Update trivy dependency and fix the code due to breaking changes

castai · Apr 15, 2024 · f60918d · f60918d
1 parent 17b62a1
commit f60918d
Show file tree

Hide file tree

Showing 8 changed files with 1,108 additions and 1,128 deletions.
diff --git a/.github/workflows/default.yaml b/.github/workflows/default.yaml
@@ -0,0 +1,16 @@
+name: Default
+
+on: [push]
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.21.4'
+      - name: Test
+        run: go test ./...
+
diff --git a/README.md b/README.md
@@ -1,2 +1,6 @@
 # image-analyzer
 OCI images analyzer
+
+This repository exists for 2 reasons:
+- `github.com/castai/image-analyzer/image/daemon.Image` interface.
+- Having various analyzers bundled in a single module.
diff --git a/artifact.go b/artifact.go
@@ -85,7 +85,7 @@ type Artifact struct {
 
 type ArtifactOption = artifact.Option
 
-func NewArtifact(img types.Image, log logrus.FieldLogger, c CacheClient, opt artifact.Option) (*Artifact, error) {
+func NewArtifact(img types.Image, log logrus.FieldLogger, c CacheClient, opt ArtifactOption) (*Artifact, error) {
 	a, err := analyzer.NewAnalyzerGroup(analyzer.AnalyzerOptions{
 		Group:             opt.AnalyzerGroup,
 		DisabledAnalyzers: opt.DisabledAnalyzers,
@@ -108,7 +108,7 @@ func NewArtifact(img types.Image, log logrus.FieldLogger, c CacheClient, opt art
 		log:            log,
 		image:          img,
 		cache:          c,
-		walker:         walker.NewLayerTar(opt.SkipFiles, opt.SkipDirs, opt.Slow),
+		walker:         walker.NewLayerTar(opt.SkipFiles, opt.SkipDirs),
 		analyzer:       a,
 		configAnalyzer: ca,
 		artifactOption: opt,
@@ -249,11 +249,7 @@ func (a Artifact) inspect(ctx context.Context, missingImageKey string, layerKeys
 	blobInfo := make(chan types.BlobInfo)
 
 	errCh := make(chan error)
-	limit := semaphore.NewWeighted(parallel)
-	if a.artifactOption.Slow {
-		// Inspect layers in series
-		limit = semaphore.NewWeighted(1)
-	}
+	limit := semaphore.NewWeighted(int64(a.artifactOption.Parallel))
 
 	var osFound types.OS
 
@@ -337,11 +333,7 @@ func (a Artifact) inspectLayer(ctx context.Context, diffID string, disabled []an
 	var wg sync.WaitGroup
 	opts := analyzer.AnalysisOptions{Offline: a.artifactOption.Offline}
 	result := analyzer.NewAnalysisResult()
-	limit := semaphore.NewWeighted(parallel)
-	if a.artifactOption.Slow {
-		// Inspect layers in series
-		limit = semaphore.NewWeighted(1)
-	}
+	limit := semaphore.NewWeighted(int64(a.artifactOption.Parallel))
 
 	// Walk a tar layer
 	opqDirs, whFiles, err := a.walker.Walk(r, func(filePath string, info os.FileInfo, opener analyzer.Opener) error {

diff --git a/artifact_test.go b/artifact_test.go
@@ -0,0 +1,58 @@
+package analyzer
+
+import (
+	"context"
+	"testing"
+
+	"github.com/aquasecurity/trivy/pkg/fanal/types"
+	"github.com/sirupsen/logrus"
+	"github.com/stretchr/testify/require"
+
+	"github.com/castai/image-analyzer/image"
+)
+
+func TestArtifact(t *testing.T) {
+	r := require.New(t)
+	ctx := context.Background()
+	log := logrus.New()
+	log.SetLevel(logrus.DebugLevel)
+
+	digest := "alpine@sha256:60eda2a7bc29a54fe6beae0d72312ea995eb3b8387535e8dbf6767fd1b765d34" // linux/amd64 digest
+	img, err := image.NewFromRemote(ctx, digest, types.ImageOptions{})
+	r.NoError(err)
+
+	artifact, err := NewArtifact(img, log, mockBlockCache{}, ArtifactOption{
+		Offline:  true,
+		Parallel: 1,
+	})
+	r.NoError(err)
+
+	ref, err := artifact.Inspect(ctx)
+	r.NoError(err)
+	r.NotNil(ref)
+	r.NotNil(ref.BlobsInfo)
+	r.Len(ref.BlobsInfo, 1)
+	r.Len(ref.BlobsInfo[0].PackageInfos, 1)
+	r.Len(ref.BlobsInfo[0].PackageInfos[0].Packages, 15)
+
+	r.NotNil(ref.ConfigFile)
+	r.Equal("amd64", ref.ConfigFile.Architecture)
+	r.Equal("linux", ref.ConfigFile.OS)
+
+	r.NotNil(ref.ArtifactInfo)
+	r.Equal("amd64", ref.ArtifactInfo.Architecture)
+	r.Equal("linux", ref.ArtifactInfo.OS)
+
+	r.NotNil(ref.OsInfo)
+	r.Equal("alpine", string(ref.OsInfo.Family))
+}
+
+type mockBlockCache struct{}
+
+func (mockBlockCache) PutBlob(ctx context.Context, key string, blob []byte) error {
+	return nil
+}
+
+func (mockBlockCache) GetBlob(ctx context.Context, key string) ([]byte, error) {
+	return nil, ErrCacheNotFound
+}
diff --git a/dpkg/copyright.go b/dpkg/copyright.go
@@ -31,7 +31,8 @@ var (
 
 // dpkgLicenseAnalyzer parses copyright files and detect licenses
 type dpkgLicenseAnalyzer struct {
-	licenseFull bool
+	licenseFull               bool
+	classifierConfidenceLevel float64
 }
 
 // Analyze parses /usr/share/doc/*/copyright files
@@ -45,7 +46,7 @@ func (a *dpkgLicenseAnalyzer) Analyze(_ context.Context, input analyzer.Analysis
 			return nil, xerrors.Errorf("seek error: %w", err)
 		}
 
-		licenseFile, err := licensing.Classify(input.FilePath, input.Content)
+		licenseFile, err := licensing.Classify(input.FilePath, input.Content, a.classifierConfidenceLevel)
 		if err != nil {
 			return nil, xerrors.Errorf("license classification error: %w", err)
 		}
@@ -117,6 +118,7 @@ func (a *dpkgLicenseAnalyzer) parseCopyright(r dio.ReadSeekerAt) []types.License
 
 func (a *dpkgLicenseAnalyzer) Init(opt analyzer.AnalyzerOptions) error {
 	a.licenseFull = opt.LicenseScannerOption.Full
+	a.classifierConfidenceLevel = opt.LicenseScannerOption.ClassifierConfidenceLevel
 	return nil
 }