refactor: add scanResponse

aquasecurity · Feb 18, 2025 · 945ddc3 · 945ddc3
1 parent 75c8c64
commit 945ddc3
Show file tree

Hide file tree

Showing 8 changed files with 566 additions and 535 deletions.
diff --git a/pkg/rpc/client/client.go b/pkg/rpc/client/client.go
@@ -9,7 +9,6 @@ import (
 	"github.com/twitchtv/twirp"
 	"golang.org/x/xerrors"
 
-	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
 	r "github.com/aquasecurity/trivy/pkg/rpc"
 	"github.com/aquasecurity/trivy/pkg/types"
 	xstrings "github.com/aquasecurity/trivy/pkg/x/strings"
@@ -68,7 +67,7 @@ func NewScanner(scannerOptions ScannerOption, opts ...Option) Scanner {
 }
 
 // Scan scans the image
-func (s Scanner) Scan(ctx context.Context, target, artifactKey string, blobKeys []string, opts types.ScanOptions) (types.Results, ftypes.OS, ftypes.LayersMetadata, error) {
+func (s Scanner) Scan(ctx context.Context, target, artifactKey string, blobKeys []string, opts types.ScanOptions) (types.ScanResponse, error) {
 	ctx = WithCustomHeaders(ctx, s.customHeaders)
 
 	// Convert to the rpc struct
@@ -104,8 +103,12 @@ func (s Scanner) Scan(ctx context.Context, target, artifactKey string, blobKeys
 		return err
 	})
 	if err != nil {
-		return nil, ftypes.OS{}, nil, xerrors.Errorf("failed to detect vulnerabilities via RPC: %w", err)
+		return types.ScanResponse{}, xerrors.Errorf("failed to detect vulnerabilities via RPC: %w", err)
 	}
 
-	return r.ConvertFromRPCResults(res.Results), r.ConvertFromRPCOS(res.Os), r.ConvertFromRPCLayersMetadata(res.LayersMetadata), nil
+	return types.ScanResponse{
+		Results:        r.ConvertFromRPCResults(res.Results),
+		OS:             r.ConvertFromRPCOS(res.Os),
+		LayersMetadata: r.ConvertFromRPCLayersMetadata(res.LayersMetadata),
+	}, nil
 }
diff --git a/pkg/rpc/client/client_test.go b/pkg/rpc/client/client_test.go
@@ -35,8 +35,7 @@ func TestScanner_Scan(t *testing.T) {
 		customHeaders http.Header
 		args          args
 		expectation   *rpc.ScanResponse
-		wantResults   types.Results
-		wantOS        ftypes.OS
+		want          types.ScanResponse
 		wantEosl      bool
 		wantErr       string
 	}{
@@ -106,54 +105,56 @@ func TestScanner_Scan(t *testing.T) {
 					},
 				},
 			},
-			wantResults: types.Results{
-				{
-					Target: "alpine:3.11",
-					Vulnerabilities: []types.DetectedVulnerability{
-						{
-							VulnerabilityID:  "CVE-2020-0001",
-							PkgName:          "musl",
-							InstalledVersion: "1.2.3",
-							FixedVersion:     "1.2.4",
-							Vulnerability: dbTypes.Vulnerability{
-								Title:       "DoS",
-								Description: "Denial os Service",
-								Severity:    "CRITICAL",
-								References:  []string{"http://example.com"},
-								VendorSeverity: dbTypes.VendorSeverity{
-									vulnerability.NVD:    dbTypes.SeverityMedium,
-									vulnerability.RedHat: dbTypes.SeverityMedium,
-								},
-								CVSS: dbTypes.VendorCVSS{
-									"nvd": {
-										V2Vector: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
-										V3Vector: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
-										V2Score:  7.2,
-										V3Score:  7.8,
+			want: types.ScanResponse{
+				Results: types.Results{
+					{
+						Target: "alpine:3.11",
+						Vulnerabilities: []types.DetectedVulnerability{
+							{
+								VulnerabilityID:  "CVE-2020-0001",
+								PkgName:          "musl",
+								InstalledVersion: "1.2.3",
+								FixedVersion:     "1.2.4",
+								Vulnerability: dbTypes.Vulnerability{
+									Title:       "DoS",
+									Description: "Denial os Service",
+									Severity:    "CRITICAL",
+									References:  []string{"http://example.com"},
+									VendorSeverity: dbTypes.VendorSeverity{
+										vulnerability.NVD:    dbTypes.SeverityMedium,
+										vulnerability.RedHat: dbTypes.SeverityMedium,
 									},
-									"redhat": {
-										V2Vector: "AV:H/AC:L/Au:N/C:C/I:C/A:C",
-										V3Vector: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
-										V2Score:  4.2,
-										V3Score:  2.8,
+									CVSS: dbTypes.VendorCVSS{
+										"nvd": {
+											V2Vector: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
+											V3Vector: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+											V2Score:  7.2,
+											V3Score:  7.8,
+										},
+										"redhat": {
+											V2Vector: "AV:H/AC:L/Au:N/C:C/I:C/A:C",
+											V3Vector: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+											V2Score:  4.2,
+											V3Score:  2.8,
+										},
 									},
+									CweIDs:           []string{"CWE-78"},
+									LastModifiedDate: utils.MustTimeParse("2020-01-01T01:01:00Z"),
+									PublishedDate:    utils.MustTimeParse("2001-01-01T01:01:00Z"),
+								},
+								SeveritySource: "nvd",
+								Layer: ftypes.Layer{
+									DiffID: "sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10",
 								},
-								CweIDs:           []string{"CWE-78"},
-								LastModifiedDate: utils.MustTimeParse("2020-01-01T01:01:00Z"),
-								PublishedDate:    utils.MustTimeParse("2001-01-01T01:01:00Z"),
-							},
-							SeveritySource: "nvd",
-							Layer: ftypes.Layer{
-								DiffID: "sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10",
 							},
 						},
 					},
 				},
-			},
-			wantOS: ftypes.OS{
-				Family: "alpine",
-				Name:   "3.11",
-				Eosl:   true,
+				OS: ftypes.OS{
+					Family: "alpine",
+					Name:   "3.11",
+					Eosl:   true,
+				},
 			},
 		},
 		{
@@ -198,7 +199,7 @@ func TestScanner_Scan(t *testing.T) {
 
 			s := NewScanner(ScannerOption{CustomHeaders: tt.customHeaders}, WithRPCClient(client))
 
-			gotResults, gotOS, _, err := s.Scan(context.Background(), tt.args.target, tt.args.imageID, tt.args.layerIDs, tt.args.options)
+			gotResponse, err := s.Scan(context.Background(), tt.args.target, tt.args.imageID, tt.args.layerIDs, tt.args.options)
 
 			if tt.wantErr != "" {
 				require.Error(t, err, tt.name)
@@ -207,8 +208,7 @@ func TestScanner_Scan(t *testing.T) {
 			}
 
 			require.NoError(t, err, tt.name)
-			assert.Equal(t, tt.wantResults, gotResults)
-			assert.Equal(t, tt.wantOS, gotOS)
+			assert.Equal(t, tt.want, gotResponse)
 		})
 	}
 }
@@ -242,7 +242,7 @@ func TestScanner_ScanServerInsecure(t *testing.T) {
 				},
 			})
 			s := NewScanner(ScannerOption{Insecure: tt.insecure}, WithRPCClient(c))
-			_, _, _, err := s.Scan(context.Background(), "dummy", "", nil, types.ScanOptions{})
+			_, err := s.Scan(context.Background(), "dummy", "", nil, types.ScanOptions{})
 
 			if tt.wantErr != "" {
 				require.Error(t, err)

diff --git a/pkg/rpc/convert.go b/pkg/rpc/convert.go
@@ -973,9 +973,9 @@ func ConvertToMissingBlobsRequest(imageID string, layerIDs []string) *cache.Miss
 }
 
 // ConvertToRPCScanResponse converts types.Result to ScanResponse
-func ConvertToRPCScanResponse(results types.Results, fos ftypes.OS, layersMetadata ftypes.LayersMetadata) *scanner.ScanResponse {
+func ConvertToRPCScanResponse(response types.ScanResponse) *scanner.ScanResponse {
 	var rpcResults []*scanner.Result
-	for _, result := range results {
+	for _, result := range response.Results {
 		secretFindings := lo.Map(result.Secrets, func(s types.DetectedSecret, _ int) ftypes.SecretFinding {
 			return ftypes.SecretFinding(s)
 		})
@@ -993,8 +993,8 @@ func ConvertToRPCScanResponse(results types.Results, fos ftypes.OS, layersMetada
 	}
 
 	return &scanner.ScanResponse{
-		Os:             ConvertToRPCOS(fos),
-		LayersMetadata: ConvertToRPCLayersMetadata(layersMetadata),
+		Os:             ConvertToRPCOS(response.OS),
+		LayersMetadata: ConvertToRPCLayersMetadata(response.LayersMetadata),
 		Results:        rpcResults,
 	}
 }

diff --git a/pkg/rpc/server/server.go b/pkg/rpc/server/server.go
@@ -45,12 +45,12 @@ func teeError(err error) error {
 // Scan scans and return response
 func (s *ScanServer) Scan(ctx context.Context, in *rpcScanner.ScanRequest) (*rpcScanner.ScanResponse, error) {
 	options := s.ToOptions(in.Options)
-	results, os, layersMetadata, err := s.localScanner.Scan(ctx, in.Target, in.ArtifactId, in.BlobIds, options)
+	scanResponse, err := s.localScanner.Scan(ctx, in.Target, in.ArtifactId, in.BlobIds, options)
 	if err != nil {
 		return nil, teeError(xerrors.Errorf("failed scan, %s: %w", in.Target, err))
 	}
 
-	return rpc.ConvertToRPCScanResponse(results, os, layersMetadata), nil
+	return rpc.ConvertToRPCScanResponse(scanResponse), nil
 }
 
 func (s *ScanServer) ToOptions(in *rpcScanner.ScanOptions) types.ScanOptions {

diff --git a/pkg/scanner/local/scan.go b/pkg/scanner/local/scan.go
@@ -62,7 +62,7 @@ func NewScanner(a applier.Applier, osPkgScanner ospkg.Scanner, langPkgScanner la
 
 // Scan scans the artifact and return results.
 func (s Scanner) Scan(ctx context.Context, targetName, artifactKey string, blobKeys []string, options types.ScanOptions) (
-	types.Results, ftypes.OS, ftypes.LayersMetadata, error) {
+	types.ScanResponse, error) {
 	detail, err := s.applier.ApplyLayers(artifactKey, blobKeys)
 	switch {
 	case errors.Is(err, analyzer.ErrUnknownOS):
@@ -88,7 +88,7 @@ func (s Scanner) Scan(ctx context.Context, targetName, artifactKey string, blobK
 		log.Warn("No OS package is detected. Make sure you haven't deleted any files that contain information about the installed packages.")
 		log.Warn(`e.g. files under "/lib/apk/db/", "/var/lib/dpkg/" and "/var/lib/rpm"`)
 	case err != nil:
-		return nil, ftypes.OS{}, nil, xerrors.Errorf("failed to apply layers: %w", err)
+		return types.ScanResponse{}, xerrors.Errorf("failed to apply layers: %w", err)
 	}
 
 	if !lo.IsEmpty(options.Distro) && !lo.IsEmpty(detail.OS) {
@@ -111,9 +111,13 @@ func (s Scanner) Scan(ctx context.Context, targetName, artifactKey string, blobK
 
 	results, os, err := s.ScanTarget(ctx, target, options)
 	if err != nil {
-		return nil, ftypes.OS{}, ftypes.LayersMetadata{}, err
+		return types.ScanResponse{}, err
 	}
-	return results, os, detail.LayersMetadata, nil
+	return types.ScanResponse{
+		Results:        results,
+		OS:             os,
+		LayersMetadata: detail.LayersMetadata,
+	}, nil
 }
 
 func (s Scanner) ScanTarget(ctx context.Context, target types.ScanTarget, options types.ScanOptions) (types.Results, ftypes.OS, error) {