refactor: code-optimization (#4214)

2025-12-13 00:00:19 -08:00 · 2023-05-15 19:48:09 +08:00
parent 6a0e152657
commit 56a01ec6f7
19 changed files with 33 additions and 42 deletions
--- a/go.mod
+++ b/go.mod
@@ -93,7 +93,6 @@ require (
 	github.com/xlab/treeprint v1.1.0
 	go.etcd.io/bbolt v1.3.7
 	go.uber.org/zap v1.24.0
-	golang.org/x/crypto v0.8.0
 	golang.org/x/exp v0.0.0-20230124195608-d38c7dcee874
 	golang.org/x/mod v0.10.0
 	golang.org/x/sync v0.1.0
@@ -354,6 +353,7 @@ require (
 	go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
 	go.uber.org/multierr v1.9.0 // indirect
+	golang.org/x/crypto v0.8.0 // indirect
 	golang.org/x/net v0.9.0 // indirect
 	golang.org/x/oauth2 v0.7.0 // indirect
 	golang.org/x/sys v0.7.0 // indirect
--- a/pkg/cloud/report/report.go
+++ b/pkg/cloud/report/report.go
@@ -10,7 +10,6 @@ import (
 	"github.com/aquasecurity/tml"
 	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/aquasecurity/trivy/pkg/flag"
-	"github.com/aquasecurity/trivy/pkg/report"
 	pkgReport "github.com/aquasecurity/trivy/pkg/report"
 	"github.com/aquasecurity/trivy/pkg/result"
 	"github.com/aquasecurity/trivy/pkg/types"
@@ -120,7 +119,7 @@ func Write(rep *Report, opt flag.Options, fromCache bool) error {

 		return nil
 	default:
-		return report.Write(base, pkgReport.Option{
+		return pkgReport.Write(base, pkgReport.Option{
 			Format:             opt.Format,
 			Output:             opt.Output,
 			Severities:         opt.Severities,
--- a/pkg/commands/artifact/run.go
+++ b/pkg/commands/artifact/run.go
@@ -24,7 +24,6 @@ import (
 	"github.com/aquasecurity/trivy/pkg/log"
 	"github.com/aquasecurity/trivy/pkg/misconf"
 	"github.com/aquasecurity/trivy/pkg/module"
-	"github.com/aquasecurity/trivy/pkg/report"
 	pkgReport "github.com/aquasecurity/trivy/pkg/report"
 	"github.com/aquasecurity/trivy/pkg/result"
 	"github.com/aquasecurity/trivy/pkg/rpc/client"
@@ -343,7 +342,7 @@ func (r *runner) initJavaDB(opts flag.Options) error {

 	// If vulnerability scanning and SBOM generation are disabled, it doesn't need to download the Java database.
 	if !opts.Scanners.Enabled(types.VulnerabilityScanner) &&
-		!slices.Contains(report.SupportedSBOMFormats, opts.Format) {
+		!slices.Contains(pkgReport.SupportedSBOMFormats, opts.Format) {
 		return nil
 	}

@@ -503,7 +502,7 @@ func disabledAnalyzers(opts flag.Options) []analyzer.Type {
 	// But we don't create client if vulnerability analysis is disabled and SBOM format is not used
 	// We need to disable jar analyzer to avoid errors
 	// TODO disable all languages that don't contain license information for this case
-	if !opts.Scanners.Enabled(types.VulnerabilityScanner) && !slices.Contains(report.SupportedSBOMFormats, opts.Format) {
+	if !opts.Scanners.Enabled(types.VulnerabilityScanner) && !slices.Contains(pkgReport.SupportedSBOMFormats, opts.Format) {
 		analyzers = append(analyzers, analyzer.TypeJar)
 	}

@@ -615,7 +614,7 @@ func initScannerConfig(opts flag.Options, cacheClient cache.Cache) (ScannerConfi

 	// SPDX needs to calculate digests for package files
 	var fileChecksum bool
-	if opts.Format == report.FormatSPDXJSON || opts.Format == report.FormatSPDX {
+	if opts.Format == pkgReport.FormatSPDXJSON || opts.Format == pkgReport.FormatSPDX {
 		fileChecksum = true
 	}

--- a/pkg/fanal/analyzer/imgconf/apk/apk.go
+++ b/pkg/fanal/analyzer/imgconf/apk/apk.go
@@ -168,9 +168,7 @@ func (a alpineCmdAnalyzer) parseCommand(command string, envs map[string]string)
 				add = true
 			} else if add {
 				if strings.HasPrefix(field, "$") {
-					for _, pkg := range strings.Fields(envs[field]) {
-						pkgs = append(pkgs, pkg)
-					}
+					pkgs = append(pkgs, strings.Fields(envs[field])...)
 					continue
 				}
 				pkgs = append(pkgs, field)
--- a/pkg/fanal/analyzer/os/redhatbase/centos_test.go
+++ b/pkg/fanal/analyzer/os/redhatbase/centos_test.go
@@ -36,9 +36,8 @@ func Test_centosOSAnalyzer_Analyze(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			a := centOSAnalyzer{}
 			f, err := os.Open(tt.inputFile)
-			defer f.Close()
-
 			require.NoError(t, err)
+			defer f.Close()
 			ctx := context.Background()

 			got, err := a.Analyze(ctx, analyzer.AnalysisInput{
--- a/pkg/fanal/cache/fs.go
+++ b/pkg/fanal/cache/fs.go
@@ -33,7 +33,7 @@ func NewFSCache(cacheDir string) (FSCache, error) {
 	err = db.Update(func(tx *bolt.Tx) error {
 		for _, bucket := range []string{artifactBucket, blobBucket} {
 			if _, err := tx.CreateBucketIfNotExists([]byte(bucket)); err != nil {
-				return xerrors.Errorf("unable to create %s bucket: %w", err)
+				return xerrors.Errorf("unable to create %s bucket: %w", bucket, err)
 			}
 		}
 		return nil
--- a/pkg/fanal/image/daemon/containerd.go
+++ b/pkg/fanal/image/daemon/containerd.go
@@ -15,7 +15,6 @@ import (
 	"github.com/containerd/containerd/images/archive"
 	"github.com/containerd/containerd/namespaces"
 	"github.com/containerd/containerd/platforms"
-	"github.com/containerd/containerd/reference/docker"
 	refdocker "github.com/containerd/containerd/reference/docker"
 	api "github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
@@ -193,7 +192,7 @@ func readImageConfig(ctx context.Context, img containerd.Image) (ocispec.Image,
 }

 // ported from https://github.com/containerd/nerdctl/blob/d110fea18018f13c3f798fa6565e482f3ff03591/pkg/inspecttypes/dockercompat/dockercompat.go#L279-L321
-func inspect(ctx context.Context, img containerd.Image, ref docker.Reference) (api.ImageInspect, []v1.History, refdocker.Reference, error) {
+func inspect(ctx context.Context, img containerd.Image, ref refdocker.Reference) (api.ImageInspect, []v1.History, refdocker.Reference, error) {
 	if _, ok := ref.(refdocker.Digested); ok {
 		ref = familiarNamed(img.Name())
 	}
@@ -204,7 +203,7 @@ func inspect(ctx context.Context, img containerd.Image, ref docker.Reference) (a
 	}

 	var repository string
-	if n, isNamed := ref.(docker.Named); isNamed {
+	if n, isNamed := ref.(refdocker.Named); isNamed {
 		repository = refdocker.FamiliarName(n)
 	}

--- a/pkg/fanal/image/daemon/image_test.go
+++ b/pkg/fanal/image/daemon/image_test.go
@@ -2,7 +2,6 @@ package daemon

 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"runtime"
@@ -86,7 +85,7 @@ func Test_image_ConfigNameWithCustomDockerHost(t *testing.T) {
 	var dockerHostParam string

 	if runtime.GOOS != "windows" {
-		runtimeDir, err := ioutil.TempDir("", "daemon")
+		runtimeDir, err := os.MkdirTemp("", "daemon")
 		require.NoError(t, err)

 		dir := filepath.Join(runtimeDir, "image")
@@ -288,7 +287,7 @@ func Test_image_RawConfigFile(t *testing.T) {
 				return
 			}

-			want, err := ioutil.ReadFile(tt.goldenFile)
+			want, err := os.ReadFile(tt.goldenFile)
 			require.NoError(t, err)

 			require.JSONEq(t, string(want), string(got))
--- a/pkg/fanal/image/daemon/podman_test.go
+++ b/pkg/fanal/image/daemon/podman_test.go
@@ -1,7 +1,6 @@
 package daemon

 import (
-	"io/ioutil"
 	"net/http/httptest"
 	"os"
 	"path/filepath"
@@ -21,7 +20,7 @@ import (
 func setupPodmanSock(t *testing.T) *httptest.Server {
 	t.Helper()

-	runtimeDir, err := ioutil.TempDir("", "daemon")
+	runtimeDir, err := os.MkdirTemp("", "daemon")
 	require.NoError(t, err)

 	os.Setenv("XDG_RUNTIME_DIR", runtimeDir)
--- a/pkg/fanal/image/docker.go
+++ b/pkg/fanal/image/docker.go
@@ -4,7 +4,6 @@ import (
 	"bufio"
 	"compress/gzip"
 	"io"
-	"io/ioutil"
 	"os"

 	v1 "github.com/google/go-containerregistry/pkg/v1"
@@ -39,6 +38,6 @@ func fileOpener(fileName string) func() (io.ReadCloser, error) {
 				return nil, xerrors.Errorf("failed to open gzip: %w", err)
 			}
 		}
-		return ioutil.NopCloser(r), nil
+		return io.NopCloser(r), nil
 	}
 }
--- a/pkg/fanal/test/integration/docker/docker.go
+++ b/pkg/fanal/test/integration/docker/docker.go
@@ -6,7 +6,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/url"
 	"os"
 	"os/exec"
@@ -88,7 +87,7 @@ func (d Docker) ReplicateImage(ctx context.Context, imageRef, imagePath string,
 	if err != nil {
 		return err
 	}
-	if _, err := io.Copy(ioutil.Discard, resp.Body); err != nil {
+	if _, err := io.Copy(io.Discard, resp.Body); err != nil {
 		return err
 	}
 	defer resp.Body.Close()
@@ -120,7 +119,7 @@ func (d Docker) ReplicateImage(ctx context.Context, imageRef, imagePath string,
 	}
 	defer pushOut.Close()

-	if _, err = io.Copy(ioutil.Discard, pushOut); err != nil {
+	if _, err = io.Copy(io.Discard, pushOut); err != nil {
 		return err
 	}
 	return nil
--- a/pkg/k8s/commands/run.go
+++ b/pkg/k8s/commands/run.go
@@ -36,7 +36,7 @@ func Run(ctx context.Context, args []string, opts flag.Options) error {
 	defer cancel()

 	defer func() {
-		if xerrors.Is(err, context.DeadlineExceeded) {
+		if errors.Is(err, context.DeadlineExceeded) {
 			log.Logger.Warn("Increase --timeout value")
 		}
 	}()
--- a/pkg/mapfs/fs.go
+++ b/pkg/mapfs/fs.go
@@ -103,7 +103,7 @@ func (m *FS) FilterFunc(fn func(path string, d fs.DirEntry) (bool, error)) (*FS,
 		return newFS.WriteFile(path, f.underlyingPath)
 	})
 	if err != nil {
-		return nil, xerrors.Errorf("walk error", err)
+		return nil, xerrors.Errorf("walk error %w", err)
 	}

 	return newFS, nil
--- a/pkg/report/table/misconfig.go
+++ b/pkg/report/table/misconfig.go
@@ -9,7 +9,7 @@ import (

 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"

-	"golang.org/x/crypto/ssh/terminal"
+	"golang.org/x/term"

 	"github.com/aquasecurity/tml"

@@ -34,7 +34,7 @@ type misconfigRenderer struct {
 }

 func NewMisconfigRenderer(result types.Result, severities []dbTypes.Severity, trace, includeNonFailures bool, ansi bool) *misconfigRenderer {
-	width, _, err := terminal.GetSize(0)
+	width, _, err := term.GetSize(0)
 	if err != nil || width == 0 {
 		width = 40
 	}
--- a/pkg/report/table/secret.go
+++ b/pkg/report/table/secret.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"strings"

-	"golang.org/x/crypto/ssh/terminal"
+	"golang.org/x/term"

 	"github.com/aquasecurity/tml"

@@ -23,7 +23,7 @@ type secretRenderer struct {
 }

 func NewSecretRenderer(target string, secrets []types.SecretFinding, ansi bool, severities []dbTypes.Severity) *secretRenderer {
-	width, _, err := terminal.GetSize(0)
+	width, _, err := term.GetSize(0)
 	if err != nil || width == 0 {
 		width = 40
 	}
--- a/pkg/report/template.go
+++ b/pkg/report/template.go
@@ -35,8 +35,7 @@ func NewTemplateWriter(output io.Writer, outputTemplate string) (*TemplateWriter
 		}
 		outputTemplate = string(buf)
 	}
-	var templateFuncMap template.FuncMap
-	templateFuncMap = sprig.GenericFuncMap()
+	var templateFuncMap template.FuncMap = sprig.GenericFuncMap()
 	templateFuncMap["escapeXML"] = func(input string) string {
 		escaped := &bytes.Buffer{}
 		if err := xml.EscapeText(escaped, []byte(input)); err != nil {
--- a/pkg/rpc/convert.go
+++ b/pkg/rpc/convert.go
@@ -4,6 +4,8 @@ import (
 	"time"

 	"github.com/golang/protobuf/ptypes"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
 	"github.com/golang/protobuf/ptypes/timestamp"
 	"google.golang.org/protobuf/types/known/structpb"

@@ -159,11 +161,11 @@ func ConvertToRPCVulns(vulns []types.DetectedVulnerability) []*common.Vulnerabil

 		var lastModifiedDate, publishedDate *timestamp.Timestamp
 		if vuln.LastModifiedDate != nil {
-			lastModifiedDate, _ = ptypes.TimestampProto(*vuln.LastModifiedDate) // nolint: errcheck
+			lastModifiedDate = timestamppb.New(*vuln.LastModifiedDate) // nolint: errcheck
 		}

 		if vuln.PublishedDate != nil {
-			publishedDate, _ = ptypes.TimestampProto(*vuln.PublishedDate) // nolint: errcheck
+			publishedDate = timestamppb.New(*vuln.PublishedDate) // nolint: errcheck
 		}

 		var customAdvisoryData, customVulnData *structpb.Value
--- a/pkg/rpc/server/listen.go
+++ b/pkg/rpc/server/listen.go
@@ -13,7 +13,6 @@ import (

 	"github.com/aquasecurity/trivy-db/pkg/db"
 	"github.com/aquasecurity/trivy-db/pkg/metadata"
-	dbFile "github.com/aquasecurity/trivy/pkg/db"
 	dbc "github.com/aquasecurity/trivy/pkg/db"
 	"github.com/aquasecurity/trivy/pkg/fanal/cache"
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
@@ -118,10 +117,10 @@ func withToken(base http.Handler, token, tokenHeader string) http.Handler {
 }

 type dbWorker struct {
-	dbClient dbFile.Operation
+	dbClient dbc.Operation
 }

-func newDBWorker(dbClient dbFile.Operation) dbWorker {
+func newDBWorker(dbClient dbc.Operation) dbWorker {
 	return dbWorker{dbClient: dbClient}
 }

--- a/pkg/rpc/server/server_test.go
+++ b/pkg/rpc/server/server_test.go
@@ -6,7 +6,8 @@ import (
 	"testing"
 	"time"

-	"github.com/golang/protobuf/ptypes"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
 	google_protobuf "github.com/golang/protobuf/ptypes/empty"
 	"github.com/golang/protobuf/ptypes/timestamp"
 	"github.com/stretchr/testify/assert"
@@ -206,7 +207,7 @@ func TestCacheServer_PutArtifact(t *testing.T) {
 						Architecture:  "amd64",
 						Created: func() *timestamp.Timestamp {
 							d := time.Date(2020, 1, 2, 3, 4, 5, 6, time.UTC)
-							t, _ := ptypes.TimestampProto(d)
+							t := timestamppb.New(d)
 							return t
 						}(),
 						DockerVersion: "18.09",
@@ -237,7 +238,7 @@ func TestCacheServer_PutArtifact(t *testing.T) {
 						SchemaVersion: 1,
 						Created: func() *timestamp.Timestamp {
 							d := time.Date(2020, 1, 2, 3, 4, 5, 6, time.UTC)
-							t, _ := ptypes.TimestampProto(d)
+							t := timestamppb.New(d)
 							return t
 						}(),
 					},