diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a308f81..932dfd9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,7 +21,7 @@ jobs: - name: Set up Go uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5 with: - go-version: 1.24 + go-version: 1.24.3 check-latest: true - name: Build and Test @@ -52,7 +52,7 @@ jobs: - name: Set up Go uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5 with: - go-version: 1.24 + go-version: 1.24.3 check-latest: true - name: Build vet diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d5921c3..1bc58bf 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -44,7 +44,7 @@ jobs: - name: Set up Go uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 with: - go-version: 1.24 + go-version: 1.24.3 check-latest: true - name: Initialize CodeQL diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 3a91790..2b74437 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -14,7 +14,7 @@ jobs: steps: - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 with: - go-version: 1.24 + go-version: 1.24.3 cache: false - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 - name: golangci-lint diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index 53b5fc1..b4d751b 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -36,7 +36,7 @@ jobs: - name: Set up Go uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 with: - go-version: 1.24 + go-version: 1.24.3 check-latest: true - name: ghcr-login uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 # v1 diff --git a/.gitignore b/.gitignore index 7c5a6f4..237e061 100644 --- a/.gitignore +++ b/.gitignore @@ -23,3 +23,6 @@ dist/ /.env.dev .vscode/ + +# MacOS specific files +**/.DS_Store diff --git a/.tool-versions b/.tool-versions index 0a5a929..3984c07 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1,2 +1,2 @@ -golang 1.24.1 +golang 1.24.3 gitleaks 8.16.4 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 74b3b93..3e584ca 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -33,7 +33,7 @@ When contributing changes to repository, follow these steps: ### Requirements -* Go 1.22+ +* Go 1.24.3+ ### Install Dependencies diff --git a/Dockerfile b/Dockerfile index 696cd1f..c5bab69 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ -FROM --platform=$BUILDPLATFORM golang:1.24.2-bullseye@sha256:f50ff25f8331682b44c1582974eb9e620fcb08052fc6ed434f93ca24636fc4d6 AS build -# Original: golang:1.24-bullseye +FROM --platform=$BUILDPLATFORM golang:1.24.3-bullseye@sha256:abe2e2bb9bc0342dd1ba2f719af5c6b3859ca9ad93a7d9bcdd21310bda0327e1 AS build +# Original: golang:1.24.3-bullseye WORKDIR /build diff --git a/go.mod b/go.mod index a70aeb9..50cfde9 100644 --- a/go.mod +++ b/go.mod @@ -1,10 +1,10 @@ module github.com/safedep/vet -go 1.24.2 +go 1.24.3 require ( - buf.build/gen/go/safedep/api/grpc/go v1.5.1-20250528015308-9847554fa87b.2 - buf.build/gen/go/safedep/api/protocolbuffers/go v1.36.6-20250528015308-9847554fa87b.1 + buf.build/gen/go/safedep/api/grpc/go v1.5.1-20250610075857-7cfdb61a0bfa.2 + buf.build/gen/go/safedep/api/protocolbuffers/go v1.36.6-20250610075857-7cfdb61a0bfa.1 entgo.io/ent v0.14.4 github.com/AlecAivazis/survey/v2 v2.3.7 github.com/BurntSushi/toml v1.5.0 @@ -37,8 +37,8 @@ require ( github.com/package-url/packageurl-go v0.1.3 github.com/pandatix/go-cvss v0.6.2 github.com/posthog/posthog-go v1.5.11 - github.com/safedep/code v0.0.0-20250513161430-3da0c16c0b53 - github.com/safedep/dry v0.0.0-20250603124321-c8255e47954f + github.com/safedep/code v0.0.0-20250619080228-57f5b7b5e58c + github.com/safedep/dry v0.0.0-20250618113059-9f8b677e299c github.com/sirupsen/logrus v1.9.3 github.com/smacker/go-tree-sitter v0.0.0-20240827094217-dd81d9e9be82 github.com/spdx/tools-golang v0.5.5 diff --git a/go.sum b/go.sum index 3d77b94..1386c92 100644 --- a/go.sum +++ b/go.sum @@ -6,10 +6,10 @@ ariga.io/atlas v0.34.0 h1:4hdy+2x+xNs6Lx2anuJ/4Q7lCaqddbEj5CtRDVOBu0M= ariga.io/atlas v0.34.0/go.mod h1:WJesu2UCpGQvgUh3oVP94EiRT61nNy1W/VN5g+vqP1I= buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.6-20250425153114-8976f5be98c1.1 h1:YhMSc48s25kr7kv31Z8vf7sPUIq5YJva9z1mn/hAt0M= buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.6-20250425153114-8976f5be98c1.1/go.mod h1:avRlCjnFzl98VPaeCtJ24RrV/wwHFzB8sWXhj26+n/U= -buf.build/gen/go/safedep/api/grpc/go v1.5.1-20250528015308-9847554fa87b.2 h1:khFSrG4NF9wz662s5yH5Pxwmg44vmzTLNkeCGNd/DfM= -buf.build/gen/go/safedep/api/grpc/go v1.5.1-20250528015308-9847554fa87b.2/go.mod h1:CKCKo/PyDeai5cwR5zakoEopQ2lnTJx1hlt3TdtqCZw= -buf.build/gen/go/safedep/api/protocolbuffers/go v1.36.6-20250528015308-9847554fa87b.1 h1:qDRO2meiZIFPJwAQQCxy0LemE70XlmjvR+pfh1tGrEY= -buf.build/gen/go/safedep/api/protocolbuffers/go v1.36.6-20250528015308-9847554fa87b.1/go.mod h1:uR95GqsnNCRn6cTyRBte6uMJMm0rEBRxTGpakKCNL9I= +buf.build/gen/go/safedep/api/grpc/go v1.5.1-20250610075857-7cfdb61a0bfa.2 h1:ENbt9SmU2gh4YhjcFqzceJRlg80hsD28M+Oon9l752A= +buf.build/gen/go/safedep/api/grpc/go v1.5.1-20250610075857-7cfdb61a0bfa.2/go.mod h1:WDOWZglnweQ4njVEJpLYYpLMx9fD+e94KbKdt8oJrxY= +buf.build/gen/go/safedep/api/protocolbuffers/go v1.36.6-20250610075857-7cfdb61a0bfa.1 h1:wOZtKj81Wq5fvHf4STR0vxEl8/peoEJkRzuQI+zwE2I= +buf.build/gen/go/safedep/api/protocolbuffers/go v1.36.6-20250610075857-7cfdb61a0bfa.1/go.mod h1:uR95GqsnNCRn6cTyRBte6uMJMm0rEBRxTGpakKCNL9I= cel.dev/expr v0.24.0 h1:56OvJKSH3hDGL0ml5uSxZmz3/3Pq4tJ+fb1unVLAFcY= cel.dev/expr v0.24.0/go.mod h1:hLPLo1W4QUmuYdA72RBX06QTs6MXw941piREPl3Yfiw= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= @@ -1099,10 +1099,10 @@ github.com/ryancurrah/gomodguard v1.3.5/go.mod h1:MXlEPQRxgfPQa62O8wzK3Ozbkv9Rkq github.com/ryanrolds/sqlclosecheck v0.5.1 h1:dibWW826u0P8jNLsLN+En7+RqWWTYrjCB9fJfSfdyCU= github.com/ryanrolds/sqlclosecheck v0.5.1/go.mod h1:2g3dUjoS6AL4huFdv6wn55WpLIDjY7ZgUR4J8HOO/XQ= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/safedep/code v0.0.0-20250513161430-3da0c16c0b53 h1:FU3m6LEBDUaHTBbTNpTXGRV8W26F3JxSPwCUJL6hY08= -github.com/safedep/code v0.0.0-20250513161430-3da0c16c0b53/go.mod h1:a6jPH1Yy0jLg5C1Ud/1GjGoqzH9gMg7WFdxGvbBAmVA= -github.com/safedep/dry v0.0.0-20250603124321-c8255e47954f h1:wlUDnDSp1wPAXrv88eCYd7UlcQGWM7Umogr18n6q2ew= -github.com/safedep/dry v0.0.0-20250603124321-c8255e47954f/go.mod h1:nU5w9Xb5Ja2wq5PU/K8r8r1Dc25ApJXKKqvwju99G2w= +github.com/safedep/code v0.0.0-20250619080228-57f5b7b5e58c h1:ao6OCJyNomRFgpRtVbTEa5KetcPlinf/3rJEkL0Pgz8= +github.com/safedep/code v0.0.0-20250619080228-57f5b7b5e58c/go.mod h1:5gnHWxq6kbun+r3qf52UHD5f9bd36sWhkDLXvPRd4ZA= +github.com/safedep/dry v0.0.0-20250618113059-9f8b677e299c h1:xr6P3xzQqxPx93qbH/LPjyK46oEEA6N0nYyiQSjikkI= +github.com/safedep/dry v0.0.0-20250618113059-9f8b677e299c/go.mod h1:8GbUOzdf46FT4j5h9lw9DdA3wM9NgIVEZjTfkzNe+Cw= github.com/saferwall/pe v1.5.6 h1:DrRLnoQFxHWJ5lJUmrH7X2L0xeUu6SUS95Dc61eW2Yc= github.com/saferwall/pe v1.5.6/go.mod h1:mJx+PuptmNpoPFBNhWs/uDMFL/kTHVZIkg0d4OUJFbQ= github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig= diff --git a/internal/ui/progress.go b/internal/ui/progress.go index 862790c..1300649 100644 --- a/internal/ui/progress.go +++ b/internal/ui/progress.go @@ -44,8 +44,11 @@ func SetPinnedMessageOnProgressWriter(msg string) { } func TrackProgress(message string, total int) any { - tracker := progress.Tracker{Message: message, Total: int64(total), - Units: progress.UnitsDefault} + tracker := progress.Tracker{ + Message: message, + Total: int64(total), + Units: progress.UnitsDefault, + } if progressWriter != nil { progressWriter.AppendTracker(&tracker) diff --git a/main.go b/main.go index 80522f7..a5f94f7 100644 --- a/main.go +++ b/main.go @@ -30,7 +30,7 @@ var ( const ( vetName = "vet" vetInformationURI = "https://github.com/safedep/vet" - vetVendorName = "Safedep" + vetVendorName = "SafeDep" vetVendorInformationURI = "https://safedep.io" ) diff --git a/pkg/common/utils/pointers.go b/pkg/common/utils/pointers.go deleted file mode 100644 index ded10ab..0000000 --- a/pkg/common/utils/pointers.go +++ /dev/null @@ -1,5 +0,0 @@ -package utils - -func PtrTo[T any](v T) *T { - return &v -} diff --git a/pkg/reporter/cyclonedx.go b/pkg/reporter/cyclonedx.go index 126760d..12e38b2 100644 --- a/pkg/reporter/cyclonedx.go +++ b/pkg/reporter/cyclonedx.go @@ -13,7 +13,6 @@ import ( "github.com/safedep/vet/gen/insightapi" "github.com/safedep/vet/pkg/analyzer" "github.com/safedep/vet/pkg/common/logger" - commonUtils "github.com/safedep/vet/pkg/common/utils" "github.com/safedep/vet/pkg/common/utils/regex" sbomUtils "github.com/safedep/vet/pkg/common/utils/sbom" "github.com/safedep/vet/pkg/malysis" @@ -58,13 +57,13 @@ func NewCycloneDXReporter(config CycloneDXReporterConfig) (Reporter, error) { if utils.IsEmptyString(config.SerialNumber) { generatedSerialNumber, err := uuid.NewUUID() if err != nil { - return nil, fmt.Errorf("Failed to generate UUID for CycloneDX serial number: %v", err) + return nil, fmt.Errorf("failed to generate UUID for CycloneDX serial number: %v", err) } bom.SerialNumber = fmt.Sprintf("urn:uuid:%s", generatedSerialNumber.String()) } else { if !cdxUUIDRegexp.MatchString(config.SerialNumber) { - return nil, fmt.Errorf("Serial number '%s' does not match RFC 4122 UUID format", config.SerialNumber) + return nil, fmt.Errorf("serial number '%s' does not match RFC 4122 UUID format", config.SerialNumber) } bom.SerialNumber = config.SerialNumber @@ -74,7 +73,7 @@ func NewCycloneDXReporter(config CycloneDXReporterConfig) (Reporter, error) { Type: cdx.ComponentTypeApplication, Manufacturer: &cdx.OrganizationalEntity{ Name: config.Tool.VendorName, - URL: commonUtils.PtrTo([]string{config.Tool.VendorInformationURI}), + URL: utils.PtrTo([]string{config.Tool.VendorInformationURI}), }, Group: config.Tool.VendorName, Name: config.Tool.Name, @@ -90,18 +89,18 @@ func NewCycloneDXReporter(config CycloneDXReporterConfig) (Reporter, error) { BOMRef: rootComponentBomref, Type: cdx.ComponentTypeApplication, Name: config.ApplicationComponentName, - Components: commonUtils.PtrTo([]cdx.Component{}), + Components: utils.PtrTo([]cdx.Component{}), }, Tools: &cdx.ToolsChoice{ - Components: commonUtils.PtrTo([]cdx.Component{ + Components: utils.PtrTo([]cdx.Component{ toolComponent, }), }, } - bom.Components = commonUtils.PtrTo([]cdx.Component{}) - bom.Vulnerabilities = commonUtils.PtrTo([]cdx.Vulnerability{}) - bom.Dependencies = commonUtils.PtrTo([]cdx.Dependency{}) + bom.Components = utils.PtrTo([]cdx.Component{}) + bom.Vulnerabilities = utils.PtrTo([]cdx.Vulnerability{}) + bom.Dependencies = utils.PtrTo([]cdx.Dependency{}) return &cycloneDXReporter{ config: config, @@ -123,7 +122,7 @@ func (r *cycloneDXReporter) AddManifest(manifest *models.PackageManifest) { r.bomEcosystems[manifest.Ecosystem] = true - r.bom.Metadata.Component.Components = commonUtils.PtrTo(append(*r.bom.Metadata.Component.Components, cdx.Component{ + r.bom.Metadata.Component.Components = utils.PtrTo(append(*r.bom.Metadata.Component.Components, cdx.Component{ Type: cdx.ComponentTypeApplication, Group: manifest.Ecosystem, BOMRef: manifest.Source.GetPath(), @@ -150,16 +149,16 @@ func (r *cycloneDXReporter) addPackage(pkg *models.Package) { Version: pkg.GetVersion(), PackageURL: pkgPurl, BOMRef: pkgPurl, - Licenses: commonUtils.PtrTo(cdx.Licenses(r.resolvePackageLicenses(pkg))), + Licenses: utils.PtrTo(cdx.Licenses(r.resolvePackageLicenses(pkg))), Evidence: &cdx.Evidence{ - Identity: commonUtils.PtrTo([]cdx.EvidenceIdentity{ + Identity: utils.PtrTo([]cdx.EvidenceIdentity{ { Field: cdx.EvidenceIdentityFieldTypePURL, - Confidence: commonUtils.PtrTo(float32(0.7)), - Methods: commonUtils.PtrTo([]cdx.EvidenceIdentityMethod{ + Confidence: utils.PtrTo(float32(0.7)), + Methods: utils.PtrTo([]cdx.EvidenceIdentityMethod{ { Technique: cdx.EvidenceIdentityTechniqueManifestAnalysis, - Confidence: commonUtils.PtrTo(float32(0.7)), + Confidence: utils.PtrTo(float32(0.7)), Value: pkg.Manifest.GetSource().GetPath(), }, }), @@ -274,7 +273,7 @@ func (r *cycloneDXReporter) recordVulnerabilities(pkg *models.Package) { Description: utils.SafelyGetValue(vuln.Summary), Ratings: &ratings, Recommendation: recommendation, - Affects: commonUtils.PtrTo([]cdx.Affects{ + Affects: utils.PtrTo([]cdx.Affects{ { Ref: pkgPurl, }, @@ -312,15 +311,15 @@ func (r *cycloneDXReporter) recordMalware(pkg *models.Package) { BOMRef: malwareBomref, Description: malwareSummary, Credits: &cdx.Credits{ - Organizations: commonUtils.PtrTo([]cdx.OrganizationalEntity{ + Organizations: utils.PtrTo([]cdx.OrganizationalEntity{ { BOMRef: r.config.Tool.VendorName, Name: r.config.Tool.VendorName, - URL: commonUtils.PtrTo([]string{r.config.Tool.VendorInformationURI}), + URL: utils.PtrTo([]string{r.config.Tool.VendorInformationURI}), }, }), }, - Properties: commonUtils.PtrTo([]cdx.Property{ + Properties: utils.PtrTo([]cdx.Property{ { Name: "report-url", Value: malysis.ReportURL(malwareAnalysis.AnalysisId), @@ -330,7 +329,7 @@ func (r *cycloneDXReporter) recordMalware(pkg *models.Package) { Name: r.config.Tool.Name, URL: r.config.Tool.InformationURI, }, - Affects: commonUtils.PtrTo([]cdx.Affects{ + Affects: utils.PtrTo([]cdx.Affects{ { Ref: pkgPurl, }, @@ -351,10 +350,10 @@ func (r *cycloneDXReporter) finaliseBom() { r.bom.Metadata.Timestamp = bomGenerationTime.Format(time.RFC3339) - r.bom.Annotations = commonUtils.PtrTo([]cdx.Annotation{ + r.bom.Annotations = utils.PtrTo([]cdx.Annotation{ { BOMRef: "metadata-annotations", - Subjects: commonUtils.PtrTo([]cdx.BOMReference{ + Subjects: utils.PtrTo([]cdx.BOMReference{ cdx.BOMReference(r.rootComponentBomref), }), Annotator: &cdx.Annotator{ diff --git a/pkg/reporter/cyclonedx_test.go b/pkg/reporter/cyclonedx_test.go index dee8ed1..fd7bc6b 100644 --- a/pkg/reporter/cyclonedx_test.go +++ b/pkg/reporter/cyclonedx_test.go @@ -8,9 +8,8 @@ import ( malysisv1 "buf.build/gen/go/safedep/api/protocolbuffers/go/safedep/messages/malysis/v1" cdx "github.com/CycloneDX/cyclonedx-go" - dryUtils "github.com/safedep/dry/utils" + "github.com/safedep/dry/utils" "github.com/safedep/vet/gen/insightapi" - "github.com/safedep/vet/pkg/common/utils" "github.com/safedep/vet/pkg/models" "github.com/stretchr/testify/assert" ) @@ -68,12 +67,12 @@ func TestNewCycloneDxReporter(t *testing.T) { assert.Equal(t, cdxAppName, generatedBom.Metadata.Component.Name) // Verify tool metadata component - assert.Len(t, dryUtils.SafelyGetValue(dryUtils.SafelyGetValue(generatedBom.Metadata.Tools).Components), 1) - toolComponent := dryUtils.SafelyGetValue(dryUtils.SafelyGetValue(generatedBom.Metadata.Tools).Components)[0] + assert.Len(t, utils.SafelyGetValue(utils.SafelyGetValue(generatedBom.Metadata.Tools).Components), 1) + toolComponent := utils.SafelyGetValue(utils.SafelyGetValue(generatedBom.Metadata.Tools).Components)[0] assert.Equal(t, cdx.ComponentTypeApplication, toolComponent.Type) assert.NotNil(t, toolComponent.Manufacturer) assert.Equal(t, toolComponent.Manufacturer.Name, cdxTestToolMetaData.VendorName) - assert.ElementsMatch(t, dryUtils.SafelyGetValue(toolComponent.Manufacturer.URL), []string{cdxTestToolMetaData.VendorInformationURI}) + assert.ElementsMatch(t, utils.SafelyGetValue(toolComponent.Manufacturer.URL), []string{cdxTestToolMetaData.VendorInformationURI}) assert.Equal(t, cdxTestToolMetaData.VendorName, toolComponent.Group) assert.Equal(t, cdxTestToolMetaData.Name, toolComponent.Name) assert.Equal(t, cdxTestToolMetaData.Version, toolComponent.Version) @@ -208,14 +207,14 @@ func TestCycloneDxReporterManifestWithDeps(t *testing.T) { assert.NoError(t, err) assert.NotNil(t, generatedBom) - assert.Len(t, dryUtils.SafelyGetValue(generatedBom.Metadata.Component.Components), 1) - manifestComponent := dryUtils.SafelyGetValue(generatedBom.Metadata.Component.Components)[0] + assert.Len(t, utils.SafelyGetValue(generatedBom.Metadata.Component.Components), 1) + manifestComponent := utils.SafelyGetValue(generatedBom.Metadata.Component.Components)[0] assert.Equal(t, cdx.ComponentTypeApplication, manifestComponent.Type) assert.Equal(t, string(models.EcosystemNpm), manifestComponent.Group) assert.Equal(t, "test/package-lock.json", manifestComponent.BOMRef) assert.Equal(t, "test/package-lock.json", manifestComponent.Name) - components := dryUtils.SafelyGetValue(generatedBom.Components) + components := utils.SafelyGetValue(generatedBom.Components) assert.NotNil(t, components) assert.Len(t, components, 4) @@ -281,8 +280,8 @@ func TestCycloneDxReporterLicenses(t *testing.T) { assert.NoError(t, err) assert.NotNil(t, generatedBom) - assert.Len(t, dryUtils.SafelyGetValue(generatedBom.Components), 1) - licenses := dryUtils.SafelyGetValue(dryUtils.SafelyGetValue(generatedBom.Components)[0].Licenses) + assert.Len(t, utils.SafelyGetValue(generatedBom.Components), 1) + licenses := utils.SafelyGetValue(utils.SafelyGetValue(generatedBom.Components)[0].Licenses) assert.Len(t, licenses, 1) assert.Equal(t, "MIT", licenses[0].License.ID) assert.Equal(t, "MIT License", licenses[0].License.Name) @@ -346,7 +345,7 @@ func TestCycloneDxReporterVuln(t *testing.T) { assert.NoError(t, err) assert.NotNil(t, generatedBom) - vulns := dryUtils.SafelyGetValue(generatedBom.Vulnerabilities) + vulns := utils.SafelyGetValue(generatedBom.Vulnerabilities) assert.NotNil(t, vulns) assert.Len(t, vulns, 1) @@ -356,14 +355,14 @@ func TestCycloneDxReporterVuln(t *testing.T) { assert.Equal(t, "Test vulnerability", vuln.Description) assert.Equal(t, "Upgrade to version 1.2.0 or later", vuln.Recommendation) - ratings := dryUtils.SafelyGetValue(vuln.Ratings) + ratings := utils.SafelyGetValue(vuln.Ratings) assert.Len(t, ratings, 1) assert.Equal(t, cdx.SeverityHigh, ratings[0].Severity) assert.Equal(t, "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", ratings[0].Vector) assert.Equal(t, cdx.ScoringMethodCVSSv3, ratings[0].Method) assert.Equal(t, utils.PtrTo(7.5), ratings[0].Score) - affects := dryUtils.SafelyGetValue(vuln.Affects) + affects := utils.SafelyGetValue(vuln.Affects) assert.Len(t, affects, 1) assert.Equal(t, "pkg:npm/test-package@1.0.0", affects[0].Ref) } @@ -411,7 +410,7 @@ func TestCycloneDxReporterMalware(t *testing.T) { assert.NoError(t, err) assert.NotNil(t, generatedBom) - vulns := dryUtils.SafelyGetValue(generatedBom.Vulnerabilities) + vulns := utils.SafelyGetValue(generatedBom.Vulnerabilities) assert.NotNil(t, vulns) assert.Len(t, vulns, 1) @@ -421,19 +420,19 @@ func TestCycloneDxReporterMalware(t *testing.T) { assert.Equal(t, "Malware detected by malysis", vuln.Description) assert.Equal(t, "", vuln.Recommendation) - ratings := dryUtils.SafelyGetValue(vuln.Ratings) + ratings := utils.SafelyGetValue(vuln.Ratings) assert.Len(t, ratings, 0) - affects := dryUtils.SafelyGetValue(vuln.Affects) + affects := utils.SafelyGetValue(vuln.Affects) assert.Len(t, affects, 1) assert.Equal(t, "pkg:npm/test-package@1.0.0", affects[0].Ref) assert.Equal(t, cdxTestToolMetaData.Name, vuln.Source.Name) assert.Equal(t, cdxTestToolMetaData.InformationURI, vuln.Source.URL) - assert.Len(t, dryUtils.SafelyGetValue(vuln.Credits.Organizations), 1) - toolOrg := dryUtils.SafelyGetValue(vuln.Credits.Organizations)[0] + assert.Len(t, utils.SafelyGetValue(vuln.Credits.Organizations), 1) + toolOrg := utils.SafelyGetValue(vuln.Credits.Organizations)[0] assert.Equal(t, cdxTestToolMetaData.VendorName, toolOrg.BOMRef) assert.Equal(t, cdxTestToolMetaData.VendorName, toolOrg.Name) - assert.Equal(t, []string{cdxTestToolMetaData.VendorInformationURI}, dryUtils.SafelyGetValue(toolOrg.URL)) + assert.Equal(t, []string{cdxTestToolMetaData.VendorInformationURI}, utils.SafelyGetValue(toolOrg.URL)) } diff --git a/pkg/reporter/gitlab_test.go b/pkg/reporter/gitlab_test.go index 2cd007a..f7bf839 100644 --- a/pkg/reporter/gitlab_test.go +++ b/pkg/reporter/gitlab_test.go @@ -10,11 +10,11 @@ import ( malysisv1 "buf.build/gen/go/safedep/api/protocolbuffers/go/safedep/messages/malysis/v1" "github.com/google/osv-scanner/pkg/lockfile" + "github.com/safedep/dry/utils" "github.com/safedep/vet/gen/checks" "github.com/safedep/vet/gen/filtersuite" "github.com/safedep/vet/gen/insightapi" "github.com/safedep/vet/pkg/analyzer" - "github.com/safedep/vet/pkg/common/utils" "github.com/safedep/vet/pkg/malysis" "github.com/safedep/vet/pkg/models" "github.com/stretchr/testify/assert" @@ -28,7 +28,7 @@ func getGitLabReporter(reportPath string) (*gitLabReporter, error) { Name: "vet", Version: "latest", InformationURI: "https://github.com/safedep/vet", - VendorName: "safedep", + VendorName: "SafeDep", }, }) } @@ -66,7 +66,7 @@ func TestGitLabReporter(t *testing.T) { assert.Equal(t, "15.2.1", report.Version) assert.Equal(t, "dependency_scanning", report.Scan.Type) assert.Equal(t, "vet", report.Scan.Scanner.ID) - assert.Equal(t, "safedep", report.Scan.Scanner.Vendor.Name) + assert.Equal(t, "SafeDep", report.Scan.Scanner.Vendor.Name) assert.Empty(t, report.Vulnerabilities) }) diff --git a/pkg/reporter/json_report_test.go b/pkg/reporter/json_report_test.go index 9613a9c..3b50320 100644 --- a/pkg/reporter/json_report_test.go +++ b/pkg/reporter/json_report_test.go @@ -104,7 +104,7 @@ func TestJsonRepoGenerator(t *testing.T) { Name: "vet", Version: "latest", InformationURI: "https://github.com/safedep/vet", - VendorName: "safedep", + VendorName: "SafeDep", }, }) diff --git a/pkg/reporter/sarif_builder_test.go b/pkg/reporter/sarif_builder_test.go index dc0f99f..63599ca 100644 --- a/pkg/reporter/sarif_builder_test.go +++ b/pkg/reporter/sarif_builder_test.go @@ -121,7 +121,7 @@ var toolMetadata = ToolMetadata{ Name: "vet", Version: "latest", InformationURI: "https://github.com/safedep/vet", - VendorName: "safedep", + VendorName: "SafeDep", } func TestSarifBuilderReport(t *testing.T) {