refactor: replace with sortable packages (aquasecurity#4858)

pkg/fanal/analyzer/analyzer.go

@@ -198,12 +198,7 @@ func (r *AnalysisResult) Sort() {
 	})
 
 	for _, app := range r.Applications {
-		sort.Slice(app.Libraries, func(i, j int) bool {
-			if app.Libraries[i].Name != app.Libraries[j].Name {
-				return app.Libraries[i].Name < app.Libraries[j].Name
-			}
-			return app.Libraries[i].Version < app.Libraries[j].Version
-		})
+		sort.Sort(app.Libraries)
 	}
 
 	// Custom resources

pkg/fanal/analyzer/analyzer_test.go

@@ -58,7 +58,7 @@ func TestAnalysisResult_Merge(t *testing.T) {
 				PackageInfos: []types.PackageInfo{
 					{
 						FilePath: "var/lib/dpkg/status.d/libc",
-						Packages: []types.Package{
+						Packages: types.Packages{
 							{
 								Name:    "libc",
 								Version: "1.2.3",
@@ -70,7 +70,7 @@ func TestAnalysisResult_Merge(t *testing.T) {
 					{
 						Type:     "bundler",
 						FilePath: "app/Gemfile.lock",
-						Libraries: []types.Package{
+						Libraries: types.Packages{
 							{
 								Name:    "rails",
 								Version: "5.0.0",
@@ -84,7 +84,7 @@ func TestAnalysisResult_Merge(t *testing.T) {
 					PackageInfos: []types.PackageInfo{
 						{
 							FilePath: "var/lib/dpkg/status.d/openssl",
-							Packages: []types.Package{
+							Packages: types.Packages{
 								{
 									Name:    "openssl",
 									Version: "1.1.1",
@@ -96,7 +96,7 @@ func TestAnalysisResult_Merge(t *testing.T) {
 						{
 							Type:     "bundler",
 							FilePath: "app2/Gemfile.lock",
-							Libraries: []types.Package{
+							Libraries: types.Packages{
 								{
 									Name:    "nokogiri",
 									Version: "1.0.0",
@@ -114,7 +114,7 @@ func TestAnalysisResult_Merge(t *testing.T) {
 				PackageInfos: []types.PackageInfo{
 					{
 						FilePath: "var/lib/dpkg/status.d/libc",
-						Packages: []types.Package{
+						Packages: types.Packages{
 							{
 								Name:    "libc",
 								Version: "1.2.3",
@@ -123,7 +123,7 @@ func TestAnalysisResult_Merge(t *testing.T) {
 					},
 					{
 						FilePath: "var/lib/dpkg/status.d/openssl",
-						Packages: []types.Package{
+						Packages: types.Packages{
 							{
 								Name:    "openssl",
 								Version: "1.1.1",
@@ -135,7 +135,7 @@ func TestAnalysisResult_Merge(t *testing.T) {
 					{
 						Type:     "bundler",
 						FilePath: "app/Gemfile.lock",
-						Libraries: []types.Package{
+						Libraries: types.Packages{
 							{
 								Name:    "rails",
 								Version: "5.0.0",
@@ -145,7 +145,7 @@ func TestAnalysisResult_Merge(t *testing.T) {
 					{
 						Type:     "bundler",
 						FilePath: "app2/Gemfile.lock",
-						Libraries: []types.Package{
+						Libraries: types.Packages{
 							{
 								Name:    "nokogiri",
 								Version: "1.0.0",
@@ -335,7 +335,7 @@ func TestAnalyzerGroup_AnalyzeFile(t *testing.T) {
 				PackageInfos: []types.PackageInfo{
 					{
 						FilePath: "/lib/apk/db/installed",
-						Packages: []types.Package{
+						Packages: types.Packages{
 							{
 								ID:         "musl@1.1.24-r2",
 								Name:       "musl",
@@ -375,7 +375,7 @@ func TestAnalyzerGroup_AnalyzeFile(t *testing.T) {
 					{
 						Type:     "bundler",
 						FilePath: "/app/Gemfile.lock",
-						Libraries: []types.Package{
+						Libraries: types.Packages{
 							{
 								ID:       "actioncable@5.2.3",
 								Name:     "actioncable",
@@ -436,7 +436,7 @@ func TestAnalyzerGroup_AnalyzeFile(t *testing.T) {
 					{
 						Type:     "bundler",
 						FilePath: "/app/Gemfile-dev.lock",
-						Libraries: []types.Package{
+						Libraries: types.Packages{
 							{
 								ID:       "actioncable@5.2.3",
 								Name:     "actioncable",
@@ -569,7 +569,7 @@ func TestAnalyzerGroup_PostAnalyze(t *testing.T) {
 					{
 						Type:     string(analyzer.TypeJar),
 						FilePath: "testdata/post-apps/jar/jackson-annotations-2.15.0-rc2.jar",
-						Libraries: []types.Package{
+						Libraries: types.Packages{
 							{
 								Name:     "com.fasterxml.jackson.core:jackson-annotations",
 								Version:  "2.15.0-rc2",
@@ -589,7 +589,7 @@ func TestAnalyzerGroup_PostAnalyze(t *testing.T) {
 					{
 						Type:     string(analyzer.TypePoetry),
 						FilePath: "testdata/post-apps/poetry/happy/poetry.lock",
-						Libraries: []types.Package{
+						Libraries: types.Packages{
 							{
 								ID:      "certifi@2022.12.7",
 								Name:    "certifi",

pkg/fanal/analyzer/language/analyze_test.go

@@ -26,7 +26,12 @@ func (p *mockParser) Parse(r dio.ReadSeekerAt) ([]godeptypes.Library, []godeptyp
 
 	switch string(b) {
 	case "happy":
-		return []godeptypes.Library{{Name: "test", Version: "1.2.3"}}, nil, nil
+		return []godeptypes.Library{
+			{
+				Name:    "test",
+				Version: "1.2.3",
+			},
+		}, nil, nil
 	case "sad":
 		return nil, nil, xerrors.New("unexpected error")
 	}
@@ -58,7 +63,7 @@ func TestAnalyze(t *testing.T) {
 					{
 						Type:     types.GoBinary,
 						FilePath: "app/myweb",
-						Libraries: []types.Package{
+						Libraries: types.Packages{
 							{
 								Name:    "test",
 								Version: "1.2.3",

pkg/fanal/analyzer/language/c/conan/conan_test.go

@@ -27,7 +27,7 @@ func Test_conanLockAnalyzer_Analyze(t *testing.T) {
 					{
 						Type:     types.Conan,
 						FilePath: "testdata/happy.lock",
-						Libraries: []types.Package{
+						Libraries: types.Packages{
 							{
 								ID:      "openssl/3.0.5",
 								Name:    "openssl",
@@ -67,9 +67,7 @@ func Test_conanLockAnalyzer_Analyze(t *testing.T) {
 
 			if got != nil {
 				for _, app := range got.Applications {
-					sort.Slice(app.Libraries, func(i, j int) bool {
-						return app.Libraries[i].ID < app.Libraries[j].ID
-					})
+					sort.Sort(app.Libraries)
 				}
 			}
 

pkg/fanal/analyzer/language/conda/meta/meta_test.go

@@ -27,7 +27,7 @@ func Test_packagingAnalyzer_Analyze(t *testing.T) {
 					{
 						Type:     types.CondaPkg,
 						FilePath: "testdata/pip-22.2.2-py38h06a4308_0.json",
-						Libraries: []types.Package{
+						Libraries: types.Packages{
 							{
 								Name:     "pip",
 								Version:  "22.2.2",

pkg/fanal/analyzer/language/dart/pub/pubspec_test.go

@@ -25,7 +25,7 @@ func Test_pubSpecLockAnalyzer_Analyze(t *testing.T) {
 					{
 						Type:     types.Pub,
 						FilePath: "testdata/happy.lock",
-						Libraries: []types.Package{
+						Libraries: types.Packages{
 							{
 								ID:      "crypto@3.0.2",
 								Name:    "crypto",
@@ -74,9 +74,7 @@ func Test_pubSpecLockAnalyzer_Analyze(t *testing.T) {
 
 			if got != nil {
 				for _, app := range got.Applications {
-					sort.Slice(app.Libraries, func(i, j int) bool {
-						return app.Libraries[i].ID < app.Libraries[j].ID
-					})
+					sort.Sort(app.Libraries)
 				}
 			}
 

pkg/fanal/analyzer/language/dotnet/deps/deps_test.go

@@ -27,11 +27,16 @@ func Test_depsLibraryAnalyzer_Analyze(t *testing.T) {
 					{
 						Type:     types.DotNetCore,
 						FilePath: "testdata/datacollector.deps.json",
-						Libraries: []types.Package{
+						Libraries: types.Packages{
 							{
-								Name:      "Newtonsoft.Json",
-								Version:   "9.0.1",
-								Locations: []types.Location{{StartLine: 8, EndLine: 14}},
+								Name:    "Newtonsoft.Json",
+								Version: "9.0.1",
+								Locations: []types.Location{
+									{
+										StartLine: 8,
+										EndLine:   14,
+									},
+								},
 							},
 						},
 					},

pkg/fanal/analyzer/language/dotnet/nuget/nuget_test.go

@@ -28,7 +28,7 @@ func Test_nugetibraryAnalyzer_Analyze(t *testing.T) {
 					{
 						Type:     types.NuGet,
 						FilePath: "testdata/packages.config",
-						Libraries: []types.Package{
+						Libraries: types.Packages{
 							{
 								Name:    "Microsoft.AspNet.WebApi",
 								Version: "5.2.2",
@@ -50,18 +50,28 @@ func Test_nugetibraryAnalyzer_Analyze(t *testing.T) {
 					{
 						Type:     types.NuGet,
 						FilePath: "testdata/packages.lock.json",
-						Libraries: []types.Package{
+						Libraries: types.Packages{
 							{
-								ID:        "Newtonsoft.Json@12.0.3",
-								Name:      "Newtonsoft.Json",
-								Version:   "12.0.3",
-								Locations: []types.Location{{StartLine: 5, EndLine: 10}},
+								ID:      "Newtonsoft.Json@12.0.3",
+								Name:    "Newtonsoft.Json",
+								Version: "12.0.3",
+								Locations: []types.Location{
+									{
+										StartLine: 5,
+										EndLine:   10,
+									},
+								},
 							},
 							{
-								ID:        "NuGet.Frameworks@5.7.0",
-								Name:      "NuGet.Frameworks",
-								Version:   "5.7.0",
-								Locations: []types.Location{{StartLine: 11, EndLine: 19}},
+								ID:      "NuGet.Frameworks@5.7.0",
+								Name:    "NuGet.Frameworks",
+								Version: "5.7.0",
+								Locations: []types.Location{
+									{
+										StartLine: 11,
+										EndLine:   19,
+									},
+								},
 								DependsOn: []string{"Newtonsoft.Json@12.0.3"},
 							},
 						},
@@ -96,9 +106,7 @@ func Test_nugetibraryAnalyzer_Analyze(t *testing.T) {
 
 			// Sort libraries for consistency
 			for _, app := range got.Applications {
-				sort.Slice(app.Libraries, func(i, j int) bool {
-					return app.Libraries[i].Name < app.Libraries[j].Name
-				})
+				sort.Sort(app.Libraries)
 			}
 
 			assert.NoError(t, err)

pkg/fanal/analyzer/language/elixir/mix/mix_test.go

@@ -23,12 +23,17 @@ func Test_mixLockAnalyzer_Analyze(t *testing.T) {
 					{
 						Type:     types.Hex,
 						FilePath: "testdata/happy.mix.lock",
-						Libraries: []types.Package{
+						Libraries: types.Packages{
 							{
-								ID:        "bunt@0.2.0",
-								Name:      "bunt",
-								Version:   "0.2.0",
-								Locations: []types.Location{{StartLine: 2, EndLine: 2}},
+								ID:      "bunt@0.2.0",
+								Name:    "bunt",
+								Version: "0.2.0",
+								Locations: []types.Location{
+									{
+										StartLine: 2,
+										EndLine:   2,
+									},
+								},
 							},
 						},
 					},

pkg/fanal/analyzer/language/golang/binary/binary_test.go

@@ -28,7 +28,7 @@ func Test_gobinaryLibraryAnalyzer_Analyze(t *testing.T) {
 					{
 						Type:     types.GoBinary,
 						FilePath: "testdata/executable_gobinary",
-						Libraries: []types.Package{
+						Libraries: types.Packages{
 							{
 								Name:    "github.com/aquasecurity/go-pep440-version",
 								Version: "v0.0.0-20210121094942-22b2f8951d46",

pkg/fanal/analyzer/language/golang/mod/mod_test.go

@@ -3,15 +3,14 @@ package mod
 import (
 	"context"
 	"path/filepath"
+	"sort"
 	"testing"
 
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	"golang.org/x/exp/slices"
-
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/aquasecurity/trivy/pkg/mapfs"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func Test_gomodAnalyzer_Analyze(t *testing.T) {
@@ -31,7 +30,7 @@ func Test_gomodAnalyzer_Analyze(t *testing.T) {
 					{
 						Type:     types.GoModule,
 						FilePath: "go.mod",
-						Libraries: []types.Package{
+						Libraries: types.Packages{
 							{
 								ID:      "github.com/aquasecurity/go-dep-parser@v0.0.0-20220406074731-71021a481237",
 								Name:    "github.com/aquasecurity/go-dep-parser",
@@ -64,7 +63,7 @@ func Test_gomodAnalyzer_Analyze(t *testing.T) {
 					{
 						Type:     types.GoModule,
 						FilePath: "go.mod",
-						Libraries: []types.Package{
+						Libraries: types.Packages{
 							{
 								ID:      "github.com/sad/sad@v0.0.1",
 								Name:    "github.com/sad/sad",
@@ -86,7 +85,7 @@ func Test_gomodAnalyzer_Analyze(t *testing.T) {
 					{
 						Type:     types.GoModule,
 						FilePath: "go.mod",
-						Libraries: []types.Package{
+						Libraries: types.Packages{
 							{
 								ID:      "github.com/aquasecurity/go-dep-parser@v0.0.0-20230219131432-590b1dfb6edd",
 								Name:    "github.com/aquasecurity/go-dep-parser",
@@ -119,7 +118,7 @@ func Test_gomodAnalyzer_Analyze(t *testing.T) {
 					{
 						Type:     types.GoModule,
 						FilePath: "go.mod",
-						Libraries: []types.Package{
+						Libraries: types.Packages{
 							{
 								ID:        "github.com/aquasecurity/go-dep-parser@v0.0.0-20230219131432-590b1dfb6edd",
 								Name:      "github.com/aquasecurity/go-dep-parser",
@@ -162,12 +161,8 @@ func Test_gomodAnalyzer_Analyze(t *testing.T) {
 			assert.NoError(t, err)
 
 			if len(got.Applications) > 0 {
-				slices.SortFunc(got.Applications[0].Libraries, func(a, b types.Package) bool {
-					return a.Name < b.Name
-				})
-				slices.SortFunc(tt.want.Applications[0].Libraries, func(a, b types.Package) bool {
-					return a.Name < b.Name
-				})
+				sort.Sort(got.Applications[0].Libraries)
+				sort.Sort(tt.want.Applications[0].Libraries)
 			}
 			assert.NoError(t, err)
 			assert.Equal(t, tt.want, got)

pkg/fanal/analyzer/language/java/gradle/lockfile_test.go

@@ -25,7 +25,7 @@ func Test_gradleLockAnalyzer_Analyze(t *testing.T) {
 					{
 						Type:     types.Gradle,
 						FilePath: "testdata/happy.lockfile",
-						Libraries: []types.Package{
+						Libraries: types.Packages{
 							{
 								Name:    "com.example:example",
 								Version: "0.0.1",