mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-05 20:40:16 -08:00
behara
@@ -22,7 +22,7 @@ import (
|
||||
// initializeDockerScanner is for container image scanning in standalone mode
|
||||
// e.g. dockerd, container registry, podman, etc.
|
||||
func initializeDockerScanner(ctx context.Context, imageName string, artifactCache cache.ArtifactCache,
|
||||
localArtifactCache cache.Cache, dockerOpt types.DockerOption, artifactOption artifact.Option) (
|
||||
localArtifactCache cache.LocalArtifactCache, dockerOpt types.DockerOption, artifactOption artifact.Option) (
|
||||
scanner.Scanner, func(), error) {
|
||||
wire.Build(scanner.StandaloneDockerSet)
|
||||
return scanner.Scanner{}, nil, nil
|
||||
@@ -31,34 +31,32 @@ func initializeDockerScanner(ctx context.Context, imageName string, artifactCach
|
||||
// initializeArchiveScanner is for container image archive scanning in standalone mode
|
||||
// e.g. docker save -o alpine.tar alpine:3.15
|
||||
func initializeArchiveScanner(ctx context.Context, filePath string, artifactCache cache.ArtifactCache,
|
||||
localArtifactCache cache.Cache, artifactOption artifact.Option) (scanner.Scanner, error) {
|
||||
localArtifactCache cache.LocalArtifactCache, artifactOption artifact.Option) (scanner.Scanner, error) {
|
||||
wire.Build(scanner.StandaloneArchiveSet)
|
||||
return scanner.Scanner{}, nil
|
||||
}
|
||||
|
||||
// initializeFilesystemScanner is for filesystem scanning in standalone mode
|
||||
func initializeFilesystemScanner(ctx context.Context, path string, artifactCache cache.ArtifactCache,
|
||||
localArtifactCache cache.Cache, artifactOption artifact.Option) (scanner.Scanner, func(), error) {
|
||||
localArtifactCache cache.LocalArtifactCache, artifactOption artifact.Option) (scanner.Scanner, func(), error) {
|
||||
wire.Build(scanner.StandaloneFilesystemSet)
|
||||
return scanner.Scanner{}, nil, nil
|
||||
}
|
||||
|
||||
func initializeRepositoryScanner(ctx context.Context, url string, artifactCache cache.ArtifactCache,
|
||||
localArtifactCache cache.Cache, artifactOption artifact.Option) (
|
||||
scanner.Scanner, func(), error) {
|
||||
localArtifactCache cache.LocalArtifactCache, artifactOption artifact.Option) (scanner.Scanner, func(), error) {
|
||||
wire.Build(scanner.StandaloneRepositorySet)
|
||||
return scanner.Scanner{}, nil, nil
|
||||
}
|
||||
|
||||
func initializeSBOMScanner(ctx context.Context, filePath string, artifactCache cache.ArtifactCache,
|
||||
localArtifactCache cache.Cache, artifactOption artifact.Option) (
|
||||
scanner.Scanner, func(), error) {
|
||||
localArtifactCache cache.LocalArtifactCache, artifactOption artifact.Option) (scanner.Scanner, func(), error) {
|
||||
wire.Build(scanner.StandaloneSBOMSet)
|
||||
return scanner.Scanner{}, nil, nil
|
||||
}
|
||||
|
||||
func initializeVMScanner(ctx context.Context, filePath string, artifactCache cache.ArtifactCache,
|
||||
localArtifactCache cache.Cache, artifactOption artifact.Option) (
|
||||
localArtifactCache cache.LocalArtifactCache, artifactOption artifact.Option) (
|
||||
scanner.Scanner, func(), error) {
|
||||
wire.Build(scanner.StandaloneVMSet)
|
||||
return scanner.Scanner{}, nil, nil
|
||||
|
||||
@@ -59,7 +59,7 @@ type ScannerConfig struct {
|
||||
|
||||
// Cache
|
||||
ArtifactCache cache.ArtifactCache
|
||||
LocalArtifactCache cache.Cache
|
||||
LocalArtifactCache cache.LocalArtifactCache
|
||||
|
||||
// Client/Server options
|
||||
RemoteOption client.ScannerOption
|
||||
|
||||
@@ -27,8 +27,7 @@ func imageStandaloneScanner(ctx context.Context, conf ScannerConfig) (scanner.Sc
|
||||
// archiveStandaloneScanner initializes an image archive scanner in standalone mode
|
||||
// $ trivy image --input alpine.tar
|
||||
func archiveStandaloneScanner(ctx context.Context, conf ScannerConfig) (scanner.Scanner, func(), error) {
|
||||
s, err := initializeArchiveScanner(ctx, conf.Target, conf.ArtifactCache, conf.LocalArtifactCache,
|
||||
conf.ArtifactOption)
|
||||
s, err := initializeArchiveScanner(ctx, conf.Target, conf.ArtifactCache, conf.LocalArtifactCache, conf.ArtifactOption)
|
||||
if err != nil {
|
||||
return scanner.Scanner{}, func() {}, xerrors.Errorf("unable to initialize the archive scanner: %w", err)
|
||||
}
|
||||
@@ -66,8 +65,7 @@ func archiveRemoteScanner(ctx context.Context, conf ScannerConfig) (scanner.Scan
|
||||
|
||||
// filesystemStandaloneScanner initializes a filesystem scanner in standalone mode
|
||||
func filesystemStandaloneScanner(ctx context.Context, conf ScannerConfig) (scanner.Scanner, func(), error) {
|
||||
s, cleanup, err := initializeFilesystemScanner(ctx, conf.Target, conf.ArtifactCache, conf.LocalArtifactCache,
|
||||
conf.ArtifactOption)
|
||||
s, cleanup, err := initializeFilesystemScanner(ctx, conf.Target, conf.ArtifactCache, conf.LocalArtifactCache, conf.ArtifactOption)
|
||||
if err != nil {
|
||||
return scanner.Scanner{}, func() {}, xerrors.Errorf("unable to initialize a filesystem scanner: %w", err)
|
||||
}
|
||||
@@ -85,8 +83,7 @@ func filesystemRemoteScanner(ctx context.Context, conf ScannerConfig) (scanner.S
|
||||
|
||||
// repositoryStandaloneScanner initializes a repository scanner in standalone mode
|
||||
func repositoryStandaloneScanner(ctx context.Context, conf ScannerConfig) (scanner.Scanner, func(), error) {
|
||||
s, cleanup, err := initializeRepositoryScanner(ctx, conf.Target, conf.ArtifactCache, conf.LocalArtifactCache,
|
||||
conf.ArtifactOption)
|
||||
s, cleanup, err := initializeRepositoryScanner(ctx, conf.Target, conf.ArtifactCache, conf.LocalArtifactCache, conf.ArtifactOption)
|
||||
if err != nil {
|
||||
return scanner.Scanner{}, func() {}, xerrors.Errorf("unable to initialize a repository scanner: %w", err)
|
||||
}
|
||||
@@ -105,8 +102,7 @@ func repositoryRemoteScanner(ctx context.Context, conf ScannerConfig) (scanner.S
|
||||
|
||||
// sbomStandaloneScanner initializes a SBOM scanner in standalone mode
|
||||
func sbomStandaloneScanner(ctx context.Context, conf ScannerConfig) (scanner.Scanner, func(), error) {
|
||||
s, cleanup, err := initializeSBOMScanner(ctx, conf.Target, conf.ArtifactCache, conf.LocalArtifactCache,
|
||||
conf.ArtifactOption)
|
||||
s, cleanup, err := initializeSBOMScanner(ctx, conf.Target, conf.ArtifactCache, conf.LocalArtifactCache, conf.ArtifactOption)
|
||||
if err != nil {
|
||||
return scanner.Scanner{}, func() {}, xerrors.Errorf("unable to initialize a cycloneDX scanner: %w", err)
|
||||
}
|
||||
|
||||
@@ -30,15 +30,14 @@ import (
|
||||
|
||||
// initializeDockerScanner is for container image scanning in standalone mode
|
||||
// e.g. dockerd, container registry, podman, etc.
|
||||
func initializeDockerScanner(ctx context.Context, imageName string, artifactCache cache.ArtifactCache, localArtifactCache cache.Cache, dockerOpt types.DockerOption, artifactOption artifact.Option) (scanner.Scanner, func(), error) {
|
||||
v := _wireValue
|
||||
applierApplier := applier.NewApplier(localArtifactCache, v...)
|
||||
func initializeDockerScanner(ctx context.Context, imageName string, artifactCache cache.ArtifactCache, localArtifactCache cache.LocalArtifactCache, dockerOpt types.DockerOption, artifactOption artifact.Option) (scanner.Scanner, func(), error) {
|
||||
applierApplier := applier.NewApplier(localArtifactCache)
|
||||
detector := ospkg.Detector{}
|
||||
config := db.Config{}
|
||||
client := vulnerability.NewClient(config)
|
||||
localScanner := local.NewScanner(applierApplier, detector, client)
|
||||
v2 := _wireValue2
|
||||
typesImage, cleanup, err := image.NewContainerImage(ctx, imageName, dockerOpt, v2...)
|
||||
v := _wireValue
|
||||
typesImage, cleanup, err := image.NewContainerImage(ctx, imageName, dockerOpt, v...)
|
||||
if err != nil {
|
||||
return scanner.Scanner{}, nil, err
|
||||
}
|
||||
@@ -54,15 +53,13 @@ func initializeDockerScanner(ctx context.Context, imageName string, artifactCach
|
||||
}
|
||||
|
||||
var (
|
||||
_wireValue = []applier.Option(nil)
|
||||
_wireValue2 = []image.Option(nil)
|
||||
_wireValue = []image.Option(nil)
|
||||
)
|
||||
|
||||
// initializeArchiveScanner is for container image archive scanning in standalone mode
|
||||
// e.g. docker save -o alpine.tar alpine:3.15
|
||||
func initializeArchiveScanner(ctx context.Context, filePath string, artifactCache cache.ArtifactCache, localArtifactCache cache.Cache, artifactOption artifact.Option) (scanner.Scanner, error) {
|
||||
v := _wireValue
|
||||
applierApplier := applier.NewApplier(localArtifactCache, v...)
|
||||
func initializeArchiveScanner(ctx context.Context, filePath string, artifactCache cache.ArtifactCache, localArtifactCache cache.LocalArtifactCache, artifactOption artifact.Option) (scanner.Scanner, error) {
|
||||
applierApplier := applier.NewApplier(localArtifactCache)
|
||||
detector := ospkg.Detector{}
|
||||
config := db.Config{}
|
||||
client := vulnerability.NewClient(config)
|
||||
@@ -80,9 +77,8 @@ func initializeArchiveScanner(ctx context.Context, filePath string, artifactCach
|
||||
}
|
||||
|
||||
// initializeFilesystemScanner is for filesystem scanning in standalone mode
|
||||
func initializeFilesystemScanner(ctx context.Context, path string, artifactCache cache.ArtifactCache, localArtifactCache cache.Cache, artifactOption artifact.Option) (scanner.Scanner, func(), error) {
|
||||
v := _wireValue
|
||||
applierApplier := applier.NewApplier(localArtifactCache, v...)
|
||||
func initializeFilesystemScanner(ctx context.Context, path string, artifactCache cache.ArtifactCache, localArtifactCache cache.LocalArtifactCache, artifactOption artifact.Option) (scanner.Scanner, func(), error) {
|
||||
applierApplier := applier.NewApplier(localArtifactCache)
|
||||
detector := ospkg.Detector{}
|
||||
config := db.Config{}
|
||||
client := vulnerability.NewClient(config)
|
||||
@@ -96,9 +92,8 @@ func initializeFilesystemScanner(ctx context.Context, path string, artifactCache
|
||||
}, nil
|
||||
}
|
||||
|
||||
func initializeRepositoryScanner(ctx context.Context, url string, artifactCache cache.ArtifactCache, localArtifactCache cache.Cache, artifactOption artifact.Option) (scanner.Scanner, func(), error) {
|
||||
v := _wireValue
|
||||
applierApplier := applier.NewApplier(localArtifactCache, v...)
|
||||
func initializeRepositoryScanner(ctx context.Context, url string, artifactCache cache.ArtifactCache, localArtifactCache cache.LocalArtifactCache, artifactOption artifact.Option) (scanner.Scanner, func(), error) {
|
||||
applierApplier := applier.NewApplier(localArtifactCache)
|
||||
detector := ospkg.Detector{}
|
||||
config := db.Config{}
|
||||
client := vulnerability.NewClient(config)
|
||||
@@ -113,9 +108,8 @@ func initializeRepositoryScanner(ctx context.Context, url string, artifactCache
|
||||
}, nil
|
||||
}
|
||||
|
||||
func initializeSBOMScanner(ctx context.Context, filePath string, artifactCache cache.ArtifactCache, localArtifactCache cache.Cache, artifactOption artifact.Option) (scanner.Scanner, func(), error) {
|
||||
v := _wireValue
|
||||
applierApplier := applier.NewApplier(localArtifactCache, v...)
|
||||
func initializeSBOMScanner(ctx context.Context, filePath string, artifactCache cache.ArtifactCache, localArtifactCache cache.LocalArtifactCache, artifactOption artifact.Option) (scanner.Scanner, func(), error) {
|
||||
applierApplier := applier.NewApplier(localArtifactCache)
|
||||
detector := ospkg.Detector{}
|
||||
config := db.Config{}
|
||||
client := vulnerability.NewClient(config)
|
||||
@@ -129,9 +123,8 @@ func initializeSBOMScanner(ctx context.Context, filePath string, artifactCache c
|
||||
}, nil
|
||||
}
|
||||
|
||||
func initializeVMScanner(ctx context.Context, filePath string, artifactCache cache.ArtifactCache, localArtifactCache cache.Cache, artifactOption artifact.Option) (scanner.Scanner, func(), error) {
|
||||
v := _wireValue
|
||||
applierApplier := applier.NewApplier(localArtifactCache, v...)
|
||||
func initializeVMScanner(ctx context.Context, filePath string, artifactCache cache.ArtifactCache, localArtifactCache cache.LocalArtifactCache, artifactOption artifact.Option) (scanner.Scanner, func(), error) {
|
||||
applierApplier := applier.NewApplier(localArtifactCache)
|
||||
detector := ospkg.Detector{}
|
||||
config := db.Config{}
|
||||
client := vulnerability.NewClient(config)
|
||||
@@ -148,9 +141,9 @@ func initializeVMScanner(ctx context.Context, filePath string, artifactCache cac
|
||||
// initializeRemoteDockerScanner is for container image scanning in client/server mode
|
||||
// e.g. dockerd, container registry, podman, etc.
|
||||
func initializeRemoteDockerScanner(ctx context.Context, imageName string, artifactCache cache.ArtifactCache, remoteScanOptions client.ScannerOption, dockerOpt types.DockerOption, artifactOption artifact.Option) (scanner.Scanner, func(), error) {
|
||||
v := _wireValue3
|
||||
v := _wireValue2
|
||||
clientScanner := client.NewScanner(remoteScanOptions, v...)
|
||||
v2 := _wireValue4
|
||||
v2 := _wireValue3
|
||||
typesImage, cleanup, err := image.NewContainerImage(ctx, imageName, dockerOpt, v2...)
|
||||
if err != nil {
|
||||
return scanner.Scanner{}, nil, err
|
||||
@@ -167,14 +160,14 @@ func initializeRemoteDockerScanner(ctx context.Context, imageName string, artifa
|
||||
}
|
||||
|
||||
var (
|
||||
_wireValue3 = []client.Option(nil)
|
||||
_wireValue4 = []image.Option(nil)
|
||||
_wireValue2 = []client.Option(nil)
|
||||
_wireValue3 = []image.Option(nil)
|
||||
)
|
||||
|
||||
// initializeRemoteArchiveScanner is for container image archive scanning in client/server mode
|
||||
// e.g. docker save -o alpine.tar alpine:3.15
|
||||
func initializeRemoteArchiveScanner(ctx context.Context, filePath string, artifactCache cache.ArtifactCache, remoteScanOptions client.ScannerOption, artifactOption artifact.Option) (scanner.Scanner, error) {
|
||||
v := _wireValue3
|
||||
v := _wireValue2
|
||||
clientScanner := client.NewScanner(remoteScanOptions, v...)
|
||||
typesImage, err := image.NewArchiveImage(filePath)
|
||||
if err != nil {
|
||||
@@ -190,7 +183,7 @@ func initializeRemoteArchiveScanner(ctx context.Context, filePath string, artifa
|
||||
|
||||
// initializeRemoteFilesystemScanner is for filesystem scanning in client/server mode
|
||||
func initializeRemoteFilesystemScanner(ctx context.Context, path string, artifactCache cache.ArtifactCache, remoteScanOptions client.ScannerOption, artifactOption artifact.Option) (scanner.Scanner, func(), error) {
|
||||
v := _wireValue3
|
||||
v := _wireValue2
|
||||
clientScanner := client.NewScanner(remoteScanOptions, v...)
|
||||
artifactArtifact, err := local2.NewArtifact(path, artifactCache, artifactOption)
|
||||
if err != nil {
|
||||
@@ -203,7 +196,7 @@ func initializeRemoteFilesystemScanner(ctx context.Context, path string, artifac
|
||||
|
||||
// initializeRemoteRepositoryScanner is for repository scanning in client/server mode
|
||||
func initializeRemoteRepositoryScanner(ctx context.Context, url string, artifactCache cache.ArtifactCache, remoteScanOptions client.ScannerOption, artifactOption artifact.Option) (scanner.Scanner, func(), error) {
|
||||
v := _wireValue3
|
||||
v := _wireValue2
|
||||
clientScanner := client.NewScanner(remoteScanOptions, v...)
|
||||
artifactArtifact, cleanup, err := remote.NewArtifact(url, artifactCache, artifactOption)
|
||||
if err != nil {
|
||||
@@ -217,7 +210,7 @@ func initializeRemoteRepositoryScanner(ctx context.Context, url string, artifact
|
||||
|
||||
// initializeRemoteSBOMScanner is for sbom scanning in client/server mode
|
||||
func initializeRemoteSBOMScanner(ctx context.Context, path string, artifactCache cache.ArtifactCache, remoteScanOptions client.ScannerOption, artifactOption artifact.Option) (scanner.Scanner, func(), error) {
|
||||
v := _wireValue3
|
||||
v := _wireValue2
|
||||
clientScanner := client.NewScanner(remoteScanOptions, v...)
|
||||
artifactArtifact, err := sbom.NewArtifact(path, artifactCache, artifactOption)
|
||||
if err != nil {
|
||||
@@ -230,7 +223,7 @@ func initializeRemoteSBOMScanner(ctx context.Context, path string, artifactCache
|
||||
|
||||
// initializeRemoteVMScanner is for vm scanning in client/server mode
|
||||
func initializeRemoteVMScanner(ctx context.Context, path string, artifactCache cache.ArtifactCache, remoteScanOptions client.ScannerOption, artifactOption artifact.Option) (scanner.Scanner, func(), error) {
|
||||
v := _wireValue3
|
||||
v := _wireValue2
|
||||
clientScanner := client.NewScanner(remoteScanOptions, v...)
|
||||
artifactArtifact, err := vm.NewArtifact(path, artifactCache, artifactOption)
|
||||
if err != nil {
|
||||
|
||||
@@ -24,7 +24,7 @@ import (
|
||||
// SuperSet binds cache dependencies
|
||||
var SuperSet = wire.NewSet(
|
||||
cache.NewFSCache,
|
||||
wire.Bind(new(cache.Cache), new(cache.FSCache)),
|
||||
wire.Bind(new(cache.LocalArtifactCache), new(cache.FSCache)),
|
||||
NewCache,
|
||||
)
|
||||
|
||||
|
||||
@@ -1,60 +1,22 @@
|
||||
package applier
|
||||
|
||||
import (
|
||||
"crypto/sha256"
|
||||
"encoding/json"
|
||||
|
||||
"github.com/opencontainers/go-digest"
|
||||
"golang.org/x/xerrors"
|
||||
|
||||
"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
|
||||
"github.com/aquasecurity/trivy/pkg/fanal/cache"
|
||||
"github.com/aquasecurity/trivy/pkg/fanal/types"
|
||||
"github.com/aquasecurity/trivy/pkg/log"
|
||||
)
|
||||
|
||||
type Applier struct {
|
||||
cache cache.Cache
|
||||
|
||||
// cacheMergedLayer is a flag to determine if the merged layer is cached or not.
|
||||
// This flag is for tools importing Trivy as a library, not used in Trivy itself.
|
||||
cacheMergedLayer bool
|
||||
cache cache.LocalArtifactCache
|
||||
}
|
||||
|
||||
type Option func(*Applier)
|
||||
|
||||
func WithCacheMergedLayer(b bool) Option {
|
||||
return func(a *Applier) {
|
||||
a.cacheMergedLayer = b
|
||||
}
|
||||
}
|
||||
|
||||
func NewApplier(c cache.Cache, opts ...Option) Applier {
|
||||
a := &Applier{
|
||||
cache: c,
|
||||
cacheMergedLayer: false,
|
||||
}
|
||||
for _, opt := range opts {
|
||||
opt(a)
|
||||
}
|
||||
return *a
|
||||
func NewApplier(c cache.LocalArtifactCache) Applier {
|
||||
return Applier{cache: c}
|
||||
}
|
||||
|
||||
func (a Applier) ApplyLayers(imageID string, layerKeys []string) (types.ArtifactDetail, error) {
|
||||
var mergedKey string
|
||||
|
||||
// Try to restore the merged layer if the feature is enabled
|
||||
if a.cacheMergedLayer {
|
||||
var err error
|
||||
mergedKey, err = calcMergedKey(layerKeys)
|
||||
if err != nil {
|
||||
return types.ArtifactDetail{}, xerrors.Errorf("failed to calculate a merged key: %w", err)
|
||||
}
|
||||
if b, err := a.cache.GetBlob(mergedKey); err == nil {
|
||||
return b.ToArtifactDetail(), nil
|
||||
}
|
||||
}
|
||||
|
||||
var layers []types.BlobInfo
|
||||
for _, key := range layerKeys {
|
||||
blob, _ := a.cache.GetBlob(key) // nolint
|
||||
@@ -74,22 +36,5 @@ func (a Applier) ApplyLayers(imageID string, layerKeys []string) (types.Artifact
|
||||
imageInfo, _ := a.cache.GetArtifact(imageID) // nolint
|
||||
mergedLayer.HistoryPackages = imageInfo.HistoryPackages
|
||||
|
||||
// Store the merged layer if the feature is enabled
|
||||
if a.cacheMergedLayer {
|
||||
if err := a.cache.PutBlob(mergedKey, mergedLayer.ToBlobInfo()); err != nil {
|
||||
log.Logger.Error("Unable to cache the merged layer: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
return mergedLayer, nil
|
||||
}
|
||||
|
||||
func calcMergedKey(layerKeys []string) (string, error) {
|
||||
h := sha256.New()
|
||||
if err := json.NewEncoder(h).Encode(layerKeys); err != nil {
|
||||
return "", xerrors.Errorf("json error: %w", err)
|
||||
}
|
||||
|
||||
d := digest.NewDigest(digest.SHA256, h)
|
||||
return d.String(), nil
|
||||
}
|
||||
|
||||
@@ -24,8 +24,8 @@ func TestApplier_ApplyLayers(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
getLayerExpectations []cache.CacheGetBlobExpectation
|
||||
getImageExpectations []cache.CacheGetArtifactExpectation
|
||||
getLayerExpectations []cache.LocalArtifactCacheGetBlobExpectation
|
||||
getImageExpectations []cache.LocalArtifactCacheGetArtifactExpectation
|
||||
want types.ArtifactDetail
|
||||
wantErr string
|
||||
}{
|
||||
@@ -39,12 +39,12 @@ func TestApplier_ApplyLayers(t *testing.T) {
|
||||
"sha256:24df0d4e20c0f42d3703bf1f1db2bdd77346c7956f74f423603d651e8e5ae8a7",
|
||||
},
|
||||
},
|
||||
getLayerExpectations: []cache.CacheGetBlobExpectation{
|
||||
getLayerExpectations: []cache.LocalArtifactCacheGetBlobExpectation{
|
||||
{
|
||||
Args: cache.CacheGetBlobArgs{
|
||||
Args: cache.LocalArtifactCacheGetBlobArgs{
|
||||
BlobID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
|
||||
},
|
||||
Returns: cache.CacheGetBlobReturns{
|
||||
Returns: cache.LocalArtifactCacheGetBlobReturns{
|
||||
BlobInfo: types.BlobInfo{
|
||||
SchemaVersion: 1,
|
||||
Digest: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
|
||||
@@ -70,10 +70,10 @@ func TestApplier_ApplyLayers(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
Args: cache.CacheGetBlobArgs{
|
||||
Args: cache.LocalArtifactCacheGetBlobArgs{
|
||||
BlobID: "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5",
|
||||
},
|
||||
Returns: cache.CacheGetBlobReturns{
|
||||
Returns: cache.LocalArtifactCacheGetBlobReturns{
|
||||
BlobInfo: types.BlobInfo{
|
||||
SchemaVersion: 1,
|
||||
Digest: "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5",
|
||||
@@ -98,10 +98,10 @@ func TestApplier_ApplyLayers(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
Args: cache.CacheGetBlobArgs{
|
||||
Args: cache.LocalArtifactCacheGetBlobArgs{
|
||||
BlobID: "sha256:24df0d4e20c0f42d3703bf1f1db2bdd77346c7956f74f423603d651e8e5ae8a7",
|
||||
},
|
||||
Returns: cache.CacheGetBlobReturns{
|
||||
Returns: cache.LocalArtifactCacheGetBlobReturns{
|
||||
BlobInfo: types.BlobInfo{
|
||||
SchemaVersion: 1,
|
||||
Digest: "sha256:beee9f30bc1f711043e78d4a2be0668955d4b761d587d6f60c2c8dc081efb203",
|
||||
@@ -126,12 +126,12 @@ func TestApplier_ApplyLayers(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
getImageExpectations: []cache.CacheGetArtifactExpectation{
|
||||
getImageExpectations: []cache.LocalArtifactCacheGetArtifactExpectation{
|
||||
{
|
||||
Args: cache.CacheGetArtifactArgs{
|
||||
Args: cache.LocalArtifactCacheGetArtifactArgs{
|
||||
ArtifactID: "sha256:4791503518dff090d6a82f7a5c1fd71c41146920e2562fb64308e17ab6834b7e",
|
||||
},
|
||||
Returns: cache.CacheGetArtifactReturns{
|
||||
Returns: cache.LocalArtifactCacheGetArtifactReturns{
|
||||
ArtifactInfo: types.ArtifactInfo{
|
||||
SchemaVersion: 1,
|
||||
},
|
||||
@@ -193,12 +193,12 @@ func TestApplier_ApplyLayers(t *testing.T) {
|
||||
"sha256:531743b7098cb2aaf615641007a129173f63ed86ca32fe7b5a246a1c47286028",
|
||||
},
|
||||
},
|
||||
getLayerExpectations: []cache.CacheGetBlobExpectation{
|
||||
getLayerExpectations: []cache.LocalArtifactCacheGetBlobExpectation{
|
||||
{
|
||||
Args: cache.CacheGetBlobArgs{
|
||||
Args: cache.LocalArtifactCacheGetBlobArgs{
|
||||
BlobID: "sha256:531743b7098cb2aaf615641007a129173f63ed86ca32fe7b5a246a1c47286028",
|
||||
},
|
||||
Returns: cache.CacheGetBlobReturns{
|
||||
Returns: cache.LocalArtifactCacheGetBlobReturns{
|
||||
BlobInfo: types.BlobInfo{
|
||||
SchemaVersion: 1,
|
||||
Digest: "sha256:a187dde48cd289ac374ad8539930628314bc581a481cdb41409c9289419ddb72",
|
||||
@@ -223,12 +223,12 @@ func TestApplier_ApplyLayers(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
getImageExpectations: []cache.CacheGetArtifactExpectation{
|
||||
getImageExpectations: []cache.LocalArtifactCacheGetArtifactExpectation{
|
||||
{
|
||||
Args: cache.CacheGetArtifactArgs{
|
||||
Args: cache.LocalArtifactCacheGetArtifactArgs{
|
||||
ArtifactID: "sha256:3bb70bd5fb37e05b8ecaaace5d6a6b5ec7834037c07ecb5907355c23ab70352d",
|
||||
},
|
||||
Returns: cache.CacheGetArtifactReturns{
|
||||
Returns: cache.LocalArtifactCacheGetArtifactReturns{
|
||||
ArtifactInfo: types.ArtifactInfo{
|
||||
SchemaVersion: 1,
|
||||
HistoryPackages: []types.Package{
|
||||
@@ -311,12 +311,12 @@ func TestApplier_ApplyLayers(t *testing.T) {
|
||||
"sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
|
||||
},
|
||||
},
|
||||
getLayerExpectations: []cache.CacheGetBlobExpectation{
|
||||
getLayerExpectations: []cache.LocalArtifactCacheGetBlobExpectation{
|
||||
{
|
||||
Args: cache.CacheGetBlobArgs{
|
||||
Args: cache.LocalArtifactCacheGetBlobArgs{
|
||||
BlobID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
|
||||
},
|
||||
Returns: cache.CacheGetBlobReturns{BlobInfo: types.BlobInfo{}},
|
||||
Returns: cache.LocalArtifactCacheGetBlobReturns{BlobInfo: types.BlobInfo{}},
|
||||
},
|
||||
},
|
||||
wantErr: "layer cache missing",
|
||||
@@ -328,12 +328,12 @@ func TestApplier_ApplyLayers(t *testing.T) {
|
||||
"sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
|
||||
},
|
||||
},
|
||||
getLayerExpectations: []cache.CacheGetBlobExpectation{
|
||||
getLayerExpectations: []cache.LocalArtifactCacheGetBlobExpectation{
|
||||
{
|
||||
Args: cache.CacheGetBlobArgs{
|
||||
Args: cache.LocalArtifactCacheGetBlobArgs{
|
||||
BlobID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
|
||||
},
|
||||
Returns: cache.CacheGetBlobReturns{BlobInfo: types.BlobInfo{}},
|
||||
Returns: cache.LocalArtifactCacheGetBlobReturns{BlobInfo: types.BlobInfo{}},
|
||||
},
|
||||
},
|
||||
wantErr: "layer cache missing",
|
||||
@@ -348,12 +348,12 @@ func TestApplier_ApplyLayers(t *testing.T) {
|
||||
"sha256:24df0d4e20c0f42d3703bf1f1db2bdd77346c7956f74f423603d651e8e5ae8a7",
|
||||
},
|
||||
},
|
||||
getLayerExpectations: []cache.CacheGetBlobExpectation{
|
||||
getLayerExpectations: []cache.LocalArtifactCacheGetBlobExpectation{
|
||||
{
|
||||
Args: cache.CacheGetBlobArgs{
|
||||
Args: cache.LocalArtifactCacheGetBlobArgs{
|
||||
BlobID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
|
||||
},
|
||||
Returns: cache.CacheGetBlobReturns{
|
||||
Returns: cache.LocalArtifactCacheGetBlobReturns{
|
||||
BlobInfo: types.BlobInfo{
|
||||
SchemaVersion: 1,
|
||||
Digest: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
|
||||
@@ -375,10 +375,10 @@ func TestApplier_ApplyLayers(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
Args: cache.CacheGetBlobArgs{
|
||||
Args: cache.LocalArtifactCacheGetBlobArgs{
|
||||
BlobID: "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5",
|
||||
},
|
||||
Returns: cache.CacheGetBlobReturns{
|
||||
Returns: cache.LocalArtifactCacheGetBlobReturns{
|
||||
BlobInfo: types.BlobInfo{
|
||||
SchemaVersion: 1,
|
||||
Digest: "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5",
|
||||
@@ -403,10 +403,10 @@ func TestApplier_ApplyLayers(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
Args: cache.CacheGetBlobArgs{
|
||||
Args: cache.LocalArtifactCacheGetBlobArgs{
|
||||
BlobID: "sha256:24df0d4e20c0f42d3703bf1f1db2bdd77346c7956f74f423603d651e8e5ae8a7",
|
||||
},
|
||||
Returns: cache.CacheGetBlobReturns{
|
||||
Returns: cache.LocalArtifactCacheGetBlobReturns{
|
||||
BlobInfo: types.BlobInfo{
|
||||
SchemaVersion: 1,
|
||||
Digest: "sha256:beee9f30bc1f711043e78d4a2be0668955d4b761d587d6f60c2c8dc081efb203",
|
||||
@@ -482,12 +482,12 @@ func TestApplier_ApplyLayers(t *testing.T) {
|
||||
"sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
|
||||
},
|
||||
},
|
||||
getLayerExpectations: []cache.CacheGetBlobExpectation{
|
||||
getLayerExpectations: []cache.LocalArtifactCacheGetBlobExpectation{
|
||||
{
|
||||
Args: cache.CacheGetBlobArgs{
|
||||
Args: cache.LocalArtifactCacheGetBlobArgs{
|
||||
BlobID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
|
||||
},
|
||||
Returns: cache.CacheGetBlobReturns{
|
||||
Returns: cache.LocalArtifactCacheGetBlobReturns{
|
||||
BlobInfo: types.BlobInfo{
|
||||
SchemaVersion: 1,
|
||||
OS: types.OS{
|
||||
@@ -515,12 +515,12 @@ func TestApplier_ApplyLayers(t *testing.T) {
|
||||
"sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5",
|
||||
},
|
||||
},
|
||||
getLayerExpectations: []cache.CacheGetBlobExpectation{
|
||||
getLayerExpectations: []cache.LocalArtifactCacheGetBlobExpectation{
|
||||
{
|
||||
Args: cache.CacheGetBlobArgs{
|
||||
Args: cache.LocalArtifactCacheGetBlobArgs{
|
||||
BlobID: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
|
||||
},
|
||||
Returns: cache.CacheGetBlobReturns{
|
||||
Returns: cache.LocalArtifactCacheGetBlobReturns{
|
||||
BlobInfo: types.BlobInfo{
|
||||
SchemaVersion: 1,
|
||||
Digest: "sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02",
|
||||
@@ -558,10 +558,10 @@ func TestApplier_ApplyLayers(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
Args: cache.CacheGetBlobArgs{
|
||||
Args: cache.LocalArtifactCacheGetBlobArgs{
|
||||
BlobID: "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5",
|
||||
},
|
||||
Returns: cache.CacheGetBlobReturns{
|
||||
Returns: cache.LocalArtifactCacheGetBlobReturns{
|
||||
BlobInfo: types.BlobInfo{
|
||||
SchemaVersion: 1,
|
||||
Digest: "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5",
|
||||
@@ -677,7 +677,7 @@ func TestApplier_ApplyLayers(t *testing.T) {
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
c := new(cache.MockCache)
|
||||
c := new(cache.MockLocalArtifactCache)
|
||||
c.ApplyGetBlobExpectations(tt.getLayerExpectations)
|
||||
c.ApplyGetArtifactExpectations(tt.getImageExpectations)
|
||||
|
||||
|
||||
36
pkg/fanal/cache/mock_cache.go
vendored
36
pkg/fanal/cache/mock_cache.go
vendored
@@ -79,43 +79,43 @@ func (_m *MockCache) Close() error {
|
||||
return r0
|
||||
}
|
||||
|
||||
type CacheDeleteBlobsArgs struct {
|
||||
BlobIDs []string
|
||||
BlobIDsAnything bool
|
||||
type CacheDeleteBlobArgs struct {
|
||||
BlobID string
|
||||
BlobIDAnything bool
|
||||
}
|
||||
|
||||
type CacheDeleteBlobsReturns struct {
|
||||
type CacheDeleteBlobReturns struct {
|
||||
_a0 error
|
||||
}
|
||||
|
||||
type CacheDeleteBlobsExpectation struct {
|
||||
Args CacheDeleteBlobsArgs
|
||||
Returns CacheDeleteBlobsReturns
|
||||
type CacheDeleteBlobExpectation struct {
|
||||
Args CacheDeleteBlobArgs
|
||||
Returns CacheDeleteBlobReturns
|
||||
}
|
||||
|
||||
func (_m *MockCache) ApplyDeleteBlobsExpectation(e CacheDeleteBlobsExpectation) {
|
||||
func (_m *MockCache) ApplyDeleteBlobExpectation(e CacheDeleteBlobExpectation) {
|
||||
var args []interface{}
|
||||
if e.Args.BlobIDsAnything {
|
||||
if e.Args.BlobIDAnything {
|
||||
args = append(args, mock.Anything)
|
||||
} else {
|
||||
args = append(args, e.Args.BlobIDs)
|
||||
args = append(args, e.Args.BlobID)
|
||||
}
|
||||
_m.On("DeleteBlobs", args...).Return(e.Returns._a0)
|
||||
_m.On("DeleteBlob", args...).Return(e.Returns._a0)
|
||||
}
|
||||
|
||||
func (_m *MockCache) ApplyDeleteBlobsExpectations(expectations []CacheDeleteBlobsExpectation) {
|
||||
func (_m *MockCache) ApplyDeleteBlobExpectations(expectations []CacheDeleteBlobExpectation) {
|
||||
for _, e := range expectations {
|
||||
_m.ApplyDeleteBlobsExpectation(e)
|
||||
_m.ApplyDeleteBlobExpectation(e)
|
||||
}
|
||||
}
|
||||
|
||||
// DeleteBlobs provides a mock function with given fields: blobIDs
|
||||
func (_m *MockCache) DeleteBlobs(blobIDs []string) error {
|
||||
ret := _m.Called(blobIDs)
|
||||
// DeleteBlob provides a mock function with given fields: blobID
|
||||
func (_m *MockCache) DeleteBlob(blobID string) error {
|
||||
ret := _m.Called(blobID)
|
||||
|
||||
var r0 error
|
||||
if rf, ok := ret.Get(0).(func([]string) error); ok {
|
||||
r0 = rf(blobIDs)
|
||||
if rf, ok := ret.Get(0).(func(string) error); ok {
|
||||
r0 = rf(blobID)
|
||||
} else {
|
||||
r0 = ret.Error(0)
|
||||
}
|
||||
|
||||
@@ -233,25 +233,6 @@ type BlobInfo struct {
|
||||
CustomResources []CustomResource `json:",omitempty"`
|
||||
}
|
||||
|
||||
// ToArtifactDetail is used to restore the merged layer from cache.
|
||||
func (b *BlobInfo) ToArtifactDetail() ArtifactDetail {
|
||||
var pkgs []Package
|
||||
// The size must be 1 as this BlobInfo contains the merged layer.
|
||||
if len(b.PackageInfos) == 1 {
|
||||
pkgs = b.PackageInfos[0].Packages
|
||||
}
|
||||
return ArtifactDetail{
|
||||
OS: b.OS,
|
||||
Repository: b.Repository,
|
||||
Packages: pkgs,
|
||||
Applications: b.Applications,
|
||||
Misconfigurations: b.Misconfigurations,
|
||||
Secrets: b.Secrets,
|
||||
Licenses: b.Licenses,
|
||||
CustomResources: b.CustomResources,
|
||||
}
|
||||
}
|
||||
|
||||
// ArtifactDetail is generated by applying blobs
|
||||
type ArtifactDetail struct {
|
||||
OS OS `json:",omitempty"`
|
||||
|
||||
@@ -9,7 +9,7 @@ import (
|
||||
"github.com/aquasecurity/trivy/pkg/fanal/cache"
|
||||
)
|
||||
|
||||
func initializeScanServer(localArtifactCache cache.Cache) *ScanServer {
|
||||
func initializeScanServer(localArtifactCache cache.LocalArtifactCache) *ScanServer {
|
||||
wire.Build(ScanSuperSet)
|
||||
return &ScanServer{}
|
||||
}
|
||||
|
||||
@@ -17,9 +17,8 @@ import (
|
||||
|
||||
// Injectors from inject.go:
|
||||
|
||||
func initializeScanServer(localArtifactCache cache.Cache) *ScanServer {
|
||||
v := _wireValue
|
||||
applierApplier := applier.NewApplier(localArtifactCache, v...)
|
||||
func initializeScanServer(localArtifactCache cache.LocalArtifactCache) *ScanServer {
|
||||
applierApplier := applier.NewApplier(localArtifactCache)
|
||||
detector := ospkg.Detector{}
|
||||
config := db.Config{}
|
||||
client := vulnerability.NewClient(config)
|
||||
@@ -27,7 +26,3 @@ func initializeScanServer(localArtifactCache cache.Cache) *ScanServer {
|
||||
scanServer := NewScanServer(scanner)
|
||||
return scanServer
|
||||
}
|
||||
|
||||
var (
|
||||
_wireValue = []applier.Option(nil)
|
||||
)
|
||||
|
||||
@@ -40,7 +40,6 @@ var (
|
||||
// SuperSet binds dependencies for Local scan
|
||||
var SuperSet = wire.NewSet(
|
||||
vulnerability.SuperSet,
|
||||
wire.Value([]applier.Option(nil)), // functional options
|
||||
applier.NewApplier,
|
||||
wire.Bind(new(Applier), new(applier.Applier)),
|
||||
wire.Struct(new(ospkgDetector.Detector)),
|
||||
|
||||
Reference in New Issue
Block a user