gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-22 07:10:41 -08:00
Code Issues Packages Projects Releases Wiki Activity

test: include integration tests in linting and fix all issues (#9060)

Browse Source
This commit is contained in:
Teppei Fukuda
2025-06-24 17:09:15 +04:00
committed by GitHub
parent 6bf7ac41fb
commit cd7c595e4a
14 changed files with 207 additions and 223 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.golangci.yaml
View File

@@ -14,6 +14,8 @@ linters:
desc: "Use 'slices' instead" desc: "Use 'slices' instead"
- pkg: "golang.org/x/exp/maps" - pkg: "golang.org/x/exp/maps"
desc: "Use 'maps' or 'github.com/samber/lo' instead" desc: "Use 'maps' or 'github.com/samber/lo' instead"
- pkg: "io/ioutil"
desc: "io/ioutil is deprecated. Use 'io' or 'os' instead"
dupl: dupl:
threshold: 100 threshold: 100
errcheck: errcheck:

21
integration/client_server_test.go
View File

@@ -11,14 +11,14 @@ import (
"testing" "testing"
"time" "time"
"github.com/aquasecurity/trivy/pkg/types"
dockercontainer "github.com/docker/docker/api/types/container" dockercontainer "github.com/docker/docker/api/types/container"
"github.com/docker/go-connections/nat" "github.com/docker/go-connections/nat"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"github.com/testcontainers/testcontainers-go" "github.com/testcontainers/testcontainers-go"
"github.com/aquasecurity/trivy/pkg/report" "github.com/aquasecurity/trivy/pkg/report"
"github.com/aquasecurity/trivy/pkg/types"
) )
type csArgs struct { type csArgs struct {
@@ -60,7 +60,7 @@ func TestClientServer(t *testing.T) {
Input: "testdata/fixtures/images/alpine-39.tar.gz", Input: "testdata/fixtures/images/alpine-39.tar.gz",
Distro: "alpine/3.10", Distro: "alpine/3.10",
}, },
override: func(t *testing.T, want, got *types.Report) { override: func(_ *testing.T, want, _ *types.Report) {
want.Metadata.OS.Name = "3.10" want.Metadata.OS.Name = "3.10"
want.Results[0].Target = "testdata/fixtures/images/alpine-39.tar.gz (alpine 3.10)" want.Results[0].Target = "testdata/fixtures/images/alpine-39.tar.gz (alpine 3.10)"
}, },
@@ -312,7 +312,7 @@ func TestClientServer(t *testing.T) {
Target: "https://github.com/knqyf263/trivy-ci-test", Target: "https://github.com/knqyf263/trivy-ci-test",
}, },
golden: "testdata/test-repo.json.golden", golden: "testdata/test-repo.json.golden",
override: func(t *testing.T, want, got *types.Report) { override: func(_ *testing.T, want, _ *types.Report) {
want.ArtifactName = "https://github.com/knqyf263/trivy-ci-test" want.ArtifactName = "https://github.com/knqyf263/trivy-ci-test"
}, },
}, },
@@ -444,7 +444,7 @@ func TestClientServerWithFormat(t *testing.T) {
t.Setenv("GITHUB_WORKFLOW", "workflow-name") t.Setenv("GITHUB_WORKFLOW", "workflow-name")
t.Cleanup(func() { t.Cleanup(func() {
report.CustomTemplateFuncMap = map[string]any{} report.CustomTemplateFuncMap = make(map[string]any)
}) })
addr, cacheDir := setup(t, setupOptions{}) addr, cacheDir := setup(t, setupOptions{})
@@ -561,7 +561,7 @@ func TestClientServerWithCustomOptions(t *testing.T) {
func TestClientServerWithRedis(t *testing.T) { func TestClientServerWithRedis(t *testing.T) {
// Set up a Redis container // Set up a Redis container
ctx := context.Background() ctx := t.Context()
// This test includes 2 checks // This test includes 2 checks
// redisC container will terminate after first check // redisC container will terminate after first check
redisC, addr := setupRedis(t, ctx) redisC, addr := setupRedis(t, ctx)
@@ -622,10 +622,11 @@ func setup(t *testing.T, options setupOptions) (string, string) {
osArgs := setupServer(addr, options.token, options.tokenHeader, options.pathPrefix, cacheDir, options.cacheBackend) osArgs := setupServer(addr, options.token, options.tokenHeader, options.pathPrefix, cacheDir, options.cacheBackend)
// Run Trivy server // Run Trivy server
require.NoError(t, execute(osArgs)) assert.NoError(t, execute(osArgs))
}() }()
ctx, _ := context.WithTimeout(context.Background(), 5*time.Second) ctx, cancel := context.WithTimeout(t.Context(), 5*time.Second)
defer cancel()
err = waitPort(ctx, addr) err = waitPort(ctx, addr)
require.NoError(t, err) require.NoError(t, err)
@@ -653,7 +654,7 @@ func setupServer(addr, token, tokenHeader, pathPrefix, cacheDir, cacheBackend st
return osArgs return osArgs
} }
func setupClient(t *testing.T, c csArgs, addr string, cacheDir string) []string { func setupClient(t *testing.T, c csArgs, addr, cacheDir string) []string {
t.Helper() t.Helper()
if c.Command == "" { if c.Command == "" {
c.Command = "image" c.Command = "image"
@@ -699,7 +700,7 @@ func setupClient(t *testing.T, c csArgs, addr string, cacheDir string) []string
if len(c.IgnoreIDs) != 0 { if len(c.IgnoreIDs) != 0 {
trivyIgnore := filepath.Join(t.TempDir(), ".trivyignore") trivyIgnore := filepath.Join(t.TempDir(), ".trivyignore")
err := os.WriteFile(trivyIgnore, []byte(strings.Join(c.IgnoreIDs, "\n")), 0444) err := os.WriteFile(trivyIgnore, []byte(strings.Join(c.IgnoreIDs, "\n")), 0o444)
require.NoError(t, err, "failed to write .trivyignore") require.NoError(t, err, "failed to write .trivyignore")
osArgs = append(osArgs, "--ignorefile", trivyIgnore) osArgs = append(osArgs, "--ignorefile", trivyIgnore)
} }

4
integration/config_test.go
View File

@@ -202,7 +202,7 @@ severity:
outputFile := filepath.Join(t.TempDir(), "output.json") outputFile := filepath.Join(t.TempDir(), "output.json")
configFile := tt.args.configFile configFile := tt.args.configFile
configFile = configFile + fmt.Sprintf(` configFile += fmt.Sprintf(`
format: json format: json
output: %s output: %s
cache: cache:
@@ -212,7 +212,7 @@ db:
`, outputFile, cacheDir) `, outputFile, cacheDir)
configPath := filepath.Join(t.TempDir(), "trivy.yaml") configPath := filepath.Join(t.TempDir(), "trivy.yaml")
err := os.WriteFile(configPath, []byte(configFile), 0444) err := os.WriteFile(configPath, []byte(configFile), 0o444)
require.NoError(t, err) require.NoError(t, err)
osArgs := []string{ osArgs := []string{

3
integration/convert_test.go
View File

@@ -76,8 +76,7 @@ func TestConvert(t *testing.T) {
outputFile = tt.golden outputFile = tt.golden
} }
osArgs = append(osArgs, "--output", outputFile) osArgs = append(osArgs, "--output", outputFile, tt.args.input)
osArgs = append(osArgs, tt.args.input)
// Run "trivy convert" // Run "trivy convert"
runTest(t, osArgs, tt.golden, outputFile, types.Format(tt.args.format), runOptions{ runTest(t, osArgs, tt.golden, outputFile, types.Format(tt.args.format), runOptions{

9
integration/docker_engine_test.go
View File

@@ -3,15 +3,14 @@
package integration package integration
import ( import (
"context"
"os" "os"
"strings" "strings"
"testing" "testing"
"github.com/stretchr/testify/require"
"github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/internal/testutil"
"github.com/aquasecurity/trivy/pkg/types" "github.com/aquasecurity/trivy/pkg/types"
"github.com/stretchr/testify/require"
) )
func TestDockerEngine(t *testing.T) { func TestDockerEngine(t *testing.T) {
@@ -216,7 +215,7 @@ func TestDockerEngine(t *testing.T) {
// Set a temp dir so that modules will not be loaded // Set a temp dir so that modules will not be loaded
t.Setenv("XDG_DATA_HOME", cacheDir) t.Setenv("XDG_DATA_HOME", cacheDir)
ctx := context.Background() ctx := t.Context()
defer ctx.Done() defer ctx.Done()
cli := testutil.NewDockerClient(t) cli := testutil.NewDockerClient(t)
@@ -272,7 +271,7 @@ func TestDockerEngine(t *testing.T) {
} }
if len(tt.ignoreIDs) != 0 { if len(tt.ignoreIDs) != 0 {
trivyIgnore := ".trivyignore" trivyIgnore := ".trivyignore"
err := os.WriteFile(trivyIgnore, []byte(strings.Join(tt.ignoreIDs, "\n")), 0444) err := os.WriteFile(trivyIgnore, []byte(strings.Join(tt.ignoreIDs, "\n")), 0o444)
require.NoError(t, err, "failed to write .trivyignore") require.NoError(t, err, "failed to write .trivyignore")
defer os.Remove(trivyIgnore) defer os.Remove(trivyIgnore)
} }

4
integration/integration_test.go
View File

@@ -296,7 +296,7 @@ func compareRawFiles(t *testing.T, wantFile, gotFile string) {
require.NoError(t, err) require.NoError(t, err)
got, err := os.ReadFile(gotFile) got, err := os.ReadFile(gotFile)
require.NoError(t, err) require.NoError(t, err)
assert.EqualValues(t, string(want), string(got)) assert.Equal(t, string(want), string(got))
} }
func compareReports(t *testing.T, wantFile, gotFile string, override func(t *testing.T, want, got *types.Report)) { func compareReports(t *testing.T, wantFile, gotFile string, override func(t *testing.T, want, got *types.Report)) {
@@ -378,7 +378,7 @@ func overrideUID(t *testing.T, want, got *types.Report) {
// overrideDockerRemovedFields clears image config fields that were removed from Docker API // overrideDockerRemovedFields clears image config fields that were removed from Docker API
// cf. https://github.com/moby/moby/blob/d0ad1357a141c795e1e0490e3fed00ddabcb91b9/docs/api/version-history.md // cf. https://github.com/moby/moby/blob/d0ad1357a141c795e1e0490e3fed00ddabcb91b9/docs/api/version-history.md
func overrideDockerRemovedFields(t *testing.T, want, got *types.Report) { func overrideDockerRemovedFields(_ *testing.T, want, got *types.Report) {
// Clear Container field (removed in Docker API v1.45) // Clear Container field (removed in Docker API v1.45)
got.Metadata.ImageConfig.Container = "" got.Metadata.ImageConfig.Container = ""
want.Metadata.ImageConfig.Container = "" want.Metadata.ImageConfig.Container = ""

1
integration/plugin_test.go
View File

@@ -77,6 +77,7 @@ func TestPlugin(t *testing.T) {
} }
err = execute(args) err = execute(args)
require.NoError(t, err)
if *update { if *update {
fsutils.CopyFile(tempStdOut.Name(), tt.golden) fsutils.CopyFile(tempStdOut.Name(), tt.golden)

10
integration/registry_test.go
View File

@@ -17,8 +17,6 @@ import (
"path/filepath" "path/filepath"
"testing" "testing"
"github.com/aquasecurity/trivy/pkg/types"
dockercontainer "github.com/docker/docker/api/types/container" dockercontainer "github.com/docker/docker/api/types/container"
"github.com/docker/go-connections/nat" "github.com/docker/go-connections/nat"
"github.com/google/go-containerregistry/pkg/authn" "github.com/google/go-containerregistry/pkg/authn"
@@ -28,6 +26,8 @@ import (
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"github.com/testcontainers/testcontainers-go" "github.com/testcontainers/testcontainers-go"
"github.com/testcontainers/testcontainers-go/wait" "github.com/testcontainers/testcontainers-go/wait"
"github.com/aquasecurity/trivy/pkg/types"
) )
const ( const (
@@ -121,7 +121,7 @@ type registryOption struct {
} }
func TestRegistry(t *testing.T) { func TestRegistry(t *testing.T) {
ctx := context.Background() ctx := t.Context()
baseDir, err := filepath.Abs(".") baseDir, err := filepath.Abs(".")
require.NoError(t, err) require.NoError(t, err)
@@ -241,7 +241,7 @@ func TestRegistry(t *testing.T) {
// Run Trivy // Run Trivy
runTest(t, osArgs, tt.golden, "", types.FormatJSON, runOptions{ runTest(t, osArgs, tt.golden, "", types.FormatJSON, runOptions{
wantErr: tt.wantErr, wantErr: tt.wantErr,
override: overrideFuncs(overrideUID, func(t *testing.T, want, got *types.Report) { override: overrideFuncs(overrideUID, func(_ *testing.T, want, _ *types.Report) {
want.ArtifactName = s want.ArtifactName = s
for i := range want.Results { for i := range want.Results {
want.Results[i].Target = fmt.Sprintf("%s (%s)", s, tt.os) want.Results[i].Target = fmt.Sprintf("%s (%s)", s, tt.os)
@@ -334,7 +334,7 @@ func requestRegistryToken(imageRef name.Reference, baseDir string, opt registryO
} }
// Get a registry token // Get a registry token
req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/auth", opt.AuthURL), nil) req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/auth", opt.AuthURL), http.NoBody)
if err != nil { if err != nil {
return "", err return "", err
} }

207
integration/repo_test.go
View File

@@ -3,8 +3,9 @@
package integration package integration
import ( import (
"fmt"
"os" "os"
"path/filepath"
"strconv"
"strings" "strings"
"testing" "testing"
@@ -14,10 +15,7 @@ import (
"github.com/aquasecurity/trivy/pkg/types" "github.com/aquasecurity/trivy/pkg/types"
) )
// TestRepository tests `trivy repo` with the local code repositories type repoTestArgs struct {
func TestRepository(t *testing.T) {
t.Setenv("NUGET_PACKAGES", t.TempDir())
type args struct {
scanner types.Scanner scanner types.Scanner
ignoreIDs []string ignoreIDs []string
policyPaths []string policyPaths []string
@@ -37,15 +35,19 @@ func TestRepository(t *testing.T) {
vex string vex string
vulnSeveritySources []string vulnSeveritySources []string
} }
// TestRepository tests `trivy repo` with the local code repositories
func TestRepository(t *testing.T) {
t.Setenv("NUGET_PACKAGES", t.TempDir())
tests := []struct { tests := []struct {
name string name string
args args args repoTestArgs
golden string golden string
override func(t *testing.T, want, got *types.Report) override func(t *testing.T, want, got *types.Report)
}{ }{
{ {
name: "gomod", name: "gomod",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/gomod", input: "testdata/fixtures/repo/gomod",
}, },
@@ -53,7 +55,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "gomod with skip files", name: "gomod with skip files",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/gomod", input: "testdata/fixtures/repo/gomod",
skipFiles: []string{"testdata/fixtures/repo/gomod/submod2/go.mod"}, skipFiles: []string{"testdata/fixtures/repo/gomod/submod2/go.mod"},
@@ -62,7 +64,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "gomod with skip dirs", name: "gomod with skip dirs",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/gomod", input: "testdata/fixtures/repo/gomod",
skipDirs: []string{"testdata/fixtures/repo/gomod/submod2"}, skipDirs: []string{"testdata/fixtures/repo/gomod/submod2"},
@@ -71,7 +73,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "gomod in series", name: "gomod in series",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/gomod", input: "testdata/fixtures/repo/gomod",
parallel: 1, parallel: 1,
@@ -80,7 +82,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "gomod with local VEX file", name: "gomod with local VEX file",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/gomod", input: "testdata/fixtures/repo/gomod",
vex: "testdata/fixtures/vex/file/openvex.json", vex: "testdata/fixtures/vex/file/openvex.json",
@@ -89,7 +91,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "gomod with VEX repository", name: "gomod with VEX repository",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/gomod", input: "testdata/fixtures/repo/gomod",
vex: "repo", vex: "repo",
@@ -98,7 +100,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "npm", name: "npm",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/npm", input: "testdata/fixtures/repo/npm",
listAllPkgs: true, listAllPkgs: true,
@@ -107,7 +109,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "npm with severity from ubuntu", name: "npm with severity from ubuntu",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/npm", input: "testdata/fixtures/repo/npm",
vulnSeveritySources: []string{ vulnSeveritySources: []string{
@@ -119,7 +121,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "npm with dev deps", name: "npm with dev deps",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/npm", input: "testdata/fixtures/repo/npm",
listAllPkgs: true, listAllPkgs: true,
@@ -129,7 +131,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "yarn", name: "yarn",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/yarn", input: "testdata/fixtures/repo/yarn",
listAllPkgs: true, listAllPkgs: true,
@@ -138,7 +140,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "pnpm", name: "pnpm",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/pnpm", input: "testdata/fixtures/repo/pnpm",
listAllPkgs: true, listAllPkgs: true,
@@ -147,7 +149,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "bun", name: "bun",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/bun", input: "testdata/fixtures/repo/bun",
listAllPkgs: true, listAllPkgs: true,
@@ -156,7 +158,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "pip", name: "pip",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
listAllPkgs: true, listAllPkgs: true,
input: "testdata/fixtures/repo/pip", input: "testdata/fixtures/repo/pip",
@@ -165,7 +167,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "pipenv", name: "pipenv",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
listAllPkgs: true, listAllPkgs: true,
input: "testdata/fixtures/repo/pipenv", input: "testdata/fixtures/repo/pipenv",
@@ -174,7 +176,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "poetry", name: "poetry",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
listAllPkgs: true, listAllPkgs: true,
input: "testdata/fixtures/repo/poetry", input: "testdata/fixtures/repo/poetry",
@@ -183,7 +185,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "uv", name: "uv",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
listAllPkgs: true, listAllPkgs: true,
input: "testdata/fixtures/repo/uv", input: "testdata/fixtures/repo/uv",
@@ -192,7 +194,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "pom", name: "pom",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/pom", input: "testdata/fixtures/repo/pom",
}, },
@@ -200,7 +202,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "gradle", name: "gradle",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/gradle", input: "testdata/fixtures/repo/gradle",
}, },
@@ -208,7 +210,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "sbt", name: "sbt",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/sbt", input: "testdata/fixtures/repo/sbt",
}, },
@@ -216,7 +218,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "conan", name: "conan",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
listAllPkgs: true, listAllPkgs: true,
input: "testdata/fixtures/repo/conan", input: "testdata/fixtures/repo/conan",
@@ -225,7 +227,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "nuget", name: "nuget",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
listAllPkgs: true, listAllPkgs: true,
input: "testdata/fixtures/repo/nuget", input: "testdata/fixtures/repo/nuget",
@@ -234,7 +236,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "dotnet", name: "dotnet",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
listAllPkgs: true, listAllPkgs: true,
input: "testdata/fixtures/repo/dotnet", input: "testdata/fixtures/repo/dotnet",
@@ -243,7 +245,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "packages-props", name: "packages-props",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
listAllPkgs: true, listAllPkgs: true,
input: "testdata/fixtures/repo/packagesprops", input: "testdata/fixtures/repo/packagesprops",
@@ -252,7 +254,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "swift", name: "swift",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
listAllPkgs: true, listAllPkgs: true,
input: "testdata/fixtures/repo/swift", input: "testdata/fixtures/repo/swift",
@@ -261,7 +263,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "cocoapods", name: "cocoapods",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
listAllPkgs: true, listAllPkgs: true,
input: "testdata/fixtures/repo/cocoapods", input: "testdata/fixtures/repo/cocoapods",
@@ -270,7 +272,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "pubspec.lock", name: "pubspec.lock",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
listAllPkgs: true, listAllPkgs: true,
input: "testdata/fixtures/repo/pubspec", input: "testdata/fixtures/repo/pubspec",
@@ -279,7 +281,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "mix.lock", name: "mix.lock",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
listAllPkgs: true, listAllPkgs: true,
input: "testdata/fixtures/repo/mixlock", input: "testdata/fixtures/repo/mixlock",
@@ -288,7 +290,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "composer.lock", name: "composer.lock",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
listAllPkgs: true, listAllPkgs: true,
input: "testdata/fixtures/repo/composer", input: "testdata/fixtures/repo/composer",
@@ -297,7 +299,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "cargo.lock", name: "cargo.lock",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
listAllPkgs: true, listAllPkgs: true,
input: "testdata/fixtures/repo/cargo", input: "testdata/fixtures/repo/cargo",
@@ -306,7 +308,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "multiple lockfiles", name: "multiple lockfiles",
args: args{ args: repoTestArgs{
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/trivy-ci-test", input: "testdata/fixtures/repo/trivy-ci-test",
}, },
@@ -314,7 +316,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "installed.json", name: "installed.json",
args: args{ args: repoTestArgs{
command: "rootfs", command: "rootfs",
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
listAllPkgs: true, listAllPkgs: true,
@@ -324,7 +326,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "dockerfile", name: "dockerfile",
args: args{ args: repoTestArgs{
scanner: types.MisconfigScanner, scanner: types.MisconfigScanner,
input: "testdata/fixtures/repo/dockerfile", input: "testdata/fixtures/repo/dockerfile",
namespaces: []string{"testing"}, namespaces: []string{"testing"},
@@ -333,7 +335,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "dockerfile with custom file pattern", name: "dockerfile with custom file pattern",
args: args{ args: repoTestArgs{
scanner: types.MisconfigScanner, scanner: types.MisconfigScanner,
input: "testdata/fixtures/repo/dockerfile_file_pattern", input: "testdata/fixtures/repo/dockerfile_file_pattern",
namespaces: []string{"testing"}, namespaces: []string{"testing"},
@@ -343,7 +345,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "dockerfile with custom policies", name: "dockerfile with custom policies",
args: args{ args: repoTestArgs{
scanner: types.MisconfigScanner, scanner: types.MisconfigScanner,
policyPaths: []string{"testdata/fixtures/repo/custom-policy/policy"}, policyPaths: []string{"testdata/fixtures/repo/custom-policy/policy"},
namespaces: []string{"user"}, namespaces: []string{"user"},
@@ -353,7 +355,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "tarball helm chart scanning with builtin policies", name: "tarball helm chart scanning with builtin policies",
args: args{ args: repoTestArgs{
scanner: types.MisconfigScanner, scanner: types.MisconfigScanner,
input: "testdata/fixtures/repo/helm", input: "testdata/fixtures/repo/helm",
}, },
@@ -361,7 +363,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "helm chart directory scanning with builtin policies", name: "helm chart directory scanning with builtin policies",
args: args{ args: repoTestArgs{
scanner: types.MisconfigScanner, scanner: types.MisconfigScanner,
input: "testdata/fixtures/repo/helm_testchart", input: "testdata/fixtures/repo/helm_testchart",
}, },
@@ -369,7 +371,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "helm chart directory scanning with value overrides using set", name: "helm chart directory scanning with value overrides using set",
args: args{ args: repoTestArgs{
scanner: types.MisconfigScanner, scanner: types.MisconfigScanner,
input: "testdata/fixtures/repo/helm_testchart", input: "testdata/fixtures/repo/helm_testchart",
helmSet: []string{"securityContext.runAsUser=0"}, helmSet: []string{"securityContext.runAsUser=0"},
@@ -378,7 +380,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "helm chart directory scanning with value overrides using value file", name: "helm chart directory scanning with value overrides using value file",
args: args{ args: repoTestArgs{
scanner: types.MisconfigScanner, scanner: types.MisconfigScanner,
input: "testdata/fixtures/repo/helm_testchart", input: "testdata/fixtures/repo/helm_testchart",
helmValuesFile: []string{"testdata/fixtures/repo/helm_values/values.yaml"}, helmValuesFile: []string{"testdata/fixtures/repo/helm_values/values.yaml"},
@@ -387,7 +389,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "helm chart directory scanning with builtin policies and non string Chart name", name: "helm chart directory scanning with builtin policies and non string Chart name",
args: args{ args: repoTestArgs{
scanner: types.MisconfigScanner, scanner: types.MisconfigScanner,
input: "testdata/fixtures/repo/helm_badname", input: "testdata/fixtures/repo/helm_badname",
}, },
@@ -395,7 +397,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "secrets", name: "secrets",
args: args{ args: repoTestArgs{
scanner: "vuln,secret", scanner: "vuln,secret",
input: "testdata/fixtures/repo/secrets", input: "testdata/fixtures/repo/secrets",
secretConfig: "testdata/fixtures/repo/secrets/trivy-secret.yaml", secretConfig: "testdata/fixtures/repo/secrets/trivy-secret.yaml",
@@ -404,7 +406,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "conda generating CycloneDX SBOM", name: "conda generating CycloneDX SBOM",
args: args{ args: repoTestArgs{
command: "rootfs", command: "rootfs",
format: "cyclonedx", format: "cyclonedx",
input: "testdata/fixtures/repo/conda", input: "testdata/fixtures/repo/conda",
@@ -413,7 +415,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "conda environment.yaml generating CycloneDX SBOM", name: "conda environment.yaml generating CycloneDX SBOM",
args: args{ args: repoTestArgs{
command: "fs", command: "fs",
format: "cyclonedx", format: "cyclonedx",
input: "testdata/fixtures/repo/conda-environment", input: "testdata/fixtures/repo/conda-environment",
@@ -422,7 +424,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "pom.xml generating CycloneDX SBOM (with vulnerabilities)", name: "pom.xml generating CycloneDX SBOM (with vulnerabilities)",
args: args{ args: repoTestArgs{
command: "fs", command: "fs",
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
format: "cyclonedx", format: "cyclonedx",
@@ -432,7 +434,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "conda generating SPDX SBOM", name: "conda generating SPDX SBOM",
args: args{ args: repoTestArgs{
command: "rootfs", command: "rootfs",
format: "spdx-json", format: "spdx-json",
input: "testdata/fixtures/repo/conda", input: "testdata/fixtures/repo/conda",
@@ -441,7 +443,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "gomod with fs subcommand", name: "gomod with fs subcommand",
args: args{ args: repoTestArgs{
command: "fs", command: "fs",
scanner: types.VulnerabilityScanner, scanner: types.VulnerabilityScanner,
input: "testdata/fixtures/repo/gomod", input: "testdata/fixtures/repo/gomod",
@@ -454,7 +456,7 @@ func TestRepository(t *testing.T) {
}, },
{ {
name: "dockerfile with fs subcommand and an alias scanner", name: "dockerfile with fs subcommand and an alias scanner",
args: args{ args: repoTestArgs{
command: "fs", command: "fs",
scanner: "config", // for backward compatibility scanner: "config", // for backward compatibility
policyPaths: []string{"testdata/fixtures/repo/custom-policy/policy"}, policyPaths: []string{"testdata/fixtures/repo/custom-policy/policy"},
@@ -462,13 +464,13 @@ func TestRepository(t *testing.T) {
input: "testdata/fixtures/repo/custom-policy", input: "testdata/fixtures/repo/custom-policy",
}, },
golden: "testdata/dockerfile-custom-policies.json.golden", golden: "testdata/dockerfile-custom-policies.json.golden",
override: func(_ *testing.T, want, got *types.Report) { override: func(_ *testing.T, want, _ *types.Report) {
want.ArtifactType = ftypes.TypeFilesystem want.ArtifactType = ftypes.TypeFilesystem
}, },
}, },
{ {
name: "julia generating SPDX SBOM", name: "julia generating SPDX SBOM",
args: args{ args: repoTestArgs{
command: "rootfs", command: "rootfs",
format: "spdx-json", format: "spdx-json",
input: "testdata/fixtures/repo/julia", input: "testdata/fixtures/repo/julia",
@@ -501,6 +503,18 @@ func TestRepository(t *testing.T) {
format = tt.args.format format = tt.args.format
} }
osArgs := buildArgs(t, cacheDir, command, format, tt.args)
runTest(t, osArgs, tt.golden, "", format, runOptions{
fakeUUID: "3ff14136-e09f-4df9-80ea-%012d",
override: tt.override,
})
})
}
}
func buildArgs(t *testing.T, cacheDir, command string, format types.Format, testArgs repoTestArgs) []string {
// Build base arguments
osArgs := []string{ osArgs := []string{
"-q", "-q",
"--cache-dir", "--cache-dir",
@@ -511,90 +525,65 @@ func TestRepository(t *testing.T) {
"--format", "--format",
string(format), string(format),
"--parallel", "--parallel",
fmt.Sprint(tt.args.parallel), strconv.Itoa(testArgs.parallel),
"--offline-scan", "--offline-scan",
tt.args.input, testArgs.input,
} }
if tt.args.scanner != "" { if testArgs.scanner != "" {
osArgs = append(osArgs, "--scanners", string(tt.args.scanner)) osArgs = append(osArgs, "--scanners", string(testArgs.scanner))
} }
if len(tt.args.policyPaths) != 0 { for _, policyPath := range testArgs.policyPaths {
for _, policyPath := range tt.args.policyPaths {
osArgs = append(osArgs, "--config-policy", policyPath) osArgs = append(osArgs, "--config-policy", policyPath)
} }
} for _, namespace := range testArgs.namespaces {
if len(tt.args.namespaces) != 0 {
for _, namespace := range tt.args.namespaces {
osArgs = append(osArgs, "--policy-namespaces", namespace) osArgs = append(osArgs, "--policy-namespaces", namespace)
} }
}
if len(tt.args.ignoreIDs) != 0 { // Handle ignore file using temporary directory
trivyIgnore := ".trivyignore" if len(testArgs.ignoreIDs) != 0 {
err := os.WriteFile(trivyIgnore, []byte(strings.Join(tt.args.ignoreIDs, "\n")), 0444) trivyIgnore := filepath.Join(t.TempDir(), ".trivyignore")
err := os.WriteFile(trivyIgnore, []byte(strings.Join(testArgs.ignoreIDs, "\n")), 0o444)
require.NoError(t, err, "failed to write .trivyignore") require.NoError(t, err, "failed to write .trivyignore")
defer os.Remove(trivyIgnore) osArgs = append(osArgs, "--ignorefile", trivyIgnore)
} }
if len(tt.args.filePatterns) != 0 { for _, filePattern := range testArgs.filePatterns {
for _, filePattern := range tt.args.filePatterns {
osArgs = append(osArgs, "--file-patterns", filePattern) osArgs = append(osArgs, "--file-patterns", filePattern)
} }
for _, hs := range testArgs.helmSet {
osArgs = append(osArgs, "--helm-set", hs)
}
for _, hvf := range testArgs.helmValuesFile {
osArgs = append(osArgs, "--helm-values", hvf)
} }
if len(tt.args.helmSet) != 0 { for _, skipFile := range testArgs.skipFiles {
for _, helmSet := range tt.args.helmSet {
osArgs = append(osArgs, "--helm-set", helmSet)
}
}
if len(tt.args.helmValuesFile) != 0 {
for _, helmValuesFile := range tt.args.helmValuesFile {
osArgs = append(osArgs, "--helm-values", helmValuesFile)
}
}
if len(tt.args.skipFiles) != 0 {
for _, skipFile := range tt.args.skipFiles {
osArgs = append(osArgs, "--skip-files", skipFile) osArgs = append(osArgs, "--skip-files", skipFile)
} }
} for _, skipDir := range testArgs.skipDirs {
if len(tt.args.skipDirs) != 0 {
for _, skipDir := range tt.args.skipDirs {
osArgs = append(osArgs, "--skip-dirs", skipDir) osArgs = append(osArgs, "--skip-dirs", skipDir)
} }
}
if len(tt.args.vulnSeveritySources) != 0 { if len(testArgs.vulnSeveritySources) != 0 {
osArgs = append(osArgs, osArgs = append(osArgs,
"--vuln-severity-source", strings.Join(tt.args.vulnSeveritySources, ","), "--vuln-severity-source", strings.Join(testArgs.vulnSeveritySources, ","),
) )
} }
if testArgs.listAllPkgs {
if tt.args.listAllPkgs {
osArgs = append(osArgs, "--list-all-pkgs") osArgs = append(osArgs, "--list-all-pkgs")
} }
if testArgs.includeDevDeps {
if tt.args.includeDevDeps {
osArgs = append(osArgs, "--include-dev-deps") osArgs = append(osArgs, "--include-dev-deps")
} }
if testArgs.secretConfig != "" {
if tt.args.secretConfig != "" { osArgs = append(osArgs, "--secret-config", testArgs.secretConfig)
osArgs = append(osArgs, "--secret-config", tt.args.secretConfig) }
if testArgs.vex != "" {
osArgs = append(osArgs, "--vex", testArgs.vex)
} }
if tt.args.vex != "" { return osArgs
osArgs = append(osArgs, "--vex", tt.args.vex)
}
runTest(t, osArgs, tt.golden, "", format, runOptions{
fakeUUID: "3ff14136-e09f-4df9-80ea-%012d",
override: tt.override,
})
})
}
} }

5
integration/sbom_test.go
View File

@@ -186,8 +186,7 @@ func TestSBOM(t *testing.T) {
outputFile = tt.golden outputFile = tt.golden
} }
osArgs = append(osArgs, "--output", outputFile) osArgs = append(osArgs, "--output", outputFile, tt.args.input)
osArgs = append(osArgs, tt.args.input)
// Run "trivy sbom" // Run "trivy sbom"
runTest(t, osArgs, tt.golden, outputFile, types.Format(tt.args.format), runOptions{ runTest(t, osArgs, tt.golden, outputFile, types.Format(tt.args.format), runOptions{
@@ -198,7 +197,7 @@ func TestSBOM(t *testing.T) {
} }
} }
func overrideSBOMReport(t *testing.T, want, got *types.Report) { func overrideSBOMReport(_ *testing.T, want, got *types.Report) {
want.Metadata.ImageID = "" want.Metadata.ImageID = ""
want.Metadata.ImageConfig = v1.ConfigFile{} want.Metadata.ImageConfig = v1.ConfigFile{}
want.Metadata.DiffIDs = nil want.Metadata.DiffIDs = nil

8
integration/standalone_tar_test.go
View File

@@ -8,10 +8,10 @@ import (
"strings" "strings"
"testing" "testing"
"github.com/stretchr/testify/require"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/types" "github.com/aquasecurity/trivy/pkg/types"
"github.com/stretchr/testify/require"
) )
func TestTar(t *testing.T) { func TestTar(t *testing.T) {
@@ -168,7 +168,7 @@ func TestTar(t *testing.T) {
Input: "testdata/fixtures/images/alpine-39.tar.gz", Input: "testdata/fixtures/images/alpine-39.tar.gz",
Distro: "alpine/3.10", Distro: "alpine/3.10",
}, },
override: func(t *testing.T, want, got *types.Report) { override: func(_ *testing.T, want, _ *types.Report) {
want.Metadata.OS.Name = "3.10" want.Metadata.OS.Name = "3.10"
want.Results[0].Target = "testdata/fixtures/images/alpine-39.tar.gz (alpine 3.10)" want.Results[0].Target = "testdata/fixtures/images/alpine-39.tar.gz (alpine 3.10)"
}, },
@@ -425,7 +425,7 @@ func TestTar(t *testing.T) {
} }
if len(tt.args.IgnoreIDs) != 0 { if len(tt.args.IgnoreIDs) != 0 {
trivyIgnore := ".trivyignore" trivyIgnore := ".trivyignore"
err := os.WriteFile(trivyIgnore, []byte(strings.Join(tt.args.IgnoreIDs, "\n")), 0444) err := os.WriteFile(trivyIgnore, []byte(strings.Join(tt.args.IgnoreIDs, "\n")), 0o444)
require.NoError(t, err, "failed to write .trivyignore") require.NoError(t, err, "failed to write .trivyignore")
defer os.Remove(trivyIgnore) defer os.Remove(trivyIgnore)
} }

4
magefiles/magefile.go
View File

@@ -348,13 +348,13 @@ type Lint mg.Namespace
// Run runs linters // Run runs linters
func (Lint) Run() error { func (Lint) Run() error {
mg.Deps(Tool{}.GolangciLint) mg.Deps(Tool{}.GolangciLint)
return sh.RunV("golangci-lint", "run") return sh.RunV("golangci-lint", "run", "--build-tags=integration")
} }
// Fix auto fixes linters // Fix auto fixes linters
func (Lint) Fix() error { func (Lint) Fix() error {
mg.Deps(Tool{}.GolangciLint) mg.Deps(Tool{}.GolangciLint)
return sh.RunV("golangci-lint", "run", "--fix") return sh.RunV("golangci-lint", "run", "--fix", "--build-tags=integration")
} }
// Fmt formats Go code and proto files // Fmt formats Go code and proto files

34
pkg/fanal/test/integration/library_test.go
View File

@@ -11,20 +11,20 @@ import (
"sort" "sort"
"testing" "testing"
"github.com/aquasecurity/trivy/internal/testutil"
"github.com/aquasecurity/trivy/pkg/cache"
"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
_ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/all"
"github.com/aquasecurity/trivy/pkg/fanal/applier"
"github.com/aquasecurity/trivy/pkg/fanal/artifact"
aimage "github.com/aquasecurity/trivy/pkg/fanal/artifact/image"
_ "github.com/aquasecurity/trivy/pkg/fanal/handler/all"
"github.com/aquasecurity/trivy/pkg/fanal/image"
"github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"github.com/aquasecurity/trivy/internal/testutil"
"github.com/aquasecurity/trivy/pkg/cache"
"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
"github.com/aquasecurity/trivy/pkg/fanal/applier"
"github.com/aquasecurity/trivy/pkg/fanal/artifact"
aimage "github.com/aquasecurity/trivy/pkg/fanal/artifact/image"
"github.com/aquasecurity/trivy/pkg/fanal/image"
"github.com/aquasecurity/trivy/pkg/fanal/types"
_ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/all"
_ "github.com/aquasecurity/trivy/pkg/fanal/handler/all"
_ "modernc.org/sqlite" _ "modernc.org/sqlite"
) )
@@ -145,7 +145,7 @@ func TestFanal_Library_DockerMode(t *testing.T) {
cli := testutil.NewDockerClient(t) cli := testutil.NewDockerClient(t)
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
ctx := context.Background() ctx := t.Context()
d := t.TempDir() d := t.TempDir()
c, err := cache.NewFSCache(d) c, err := cache.NewFSCache(d)
@@ -186,7 +186,7 @@ func TestFanal_Library_TarMode(t *testing.T) {
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
t.Parallel() t.Parallel()
ctx := context.Background() ctx := t.Context()
d := t.TempDir() d := t.TempDir()
c, err := cache.NewFSCache(d) c, err := cache.NewFSCache(d)
@@ -237,7 +237,7 @@ func checkOSPackages(t *testing.T, detail types.ArtifactDetail, tc testCase) {
if *update { if *update {
b, err := json.MarshalIndent(detail.Packages, "", " ") b, err := json.MarshalIndent(detail.Packages, "", " ")
require.NoError(t, err) require.NoError(t, err)
err = os.WriteFile(goldenFile, b, 0666) err = os.WriteFile(goldenFile, b, 0o666)
require.NoError(t, err) require.NoError(t, err)
return return
} }
@@ -248,7 +248,7 @@ func checkOSPackages(t *testing.T, detail types.ArtifactDetail, tc testCase) {
err = json.Unmarshal(data, &expectedPkgs) err = json.Unmarshal(data, &expectedPkgs)
require.NoError(t, err) require.NoError(t, err)
require.Equal(t, len(expectedPkgs), len(detail.Packages), tc.name) require.Len(t, expectedPkgs, len(detail.Packages), tc.name)
sort.Slice(expectedPkgs, func(i, j int) bool { return expectedPkgs[i].Name < expectedPkgs[j].Name }) sort.Slice(expectedPkgs, func(i, j int) bool { return expectedPkgs[i].Name < expectedPkgs[j].Name })
sort.Sort(detail.Packages) sort.Sort(detail.Packages)
@@ -285,7 +285,7 @@ func checkLangPkgs(detail types.ArtifactDetail, t *testing.T, tc testCase) {
if *update { if *update {
b, err := json.MarshalIndent(detail.Applications, "", " ") b, err := json.MarshalIndent(detail.Applications, "", " ")
require.NoError(t, err) require.NoError(t, err)
err = os.WriteFile(tc.wantApplicationFile, b, 0666) err = os.WriteFile(tc.wantApplicationFile, b, 0o666)
require.NoError(t, err) require.NoError(t, err)
return return
} }
@@ -308,7 +308,7 @@ func checkPackageFromCommands(t *testing.T, detail types.ArtifactDetail, tc test
sort.Sort(types.Packages(detail.ImageConfig.Packages)) sort.Sort(types.Packages(detail.ImageConfig.Packages))
b, err := json.MarshalIndent(detail.ImageConfig.Packages, "", " ") b, err := json.MarshalIndent(detail.ImageConfig.Packages, "", " ")
require.NoError(t, err) require.NoError(t, err)
err = os.WriteFile(tc.wantPkgsFromCmds, b, 0666) err = os.WriteFile(tc.wantPkgsFromCmds, b, 0o666)
require.NoError(t, err) require.NoError(t, err)
return return
} }

18
pkg/fanal/test/integration/registry_test.go
View File

@@ -1,14 +1,11 @@
//go:build integration //go:build integration
// +build integration
package integration package integration
import ( import (
"context" "context"
"fmt" "fmt"
"io/ioutil"
"net/url" "net/url"
"os"
"path/filepath" "path/filepath"
"testing" "testing"
@@ -23,13 +20,14 @@ import (
"github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/internal/testutil"
"github.com/aquasecurity/trivy/pkg/cache" "github.com/aquasecurity/trivy/pkg/cache"
"github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/analyzer"
_ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/all"
"github.com/aquasecurity/trivy/pkg/fanal/applier" "github.com/aquasecurity/trivy/pkg/fanal/applier"
"github.com/aquasecurity/trivy/pkg/fanal/artifact" "github.com/aquasecurity/trivy/pkg/fanal/artifact"
aimage "github.com/aquasecurity/trivy/pkg/fanal/artifact/image" aimage "github.com/aquasecurity/trivy/pkg/fanal/artifact/image"
"github.com/aquasecurity/trivy/pkg/fanal/image" "github.com/aquasecurity/trivy/pkg/fanal/image"
testdocker "github.com/aquasecurity/trivy/pkg/fanal/test/integration/docker" testdocker "github.com/aquasecurity/trivy/pkg/fanal/test/integration/docker"
"github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/fanal/types"
_ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/all"
) )
const ( const (
@@ -40,7 +38,7 @@ const (
) )
func TestTLSRegistry(t *testing.T) { func TestTLSRegistry(t *testing.T) {
ctx := context.Background() ctx := t.Context()
baseDir, err := filepath.Abs(".") baseDir, err := filepath.Abs(".")
require.NoError(t, err) require.NoError(t, err)
@@ -189,7 +187,7 @@ func TestTLSRegistry(t *testing.T) {
// 2. Analyze it // 2. Analyze it
imageRef := fmt.Sprintf("%s/%s", registryURL.Host, tc.imageName) imageRef := fmt.Sprintf("%s/%s", registryURL.Host, tc.imageName)
imageDetail, err := analyze(ctx, imageRef, tc.option) imageDetail, err := analyze(t, ctx, imageRef, tc.option)
require.Equal(t, tc.wantErr, err != nil, err) require.Equal(t, tc.wantErr, err != nil, err)
if err != nil { if err != nil {
return return
@@ -216,12 +214,8 @@ func getRegistryURL(ctx context.Context, registryC testcontainers.Container, exp
return url.Parse(urlStr) return url.Parse(urlStr)
} }
func analyze(ctx context.Context, imageRef string, opt types.ImageOptions) (*types.ArtifactDetail, error) { func analyze(t *testing.T, ctx context.Context, imageRef string, opt types.ImageOptions) (*types.ArtifactDetail, error) {
d, err := ioutil.TempDir("", "TestRegistry-*") d := t.TempDir()
if err != nil {
return nil, err
}
defer os.RemoveAll(d)
c, err := cache.NewFSCache(d) c, err := cache.NewFSCache(d)
if err != nil { if err != nil {