bump trivy to v0.57.1

Signed-off-by: Nikita Pivkin <[email protected]>

Author: nikpivkin

cmd/trivy-aws/main.go

@@ -7,7 +7,7 @@ import (
 
 func main() {
 	if err := run(); err != nil {
-		log.Fatal(err.Error())
+		log.Fatal("Fatal error", log.Err(err))
 	}
 }
 

go.mod

@@ -3,21 +3,20 @@ package aws
 import (
 	"context"
 	"fmt"
+	"slices"
 
-	"github.com/aquasecurity/trivy-aws/pkg/concurrency"
-	"github.com/aquasecurity/trivy-aws/pkg/errs"
-	"github.com/aquasecurity/trivy/pkg/iac/types"
-
-	"github.com/aquasecurity/trivy/pkg/iac/debug"
-
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/aws/arn"
+	"github.com/aws/aws-sdk-go-v2/config"
 	"github.com/aws/aws-sdk-go-v2/service/sts"
 
 	"github.com/aquasecurity/trivy-aws/internal/adapters/cloud/options"
+	"github.com/aquasecurity/trivy-aws/pkg/concurrency"
+	"github.com/aquasecurity/trivy-aws/pkg/errs"
 	"github.com/aquasecurity/trivy-aws/pkg/progress"
 	"github.com/aquasecurity/trivy/pkg/iac/state"
-	"github.com/aws/aws-sdk-go-v2/aws"
-	"github.com/aws/aws-sdk-go-v2/aws/arn"
-	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aquasecurity/trivy/pkg/iac/types"
+	"github.com/aquasecurity/trivy/pkg/log"
 )
 
 var registeredAdapters []ServiceAdapter
@@ -44,27 +43,24 @@ type RootAdapter struct {
 	accountID           string
 	currentService      string
 	region              string
-	debugWriter         debug.Logger
+	logger              *log.Logger
 	concurrencyStrategy concurrency.Strategy
 }
 
-func NewRootAdapter(ctx context.Context, cfg aws.Config, tracker progress.ServiceTracker) *RootAdapter {
+func NewRootAdapter(ctx context.Context, cfg aws.Config, tracker progress.ServiceTracker, logger *log.Logger) *RootAdapter {
 	return &RootAdapter{
 		ctx:        ctx,
 		tracker:    tracker,
 		sessionCfg: cfg,
 		region:     cfg.Region,
+		logger:     logger,
 	}
 }
 
 func (a *RootAdapter) Region() string {
 	return a.region
 }
 
-func (a *RootAdapter) Debug(format string, args ...interface{}) {
-	a.debugWriter.Log(format, args...)
-}
-
 func (a *RootAdapter) ConcurrencyStrategy() concurrency.Strategy {
 	return a.concurrencyStrategy
 }
@@ -81,6 +77,10 @@ func (a *RootAdapter) Tracker() progress.ServiceTracker {
 	return a.tracker
 }
 
+func (a *RootAdapter) Logger() *log.Logger {
+	return a.logger
+}
+
 func (a *RootAdapter) CreateMetadata(resource string) types.Metadata {
 
 	// some services don't require region/account id in the ARN
@@ -136,7 +136,7 @@ func Adapt(ctx context.Context, state *state.State, opt options.Options) error {
 	c := &RootAdapter{
 		ctx:                 ctx,
 		tracker:             opt.ProgressTracker,
-		debugWriter:         opt.DebugWriter.Extend("adapt", "aws"),
+		logger:              log.WithPrefix("adapt-aws"),
 		concurrencyStrategy: opt.ConcurrencyStrategy,
 	}
 
@@ -148,15 +148,15 @@ func Adapt(ctx context.Context, state *state.State, opt options.Options) error {
 	c.sessionCfg = cfg
 
 	if opt.Region != "" {
-		c.Debug("Using region '%s'", opt.Region)
+		c.logger.Info("Using region", log.String("region", opt.Region))
 		c.sessionCfg.Region = opt.Region
 	}
 	if opt.Endpoint != "" {
-		c.Debug("Using endpoint '%s'", opt.Endpoint)
+		c.logger.Info("Using endpoint", log.String("endpoint", opt.Endpoint))
 		c.sessionCfg.EndpointResolverWithOptions = createResolver(opt.Endpoint)
 	}
 
-	c.Debug("Discovering caller identity...")
+	c.logger.Debug("Discovering caller identity...")
 	stsClient := sts.NewFromConfig(c.sessionCfg)
 	result, err := stsClient.GetCallerIdentity(ctx, &sts.GetCallerIdentityInput{})
 	if err != nil {
@@ -166,13 +166,13 @@ func Adapt(ctx context.Context, state *state.State, opt options.Options) error {
 		return fmt.Errorf("missing account id for aws account")
 	}
 	c.accountID = *result.Account
-	c.Debug("AWS account ID: %s", c.accountID)
+	c.logger.Info("AWS account ID", log.String("ID", c.accountID))
 
 	if len(opt.Services) == 0 {
-		c.Debug("Preparing to run for all %d registered services...", len(registeredAdapters))
+		c.logger.Info("Preparing to run for all registered services...", log.Int("count", len(registeredAdapters)))
 		opt.ProgressTracker.SetTotalServices(len(registeredAdapters))
 	} else {
-		c.Debug("Preparing to run for %d filtered services...", len(opt.Services))
+		c.logger.Info("Preparing to run for filtered services...", log.Int("count", len(opt.Services)))
 		opt.ProgressTracker.SetTotalServices(len(opt.Services))
 	}
 
@@ -181,16 +181,16 @@ func Adapt(ctx context.Context, state *state.State, opt options.Options) error {
 	var adapterErrors []error
 
 	for _, adapter := range registeredAdapters {
-		if len(opt.Services) != 0 && !contains(opt.Services, adapter.Name()) {
+		if len(opt.Services) != 0 && !slices.Contains(opt.Services, adapter.Name()) {
 			continue
 		}
 		c.currentService = adapter.Name()
-		c.Debug("Running adapter for %s...", adapter.Name())
+		c.logger.Debug("Running adapter", log.String("service", adapter.Name()))
 		opt.ProgressTracker.StartService(adapter.Name())
 
 		if err := adapter.Adapt(c, state); err != nil {
-			c.Debug("Error occurred while running adapter for %s: %s", adapter.Name(), err)
-			adapterErrors = append(adapterErrors, fmt.Errorf("failed to run adapter for %s: %w", adapter.Name(), err))
+			c.logger.Error("Failed to adapt", log.String("service", adapter.Name()), log.Err(err))
+			adapterErrors = append(adapterErrors, fmt.Errorf("failed to adapt service %s: %w", adapter.Name(), err))
 		}
 		opt.ProgressTracker.FinishService()
 	}
@@ -201,12 +201,3 @@ func Adapt(ctx context.Context, state *state.State, opt options.Options) error {
 
 	return nil
 }
-
-func contains(services []string, service string) bool {
-	for _, s := range services {
-		if s == service {
-			return true
-		}
-	}
-	return false
-}

go.sum

@@ -5,6 +5,7 @@ import (
 	"github.com/aquasecurity/trivy/pkg/iac/providers/aws/elasticache"
 	"github.com/aquasecurity/trivy/pkg/iac/state"
 	trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types"
+	"github.com/aquasecurity/trivy/pkg/log"
 	api "github.com/aws/aws-sdk-go-v2/service/elasticache"
 	"github.com/aws/aws-sdk-go-v2/service/elasticache/types"
 
@@ -124,7 +125,7 @@ func (a *adapter) getReplicationGroups() ([]elasticache.ReplicationGroup, error)
 	for _, apiGroup := range apiGroups {
 		group, err := a.adaptReplicationGroup(apiGroup)
 		if err != nil {
-			a.Debug("Failed to adapt replication group '%s': %s", *apiGroup.ARN, err)
+			a.Logger().Error("Failed to adapt replication group", log.String("ARN", *apiGroup.ARN), log.Err(err))
 			continue
 		}
 		groups = append(groups, *group)
@@ -178,7 +179,7 @@ func (a *adapter) getSecurityGroups() ([]elasticache.SecurityGroup, error) {
 	for _, apiGroup := range apiGroups {
 		group, err := a.adaptSecurityGroup(apiGroup)
 		if err != nil {
-			a.Debug("Failed to adapt security group '%s': %s", *apiGroup.ARN, err)
+			a.Logger().Error("Failed to adapt security group", log.String("ARN", *apiGroup.ARN), log.Err(err))
 			continue
 		}
 		groups = append(groups, *group)

internal/adapters/cloud/aws/adapt.go

@@ -5,6 +5,7 @@ import (
 	"github.com/aquasecurity/trivy/pkg/iac/providers/aws/emr"
 	"github.com/aquasecurity/trivy/pkg/iac/state"
 	trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types"
+	"github.com/aquasecurity/trivy/pkg/log"
 	api "github.com/aws/aws-sdk-go-v2/service/emr"
 	"github.com/aws/aws-sdk-go-v2/service/emr/types"
 
@@ -131,7 +132,8 @@ func (a *adapter) getSecurityConfigurations() ([]emr.SecurityConfiguration, erro
 	for _, apiConfig := range apiConfigs {
 		config, err := a.adaptConfig(apiConfig)
 		if err != nil {
-			a.Debug("Failed to adapt security configuration '%s': %s", *apiConfig.Name, err)
+			a.Logger().Error("Failed to adapt security configuration",
+				log.String("name", *apiConfig.Name), log.Err(err))
 			continue
 		}
 		configs = append(configs, *config)

internal/adapters/cloud/aws/elasticache/adapt.go

@@ -6,6 +6,7 @@ import (
 	"github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam"
 	"github.com/aquasecurity/trivy/pkg/iac/state"
 	"github.com/aquasecurity/trivy/pkg/iac/types"
+	"github.com/aquasecurity/trivy/pkg/log"
 	iamapi "github.com/aws/aws-sdk-go-v2/service/iam"
 	iamtypes "github.com/aws/aws-sdk-go-v2/service/iam/types"
 
@@ -57,14 +58,16 @@ func (a *adapter) adaptGroup(apiGroup iamtypes.Group, state *state.State) (*iam.
 		for {
 			policiesOutput, err := a.api.ListAttachedGroupPolicies(a.Context(), input)
 			if err != nil {
-				a.Debug("Failed to locate policies attached to group '%s': %s", *apiGroup.GroupName, err)
+				a.Logger().Error("Failed to locate policies attached to group",
+					log.String("name", *apiGroup.GroupName), log.Err(err))
 				break
 			}
 
 			for _, apiPolicy := range policiesOutput.AttachedPolicies {
 				policy, err := a.adaptAttachedPolicy(apiPolicy)
 				if err != nil {
-					a.Debug("Failed to adapt policy attached to group '%s': %s", *apiGroup.GroupName, err)
+					a.Logger().Error("Failed to adapt policy attached to group",
+						log.String("name", *apiGroup.GroupName), log.Err(err))
 					continue
 				}
 				policies = append(policies, *policy)

internal/adapters/cloud/aws/emr/adapt.go

@@ -5,6 +5,7 @@ import (
 	"github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam"
 	"github.com/aquasecurity/trivy/pkg/iac/state"
 	"github.com/aquasecurity/trivy/pkg/iac/types"
+	"github.com/aquasecurity/trivy/pkg/log"
 	iamapi "github.com/aws/aws-sdk-go-v2/service/iam"
 )
 
@@ -64,7 +65,7 @@ func (a *adapter) adaptPasswordPolicy(state *state.State) error {
 
 	output, err := a.api.GetAccountPasswordPolicy(a.Context(), &iamapi.GetAccountPasswordPolicyInput{})
 	if err != nil {
-		a.Debug("Failed to adapt account password policy: %s", err)
+		a.Logger().Error("Failed to adapt account password policy", log.Err(err))
 		return nil
 	}
 	a.Tracker().SetTotalResources(1)

internal/adapters/cloud/aws/iam/group.go

@@ -6,6 +6,7 @@ import (
 	"github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam"
 	"github.com/aquasecurity/trivy/pkg/iac/state"
 	"github.com/aquasecurity/trivy/pkg/iac/types"
+	"github.com/aquasecurity/trivy/pkg/log"
 	iamapi "github.com/aws/aws-sdk-go-v2/service/iam"
 	iamtypes "github.com/aws/aws-sdk-go-v2/service/iam/types"
 
@@ -55,14 +56,16 @@ func (a *adapter) adaptRole(apiRole iamtypes.Role) (*iam.Role, error) {
 	for {
 		policiesOutput, err := a.api.ListAttachedRolePolicies(a.Context(), input)
 		if err != nil {
-			a.Debug("Failed to locate policies attached to role '%s': %s", *apiRole.RoleName, err)
+			a.Logger().Error("Failed to locate policies attached to role",
+				log.String("name", *apiRole.RoleName), log.Err(err))
 			break
 		}
 
 		for _, apiPolicy := range policiesOutput.AttachedPolicies {
 			policy, err := a.adaptAttachedPolicy(apiPolicy)
 			if err != nil {
-				a.Debug("Failed to adapt policy attached to role '%s': %s", *apiRole.RoleName, err)
+				a.Logger().Error("Failed to adapt policy attached to role",
+					log.String("name", *apiRole.RoleName), log.Err(err))
 				continue
 			}
 			policies = append(policies, *policy)

internal/adapters/cloud/aws/iam/iam.go

@@ -8,6 +8,7 @@ import (
 	"github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam"
 	"github.com/aquasecurity/trivy/pkg/iac/state"
 	trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types"
+	"github.com/aquasecurity/trivy/pkg/log"
 	iamapi "github.com/aws/aws-sdk-go-v2/service/iam"
 	iamtypes "github.com/aws/aws-sdk-go-v2/service/iam/types"
 
@@ -83,14 +84,16 @@ func (a *adapter) getUserPolicies(apiUser iamtypes.User) []iam.Policy {
 	for {
 		policiesOutput, err := a.api.ListAttachedUserPolicies(a.Context(), input)
 		if err != nil {
-			a.Debug("Failed to locate policies attached to user '%s': %s", *apiUser.UserName, err)
+			a.Logger().Error("Failed to locate policies attached to user",
+				log.String("name", *apiUser.UserName), log.Err(err))
 			break
 		}
 
 		for _, apiPolicy := range policiesOutput.AttachedPolicies {
 			policy, err := a.adaptAttachedPolicy(apiPolicy)
 			if err != nil {
-				a.Debug("Failed to adapt policy attached to user '%s': %s", *apiUser.UserName, err)
+				a.Logger().Error("Failed to adapt policy attached to user",
+					log.String("name", *apiUser.UserName), log.Err(err))
 				continue
 			}
 			policies = append(policies, *policy)

internal/adapters/cloud/aws/iam/role.go

@@ -4,6 +4,7 @@ import (
 	"github.com/aquasecurity/trivy/pkg/iac/providers/aws/rds"
 	"github.com/aquasecurity/trivy/pkg/iac/state"
 	trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types"
+	"github.com/aquasecurity/trivy/pkg/log"
 	awssdk "github.com/aws/aws-sdk-go-v2/aws"
 	rdsApi "github.com/aws/aws-sdk-go-v2/service/rds"
 	rdsTypes "github.com/aws/aws-sdk-go-v2/service/rds/types"
@@ -48,7 +49,7 @@ func (a *adapter) Adapt(root *aws.RootAdapter, state *state.State) error {
 
 	state.AWS.RDS.Classic, err = a.getClassic()
 	if err != nil {
-		a.Debug("Failed to retrieve classic resource: %s", err)
+		a.Logger().Error("Failed to retrieve classic resource", log.Err(err))
 		return nil
 	}
 

internal/adapters/cloud/aws/iam/user.go

@@ -6,6 +6,7 @@ import (
 	"github.com/aquasecurity/trivy/pkg/iac/providers/aws/redshift"
 	"github.com/aquasecurity/trivy/pkg/iac/state"
 	trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types"
+	"github.com/aquasecurity/trivy/pkg/log"
 	awssdk "github.com/aws/aws-sdk-go-v2/aws"
 	api "github.com/aws/aws-sdk-go-v2/service/redshift"
 	redshiftTypes "github.com/aws/aws-sdk-go-v2/service/redshift/types"
@@ -56,7 +57,7 @@ func (a *adapter) Adapt(root *aws.RootAdapter, state *state.State) error {
 	// this can error is classic resources are used where disabled
 	state.AWS.Redshift.SecurityGroups, err = a.getSecurityGroups()
 	if err != nil {
-		a.Debug("Failed to adapt security groups: %s", err)
+		a.Logger().Error("Failed to adapt security groups", log.Err(err))
 		return nil
 	}