diff --git a/examples/misconf/go-testing/go.sum b/examples/misconf/go-testing/go.sum index d221ee6534..40d4cd16a1 100644 --- a/examples/misconf/go-testing/go.sum +++ b/examples/misconf/go-testing/go.sum @@ -694,9 +694,6 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/liamg/clinch v1.5.6/go.mod h1:IXM+nLBuZ5sOQAYYf9+G51nkaA0WY9cszxE5nPXexhE= -github.com/liamg/tml v0.3.0/go.mod h1:0h4EAV/zBOsqI91EWONedjRpO8O0itjGJVd+wG5eC+E= -github.com/liamg/tml v0.4.0/go.mod h1:0h4EAV/zBOsqI91EWONedjRpO8O0itjGJVd+wG5eC+E= github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= diff --git a/examples/module/spring4shell/spring4shell.go b/examples/module/spring4shell/spring4shell.go index 8d8af679b6..8d7d18ab65 100644 --- a/examples/module/spring4shell/spring4shell.go +++ b/examples/module/spring4shell/spring4shell.go @@ -138,88 +138,90 @@ func (Spring4Shell) PostScanSpec() serialize.PostScanSpec { // // Example input: // [ -// { -// "Target": "", -// "Class": "custom", -// "CustomResources": [ -// { -// "Type": "spring4shell/java-major-version", -// "FilePath": "/usr/local/openjdk-8/release", -// "Layer": { -// "Digest": "sha256:d7b564a873af313eb2dbcb1ed0d393c57543e3666bdedcbe5d75841d72b1f791", -// "DiffID": "sha256:ba40706eccba610401e4942e29f50bdf36807f8638942ce20805b359ae3ac1c1" -// }, -// "Data": "1.8.0_322" -// }, -// { -// "Type": "spring4shell/tomcat-version", -// "FilePath": "/usr/local/tomcat/RELEASE-NOTES", -// "Layer": { -// "Digest": "sha256:59c0978ccb117247fd40d936973c40df89195f60466118c5acc6a55f8ba29f06", -// "DiffID": "sha256:85595543df2b1115a18284a8ef62d0b235c4bc29e3d33b55f89b54ee1eadf4c6" -// }, -// "Data": "8.5.77" -// } -// ] -// }, -// { -// "Target": "Java", -// "Class": "lang-pkgs", -// "Type": "jar", -// "Vulnerabilities": [ -// { -// "VulnerabilityID": "CVE-2022-22965", -// "PkgName": "org.springframework.boot:spring-boot", -// "PkgPath": "usr/local/tomcat/webapps/helloworld.war", -// "InstalledVersion": "2.6.3", -// "FixedVersion": "2.5.12, 2.6.6", -// "Layer": { -// "Digest": "sha256:cc44af318e91e6f9f9bf73793fa4f0639487613f46aa1f819b02b6e8fb5c6c07", -// "DiffID": "sha256:eb769943b91f10a0418f2fc3b4a4fde6c6293be60c37293fcc0fa319edaf27a5" -// }, -// "SeveritySource": "nvd", -// "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-22965", -// "DataSource": { -// "ID": "glad", -// "Name": "GitLab Advisory Database Community", -// "URL": "https://gitlab.com/gitlab-org/advisories-community" -// }, -// "Title": "spring-framework: RCE via Data Binding on JDK 9+", -// "Description": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.", -// "Severity": "CRITICAL", -// "CweIDs": [ -// "CWE-94" -// ], -// "VendorSeverity": { -// "ghsa": 4, -// "nvd": 4, -// "redhat": 3 -// }, -// "CVSS": { -// "ghsa": { -// "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", -// "V3Score": 9.8 -// }, -// "nvd": { -// "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", -// "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", -// "V2Score": 7.5, -// "V3Score": 9.8 -// }, -// "redhat": { -// "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", -// "V3Score": 8.1 -// } -// }, -// "References": [ -// "https://github.com/advisories/GHSA-36p3-wjmg-h94x" -// ], -// "PublishedDate": "2022-04-01T23:15:00Z", -// "LastModifiedDate": "2022-05-19T14:21:00Z" -// } -// ] -// } -//] +// +// { +// "Target": "", +// "Class": "custom", +// "CustomResources": [ +// { +// "Type": "spring4shell/java-major-version", +// "FilePath": "/usr/local/openjdk-8/release", +// "Layer": { +// "Digest": "sha256:d7b564a873af313eb2dbcb1ed0d393c57543e3666bdedcbe5d75841d72b1f791", +// "DiffID": "sha256:ba40706eccba610401e4942e29f50bdf36807f8638942ce20805b359ae3ac1c1" +// }, +// "Data": "1.8.0_322" +// }, +// { +// "Type": "spring4shell/tomcat-version", +// "FilePath": "/usr/local/tomcat/RELEASE-NOTES", +// "Layer": { +// "Digest": "sha256:59c0978ccb117247fd40d936973c40df89195f60466118c5acc6a55f8ba29f06", +// "DiffID": "sha256:85595543df2b1115a18284a8ef62d0b235c4bc29e3d33b55f89b54ee1eadf4c6" +// }, +// "Data": "8.5.77" +// } +// ] +// }, +// { +// "Target": "Java", +// "Class": "lang-pkgs", +// "Type": "jar", +// "Vulnerabilities": [ +// { +// "VulnerabilityID": "CVE-2022-22965", +// "PkgName": "org.springframework.boot:spring-boot", +// "PkgPath": "usr/local/tomcat/webapps/helloworld.war", +// "InstalledVersion": "2.6.3", +// "FixedVersion": "2.5.12, 2.6.6", +// "Layer": { +// "Digest": "sha256:cc44af318e91e6f9f9bf73793fa4f0639487613f46aa1f819b02b6e8fb5c6c07", +// "DiffID": "sha256:eb769943b91f10a0418f2fc3b4a4fde6c6293be60c37293fcc0fa319edaf27a5" +// }, +// "SeveritySource": "nvd", +// "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-22965", +// "DataSource": { +// "ID": "glad", +// "Name": "GitLab Advisory Database Community", +// "URL": "https://gitlab.com/gitlab-org/advisories-community" +// }, +// "Title": "spring-framework: RCE via Data Binding on JDK 9+", +// "Description": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.", +// "Severity": "CRITICAL", +// "CweIDs": [ +// "CWE-94" +// ], +// "VendorSeverity": { +// "ghsa": 4, +// "nvd": 4, +// "redhat": 3 +// }, +// "CVSS": { +// "ghsa": { +// "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", +// "V3Score": 9.8 +// }, +// "nvd": { +// "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", +// "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", +// "V2Score": 7.5, +// "V3Score": 9.8 +// }, +// "redhat": { +// "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", +// "V3Score": 8.1 +// } +// }, +// "References": [ +// "https://github.com/advisories/GHSA-36p3-wjmg-h94x" +// ], +// "PublishedDate": "2022-04-01T23:15:00Z", +// "LastModifiedDate": "2022-05-19T14:21:00Z" +// } +// ] +// } +// +// ] func (Spring4Shell) PostScan(results serialize.Results) (serialize.Results, error) { var javaMajorVersion int var tomcatVersion string diff --git a/go.mod b/go.mod index 09319a1e6c..97da246d68 100644 --- a/go.mod +++ b/go.mod @@ -14,8 +14,11 @@ require ( github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46 github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 + github.com/aquasecurity/loading v0.0.5 + github.com/aquasecurity/memoryfs v1.4.4 github.com/aquasecurity/table v1.8.0 github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516 + github.com/aquasecurity/tml v0.6.1 github.com/aquasecurity/trivy-db v0.0.0-20220627104749-930461748b63 github.com/aquasecurity/trivy-kubernetes v0.3.1-0.20221021174315-8d74450b4506 github.com/aws/aws-sdk-go v1.44.114 @@ -45,9 +48,6 @@ require ( github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d github.com/knqyf263/go-rpm-version v0.0.0-20220614171824-631e686d1075 github.com/kylelemons/godebug v1.1.0 - github.com/liamg/loading v0.0.4 - github.com/liamg/memoryfs v1.4.3 - github.com/liamg/tml v0.6.0 github.com/mailru/easyjson v0.7.7 github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08 github.com/mitchellh/hashstructure/v2 v2.0.2 @@ -135,6 +135,9 @@ require ( github.com/googleapis/enterprise-certificate-proxy v0.1.0 // indirect github.com/googleapis/go-type-adapters v1.0.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect + github.com/liamg/iamgo v0.0.9 // indirect + github.com/liamg/jfather v0.0.7 // indirect + github.com/liamg/memoryfs v1.4.3 // indirect github.com/oklog/ulid v1.3.1 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect github.com/pelletier/go-toml/v2 v2.0.5 // indirect @@ -260,8 +263,6 @@ require ( github.com/knqyf263/nested v0.0.1 github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect - github.com/liamg/iamgo v0.0.9 // indirect - github.com/liamg/jfather v0.0.7 // indirect github.com/lib/pq v1.10.6 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/magiconair/properties v1.8.6 // indirect diff --git a/go.sum b/go.sum index b2d549c056..b3a9e729f2 100644 --- a/go.sum +++ b/go.sum @@ -206,10 +206,16 @@ github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46/go. github.com/aquasecurity/go-version v0.0.0-20201107203531-5e48ac5d022a/go.mod h1:9Beu8XsUNNfzml7WBf3QmyPToP1wm1Gj/Vc5UJKqTzU= github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 h1:rcEG5HI490FF0a7zuvxOxen52ddygCfNVjP0XOCMl+M= github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492/go.mod h1:9Beu8XsUNNfzml7WBf3QmyPToP1wm1Gj/Vc5UJKqTzU= +github.com/aquasecurity/loading v0.0.5 h1:2iq02sPSSMU+ULFPmk0v0lXnK/eZ2e0dRAj/Dl5TvuM= +github.com/aquasecurity/loading v0.0.5/go.mod h1:NSHeeq1JTDTFuXAe87q4yQ2DX57pXiaQMqq8Zm9HCJA= +github.com/aquasecurity/memoryfs v1.4.4 h1:HdkShi6jjKZLAgQ+6/CXXDB/zwH2hAMp2oklo9w5t7A= +github.com/aquasecurity/memoryfs v1.4.4/go.mod h1:kLxvGxhdyG0zmlFUJB6VAkLn4WRPOycLW/UYO6dspao= github.com/aquasecurity/table v1.8.0 h1:9ntpSwrUfjrM6/YviArlx/ZBGd6ix8W+MtojQcM7tv0= github.com/aquasecurity/table v1.8.0/go.mod h1:eqOmvjjB7AhXFgFqpJUEE/ietg7RrMSJZXyTN8E/wZw= github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516 h1:moQmzbpLo5dxHQCyEhqzizsDSNrNhn/7uRTCZzo4A1o= github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516/go.mod h1:gTd97VdQ0rg8Mkiic3rPgNOQdprZ7feTAhiD5mGQjgM= +github.com/aquasecurity/tml v0.6.1 h1:y2ZlGSfrhnn7t4ZJ/0rotuH+v5Jgv6BDDO5jB6A9gwo= +github.com/aquasecurity/tml v0.6.1/go.mod h1:OnYMWY5lvI9ejU7yH9LCberWaaTBW7hBFsITiIMY2yY= github.com/aquasecurity/trivy-db v0.0.0-20220627104749-930461748b63 h1:hgGD7zqlNe6sWJZPFFv1Z6T1EuYW8XD/hqx/dxjNp3Q= github.com/aquasecurity/trivy-db v0.0.0-20220627104749-930461748b63/go.mod h1:/nULgnDeq/JMPMVwE1dmf4kWlYn++7VrM3O2naj4BHA= github.com/aquasecurity/trivy-kubernetes v0.3.1-0.20221021174315-8d74450b4506 h1:maijOWmI5Ec/R7V0wpXoqvQC7fTjQD+PbDktKIK1VXs= @@ -1106,12 +1112,8 @@ github.com/liamg/iamgo v0.0.9 h1:tADGm3xVotyRJmuKKaH4+zsBn7LOcvgdpuF3WsSKW3c= github.com/liamg/iamgo v0.0.9/go.mod h1:Kk6ZxBF/GQqG9nnaUjIi6jf+WXNpeOTyhwc6gnguaZQ= github.com/liamg/jfather v0.0.7 h1:Xf78zS263yfT+xr2VSo6+kyAy4ROlCacRqJG7s5jt4k= github.com/liamg/jfather v0.0.7/go.mod h1:xXBGiBoiZ6tmHhfy5Jzw8sugzajwYdi6VosIpB3/cPM= -github.com/liamg/loading v0.0.4 h1:i3+8cxqCbwVnz6RLqRZG4zHPKnY31T6NfM0h48mucvg= -github.com/liamg/loading v0.0.4/go.mod h1:MpUOigKhyrByiW/te5JtMB9/f2MbZ4ZDk4wjorOwlpI= github.com/liamg/memoryfs v1.4.3 h1:+ChjcuPRYpjJSulD13PXDNR3JeJ5HUYKjLHyWVK0bqU= github.com/liamg/memoryfs v1.4.3/go.mod h1:z7mfqXFQS8eSeBBsFjYLlxYRMRyiPktytvYCYTb3BSk= -github.com/liamg/tml v0.6.0 h1:yOC/Q9p9Io3J11U9LdYVIwpRTnTE1GPMNFLrygkmE2Y= -github.com/liamg/tml v0.6.0/go.mod h1:0h4EAV/zBOsqI91EWONedjRpO8O0itjGJVd+wG5eC+E= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.10.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lib/pq v1.10.6 h1:jbk+ZieJ0D7EVGJYpL9QTz7/YW6UHbmdnZWYyK5cdBs= diff --git a/pkg/cloud/aws/commands/run_test.go b/pkg/cloud/aws/commands/run_test.go index 27f12bea2b..b927f8daaf 100644 --- a/pkg/cloud/aws/commands/run_test.go +++ b/pkg/cloud/aws/commands/run_test.go @@ -3,14 +3,16 @@ package commands import ( "bytes" "context" - dbTypes "github.com/aquasecurity/trivy-db/pkg/types" - "github.com/aquasecurity/trivy/pkg/flag" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" "os" "path/filepath" "testing" "time" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" + "github.com/aquasecurity/trivy/pkg/flag" ) func Test_Run(t *testing.T) { diff --git a/pkg/cloud/aws/scanner/progress.go b/pkg/cloud/aws/scanner/progress.go index 57bffa8c3e..243e6eb47f 100644 --- a/pkg/cloud/aws/scanner/progress.go +++ b/pkg/cloud/aws/scanner/progress.go @@ -4,7 +4,7 @@ import ( "fmt" "os" - "github.com/liamg/loading/pkg/bar" + "github.com/aquasecurity/loading/pkg/bar" ) type progressTracker struct { diff --git a/pkg/cloud/report/report.go b/pkg/cloud/report/report.go index 2e5a95ee03..a7fbd3f082 100644 --- a/pkg/cloud/report/report.go +++ b/pkg/cloud/report/report.go @@ -8,7 +8,7 @@ import ( ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" - "github.com/liamg/tml" + "github.com/aquasecurity/tml" "github.com/aquasecurity/trivy/pkg/flag" diff --git a/pkg/cloud/report/resource.go b/pkg/cloud/report/resource.go index 27dd83b111..999c7cae24 100644 --- a/pkg/cloud/report/resource.go +++ b/pkg/cloud/report/resource.go @@ -6,7 +6,7 @@ import ( "sort" "strconv" - "github.com/liamg/tml" + "github.com/aquasecurity/tml" "golang.org/x/term" diff --git a/pkg/cloud/report/result.go b/pkg/cloud/report/result.go index e7ff103845..929fc0d1ec 100644 --- a/pkg/cloud/report/result.go +++ b/pkg/cloud/report/result.go @@ -4,7 +4,7 @@ import ( "fmt" "io" - "github.com/liamg/tml" + "github.com/aquasecurity/tml" renderer "github.com/aquasecurity/trivy/pkg/report/table" diff --git a/pkg/cloud/report/service.go b/pkg/cloud/report/service.go index f334418a5a..f52fbedb4d 100644 --- a/pkg/cloud/report/service.go +++ b/pkg/cloud/report/service.go @@ -7,7 +7,7 @@ import ( "strconv" "time" - "github.com/liamg/tml" + "github.com/aquasecurity/tml" "github.com/aquasecurity/table" pkgReport "github.com/aquasecurity/trivy/pkg/report/table" diff --git a/pkg/commands/artifact/wire_gen.go b/pkg/commands/artifact/wire_gen.go index 01388f187b..3bcdf164c6 100644 --- a/pkg/commands/artifact/wire_gen.go +++ b/pkg/commands/artifact/wire_gen.go @@ -8,6 +8,7 @@ package artifact import ( "context" + "github.com/aquasecurity/trivy-db/pkg/db" "github.com/aquasecurity/trivy/pkg/detector/ospkg" "github.com/aquasecurity/trivy/pkg/fanal/applier" diff --git a/pkg/detector/ospkg/redhat/redhat_test.go b/pkg/detector/ospkg/redhat/redhat_test.go index 2c98f29363..04720e4d2e 100644 --- a/pkg/detector/ospkg/redhat/redhat_test.go +++ b/pkg/detector/ospkg/redhat/redhat_test.go @@ -8,6 +8,8 @@ import ( "github.com/stretchr/testify/require" fake "k8s.io/utils/clock/testing" + "github.com/stretchr/testify/assert" + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" "github.com/aquasecurity/trivy/pkg/dbtest" @@ -15,7 +17,6 @@ import ( ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/types" - "github.com/stretchr/testify/assert" ) func TestMain(m *testing.M) { diff --git a/pkg/fanal/analyzer/language/c/conan/conan_test.go b/pkg/fanal/analyzer/language/c/conan/conan_test.go index 9e4cf9f92d..2ea5ae6697 100644 --- a/pkg/fanal/analyzer/language/c/conan/conan_test.go +++ b/pkg/fanal/analyzer/language/c/conan/conan_test.go @@ -6,10 +6,11 @@ import ( "sort" "testing" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" + "github.com/aquasecurity/trivy/pkg/fanal/types" ) func Test_conanLockAnalyzer_Analyze(t *testing.T) { diff --git a/pkg/fanal/analyzer/language/java/gradle/lockfile_test.go b/pkg/fanal/analyzer/language/java/gradle/lockfile_test.go index 2e3eafcff4..021b46e89a 100644 --- a/pkg/fanal/analyzer/language/java/gradle/lockfile_test.go +++ b/pkg/fanal/analyzer/language/java/gradle/lockfile_test.go @@ -5,10 +5,11 @@ import ( "path/filepath" "testing" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" + "github.com/aquasecurity/trivy/pkg/fanal/types" ) func Test_gradleLockAnalyzer_Analyze(t *testing.T) { diff --git a/pkg/fanal/analyzer/language/nodejs/npm/npm_test.go b/pkg/fanal/analyzer/language/nodejs/npm/npm_test.go index 5d2fc90319..07b3654f16 100644 --- a/pkg/fanal/analyzer/language/nodejs/npm/npm_test.go +++ b/pkg/fanal/analyzer/language/nodejs/npm/npm_test.go @@ -7,10 +7,11 @@ import ( "strings" "testing" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" - "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" + "github.com/aquasecurity/trivy/pkg/fanal/types" ) func Test_npmLibraryAnalyzer_Analyze(t *testing.T) { diff --git a/pkg/fanal/cache/mock_cache.go b/pkg/fanal/cache/mock_cache.go index 23611d4d65..4704c0dd4c 100644 --- a/pkg/fanal/cache/mock_cache.go +++ b/pkg/fanal/cache/mock_cache.go @@ -3,8 +3,9 @@ package cache import ( - types "github.com/aquasecurity/trivy/pkg/fanal/types" mock "github.com/stretchr/testify/mock" + + types "github.com/aquasecurity/trivy/pkg/fanal/types" ) // MockCache is an autogenerated mock type for the Cache type diff --git a/pkg/fanal/handler/misconf/misconf.go b/pkg/fanal/handler/misconf/misconf.go index cdd383cc8a..dc9b5664aa 100644 --- a/pkg/fanal/handler/misconf/misconf.go +++ b/pkg/fanal/handler/misconf/misconf.go @@ -11,10 +11,11 @@ import ( "sort" "strings" - "github.com/liamg/memoryfs" "github.com/samber/lo" "golang.org/x/xerrors" + "github.com/aquasecurity/memoryfs" + "github.com/aquasecurity/defsec/pkg/scanners/azure/arm" "github.com/aquasecurity/defsec/pkg/detection" diff --git a/pkg/fanal/handler/misconf/misconf_test.go b/pkg/fanal/handler/misconf/misconf_test.go index 76c4a7c38b..d11757d4dd 100644 --- a/pkg/fanal/handler/misconf/misconf_test.go +++ b/pkg/fanal/handler/misconf/misconf_test.go @@ -5,11 +5,12 @@ import ( "fmt" "testing" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/artifact" "github.com/aquasecurity/trivy/pkg/fanal/types" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func Test_Handle(t *testing.T) { diff --git a/pkg/fanal/test/integration/library_test.go b/pkg/fanal/test/integration/library_test.go index 7c1eec215a..458f530a64 100644 --- a/pkg/fanal/test/integration/library_test.go +++ b/pkg/fanal/test/integration/library_test.go @@ -15,12 +15,13 @@ import ( "strings" "testing" - "github.com/aquasecurity/trivy/pkg/fanal/analyzer" dtypes "github.com/docker/docker/api/types" "github.com/docker/docker/client" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" + _ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/all" "github.com/aquasecurity/trivy/pkg/fanal/applier" "github.com/aquasecurity/trivy/pkg/fanal/artifact" diff --git a/pkg/flag/options_test.go b/pkg/flag/options_test.go index f013e09adf..29b8dd687a 100644 --- a/pkg/flag/options_test.go +++ b/pkg/flag/options_test.go @@ -4,9 +4,10 @@ import ( "os" "testing" - "github.com/aquasecurity/trivy/pkg/types" "github.com/spf13/viper" "github.com/stretchr/testify/assert" + + "github.com/aquasecurity/trivy/pkg/types" ) func Test_getStringSlice(t *testing.T) { diff --git a/pkg/flag/scan_flags_test.go b/pkg/flag/scan_flags_test.go index cd41a8e4e9..36144e7611 100644 --- a/pkg/flag/scan_flags_test.go +++ b/pkg/flag/scan_flags_test.go @@ -3,11 +3,12 @@ package flag_test import ( "testing" - "github.com/aquasecurity/trivy/pkg/flag" - "github.com/aquasecurity/trivy/pkg/types" "github.com/spf13/viper" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/aquasecurity/trivy/pkg/flag" + "github.com/aquasecurity/trivy/pkg/types" ) func TestScanFlagGroup_ToOptions(t *testing.T) { diff --git a/pkg/licensing/scanner_test.go b/pkg/licensing/scanner_test.go index a1e8231f0d..5b680af6fb 100644 --- a/pkg/licensing/scanner_test.go +++ b/pkg/licensing/scanner_test.go @@ -5,8 +5,9 @@ import ( "github.com/aquasecurity/trivy/pkg/licensing" - "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/stretchr/testify/assert" + + "github.com/aquasecurity/trivy/pkg/fanal/types" ) func TestScanner_Scan(t *testing.T) { diff --git a/pkg/module/module.go b/pkg/module/module.go index dfc912b457..2c6e7cb21f 100644 --- a/pkg/module/module.go +++ b/pkg/module/module.go @@ -9,7 +9,6 @@ import ( "path/filepath" "regexp" - "github.com/liamg/memoryfs" "github.com/mailru/easyjson" "github.com/samber/lo" "github.com/tetratelabs/wazero" @@ -19,6 +18,8 @@ import ( "golang.org/x/exp/slices" "golang.org/x/xerrors" + "github.com/aquasecurity/memoryfs" + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/log" tapi "github.com/aquasecurity/trivy/pkg/module/api" diff --git a/pkg/module/serialize/types_easyjson.go b/pkg/module/serialize/types_easyjson.go index c7276dc7d5..9e90f087d3 100644 --- a/pkg/module/serialize/types_easyjson.go +++ b/pkg/module/serialize/types_easyjson.go @@ -4,13 +4,15 @@ package serialize import ( json "encoding/json" - types2 "github.com/aquasecurity/trivy-db/pkg/types" - types1 "github.com/aquasecurity/trivy/pkg/fanal/types" - types "github.com/aquasecurity/trivy/pkg/types" + time "time" + easyjson "github.com/mailru/easyjson" jlexer "github.com/mailru/easyjson/jlexer" jwriter "github.com/mailru/easyjson/jwriter" - time "time" + + types2 "github.com/aquasecurity/trivy-db/pkg/types" + types1 "github.com/aquasecurity/trivy/pkg/fanal/types" + types "github.com/aquasecurity/trivy/pkg/types" ) // suppress unused package warning diff --git a/pkg/oci/artifact_test.go b/pkg/oci/artifact_test.go index 424cf6ca2e..83b1dc4fec 100644 --- a/pkg/oci/artifact_test.go +++ b/pkg/oci/artifact_test.go @@ -7,14 +7,15 @@ import ( "path/filepath" "testing" - "github.com/aquasecurity/trivy/pkg/oci" - "github.com/aquasecurity/trivy/pkg/utils" v1 "github.com/google/go-containerregistry/pkg/v1" fakei "github.com/google/go-containerregistry/pkg/v1/fake" "github.com/google/go-containerregistry/pkg/v1/tarball" "github.com/google/go-containerregistry/pkg/v1/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/aquasecurity/trivy/pkg/oci" + "github.com/aquasecurity/trivy/pkg/utils" ) type fakeLayer struct { diff --git a/pkg/report/predicate/vuln_test.go b/pkg/report/predicate/vuln_test.go index d050969b6c..d931622b59 100644 --- a/pkg/report/predicate/vuln_test.go +++ b/pkg/report/predicate/vuln_test.go @@ -6,9 +6,10 @@ import ( "testing" "time" + "github.com/stretchr/testify/require" + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" - "github.com/stretchr/testify/require" "github.com/aquasecurity/trivy/pkg/clock" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" diff --git a/pkg/report/table/licensing.go b/pkg/report/table/licensing.go index 0b9cd6b7c3..5873642a7f 100644 --- a/pkg/report/table/licensing.go +++ b/pkg/report/table/licensing.go @@ -15,7 +15,8 @@ import ( "github.com/aquasecurity/trivy/pkg/types" "github.com/fatih/color" - "github.com/liamg/tml" + + "github.com/aquasecurity/tml" ) type pkgLicenseRenderer struct { diff --git a/pkg/report/table/misconfig.go b/pkg/report/table/misconfig.go index f6e330f605..34b82db56f 100644 --- a/pkg/report/table/misconfig.go +++ b/pkg/report/table/misconfig.go @@ -9,9 +9,10 @@ import ( dbTypes "github.com/aquasecurity/trivy-db/pkg/types" - "github.com/liamg/tml" "golang.org/x/crypto/ssh/terminal" + "github.com/aquasecurity/tml" + "github.com/aquasecurity/trivy/pkg/types" ) diff --git a/pkg/report/table/secret.go b/pkg/report/table/secret.go index 3b1b9c470e..6a5f0f835b 100644 --- a/pkg/report/table/secret.go +++ b/pkg/report/table/secret.go @@ -5,9 +5,10 @@ import ( "fmt" "strings" - "github.com/liamg/tml" "golang.org/x/crypto/ssh/terminal" + "github.com/aquasecurity/tml" + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/fanal/types" ) diff --git a/pkg/report/table/table.go b/pkg/report/table/table.go index 81fc14b966..06a376a2fc 100644 --- a/pkg/report/table/table.go +++ b/pkg/report/table/table.go @@ -8,9 +8,10 @@ import ( "sync" "github.com/fatih/color" - "github.com/liamg/tml" "golang.org/x/exp/slices" + "github.com/aquasecurity/tml" + "github.com/aquasecurity/table" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/types" diff --git a/pkg/report/table/vulnerability.go b/pkg/report/table/vulnerability.go index 531b6951e2..8fc1cdd7da 100644 --- a/pkg/report/table/vulnerability.go +++ b/pkg/report/table/vulnerability.go @@ -8,10 +8,11 @@ import ( "sync" "github.com/fatih/color" - "github.com/liamg/tml" "github.com/samber/lo" "github.com/xlab/treeprint" + "github.com/aquasecurity/tml" + "github.com/aquasecurity/table" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" diff --git a/pkg/result/filter_test.go b/pkg/result/filter_test.go index 94e6c87adb..fa6dae8a96 100644 --- a/pkg/result/filter_test.go +++ b/pkg/result/filter_test.go @@ -4,10 +4,11 @@ import ( "context" "testing" - "github.com/aquasecurity/trivy/pkg/result" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/aquasecurity/trivy/pkg/result" + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/types" diff --git a/pkg/rpc/server/inject.go b/pkg/rpc/server/inject.go index 33741a248c..dedce618b2 100644 --- a/pkg/rpc/server/inject.go +++ b/pkg/rpc/server/inject.go @@ -4,8 +4,9 @@ package server import ( - "github.com/aquasecurity/trivy/pkg/fanal/cache" "github.com/google/wire" + + "github.com/aquasecurity/trivy/pkg/fanal/cache" ) func initializeScanServer(localArtifactCache cache.Cache) *ScanServer { diff --git a/pkg/scanner/local/mock_applier.go b/pkg/scanner/local/mock_applier.go index 5e324cefb5..628b872965 100644 --- a/pkg/scanner/local/mock_applier.go +++ b/pkg/scanner/local/mock_applier.go @@ -3,8 +3,9 @@ package local import ( - types "github.com/aquasecurity/trivy/pkg/fanal/types" mock "github.com/stretchr/testify/mock" + + types "github.com/aquasecurity/trivy/pkg/fanal/types" ) // MockApplier is an autogenerated mock type for the Applier type diff --git a/pkg/scanner/mock_driver.go b/pkg/scanner/mock_driver.go index 08bb87386a..589b65ffbf 100644 --- a/pkg/scanner/mock_driver.go +++ b/pkg/scanner/mock_driver.go @@ -5,9 +5,10 @@ package scanner import ( "context" - fanaltypes "github.com/aquasecurity/trivy/pkg/fanal/types" mock "github.com/stretchr/testify/mock" + fanaltypes "github.com/aquasecurity/trivy/pkg/fanal/types" + types "github.com/aquasecurity/trivy/pkg/types" ) diff --git a/pkg/scanner/post/post_scan_test.go b/pkg/scanner/post/post_scan_test.go index 3716a4dc90..fcb396f302 100644 --- a/pkg/scanner/post/post_scan_test.go +++ b/pkg/scanner/post/post_scan_test.go @@ -9,9 +9,10 @@ import ( dbTypes "github.com/aquasecurity/trivy-db/pkg/types" - "github.com/aquasecurity/trivy/pkg/scanner/post" "github.com/stretchr/testify/require" + "github.com/aquasecurity/trivy/pkg/scanner/post" + "github.com/aquasecurity/trivy/pkg/types" ) diff --git a/pkg/vulnerability/vulnerability_test.go b/pkg/vulnerability/vulnerability_test.go index 7e6c649729..b37e6c4139 100644 --- a/pkg/vulnerability/vulnerability_test.go +++ b/pkg/vulnerability/vulnerability_test.go @@ -3,6 +3,8 @@ package vulnerability_test import ( "testing" + "github.com/stretchr/testify/assert" + "github.com/aquasecurity/trivy-db/pkg/db" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy-db/pkg/utils" @@ -10,7 +12,6 @@ import ( "github.com/aquasecurity/trivy/pkg/dbtest" "github.com/aquasecurity/trivy/pkg/types" vuln "github.com/aquasecurity/trivy/pkg/vulnerability" - "github.com/stretchr/testify/assert" ) func TestClient_FillInfo(t *testing.T) { diff --git a/rpc/cache/service.pb.go b/rpc/cache/service.pb.go index c7f5ee1361..bdfecf2dba 100644 --- a/rpc/cache/service.pb.go +++ b/rpc/cache/service.pb.go @@ -7,13 +7,15 @@ package cache import ( - common "github.com/aquasecurity/trivy/rpc/common" + reflect "reflect" + sync "sync" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" emptypb "google.golang.org/protobuf/types/known/emptypb" timestamppb "google.golang.org/protobuf/types/known/timestamppb" - reflect "reflect" - sync "sync" + + common "github.com/aquasecurity/trivy/rpc/common" ) const ( diff --git a/rpc/cache/service.twirp.go b/rpc/cache/service.twirp.go index 3fd2ca8b5f..3b141e1eee 100644 --- a/rpc/cache/service.twirp.go +++ b/rpc/cache/service.twirp.go @@ -3,26 +3,40 @@ package cache -import context "context" -import fmt "fmt" -import http "net/http" -import ioutil "io/ioutil" -import json "encoding/json" -import strconv "strconv" -import strings "strings" +import ( + context "context" + fmt "fmt" -import protojson "google.golang.org/protobuf/encoding/protojson" -import proto "google.golang.org/protobuf/proto" -import twirp "github.com/twitchtv/twirp" -import ctxsetters "github.com/twitchtv/twirp/ctxsetters" + http "net/http" -import google_protobuf2 "google.golang.org/protobuf/types/known/emptypb" + ioutil "io/ioutil" -import bytes "bytes" -import errors "errors" -import io "io" -import path "path" -import url "net/url" + json "encoding/json" + + strconv "strconv" + + strings "strings" + + protojson "google.golang.org/protobuf/encoding/protojson" + + proto "google.golang.org/protobuf/proto" + + twirp "github.com/twitchtv/twirp" + + ctxsetters "github.com/twitchtv/twirp/ctxsetters" + + google_protobuf2 "google.golang.org/protobuf/types/known/emptypb" + + bytes "bytes" + + errors "errors" + + io "io" + + path "path" + + url "net/url" +) // Version compatibility assertion. // If the constant is not defined in the package, that likely means diff --git a/rpc/common/service.pb.go b/rpc/common/service.pb.go index bd3b842a3b..e4fc279f61 100644 --- a/rpc/common/service.pb.go +++ b/rpc/common/service.pb.go @@ -7,12 +7,13 @@ package common import ( + reflect "reflect" + sync "sync" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" structpb "google.golang.org/protobuf/types/known/structpb" timestamppb "google.golang.org/protobuf/types/known/timestamppb" - reflect "reflect" - sync "sync" ) const ( diff --git a/rpc/scanner/service.pb.go b/rpc/scanner/service.pb.go index 4e55436fae..fd403a557f 100644 --- a/rpc/scanner/service.pb.go +++ b/rpc/scanner/service.pb.go @@ -7,11 +7,13 @@ package scanner import ( - common "github.com/aquasecurity/trivy/rpc/common" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + + common "github.com/aquasecurity/trivy/rpc/common" ) const ( diff --git a/rpc/scanner/service.twirp.go b/rpc/scanner/service.twirp.go index f3c50670cc..a018cd1860 100644 --- a/rpc/scanner/service.twirp.go +++ b/rpc/scanner/service.twirp.go @@ -3,24 +3,38 @@ package scanner -import context "context" -import fmt "fmt" -import http "net/http" -import ioutil "io/ioutil" -import json "encoding/json" -import strconv "strconv" -import strings "strings" +import ( + context "context" + fmt "fmt" -import protojson "google.golang.org/protobuf/encoding/protojson" -import proto "google.golang.org/protobuf/proto" -import twirp "github.com/twitchtv/twirp" -import ctxsetters "github.com/twitchtv/twirp/ctxsetters" + http "net/http" -import bytes "bytes" -import errors "errors" -import io "io" -import path "path" -import url "net/url" + ioutil "io/ioutil" + + json "encoding/json" + + strconv "strconv" + + strings "strings" + + protojson "google.golang.org/protobuf/encoding/protojson" + + proto "google.golang.org/protobuf/proto" + + twirp "github.com/twitchtv/twirp" + + ctxsetters "github.com/twitchtv/twirp/ctxsetters" + + bytes "bytes" + + errors "errors" + + io "io" + + path "path" + + url "net/url" +) // Version compatibility assertion. // If the constant is not defined in the package, that likely means