diff --git a/.github/README.md b/.github/README.md index 05a7a712..a505dcb0 100644 --- a/.github/README.md +++ b/.github/README.md @@ -260,7 +260,7 @@ For v1.0.10 and below, if the time is abnormally long and error information abou After setting, save `config.json` to the same folder of opensca-cli.exe and execute the command. Eg: ```shell -opensca-cli -url https://opensca.xmirror.cn -token {token} -path {path} -out output.html -config config.json +opensca-cli -token {token} -path {path} -out output.html -config config.json ``` Users of v1.0.5 and below may have to modify the source code. We recommend an upgrade to higher versions. diff --git a/.github/workflows/publish_docker_images.yml b/.github/workflows/publish_docker_images.yml index 639c3b2c..9216b961 100644 --- a/.github/workflows/publish_docker_images.yml +++ b/.github/workflows/publish_docker_images.yml @@ -51,8 +51,8 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Convert to lowercase run: | - echo "ghcr.io/${{ github.repository }}/opensca-cli:latest" | tr '[:upper:]' '[:lower:]' >> ${GITHUB_ENV} - echo "ghcr.io/${{ github.repository }}/opensca-cli:${{ env.VERSION }}" | tr '[:upper:]' '[:lower:]' >> ${GITHUB_ENV} + echo "LATEST_TAG=ghcr.io/${{ github.repository }}/opensca-cli:latest" | tr '[:upper:]' '[:lower:]' >> ${GITHUB_ENV} + echo "VERSION_TAG=ghcr.io/${{ github.repository }}/opensca-cli:${{ env.VERSION }}" | tr '[:upper:]' '[:lower:]' >> ${GITHUB_ENV} - name: Build and push to GitHub Packages uses: docker/build-push-action@v5 with: @@ -62,4 +62,4 @@ jobs: push: true build-args: | VERSION=${{ env.VERSION }} - tags: ghcr.io/${{ github.repository }}/opensca-cli:latest, ghcr.io/${{ github.repository }}/opensca-cli:${{ env.VERSION }} + tags: ${{ env.LATEST_TAG }}, ${{ env.VERSION_TAG }} diff --git a/.github/workflows/update_package_managers.yml b/.github/workflows/update_package_managers.yml new file mode 100644 index 00000000..eac587d8 --- /dev/null +++ b/.github/workflows/update_package_managers.yml @@ -0,0 +1,21 @@ +name: Update Package Managers + +on: + push: + tags: + - v*.*.* + workflow_dispatch: + inputs: + tag-name: + description: 'The version to upgrade' + required: true + +jobs: + homebrew: + runs-on: ubuntu-latest + steps: + - uses: mislav/bump-homebrew-formula-action@v3 + with: + formula-name: opensca-cli + env: + COMMITTER_TOKEN: ${{ secrets.COMMITTER_TOKEN }} diff --git a/README.md b/README.md index 27781a51..0b8d74e6 100644 --- a/README.md +++ b/README.md @@ -96,6 +96,7 @@ | `out` | `string` | 根据后缀生成报告 | `-out out.json,out.html` | | `log` | `string` | 指定日志文件路径 | `-log my_log.txt` | | `token` | `string` | 云端服务`token` | `-token xxx` | +| `proj` | `string` | saas项目`token` | `-proj xxx` | 完整的检测参数需在配置文件中配置 (*v3.0.0开始url参数不再通过命令行指定,默认为OpenSCA云漏洞库服务`https://opensca.xmirror.cn/`,也可通过配置文件指定其他数据格式相符的云漏洞库;使用过往版本可在命令行或配置文件指定url参数。) @@ -148,12 +149,12 @@ docker run -ti --rm -v ${PWD}:/src opensca/opensca-cli -token ${put_your_token_h 如需在`docker`容器中使用配置文件,将`config.json`放到`src`挂载目录即可。也可以使用`-config`指定其他容器内路径。 不同终端挂载当前目录的写法不同,常见的几种终端写法如下: -|terminal|pwd| -|-|-| -|`bash`|`$(pwd)`| -|`zsh`|`${PWD}`| -|`cmd`|`%cd%`| -|`powershell`|`(Get-Location).Path`| +| terminal | pwd | +| ------------ | --------------------- | +| `bash` | `$(pwd)` | +| `zsh` | `${PWD}` | +| `cmd` | `%cd%` | +| `powershell` | `(Get-Location).Path` | 更多信息请参考 [Docker Hub 主页](https://hub.docker.com/r/opensca/opensca-cli) @@ -262,7 +263,7 @@ v1.0.10及更低版本使用时如遇检测速度异常慢、日志文件中有m 设置完毕后,确保配置文件和opensca-cli在同一目录下,执行opensca-cli检测命令加上-config congif.json即可,示例: ```shell -opensca-cli -url https://opensca.xmirror.cn -token {token} -path {path} -out output.html -config config.json +opensca-cli -token {token} -path {path} -out output.html -config config.json ``` v1.0.5及更低版本需要自行修改源码配置镜像库地址,建议升级到更高版本。 diff --git a/cmd/config/config.go b/cmd/config/config.go index 1cfbf8ff..ea3a38f0 100644 --- a/cmd/config/config.go +++ b/cmd/config/config.go @@ -6,8 +6,8 @@ import ( "path/filepath" "github.com/titanous/json5" - "github.com/xmirrorsecurity/opensca-cli/opensca/common" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/common" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" ) type Config struct { @@ -26,7 +26,7 @@ type BaseConfig struct { type OriginConfig struct { Url string `json:"url"` Token string `json:"token"` - Uid string `json:"uid"` + Proj *string `json:"proj"` Json string `json:"json"` Mysql SqlOrigin `json:"mysql"` Sqlite SqlOrigin `json:"sqlite"` @@ -66,8 +66,8 @@ func WriteConfig(write func(config *Config)) { } } -// loadDefaultConfig 加载默认配置 -func loadDefaultConfig() bool { +// loadDefaultConfig 加载默认配置 返回使用的配置文件 +func loadDefaultConfig() string { defaultConfigPaths := []string{} @@ -91,21 +91,20 @@ func loadDefaultConfig() bool { err := json5.Unmarshal(data, &_config) if err == nil { logs.Debugf("load config %s", config) - return true + return config } } } - return false + return "" } -// LoadConfig 加载配置文件 -func LoadConfig(filepath string) { +// LoadConfig 加载配置文件 返回使用的配置文件 +func LoadConfig(filepath string) string { if filepath == "" { logs.Debug("use default config") - loadDefaultConfig() - return + return loadDefaultConfig() } if _, err := os.Stat(filepath); err != nil { @@ -122,6 +121,8 @@ func LoadConfig(filepath string) { if err != nil { logs.Warnf("unmarshal file %s error: %v", filepath, err) } + + return filepath } var defalutConfigJson []byte diff --git a/cmd/detail/client.go b/cmd/detail/client.go index bd7df874..05fb07be 100644 --- a/cmd/detail/client.go +++ b/cmd/detail/client.go @@ -16,8 +16,8 @@ import ( "path/filepath" "regexp" - "github.com/xmirrorsecurity/opensca-cli/cmd/config" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/cmd/config" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" "github.com/pkg/errors" ) diff --git a/cmd/detail/detail.go b/cmd/detail/detail.go index ad7e2510..f292f49d 100644 --- a/cmd/detail/detail.go +++ b/cmd/detail/detail.go @@ -8,9 +8,9 @@ import ( "time" "github.com/pkg/errors" - "github.com/xmirrorsecurity/opensca-cli/cmd/config" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/cmd/config" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" ) type DepDetailGraph struct { diff --git a/cmd/detail/login.go b/cmd/detail/login.go index 4854a394..f1dbf882 100644 --- a/cmd/detail/login.go +++ b/cmd/detail/login.go @@ -2,31 +2,72 @@ package detail import ( "bufio" + "bytes" + "crypto/md5" + "encoding/hex" + "encoding/json" + "errors" "fmt" - "golang.org/x/term" + "io" + "net/http" "os" + "strings" + + "github.com/xmirrorsecurity/opensca-cli/v3/cmd/config" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" + "golang.org/x/term" ) -func Login() { +func Login() error { fmt.Println("Log in with your username to access cloud-based software supply-chain risk data from OpenSCA SaaS.") fmt.Println("If you don't have an account, please register at https://opensca.xmirror.cn/") - fmt.Print("Enter username: ") + fmt.Print("Enter username or email: ") username, err := bufio.NewReader(os.Stdin).ReadString('\n') + username = strings.TrimSpace(username) if err != nil { - fmt.Println(err) - return + return err } + fmt.Print("Enter password: ") password, err := term.ReadPassword(int(os.Stdin.Fd())) + password = bytes.TrimSpace(password) + if err != nil { + return err + } + + m := md5.New() + m.Write(password) + pswdmd5 := hex.EncodeToString(m.Sum(nil)) + + fmt.Printf("\n%s login ...\n", username) + + url := config.Conf().Origin.Url + "/oss-saas/api-v1/open-sca-client/token" + url += fmt.Sprintf("?usernameOrEmail=%s&password=%s", username, pswdmd5) + + resp, err := http.DefaultClient.Get(url) if err != nil { - fmt.Println(err) - return + return err } + defer resp.Body.Close() - // TODO:登录逻辑 - fmt.Println() - fmt.Println("username: ", username, "password: ", string(password)) + data, err := io.ReadAll(resp.Body) + if err != nil { + return err + } + logs.Debugf("login response: %s", string(data)) + + loginResp := struct { + Code int `json:"code"` + Message string `json:"message"` + Data string `json:"data"` + }{} + json.Unmarshal(data, &loginResp) + if loginResp.Code == 0 && loginResp.Message == "success" { + config.Conf().Origin.Token = loginResp.Data + } else { + return errors.New(loginResp.Message) + } - os.Exit(0) + return nil } diff --git a/cmd/detail/origin.go b/cmd/detail/origin.go index 478e916f..ba70f43c 100644 --- a/cmd/detail/origin.go +++ b/cmd/detail/origin.go @@ -9,8 +9,8 @@ import ( "sync" "time" - "github.com/xmirrorsecurity/opensca-cli/cmd/config" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/cmd/config" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" "gorm.io/driver/mysql" "gorm.io/driver/sqlite" "gorm.io/gorm" diff --git a/cmd/format/csv.go b/cmd/format/csv.go index ff6cfdb5..43e8f74e 100644 --- a/cmd/format/csv.go +++ b/cmd/format/csv.go @@ -4,7 +4,7 @@ import ( "fmt" "io" - "github.com/xmirrorsecurity/opensca-cli/cmd/detail" + "github.com/xmirrorsecurity/opensca-cli/v3/cmd/detail" ) func Csv(report Report, out string) { diff --git a/cmd/format/cyclonedx.go b/cmd/format/cyclonedx.go index 629e20ab..b783ef98 100644 --- a/cmd/format/cyclonedx.go +++ b/cmd/format/cyclonedx.go @@ -5,7 +5,7 @@ import ( "strings" "github.com/CycloneDX/cyclonedx-go" - "github.com/xmirrorsecurity/opensca-cli/cmd/detail" + "github.com/xmirrorsecurity/opensca-cli/v3/cmd/detail" ) func cyclonedxbom(dep *detail.DepDetailGraph) *cyclonedx.BOM { diff --git a/cmd/format/dsdx.go b/cmd/format/dsdx.go index 5431b5f6..700334bc 100644 --- a/cmd/format/dsdx.go +++ b/cmd/format/dsdx.go @@ -5,9 +5,9 @@ import ( "encoding/xml" "io" - "github.com/xmirrorsecurity/opensca-cli/cmd/detail" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/cmd/detail" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" ) func Dsdx(report Report, out string) { diff --git a/cmd/format/html.go b/cmd/format/html.go index 2c00923c..99bbad36 100644 --- a/cmd/format/html.go +++ b/cmd/format/html.go @@ -6,8 +6,8 @@ import ( "encoding/json" "io" - "github.com/xmirrorsecurity/opensca-cli/cmd/detail" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/cmd/detail" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" ) //go:embed html_tpl diff --git a/cmd/format/saas.go b/cmd/format/saas.go index 64ce56ad..7637771c 100644 --- a/cmd/format/saas.go +++ b/cmd/format/saas.go @@ -2,16 +2,18 @@ package format import ( "bytes" + "encoding/json" + "fmt" "io" "mime/multipart" "net/http" "os" "strconv" - uuid "github.com/satori/go.uuid" - "github.com/xmirrorsecurity/opensca-cli/cmd/config" - "github.com/xmirrorsecurity/opensca-cli/opensca/common" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" + "github.com/google/uuid" + "github.com/xmirrorsecurity/opensca-cli/v3/cmd/config" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/common" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" ) // Saas 向saas平台发送检测报告 @@ -19,20 +21,25 @@ func Saas(report Report) error { url := config.Conf().Origin.Url token := config.Conf().Origin.Token - uid := config.Conf().Origin.Uid + proj := config.Conf().Origin.Proj - if url == "" || token == "" { + if url == "" || token == "" || proj == nil { return nil } body := &bytes.Buffer{} w := multipart.NewWriter(body) w.WriteField("token", token) - w.WriteField("projectUid", uid) + w.WriteField("projectUid", *proj) w.WriteField("detectOrigin", strconv.Itoa(5)) - // dsdxFile - dsdxFile, err := w.CreateFormFile("dsdxFile", uuid.NewV4().String()+".dsdx") + uid, err := uuid.NewV6() + if err != nil { + return err + } + + // dsdx + dsdxWriter, err := w.CreateFormFile("dsdxFile", uid.String()+".dsdx") if err != nil { return err } @@ -40,15 +47,15 @@ func Saas(report Report) error { f.Close() defer os.Remove(f.Name()) Dsdx(report, f.Name()) - dsdx, err := os.Open(f.Name()) + dsdxFile, err := os.Open(f.Name()) if err != nil { return err } - defer dsdx.Close() - io.Copy(dsdxFile, dsdx) + defer dsdxFile.Close() + io.Copy(dsdxWriter, dsdxFile) - // jsonFile - jsonFile, err := w.CreateFormFile("jsonFile", uuid.NewV4().String()+".json") + // json + jsonWriter, err := w.CreateFormFile("jsonFile", uid.String()+".json") if err != nil { return err } @@ -56,12 +63,12 @@ func Saas(report Report) error { f.Close() defer os.Remove(f.Name()) Json(report, f.Name()) - json, err := os.Open(f.Name()) + jsonFile, err := os.Open(f.Name()) if err != nil { return err } - defer json.Close() - io.Copy(jsonFile, json) + defer jsonFile.Close() + io.Copy(jsonWriter, jsonFile) w.Close() @@ -81,6 +88,16 @@ func Saas(report Report) error { return err } logs.Debugf("saas resp: %s", string(data)) + saasResp := struct { + Code int `json:"code"` + Message string `json:"message"` + Data string `json:"data"` + }{} + json.Unmarshal(data, &saasResp) + if saasResp.Code == 0 && saasResp.Message == "success" { + logs.Infof("saas url: %s/%s", url, saasResp.Data) + fmt.Printf("saas url: %s/%s\n", url, saasResp.Data) + } return nil } diff --git a/cmd/format/save.go b/cmd/format/save.go index d5079b51..68f97d86 100644 --- a/cmd/format/save.go +++ b/cmd/format/save.go @@ -7,8 +7,8 @@ import ( "path/filepath" "strings" - "github.com/xmirrorsecurity/opensca-cli/cmd/detail" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/cmd/detail" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" ) type Report struct { diff --git a/cmd/format/spdx.go b/cmd/format/spdx.go index 5306eb86..cd8a457f 100644 --- a/cmd/format/spdx.go +++ b/cmd/format/spdx.go @@ -5,9 +5,9 @@ import ( "encoding/xml" "io" - "github.com/xmirrorsecurity/opensca-cli/cmd/detail" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/cmd/detail" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" ) func Spdx(report Report, out string) { diff --git a/cmd/format/sqlite.go b/cmd/format/sqlite.go index b452bebc..625f66eb 100644 --- a/cmd/format/sqlite.go +++ b/cmd/format/sqlite.go @@ -7,8 +7,8 @@ import ( "path/filepath" "strings" - "github.com/xmirrorsecurity/opensca-cli/cmd/detail" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/cmd/detail" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" _ "github.com/glebarez/go-sqlite" ) diff --git a/cmd/format/statis.go b/cmd/format/statis.go index 60140f51..14911f51 100644 --- a/cmd/format/statis.go +++ b/cmd/format/statis.go @@ -3,7 +3,7 @@ package format import ( "fmt" - "github.com/xmirrorsecurity/opensca-cli/cmd/detail" + "github.com/xmirrorsecurity/opensca-cli/v3/cmd/detail" ) // Statis 统计概览信息 diff --git a/cmd/format/swid.go b/cmd/format/swid.go index 0aa7c3b2..78c61df8 100644 --- a/cmd/format/swid.go +++ b/cmd/format/swid.go @@ -8,8 +8,8 @@ import ( "path/filepath" "strings" - "github.com/xmirrorsecurity/opensca-cli/cmd/detail" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/cmd/detail" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" "github.com/veraison/swid" ) diff --git a/cmd/ui/ui.go b/cmd/ui/ui.go index 20577131..a7af9048 100644 --- a/cmd/ui/ui.go +++ b/cmd/ui/ui.go @@ -8,9 +8,9 @@ import ( "github.com/gdamore/tcell/v2" "github.com/rivo/tview" - "github.com/xmirrorsecurity/opensca-cli/cmd/detail" - "github.com/xmirrorsecurity/opensca-cli/cmd/format" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/cmd/detail" + "github.com/xmirrorsecurity/opensca-cli/v3/cmd/format" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" ) var ( diff --git a/config.json b/config.json index 78b82011..6b97677a 100644 --- a/config.json +++ b/config.json @@ -86,8 +86,8 @@ "url": "https://opensca.xmirror.cn", // opensca web service token "token": "", - // opensca saas uid, not required - "uid": "", + // opensca saas project id, not required + // "proj": "", // json dbfile "json": "", diff --git a/docker/Dockerfile b/docker/Dockerfile index 39cef776..3e4b55b3 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.21.4 AS builder +FROM golang:latest AS builder ARG TARGETARCH ARG VERSION diff --git a/example/dep/main.go b/example/dep/main.go index 52efbb23..7c21dacd 100644 --- a/example/dep/main.go +++ b/example/dep/main.go @@ -1,8 +1,8 @@ package main import ( - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" ) func main() { diff --git a/example/file/main.go b/example/file/main.go new file mode 100644 index 00000000..da98357d --- /dev/null +++ b/example/file/main.go @@ -0,0 +1,18 @@ +package main + +import ( + "fmt" + + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" +) + +func main() { + file := model.NewFile("./test_file.txt", "") + lineFunc := func(line string) { fmt.Println(line) } + fmt.Println("read file by line:") + file.ReadLine(lineFunc) + fmt.Println("\nread file by line, no comment c type:") + file.ReadLineNoComment(model.CTypeComment, lineFunc) + fmt.Println("\nread file by line, no comment python type:") + file.ReadLineNoComment(model.PythonTypeComment, lineFunc) +} diff --git a/example/file/test_file.txt b/example/file/test_file.txt new file mode 100644 index 00000000..a21d25e5 --- /dev/null +++ b/example/file/test_file.txt @@ -0,0 +1,12 @@ +c text scope: +text-c1 // comment-c1 +text-c2 /* comment-c2 +comment-c3 */ text-c3 +text-c4-1 /* comment-c4 */ text-c4-2 +text-c5-1 /* comment-c5-1 */ text-c5-2 /* comment-c5-2 */ text-c5-3 +python text scope: +text-py1 # comment-py1 +text-py2 ''' comment-py2 +comment-py3 ''' text-py3 +text-py4-1 ''' comment-py4 ''' text-py4-2 +text-py5-1 ''' comment-py5-1 ''' text-py5-2 ''' comment-py5-2 ''' text-py5-3 \ No newline at end of file diff --git a/example/go.mod b/example/go.mod new file mode 100644 index 00000000..93b70d45 --- /dev/null +++ b/example/go.mod @@ -0,0 +1,54 @@ +module opensca-example + +go 1.20 + +require github.com/xmirrorsecurity/opensca-cli/v3 v3.0.1 + +// debug +replace github.com/xmirrorsecurity/opensca-cli/v3 => ../ + +require ( + github.com/BurntSushi/toml v1.3.2 // indirect + github.com/CycloneDX/cyclonedx-go v0.7.2 // indirect + github.com/Masterminds/semver/v3 v3.2.1 // indirect + github.com/axgle/mahonia v0.0.0-20180208002826-3358181d7394 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/dustin/go-humanize v1.0.1 // indirect + github.com/fxamacker/cbor/v2 v2.5.0 // indirect + github.com/gdamore/encoding v1.0.0 // indirect + github.com/gdamore/tcell/v2 v2.6.0 // indirect + github.com/glebarez/go-sqlite v1.21.2 // indirect + github.com/go-sql-driver/mysql v1.7.1 // indirect + github.com/google/uuid v1.4.0 // indirect + github.com/hashicorp/errwrap v1.1.0 // indirect + github.com/hashicorp/go-multierror v1.1.1 // indirect + github.com/jinzhu/inflection v1.0.0 // indirect + github.com/jinzhu/now v1.1.5 // indirect + github.com/jlaffaye/ftp v0.2.0 // indirect + github.com/lucasb-eyer/go-colorful v1.2.0 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect + github.com/mattn/go-runewidth v0.0.15 // indirect + github.com/mattn/go-sqlite3 v1.14.18 // indirect + github.com/nwaples/rardecode v1.1.3 // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect + github.com/rivo/tview v0.0.0-20231126152417-33a1d271f2b6 // indirect + github.com/rivo/uniseg v0.4.4 // indirect + github.com/satori/go.uuid v1.2.0 // indirect + github.com/stretchr/testify v1.8.4 // indirect + github.com/titanous/json5 v1.0.0 // indirect + github.com/veraison/swid v1.1.0 // indirect + github.com/x448/float16 v0.8.4 // indirect + golang.org/x/sys v0.14.0 // indirect + golang.org/x/term v0.14.0 // indirect + golang.org/x/text v0.14.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + gorm.io/driver/mysql v1.5.2 // indirect + gorm.io/driver/sqlite v1.5.4 // indirect + gorm.io/gorm v1.25.5 // indirect + modernc.org/libc v1.34.11 // indirect + modernc.org/mathutil v1.6.0 // indirect + modernc.org/memory v1.7.2 // indirect + modernc.org/sqlite v1.27.0 // indirect +) diff --git a/example/go.sum b/example/go.sum new file mode 100644 index 00000000..3506696c --- /dev/null +++ b/example/go.sum @@ -0,0 +1,138 @@ +github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= +github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/CycloneDX/cyclonedx-go v0.7.2 h1:kKQ0t1dPOlugSIYVOMiMtFqeXI2wp/f5DBIdfux8gnQ= +github.com/CycloneDX/cyclonedx-go v0.7.2/go.mod h1:K2bA+324+Og0X84fA8HhN2X066K7Bxz4rpMQ4ZhjtSk= +github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= +github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= +github.com/axgle/mahonia v0.0.0-20180208002826-3358181d7394 h1:OYA+5W64v3OgClL+IrOD63t4i/RW7RqrAVl9LTZ9UqQ= +github.com/axgle/mahonia v0.0.0-20180208002826-3358181d7394/go.mod h1:Q8n74mJTIgjX4RBBcHnJ05h//6/k6foqmgE45jTQtxg= +github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= +github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= +github.com/fxamacker/cbor/v2 v2.3.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo= +github.com/fxamacker/cbor/v2 v2.5.0 h1:oHsG0V/Q6E/wqTS2O1Cozzsy69nqCiguo5Q1a1ADivE= +github.com/fxamacker/cbor/v2 v2.5.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo= +github.com/gdamore/encoding v1.0.0 h1:+7OoQ1Bc6eTm5niUzBa0Ctsh6JbMW6Ra+YNuAtDBdko= +github.com/gdamore/encoding v1.0.0/go.mod h1:alR0ol34c49FCSBLjhosxzcPHQbf2trDkoo5dl+VrEg= +github.com/gdamore/tcell/v2 v2.6.0 h1:OKbluoP9VYmJwZwq/iLb4BxwKcwGthaa1YNBJIyCySg= +github.com/gdamore/tcell/v2 v2.6.0/go.mod h1:be9omFATkdr0D9qewWW3d+MEvl5dha+Etb5y65J2H8Y= +github.com/glebarez/go-sqlite v1.21.2 h1:3a6LFC4sKahUunAmynQKLZceZCOzUthkRkEAl9gAXWo= +github.com/glebarez/go-sqlite v1.21.2/go.mod h1:sfxdZyhQjTM2Wry3gVYWaW072Ri1WMdWJi0k6+3382k= +github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= +github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI= +github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= +github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26 h1:Xim43kblpZXfIBQsbuBVKCudVG457BR2GZFIz3uw3hQ= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4= +github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= +github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= +github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= +github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E= +github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc= +github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ= +github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8= +github.com/jlaffaye/ftp v0.2.0 h1:lXNvW7cBu7R/68bknOX3MrRIIqZ61zELs1P2RAiA3lg= +github.com/jlaffaye/ftp v0.2.0/go.mod h1:is2Ds5qkhceAPy2xD6RLI6hmp/qysSoymZ+Z2uTnspI= +github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= +github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= +github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= +github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= +github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= +github.com/mattn/go-sqlite3 v1.14.18 h1:JL0eqdCOq6DJVNPSvArO/bIV9/P7fbGrV00LZHc+5aI= +github.com/mattn/go-sqlite3 v1.14.18/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= +github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9lEc= +github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE= +github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= +github.com/rivo/tview v0.0.0-20231126152417-33a1d271f2b6 h1:7UMY2qN9VlcY+x9jlhpYe5Bf1zrdhvmfZyLMk2u65BM= +github.com/rivo/tview v0.0.0-20231126152417-33a1d271f2b6/go.mod h1:nVwGv4MP47T0jvlk7KuTTjjuSmrGO4JF0iaiNt4bufE= +github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= +github.com/rivo/uniseg v0.4.3/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= +github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= +github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= +github.com/robertkrimen/otto v0.2.1 h1:FVP0PJ0AHIjC+N4pKCG9yCDz6LHNPCwi/GKID5pGGF0= +github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww= +github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/terminalstatic/go-xsd-validate v0.1.5 h1:RqpJnf6HGE2CB/lZB1A8BYguk8uRtcvYAPLCF15qguo= +github.com/titanous/json5 v1.0.0 h1:hJf8Su1d9NuI/ffpxgxQfxh/UiBFZX7bMPid0rIL/7s= +github.com/titanous/json5 v1.0.0/go.mod h1:7JH1M8/LHKc6cyP5o5g3CSaRj+mBrIimTxzpvmckH8c= +github.com/veraison/swid v1.1.0 h1:jEf/jobG6j7r9W9HSj2jDi1IGGs7aMKyDgfGEMxQ6is= +github.com/veraison/swid v1.1.0/go.mod h1:d5jt76uMNbTfQ+f2qU4Lt8RvWOTsv6PFgstIM1QdMH0= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= +github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c= +github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= +github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= +github.com/xmirrorsecurity/opensca-cli/v3 v3.0.1 h1:qSnFsfU9PAUlKw2K53Uvrds9jpRUcdQPXXWe4xYsZgk= +github.com/xmirrorsecurity/opensca-cli/v3 v3.0.1/go.mod h1:mUrkkyyky2aMebtrXNoHmxtAA0ckQhK+uw5Q0p+wdEM= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= +golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8= +golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/sourcemap.v1 v1.0.5 h1:inv58fC9f9J3TK2Y2R1NPntXEn3/wjWHkonhIUODNTI= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gorm.io/driver/mysql v1.5.2 h1:QC2HRskSE75wBuOxe0+iCkyJZ+RqpudsQtqkp+IMuXs= +gorm.io/driver/mysql v1.5.2/go.mod h1:pQLhh1Ut/WUAySdTHwBpBv6+JKcj+ua4ZFx1QQTBzb8= +gorm.io/driver/sqlite v1.5.4 h1:IqXwXi8M/ZlPzH/947tn5uik3aYQslP9BVveoax0nV0= +gorm.io/driver/sqlite v1.5.4/go.mod h1:qxAuCol+2r6PannQDpOP1FP6ag3mKi4esLnB/jHed+4= +gorm.io/gorm v1.25.2-0.20230530020048-26663ab9bf55/go.mod h1:L4uxeKpfBml98NYqVqwAdmV1a2nBtAec/cf3fpucW/k= +gorm.io/gorm v1.25.5 h1:zR9lOiiYf09VNh5Q1gphfyia1JpiClIWG9hQaxB/mls= +gorm.io/gorm v1.25.5/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8= +modernc.org/libc v1.34.11 h1:hQDcIUlSG4QAOkXCIQKkaAOV5ptXvkOx4ddbXzgW2JU= +modernc.org/libc v1.34.11/go.mod h1:YAXkAZ8ktnkCKaN9sw/UDeUVkGYJ/YquGO4FTi5nmHE= +modernc.org/mathutil v1.6.0 h1:fRe9+AmYlaej+64JsEEhoWuAYBkOtQiMEU7n/XgfYi4= +modernc.org/mathutil v1.6.0/go.mod h1:Ui5Q9q1TR2gFm0AQRqQUaBWFLAhQpCwNcuhBOSedWPo= +modernc.org/memory v1.7.2 h1:Klh90S215mmH8c9gO98QxQFsY+W451E8AnzjoE2ee1E= +modernc.org/memory v1.7.2/go.mod h1:NO4NVCQy0N7ln+T9ngWqOQfi7ley4vpwvARR+Hjw95E= +modernc.org/sqlite v1.27.0 h1:MpKAHoyYB7xqcwnUwkuD+npwEa0fojF0B5QRbN+auJ8= +modernc.org/sqlite v1.27.0/go.mod h1:Qxpazz0zH8Z1xCFyi5GSL3FzbtZ3fvbjmywNogldEW0= diff --git a/example/java/main.go b/example/java/main.go index 7a03549c..42e6d06f 100644 --- a/example/java/main.go +++ b/example/java/main.go @@ -7,10 +7,10 @@ import ( "path/filepath" "strings" - "github.com/xmirrorsecurity/opensca-cli/opensca/common" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/java" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/common" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/java" ) func init() { diff --git a/example/javascript/main.go b/example/javascript/main.go index 7d3b287f..44052dcb 100644 --- a/example/javascript/main.go +++ b/example/javascript/main.go @@ -7,10 +7,10 @@ import ( "path/filepath" "strings" - "github.com/xmirrorsecurity/opensca-cli/opensca/common" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/javascript" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/common" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/javascript" ) func init() { diff --git a/example/logs/main.go b/example/logs/main.go index 07d35f8d..03dab9d3 100644 --- a/example/logs/main.go +++ b/example/logs/main.go @@ -5,7 +5,7 @@ import ( "fmt" "log" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" ) func main() { diff --git a/example/main.go b/example/main.go new file mode 100644 index 00000000..b3e28378 --- /dev/null +++ b/example/main.go @@ -0,0 +1,3 @@ +package main + +import _ "github.com/xmirrorsecurity/opensca-cli/v3" diff --git a/example/php/main.go b/example/php/main.go index d1a449a4..5ee958a3 100644 --- a/example/php/main.go +++ b/example/php/main.go @@ -8,10 +8,10 @@ import ( "path/filepath" "strings" - "github.com/xmirrorsecurity/opensca-cli/opensca/common" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/php" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/common" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/php" ) func init() { diff --git a/go.mod b/go.mod index 60c00a7c..8e54870b 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/xmirrorsecurity/opensca-cli +module github.com/xmirrorsecurity/opensca-cli/v3 go 1.20 @@ -9,10 +9,10 @@ require ( github.com/axgle/mahonia v0.0.0-20180208002826-3358181d7394 github.com/gdamore/tcell/v2 v2.6.0 github.com/glebarez/go-sqlite v1.21.2 + github.com/google/uuid v1.5.0 github.com/nwaples/rardecode v1.1.3 github.com/pkg/errors v0.9.1 github.com/rivo/tview v0.0.0-20231126152417-33a1d271f2b6 - github.com/satori/go.uuid v1.2.0 github.com/titanous/json5 v1.0.0 github.com/veraison/swid v1.1.0 golang.org/x/term v0.14.0 @@ -36,7 +36,6 @@ require ( github.com/dustin/go-humanize v1.0.1 // indirect github.com/fxamacker/cbor/v2 v2.5.0 // indirect github.com/go-sql-driver/mysql v1.7.1 // indirect - github.com/google/uuid v1.4.0 // indirect github.com/jinzhu/inflection v1.0.0 // indirect github.com/jinzhu/now v1.1.5 // indirect github.com/jlaffaye/ftp v0.2.0 diff --git a/go.sum b/go.sum index a38f850a..e7d35d68 100644 --- a/go.sum +++ b/go.sum @@ -26,8 +26,8 @@ github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrt github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26 h1:Xim43kblpZXfIBQsbuBVKCudVG457BR2GZFIz3uw3hQ= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4= -github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU= +github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -64,8 +64,6 @@ github.com/rivo/uniseg v0.4.3/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUc github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/robertkrimen/otto v0.2.1 h1:FVP0PJ0AHIjC+N4pKCG9yCDz6LHNPCwi/GKID5pGGF0= -github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww= -github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= diff --git a/main.go b/main.go index 155b2240..4c340bd6 100644 --- a/main.go +++ b/main.go @@ -5,21 +5,22 @@ import ( "flag" "fmt" "os" + "strings" "time" _ "embed" - "github.com/xmirrorsecurity/opensca-cli/cmd/config" - "github.com/xmirrorsecurity/opensca-cli/cmd/detail" - "github.com/xmirrorsecurity/opensca-cli/cmd/format" - "github.com/xmirrorsecurity/opensca-cli/cmd/ui" - "github.com/xmirrorsecurity/opensca-cli/opensca" - "github.com/xmirrorsecurity/opensca-cli/opensca/common" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/java" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/javascript" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/php" + "github.com/xmirrorsecurity/opensca-cli/v3/cmd/config" + "github.com/xmirrorsecurity/opensca-cli/v3/cmd/detail" + "github.com/xmirrorsecurity/opensca-cli/v3/cmd/format" + "github.com/xmirrorsecurity/opensca-cli/v3/cmd/ui" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/common" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/java" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/javascript" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/php" ) var version string @@ -54,7 +55,9 @@ func main() { logs.Error(result.Error) } for _, dep := range result.Deps { - logs.Debugf("dependency tree:\n%s", dep.Tree(false, false)) + if dep.Name != "" || len(dep.Children) > 0 { + logs.Debugf("dependency tree:\n%s", dep.Tree(false, false)) + } } // 生成报告 @@ -91,7 +94,8 @@ func args() { v := false login := false - var cfgf string + cfgf := "" + proj := "x" cfg := config.Conf() flag.BoolVar(&v, "version", false, "-version") flag.BoolVar(&login, "login", false, "login to cloud server. example: -login") @@ -100,6 +104,7 @@ func args() { flag.StringVar(&cfg.Output, "out", cfg.Output, "report path, support html/json/xml/csv/sqlite/cdx/spdx/swid/dsdx. example: -out out.json,out.html") flag.StringVar(&cfg.LogFile, "log", cfg.LogFile, "-log ./my_opensca_log.txt") flag.StringVar(&cfg.Origin.Token, "token", "", "web token, example: -token xxxx") + flag.StringVar(&proj, "proj", proj, "saas project id, example: -proj xxxx") flag.Parse() if v { @@ -107,16 +112,27 @@ func args() { os.Exit(0) } - if login { - detail.Login() - os.Exit(0) - } - - config.LoadConfig(cfgf) + cfgf = config.LoadConfig(cfgf) flag.Parse() + cfg.Origin.Url = strings.TrimRight(cfg.Origin.Url, "/") + if proj != "x" { + cfg.Origin.Proj = &proj + } + logs.CreateLog(config.Conf().LogFile) + if login { + if err := detail.Login(); err != nil { + fmt.Printf("login failure: %s\n", err) + } else { + fmt.Println("login success") + } + } + + logs.Infof("opensca-cli version: %s", version) + logs.Infof("use config: %s", cfgf) + java.RegisterMavenRepo(config.Conf().Repo.Maven...) javascript.RegisterNpmRepo(config.Conf().Repo.Npm...) php.RegisterComposerRepo(config.Conf().Repo.Composer...) @@ -209,6 +225,9 @@ func taskReport(r opensca.TaskResult) format.Report { } return true }) + for _, d := range deps { + d.Children = nil + } report.DepDetailGraph = &detail.DepDetailGraph{Children: deps} } diff --git a/opensca/common/repo.go b/opensca/common/repo.go index 904ff807..e7ecefd4 100644 --- a/opensca/common/repo.go +++ b/opensca/common/repo.go @@ -6,7 +6,7 @@ import ( "net/http" "strings" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" ) type RepoConfig struct { diff --git a/opensca/common/temp.go b/opensca/common/temp.go index f4a5fbf0..fd15e8fe 100644 --- a/opensca/common/temp.go +++ b/opensca/common/temp.go @@ -4,7 +4,7 @@ import ( "os" "path/filepath" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" ) var tempdir = ".temp" @@ -12,7 +12,7 @@ var tempdir = ".temp" func init() { excpath, _ := os.Executable() tempdir = filepath.Join(filepath.Dir(excpath), tempdir) - os.RemoveAll(tempdir) + // os.RemoveAll(tempdir) os.MkdirAll(tempdir, 0755) } diff --git a/opensca/logs/log.go b/opensca/logs/log.go index 45f55edd..16520579 100644 --- a/opensca/logs/log.go +++ b/opensca/logs/log.go @@ -64,6 +64,7 @@ func CreateLog(logPath string) { return } + os.MkdirAll(filepath.Dir(logPath), 0777) if f, err := os.Create(logPath); err != nil { Warnf("create log %s err: %s, create default log", logPath, err) createDefaultLog() diff --git a/opensca/model/file.go b/opensca/model/file.go index ae2a787b..af3089a8 100644 --- a/opensca/model/file.go +++ b/opensca/model/file.go @@ -7,11 +7,15 @@ import ( "strings" ) +// File 文件相关信息 type File struct { abspath string relpath string } +// NewFile 创建文件对象 +// abs: 文件绝对路径 +// rel: 文件相对路径(相对于项目根目录) func NewFile(abs, rel string) *File { return &File{ abspath: abs, @@ -19,6 +23,7 @@ func NewFile(abs, rel string) *File { } } +// Abspath 文件绝对路径 func (file *File) Abspath() string { if file != nil { return file.abspath @@ -26,6 +31,7 @@ func (file *File) Abspath() string { return "" } +// Relpath 文件相对路径 func (file *File) Relpath() string { if file != nil { return file.relpath @@ -33,6 +39,11 @@ func (file *File) Relpath() string { return "" } +func (file *File) String() string { + return file.Relpath() +} + +// OpenReader 打开文件reader func (file *File) OpenReader(do func(reader io.Reader)) error { if file == nil || file.abspath == "" { return nil @@ -46,30 +57,38 @@ func (file *File) OpenReader(do func(reader io.Reader)) error { return nil } +// ReadLine 按行读取文件内容 去除行尾换行符 func (file File) ReadLine(do func(line string)) { file.OpenReader(func(reader io.Reader) { ReadLine(reader, do) }) } +// ReadLineNoComment 按行读取文件内容 忽略注释 func (file File) ReadLineNoComment(t *CommentType, do func(line string)) { file.OpenReader(func(reader io.Reader) { ReadLineNoComment(reader, t, do) }) } +// 注释类型 type CommentType struct { + // 单行注释标记 Simple string - Begin string - End string + // 多行注释起始标记 + Begin string + // 多行注释终止标记 + End string } var ( + // C语言注释类型 CTypeComment = &CommentType{ Simple: "//", Begin: "/*", End: "*/", } + // Python语言注释类型 PythonTypeComment = &CommentType{ Simple: "#", Begin: "'''", @@ -77,19 +96,31 @@ var ( } ) +// ReadLine 按行读取内容 去除行尾换行符 func ReadLine(reader io.Reader, do func(line string)) { + + if do == nil { + return + } + scanner := bufio.NewScanner(reader) for scanner.Scan() { do(strings.TrimRight(scanner.Text(), "\n\r")) } } +// ReadLineNoComment 按行读取内容 忽略注释 func ReadLineNoComment(reader io.Reader, t *CommentType, do func(line string)) { + if do == nil { + return + } + if t == nil { t = CTypeComment } + // 标记当前是非位于多行注释段 comment := false ReadLine(reader, func(line string) { @@ -100,24 +131,25 @@ func ReadLineNoComment(reader io.Reader, t *CommentType, do func(line string)) { if i != -1 { line = line[:i] } - if strings.TrimSpace(line) == "" { - return - } } // 多行注释 if t.Begin != "" && t.End != "" { - i := strings.Index(line, t.Begin) - if i != -1 { - comment = true - do(line[:i]) - return - } - i = strings.Index(line, t.End) - if comment && i != -1 { - comment = false - do(line[i+len(t.End):]) - return + for { + // 当前非注释段且存在注释起始标记 + if start_i := strings.Index(line, t.Begin); !comment && start_i != -1 { + comment = true + do(line[:start_i]) + line = line[start_i+len(t.Begin):] + continue + } + // 当前为注释段且存在注释终止标记 + if end_i := strings.Index(line, t.End); comment && end_i != -1 { + comment = false + line = line[end_i+len(t.End):] + continue + } + break } if comment { return @@ -129,4 +161,7 @@ func ReadLineNoComment(reader io.Reader, t *CommentType, do func(line string)) { } +// ResCallback 检测结果回调函数 +// file: 检出组件的文件信息 +// root: 组件依赖图根节点列表 type ResCallback func(file *File, root ...*DepGraph) diff --git a/opensca/run.go b/opensca/run.go index f681b11c..547c640d 100644 --- a/opensca/run.go +++ b/opensca/run.go @@ -3,12 +3,14 @@ package opensca import ( "context" "path/filepath" + "reflect" "time" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/filter" - "github.com/xmirrorsecurity/opensca-cli/opensca/walk" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/filter" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/walk" ) // 任务检测参数 @@ -95,11 +97,29 @@ func RunTask(ctx context.Context, arg *TaskArg) (result TaskResult) { }, func(parent *model.File, files []*model.File) { for _, sca := range arg.Sca { - sca.Sca(ctx, parent, files, func(file *model.File, root ...*model.DepGraph) { + + fs := []*model.File{} + for _, f := range files { + if sca.Filter(f.Relpath()) { + fs = append(fs, f) + } + } + + if len(fs) == 0 { + continue + } + + scaType := reflect.TypeOf(sca).String() + logs.Debugf("start sca:%s file:%s files:%v", scaType, parent, fs) + + sca.Sca(ctx, parent, fs, func(file *model.File, root ...*model.DepGraph) { for _, dep := range root { if dep == nil { continue } + count := 0 + dep.ForEachNode(func(p, n *model.DepGraph) bool { count++; return true }) + logs.Infof("file:%s deps:%d language:%s", file.Relpath(), count, sca.Language()) dep.Build(false, sca.Language()) result.Deps = append(result.Deps, dep) if arg.ResCallFunc != nil { @@ -107,6 +127,8 @@ func RunTask(ctx context.Context, arg *TaskArg) (result TaskResult) { } } }) + + logs.Debugf("end sca:%s file:%s", scaType, parent) } }) diff --git a/opensca/sca/cache/cache.go b/opensca/sca/cache/cache.go index 1d6456e8..4ab41001 100644 --- a/opensca/sca/cache/cache.go +++ b/opensca/sca/cache/cache.go @@ -7,8 +7,8 @@ import ( "path/filepath" "sync" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" ) var ( diff --git a/opensca/sca/erlang/sca.go b/opensca/sca/erlang/sca.go index 2097f8ae..a66402d8 100644 --- a/opensca/sca/erlang/sca.go +++ b/opensca/sca/erlang/sca.go @@ -4,8 +4,8 @@ import ( "context" "regexp" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/filter" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/filter" ) type Sca struct{} diff --git a/opensca/sca/golang/gomod.go b/opensca/sca/golang/gomod.go index a270c097..abfb83a6 100644 --- a/opensca/sca/golang/gomod.go +++ b/opensca/sca/golang/gomod.go @@ -9,7 +9,7 @@ import ( "sort" "strings" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" ) // ParseGomod 解析go.mod文件 diff --git a/opensca/sca/golang/gopkg.go b/opensca/sca/golang/gopkg.go index 25ccfd52..3e7daee7 100644 --- a/opensca/sca/golang/gopkg.go +++ b/opensca/sca/golang/gopkg.go @@ -4,7 +4,7 @@ import ( "io" "github.com/BurntSushi/toml" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" ) type GopkgToml struct { diff --git a/opensca/sca/golang/sca.go b/opensca/sca/golang/sca.go index 5864d0a7..7730d32d 100644 --- a/opensca/sca/golang/sca.go +++ b/opensca/sca/golang/sca.go @@ -4,8 +4,8 @@ import ( "context" "path/filepath" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/filter" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/filter" ) type Sca struct{} @@ -25,54 +25,57 @@ func (sca Sca) Sca(ctx context.Context, parent *model.File, files []*model.File, gosum := map[string]*model.File{} pkglock := map[string]*model.File{} pkgtoml := map[string]*model.File{} - path2dir := func(s string) string { return filepath.Dir(s) } // 记录相关文件 for _, f := range files { + dir := filepath.Dir(f.Relpath()) if filter.GoPkgToml(f.Relpath()) { - pkgtoml[path2dir(f.Relpath())] = f + pkgtoml[dir] = f } if filter.GoPkgLock(f.Relpath()) { - pkglock[path2dir(f.Relpath())] = f + pkglock[dir] = f } if filter.GoMod(f.Relpath()) { - gomod[path2dir(f.Relpath())] = f + gomod[dir] = f } if filter.GoSum(f.Relpath()) { - gosum[path2dir(f.Relpath())] = f + gosum[dir] = f } } // 尝试调用 go mod graph - if len(gomod) > 0 { - for k, f := range gomod { - root := GoModGraph(ctx, f) - if root != nil && len(root.Children) > 0 { - call(f, root) - delete(gomod, k) - } + for dir, f := range gomod { + graph := GoModGraph(ctx, f) + if graph != nil && len(graph.Children) > 0 { + call(f, graph) + delete(gomod, dir) + delete(gosum, dir) } } + // 静态解析go.sum + for dir, f := range gosum { + sum := ParseGosum(f) + call(f, sum) + delete(gomod, dir) + } + + // 静态解析go.mod for _, f := range gomod { mod := ParseGomod(f) - if sumf, ok := gosum[path2dir(f.Relpath())]; ok { - sum := ParseGosum(sumf) - if len(sum.Children) >= len(mod.Children) { - mod = sum - } - } call(f, mod) } + // 静态解析gopkg.lock + for dir, f := range pkglock { + lock := ParseGopkgLock(f) + call(f, lock) + delete(pkgtoml, dir) + } + + // 静态解析gopkg.toml for _, f := range pkgtoml { pkg := ParseGopkgToml(f) - if lockf, ok := pkglock[path2dir(f.Relpath())]; ok { - lock := ParseGopkgLock(lockf) - if len(lock.Children) >= len(pkg.Children) { - pkg = lock - } - } call(f, pkg) } diff --git a/opensca/sca/groovy/gradle.go b/opensca/sca/groovy/gradle.go index c5caca00..b9f0c5b7 100644 --- a/opensca/sca/groovy/gradle.go +++ b/opensca/sca/groovy/gradle.go @@ -10,13 +10,14 @@ import ( "regexp" "strings" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/filter" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/filter" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/java" ) // ParseGradle 解析gradle脚本 -func ParseGradle(files []*model.File) []*model.DepGraph { +func ParseGradle(ctx context.Context, files []*model.File) []*model.DepGraph { v := Variable{} gradle := []*model.File{} @@ -77,6 +78,17 @@ func ParseGradle(files []*model.File) []*model.DepGraph { roots = append(roots, root) } + // 借助java模块解析间接依赖 + for i, root := range roots { + virPom := &java.Pom{File: model.NewFile(root.Path, root.Path)} + for _, dep := range root.Children { + virPom.Dependencies = append(virPom.Dependencies, &java.PomDependency{GroupId: dep.Vendor, ArtifactId: dep.Name, Version: dep.Version}) + } + java.ParsePoms(ctx, []*java.Pom{virPom}, nil, func(pom *java.Pom, pomResult *model.DepGraph) { + roots[i] = pomResult + }) + } + return roots } diff --git a/opensca/sca/groovy/groovy.go b/opensca/sca/groovy/groovy.go index 9cd7d479..14426c09 100644 --- a/opensca/sca/groovy/groovy.go +++ b/opensca/sca/groovy/groovy.go @@ -4,7 +4,7 @@ import ( "regexp" "strings" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" ) // ParseGroovy 解析groovy文件 diff --git a/opensca/sca/groovy/sca.go b/opensca/sca/groovy/sca.go index 336ef6c3..5955bba5 100644 --- a/opensca/sca/groovy/sca.go +++ b/opensca/sca/groovy/sca.go @@ -3,8 +3,8 @@ package groovy import ( "context" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/filter" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/filter" ) type Sca struct{} @@ -21,7 +21,7 @@ func (sca Sca) Sca(ctx context.Context, parent *model.File, files []*model.File, roots := GradleTree(ctx, parent) if len(roots) == 0 { - roots = ParseGradle(files) + roots = ParseGradle(ctx, files) } if len(roots) > 0 { call(parent, roots...) diff --git a/opensca/sca/groovy/variable.go b/opensca/sca/groovy/variable.go index 672c6172..5aa973e2 100644 --- a/opensca/sca/groovy/variable.go +++ b/opensca/sca/groovy/variable.go @@ -6,14 +6,14 @@ import ( "regexp" "strings" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" ) // groovy 变量表 type Variable map[string]string var ( - refReg = regexp.MustCompile(`((\w+)\[['"](\w+)['"]\])|(\$\{[^{}]*\})`) + refReg = regexp.MustCompile(`((\w+)\[['"](\w+)['"]\])|(\$\{?[^{}"']*\}?)`) ) // Replace 使用当前变量表中的变量替换文本中的变量值 @@ -25,11 +25,14 @@ func (v Variable) Replace(text string) string { for exist := map[string]bool{}; !exist[text]; { exist[text] = true + check := func(k, v string) bool { + return len(v) > 0 && !strings.Contains(v, k) + } text = refReg.ReplaceAllStringFunc(text, func(s string) string { if strings.HasPrefix(s, "$") { - k := s[2 : len(s)-1] + k := strings.Trim(s[1:], "{}") if value, ok := v[k]; ok { - if len(value) > 0 { + if check(s, value) { s = value } } @@ -37,7 +40,7 @@ func (v Variable) Replace(text string) string { l := strings.Index(s, "[") if l > 0 { if value, ok := v[fmt.Sprintf("%s.%s", s[:l], s[l+2:len(s)-2])]; ok { - if len(value) > 0 { + if check(s, value) { s = value } } diff --git a/opensca/sca/java/mvn.go b/opensca/sca/java/mvn.go index aae1e548..143f3bbb 100644 --- a/opensca/sca/java/mvn.go +++ b/opensca/sca/java/mvn.go @@ -13,10 +13,10 @@ import ( "strings" "sync" - "github.com/xmirrorsecurity/opensca-cli/opensca/common" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/cache" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/common" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/cache" ) // ParsePoms 解析一个项目中的pom文件 diff --git a/opensca/sca/java/pom.go b/opensca/sca/java/pom.go index 980d98ae..b11d804f 100644 --- a/opensca/sca/java/pom.go +++ b/opensca/sca/java/pom.go @@ -6,9 +6,9 @@ import ( "regexp" "strings" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/java/xml" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/java/xml" ) type Pom struct { diff --git a/opensca/sca/java/sca.go b/opensca/sca/java/sca.go index 38f1a679..2c3db09e 100644 --- a/opensca/sca/java/sca.go +++ b/opensca/sca/java/sca.go @@ -5,9 +5,9 @@ import ( "io" "strings" - "github.com/xmirrorsecurity/opensca-cli/opensca/common" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/filter" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/common" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/filter" ) type Sca struct { diff --git a/opensca/sca/javascript/npm.go b/opensca/sca/javascript/npm.go index 84282ac1..66043169 100644 --- a/opensca/sca/javascript/npm.go +++ b/opensca/sca/javascript/npm.go @@ -9,10 +9,10 @@ import ( "strings" "github.com/Masterminds/semver/v3" - "github.com/xmirrorsecurity/opensca-cli/opensca/common" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/cache" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/common" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/cache" ) type PackageJson struct { diff --git a/opensca/sca/javascript/sca.go b/opensca/sca/javascript/sca.go index edae9d02..d3fd8c8c 100644 --- a/opensca/sca/javascript/sca.go +++ b/opensca/sca/javascript/sca.go @@ -6,9 +6,9 @@ import ( "path/filepath" "strings" - "github.com/xmirrorsecurity/opensca-cli/opensca/common" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/filter" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/common" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/filter" ) type Sca struct{} diff --git a/opensca/sca/javascript/yarn.go b/opensca/sca/javascript/yarn.go index 2d781729..f8bbbafa 100644 --- a/opensca/sca/javascript/yarn.go +++ b/opensca/sca/javascript/yarn.go @@ -3,8 +3,8 @@ package javascript import ( "strings" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" ) type YarnLock struct { @@ -54,7 +54,6 @@ func ParseYarnLock(file *model.File) map[string]*YarnLock { line = strings.TrimSpace(line) i := strings.Index(line, " ") if i == -1 { - logs.Warnf("parse file %s line: %s fail", file.Relpath(), line) return } name := strings.Trim(line[:i], `"`) diff --git a/opensca/sca/php/composer.go b/opensca/sca/php/composer.go index 39fcd065..e4163c68 100644 --- a/opensca/sca/php/composer.go +++ b/opensca/sca/php/composer.go @@ -9,10 +9,10 @@ import ( "strings" "github.com/Masterminds/semver/v3" - "github.com/xmirrorsecurity/opensca-cli/opensca/common" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/cache" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/common" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/cache" ) type ComposerJson struct { diff --git a/opensca/sca/php/sca.go b/opensca/sca/php/sca.go index 972de9b5..1382ae32 100644 --- a/opensca/sca/php/sca.go +++ b/opensca/sca/php/sca.go @@ -7,9 +7,9 @@ import ( "path" "strings" - "github.com/xmirrorsecurity/opensca-cli/opensca/common" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/filter" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/common" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/filter" ) type Sca struct{} diff --git a/opensca/sca/python/env.go b/opensca/sca/python/env.go index 953b5675..f84574f8 100644 --- a/opensca/sca/python/env.go +++ b/opensca/sca/python/env.go @@ -10,10 +10,10 @@ import ( "path/filepath" "strings" - "github.com/xmirrorsecurity/opensca-cli/opensca/common" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/filter" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/common" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/filter" ) // ParsePythonWithEnv 借助pipenv解析python依赖 diff --git a/opensca/sca/python/pip.go b/opensca/sca/python/pip.go index 1951fe8c..e0c52e5c 100644 --- a/opensca/sca/python/pip.go +++ b/opensca/sca/python/pip.go @@ -5,8 +5,8 @@ import ( "io" "strings" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" ) func ParsePipfile(file *model.File) *model.DepGraph { diff --git a/opensca/sca/python/sca.go b/opensca/sca/python/sca.go index 53d5da70..a1d59ee3 100644 --- a/opensca/sca/python/sca.go +++ b/opensca/sca/python/sca.go @@ -5,8 +5,8 @@ import ( "path" "strings" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/filter" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/filter" ) type Sca struct{} diff --git a/opensca/sca/python/setup.go b/opensca/sca/python/setup.go index 29d1209a..5745e85b 100644 --- a/opensca/sca/python/setup.go +++ b/opensca/sca/python/setup.go @@ -10,8 +10,8 @@ import ( "regexp" "strings" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" ) // ParseSetup 解析setup.py diff --git a/opensca/sca/ruby/gem.go b/opensca/sca/ruby/gem.go index b6a1edd4..ffc177d7 100644 --- a/opensca/sca/ruby/gem.go +++ b/opensca/sca/ruby/gem.go @@ -3,7 +3,7 @@ package ruby import ( "strings" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" ) // ParseGemfileLock 解析Gemfile.lock文件 diff --git a/opensca/sca/ruby/sca.go b/opensca/sca/ruby/sca.go index 89550efe..940c5834 100644 --- a/opensca/sca/ruby/sca.go +++ b/opensca/sca/ruby/sca.go @@ -3,8 +3,8 @@ package ruby import ( "context" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/filter" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/filter" ) type Sca struct{} diff --git a/opensca/sca/rust/cargo.go b/opensca/sca/rust/cargo.go index 9aa47327..45ddbbdb 100644 --- a/opensca/sca/rust/cargo.go +++ b/opensca/sca/rust/cargo.go @@ -4,8 +4,8 @@ import ( "io" "strings" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" "github.com/BurntSushi/toml" ) diff --git a/opensca/sca/rust/sca.go b/opensca/sca/rust/sca.go index b96704dd..5e5eea65 100644 --- a/opensca/sca/rust/sca.go +++ b/opensca/sca/rust/sca.go @@ -3,8 +3,8 @@ package rust import ( "context" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/filter" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/filter" ) type Sca struct{} diff --git a/opensca/sca/sbom/cdx.go b/opensca/sca/sbom/cdx.go index 9dd56e71..6936c75d 100644 --- a/opensca/sca/sbom/cdx.go +++ b/opensca/sca/sbom/cdx.go @@ -6,7 +6,7 @@ import ( "io" "github.com/CycloneDX/cyclonedx-go" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" ) func ParseCdxJson(f *model.File) *model.DepGraph { diff --git a/opensca/sca/sbom/dsdx.go b/opensca/sca/sbom/dsdx.go index 31e9826d..24e7dcc8 100644 --- a/opensca/sca/sbom/dsdx.go +++ b/opensca/sca/sbom/dsdx.go @@ -6,7 +6,7 @@ import ( "io" "strings" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" ) func ParseDsdx(f *model.File) *model.DepGraph { diff --git a/opensca/sca/sbom/sca.go b/opensca/sca/sbom/sca.go index d4e333ea..3950d955 100644 --- a/opensca/sca/sbom/sca.go +++ b/opensca/sca/sbom/sca.go @@ -3,8 +3,8 @@ package sbom import ( "context" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/filter" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/filter" ) type Sca struct{} diff --git a/opensca/sca/sbom/spdx.go b/opensca/sca/sbom/spdx.go index 675e67a3..a6c06903 100644 --- a/opensca/sca/sbom/spdx.go +++ b/opensca/sca/sbom/spdx.go @@ -6,7 +6,7 @@ import ( "io" "strings" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" ) func ParseSpdx(f *model.File) *model.DepGraph { diff --git a/opensca/sca/sca.go b/opensca/sca/sca.go index 3b57a474..74b6881d 100644 --- a/opensca/sca/sca.go +++ b/opensca/sca/sca.go @@ -3,17 +3,17 @@ package sca import ( "context" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/erlang" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/golang" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/groovy" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/java" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/javascript" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/php" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/python" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/ruby" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/rust" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/sbom" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/erlang" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/golang" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/groovy" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/java" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/javascript" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/php" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/python" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/ruby" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/rust" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/sbom" ) type Sca interface { diff --git a/opensca/walk/download.go b/opensca/walk/download.go index 7245ff2c..a2c21fa3 100644 --- a/opensca/walk/download.go +++ b/opensca/walk/download.go @@ -11,7 +11,8 @@ import ( "time" "github.com/jlaffaye/ftp" - "github.com/xmirrorsecurity/opensca-cli/opensca/common" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/common" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" ) // isHttp 是否为http/https协议 @@ -35,6 +36,9 @@ func isFile(url string) bool { // output: 文件下载路径 // delete: 是否需要删除文件 func download(origin string) (delete bool, output string, err error) { + defer func() { + output = filepath.FromSlash(output) + }() if isHttp(origin) { delete = true output = filepath.Join(common.MkdirTemp("download"), filepath.Base(origin)) @@ -82,8 +86,9 @@ func downloadFromHttp(url, output string) error { return err } else { defer r.Body.Close() - io.Copy(f, r.Body) - return nil + size, err := io.Copy(f, r.Body) + logs.Infof("download %s size:%d", url, size) + return err } } @@ -111,7 +116,11 @@ func downloadFromHttp(url, output string) error { return err } defer resp.Body.Close() - io.Copy(f, resp.Body) + _, err = io.Copy(f, resp.Body) + if err != nil { + return err + } + logs.Infof("download %s range:%d-%d", url, offset, next) offset = next + 1 } return nil diff --git a/opensca/walk/magic.go b/opensca/walk/magic.go index 0534c41a..7b413bf8 100644 --- a/opensca/walk/magic.go +++ b/opensca/walk/magic.go @@ -6,7 +6,7 @@ import ( "os" "strings" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" ) type Magic []byte diff --git a/opensca/walk/rar.go b/opensca/walk/rar.go index d512bcb6..e305093a 100644 --- a/opensca/walk/rar.go +++ b/opensca/walk/rar.go @@ -6,7 +6,7 @@ import ( "os" "path/filepath" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" "github.com/nwaples/rardecode" ) @@ -38,7 +38,7 @@ func xrar(ctx context.Context, filter ExtractFileFilter, input, output string) b } if err != nil { logs.Warn(err) - continue + break } fp := filepath.Join(output, fh.Name) diff --git a/opensca/walk/tar.go b/opensca/walk/tar.go index e45b48bd..9a65a822 100644 --- a/opensca/walk/tar.go +++ b/opensca/walk/tar.go @@ -10,7 +10,7 @@ import ( "path/filepath" "strings" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" ) func xtar(ctx context.Context, filter ExtractFileFilter, input, output string) bool { @@ -41,7 +41,7 @@ func xtar(ctx context.Context, filter ExtractFileFilter, input, output string) b } if err != nil { logs.Warn(err) - continue + break } fp := filepath.Join(output, fh.Name) diff --git a/opensca/walk/walk.go b/opensca/walk/walk.go index 56094b65..571802d1 100644 --- a/opensca/walk/walk.go +++ b/opensca/walk/walk.go @@ -8,14 +8,10 @@ import ( "strings" "sync" - "github.com/xmirrorsecurity/opensca-cli/opensca/common" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/filter" -) - -var ( - wg = sync.WaitGroup{} + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/common" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/filter" ) type ExtractFileFilter func(relpath string) bool @@ -29,18 +25,21 @@ type WalkFileFunc func(parent *model.File, files []*model.File) // size: 检测文件大小 func Walk(ctx context.Context, name, origin string, filter ExtractFileFilter, do WalkFileFunc) (size int64, err error) { - defer wg.Wait() - - delete, filepath, err := download(origin) + delete, file, err := download(origin) if err != nil { return } + logs.Debugf("walk %s", file) + if delete { - defer os.RemoveAll(filepath) + defer func() { + logs.Debugf("remove %s", filepath.Dir(file)) + os.RemoveAll(filepath.Dir(file)) + }() } - if f, xerr := os.Stat(filepath); xerr == nil { + if f, xerr := os.Stat(file); xerr == nil { if !f.IsDir() { size = f.Size() } @@ -50,12 +49,14 @@ func Walk(ctx context.Context, name, origin string, filter ExtractFileFilter, do return } - parent := model.NewFile(filepath, name) - err = walk(ctx, parent, filter, do) + parent := model.NewFile(file, name) + wg := &sync.WaitGroup{} + err = walk(ctx, wg, parent, filter, do) + wg.Wait() return } -func walk(ctx context.Context, parent *model.File, filterFunc ExtractFileFilter, walkFunc WalkFileFunc) error { +func walk(ctx context.Context, wg *sync.WaitGroup, parent *model.File, filterFunc ExtractFileFilter, walkFunc WalkFileFunc) error { var files []*model.File @@ -96,7 +97,7 @@ func walk(ctx context.Context, parent *model.File, filterFunc ExtractFileFilter, defer wg.Done() defer os.RemoveAll(dir) parent := model.NewFile(dir, rel) - if err := walk(ctx, parent, filterFunc, walkFunc); err != nil { + if err := walk(ctx, wg, parent, filterFunc, walkFunc); err != nil { logs.Warn(err) } }() @@ -109,7 +110,7 @@ func walk(ctx context.Context, parent *model.File, filterFunc ExtractFileFilter, return err } -// decompress 解压到指定位置 +// decompress 解压压缩包 // input: 压缩包绝对路径 // do: 对解压后目录的操作 // do.tmpdir: 临时解压目录绝对路径 需要手动删除目录 diff --git a/opensca/walk/zip.go b/opensca/walk/zip.go index 0a9a024b..3073b1ee 100644 --- a/opensca/walk/zip.go +++ b/opensca/walk/zip.go @@ -9,8 +9,8 @@ import ( "path/filepath" "strings" - "github.com/xmirrorsecurity/opensca-cli/opensca/common" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/common" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" "github.com/axgle/mahonia" ) diff --git a/scripts/install.sh b/scripts/install.sh index f812fb88..92e7862b 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -6,6 +6,17 @@ UPDATE=0 get_system_info() { SYSARCH="$(uname -m)" SYSTYPE="$(uname -s)" + case "$SYSARCH" in + x86_64) + SYSARCH="amd64" + ;; + aarch64) + SYSARCH="arm64" + ;; + i386) + SYSARCH="386" + ;; + esac case "$SYSTYPE" in Linux) SYSTYPE="linux" @@ -79,7 +90,6 @@ main() { "gitee") latest_version=$(curl --silent "https://gitee.com/api/v5/repos/XmirrorSecurity/OpenSCA-cli/releases/latest" | sed -n 's/.*"tag_name":"\([^"]*\)".*/\1/p') download_url="https://gitee.com/XmirrorSecurity/OpenSCA-cli/releases/download/$latest_version/opensca-cli-$latest_version-$SYSTYPE-$SYSARCH.tar.gz" - md5=$(curl --silent "https://gitee.com/XmirrorSecurity/OpenSCA-cli/releases/download/$latest_version/opensca-cli-$latest_version-$SYSTYPE-$SYSARCH.tar.gz.md5") ;; "github") latest_version=$(curl --silent "https://api.github.com/repos/XmirrorSecurity/OpenSCA-cli/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/') diff --git a/test/java/java_test.go b/test/java/java_test.go index 2c3c0ed7..374686f4 100644 --- a/test/java/java_test.go +++ b/test/java/java_test.go @@ -3,9 +3,9 @@ package java import ( "testing" - "github.com/xmirrorsecurity/opensca-cli/opensca/common" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/java" - "github.com/xmirrorsecurity/opensca-cli/test/tool" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/common" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/java" + "github.com/xmirrorsecurity/opensca-cli/v3/test/tool" ) var cases = []tool.TaskCase{ diff --git a/test/javascript/javascript_test.go b/test/javascript/javascript_test.go index b324ed04..1d168049 100644 --- a/test/javascript/javascript_test.go +++ b/test/javascript/javascript_test.go @@ -3,8 +3,8 @@ package javascript import ( "testing" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/javascript" - "github.com/xmirrorsecurity/opensca-cli/test/tool" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/javascript" + "github.com/xmirrorsecurity/opensca-cli/v3/test/tool" ) func Test_JavaScript(t *testing.T) { diff --git a/test/php/php_test.go b/test/php/php_test.go index 264413eb..4e675c69 100644 --- a/test/php/php_test.go +++ b/test/php/php_test.go @@ -3,8 +3,8 @@ package php import ( "testing" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/php" - "github.com/xmirrorsecurity/opensca-cli/test/tool" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/php" + "github.com/xmirrorsecurity/opensca-cli/v3/test/tool" ) func Test_Php(t *testing.T) { diff --git a/test/python/python_test.go b/test/python/python_test.go index a77668c2..09e8fa80 100644 --- a/test/python/python_test.go +++ b/test/python/python_test.go @@ -3,8 +3,8 @@ package python import ( "testing" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/python" - "github.com/xmirrorsecurity/opensca-cli/test/tool" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/python" + "github.com/xmirrorsecurity/opensca-cli/v3/test/tool" ) func Test_Python(t *testing.T) { diff --git a/test/ruby/ruby_test.go b/test/ruby/ruby_test.go index 196c4688..72e695b4 100644 --- a/test/ruby/ruby_test.go +++ b/test/ruby/ruby_test.go @@ -3,8 +3,8 @@ package ruby import ( "testing" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/ruby" - "github.com/xmirrorsecurity/opensca-cli/test/tool" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/ruby" + "github.com/xmirrorsecurity/opensca-cli/v3/test/tool" ) func Test_Ruby(t *testing.T) { diff --git a/test/rust/rust_test.go b/test/rust/rust_test.go index ef804128..a3a20d7f 100644 --- a/test/rust/rust_test.go +++ b/test/rust/rust_test.go @@ -3,8 +3,8 @@ package rust import ( "testing" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca/rust" - "github.com/xmirrorsecurity/opensca-cli/test/tool" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca/rust" + "github.com/xmirrorsecurity/opensca-cli/v3/test/tool" ) func Test_Rust(t *testing.T) { diff --git a/test/tool/tool.go b/test/tool/tool.go index 56af7966..17acf27c 100644 --- a/test/tool/tool.go +++ b/test/tool/tool.go @@ -4,10 +4,10 @@ import ( "context" "testing" - "github.com/xmirrorsecurity/opensca-cli/opensca" - "github.com/xmirrorsecurity/opensca-cli/opensca/logs" - "github.com/xmirrorsecurity/opensca-cli/opensca/model" - "github.com/xmirrorsecurity/opensca-cli/opensca/sca" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/model" + "github.com/xmirrorsecurity/opensca-cli/v3/opensca/sca" ) func Diff(a, b *model.DepGraph) bool {