Replace uses of *zip.ReadCloser with *zip.Reader when Close is not used (#992)

Author: RTann

cmd/updater/common/dump_utils.go

@@ -19,7 +19,7 @@ func OpenGenesisDumpAndExtractManifest(zipPath string) (*zip.ReadCloser, *vulndu
 	if err != nil {
 		return nil, nil, errors.Wrap(err, "opening zip")
 	}
-	manifest, err := vulndump.LoadManifestFromDump(zipR)
+	manifest, err := vulndump.LoadManifestFromDump(&zipR.Reader)
 	if err != nil {
 		return nil, nil, err
 	}

cmd/updater/diffdumps/cmd.go

@@ -113,15 +113,15 @@ func generateIstioDiff(outputDir string, baseF, headF *zip.File) error {
 	return nil
 }
 
-func generateK8sDiffs(outputDir string, baseZipR *zip.ReadCloser, headZipR *zip.ReadCloser) error {
+func generateK8sDiffs(outputDir string, baseZipR, headZipR *zip.Reader) error {
 	return generateDiffsHelper(outputDir, baseZipR, headZipR, vulndump.K8sDirName, generateK8sDiff)
 }
 
-func generateIstioDiffs(outputDir string, baseZipR *zip.ReadCloser, headZipR *zip.ReadCloser) error {
+func generateIstioDiffs(outputDir string, baseZipR, headZipR *zip.Reader) error {
 	return generateDiffsHelper(outputDir, baseZipR, headZipR, vulndump.IstioDirName, generateIstioDiff)
 }
 
-func generateDiffsHelper(outputDir string, baseZipR *zip.ReadCloser, headZipR *zip.ReadCloser, dirName string, generateDiffs generateDiffFunc) error {
+func generateDiffsHelper(outputDir string, baseZipR, headZipR *zip.Reader, dirName string, generateDiffs generateDiffFunc) error {
 	subDir := filepath.Join(outputDir, dirName)
 	if err := os.MkdirAll(subDir, 0755); err != nil {
 		return errors.Wrap(err, "creating subdir for Kubernetes")
@@ -198,7 +198,7 @@ func generateNVDDiff(outputDir string, baseLastModifiedTime time.Time, headF *zi
 	return nil
 }
 
-func generateNVDDiffs(outputDir string, baseLastModifiedTime time.Time, headZipR *zip.ReadCloser) error {
+func generateNVDDiffs(outputDir string, baseLastModifiedTime time.Time, headZipR *zip.Reader) error {
 	nvdSubDir := filepath.Join(outputDir, vulndump.NVDDirName)
 	if err := os.MkdirAll(nvdSubDir, 0755); err != nil {
 		return errors.Wrap(err, "creating subdir for NVD")
@@ -321,7 +321,7 @@ func updateAlpineLink(cfg config, vuln *database.Vulnerability) {
 	}
 }
 
-func generateOSVulnsDiff(outputDir string, baseZipR, headZipR *zip.ReadCloser, cfg config) error {
+func generateOSVulnsDiff(outputDir string, baseZipR, headZipR *zip.Reader, cfg config) error {
 	baseVulns, err := vulndump.LoadOSVulnsFromDump(baseZipR)
 	if err != nil {
 		return errors.Wrap(err, "loading OS vulns from base dump")
@@ -436,6 +436,7 @@ func Command() *cobra.Command {
 		if err != nil {
 			return errors.Wrap(err, "loading head dump")
 		}
+		defer utils.IgnoreError(headZipR.Close)
 
 		// Intentionally return an error even in the equal case, they are only going to be equal if two dumps are literally
 		// exactly the same, and that's probably a mistake by the invoker of the program.
@@ -456,7 +457,7 @@ func Command() *cobra.Command {
 			log.Info("Skipping Kubernetes diff")
 		} else {
 			log.Info("Generating Kubernetes diff...")
-			if err := generateK8sDiffs(stagingDir, baseZipR, headZipR); err != nil {
+			if err := generateK8sDiffs(stagingDir, &baseZipR.Reader, &headZipR.Reader); err != nil {
 				return errors.Wrap(err, "creating Kubernetes diff")
 			}
 			log.Info("Done generating Kubernetes diff")
@@ -466,20 +467,20 @@ func Command() *cobra.Command {
 			log.Info("Skipping Istio diff")
 		} else {
 			log.Info("Generating Istio diff...")
-			if err := generateIstioDiffs(stagingDir, baseZipR, headZipR); err != nil {
+			if err := generateIstioDiffs(stagingDir, &baseZipR.Reader, &headZipR.Reader); err != nil {
 				return errors.Wrap(err, "creating Istio diff")
 			}
 			log.Info("Done generating Isio diff")
 		}
 
 		log.Info("Generating NVD diff...")
-		if err := generateNVDDiffs(stagingDir, baseManifest.Until, headZipR); err != nil {
+		if err := generateNVDDiffs(stagingDir, baseManifest.Until, &headZipR.Reader); err != nil {
 			return errors.Wrap(err, "creating NVD diff")
 		}
 		log.Info("Done generating NVD diff")
 
 		log.Info("Generating OS vulns diff...")
-		if err := generateOSVulnsDiff(stagingDir, baseZipR, headZipR, cfg); err != nil {
+		if err := generateOSVulnsDiff(stagingDir, &baseZipR.Reader, &headZipR.Reader, cfg); err != nil {
 			return errors.Wrap(err, "creating OS vulns diff")
 		}
 		log.Info("Generated OS vulns diff")
@@ -488,7 +489,7 @@ func Command() *cobra.Command {
 			log.Info("Skipping RHELv2 diff")
 		} else {
 			log.Info("Generating RHELv2 vulns diff")
-			if err := generateRHELv2VulnsDiff(cfg, stagingDir, baseManifest.Until, baseZipR, headZipR); err != nil {
+			if err := generateRHELv2VulnsDiff(cfg, stagingDir, baseManifest.Until, &baseZipR.Reader, &headZipR.Reader); err != nil {
 				return errors.Wrap(err, "creating RHELv2 vulns diff")
 			}
 			log.Info("Generated RHELv2 vulns diff")

cmd/updater/diffdumps/rhelv2_diff.go

@@ -153,7 +153,7 @@ func generateRHELv2Diff(cfg config, outputDir string, baseLastModifiedTime time.
 	return nil
 }
 
-func generateRHELv2VulnsDiff(cfg config, outputDir string, baseLastModifiedTime time.Time, baseZipR, headZipR *zip.ReadCloser) error {
+func generateRHELv2VulnsDiff(cfg config, outputDir string, baseLastModifiedTime time.Time, baseZipR, headZipR *zip.Reader) error {
 	rhelv2VulnsSubDir := filepath.Join(outputDir, vulndump.RHELv2DirName, vulndump.RHELv2VulnsSubDirName)
 	if err := os.MkdirAll(rhelv2VulnsSubDir, 0755); err != nil {
 		return errors.Wrap(err, "creating subdir for RHELv2")

cmd/updater/printstats/cmd.go

@@ -23,7 +23,7 @@ func Command() *cobra.Command {
 				return errors.Wrap(err, "loading dump")
 			}
 			defer utils.IgnoreError(zipR.Close)
-			vulns, err := vulndump.LoadOSVulnsFromDump(zipR)
+			vulns, err := vulndump.LoadOSVulnsFromDump(&zipR.Reader)
 			if err != nil {
 				return errors.Wrap(err, "loading os vulns from dump")
 			}

cpe/nvdtoolscache/db.go

@@ -56,6 +56,8 @@ func New() (Cache, error) {
 	return newWithDB(db), nil
 }
 
+var _ Cache = (*cacheImpl)(nil)
+
 type cacheImpl struct {
 	*bbolt.DB
 

cpe/nvdtoolscache/load.go

@@ -40,7 +40,7 @@ func (c *cacheImpl) LoadFromDirectory(definitionsDir string) error {
 	return nil
 }
 
-func (c *cacheImpl) LoadFromZip(zipR *zip.ReadCloser, definitionsDir string) error {
+func (c *cacheImpl) LoadFromZip(zipR *zip.Reader, definitionsDir string) error {
 	log.WithField("dir", definitionsDir).Info("Loading definitions directory")
 
 	readers, err := ziputil.OpenFilesInDir(zipR, definitionsDir, ".json")

k8s/cache/db.go

@@ -9,6 +9,8 @@ import (
 	"github.com/stackrox/scanner/pkg/vulndump"
 )
 
+var _ Cache = (*cacheImpl)(nil)
+
 type cacheImpl struct {
 	cacheRWLock sync.RWMutex
 	// The expectation is that the number of Kubernetes vulns is rather low (100 or fewer).

k8s/cache/load.go

@@ -54,7 +54,7 @@ func (c *cacheImpl) LoadFromDirectory(definitionsDir string) error {
 	return nil
 }
 
-func (c *cacheImpl) LoadFromZip(zipR *zip.ReadCloser, definitionsDir string) error {
+func (c *cacheImpl) LoadFromZip(zipR *zip.Reader, definitionsDir string) error {
 	log.WithField("dir", definitionsDir).Info("Loading definitions directory")
 
 	rs, err := ziputil.OpenFilesInDir(zipR, definitionsDir, ".yaml")

pkg/cache/cache.go

@@ -9,7 +9,7 @@ import (
 type Cache interface {
 	Dir() string
 	LoadFromDirectory(definitionsDir string) error
-	LoadFromZip(zipR *zip.ReadCloser, definitionsDir string) error
+	LoadFromZip(zipR *zip.Reader, definitionsDir string) error
 	GetLastUpdate() time.Time
 	SetLastUpdate(t time.Time)
 }

pkg/repo2cpe/mapping.go

@@ -71,7 +71,7 @@ func (m *Mapping) LoadFile(path string) error {
 }
 
 // LoadFromZip reads the repo-to-cpe file in the given directory from the given zip reader.
-func (m *Mapping) LoadFromZip(zipR *zip.ReadCloser, dir string) error {
+func (m *Mapping) LoadFromZip(zipR *zip.Reader, dir string) error {
 	path := filepath.Join(dir, RHELv2CPERepoName)
 	r, err := ziputil.OpenFile(zipR, path)
 	if err != nil {

pkg/vulndump/loader.go

@@ -30,8 +30,7 @@ var (
 	updateLockName = "update"
 )
 
-func validateAndLoadManifest(f io.ReadCloser) (*Manifest, error) {
-	defer utils.IgnoreError(f.Close)
+func validateAndLoadManifest(f io.Reader) (*Manifest, error) {
 	var m Manifest
 	err := json.NewDecoder(f).Decode(&m)
 	if err != nil {
@@ -89,11 +88,13 @@ func determineWhetherToUpdate(db database.Datastore, manifest *Manifest) (bool,
 }
 
 // LoadManifestFromDump validates and loads the manifest from the given zip file.
-func LoadManifestFromDump(zipR *zip.ReadCloser) (*Manifest, error) {
+func LoadManifestFromDump(zipR *zip.Reader) (*Manifest, error) {
 	manifestFile, err := ziputil.OpenFile(zipR, ManifestFileName)
 	if err != nil {
 		return nil, errors.Wrap(err, "opening manifest file")
 	}
+	defer utils.IgnoreError(manifestFile.Close)
+
 	manifest, err := validateAndLoadManifest(manifestFile)
 	if err != nil {
 		return nil, errors.Wrap(err, "loading/validating manifest")
@@ -102,7 +103,7 @@ func LoadManifestFromDump(zipR *zip.ReadCloser) (*Manifest, error) {
 }
 
 // LoadOSVulnsFromDump loads the os vulns file from the dump into an in-memory slice.
-func LoadOSVulnsFromDump(zipR *zip.ReadCloser) ([]database.Vulnerability, error) {
+func LoadOSVulnsFromDump(zipR *zip.Reader) ([]database.Vulnerability, error) {
 	osVulnsFile, err := ziputil.OpenFile(zipR, OSVulnsFileName)
 	if err != nil {
 		return nil, errors.Wrap(err, "opening OS vulns file")
@@ -185,7 +186,7 @@ func startVulnLoad(manifest *Manifest, db database.Datastore, updateInterval tim
 	}, nil
 }
 
-func loadOSVulns(zipR *zip.ReadCloser, db database.Datastore) error {
+func loadOSVulns(zipR *zip.Reader, db database.Datastore) error {
 	log.Info("Loading OS vulns...")
 	osVulns, err := LoadOSVulnsFromDump(zipR)
 	if err != nil {
@@ -200,7 +201,7 @@ func loadOSVulns(zipR *zip.ReadCloser, db database.Datastore) error {
 	return nil
 }
 
-func loadRHELv2Vulns(db database.Datastore, zipR *zip.ReadCloser, repoToCPE *repo2cpe.Mapping) error {
+func loadRHELv2Vulns(db database.Datastore, zipR *zip.Reader, repoToCPE *repo2cpe.Mapping) error {
 	log.Info("Loading RHELv2 vulns...")
 	if repoToCPE != nil {
 		if err := repoToCPE.LoadFromZip(zipR, RHELv2DirName); err != nil {
@@ -245,7 +246,7 @@ func insertRHELv2Vulns(db database.Datastore, r *ziputil.ReadCloser) error {
 
 // This loads application-level vulnerabilities.
 // At the moment, this consists of vulnerabilities from NVD and K8s.
-func loadApplicationUpdater(cache cache.Cache, manifest *Manifest, zipR *zip.ReadCloser) error {
+func loadApplicationUpdater(cache cache.Cache, manifest *Manifest, zipR *zip.Reader) error {
 	if cache != nil {
 		updateTime := cache.GetLastUpdate()
 		if !updateTime.IsZero() && !manifest.Until.After(updateTime) {
@@ -275,7 +276,7 @@ func UpdateFromVulnDump(zipPath string, db database.Datastore, updateInterval ti
 	defer utils.IgnoreError(zipR.Close)
 
 	log.Info("Loading manifest...")
-	manifest, err := LoadManifestFromDump(zipR)
+	manifest, err := LoadManifestFromDump(&zipR.Reader)
 	if err != nil {
 		return err
 	}
@@ -287,12 +288,12 @@ func UpdateFromVulnDump(zipPath string, db database.Datastore, updateInterval ti
 			return errors.Wrap(err, "error beginning vuln loading")
 		}
 		if performUpdate {
-			if err := loadRHELv2Vulns(db, zipR, repoToCPE); err != nil {
+			if err := loadRHELv2Vulns(db, &zipR.Reader, repoToCPE); err != nil {
 				_ = finishFn(err)
 				return errors.Wrap(err, "error loading RHEL vulns")
 			}
 
-			if err := loadOSVulns(zipR, db); err != nil {
+			if err := loadOSVulns(&zipR.Reader, db); err != nil {
 				_ = finishFn(err)
 				return errors.Wrap(err, "error loading OS vulns")
 			}
@@ -305,7 +306,7 @@ func UpdateFromVulnDump(zipPath string, db database.Datastore, updateInterval ti
 
 	errorList := errorhelpers.NewErrorList("loading application-level caches")
 	for _, appCache := range caches {
-		if err := loadApplicationUpdater(appCache, manifest, zipR); err != nil {
+		if err := loadApplicationUpdater(appCache, manifest, &zipR.Reader); err != nil {
 			errorList.AddError(errors.Wrapf(err, "error loading into in-mem cache %q", appCache.Dir()))
 		}
 	}

pkg/ziputil/open.go

@@ -18,7 +18,7 @@ type ReadCloser struct {
 // OpenFile opens the given file in the zip, and returns the ReadCloser.
 // It returns an error if the file was not found, or if there was an error opening
 // the file.
-func OpenFile(zipR *zip.ReadCloser, name string) (*ReadCloser, error) {
+func OpenFile(zipR *zip.Reader, name string) (*ReadCloser, error) {
 	for _, file := range zipR.File {
 		if file.Name == name {
 			f, err := file.Open()
@@ -37,7 +37,7 @@ func OpenFile(zipR *zip.ReadCloser, name string) (*ReadCloser, error) {
 
 // OpenFilesInDir opens the files with the given suffix which are in the given dir.
 // It returns an error if any of the files cannot be opened.
-func OpenFilesInDir(zipR *zip.ReadCloser, dir string, suffix string) ([]*ReadCloser, error) {
+func OpenFilesInDir(zipR *zip.Reader, dir string, suffix string) ([]*ReadCloser, error) {
 	var rs []*ReadCloser
 	for _, file := range zipR.File {
 		if within(dir, file.Name) && strings.HasSuffix(file.Name, suffix) {

pkg/ziputil/open_test.go

@@ -25,7 +25,7 @@ func TestOpenFile(t *testing.T) {
 	defer utils.IgnoreError(zipR.Close)
 
 	m := repo2cpe.NewMapping()
-	assert.NoError(t, m.LoadFromZip(zipR, "rhelv2"))
+	assert.NoError(t, m.LoadFromZip(&zipR.Reader, "rhelv2"))
 }
 
 func TestOpenFilesInDir(t *testing.T) {
@@ -36,7 +36,7 @@ func TestOpenFilesInDir(t *testing.T) {
 	require.NoError(t, err)
 	defer utils.IgnoreError(zipR.Close)
 
-	rcs, err := ziputil.OpenFilesInDir(zipR, "rhelv2/vulns", ".json")
+	rcs, err := ziputil.OpenFilesInDir(&zipR.Reader, "rhelv2/vulns", ".json")
 	assert.NoError(t, err)
 	assert.Len(t, rcs, 1)