From 04a6073eac12ae752e3e0c9d953b1cc299bba0da Mon Sep 17 00:00:00 2001 From: Teppei Fukuda Date: Wed, 8 May 2024 11:35:18 +0400 Subject: [PATCH] refactor: re-define module structs for serialization (#6655) Signed-off-by: knqyf263 --- examples/module/spring4shell/spring4shell.go | 3 +- pkg/module/module.go | 12 +-- pkg/module/serialize/types.go | 98 +++++++++++++++++++- 3 files changed, 103 insertions(+), 10 deletions(-) diff --git a/examples/module/spring4shell/spring4shell.go b/examples/module/spring4shell/spring4shell.go index 8d7d18ab65dd..6c527cc946b2 100644 --- a/examples/module/spring4shell/spring4shell.go +++ b/examples/module/spring4shell/spring4shell.go @@ -15,7 +15,6 @@ import ( "github.com/aquasecurity/trivy/pkg/module/api" "github.com/aquasecurity/trivy/pkg/module/serialize" "github.com/aquasecurity/trivy/pkg/module/wasm" - "github.com/aquasecurity/trivy/pkg/types" ) const ( @@ -226,7 +225,7 @@ func (Spring4Shell) PostScan(results serialize.Results) (serialize.Results, erro var javaMajorVersion int var tomcatVersion string for _, result := range results { - if result.Class != types.ClassCustom { + if result.Class != "custom" { continue } diff --git a/pkg/module/module.go b/pkg/module/module.go index f573c20597c1..a37790941f79 100644 --- a/pkg/module/module.go +++ b/pkg/module/module.go @@ -481,15 +481,15 @@ func (m *wasmModule) Analyze(ctx context.Context, input analyzer.AnalysisInput) // e.g. Remove a vulnerability, change severity, etc. func (m *wasmModule) PostScan(ctx context.Context, results types.Results) (types.Results, error) { // Find custom resources - var custom serialize.Result + var custom types.Result for _, result := range results { if result.Class == types.ClassCustom { - custom = serialize.Result(result) + custom = result break } } - arg := serialize.Results{custom} + arg := types.Results{custom} switch m.postScanSpec.Action { case tapi.ActionUpdate, tapi.ActionDelete: // Pass the relevant results to the module @@ -529,8 +529,8 @@ func (m *wasmModule) PostScan(ctx context.Context, results types.Results) (types return results, nil } -func findIDs(ids []string, results types.Results) serialize.Results { - var filtered serialize.Results +func findIDs(ids []string, results types.Results) types.Results { + var filtered types.Results for _, result := range results { if result.Class == types.ClassCustom { continue @@ -542,7 +542,7 @@ func findIDs(ids []string, results types.Results) serialize.Results { return slices.Contains(ids, m.ID) }) if len(vulns) > 0 || len(misconfs) > 0 { - filtered = append(filtered, serialize.Result{ + filtered = append(filtered, types.Result{ Target: result.Target, Class: result.Class, Type: result.Type, diff --git a/pkg/module/serialize/types.go b/pkg/module/serialize/types.go index df72a953eee3..beddb8175f44 100644 --- a/pkg/module/serialize/types.go +++ b/pkg/module/serialize/types.go @@ -1,7 +1,7 @@ package serialize import ( - "github.com/aquasecurity/trivy/pkg/types" + "github.com/aquasecurity/trivy-db/pkg/types" ) type StringSlice []string @@ -39,4 +39,98 @@ type PostScanSpec struct { type Results []Result -type Result types.Result +// Result re-defines the Result struct from 'pkg/types/' so TinyGo can compile the code. +// See https://github.com/aquasecurity/trivy/issues/6654 for more details. +type Result struct { + Target string `json:"Target"` + Class string `json:"Class,omitempty"` + Type string `json:"Type,omitempty"` + Vulnerabilities []DetectedVulnerability `json:"Vulnerabilities,omitempty"` + CustomResources []CustomResource `json:"CustomResources,omitempty"` +} + +type DetectedVulnerability struct { + VulnerabilityID string `json:",omitempty"` + VendorIDs []string `json:",omitempty"` + PkgID string `json:",omitempty"` + PkgName string `json:",omitempty"` + PkgPath string `json:",omitempty"` + InstalledVersion string `json:",omitempty"` + FixedVersion string `json:",omitempty"` + Status types.Status `json:",omitempty"` + Layer Layer `json:",omitempty"` + SeveritySource types.SourceID `json:",omitempty"` + PrimaryURL string `json:",omitempty"` + + // DataSource holds where the advisory comes from + DataSource *types.DataSource `json:",omitempty"` + + // Custom is for extensibility and not supposed to be used in OSS + Custom interface{} `json:",omitempty"` + + // Embed vulnerability details + types.Vulnerability +} + +type DetectedMisconfiguration struct { + Type string `json:",omitempty"` + ID string `json:",omitempty"` + AVDID string `json:",omitempty"` + Title string `json:",omitempty"` + Description string `json:",omitempty"` + Message string `json:",omitempty"` + Namespace string `json:",omitempty"` + Query string `json:",omitempty"` + Resolution string `json:",omitempty"` + Severity string `json:",omitempty"` + PrimaryURL string `json:",omitempty"` + References []string `json:",omitempty"` + Status string `json:",omitempty"` + Layer Layer `json:",omitempty"` + CauseMetadata CauseMetadata `json:",omitempty"` + + // For debugging + Traces []string `json:",omitempty"` +} + +type CauseMetadata struct { + Resource string `json:",omitempty"` + Provider string `json:",omitempty"` + Service string `json:",omitempty"` + StartLine int `json:",omitempty"` + EndLine int `json:",omitempty"` + Code Code `json:",omitempty"` + Occurrences []Occurrence `json:",omitempty"` +} + +type Occurrence struct { + Resource string `json:",omitempty"` + Filename string `json:",omitempty"` + Location Location +} + +type Location struct { + StartLine int `json:",omitempty"` + EndLine int `json:",omitempty"` +} + +type Code struct { + Lines []Line +} + +type Line struct { + Number int `json:"Number"` + Content string `json:"Content"` + IsCause bool `json:"IsCause"` + Annotation string `json:"Annotation"` + Truncated bool `json:"Truncated"` + Highlighted string `json:"Highlighted,omitempty"` + FirstCause bool `json:"FirstCause"` + LastCause bool `json:"LastCause"` +} + +type Layer struct { + Digest string `json:",omitempty"` + DiffID string `json:",omitempty"` + CreatedBy string `json:",omitempty"` +}