diff --git a/pkg/sbom/cyclonedx/unmarshal.go b/pkg/sbom/cyclonedx/unmarshal.go index e92c70ac5324..5ceadf5ada93 100644 --- a/pkg/sbom/cyclonedx/unmarshal.go +++ b/pkg/sbom/cyclonedx/unmarshal.go @@ -112,7 +112,7 @@ func (b *BOM) parseExternalReferences(bom *cdx.BOM) []core.ExternalReference { if bom.ExternalReferences == nil { return nil } - refs := make([]core.ExternalReference, 0) + var refs = make([]core.ExternalReference, 0) for _, ref := range *bom.ExternalReferences { t, err := b.unmarshalReferenceType(ref.Type) diff --git a/pkg/vex/sbomref.go b/pkg/vex/sbomref.go index 7bc37764197b..b511a082c1f5 100644 --- a/pkg/vex/sbomref.go +++ b/pkg/vex/sbomref.go @@ -3,14 +3,16 @@ package vex import ( "bytes" "fmt" + "io" + "net/http" + "net/url" + + "golang.org/x/xerrors" + "github.com/aquasecurity/trivy/pkg/fanal/artifact" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/sbom/core" "github.com/aquasecurity/trivy/pkg/types" - "golang.org/x/xerrors" - "io" - "net/http" - "net/url" ) type SBOMReferenceSet struct { @@ -71,13 +73,13 @@ func RetrieveExternalVEXDocuments(refs []url.URL, report *types.Report) ([]VEX, } -func RetrieveExternalVEXDocument(VEXUrl url.URL, report *types.Report) (VEX, error) { +func RetrieveExternalVEXDocument(url url.URL, report *types.Report) (VEX, error) { logger := log.WithPrefix("vex").With(log.String("type", "externalReference")) - logger.Info(fmt.Sprintf("Retrieving external VEX document from host %s", VEXUrl.Host)) + logger.Info(fmt.Sprintf("Retrieving external VEX document from host %s", url.Host)) - res, err := http.Get(VEXUrl.String()) + res, err := http.Get(url.String()) if err != nil { return nil, xerrors.Errorf("unable to fetch file via HTTP: %w", err) } @@ -88,7 +90,7 @@ func RetrieveExternalVEXDocument(VEXUrl url.URL, report *types.Report) (VEX, err return nil, xerrors.Errorf("unable to read response into memory: %w", err) } - if v, err := decodeVEX(bytes.NewReader(val), VEXUrl.String(), report); err != nil { + if v, err := decodeVEX(bytes.NewReader(val), url.String(), report); err != nil { return nil, xerrors.Errorf("unable to load VEX: %w", err) } else { return v, nil diff --git a/pkg/vex/sbomref_test.go b/pkg/vex/sbomref_test.go index 465ef26eb02b..0273858fb890 100644 --- a/pkg/vex/sbomref_test.go +++ b/pkg/vex/sbomref_test.go @@ -1,16 +1,18 @@ package vex_test import ( - "github.com/aquasecurity/trivy/pkg/fanal/artifact" - "github.com/aquasecurity/trivy/pkg/sbom/core" - "github.com/aquasecurity/trivy/pkg/types" - "github.com/aquasecurity/trivy/pkg/vex" - "github.com/stretchr/testify/require" "io" "net/http" "net/http/httptest" "os" "testing" + + "github.com/stretchr/testify/require" + + "github.com/aquasecurity/trivy/pkg/fanal/artifact" + "github.com/aquasecurity/trivy/pkg/sbom/core" + "github.com/aquasecurity/trivy/pkg/types" + "github.com/aquasecurity/trivy/pkg/vex" ) const ( @@ -22,18 +24,18 @@ func setUpServer(t *testing.T) *httptest.Server { s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.URL.Path == vexExternalRef { f, err := os.Open("testdata/" + vexExternalRef + ".json") - require.NoError(t, err) + t.Error(err) defer f.Close() _, err = io.Copy(w, f) - require.NoError(t, err) + t.Error(err) } else if r.URL.Path == vexUnknown { f, err := os.Open("testdata/" + vexUnknown + ".json") - require.NoError(t, err) + t.Error(err) defer f.Close() _, err = io.Copy(w, f) - require.NoError(t, err) + t.Error(err) } http.NotFound(w, r) @@ -62,12 +64,12 @@ func TestRetrieveExternalVEXDocuments(t *testing.T) { t.Run("external vex retrieval", func(t *testing.T) { set, err := vex.NewSBOMReferenceSet(setupTestReport(s, vexExternalRef)) require.NoError(t, err) - require.Equal(t, 1, len(set.Vexes)) + require.Len(t, set.Vexes, 1) }) t.Run("incompatible external vex", func(t *testing.T) { set, err := vex.NewSBOMReferenceSet(setupTestReport(s, vexUnknown)) require.NoError(t, err) - require.Equal(t, 0, len(set.Vexes)) + require.Empty(t, set.Vexes) }) }