Skip to content

Commit

Permalink
refactor: move artifact types under artifact package to avoid import …
Browse files Browse the repository at this point in the history
…cycles (#6652)

Signed-off-by: knqyf263 <[email protected]>
  • Loading branch information
knqyf263 authored May 9, 2024
1 parent 357c358 commit 6a72dd4
Show file tree
Hide file tree
Showing 46 changed files with 629 additions and 625 deletions.
9 changes: 5 additions & 4 deletions integration/repo_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,13 @@ package integration

import (
"fmt"
"github.com/stretchr/testify/assert"
"os"
"strings"
"testing"

ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/stretchr/testify/assert"

"github.com/aquasecurity/trivy/pkg/fanal/artifact"
"github.com/aquasecurity/trivy/pkg/types"
)

Expand Down Expand Up @@ -379,7 +380,7 @@ func TestRepository(t *testing.T) {
},
golden: "testdata/gomod-skip.json.golden",
override: func(_ *testing.T, want, _ *types.Report) {
want.ArtifactType = ftypes.ArtifactFilesystem
want.ArtifactType = artifact.TypeFilesystem
},
},
{
Expand All @@ -393,7 +394,7 @@ func TestRepository(t *testing.T) {
},
golden: "testdata/dockerfile-custom-policies.json.golden",
override: func(_ *testing.T, want, got *types.Report) {
want.ArtifactType = ftypes.ArtifactFilesystem
want.ArtifactType = artifact.TypeFilesystem
},
},
}
Expand Down
10 changes: 5 additions & 5 deletions integration/sbom_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import (
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"

ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/fanal/artifact"
"github.com/aquasecurity/trivy/pkg/types"
)

Expand All @@ -37,7 +37,7 @@ func TestSBOM(t *testing.T) {
golden: "testdata/centos-7.json.golden",
override: func(t *testing.T, want, got *types.Report) {
want.ArtifactName = "testdata/fixtures/sbom/centos-7-cyclonedx.json"
want.ArtifactType = ftypes.ArtifactCycloneDX
want.ArtifactType = artifact.TypeCycloneDX

require.Len(t, got.Results, 1)
want.Results[0].Target = "testdata/fixtures/sbom/centos-7-cyclonedx.json (centos 7.6.1810)"
Expand Down Expand Up @@ -76,7 +76,7 @@ func TestSBOM(t *testing.T) {
golden: "testdata/centos-7.json.golden",
override: func(t *testing.T, want, got *types.Report) {
want.ArtifactName = "testdata/fixtures/sbom/centos-7-cyclonedx.intoto.jsonl"
want.ArtifactType = ftypes.ArtifactCycloneDX
want.ArtifactType = artifact.TypeCycloneDX

require.Len(t, got.Results, 1)
want.Results[0].Target = "testdata/fixtures/sbom/centos-7-cyclonedx.intoto.jsonl (centos 7.6.1810)"
Expand All @@ -97,7 +97,7 @@ func TestSBOM(t *testing.T) {
golden: "testdata/centos-7.json.golden",
override: func(t *testing.T, want, got *types.Report) {
want.ArtifactName = "testdata/fixtures/sbom/centos-7-spdx.txt"
want.ArtifactType = ftypes.ArtifactSPDX
want.ArtifactType = artifact.TypeSPDX

require.Len(t, got.Results, 1)
want.Results[0].Target = "testdata/fixtures/sbom/centos-7-spdx.txt (centos 7.6.1810)"
Expand All @@ -113,7 +113,7 @@ func TestSBOM(t *testing.T) {
golden: "testdata/centos-7.json.golden",
override: func(t *testing.T, want, got *types.Report) {
want.ArtifactName = "testdata/fixtures/sbom/centos-7-spdx.json"
want.ArtifactType = ftypes.ArtifactSPDX
want.ArtifactType = artifact.TypeSPDX

require.Len(t, got.Results, 1)
want.Results[0].Target = "testdata/fixtures/sbom/centos-7-spdx.json (centos 7.6.1810)"
Expand Down
16 changes: 8 additions & 8 deletions integration/testdata/conda-spdx.json.golden
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
"packages": [
{
"name": "openssl",
"SPDXID": "SPDXRef-Package-b8061a5279413d55",
"SPDXID": "SPDXRef-Package-32b6b37a6fa2e57f",
"versionInfo": "1.1.1q",
"supplier": "NOASSERTION",
"downloadLocation": "NONE",
Expand All @@ -38,7 +38,7 @@
},
{
"name": "pip",
"SPDXID": "SPDXRef-Package-84198b3828050c11",
"SPDXID": "SPDXRef-Package-e260029d0b6fd07b",
"versionInfo": "22.2.2",
"supplier": "NOASSERTION",
"downloadLocation": "NONE",
Expand Down Expand Up @@ -103,22 +103,22 @@
},
{
"spdxElementId": "SPDXRef-Filesystem-2e2426fd0f2580ef",
"relatedSpdxElement": "SPDXRef-Package-84198b3828050c11",
"relatedSpdxElement": "SPDXRef-Package-32b6b37a6fa2e57f",
"relationshipType": "CONTAINS"
},
{
"spdxElementId": "SPDXRef-Filesystem-2e2426fd0f2580ef",
"relatedSpdxElement": "SPDXRef-Package-b8061a5279413d55",
"relatedSpdxElement": "SPDXRef-Package-e260029d0b6fd07b",
"relationshipType": "CONTAINS"
},
{
"spdxElementId": "SPDXRef-Package-84198b3828050c11",
"relatedSpdxElement": "SPDXRef-File-7eb62e2a3edddc0a",
"spdxElementId": "SPDXRef-Package-32b6b37a6fa2e57f",
"relatedSpdxElement": "SPDXRef-File-600e5e0110a84891",
"relationshipType": "CONTAINS"
},
{
"spdxElementId": "SPDXRef-Package-b8061a5279413d55",
"relatedSpdxElement": "SPDXRef-File-600e5e0110a84891",
"spdxElementId": "SPDXRef-Package-e260029d0b6fd07b",
"relatedSpdxElement": "SPDXRef-File-7eb62e2a3edddc0a",
"relationshipType": "CONTAINS"
}
]
Expand Down
4 changes: 2 additions & 2 deletions pkg/cloud/report/report.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ import (
"github.com/aquasecurity/tml"
"github.com/aquasecurity/trivy/pkg/clock"
cr "github.com/aquasecurity/trivy/pkg/compliance/report"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/fanal/artifact"
"github.com/aquasecurity/trivy/pkg/flag"
"github.com/aquasecurity/trivy/pkg/iac/scan"
pkgReport "github.com/aquasecurity/trivy/pkg/report"
Expand Down Expand Up @@ -97,7 +97,7 @@ func Write(ctx context.Context, rep *Report, opt flag.Options, fromCache bool) e
base := types.Report{
CreatedAt: clock.Now(ctx),
ArtifactName: rep.AccountID,
ArtifactType: ftypes.ArtifactAWSAccount,
ArtifactType: artifact.TypeAWSAccount,
Results: filtered,
}

Expand Down
40 changes: 38 additions & 2 deletions pkg/fanal/artifact/artifact.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,13 @@ import (
"context"
"sort"

"github.com/google/go-containerregistry/pkg/v1"

"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
"github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/fanal/walker"
"github.com/aquasecurity/trivy/pkg/misconf"
"github.com/aquasecurity/trivy/pkg/sbom/core"
)

type Option struct {
Expand Down Expand Up @@ -72,6 +75,39 @@ func (o *Option) Sort() {
}

type Artifact interface {
Inspect(ctx context.Context) (reference types.ArtifactReference, err error)
Clean(reference types.ArtifactReference) error
Inspect(ctx context.Context) (reference Reference, err error)
Clean(reference Reference) error
}

// Type represents a type of artifact
type Type string

const (
TypeContainerImage Type = "container_image"
TypeFilesystem Type = "filesystem"
TypeRepository Type = "repository"
TypeCycloneDX Type = "cyclonedx"
TypeSPDX Type = "spdx"
TypeAWSAccount Type = "aws_account"
TypeVM Type = "vm"
)

// Reference represents a reference of container image, local filesystem and repository
type Reference struct {
Name string // image name, tar file name, directory or repository name
Type Type
ID string
BlobIDs []string
ImageMetadata ImageMetadata

// SBOM
BOM *core.BOM
}

type ImageMetadata struct {
ID string // image ID
DiffIDs []string // uncompressed layer IDs
RepoTags []string
RepoDigests []string
ConfigFile v1.ConfigFile
}
22 changes: 11 additions & 11 deletions pkg/fanal/artifact/image/image.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,16 +73,16 @@ func NewArtifact(img types.Image, c cache.ArtifactCache, opt artifact.Option) (a
}, nil
}

func (a Artifact) Inspect(ctx context.Context) (types.ArtifactReference, error) {
func (a Artifact) Inspect(ctx context.Context) (artifact.Reference, error) {
imageID, err := a.image.ID()
if err != nil {
return types.ArtifactReference{}, xerrors.Errorf("unable to get the image ID: %w", err)
return artifact.Reference{}, xerrors.Errorf("unable to get the image ID: %w", err)
}
a.logger.Debug("Detected image ID", log.String("image_id", imageID))

configFile, err := a.image.ConfigFile()
if err != nil {
return types.ArtifactReference{}, xerrors.Errorf("unable to get the image's config file: %w", err)
return artifact.Reference{}, xerrors.Errorf("unable to get the image's config file: %w", err)
}

diffIDs := a.diffIDs(configFile)
Expand All @@ -94,7 +94,7 @@ func (a Artifact) Inspect(ctx context.Context) (types.ArtifactReference, error)
return res, nil
} else if !errors.Is(err, errNoSBOMFound) {
// Fail on unexpected error, otherwise it falls into the usual scanning.
return types.ArtifactReference{}, xerrors.Errorf("remote SBOM fetching error: %w", err)
return artifact.Reference{}, xerrors.Errorf("remote SBOM fetching error: %w", err)
}

// Try to detect base layers.
Expand All @@ -104,15 +104,15 @@ func (a Artifact) Inspect(ctx context.Context) (types.ArtifactReference, error)
// Convert image ID and layer IDs to cache keys
imageKey, layerKeys, err := a.calcCacheKeys(imageID, diffIDs)
if err != nil {
return types.ArtifactReference{}, err
return artifact.Reference{}, err
}

// Parse histories and extract a list of "created_by"
layerKeyMap := a.consolidateCreatedBy(diffIDs, layerKeys, configFile)

missingImage, missingLayers, err := a.cache.MissingBlobs(imageKey, layerKeys)
if err != nil {
return types.ArtifactReference{}, xerrors.Errorf("unable to get missing layers: %w", err)
return artifact.Reference{}, xerrors.Errorf("unable to get missing layers: %w", err)
}

missingImageKey := imageKey
Expand All @@ -123,15 +123,15 @@ func (a Artifact) Inspect(ctx context.Context) (types.ArtifactReference, error)
}

if err = a.inspect(ctx, missingImageKey, missingLayers, baseDiffIDs, layerKeyMap, configFile); err != nil {
return types.ArtifactReference{}, xerrors.Errorf("analyze error: %w", err)
return artifact.Reference{}, xerrors.Errorf("analyze error: %w", err)
}

return types.ArtifactReference{
return artifact.Reference{
Name: a.image.Name(),
Type: types.ArtifactContainerImage,
Type: artifact.TypeContainerImage,
ID: imageKey,
BlobIDs: layerKeys,
ImageMetadata: types.ImageMetadata{
ImageMetadata: artifact.ImageMetadata{
ID: imageID,
DiffIDs: diffIDs,
RepoTags: a.image.RepoTags(),
Expand All @@ -141,7 +141,7 @@ func (a Artifact) Inspect(ctx context.Context) (types.ArtifactReference, error)
}, nil
}

func (Artifact) Clean(_ types.ArtifactReference) error {
func (Artifact) Clean(_ artifact.Reference) error {
return nil
}

Expand Down
20 changes: 10 additions & 10 deletions pkg/fanal/artifact/image/image_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -340,7 +340,7 @@ func TestArtifact_Inspect(t *testing.T) {
missingBlobsExpectation cache.ArtifactCacheMissingBlobsExpectation
putBlobExpectations []cache.ArtifactCachePutBlobExpectation
putArtifactExpectations []cache.ArtifactCachePutArtifactExpectation
want types.ArtifactReference
want artifact.Reference
wantErr string
}{
{
Expand Down Expand Up @@ -425,12 +425,12 @@ func TestArtifact_Inspect(t *testing.T) {
},
},
},
want: types.ArtifactReference{
want: artifact.Reference{
Name: "../../test/testdata/alpine-311.tar.gz",
Type: types.ArtifactContainerImage,
Type: artifact.TypeContainerImage,
ID: "sha256:c232b7d8ac8aa08aa767313d0b53084c4380d1c01a213a5971bdb039e6538313",
BlobIDs: []string{"sha256:1fd280c63e1416a2261e76454caa19a5b77c6bddedd48309c9687c4fe72b34c0"},
ImageMetadata: types.ImageMetadata{
ImageMetadata: artifact.ImageMetadata{
ID: "sha256:a187dde48cd289ac374ad8539930628314bc581a481cdb41409c9289419ddb72",
DiffIDs: []string{
"sha256:beee9f30bc1f711043e78d4a2be0668955d4b761d587d6f60c2c8dc081efb203",
Expand Down Expand Up @@ -1756,17 +1756,17 @@ func TestArtifact_Inspect(t *testing.T) {
},
},
},
want: types.ArtifactReference{
want: artifact.Reference{
Name: "../../test/testdata/vuln-image.tar.gz",
Type: types.ArtifactContainerImage,
Type: artifact.TypeContainerImage,
ID: "sha256:33f9415ed2cd5a9cef5d5144333619745b9ec0f851f0684dd45fa79c6b26a650",
BlobIDs: []string{
"sha256:dd0a4f4754bf4590327be34f4266f63c92184352afadb72e4c9b162f76224000",
"sha256:f9e6a3065bb47f810916e90249076950a4b70785a27d3bcb90406d0ab342fa67",
"sha256:b6be0de11c6090f71dea119f43dd360335643420058e317baffb089f0dff4001",
"sha256:37c561c19b169f5f9832f4b0060bf74ebc8d1c9e01662ad4fa21c394da159440",
},
ImageMetadata: types.ImageMetadata{
ImageMetadata: artifact.ImageMetadata{
ID: "sha256:58701fd185bda36cab0557bb6438661831267aa4a9e0b54211c4d5317a48aff4",
DiffIDs: []string{
"sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
Expand Down Expand Up @@ -1921,17 +1921,17 @@ func TestArtifact_Inspect(t *testing.T) {
},
},
},
want: types.ArtifactReference{
want: artifact.Reference{
Name: "../../test/testdata/vuln-image.tar.gz",
Type: types.ArtifactContainerImage,
Type: artifact.TypeContainerImage,
ID: "sha256:33f9415ed2cd5a9cef5d5144333619745b9ec0f851f0684dd45fa79c6b26a650",
BlobIDs: []string{
"sha256:e1187118cdbe8893fc2fd4b345f813d195ee6aaeb4820d4576694199f8c10350",
"sha256:12c266a627dc4014c3ee96936058ba98209056f4ffe0081bb5fca7ff91592cdb",
"sha256:47adac0e28b12338e99dedbd7e8b0ef1f7aaa28e646f637ab2db8908b80704c8",
"sha256:dd1082b33b17401fdc31bcbf60eaaecb9ce29e23956c50db6f34b2cc6cfa13c8",
},
ImageMetadata: types.ImageMetadata{
ImageMetadata: artifact.ImageMetadata{
ID: "sha256:58701fd185bda36cab0557bb6438661831267aa4a9e0b54211c4d5317a48aff4",
DiffIDs: []string{
"sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
Expand Down
Loading

0 comments on commit 6a72dd4

Please sign in to comment.