diff --git a/docs/docs/references/configuration/cli/trivy_filesystem.md b/docs/docs/references/configuration/cli/trivy_filesystem.md index ae88ed8ca83b..2fb1ad1c984c 100644 --- a/docs/docs/references/configuration/cli/trivy_filesystem.md +++ b/docs/docs/references/configuration/cli/trivy_filesystem.md @@ -63,6 +63,7 @@ trivy filesystem [flags] PATH --output-plugin-arg string [EXPERIMENTAL] output plugin arguments --parallel int number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism (default 5) --password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons. + --pkg-types strings comma-separated list of package types (os,library) (default [os,library]) --redis-ca string redis ca file location, if using redis as cache backend --redis-cert string redis certificate file location, if using redis as cache backend --redis-key string redis key file location, if using redis as cache backend @@ -89,7 +90,6 @@ trivy filesystem [flags] PATH --trace enable more verbose trace output for custom queries --username strings username. Comma-separated usernames allowed. --vex string [EXPERIMENTAL] file path to VEX - --vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library]) ``` ### Options inherited from parent commands diff --git a/docs/docs/references/configuration/cli/trivy_image.md b/docs/docs/references/configuration/cli/trivy_image.md index 8c3fe309f929..2ae526d9405c 100644 --- a/docs/docs/references/configuration/cli/trivy_image.md +++ b/docs/docs/references/configuration/cli/trivy_image.md @@ -81,6 +81,7 @@ trivy image [flags] IMAGE_NAME --output-plugin-arg string [EXPERIMENTAL] output plugin arguments --parallel int number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism (default 5) --password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons. + --pkg-types strings comma-separated list of package types (os,library) (default [os,library]) --platform string set platform in the form os/arch if image is multi-platform capable --podman-host string unix podman socket path to use for podman scanning --redis-ca string redis ca file location, if using redis as cache backend @@ -109,7 +110,6 @@ trivy image [flags] IMAGE_NAME --trace enable more verbose trace output for custom queries --username strings username. Comma-separated usernames allowed. --vex string [EXPERIMENTAL] file path to VEX - --vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library]) ``` ### Options inherited from parent commands diff --git a/docs/docs/references/configuration/cli/trivy_kubernetes.md b/docs/docs/references/configuration/cli/trivy_kubernetes.md index 201eee466765..3f20a33e866d 100644 --- a/docs/docs/references/configuration/cli/trivy_kubernetes.md +++ b/docs/docs/references/configuration/cli/trivy_kubernetes.md @@ -78,6 +78,7 @@ trivy kubernetes [flags] [CONTEXT] --output-plugin-arg string [EXPERIMENTAL] output plugin arguments --parallel int number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism (default 5) --password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons. + --pkg-types strings comma-separated list of package types (os,library) (default [os,library]) --qps float specify the maximum QPS to the master from this client (default 5) --redis-ca string redis ca file location, if using redis as cache backend --redis-cert string redis certificate file location, if using redis as cache backend @@ -103,7 +104,6 @@ trivy kubernetes [flags] [CONTEXT] --trace enable more verbose trace output for custom queries --username strings username. Comma-separated usernames allowed. --vex string [EXPERIMENTAL] file path to VEX - --vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library]) ``` ### Options inherited from parent commands diff --git a/docs/docs/references/configuration/cli/trivy_repository.md b/docs/docs/references/configuration/cli/trivy_repository.md index cf85082bee7f..4831c2bad4ae 100644 --- a/docs/docs/references/configuration/cli/trivy_repository.md +++ b/docs/docs/references/configuration/cli/trivy_repository.md @@ -63,6 +63,7 @@ trivy repository [flags] (REPO_PATH | REPO_URL) --output-plugin-arg string [EXPERIMENTAL] output plugin arguments --parallel int number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism (default 5) --password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons. + --pkg-types strings comma-separated list of package types (os,library) (default [os,library]) --redis-ca string redis ca file location, if using redis as cache backend --redis-cert string redis certificate file location, if using redis as cache backend --redis-key string redis key file location, if using redis as cache backend @@ -89,7 +90,6 @@ trivy repository [flags] (REPO_PATH | REPO_URL) --trace enable more verbose trace output for custom queries --username strings username. Comma-separated usernames allowed. --vex string [EXPERIMENTAL] file path to VEX - --vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library]) ``` ### Options inherited from parent commands diff --git a/docs/docs/references/configuration/cli/trivy_rootfs.md b/docs/docs/references/configuration/cli/trivy_rootfs.md index 6ab7705ff633..ca433b327f0d 100644 --- a/docs/docs/references/configuration/cli/trivy_rootfs.md +++ b/docs/docs/references/configuration/cli/trivy_rootfs.md @@ -65,6 +65,7 @@ trivy rootfs [flags] ROOTDIR --output-plugin-arg string [EXPERIMENTAL] output plugin arguments --parallel int number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism (default 5) --password strings password. Comma-separated passwords allowed. TRIVY_PASSWORD should be used for security reasons. + --pkg-types strings comma-separated list of package types (os,library) (default [os,library]) --redis-ca string redis ca file location, if using redis as cache backend --redis-cert string redis certificate file location, if using redis as cache backend --redis-key string redis key file location, if using redis as cache backend @@ -90,7 +91,6 @@ trivy rootfs [flags] ROOTDIR --trace enable more verbose trace output for custom queries --username strings username. Comma-separated usernames allowed. --vex string [EXPERIMENTAL] file path to VEX - --vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library]) ``` ### Options inherited from parent commands diff --git a/docs/docs/references/configuration/cli/trivy_sbom.md b/docs/docs/references/configuration/cli/trivy_sbom.md index 2adbd12a253a..3d4d25e47fcb 100644 --- a/docs/docs/references/configuration/cli/trivy_sbom.md +++ b/docs/docs/references/configuration/cli/trivy_sbom.md @@ -43,6 +43,7 @@ trivy sbom [flags] SBOM_PATH --offline-scan do not issue API requests to identify dependencies -o, --output string output file name --output-plugin-arg string [EXPERIMENTAL] output plugin arguments + --pkg-types strings comma-separated list of package types (os,library) (default [os,library]) --redis-ca string redis ca file location, if using redis as cache backend --redis-cert string redis certificate file location, if using redis as cache backend --redis-key string redis key file location, if using redis as cache backend @@ -61,7 +62,6 @@ trivy sbom [flags] SBOM_PATH --token string for authentication in client/server mode --token-header string specify a header name for token in client/server mode (default "Trivy-Token") --vex string [EXPERIMENTAL] file path to VEX - --vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library]) ``` ### Options inherited from parent commands diff --git a/docs/docs/references/configuration/cli/trivy_vm.md b/docs/docs/references/configuration/cli/trivy_vm.md index 5ad96c87b0df..dab35eeb93e1 100644 --- a/docs/docs/references/configuration/cli/trivy_vm.md +++ b/docs/docs/references/configuration/cli/trivy_vm.md @@ -56,6 +56,7 @@ trivy vm [flags] VM_IMAGE -o, --output string output file name --output-plugin-arg string [EXPERIMENTAL] output plugin arguments --parallel int number of goroutines enabled for parallel scanning, set 0 to auto-detect parallelism (default 5) + --pkg-types strings comma-separated list of package types (os,library) (default [os,library]) --redis-ca string redis ca file location, if using redis as cache backend --redis-cert string redis certificate file location, if using redis as cache backend --redis-key string redis key file location, if using redis as cache backend @@ -76,7 +77,6 @@ trivy vm [flags] VM_IMAGE --token string for authentication in client/server mode --token-header string specify a header name for token in client/server mode (default "Trivy-Token") --vex string [EXPERIMENTAL] file path to VEX - --vuln-type strings comma-separated list of vulnerability types (os,library) (default [os,library]) ``` ### Options inherited from parent commands diff --git a/docs/docs/references/configuration/config-file.md b/docs/docs/references/configuration/config-file.md index 1a7020d94fe4..f3c0006bfe07 100644 --- a/docs/docs/references/configuration/config-file.md +++ b/docs/docs/references/configuration/config-file.md @@ -81,6 +81,13 @@ severity: - MEDIUM - HIGH - CRITICAL + +# Same as '--pkg-types' +# Default is 'os,library' +pkg-types: + - os + - library + scan: # Same as '--compliance' @@ -261,12 +268,6 @@ Available with vulnerability scanning ```yaml vulnerability: - # Same as '--vuln-type' - # Default is 'os,library' - type: - - os - - library - # Same as '--ignore-unfixed' # Default is false ignore-unfixed: false diff --git a/docs/docs/scanner/vulnerability.md b/docs/docs/scanner/vulnerability.md index 55403dda2207..ef233b4db4da 100644 --- a/docs/docs/scanner/vulnerability.md +++ b/docs/docs/scanner/vulnerability.md @@ -204,7 +204,7 @@ Other common options are documented [here](../configuration/index.md). ### Enabling a subset of package types It's possible to only enable certain package types if you prefer. -You can do so by passing the `--vuln-type` option. +You can do so by passing the `--pkg-types` option. This flag takes a comma-separated list of package types. Available values: @@ -215,7 +215,7 @@ Available values: - Scan language-specific packages (e.g. packages installed by `pip`, `npm`, or `gem`). ```bash -$ trivy image --vuln-type os ruby:2.4.0 +$ trivy image --pkg-types os ruby:2.4.0 ``` diff --git a/pkg/commands/app.go b/pkg/commands/app.go index 92483babb293..5ca651193c35 100644 --- a/pkg/commands/app.go +++ b/pkg/commands/app.go @@ -512,6 +512,8 @@ func NewConvertCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command { ScanFlagGroup: &flag.ScanFlagGroup{}, ReportFlagGroup: flag.NewReportFlagGroup(), } + convertFlags.ReportFlagGroup.PkgTypes = nil // disable '--pkg-types' + cmd := &cobra.Command{ Use: "convert [flags] RESULT_JSON", Aliases: []string{"conv"}, @@ -679,6 +681,7 @@ func NewConfigCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command { configFlags.ReportFlagGroup.ListAllPkgs = nil // disable '--list-all-pkgs' configFlags.ReportFlagGroup.ExitOnEOL = nil // disable '--exit-on-eol' configFlags.ReportFlagGroup.ShowSuppressed = nil // disable '--show-suppressed' + configFlags.ReportFlagGroup.PkgTypes = nil // disable '--pkg-types' configFlags.ReportFlagGroup.ReportFormat.Usage = "specify a compliance report format for the output" // @TODO: support --report summary for non compliance reports configFlags.CacheFlagGroup.CacheBackend.Default = string(cache.TypeMemory) diff --git a/pkg/commands/artifact/run.go b/pkg/commands/artifact/run.go index 82cbb439ecce..1343f4be61f0 100644 --- a/pkg/commands/artifact/run.go +++ b/pkg/commands/artifact/run.go @@ -201,7 +201,7 @@ func (r *runner) scanFS(ctx context.Context, opts flag.Options) (types.Report, e func (r *runner) ScanRepository(ctx context.Context, opts flag.Options) (types.Report, error) { // Do not scan OS packages - opts.VulnType = []string{types.VulnTypeLibrary} + opts.PkgTypes = []string{types.PkgTypeLibrary} // Disable the OS analyzers, individual package analyzers and SBOM analyzer opts.DisabledAnalyzers = append(analyzer.TypeIndividualPkgs, analyzer.TypeOSes...) @@ -405,7 +405,7 @@ func disabledAnalyzers(opts flag.Options) []analyzer.Type { } // Do not analyze programming language packages when not running in 'library' - if !slices.Contains(opts.VulnType, types.VulnTypeLibrary) { + if !slices.Contains(opts.PkgTypes, types.PkgTypeLibrary) { analyzers = append(analyzers, analyzer.TypeLanguages...) } @@ -473,7 +473,7 @@ func (r *runner) initScannerConfig(opts flag.Options) (ScannerConfig, types.Scan } scanOptions := types.ScanOptions{ - VulnType: opts.VulnType, + PkgTypes: opts.PkgTypes, Scanners: opts.Scanners, ImageConfigScanners: opts.ImageConfigScanners, // this is valid only for 'image' subcommand ScanRemovedPackages: opts.ScanRemovedPkgs, // this is valid only for 'image' subcommand @@ -488,7 +488,7 @@ func (r *runner) initScannerConfig(opts flag.Options) (ScannerConfig, types.Scan if opts.Scanners.Enabled(types.VulnerabilityScanner) { log.Info("Vulnerability scanning is enabled") - log.Debug("Vulnerability type", log.Any("type", scanOptions.VulnType)) + log.Debug("Package types", log.Any("types", scanOptions.PkgTypes)) } // ScannerOption is filled only when config scanning is enabled. diff --git a/pkg/flag/report_flags.go b/pkg/flag/report_flags.go index ce833cc1b13e..b82cc13e706b 100644 --- a/pkg/flag/report_flags.go +++ b/pkg/flag/report_flags.go @@ -106,6 +106,20 @@ var ( ConfigName: "scan.show-suppressed", Usage: "[EXPERIMENTAL] show suppressed vulnerabilities", } + PkgTypesFlag = Flag[[]string]{ + Name: "pkg-types", + ConfigName: "pkg-types", + Default: types.PkgTypes, + Values: types.PkgTypes, + Usage: "comma-separated list of package types", + Aliases: []Alias{ + { + Name: "vuln-type", + ConfigName: "vulnerability.type", + Deprecated: true, // --vuln-type was renamed to --pkg-types + }, + }, + } ) // ReportFlagGroup composes common printer flag structs @@ -125,6 +139,7 @@ type ReportFlagGroup struct { Severity *Flag[[]string] Compliance *Flag[string] ShowSuppressed *Flag[bool] + PkgTypes *Flag[[]string] } type ReportOptions struct { @@ -142,6 +157,7 @@ type ReportOptions struct { Severities []dbTypes.Severity Compliance spec.ComplianceSpec ShowSuppressed bool + PkgTypes []string } func NewReportFlagGroup() *ReportFlagGroup { @@ -160,6 +176,7 @@ func NewReportFlagGroup() *ReportFlagGroup { Severity: SeverityFlag.Clone(), Compliance: ComplianceFlag.Clone(), ShowSuppressed: ShowSuppressedFlag.Clone(), + PkgTypes: PkgTypesFlag.Clone(), } } @@ -183,6 +200,7 @@ func (f *ReportFlagGroup) Flags() []Flagger { f.Severity, f.Compliance, f.ShowSuppressed, + f.PkgTypes, } } @@ -252,6 +270,7 @@ func (f *ReportFlagGroup) ToOptions() (ReportOptions, error) { Severities: toSeverity(f.Severity.Value()), Compliance: cs, ShowSuppressed: f.ShowSuppressed.Value(), + PkgTypes: f.PkgTypes.Value(), }, nil } diff --git a/pkg/flag/report_flags_test.go b/pkg/flag/report_flags_test.go index 6e56904c4dcf..108d95e22a70 100644 --- a/pkg/flag/report_flags_test.go +++ b/pkg/flag/report_flags_test.go @@ -31,6 +31,7 @@ func TestReportFlagGroup_ToOptions(t *testing.T) { severities string compliance string debug bool + pkgTypes string } tests := []struct { name string @@ -159,6 +160,28 @@ func TestReportFlagGroup_ToOptions(t *testing.T) { Severities: []dbTypes.Severity{dbTypes.SeverityLow}, }, }, + { + name: "happy path for OS packages", + fields: fields{ + pkgTypes: "os", + }, + want: flag.ReportOptions{ + PkgTypes: []string{ + types.PkgTypeOS, + }, + }, + }, + { + name: "happy path for library packages", + fields: fields{ + pkgTypes: "library", + }, + want: flag.ReportOptions{ + PkgTypes: []string{ + types.PkgTypeLibrary, + }, + }, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -183,6 +206,7 @@ func TestReportFlagGroup_ToOptions(t *testing.T) { setValue(flag.OutputPluginArgFlag.ConfigName, tt.fields.outputPluginArgs) setValue(flag.SeverityFlag.ConfigName, tt.fields.severities) setValue(flag.ComplianceFlag.ConfigName, tt.fields.compliance) + setValue(flag.PkgTypesFlag.ConfigName, tt.fields.pkgTypes) // Assert options f := &flag.ReportFlagGroup{ @@ -198,6 +222,7 @@ func TestReportFlagGroup_ToOptions(t *testing.T) { OutputPluginArg: flag.OutputPluginArgFlag.Clone(), Severity: flag.SeverityFlag.Clone(), Compliance: flag.ComplianceFlag.Clone(), + PkgTypes: flag.PkgTypesFlag.Clone(), } got, err := f.ToOptions() diff --git a/pkg/flag/vulnerability_flags.go b/pkg/flag/vulnerability_flags.go index f0db9e7b70c3..0e9d8291d059 100644 --- a/pkg/flag/vulnerability_flags.go +++ b/pkg/flag/vulnerability_flags.go @@ -5,23 +5,9 @@ import ( dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/log" - "github.com/aquasecurity/trivy/pkg/types" ) var ( - VulnTypeFlag = Flag[[]string]{ - Name: "vuln-type", - ConfigName: "vulnerability.type", - Default: []string{ - types.VulnTypeOS, - types.VulnTypeLibrary, - }, - Values: []string{ - types.VulnTypeOS, - types.VulnTypeLibrary, - }, - Usage: "comma-separated list of vulnerability types", - } IgnoreUnfixedFlag = Flag[bool]{ Name: "ignore-unfixed", ConfigName: "vulnerability.ignore-unfixed", @@ -42,21 +28,18 @@ var ( ) type VulnerabilityFlagGroup struct { - VulnType *Flag[[]string] IgnoreUnfixed *Flag[bool] IgnoreStatus *Flag[[]string] VEXPath *Flag[string] } type VulnerabilityOptions struct { - VulnType []string IgnoreStatuses []dbTypes.Status VEXPath string } func NewVulnerabilityFlagGroup() *VulnerabilityFlagGroup { return &VulnerabilityFlagGroup{ - VulnType: VulnTypeFlag.Clone(), IgnoreUnfixed: IgnoreUnfixedFlag.Clone(), IgnoreStatus: IgnoreStatusFlag.Clone(), VEXPath: VEXFlag.Clone(), @@ -69,7 +52,6 @@ func (f *VulnerabilityFlagGroup) Name() string { func (f *VulnerabilityFlagGroup) Flags() []Flagger { return []Flagger{ - f.VulnType, f.IgnoreUnfixed, f.IgnoreStatus, f.VEXPath, @@ -105,7 +87,6 @@ func (f *VulnerabilityFlagGroup) ToOptions() (VulnerabilityOptions, error) { log.Debug("Ignore statuses", log.Any("statuses", ignoreStatuses)) return VulnerabilityOptions{ - VulnType: f.VulnType.Value(), IgnoreStatuses: ignoreStatuses, VEXPath: f.VEXPath.Value(), }, nil diff --git a/pkg/flag/vulnerability_flags_test.go b/pkg/flag/vulnerability_flags_test.go deleted file mode 100644 index a1bcd90b3473..000000000000 --- a/pkg/flag/vulnerability_flags_test.go +++ /dev/null @@ -1,68 +0,0 @@ -package flag_test - -import ( - "testing" - - "github.com/spf13/viper" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - - "github.com/aquasecurity/trivy/pkg/flag" - "github.com/aquasecurity/trivy/pkg/log" - "github.com/aquasecurity/trivy/pkg/types" -) - -func TestVulnerabilityFlagGroup_ToOptions(t *testing.T) { - type fields struct { - vulnType string - } - tests := []struct { - name string - args []string - fields fields - want flag.VulnerabilityOptions - wantLogs []string - }{ - { - name: "happy path for OS vulnerabilities", - args: []string{"alpine:latest"}, - fields: fields{ - vulnType: "os", - }, - want: flag.VulnerabilityOptions{ - VulnType: []string{types.VulnTypeOS}, - }, - }, - { - name: "happy path for library vulnerabilities", - args: []string{"alpine:latest"}, - fields: fields{ - vulnType: "library", - }, - want: flag.VulnerabilityOptions{ - VulnType: []string{types.VulnTypeLibrary}, - }, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - out := newLogger(log.LevelWarn) - - viper.Set(flag.VulnTypeFlag.ConfigName, tt.fields.vulnType) - - // Assert options - f := &flag.VulnerabilityFlagGroup{ - VulnType: flag.VulnTypeFlag.Clone(), - } - - got, err := f.ToOptions() - require.NoError(t, err) - assert.Equalf(t, tt.want, got, "ToOptions()") - - // Assert log messages - assert.Equal(t, tt.wantLogs, out.Messages(), tt.name) - }) - - } -} diff --git a/pkg/k8s/scanner/scanner.go b/pkg/k8s/scanner/scanner.go index 95761ad445a8..67d06b4c54bd 100644 --- a/pkg/k8s/scanner/scanner.go +++ b/pkg/k8s/scanner/scanner.go @@ -218,7 +218,7 @@ func (s *Scanner) scanK8sVulns(ctx context.Context, artifactsData []*artifacts.A k8sScanner := k8s.NewKubernetesScanner() scanOptions := types.ScanOptions{ Scanners: s.opts.Scanners, - VulnType: s.opts.VulnType, + PkgTypes: s.opts.PkgTypes, } for _, artifact := range artifactsData { switch artifact.Kind { diff --git a/pkg/rpc/client/client.go b/pkg/rpc/client/client.go index c2bcae2793a4..d1ac1d8d829f 100644 --- a/pkg/rpc/client/client.go +++ b/pkg/rpc/client/client.go @@ -82,7 +82,7 @@ func (s Scanner) Scan(ctx context.Context, target, artifactKey string, blobKeys ArtifactId: artifactKey, BlobIds: blobKeys, Options: &rpc.ScanOptions{ - VulnType: opts.VulnType, + PkgTypes: opts.PkgTypes, Scanners: xstrings.ToStringSlice(opts.Scanners), LicenseCategories: licenseCategories, IncludeDevDeps: opts.IncludeDevDeps, diff --git a/pkg/rpc/client/client_test.go b/pkg/rpc/client/client_test.go index bf5036c6116d..639b6088b994 100644 --- a/pkg/rpc/client/client_test.go +++ b/pkg/rpc/client/client_test.go @@ -50,7 +50,7 @@ func TestScanner_Scan(t *testing.T) { imageID: "sha256:e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a", layerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"}, options: types.ScanOptions{ - VulnType: []string{"os"}, + PkgTypes: []string{"os"}, }, }, expectation: &rpc.ScanResponse{ @@ -166,7 +166,7 @@ func TestScanner_Scan(t *testing.T) { imageID: "sha256:e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a", layerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"}, options: types.ScanOptions{ - VulnType: []string{"os"}, + PkgTypes: []string{"os"}, }, }, wantErr: "failed to detect vulnerabilities via RPC", diff --git a/pkg/rpc/server/server.go b/pkg/rpc/server/server.go index eb29683942f5..25b43b2afd92 100644 --- a/pkg/rpc/server/server.go +++ b/pkg/rpc/server/server.go @@ -47,7 +47,7 @@ func (s *ScanServer) Scan(ctx context.Context, in *rpcScanner.ScanRequest) (*rpc return types.Scanner(s) }) options := types.ScanOptions{ - VulnType: in.Options.VulnType, + PkgTypes: in.Options.PkgTypes, Scanners: scanners, IncludeDevDeps: in.Options.IncludeDevDeps, } diff --git a/pkg/scanner/local/scan.go b/pkg/scanner/local/scan.go index 18ba53eac7a0..7526ff48dd4c 100644 --- a/pkg/scanner/local/scan.go +++ b/pkg/scanner/local/scan.go @@ -160,7 +160,7 @@ func (s Scanner) scanVulnerabilities(ctx context.Context, target types.ScanTarge var eosl bool var results types.Results - if slices.Contains(options.VulnType, types.VulnTypeOS) { + if slices.Contains(options.PkgTypes, types.PkgTypeOS) { vuln, detectedEOSL, err := s.osPkgScanner.Scan(ctx, target, options) switch { case errors.Is(err, ospkgDetector.ErrUnsupportedOS): @@ -173,7 +173,7 @@ func (s Scanner) scanVulnerabilities(ctx context.Context, target types.ScanTarge } } - if slices.Contains(options.VulnType, types.VulnTypeLibrary) { + if slices.Contains(options.PkgTypes, types.PkgTypeLibrary) { vulns, err := s.langPkgScanner.Scan(ctx, target, options) if err != nil { return nil, false, xerrors.Errorf("failed to scan application libraries: %w", err) diff --git a/pkg/scanner/local/scan_test.go b/pkg/scanner/local/scan_test.go index f0d154a3904d..a80a4bd281c8 100644 --- a/pkg/scanner/local/scan_test.go +++ b/pkg/scanner/local/scan_test.go @@ -94,9 +94,9 @@ func TestScanner_Scan(t *testing.T) { target: "alpine:latest", layerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"}, options: types.ScanOptions{ - VulnType: []string{ - types.VulnTypeOS, - types.VulnTypeLibrary, + PkgTypes: []string{ + types.PkgTypeOS, + types.PkgTypeLibrary, }, Scanners: types.Scanners{types.VulnerabilityScanner}, }, @@ -294,9 +294,9 @@ func TestScanner_Scan(t *testing.T) { target: "alpine:latest", layerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"}, options: types.ScanOptions{ - VulnType: []string{ - types.VulnTypeOS, - types.VulnTypeLibrary, + PkgTypes: []string{ + types.PkgTypeOS, + types.PkgTypeLibrary, }, Scanners: types.Scanners{types.VulnerabilityScanner}, }, @@ -377,7 +377,7 @@ func TestScanner_Scan(t *testing.T) { target: "./result.cdx", layerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"}, options: types.ScanOptions{ - VulnType: []string{types.VulnTypeLibrary}, + PkgTypes: []string{types.PkgTypeLibrary}, Scanners: types.Scanners{types.VulnerabilityScanner}, }, }, @@ -473,9 +473,9 @@ func TestScanner_Scan(t *testing.T) { target: "alpine:latest", layerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"}, options: types.ScanOptions{ - VulnType: []string{ - types.VulnTypeOS, - types.VulnTypeLibrary, + PkgTypes: []string{ + types.PkgTypeOS, + types.PkgTypeLibrary, }, Scanners: types.Scanners{types.VulnerabilityScanner}, }, @@ -554,9 +554,9 @@ func TestScanner_Scan(t *testing.T) { target: "fedora:27", layerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"}, options: types.ScanOptions{ - VulnType: []string{ - types.VulnTypeOS, - types.VulnTypeLibrary, + PkgTypes: []string{ + types.PkgTypeOS, + types.PkgTypeLibrary, }, Scanners: types.Scanners{types.VulnerabilityScanner}, }, @@ -626,9 +626,9 @@ func TestScanner_Scan(t *testing.T) { target: "busybox:latest", layerIDs: []string{"sha256:a6d503001157aedc826853f9b67f26d35966221b158bff03849868ae4a821116"}, options: types.ScanOptions{ - VulnType: []string{ - types.VulnTypeOS, - types.VulnTypeLibrary, + PkgTypes: []string{ + types.PkgTypeOS, + types.PkgTypeLibrary, }, Scanners: types.Scanners{types.VulnerabilityScanner}, }, @@ -650,7 +650,7 @@ func TestScanner_Scan(t *testing.T) { target: "alpine:latest", layerIDs: []string{"sha256:0ea33a93585cf1917ba522b2304634c3073654062d5282c1346322967790ef33"}, options: types.ScanOptions{ - VulnType: []string{types.VulnTypeLibrary}, + PkgTypes: []string{types.PkgTypeLibrary}, Scanners: types.Scanners{types.VulnerabilityScanner}, }, }, @@ -896,9 +896,9 @@ func TestScanner_Scan(t *testing.T) { target: "alpine:latest", layerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"}, options: types.ScanOptions{ - VulnType: []string{ - types.VulnTypeOS, - types.VulnTypeLibrary, + PkgTypes: []string{ + types.PkgTypeOS, + types.PkgTypeLibrary, }, Scanners: types.Scanners{types.VulnerabilityScanner}, }, @@ -920,7 +920,7 @@ func TestScanner_Scan(t *testing.T) { target: "alpine:latest", layerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"}, options: types.ScanOptions{ - VulnType: []string{types.VulnTypeLibrary}, + PkgTypes: []string{types.PkgTypeLibrary}, Scanners: types.Scanners{types.VulnerabilityScanner}, }, }, diff --git a/pkg/scanner/scan_test.go b/pkg/scanner/scan_test.go index 287935ddd41f..6cfed72e43ea 100644 --- a/pkg/scanner/scan_test.go +++ b/pkg/scanner/scan_test.go @@ -30,7 +30,7 @@ func TestScanner_ScanArtifact(t *testing.T) { { name: "happy path", args: args{ - options: types.ScanOptions{VulnType: []string{"os"}}, + options: types.ScanOptions{PkgTypes: []string{"os"}}, }, inspectExpectation: artifact.ArtifactInspectExpectation{ Args: artifact.ArtifactInspectArgs{ @@ -57,7 +57,7 @@ func TestScanner_ScanArtifact(t *testing.T) { Target: "alpine:3.11", ImageID: "sha256:e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a", LayerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"}, - Options: types.ScanOptions{VulnType: []string{"os"}}, + Options: types.ScanOptions{PkgTypes: []string{"os"}}, }, Returns: DriverScanReturns{ Results: types.Results{ @@ -146,7 +146,7 @@ func TestScanner_ScanArtifact(t *testing.T) { { name: "sad path: AnalyzerAnalyze returns an error", args: args{ - options: types.ScanOptions{VulnType: []string{"os"}}, + options: types.ScanOptions{PkgTypes: []string{"os"}}, }, inspectExpectation: artifact.ArtifactInspectExpectation{ Args: artifact.ArtifactInspectArgs{ @@ -161,7 +161,7 @@ func TestScanner_ScanArtifact(t *testing.T) { { name: "sad path: Scan returns an error", args: args{ - options: types.ScanOptions{VulnType: []string{"os"}}, + options: types.ScanOptions{PkgTypes: []string{"os"}}, }, inspectExpectation: artifact.ArtifactInspectExpectation{ Args: artifact.ArtifactInspectArgs{ @@ -181,7 +181,7 @@ func TestScanner_ScanArtifact(t *testing.T) { Target: "alpine:3.11", ImageID: "sha256:e7d92cdc71feacf90708cb59182d0df1b911f8ae022d29e8e95d75ca6a99776a", LayerIDs: []string{"sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10"}, - Options: types.ScanOptions{VulnType: []string{"os"}}, + Options: types.ScanOptions{PkgTypes: []string{"os"}}, }, Returns: DriverScanReturns{ Err: errors.New("error"), diff --git a/pkg/types/scan.go b/pkg/types/scan.go index 04b6d6230230..2151cb9ccd24 100644 --- a/pkg/types/scan.go +++ b/pkg/types/scan.go @@ -22,7 +22,7 @@ type ScanTarget struct { // ScanOptions holds the attributes for scanning vulnerabilities type ScanOptions struct { - VulnType []string + PkgTypes []string Scanners Scanners ImageConfigScanners Scanners // Scanners for container image configuration ScanRemovedPackages bool diff --git a/pkg/types/target.go b/pkg/types/target.go index bb2dce90fc52..a8cccced3de7 100644 --- a/pkg/types/target.go +++ b/pkg/types/target.go @@ -4,8 +4,8 @@ import ( "slices" ) -// VulnType represents vulnerability type -type VulnType = string +// PkgType represents package type +type PkgType = string // Scanner represents the type of security scanning type Scanner string @@ -14,14 +14,14 @@ type Scanner string type Scanners []Scanner const ( - // VulnTypeUnknown is a vulnerability type of unknown - VulnTypeUnknown = VulnType("unknown") + // PkgTypeUnknown is a package type of unknown + PkgTypeUnknown = PkgType("unknown") - // VulnTypeOS is a vulnerability type of OS packages - VulnTypeOS = VulnType("os") + // PkgTypeOS is a package type of OS packages + PkgTypeOS = PkgType("os") - // VulnTypeLibrary is a vulnerability type of programming language dependencies - VulnTypeLibrary = VulnType("library") + // PkgTypeLibrary is a package type of programming language dependencies + PkgTypeLibrary = PkgType("library") // UnknownScanner is the scanner of unknown UnknownScanner = Scanner("unknown") @@ -49,9 +49,9 @@ const ( ) var ( - VulnTypes = []string{ - VulnTypeOS, - VulnTypeLibrary, + PkgTypes = []string{ + PkgTypeOS, + PkgTypeLibrary, } AllScanners = Scanners{ diff --git a/rpc/scanner/service.pb.go b/rpc/scanner/service.pb.go index 50d0ead38681..2f03d4727662 100644 --- a/rpc/scanner/service.pb.go +++ b/rpc/scanner/service.pb.go @@ -146,7 +146,7 @@ type ScanOptions struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - VulnType []string `protobuf:"bytes,1,rep,name=vuln_type,json=vulnType,proto3" json:"vuln_type,omitempty"` + PkgTypes []string `protobuf:"bytes,1,rep,name=pkg_types,json=pkgTypes,proto3" json:"pkg_types,omitempty"` Scanners []string `protobuf:"bytes,2,rep,name=scanners,proto3" json:"scanners,omitempty"` LicenseCategories map[string]*Licenses `protobuf:"bytes,4,rep,name=license_categories,json=licenseCategories,proto3" json:"license_categories,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` IncludeDevDeps bool `protobuf:"varint,5,opt,name=include_dev_deps,json=includeDevDeps,proto3" json:"include_dev_deps,omitempty"` @@ -184,9 +184,9 @@ func (*ScanOptions) Descriptor() ([]byte, []int) { return file_rpc_scanner_service_proto_rawDescGZIP(), []int{2} } -func (x *ScanOptions) GetVulnType() []string { +func (x *ScanOptions) GetPkgTypes() []string { if x != nil { - return x.VulnType + return x.PkgTypes } return nil } @@ -399,9 +399,9 @@ var file_rpc_scanner_service_proto_rawDesc = []byte{ 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x20, 0x0a, 0x08, 0x4c, 0x69, 0x63, 0x65, 0x6e, 0x73, 0x65, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x22, 0xbd, 0x02, 0x0a, 0x0b, 0x53, 0x63, 0x61, 0x6e, 0x4f, - 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x76, 0x75, 0x6c, 0x6e, 0x5f, 0x74, - 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x76, 0x75, 0x6c, 0x6e, 0x54, - 0x79, 0x70, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x73, 0x18, + 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x6b, 0x67, 0x5f, 0x74, 0x79, + 0x70, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x70, 0x6b, 0x67, 0x54, 0x79, + 0x70, 0x65, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x72, 0x73, 0x12, 0x63, 0x0a, 0x12, 0x6c, 0x69, 0x63, 0x65, 0x6e, 0x73, 0x65, 0x5f, 0x63, 0x61, 0x74, 0x65, 0x67, 0x6f, 0x72, 0x69, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x74, 0x72, diff --git a/rpc/scanner/service.proto b/rpc/scanner/service.proto index 312930adc89a..8fc1cdbd46ac 100644 --- a/rpc/scanner/service.proto +++ b/rpc/scanner/service.proto @@ -23,7 +23,7 @@ message Licenses { } message ScanOptions { - repeated string vuln_type = 1; + repeated string pkg_types = 1; repeated string scanners = 2; map license_categories = 4; bool include_dev_deps = 5; diff --git a/rpc/scanner/service.twirp.go b/rpc/scanner/service.twirp.go index 0a2fbe5759e7..c877fbe34523 100644 --- a/rpc/scanner/service.twirp.go +++ b/rpc/scanner/service.twirp.go @@ -1094,46 +1094,46 @@ func callClientError(ctx context.Context, h *twirp.ClientHooks, err twirp.Error) } var twirpFileDescriptor0 = []byte{ - // 648 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x54, 0xdd, 0x4e, 0x1b, 0x3b, - 0x10, 0x56, 0x7e, 0x48, 0x36, 0x93, 0xa3, 0x43, 0xb0, 0xce, 0x41, 0x4b, 0x38, 0x9c, 0x46, 0xb9, - 0xa8, 0x72, 0x95, 0x94, 0xd0, 0xaa, 0x7f, 0x77, 0x05, 0x5a, 0x51, 0xb5, 0x02, 0x39, 0xa8, 0x17, - 0xbd, 0x49, 0x1d, 0xef, 0x90, 0x5a, 0x6c, 0x76, 0x17, 0x8f, 0x37, 0x52, 0x5e, 0xa5, 0xef, 0xd2, - 0xc7, 0xe8, 0xfb, 0x54, 0x6b, 0x7b, 0x11, 0x09, 0xd0, 0xab, 0xf5, 0xcc, 0x7c, 0xf3, 0xcd, 0x27, - 0xcf, 0xb7, 0x86, 0x3d, 0x9d, 0xc9, 0x11, 0x49, 0x91, 0x24, 0xa8, 0x47, 0x84, 0x7a, 0xa9, 0x24, - 0x0e, 0x33, 0x9d, 0x9a, 0x94, 0x75, 0x8c, 0x56, 0xcb, 0xd5, 0xd0, 0x17, 0x87, 0xcb, 0xc3, 0x6e, - 0x58, 0x80, 0x65, 0xba, 0x58, 0xa4, 0xc9, 0x3a, 0xb6, 0xff, 0xa3, 0x02, 0xed, 0x89, 0x14, 0x09, - 0xc7, 0x9b, 0x1c, 0xc9, 0xb0, 0x5d, 0x68, 0x18, 0xa1, 0xe7, 0x68, 0xc2, 0x4a, 0xaf, 0x32, 0x68, - 0x71, 0x1f, 0xb1, 0x27, 0xd0, 0x16, 0xda, 0xa8, 0x2b, 0x21, 0xcd, 0x54, 0x45, 0x61, 0xd5, 0x16, - 0xa1, 0x4c, 0x9d, 0x45, 0x6c, 0x0f, 0x82, 0x59, 0x9c, 0xce, 0xa6, 0x2a, 0xa2, 0xb0, 0xd6, 0xab, - 0x0d, 0x5a, 0xbc, 0x59, 0xc4, 0x67, 0x11, 0xb1, 0x97, 0xd0, 0x4c, 0x33, 0xa3, 0xd2, 0x84, 0xc2, - 0x7a, 0xaf, 0x32, 0x68, 0x8f, 0x0f, 0x86, 0x9b, 0x0a, 0x87, 0x85, 0x86, 0x73, 0x07, 0xe2, 0x25, - 0xba, 0xdf, 0x83, 0xe0, 0x93, 0x92, 0x98, 0x10, 0x12, 0xfb, 0x07, 0xb6, 0x12, 0xb1, 0x40, 0x0a, - 0x2b, 0x96, 0xdc, 0x05, 0xfd, 0x9f, 0x55, 0x27, 0xdf, 0xb7, 0xb2, 0x7d, 0x68, 0x2d, 0xf3, 0x38, - 0x99, 0x9a, 0x55, 0x86, 0x1e, 0x19, 0x14, 0x89, 0xcb, 0x55, 0x86, 0xac, 0x0b, 0x81, 0x9f, 0x48, - 0x61, 0xd5, 0xd5, 0xca, 0x98, 0x49, 0x60, 0xb1, 0x1b, 0x35, 0x95, 0xc2, 0xe0, 0x3c, 0xd5, 0x0a, - 0x0b, 0xb9, 0xb5, 0x41, 0x7b, 0xfc, 0xfc, 0x8f, 0x72, 0x87, 0x5e, 0xe2, 0xf1, 0x6d, 0xdb, 0x69, - 0x62, 0xf4, 0x8a, 0xef, 0xc4, 0x9b, 0x79, 0x36, 0x80, 0x8e, 0x4a, 0x64, 0x9c, 0x47, 0x38, 0x8d, - 0x70, 0x39, 0x8d, 0x30, 0xa3, 0x70, 0xab, 0x57, 0x19, 0x04, 0xfc, 0x6f, 0x9f, 0x3f, 0xc1, 0xe5, - 0x09, 0x66, 0xd4, 0xfd, 0x06, 0xbb, 0x0f, 0xd3, 0xb2, 0x0e, 0xd4, 0xae, 0x71, 0xe5, 0xb7, 0x53, - 0x1c, 0xd9, 0x33, 0xd8, 0x5a, 0x8a, 0x38, 0x47, 0xbb, 0x94, 0xf6, 0xb8, 0x7b, 0x5f, 0x6d, 0x79, - 0x89, 0xdc, 0x01, 0xdf, 0x54, 0x5f, 0x55, 0x3e, 0xd6, 0x83, 0x5a, 0xa7, 0xde, 0x8f, 0xe0, 0x2f, - 0xb7, 0x7d, 0xca, 0xd2, 0x84, 0x90, 0xf5, 0xa0, 0x9a, 0x92, 0x25, 0x6f, 0x8f, 0x3b, 0x9e, 0xc8, - 0xf9, 0x66, 0x78, 0x3e, 0xe1, 0xd5, 0x94, 0xd8, 0x18, 0x9a, 0x1a, 0x29, 0x8f, 0x8d, 0x5b, 0x73, - 0x7b, 0x1c, 0xde, 0x9f, 0xc7, 0x2d, 0x80, 0x97, 0xc0, 0xfe, 0xaf, 0x1a, 0x34, 0x5c, 0xee, 0x51, - 0x7f, 0x9d, 0xc2, 0x76, 0xb1, 0x27, 0xd4, 0x62, 0xa6, 0x62, 0x65, 0x8a, 0xcb, 0xaf, 0x5a, 0xfa, - 0xfd, 0x75, 0x15, 0x5f, 0xee, 0x80, 0x56, 0x7c, 0xb3, 0x87, 0x5d, 0xc2, 0xce, 0x42, 0x91, 0x4c, - 0x93, 0x2b, 0x35, 0xcf, 0xb5, 0x28, 0x4d, 0x57, 0x10, 0x3d, 0x5d, 0x27, 0x3a, 0x41, 0x83, 0xd2, - 0x60, 0xf4, 0x79, 0x03, 0xce, 0xef, 0x13, 0x14, 0xde, 0x93, 0xb1, 0x20, 0x0a, 0x1b, 0x56, 0xb3, - 0x0b, 0x18, 0x83, 0xba, 0xb5, 0x59, 0xcd, 0x26, 0xed, 0x99, 0x1d, 0x42, 0x90, 0x09, 0x79, 0x2d, - 0xe6, 0x58, 0x6c, 0xb6, 0x18, 0xfb, 0xef, 0xfa, 0xd8, 0x0b, 0x57, 0xe5, 0xb7, 0x30, 0xf6, 0x01, - 0x3a, 0x32, 0x27, 0x93, 0x2e, 0xa6, 0x1a, 0x29, 0xcd, 0xb5, 0x44, 0x0a, 0x9b, 0xb6, 0xf5, 0xbf, - 0xf5, 0xd6, 0x63, 0x8b, 0xe2, 0x1e, 0xc4, 0xb7, 0xe5, 0x5a, 0x4c, 0xec, 0x05, 0x34, 0x09, 0xa5, - 0x46, 0x43, 0x61, 0xf0, 0xd0, 0xd5, 0x4d, 0x6c, 0xf1, 0xbd, 0x4a, 0x22, 0x95, 0xcc, 0x79, 0x89, - 0x65, 0xaf, 0x21, 0xf0, 0x4e, 0xa5, 0xb0, 0x65, 0xfb, 0x0e, 0x1e, 0xbe, 0x29, 0xef, 0x22, 0x7e, - 0x0b, 0x1f, 0x5f, 0x40, 0x73, 0xe2, 0xb6, 0xce, 0x4e, 0xa1, 0x5e, 0x1c, 0xd9, 0x23, 0xbf, 0xb6, - 0x7f, 0x5e, 0xba, 0xff, 0x3f, 0x56, 0x76, 0xfe, 0x7b, 0x77, 0xf4, 0xf5, 0x70, 0xae, 0xcc, 0xf7, - 0x7c, 0x56, 0x0c, 0x1f, 0x89, 0x9b, 0x5c, 0x10, 0xca, 0x5c, 0x2b, 0xb3, 0x1a, 0xd9, 0xc6, 0xd1, - 0x9d, 0x57, 0xef, 0xad, 0xff, 0xce, 0x1a, 0xf6, 0x29, 0x3b, 0xfa, 0x1d, 0x00, 0x00, 0xff, 0xff, - 0x2e, 0x74, 0xc8, 0xad, 0x13, 0x05, 0x00, 0x00, + // 650 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x54, 0xcd, 0x6e, 0xdb, 0x38, + 0x10, 0x86, 0x7f, 0x62, 0xcb, 0xe3, 0xc5, 0xc6, 0x21, 0x76, 0x03, 0xc5, 0xd9, 0x6c, 0x0d, 0x1f, + 0x0a, 0x9f, 0xec, 0xc6, 0x69, 0xd1, 0xbf, 0x5b, 0x93, 0xb4, 0x48, 0xd1, 0x22, 0x01, 0x1d, 0xf4, + 0xd0, 0x8b, 0x4b, 0x53, 0x13, 0x95, 0xb0, 0x2c, 0x29, 0x1c, 0xca, 0x80, 0x5f, 0xa5, 0xef, 0xd2, + 0xc7, 0xe8, 0xfb, 0x14, 0x22, 0x25, 0x23, 0x76, 0x92, 0x9e, 0xc4, 0x99, 0xf9, 0xe6, 0x9b, 0x0f, + 0x9c, 0x4f, 0x84, 0x03, 0x9d, 0xca, 0x11, 0x49, 0x11, 0xc7, 0xa8, 0x47, 0x84, 0x7a, 0xa9, 0x24, + 0x0e, 0x53, 0x9d, 0x98, 0x84, 0x75, 0x8c, 0x56, 0xcb, 0xd5, 0xb0, 0x28, 0x0e, 0x97, 0xc7, 0x5d, + 0x3f, 0x07, 0xcb, 0x64, 0xb1, 0x48, 0xe2, 0x4d, 0x6c, 0xff, 0x47, 0x05, 0xda, 0x13, 0x29, 0x62, + 0x8e, 0xb7, 0x19, 0x92, 0x61, 0xfb, 0xd0, 0x30, 0x42, 0x87, 0x68, 0xfc, 0x4a, 0xaf, 0x32, 0x68, + 0xf1, 0x22, 0x62, 0x4f, 0xa0, 0x2d, 0xb4, 0x51, 0x37, 0x42, 0x9a, 0xa9, 0x0a, 0xfc, 0xaa, 0x2d, + 0x42, 0x99, 0xba, 0x08, 0xd8, 0x01, 0x78, 0xb3, 0x28, 0x99, 0x4d, 0x55, 0x40, 0x7e, 0xad, 0x57, + 0x1b, 0xb4, 0x78, 0x33, 0x8f, 0x2f, 0x02, 0x62, 0x2f, 0xa1, 0x99, 0xa4, 0x46, 0x25, 0x31, 0xf9, + 0xf5, 0x5e, 0x65, 0xd0, 0x1e, 0x1f, 0x0d, 0xb7, 0x15, 0x0e, 0x73, 0x0d, 0x97, 0x0e, 0xc4, 0x4b, + 0x74, 0xbf, 0x07, 0xde, 0x27, 0x25, 0x31, 0x26, 0x24, 0xf6, 0x0f, 0xec, 0xc4, 0x62, 0x81, 0xe4, + 0x57, 0x2c, 0xb9, 0x0b, 0xfa, 0x3f, 0xab, 0x4e, 0x7e, 0xd1, 0xca, 0x0e, 0xa1, 0x95, 0xce, 0xc3, + 0xa9, 0x59, 0xa5, 0x6b, 0xa4, 0x97, 0xce, 0xc3, 0xeb, 0x3c, 0x66, 0x5d, 0xf0, 0x8a, 0x89, 0xe4, + 0x57, 0x5d, 0xad, 0x8c, 0x99, 0x04, 0x16, 0xb9, 0x51, 0x53, 0x29, 0x0c, 0x86, 0x89, 0x56, 0x98, + 0xcb, 0xad, 0x0d, 0xda, 0xe3, 0xe7, 0x7f, 0x94, 0x3b, 0x2c, 0x24, 0x9e, 0xae, 0xdb, 0xce, 0x63, + 0xa3, 0x57, 0x7c, 0x2f, 0xda, 0xce, 0xb3, 0x01, 0x74, 0x54, 0x2c, 0xa3, 0x2c, 0xc0, 0x69, 0x80, + 0xcb, 0x69, 0x80, 0x29, 0xf9, 0x3b, 0xbd, 0xca, 0xc0, 0xe3, 0x7f, 0x17, 0xf9, 0x33, 0x5c, 0x9e, + 0x61, 0x4a, 0xdd, 0x6f, 0xb0, 0xff, 0x30, 0x2d, 0xeb, 0x40, 0x6d, 0x8e, 0xab, 0x62, 0x3b, 0xf9, + 0x91, 0x3d, 0x83, 0x9d, 0xa5, 0x88, 0x32, 0xb4, 0x4b, 0x69, 0x8f, 0xbb, 0xf7, 0xd5, 0x96, 0x97, + 0xc8, 0x1d, 0xf0, 0x4d, 0xf5, 0x55, 0xe5, 0x63, 0xdd, 0xab, 0x75, 0xea, 0xfd, 0x00, 0xfe, 0x72, + 0xdb, 0xa7, 0x34, 0x89, 0x09, 0x59, 0x0f, 0xaa, 0x09, 0x59, 0xf2, 0xf6, 0xb8, 0x53, 0x10, 0x39, + 0xdf, 0x0c, 0x2f, 0x27, 0xbc, 0x9a, 0x10, 0x1b, 0x43, 0x53, 0x23, 0x65, 0x91, 0x71, 0x6b, 0x6e, + 0x8f, 0xfd, 0xfb, 0xf3, 0xb8, 0x05, 0xf0, 0x12, 0xd8, 0xff, 0x55, 0x83, 0x86, 0xcb, 0x3d, 0xea, + 0xaf, 0x73, 0xd8, 0x5d, 0x66, 0x51, 0x8c, 0x5a, 0xcc, 0x54, 0xa4, 0x4c, 0x7e, 0xf9, 0x55, 0x4b, + 0x7f, 0xb8, 0xa9, 0xe2, 0xcb, 0x1d, 0xd0, 0x8a, 0x6f, 0xf7, 0xb0, 0x6b, 0xd8, 0x5b, 0x28, 0x92, + 0x49, 0x7c, 0xa3, 0xc2, 0x4c, 0x8b, 0xd2, 0x74, 0x39, 0xd1, 0xd3, 0x4d, 0xa2, 0x33, 0x34, 0x28, + 0x0d, 0x06, 0x9f, 0xb7, 0xe0, 0xfc, 0x3e, 0x41, 0xee, 0x3d, 0x19, 0x09, 0x22, 0xbf, 0x61, 0x35, + 0xbb, 0x80, 0x31, 0xa8, 0xe7, 0x3e, 0xf3, 0x6b, 0x36, 0x69, 0xcf, 0xec, 0x18, 0xbc, 0x54, 0xc8, + 0xb9, 0x08, 0x31, 0xdf, 0x6c, 0x3e, 0xf6, 0xdf, 0xcd, 0xb1, 0x57, 0xae, 0xca, 0xd7, 0x30, 0xf6, + 0x01, 0x3a, 0x32, 0x23, 0x93, 0x2c, 0xa6, 0x1a, 0x29, 0xc9, 0xb4, 0x44, 0xf2, 0x9b, 0xb6, 0xf5, + 0xbf, 0xcd, 0xd6, 0x53, 0x8b, 0xe2, 0x05, 0x88, 0xef, 0xca, 0x8d, 0x98, 0xd8, 0x0b, 0x68, 0x12, + 0x4a, 0x8d, 0x86, 0x7c, 0xef, 0xa1, 0xab, 0x9b, 0xd8, 0xe2, 0x7b, 0x15, 0x07, 0x2a, 0x0e, 0x79, + 0x89, 0x65, 0xaf, 0xc1, 0x2b, 0x9c, 0x4a, 0x7e, 0xcb, 0xf6, 0x1d, 0x3d, 0x7c, 0x53, 0x85, 0x8b, + 0xf8, 0x1a, 0x3e, 0xbe, 0x82, 0xe6, 0xc4, 0x6d, 0x9d, 0x9d, 0x43, 0x3d, 0x3f, 0xb2, 0x47, 0x7e, + 0xed, 0xe2, 0x79, 0xe9, 0xfe, 0xff, 0x58, 0xd9, 0xf9, 0xef, 0xdd, 0xc9, 0xd7, 0xe3, 0x50, 0x99, + 0xef, 0xd9, 0x2c, 0x1f, 0x3e, 0x12, 0xb7, 0x99, 0x20, 0x94, 0x99, 0x56, 0x66, 0x35, 0xb2, 0x8d, + 0xa3, 0x3b, 0xaf, 0xde, 0xdb, 0xe2, 0x3b, 0x6b, 0xd8, 0xa7, 0xec, 0xe4, 0x77, 0x00, 0x00, 0x00, + 0xff, 0xff, 0x50, 0x58, 0x22, 0xc7, 0x13, 0x05, 0x00, 0x00, }