml", - ArtifactType: artifact.TypeFilesystem, + ArtifactType: ftypes.TypeFilesystem, Results: types.Results{ { Target: "pom.xml", @@ -988,7 +987,7 @@ func TestMarshaler_Marshal(t *testing.T) { inputReport: types.Report{ SchemaVersion: report.SchemaVersion, ArtifactName: "log4j-core-2.17.0.jar", - ArtifactType: artifact.TypeFilesystem, + ArtifactType: ftypes.TypeFilesystem, Results: types.Results{ { Target: "Java", @@ -1094,7 +1093,7 @@ func TestMarshaler_Marshal(t *testing.T) { inputReport: types.Report{ SchemaVersion: report.SchemaVersion, ArtifactName: "http://test-aggregate", - ArtifactType: artifact.TypeRepository, + ArtifactType: ftypes.TypeRepository, Results: types.Results{ { Target: "Node.js", @@ -1213,7 +1212,7 @@ func TestMarshaler_Marshal(t *testing.T) { inputReport: types.Report{ SchemaVersion: report.SchemaVersion, ArtifactName: "empty/path", - ArtifactType: artifact.TypeFilesystem, + ArtifactType: ftypes.TypeFilesystem, Results: types.Results{}, }, wantSBOM: &spdx.Document{ @@ -1261,7 +1260,7 @@ func TestMarshaler_Marshal(t *testing.T) { inputReport: types.Report{ SchemaVersion: report.SchemaVersion, ArtifactName: "secret", - ArtifactType: artifact.TypeFilesystem, + ArtifactType: ftypes.TypeFilesystem, Results: types.Results{ { Target: "key.pem", @@ -1323,7 +1322,7 @@ func TestMarshaler_Marshal(t *testing.T) { inputReport: types.Report{ SchemaVersion: report.SchemaVersion, ArtifactName: "go-artifact", - ArtifactType: artifact.TypeFilesystem, + ArtifactType: ftypes.TypeFilesystem, Results: types.Results{ { Target: "/usr/local/bin/test", diff --git a/pkg/scanner/scan_test.go b/pkg/scanner/scan_test.go index 216b0339acdb..c8f092aed387 100644 --- a/pkg/scanner/scan_test.go +++ b/pkg/scanner/scan_test.go @@ -54,7 +54,7 @@ func TestScanner_ScanArtifact(t *testing.T) { SchemaVersion: 2, CreatedAt: time.Date(2021, 8, 25, 12, 20, 30, 5, time.UTC), ArtifactName: "../fanal/test/testdata/alpine-311.tar.gz", - ArtifactType: artifact.TypeContainerImage, + ArtifactType: ftypes.TypeContainerImage, Metadata: tTypes.Metadata{ OS: &ftypes.OS{ Family: "alpine", diff --git a/pkg/types/report.go b/pkg/types/report.go index 3ba97171ca4c..588279096701 100644 --- a/pkg/types/report.go +++ b/pkg/types/report.go @@ -5,19 +5,18 @@ import ( v1 "github.com/google/go-containerregistry/pkg/v1" // nolint: goimports - "github.com/aquasecurity/trivy/pkg/fanal/artifact" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/sbom/core" ) // Report represents a scan result type Report struct { - SchemaVersion int `json:",omitempty"` - CreatedAt time.Time `json:",omitempty"` - ArtifactName string `json:",omitempty"` - ArtifactType artifact.Type `json:",omitempty"` - Metadata Metadata `json:",omitempty"` - Results Results `json:",omitempty"` + SchemaVersion int `json:",omitempty"` + CreatedAt time.Time `json:",omitempty"` + ArtifactName string `json:",omitempty"` + ArtifactType ftypes.ArtifactType `json:",omitempty"` + Metadata Metadata `json:",omitempty"` + Results Results `json:",omitempty"` // parsed SBOM BOM *core.BOM `json:"-"` // Just for internal usage, not exported in JSON diff --git a/pkg/utils/fsutils/fs_test.go b/pkg/utils/fsutils/fs_test.go index f3727de99f7f..0b6133394b23 100644 --- a/pkg/utils/fsutils/fs_test.go +++ b/pkg/utils/fsutils/fs_test.go @@ -36,6 +36,7 @@ func TestCopyFile(t *testing.T) { _, err = s.Write(tt.content) require.NoError(t, err, tt.name) src = s.Name() + require.NoError(t, s.Close()) } dst := tt.args.dst diff --git a/pkg/uuid/uuid.go b/pkg/uuid/uuid.go index 3e3ad456a805..37cf99e04605 100644 --- a/pkg/uuid/uuid.go +++ b/pkg/uuid/uuid.go @@ -1,5 +1,3 @@ -//go:build !tinygo.wasm - package uuid import ( diff --git a/pkg/uuid/uuid_tinygo.go b/pkg/uuid/uuid_tinygo.go deleted file mode 100644 index fe328cea9282..000000000000 --- a/pkg/uuid/uuid_tinygo.go +++ /dev/null @@ -1,13 +0,0 @@ -//go:build tinygo.wasm - -package uuid - -// TinyGo doesn't work with github.com/google/uuid - -type UUID string - -func (UUID) String() string { return "" } - -const Nil = "" - -func New() UUID { return "" } diff --git a/pkg/vex/document.go b/pkg/vex/document.go index 3b3d7e329906..13cf37ab3a7c 100644 --- a/pkg/vex/document.go +++ b/pkg/vex/document.go @@ -11,7 +11,7 @@ import ( "github.com/sirupsen/logrus" "golang.org/x/xerrors" - "github.com/aquasecurity/trivy/pkg/fanal/artifact" + ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/sbom" "github.com/aquasecurity/trivy/pkg/sbom/cyclonedx" "github.com/aquasecurity/trivy/pkg/types" @@ -70,7 +70,7 @@ func decodeCycloneDXJSON(r io.ReadSeeker, report *types.Report) (*CycloneDX, err if err != nil { return nil, xerrors.Errorf("json decode error: %w", err) } - if report.ArtifactType != artifact.TypeCycloneDX { + if report.ArtifactType != ftypes.TypeCycloneDX { return nil, xerrors.New("CycloneDX VEX can be used with CycloneDX SBOM") } return newCycloneDX(report.BOM, vex), nil diff --git a/pkg/vex/oci.go b/pkg/vex/oci.go index 17b827fe4fbd..9640339b3c86 100644 --- a/pkg/vex/oci.go +++ b/pkg/vex/oci.go @@ -6,7 +6,6 @@ import ( "github.com/openvex/discovery/pkg/discovery" "golang.org/x/xerrors" - "github.com/aquasecurity/trivy/pkg/fanal/artifact" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/purl" @@ -16,7 +15,7 @@ import ( type OCI struct{} func NewOCI(report *types.Report) (*OpenVEX, error) { - if report.ArtifactType != artifact.TypeContainerImage || len(report.Metadata.RepoDigests) == 0 { + if report.ArtifactType != ftypes.TypeContainerImage || len(report.Metadata.RepoDigests) == 0 { return nil, xerrors.New("'--vex oci' can be used only when scanning OCI artifacts stored in registries") } diff --git a/pkg/vex/sbomref.go b/pkg/vex/sbomref.go index 832e82e386de..098f1d7261b0 100644 --- a/pkg/vex/sbomref.go +++ b/pkg/vex/sbomref.go @@ -10,7 +10,7 @@ import ( "github.com/samber/lo" "golang.org/x/xerrors" - "github.com/aquasecurity/trivy/pkg/fanal/artifact" + ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/sbom/core" "github.com/aquasecurity/trivy/pkg/types" @@ -21,7 +21,7 @@ type SBOMReferenceSet struct { } func NewSBOMReferenceSet(report *types.Report) (*SBOMReferenceSet, error) { - if report.ArtifactType != artifact.TypeCycloneDX { + if report.ArtifactType != ftypes.TypeCycloneDX { return nil, xerrors.Errorf("externalReferences can only be used when scanning CycloneDX SBOMs: %w", report.ArtifactType) } diff --git a/pkg/vex/sbomref_test.go b/pkg/vex/sbomref_test.go index e93662b6a378..582d95072c54 100644 --- a/pkg/vex/sbomref_test.go +++ b/pkg/vex/sbomref_test.go @@ -10,7 +10,7 @@ import ( "github.com/samber/lo" "github.com/stretchr/testify/require" - "github.com/aquasecurity/trivy/pkg/fanal/artifact" + ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/sbom/core" "github.com/aquasecurity/trivy/pkg/types" "github.com/aquasecurity/trivy/pkg/vex" @@ -53,20 +53,22 @@ func setUpServer(t *testing.T) *httptest.Server { func setupTestReport(s *httptest.Server, path string) *types.Report { r := types.Report{ - ArtifactType: artifact.TypeCycloneDX, + ArtifactType: ftypes.TypeCycloneDX, BOM: &core.BOM{}, } - r.BOM.AddExternalReferences([]core.ExternalReference{{ - URL: s.URL + path, - Type: core.ExternalReferenceVEX, - }}) + r.BOM.AddExternalReferences([]core.ExternalReference{ + { + URL: s.URL + path, + Type: core.ExternalReferenceVEX, + }, + }) return &r } func setupEmptyTestReport() *types.Report { r := types.Report{ - ArtifactType: artifact.TypeCycloneDX, + ArtifactType: ftypes.TypeCycloneDX, BOM: &core.BOM{}, } return &r diff --git a/pkg/vex/vex_test.go b/pkg/vex/vex_test.go index 71967869828e..e85c270f8635 100644 --- a/pkg/vex/vex_test.go +++ b/pkg/vex/vex_test.go @@ -13,7 +13,6 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/aquasecurity/trivy/pkg/fanal/artifact" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/sbom/core" @@ -329,7 +328,7 @@ func TestFilter(t *testing.T) { name: "CycloneDX SBOM with CycloneDX VEX", args: args{ report: &types.Report{ - ArtifactType: artifact.TypeCycloneDX, + ArtifactType: ftypes.TypeCycloneDX, BOM: &core.BOM{ SerialNumber: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", Version: 1, @@ -350,7 +349,7 @@ func TestFilter(t *testing.T) { }, }, want: &types.Report{ - ArtifactType: artifact.TypeCycloneDX, + ArtifactType: ftypes.TypeCycloneDX, BOM: &core.BOM{ SerialNumber: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", Version: 1, @@ -367,7 +366,7 @@ func TestFilter(t *testing.T) { name: "CycloneDX VEX wrong URN", args: args{ report: &types.Report{ - ArtifactType: artifact.TypeCycloneDX, + ArtifactType: ftypes.TypeCycloneDX, BOM: &core.BOM{ SerialNumber: "urn:uuid:wrong", Version: 1, @@ -388,7 +387,7 @@ func TestFilter(t *testing.T) { }, }, want: &types.Report{ - ArtifactType: artifact.TypeCycloneDX, + ArtifactType: ftypes.TypeCycloneDX, BOM: &core.BOM{ SerialNumber: "urn:uuid:wrong", Version: 1, @@ -580,7 +579,7 @@ repositories: func imageReport(results types.Results) *types.Report { return &types.Report{ ArtifactName: "debian:12", - ArtifactType: artifact.TypeContainerImage, + ArtifactType: ftypes.TypeContainerImage, Metadata: types.Metadata{ RepoDigests: []string{ "debian@sha256:4482958b4461ff7d9fabc24b3a9ab1e9a2c85ece07b2db1840c7cbc01d053e90", @@ -621,7 +620,7 @@ func ociPURLString(ts *httptest.Server, d v1.Hash) string { func fsReport(results types.Results) *types.Report { return &types.Report{ ArtifactName: ".", - ArtifactType: artifact.TypeFilesystem, + ArtifactType: ftypes.TypeFilesystem, Results: results, } }