google · cuixq · May 15, 2024 · May 17, 2024 · cuixq · May 15, 2024
diff --git a/cmd/osv-scanner/main.go b/cmd/osv-scanner/main.go
@@ -9,8 +9,8 @@ import (
 	"github.com/google/osv-scanner/cmd/osv-scanner/fix"
 	"github.com/google/osv-scanner/cmd/osv-scanner/scan"
 	"github.com/google/osv-scanner/cmd/osv-scanner/update"
+	"github.com/google/osv-scanner/internal/useragent"
 	"github.com/google/osv-scanner/internal/version"
-	"github.com/google/osv-scanner/pkg/osv"
 	"github.com/google/osv-scanner/pkg/osvscanner"
 	"github.com/google/osv-scanner/pkg/reporter"
 
@@ -30,7 +30,7 @@ func run(args []string, stdout, stderr io.Writer) int {
 		r.Infof("osv-scanner version: %s\ncommit: %s\nbuilt at: %s\n", ctx.App.Version, commit, date)
 	}
 
-	osv.RequestUserAgent = "osv-scanner/" + version.OSVVersion
+	useragent.RequestUserAgent = "osv-scanner/" + version.OSVVersion
 
 	app := &cli.App{
 		Name:           "osv-scanner",

diff --git a/internal/local/zip.go b/internal/local/zip.go
@@ -16,10 +16,10 @@ import (
 	"path"
 	"strings"
 
+	"github.com/google/osv-scanner/internal/useragent"
 	"github.com/google/osv-scanner/internal/utility/vulns"
 	"github.com/google/osv-scanner/pkg/lockfile"
 	"github.com/google/osv-scanner/pkg/models"
-	"github.com/google/osv-scanner/pkg/osv"
 )
 
 type ZipDB struct {
@@ -104,8 +104,8 @@ func (db *ZipDB) fetchZip() ([]byte, error) {
 		return nil, fmt.Errorf("could not retrieve OSV database archive: %w", err)
 	}
 
-	if osv.RequestUserAgent != "" {
-		req.Header.Set("User-Agent", osv.RequestUserAgent)
+	if useragent.RequestUserAgent != "" {
+		req.Header.Set("User-Agent", useragent.RequestUserAgent)
 	}
 
 	resp, err := http.DefaultClient.Do(req)

diff --git a/internal/resolution/client/npm_registry_client.go b/internal/resolution/client/npm_registry_client.go
@@ -14,8 +14,8 @@ import (
 	"deps.dev/util/resolve/dep"
 	"deps.dev/util/semver"
 	"github.com/google/osv-scanner/internal/resolution/datasource"
+	"github.com/google/osv-scanner/internal/useragent"
 	"github.com/google/osv-scanner/pkg/depsdev"
-	"github.com/google/osv-scanner/pkg/osv"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 )
@@ -43,8 +43,8 @@ func NewNpmRegistryClient(workdir string) (*NpmRegistryClient, error) {
 	creds := credentials.NewClientTLSFromCert(certPool, "")
 	dialOpts := []grpc.DialOption{grpc.WithTransportCredentials(creds)}
 
-	if osv.RequestUserAgent != "" {
-		dialOpts = append(dialOpts, grpc.WithUserAgent(osv.RequestUserAgent))
+	if useragent.RequestUserAgent != "" {
+		dialOpts = append(dialOpts, grpc.WithUserAgent(useragent.RequestUserAgent))
 	}
 
 	conn, err := grpc.Dial(depsdev.DepsdevAPI, dialOpts...)

diff --git a/internal/resolution/datasource/depsdev_api.go b/internal/resolution/datasource/depsdev_api.go
@@ -8,7 +8,7 @@ import (
 	"time"
 
 	pb "deps.dev/api/v3"
-	"github.com/google/osv-scanner/pkg/osv"
+	"github.com/google/osv-scanner/internal/useragent"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 )
@@ -60,8 +60,8 @@ func NewDepsDevAPIClient(addr string) (*DepsDevAPIClient, error) {
 	creds := credentials.NewClientTLSFromCert(certPool, "")
 	dialOpts := []grpc.DialOption{grpc.WithTransportCredentials(creds)}
 
-	if osv.RequestUserAgent != "" {
-		dialOpts = append(dialOpts, grpc.WithUserAgent(osv.RequestUserAgent))
+	if useragent.RequestUserAgent != "" {
+		dialOpts = append(dialOpts, grpc.WithUserAgent(useragent.RequestUserAgent))
 	}
 
 	conn, err := grpc.Dial(addr, dialOpts...)

diff --git a/internal/useragent/useragent.go b/internal/useragent/useragent.go
@@ -0,0 +1,3 @@
+package useragent
+
+var RequestUserAgent = ""
diff --git a/pkg/depsdev/license.go b/pkg/depsdev/license.go
@@ -5,9 +5,9 @@ import (
 	"crypto/x509"
 	"fmt"
 
+	"github.com/google/osv-scanner/internal/useragent"
 	"github.com/google/osv-scanner/pkg/lockfile"
 	"github.com/google/osv-scanner/pkg/models"
-	"github.com/google/osv-scanner/pkg/osv"
 
 	depsdevpb "deps.dev/api/v3"
 	"golang.org/x/sync/errgroup"
@@ -63,8 +63,8 @@ func MakeVersionRequestsWithContext(ctx context.Context, queries []*depsdevpb.Ge
 	creds := credentials.NewClientTLSFromCert(certPool, "")
 	dialOpts := []grpc.DialOption{grpc.WithTransportCredentials(creds)}
 
-	if osv.RequestUserAgent != "" {
-		dialOpts = append(dialOpts, grpc.WithUserAgent(osv.RequestUserAgent))
+	if useragent.RequestUserAgent != "" {
+		dialOpts = append(dialOpts, grpc.WithUserAgent(useragent.RequestUserAgent))
 	}
 
 	conn, err := grpc.Dial(DepsdevAPI, dialOpts...)

diff --git a/pkg/osv/osv.go b/pkg/osv/osv.go
@@ -11,6 +11,7 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/google/osv-scanner/internal/useragent"
 	"github.com/google/osv-scanner/pkg/lockfile"
 	"github.com/google/osv-scanner/pkg/models"
 	"golang.org/x/sync/semaphore"
@@ -34,8 +35,6 @@ const (
 	jitterMultiplier = 2
 )
 
-var RequestUserAgent = ""
-
 // Package represents a package identifier for OSV.
 type Package struct {
 	PURL      string `json:"purl,omitempty"`
@@ -198,8 +197,8 @@ func MakeRequestWithClient(request BatchedQuery, client *http.Client) (*BatchedR
 				return nil, err
 			}
 			req.Header.Set("Content-Type", "application/json")
-			if RequestUserAgent != "" {
-				req.Header.Set("User-Agent", RequestUserAgent)
+			if useragent.RequestUserAgent != "" {
+				req.Header.Set("User-Agent", useragent.RequestUserAgent)
 			}
 
 			return client.Do(req)
@@ -237,8 +236,8 @@ func GetWithClient(id string, client *http.Client) (*models.Vulnerability, error
 		if err != nil {
 			return nil, err
 		}
-		if RequestUserAgent != "" {
-			req.Header.Set("User-Agent", RequestUserAgent)
+		if useragent.RequestUserAgent != "" {
+			req.Header.Set("User-Agent", useragent.RequestUserAgent)
 		}
 
 		return client.Do(req)
@@ -364,8 +363,8 @@ func MakeDetermineVersionRequest(name string, hashes []DetermineVersionHash) (*D
 			return nil, err
 		}
 		req.Header.Set("Content-Type", "application/json")
-		if RequestUserAgent != "" {
-			req.Header.Set("User-Agent", RequestUserAgent)
+		if useragent.RequestUserAgent != "" {
+			req.Header.Set("User-Agent", useragent.RequestUserAgent)
 		}
 
 		return http.DefaultClient.Do(req)

diff --git a/pkg/osvscanner/osvscanner.go b/pkg/osvscanner/osvscanner.go
@@ -18,6 +18,7 @@ import (
 	"github.com/google/osv-scanner/internal/output"
 	"github.com/google/osv-scanner/internal/sbom"
 	"github.com/google/osv-scanner/internal/semantic"
+	"github.com/google/osv-scanner/internal/useragent"
 	"github.com/google/osv-scanner/internal/version"
 	"github.com/google/osv-scanner/pkg/config"
 	"github.com/google/osv-scanner/pkg/depsdev"
@@ -970,8 +971,8 @@ func makeRequest(
 		return hydratedResp, nil
 	}
 
-	if osv.RequestUserAgent == "" {
-		osv.RequestUserAgent = "osv-scanner-api_v" + version.OSVVersion
+	if useragent.RequestUserAgent == "" {
+		useragent.RequestUserAgent = "osv-scanner-api_v" + version.OSVVersion
 	}
 
 	resp, err := osv.MakeRequest(query)