diff --git a/internal/guidedremediation/client/client.go b/internal/guidedremediation/matcher/matcher.go similarity index 93% rename from internal/guidedremediation/client/client.go rename to internal/guidedremediation/matcher/matcher.go index 4b248d72..872c8b1c 100644 --- a/internal/guidedremediation/client/client.go +++ b/internal/guidedremediation/matcher/matcher.go @@ -12,8 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. -// Package client provides interfaces for the clients used by guided remediation. -package client +// Package matcher provides the interface for the vulnerability matcher used by guided remediation. +package matcher import ( "context" diff --git a/internal/guidedremediation/clienttest/mock_vulnerability_matcher.go b/internal/guidedremediation/matchertest/mock_vulnerability_matcher.go similarity index 83% rename from internal/guidedremediation/clienttest/mock_vulnerability_matcher.go rename to internal/guidedremediation/matchertest/mock_vulnerability_matcher.go index fa905908..b73187bb 100644 --- a/internal/guidedremediation/clienttest/mock_vulnerability_matcher.go +++ b/internal/guidedremediation/matchertest/mock_vulnerability_matcher.go @@ -12,8 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. -// Package clienttest provides mock clients for testing. -package clienttest +// Package matchertest provides mock matcher for testing. +package matchertest import ( "context" @@ -23,14 +23,14 @@ import ( "deps.dev/util/resolve" "github.com/google/osv-scalibr/extractor" - "github.com/google/osv-scalibr/internal/guidedremediation/client" + "github.com/google/osv-scalibr/internal/guidedremediation/matcher" "gopkg.in/yaml.v3" ) -type mockVulnerabilityMatcher []*client.OSVRecord +type mockVulnerabilityMatcher []*matcher.OSVRecord -func (mvc mockVulnerabilityMatcher) MatchVulnerabilities(ctx context.Context, invs []*extractor.Inventory) ([][]*client.OSVRecord, error) { - result := make([][]*client.OSVRecord, len(invs)) +func (mvc mockVulnerabilityMatcher) MatchVulnerabilities(ctx context.Context, invs []*extractor.Inventory) ([][]*matcher.OSVRecord, error) { + result := make([][]*matcher.OSVRecord, len(invs)) for i, inv := range invs { for _, vuln := range mvc { if vulnAffectsInv(vuln, inv) { @@ -42,7 +42,7 @@ func (mvc mockVulnerabilityMatcher) MatchVulnerabilities(ctx context.Context, in } type mockVulns struct { - Vulns []*client.OSVRecord `yaml:"vulns"` + Vulns []*matcher.OSVRecord `yaml:"vulns"` } // NewMockVulnerabilityMatcher creates a mock vulnerability matcher for testing. @@ -64,7 +64,7 @@ func NewMockVulnerabilityMatcher(t *testing.T, vulnsYAML string) mockVulnerabili } // TODO: similar logic will need to be used elsewhere in guided remediation. -func vulnAffectsInv(vuln *client.OSVRecord, inv *extractor.Inventory) bool { +func vulnAffectsInv(vuln *matcher.OSVRecord, inv *extractor.Inventory) bool { resolveSys, ok := inv.Metadata.(resolve.System) if !ok { return false @@ -84,7 +84,7 @@ func vulnAffectsInv(vuln *client.OSVRecord, inv *extractor.Inventory) bool { continue } events := slices.Clone(r.Events) - eventVersion := func(e client.OSVEvent) string { + eventVersion := func(e matcher.OSVEvent) string { if e.Introduced != "" { return e.Introduced } @@ -93,7 +93,7 @@ func vulnAffectsInv(vuln *client.OSVRecord, inv *extractor.Inventory) bool { } return e.LastAffected } - slices.SortFunc(events, func(a, b client.OSVEvent) int { + slices.SortFunc(events, func(a, b matcher.OSVEvent) int { aVer := eventVersion(a) bVer := eventVersion(b) if aVer == "0" { @@ -108,7 +108,7 @@ func vulnAffectsInv(vuln *client.OSVRecord, inv *extractor.Inventory) bool { // sys.Compare on strings is expensive, should consider precomputing sys.Parse return sys.Compare(aVer, bVer) }) - idx, exact := slices.BinarySearchFunc(events, inv.Version, func(e client.OSVEvent, v string) int { + idx, exact := slices.BinarySearchFunc(events, inv.Version, func(e matcher.OSVEvent, v string) int { eVer := eventVersion(e) if eVer == "0" { return -1 diff --git a/internal/guidedremediation/resolution/vulnerabilities.go b/internal/guidedremediation/resolution/vulnerabilities.go index 99253ddb..ac4e08c5 100644 --- a/internal/guidedremediation/resolution/vulnerabilities.go +++ b/internal/guidedremediation/resolution/vulnerabilities.go @@ -22,15 +22,15 @@ import ( "deps.dev/util/resolve" "github.com/google/osv-scalibr/extractor" - "github.com/google/osv-scalibr/internal/guidedremediation/client" "github.com/google/osv-scalibr/internal/guidedremediation/manifest" + "github.com/google/osv-scalibr/internal/guidedremediation/matcher" "github.com/google/osv-scalibr/plugin" "github.com/google/osv-scalibr/purl" ) // Vulnerability represents a vulnerability found in a dependency graph. type Vulnerability struct { - OSV *client.OSVRecord + OSV *matcher.OSVRecord DevOnly bool // Subgraphs are the collections of nodes and edges that reach the vulnerable node. // Subgraphs all contain the root node (NodeID 0) with no incoming edges (Parents), @@ -40,7 +40,7 @@ type Vulnerability struct { // FindVulnerabilities scans for vulnerabilities in a resolved graph. // One Vulnerability is created per unique ID, which may affect multiple graph nodes. -func FindVulnerabilities(ctx context.Context, cl client.VulnerabilityMatcher, m manifest.Manifest, graph *resolve.Graph) ([]Vulnerability, error) { +func FindVulnerabilities(ctx context.Context, cl matcher.VulnerabilityMatcher, m manifest.Manifest, graph *resolve.Graph) ([]Vulnerability, error) { nodeVulns, err := cl.MatchVulnerabilities(ctx, graphToInventory(graph)) if err != nil { return nil, err @@ -48,11 +48,11 @@ func FindVulnerabilities(ctx context.Context, cl client.VulnerabilityMatcher, m // The root node is of the graph is excluded from the vulnerability results. // Prepend an element to nodeVulns so that the indices line up with graph.Nodes[i] <=> nodeVulns[i] - nodeVulns = append([][]*client.OSVRecord{nil}, nodeVulns...) + nodeVulns = append([][]*matcher.OSVRecord{nil}, nodeVulns...) // Find the dependency subgraphs of the vulnerable dependencies. var vulnerableNodes []resolve.NodeID - uniqueVulns := make(map[string]*client.OSVRecord) + uniqueVulns := make(map[string]*matcher.OSVRecord) for i, vulns := range nodeVulns { if len(vulns) > 0 { vulnerableNodes = append(vulnerableNodes, resolve.NodeID(i)) diff --git a/internal/guidedremediation/resolution/vulnerabilities_test.go b/internal/guidedremediation/resolution/vulnerabilities_test.go index 2833cc88..8da33417 100644 --- a/internal/guidedremediation/resolution/vulnerabilities_test.go +++ b/internal/guidedremediation/resolution/vulnerabilities_test.go @@ -1,3 +1,17 @@ +// Copyright 2025 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package resolution_test import ( @@ -9,9 +23,9 @@ import ( "deps.dev/util/resolve/schema" "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" - "github.com/google/osv-scalibr/internal/guidedremediation/clienttest" "github.com/google/osv-scalibr/internal/guidedremediation/manifest" "github.com/google/osv-scalibr/internal/guidedremediation/manifest/npm" + "github.com/google/osv-scalibr/internal/guidedremediation/matchertest" "github.com/google/osv-scalibr/internal/guidedremediation/resolution" ) @@ -66,7 +80,7 @@ test 1.0.0 charlieNode resolve.NodeID = 4 ) - vulnMatcher := clienttest.NewMockVulnerabilityMatcher(t, "testdata/vulnerabilities.yaml") + vulnMatcher := matchertest.NewMockVulnerabilityMatcher(t, "testdata/vulnerabilities.yaml") type vuln struct { ID string Nodes []resolve.NodeID diff --git a/internal/resolution/clienttest/mock_resolution_client.go b/internal/resolution/clienttest/mock_resolution_client.go index ca0091e6..d0691c70 100644 --- a/internal/resolution/clienttest/mock_resolution_client.go +++ b/internal/resolution/clienttest/mock_resolution_client.go @@ -30,10 +30,6 @@ type ResolutionUniverse struct { Schema string `yaml:"schema"` } -type mockDependencyClient struct { - *resolve.LocalClient -} - // NewMockResolutionClient creates a new mock resolution client from the given universe YAML. func NewMockResolutionClient(t *testing.T, universeYAML string) resolve.Client { t.Helper() @@ -67,5 +63,5 @@ func NewMockResolutionClient(t *testing.T, universeYAML string) resolve.Client { t.Fatalf("failed parsing schema: %v", err) } - return mockDependencyClient{sch.NewClient()} + return sch.NewClient() }