aquasecurity · knqyf263 · Jul 23, 2023 · Jul 19, 2023 · Jul 20, 2023 · Jul 21, 2023
@@ -5,10 +5,9 @@ import (
 	"errors"
 	"strings"
 
-	"golang.org/x/exp/slices"
-
 	"github.com/aws/aws-sdk-go-v2/config"
 	"github.com/aws/aws-sdk-go-v2/service/sts"
+	"golang.org/x/exp/slices"
 	"golang.org/x/xerrors"
 
 	"github.com/aquasecurity/defsec/pkg/errs"
@@ -17,10 +16,8 @@ import (
 	"github.com/aquasecurity/trivy/pkg/cloud/aws/scanner"
 	"github.com/aquasecurity/trivy/pkg/cloud/report"
 	"github.com/aquasecurity/trivy/pkg/commands/operation"
-	cr "github.com/aquasecurity/trivy/pkg/compliance/report"
 	"github.com/aquasecurity/trivy/pkg/flag"
 	"github.com/aquasecurity/trivy/pkg/log"
-	"github.com/aquasecurity/trivy/pkg/types"
 )
 
 var allSupportedServicesFunc = awsScanner.AllSupportedServices
@@ -166,24 +163,6 @@ func Run(ctx context.Context, opt flag.Options) error {
 	}
 
 	log.Logger.Debug("Writing report to output...")
-	if opt.Compliance.Spec.ID != "" {
-		convertedResults := report.ConvertResults(results, cloud.ProviderAWS, opt.Services)
-		var crr []types.Results
-		for _, r := range convertedResults {
-			crr = append(crr, r.Results)
-		}
-
-		complianceReport, err := cr.BuildComplianceReport(crr, opt.Compliance)
-		if err != nil {
-			return xerrors.Errorf("compliance report build error: %w", err)
-		}
-
-		return cr.Write(complianceReport, cr.Option{
-			Format: opt.Format,
-			Report: opt.ReportFormat,
-			Output: opt.Output,
-		})
-	}
 
 	res := results.GetFailed()
 	if opt.MisconfOptions.IncludeNonFailures {

@@ -1,7 +1,6 @@
 package commands
 
 import (
-	"bytes"
 	"context"
 	"os"
 	"path/filepath"
@@ -1243,8 +1242,8 @@ Summary Report for compliance: my-custom-spec
 				}()
 			}
 
-			buffer := new(bytes.Buffer)
-			test.options.Output = buffer
+			output := filepath.Join(t.TempDir(), "output")
+			test.options.Output = output
 			test.options.Debug = true
 			test.options.GlobalOptions.Timeout = time.Minute
 			if test.options.Format == "" {
@@ -1283,10 +1282,13 @@ Summary Report for compliance: my-custom-spec
 			err := Run(context.Background(), test.options)
 			if test.expectErr {
 				assert.Error(t, err)
-			} else {
-				assert.NoError(t, err)
-				assert.Equal(t, test.want, buffer.String())
+				return
 			}
+			assert.NoError(t, err)
+
+			b, err := os.ReadFile(output)
+			require.NoError(t, err)
+			assert.Equal(t, test.want, string(b))
 		})
 	}
 }
@@ -2,12 +2,16 @@ package report
 
 import (
 	"context"
+	"io"
 	"os"
 	"sort"
 	"time"
 
+	"golang.org/x/xerrors"
+
 	"github.com/aquasecurity/defsec/pkg/scan"
 	"github.com/aquasecurity/tml"
+	cr "github.com/aquasecurity/trivy/pkg/compliance/report"
 	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/aquasecurity/trivy/pkg/flag"
 	pkgReport "github.com/aquasecurity/trivy/pkg/report"
@@ -55,6 +59,15 @@ func (r *Report) Failed() bool {
 
 // Write writes the results in the give format
 func Write(rep *Report, opt flag.Options, fromCache bool) error {
+	output, err := opt.OutputWriter()
+	if err != nil {
+		return xerrors.Errorf("failed to create output file: %w", err)
+	}
+	defer output.Close()
+
+	if opt.Compliance.Spec.ID != "" {
+		return writeCompliance(rep, opt, output)
+	}
 
 	var filtered []types.Result
 
@@ -91,7 +104,7 @@ func Write(rep *Report, opt flag.Options, fromCache bool) error {
 
 		// ensure color/formatting is disabled for pipes/non-pty
 		var useANSI bool
-		if opt.Output == os.Stdout {
+		if opt.Output == "" {
 			if o, err := os.Stdout.Stat(); err == nil {
 				useANSI = (o.Mode() & os.ModeCharDevice) == os.ModeCharDevice
 			}
@@ -102,33 +115,44 @@ func Write(rep *Report, opt flag.Options, fromCache bool) error {
 
 		switch {
 		case len(opt.Services) == 1 && opt.ARN == "":
-			if err := writeResourceTable(rep, filtered, opt.Output, opt.Services[0]); err != nil {
+			if err := writeResourceTable(rep, filtered, output, opt.Services[0]); err != nil {
 				return err
 			}
 		case len(opt.Services) == 1 && opt.ARN != "":
-			if err := writeResultsForARN(rep, filtered, opt.Output, opt.Services[0], opt.ARN, opt.Severities); err != nil {
+			if err := writeResultsForARN(rep, filtered, output, opt.Services[0], opt.ARN, opt.Severities); err != nil {
 				return err
 			}
 		default:
-			if err := writeServiceTable(rep, filtered, opt.Output); err != nil {
+			if err := writeServiceTable(rep, filtered, output); err != nil {
 				return err
 			}
 		}
 
 		// render cache info
 		if fromCache {
-			_ = tml.Fprintf(opt.Output, "\n<blue>This scan report was loaded from cached results. If you'd like to run a fresh scan, use --update-cache.</blue>\n")
+			_ = tml.Fprintf(output, "\n<blue>This scan report was loaded from cached results. If you'd like to run a fresh scan, use --update-cache.</blue>\n")
 		}
 
 		return nil
 	default:
-		return pkgReport.Write(base, pkgReport.Option{
-			Format:             opt.Format,
-			Output:             opt.Output,
-			Severities:         opt.Severities,
-			OutputTemplate:     opt.Template,
-			IncludeNonFailures: opt.IncludeNonFailures,
-			Trace:              opt.Trace,
-		})
+		return pkgReport.Write(base, opt)
 	}
 }
+
+func writeCompliance(rep *Report, opt flag.Options, output io.Writer) error {
+	var crr []types.Results
+	for _, r := range rep.Results {
+		crr = append(crr, r.Results)
+	}
+
+	complianceReport, err := cr.BuildComplianceReport(crr, opt.Compliance)
+	if err != nil {
+		return xerrors.Errorf("compliance report build error: %w", err)
+	}
+
+	return cr.Write(complianceReport, cr.Option{
+		Format: opt.Format,
+		Report: opt.ReportFormat,
+		Output: output,
+	})
+}
@@ -1,7 +1,8 @@
 package report
 
 import (
-	"bytes"
+	"os"
+	"path/filepath"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -109,15 +110,18 @@ No problems detected.
 				tt.options.AWSOptions.Services,
 			)
 
-			buffer := bytes.NewBuffer([]byte{})
-			tt.options.Output = buffer
+			output := filepath.Join(t.TempDir(), "output")
+			tt.options.Output = output
 			require.NoError(t, Write(report, tt.options, tt.fromCache))
 
 			assert.Equal(t, "AWS", report.Provider)
 			assert.Equal(t, tt.options.AWSOptions.Account, report.AccountID)
 			assert.Equal(t, tt.options.AWSOptions.Region, report.Region)
 			assert.ElementsMatch(t, tt.options.AWSOptions.Services, report.ServicesInScope)
-			assert.Equal(t, tt.expected, buffer.String())
+
+			b, err := os.ReadFile(output)
+			require.NoError(t, err)
+			assert.Equal(t, tt.expected, string(b))
 		})
 	}
 }
@@ -1,7 +1,8 @@
 package report
 
 import (
-	"bytes"
+	"os"
+	"path/filepath"
 	"strings"
 	"testing"
 
@@ -68,15 +69,18 @@ See https://avd.aquasec.com/misconfig/avd-aws-9999
 				tt.options.AWSOptions.Services,
 			)
 
-			buffer := bytes.NewBuffer([]byte{})
-			tt.options.Output = buffer
+			output := filepath.Join(t.TempDir(), "output")
+			tt.options.Output = output
 			require.NoError(t, Write(report, tt.options, tt.fromCache))
 
+			b, err := os.ReadFile(output)
+			require.NoError(t, err)
+
 			assert.Equal(t, "AWS", report.Provider)
 			assert.Equal(t, tt.options.AWSOptions.Account, report.AccountID)
 			assert.Equal(t, tt.options.AWSOptions.Region, report.Region)
 			assert.ElementsMatch(t, tt.options.AWSOptions.Services, report.ServicesInScope)
-			assert.Equal(t, tt.expected, strings.ReplaceAll(buffer.String(), "\r\n", "\n"))
+			assert.Equal(t, tt.expected, strings.ReplaceAll(string(b), "\r\n", "\n"))
 		})
 	}
 }
@@ -1,7 +1,8 @@
 package report
 
 import (
-	"bytes"
+	"os"
+	"path/filepath"
 	"testing"
 
 	"github.com/aquasecurity/trivy-db/pkg/types"
@@ -320,19 +321,22 @@ Scan Overview for AWS Account
 				tt.options.AWSOptions.Services,
 			)
 
-			buffer := bytes.NewBuffer([]byte{})
-			tt.options.Output = buffer
+			output := filepath.Join(t.TempDir(), "output")
+			tt.options.Output = output
 			require.NoError(t, Write(report, tt.options, tt.fromCache))
 
 			assert.Equal(t, "AWS", report.Provider)
 			assert.Equal(t, tt.options.AWSOptions.Account, report.AccountID)
 			assert.Equal(t, tt.options.AWSOptions.Region, report.Region)
 			assert.ElementsMatch(t, tt.options.AWSOptions.Services, report.ServicesInScope)
+
+			b, err := os.ReadFile(output)
+			require.NoError(t, err)
 			if tt.options.Format == "json" {
 				// json output can be formatted/ordered differently - we just care that the data matches
-				assert.JSONEq(t, tt.expected, buffer.String())
+				assert.JSONEq(t, tt.expected, string(b))
 			} else {
-				assert.Equal(t, tt.expected, buffer.String())
+				assert.Equal(t, tt.expected, string(b))
 			}
 		})
 	}