Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: remove parallel walk #5180

Merged
merged 30 commits into from
Apr 17, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
544953b
refactor: remove parallel walk
knqyf263 Sep 13, 2023
6fd56ee
fix(walk): call error callback on all errors
knqyf263 Oct 19, 2023
7441e19
Merge branch 'main' into unify_walk
knqyf263 Oct 19, 2023
362871a
feat: add delay per file
knqyf263 Nov 2, 2023
4972f06
feat: configure delay seconds
knqyf263 Nov 6, 2023
7fc49c2
feat: replace slow with parallel
knqyf263 Nov 7, 2023
c6e57d5
Merge branch 'main' into unify_walk
knqyf263 Nov 7, 2023
c778768
test: remove external
knqyf263 Nov 9, 2023
7cfb534
refactor: inject filesystem walker
knqyf263 Nov 9, 2023
c05898a
docs: auto generate
knqyf263 Nov 9, 2023
e1368a3
Merge branch 'main' into unify_walk
knqyf263 Nov 9, 2023
acf36ba
docs: remove plugin reference
knqyf263 Nov 10, 2023
031117f
chore(magefile): not load plugins for doc
knqyf263 Nov 10, 2023
87b903c
docs: update
knqyf263 Nov 10, 2023
3031612
fix: pass walker options
knqyf263 Nov 10, 2023
487e2ab
chore: show diff
knqyf263 Nov 10, 2023
42e2cb1
docs: sort aws services
knqyf263 Nov 10, 2023
1a85fa4
Merge branch 'main' into unify_walk
knqyf263 Nov 14, 2023
3d05ffc
Merge branch 'main' into unify_walk
knqyf263 Nov 16, 2023
1918ac9
fix: lint fixes
knqyf263 Nov 16, 2023
b7d9f64
test: fix mock signature
knqyf263 Nov 16, 2023
ae0399c
refactor: remove option.Init()
knqyf263 Nov 16, 2023
d92eceb
Merge branch 'main' into unify_walk
knqyf263 Feb 1, 2024
6d8783f
Merge branch 'main' into unify_walk
knqyf263 Apr 16, 2024
61eddab
chore: replace run.skip-* with issues.exclude-*
knqyf263 Apr 16, 2024
025e73f
fix: linter issues
knqyf263 Apr 16, 2024
264e77d
chore: bump golangci-lint
knqyf263 Apr 16, 2024
15cdb30
chore: remove a debug line
knqyf263 Apr 16, 2024
5717829
fix: use skip dirs from options
knqyf263 Apr 17, 2024
e819060
refactor: remove an import alias
knqyf263 Apr 17, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -45,8 +45,8 @@ jobs:
id: lint
uses: golangci/golangci-lint-action@v4.0.0
with:
version: v1.54
args: --deadline=30m --out-format=line-number
version: v1.57
args: --timeout=30m --out-format=line-number
skip-cache: true # https://github.com/golangci/golangci-lint-action/issues/244#issuecomment-1052197778
if: matrix.operating-system == 'ubuntu-latest'

Expand Down
8 changes: 4 additions & 4 deletions .golangci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -89,15 +89,15 @@ linters:

run:
go: '1.22'
skip-files:

issues:
exclude-files:
- ".*_mock.go$"
- ".*_test.go$"
- "integration/*"
- "examples/*"
skip-dirs:
exclude-dirs:
- "pkg/iac/scanners/terraform/parser/funcs" # copies of Terraform functions

issues:
exclude-rules:
- linters:
- gosec
Expand Down
1 change: 0 additions & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,6 @@ require (
github.com/package-url/packageurl-go v0.1.2
github.com/quasilyte/go-ruleguard/dsl v0.3.22
github.com/samber/lo v1.39.0
github.com/saracen/walker v0.1.3
github.com/secure-systems-lab/go-securesystemslib v0.8.0
github.com/sigstore/rekor v1.2.2
github.com/sirupsen/logrus v1.9.3
Expand Down
2 changes: 0 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -1523,8 +1523,6 @@ github.com/samber/lo v1.39.0 h1:4gTz1wUhNYLhFSKl6O+8peW0v2F4BCY034GRpU9WnuA=
github.com/samber/lo v1.39.0/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA=
github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4=
github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY=
github.com/saracen/walker v0.1.3 h1:YtcKKmpRPy6XJTHJ75J2QYXXZYWnZNQxPCVqZSHVV/g=
github.com/saracen/walker v0.1.3/go.mod h1:FU+7qU8DeQQgSZDmmThMJi93kPkLFgy0oVAcLxurjIk=
github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
Expand Down
2 changes: 1 addition & 1 deletion magefiles/magefile.go
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ func (Tool) Wire() error {

// GolangciLint installs golangci-lint
func (Tool) GolangciLint() error {
const version = "v1.54.2"
const version = "v1.57.2"
if exists(filepath.Join(GOBIN, "golangci-lint")) {
return nil
}
Expand Down
6 changes: 2 additions & 4 deletions pkg/commands/artifact/inject.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,6 @@ package artifact

import (
"context"
"github.com/aquasecurity/trivy/pkg/fanal/artifact/vm"

"github.com/google/wire"

"github.com/aquasecurity/trivy/pkg/fanal/artifact"
Expand Down Expand Up @@ -57,7 +55,7 @@ func initializeSBOMScanner(ctx context.Context, filePath string, artifactCache c
}

func initializeVMScanner(ctx context.Context, filePath string, artifactCache cache.ArtifactCache,
localArtifactCache cache.LocalArtifactCache, walker vm.Walker, artifactOption artifact.Option) (
localArtifactCache cache.LocalArtifactCache, artifactOption artifact.Option) (
scanner.Scanner, func(), error) {
wire.Build(scanner.StandaloneVMSet)
return scanner.Scanner{}, nil, nil
Expand Down Expand Up @@ -108,7 +106,7 @@ func initializeRemoteSBOMScanner(ctx context.Context, path string, artifactCache

// initializeRemoteVMScanner is for vm scanning in client/server mode
func initializeRemoteVMScanner(ctx context.Context, path string, artifactCache cache.ArtifactCache,
walker vm.Walker, remoteScanOptions client.ScannerOption, artifactOption artifact.Option) (scanner.Scanner, func(), error) {
remoteScanOptions client.ScannerOption, artifactOption artifact.Option) (scanner.Scanner, func(), error) {
wire.Build(scanner.RemoteVMSet)
return scanner.Scanner{}, nil, nil
}
11 changes: 8 additions & 3 deletions pkg/commands/artifact/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import (
"github.com/aquasecurity/trivy/pkg/fanal/artifact"
"github.com/aquasecurity/trivy/pkg/fanal/cache"
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/fanal/walker"
"github.com/aquasecurity/trivy/pkg/flag"
"github.com/aquasecurity/trivy/pkg/javadb"
"github.com/aquasecurity/trivy/pkg/log"
Expand Down Expand Up @@ -650,9 +651,8 @@ func initScannerConfig(opts flag.Options, cacheClient cache.Cache) (ScannerConfi
},
ArtifactOption: artifact.Option{
DisabledAnalyzers: disabledAnalyzers(opts),
SkipFiles: opts.SkipFiles,
SkipDirs: opts.SkipDirs,
FilePatterns: opts.FilePatterns,
Parallel: opts.Parallel,
Offline: opts.OfflineScan,
NoProgress: opts.NoProgress || opts.Quiet,
Insecure: opts.Insecure,
Expand All @@ -662,7 +662,6 @@ func initScannerConfig(opts flag.Options, cacheClient cache.Cache) (ScannerConfi
SBOMSources: opts.SBOMSources,
RekorURL: opts.RekorURL,
//Platform: opts.Platform,
Parallel: opts.Parallel,
AWSRegion: opts.Region,
AWSEndpoint: opts.Endpoint,
FileChecksum: fileChecksum,
Expand Down Expand Up @@ -692,6 +691,12 @@ func initScannerConfig(opts flag.Options, cacheClient cache.Cache) (ScannerConfi
Full: opts.LicenseFull,
ClassifierConfidenceLevel: opts.LicenseConfidenceLevel,
},

// For file walking
WalkerOption: walker.Option{
SkipFiles: opts.SkipFiles,
SkipDirs: opts.SkipDirs,
},
},
}, scanOptions, nil
}
Expand Down
10 changes: 2 additions & 8 deletions pkg/commands/artifact/scanner.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ import (

"golang.org/x/xerrors"

"github.com/aquasecurity/trivy/pkg/fanal/walker"
"github.com/aquasecurity/trivy/pkg/scanner"
)

Expand Down Expand Up @@ -110,10 +109,7 @@ func sbomRemoteScanner(ctx context.Context, conf ScannerConfig) (scanner.Scanner

// vmStandaloneScanner initializes a VM scanner in standalone mode
func vmStandaloneScanner(ctx context.Context, conf ScannerConfig) (scanner.Scanner, func(), error) {
// TODO: The walker should be initialized in initializeVMScanner after https://github.com/aquasecurity/trivy/pull/5180
w := walker.NewVM(conf.ArtifactOption.SkipFiles, conf.ArtifactOption.SkipDirs)
s, cleanup, err := initializeVMScanner(ctx, conf.Target, conf.ArtifactCache, conf.LocalArtifactCache,
w, conf.ArtifactOption)
s, cleanup, err := initializeVMScanner(ctx, conf.Target, conf.ArtifactCache, conf.LocalArtifactCache, conf.ArtifactOption)
if err != nil {
return scanner.Scanner{}, func() {}, xerrors.Errorf("unable to initialize a vm scanner: %w", err)
}
Expand All @@ -122,9 +118,7 @@ func vmStandaloneScanner(ctx context.Context, conf ScannerConfig) (scanner.Scann

// vmRemoteScanner initializes a VM scanner in client/server mode
func vmRemoteScanner(ctx context.Context, conf ScannerConfig) (scanner.Scanner, func(), error) {
// TODO: The walker should be initialized in initializeVMScanner after https://github.com/aquasecurity/trivy/pull/5180
w := walker.NewVM(conf.ArtifactOption.SkipFiles, conf.ArtifactOption.SkipDirs)
s, cleanup, err := initializeRemoteVMScanner(ctx, conf.Target, conf.ArtifactCache, w, conf.ServerOption, conf.ArtifactOption)
s, cleanup, err := initializeRemoteVMScanner(ctx, conf.Target, conf.ArtifactCache, conf.ServerOption, conf.ArtifactOption)
if err != nil {
return scanner.Scanner{}, func() {}, xerrors.Errorf("unable to initialize a remote vm scanner: %w", err)
}
Expand Down
23 changes: 15 additions & 8 deletions pkg/commands/artifact/wire_gen.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion pkg/fanal/analyzer/pkg/dpkg/copyright.go
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ func (a *dpkgLicenseAnalyzer) parseCopyright(r xio.ReadSeekerAt) ([]types.Licens
l := strings.TrimSpace(line[8:])

l = normalizeLicense(l)
if len(l) > 0 {
if l != "" {
for _, lic := range licensing.SplitLicenses(l) {
lic = licensing.Normalize(lic)
if !slices.Contains(licenses, lic) {
Expand Down
17 changes: 4 additions & 13 deletions pkg/fanal/artifact/artifact.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,16 +14,14 @@ type Option struct {
AnalyzerGroup analyzer.Group // It is empty in OSS
DisabledAnalyzers []analyzer.Type
DisabledHandlers []types.HandlerType
SkipFiles []string
SkipDirs []string
FilePatterns []string
Parallel int
NoProgress bool
Insecure bool
Offline bool
AppDirs []string
SBOMSources []string
RekorURL string
Parallel int
AWSRegion string
AWSEndpoint string
FileChecksum bool // For SPDX
Expand All @@ -40,14 +38,7 @@ type Option struct {
SecretScannerOption analyzer.SecretScannerOption
LicenseScannerOption analyzer.LicenseScannerOption

// File walk
WalkOption WalkOption
}

// WalkOption is a struct that allows users to define a custom walking behavior.
// This option is only available when using Trivy as an imported library and not through CLI flags.
type WalkOption struct {
ErrorCallback walker.ErrorCallback
WalkerOption walker.Option
}

func (o *Option) AnalyzerOptions() analyzer.AnalyzerOptions {
Expand Down Expand Up @@ -75,8 +66,8 @@ func (o *Option) Sort() {
sort.Slice(o.DisabledAnalyzers, func(i, j int) bool {
return o.DisabledAnalyzers[i] < o.DisabledAnalyzers[j]
})
sort.Strings(o.SkipFiles)
sort.Strings(o.SkipDirs)
sort.Strings(o.WalkerOption.SkipFiles)
sort.Strings(o.WalkerOption.SkipDirs)
sort.Strings(o.FilePatterns)
}

Expand Down
5 changes: 3 additions & 2 deletions pkg/fanal/artifact/image/image.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ func NewArtifact(img types.Image, c cache.ArtifactCache, opt artifact.Option) (a
logger: log.WithPrefix("image"),
image: img,
cache: c,
walker: walker.NewLayerTar(opt.SkipFiles, opt.SkipDirs),
walker: walker.NewLayerTar(opt.WalkerOption),
analyzer: a,
configAnalyzer: ca,
handlerManager: handlerManager,
Expand Down Expand Up @@ -202,7 +202,8 @@ func (a Artifact) inspect(ctx context.Context, missingImage string, layerKeys, b
layerKeyMap map[string]LayerInfo, configFile *v1.ConfigFile) error {

var osFound types.OS
p := parallel.NewPipeline(a.artifactOption.Parallel, false, layerKeys, func(ctx context.Context, layerKey string) (any, error) {
p := parallel.NewPipeline(a.artifactOption.Parallel, false, layerKeys, func(ctx context.Context,
layerKey string) (any, error) {
layer := layerKeyMap[layerKey]

// If it is a base layer, secret scanning should not be performed.
Expand Down
Loading