diff --git a/apk/apk.go b/apk/apk.go index 540c360..241b828 100644 --- a/apk/apk.go +++ b/apk/apk.go @@ -15,7 +15,7 @@ import ( "github.com/aquasecurity/trivy/pkg/log" apkVersion "github.com/knqyf263/go-apk-version" "github.com/samber/lo" - "golang.org/x/exp/slices" + "slices" "github.com/castai/image-analyzer/pathutil" ) diff --git a/artifact.go b/artifact.go index 8b0ea80..91251c8 100644 --- a/artifact.go +++ b/artifact.go @@ -26,7 +26,7 @@ import ( v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/samber/lo" "github.com/sirupsen/logrus" - "golang.org/x/exp/slices" + "slices" "golang.org/x/sync/semaphore" _ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/all" diff --git a/dpkg/copyright.go b/dpkg/copyright.go index 2227880..4cd6a52 100644 --- a/dpkg/copyright.go +++ b/dpkg/copyright.go @@ -3,19 +3,20 @@ package dpkg import ( "bufio" "context" + "fmt" "io" "os" "path/filepath" "regexp" "strings" + "slices" + dio "github.com/aquasecurity/go-dep-parser/pkg/io" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/licensing" "github.com/samber/lo" - "golang.org/x/exp/slices" - "golang.org/x/xerrors" ) // https://github.com/aquasecurity/trivy/blob/v0.50.1/pkg/fanal/analyzer/all/import.go @@ -45,12 +46,12 @@ func (a *dpkgLicenseAnalyzer) Analyze(_ context.Context, input analyzer.Analysis if len(findings) == 0 && a.licenseFull { // Rewind the reader to the beginning of the stream after saving if _, err := input.Content.Seek(0, io.SeekStart); err != nil { - return nil, xerrors.Errorf("seek error: %w", err) + return nil, fmt.Errorf("seek error: %w", err) } licenseFile, err := licensing.Classify(input.FilePath, input.Content, a.classifierConfidenceLevel) if err != nil { - return nil, xerrors.Errorf("license classification error: %w", err) + return nil, fmt.Errorf("license classification error: %w", err) } findings = licenseFile.Findings } diff --git a/dpkg/dpkg.go b/dpkg/dpkg.go index f14fd85..3e1eff8 100644 --- a/dpkg/dpkg.go +++ b/dpkg/dpkg.go @@ -16,7 +16,6 @@ import ( "github.com/castai/image-analyzer/pathutil" debVersion "github.com/knqyf263/go-deb-version" "github.com/samber/lo" - "golang.org/x/xerrors" ) func init() { @@ -98,7 +97,7 @@ func (a dpkgAnalyzer) parseDpkgInfoList(scanner *bufio.Scanner) ([]string, error installedFiles = append(installedFiles, previous) if err := scanner.Err(); err != nil { - return nil, xerrors.Errorf("scan error: %w", err) + return nil, fmt.Errorf("scan error: %w", err) } return installedFiles, nil @@ -124,7 +123,7 @@ func (a dpkgAnalyzer) parseDpkgStatus(ctx context.Context, filePath string, scan } if err := scanner.Err(); err != nil { - return nil, xerrors.Errorf("scan error: %w", err) + return nil, fmt.Errorf("scan error: %w", err) } a.consolidateDependencies(pkgs, pkgIDs) diff --git a/go.mod b/go.mod index c256c9a..f9118e1 100644 --- a/go.mod +++ b/go.mod @@ -19,9 +19,7 @@ require ( github.com/samber/lo v1.39.0 github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.9.0 - golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa golang.org/x/sync v0.6.0 - golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 ) require ( @@ -258,6 +256,7 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect golang.org/x/crypto v0.22.0 // indirect + golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect golang.org/x/mod v0.16.0 // indirect golang.org/x/net v0.24.0 // indirect golang.org/x/oauth2 v0.18.0 // indirect @@ -266,6 +265,7 @@ require ( golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.19.0 // indirect + golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect google.golang.org/api v0.172.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto v0.0.0-20240311173647-c811ad7063a7 // indirect diff --git a/image/daemon/containerd.go b/image/daemon/containerd.go index a855f12..3796e53 100644 --- a/image/daemon/containerd.go +++ b/image/daemon/containerd.go @@ -29,7 +29,6 @@ import ( "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" "github.com/samber/lo" - "golang.org/x/xerrors" ) const ( @@ -40,7 +39,7 @@ const ( func imageWriter(client *containerd.Client, img containerd.Image) imageSave { return func(ctx context.Context, ref []string) (io.ReadCloser, error) { if len(ref) < 1 { - return nil, xerrors.New("no image reference") + return nil, errors.New("no image reference") } imgOpts := archive.WithImage(client.ImageService(), ref[0]) manifestOpts := archive.WithManifest(img.Target()) diff --git a/rpm/rpm.go b/rpm/rpm.go index 47e383a..14d662c 100644 --- a/rpm/rpm.go +++ b/rpm/rpm.go @@ -2,6 +2,7 @@ package rpm import ( "context" + "errors" "fmt" "io" "os" @@ -12,12 +13,12 @@ import ( "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/log" + "slices" + "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/fanal/utils" rpmdb "github.com/knqyf263/go-rpmdb/pkg" "github.com/samber/lo" - "golang.org/x/exp/slices" - "golang.org/x/xerrors" "github.com/castai/image-analyzer/pathutil" ) @@ -45,7 +46,7 @@ var ( "var/lib/rpm/rpmdb.sqlite", } - errUnexpectedNameFormat = xerrors.New("unexpected name format") + errUnexpectedNameFormat = errors.New("unexpected name format") ) var osVendors = []string{ @@ -68,7 +69,7 @@ type rpmPkgAnalyzer struct{} func (a rpmPkgAnalyzer) Analyze(ctx context.Context, input analyzer.AnalysisInput) (*analyzer.AnalysisResult, error) { parsedPkgs, installedFiles, err := a.parsePkgInfo(ctx, input.Content) if err != nil { - return nil, xerrors.Errorf("failed to parse rpmdb: %w", err) + return nil, fmt.Errorf("failed to parse rpmdb: %w", err) } binaryMap := map[string][]string{} @@ -105,7 +106,7 @@ func (a rpmPkgAnalyzer) Analyze(ctx context.Context, input analyzer.AnalysisInpu func (a rpmPkgAnalyzer) parsePkgInfo(ctx context.Context, rc io.Reader) ([]types.Package, map[string][]string, error) { filePath, err := writeToTempFile(rc) if err != nil { - return nil, nil, xerrors.Errorf("temp file error: %w", err) + return nil, nil, fmt.Errorf("temp file error: %w", err) } defer os.RemoveAll(filepath.Dir(filePath)) // Remove the temp dir @@ -113,7 +114,7 @@ func (a rpmPkgAnalyzer) parsePkgInfo(ctx context.Context, rc io.Reader) ([]types // Extract binary package names because RHSA refers to binary package names. db, err := rpmdb.Open(filePath) if err != nil { - return nil, nil, xerrors.Errorf("failed to open RPM DB: %w", err) + return nil, nil, fmt.Errorf("failed to open RPM DB: %w", err) } defer db.Close() @@ -122,7 +123,7 @@ func (a rpmPkgAnalyzer) parsePkgInfo(ctx context.Context, rc io.Reader) ([]types // old version: rpm -qa --qf "%{NAME} %{EPOCH} %{VERSION} %{RELEASE} %{SOURCERPM} %{ARCH}\n" pkgList, err := db.ListPackages() if err != nil { - return nil, nil, xerrors.Errorf("failed to list packages: %w", err) + return nil, nil, fmt.Errorf("failed to list packages: %w", err) } var pkgs []types.Package @@ -150,7 +151,7 @@ func (a rpmPkgAnalyzer) parsePkgInfo(ctx context.Context, rc io.Reader) ([]types if packageProvidedByVendor(pkg.Vendor) { files, err = pkg.InstalledFileNames() if err != nil { - return nil, nil, xerrors.Errorf("unable to get installed files: %w", err) + return nil, nil, fmt.Errorf("unable to get installed files: %w", err) } } @@ -243,22 +244,22 @@ func packageProvidedByVendor(pkgVendor string) bool { func writeToTempFile(rc io.Reader) (string, error) { tmpDir, err := os.MkdirTemp("", "rpm") if err != nil { - return "", xerrors.Errorf("failed to create a temp dir: %w", err) + return "", fmt.Errorf("failed to create a temp dir: %w", err) } filePath := filepath.Join(tmpDir, "Packages") f, err := os.Create(filePath) if err != nil { - return "", xerrors.Errorf("failed to create a package file: %w", err) + return "", fmt.Errorf("failed to create a package file: %w", err) } if _, err = io.Copy(f, rc); err != nil { - return "", xerrors.Errorf("failed to copy a package file: %w", err) + return "", fmt.Errorf("failed to copy a package file: %w", err) } // The temp file must be closed before being opened as Berkeley DB. if err = f.Close(); err != nil { - return "", xerrors.Errorf("failed to close a temp file: %w", err) + return "", fmt.Errorf("failed to close a temp file: %w", err) } return filePath, nil diff --git a/rpm/rpmqa.go b/rpm/rpmqa.go index d69cb2f..0d81045 100644 --- a/rpm/rpmqa.go +++ b/rpm/rpmqa.go @@ -3,14 +3,15 @@ package rpm import ( "bufio" "context" + "fmt" "os" "strings" + "slices" + "github.com/aquasecurity/go-dep-parser/pkg/io" "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/types" - "golang.org/x/exp/slices" - "golang.org/x/xerrors" ) // https://github.com/aquasecurity/trivy/blob/v0.50.1/pkg/fanal/analyzer/all/import.go @@ -33,7 +34,7 @@ type rpmqaPkgAnalyzer struct{} func (a rpmqaPkgAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInput) (*analyzer.AnalysisResult, error) { pkgs, err := a.parseRpmqaManifest(input.Content) if err != nil { - return nil, xerrors.Errorf("failed to parse rpmqa manifest: %w", err) + return nil, fmt.Errorf("failed to parse rpmqa manifest: %w", err) } return &analyzer.AnalysisResult{ PackageInfos: []types.PackageInfo{ @@ -54,7 +55,7 @@ func (a rpmqaPkgAnalyzer) parseRpmqaManifest(r io.ReadSeekerAt) ([]types.Package // %{NAME}\t%{VERSION}-%{RELEASE}\t%{INSTALLTIME}\t%{BUILDTIME}\t%{VENDOR}\t(none)\t%{SIZE}\t%{ARCH}\t%{EPOCHNUM}\t%{SOURCERPM} s := strings.Split(line, "\t") if len(s) != 10 { - return nil, xerrors.Errorf("failed to parse a line (%s)", line) + return nil, fmt.Errorf("failed to parse a line (%s)", line) } name = s[0] arch = s[7] @@ -63,11 +64,11 @@ func (a rpmqaPkgAnalyzer) parseRpmqaManifest(r io.ReadSeekerAt) ([]types.Package ver = verRel[0] rel = verRel[1] } else { - return nil, xerrors.Errorf("failed to split a version (%s)", s[1]) + return nil, fmt.Errorf("failed to split a version (%s)", s[1]) } srcName, srcVer, srcRel, err := splitFileName(sourceRpm) if err != nil { - return nil, xerrors.Errorf("failed to split source rpm: %w", err) + return nil, fmt.Errorf("failed to split source rpm: %w", err) } pkg := types.Package{ Name: name,