refactor: re-define module structs for serialization (#6655)

Signed-off-by: knqyf263 <knqyf263@gmail.com>

examples/module/spring4shell/spring4shell.go

@@ -15,7 +15,6 @@ import (
 	"github.com/aquasecurity/trivy/pkg/module/api"
 	"github.com/aquasecurity/trivy/pkg/module/serialize"
 	"github.com/aquasecurity/trivy/pkg/module/wasm"
-	"github.com/aquasecurity/trivy/pkg/types"
 )
 
 const (
@@ -226,7 +225,7 @@ func (Spring4Shell) PostScan(results serialize.Results) (serialize.Results, erro
 	var javaMajorVersion int
 	var tomcatVersion string
 	for _, result := range results {
-		if result.Class != types.ClassCustom {
+		if result.Class != "custom" {
 			continue
 		}
 

pkg/module/module.go

@@ -481,15 +481,15 @@ func (m *wasmModule) Analyze(ctx context.Context, input analyzer.AnalysisInput)
 // e.g. Remove a vulnerability, change severity, etc.
 func (m *wasmModule) PostScan(ctx context.Context, results types.Results) (types.Results, error) {
 	// Find custom resources
-	var custom serialize.Result
+	var custom types.Result
 	for _, result := range results {
 		if result.Class == types.ClassCustom {
-			custom = serialize.Result(result)
+			custom = result
 			break
 		}
 	}
 
-	arg := serialize.Results{custom}
+	arg := types.Results{custom}
 	switch m.postScanSpec.Action {
 	case tapi.ActionUpdate, tapi.ActionDelete:
 		// Pass the relevant results to the module
@@ -529,8 +529,8 @@ func (m *wasmModule) PostScan(ctx context.Context, results types.Results) (types
 	return results, nil
 }
 
-func findIDs(ids []string, results types.Results) serialize.Results {
+func findIDs(ids []string, results types.Results) types.Results {
-	var filtered serialize.Results
+	var filtered types.Results
 	for _, result := range results {
 		if result.Class == types.ClassCustom {
 			continue
@@ -542,7 +542,7 @@ func findIDs(ids []string, results types.Results) serialize.Results {
 			return slices.Contains(ids, m.ID)
 		})
 		if len(vulns) > 0 || len(misconfs) > 0 {
-			filtered = append(filtered, serialize.Result{
+			filtered = append(filtered, types.Result{
 				Target:            result.Target,
 				Class:             result.Class,
 				Type:              result.Type,

pkg/module/serialize/types.go

@@ -1,7 +1,7 @@
 package serialize
 
 import (
-	"github.com/aquasecurity/trivy/pkg/types"
+	"github.com/aquasecurity/trivy-db/pkg/types"
 )
 
 type StringSlice []string
@@ -39,4 +39,98 @@ type PostScanSpec struct {
 
 type Results []Result
 
-type Result types.Result
+// Result re-defines the Result struct from 'pkg/types/' so TinyGo can compile the code.
+// See https://github.com/aquasecurity/trivy/issues/6654 for more details.
+type Result struct {
+	Target          string                  `json:"Target"`
+	Class           string                  `json:"Class,omitempty"`
+	Type            string                  `json:"Type,omitempty"`
+	Vulnerabilities []DetectedVulnerability `json:"Vulnerabilities,omitempty"`
+	CustomResources []CustomResource        `json:"CustomResources,omitempty"`
+}
+
+type DetectedVulnerability struct {
+	VulnerabilityID  string         `json:",omitempty"`
+	VendorIDs        []string       `json:",omitempty"`
+	PkgID            string         `json:",omitempty"`
+	PkgName          string         `json:",omitempty"`
+	PkgPath          string         `json:",omitempty"`
+	InstalledVersion string         `json:",omitempty"`
+	FixedVersion     string         `json:",omitempty"`
+	Status           types.Status   `json:",omitempty"`
+	Layer            Layer          `json:",omitempty"`
+	SeveritySource   types.SourceID `json:",omitempty"`
+	PrimaryURL       string         `json:",omitempty"`
+
+	// DataSource holds where the advisory comes from
+	DataSource *types.DataSource `json:",omitempty"`
+
+	// Custom is for extensibility and not supposed to be used in OSS
+	Custom interface{} `json:",omitempty"`
+
+	// Embed vulnerability details
+	types.Vulnerability
+}
+
+type DetectedMisconfiguration struct {
+	Type          string        `json:",omitempty"`
+	ID            string        `json:",omitempty"`
+	AVDID         string        `json:",omitempty"`
+	Title         string        `json:",omitempty"`
+	Description   string        `json:",omitempty"`
+	Message       string        `json:",omitempty"`
+	Namespace     string        `json:",omitempty"`
+	Query         string        `json:",omitempty"`
+	Resolution    string        `json:",omitempty"`
+	Severity      string        `json:",omitempty"`
+	PrimaryURL    string        `json:",omitempty"`
+	References    []string      `json:",omitempty"`
+	Status        string        `json:",omitempty"`
+	Layer         Layer         `json:",omitempty"`
+	CauseMetadata CauseMetadata `json:",omitempty"`
+
+	// For debugging
+	Traces []string `json:",omitempty"`
+}
+
+type CauseMetadata struct {
+	Resource    string       `json:",omitempty"`
+	Provider    string       `json:",omitempty"`
+	Service     string       `json:",omitempty"`
+	StartLine   int          `json:",omitempty"`
+	EndLine     int          `json:",omitempty"`
+	Code        Code         `json:",omitempty"`
+	Occurrences []Occurrence `json:",omitempty"`
+}
+
+type Occurrence struct {
+	Resource string `json:",omitempty"`
+	Filename string `json:",omitempty"`
+	Location Location
+}
+
+type Location struct {
+	StartLine int `json:",omitempty"`
+	EndLine   int `json:",omitempty"`
+}
+
+type Code struct {
+	Lines []Line
+}
+
+type Line struct {
+	Number      int    `json:"Number"`
+	Content     string `json:"Content"`
+	IsCause     bool   `json:"IsCause"`
+	Annotation  string `json:"Annotation"`
+	Truncated   bool   `json:"Truncated"`
+	Highlighted string `json:"Highlighted,omitempty"`
+	FirstCause  bool   `json:"FirstCause"`
+	LastCause   bool   `json:"LastCause"`
+}
+
+type Layer struct {
+	Digest    string `json:",omitempty"`
+	DiffID    string `json:",omitempty"`
+	CreatedBy string `json:",omitempty"`
+}