fix: 删除命令行中传参私有源和代理地址

cmd/murphy/internal/scan/cmd.go

@@ -39,8 +39,6 @@ var sbomOutputType common.SBOMFormatFlag
 var webhookAddr string
 var webhookMode common.WebhookModeFlag
 var extraData string
-var privateSourceAddr string
-var proxyAddr string
 
 func Cmd() *cobra.Command {
 	var c cobra.Command
@@ -60,8 +58,6 @@ func Cmd() *cobra.Command {
 	c.Flags().StringVar(&webhookAddr, "webhook-addr", "", "specify the webhook address")
 	c.Flags().Var(&webhookMode, "webhook-mode", "specify the webhook mode, currently supports: simple, full")
 	c.Flags().StringVar(&extraData, "extra-data", "", "specify the extra data")
-	c.Flags().StringVar(&privateSourceAddr, "private-source-addr", "", "specify the private source address")
-	c.Flags().StringVar(&proxyAddr, "proxy-addr", "", "specify the proxy address")
 	return &c
 }
 
@@ -83,8 +79,6 @@ func DfCmd() *cobra.Command {
 	c.Flags().StringVar(&webhookAddr, "webhook-addr", "", "specify the webhook address")
 	c.Flags().Var(&webhookMode, "webhook-mode", "specify the webhook mode, currently supports: simple, full(default)")
 	c.Flags().StringVar(&extraData, "extra-data", "", "specify the extra data")
-	c.Flags().StringVar(&privateSourceAddr, "private-source-addr", "", "specify the private source address")
-	c.Flags().StringVar(&proxyAddr, "proxy-addr", "", "specify the proxy address")
 	return &c
 }
 

env/python.go

@@ -0,0 +1,6 @@
+package env
+
+import "os"
+
+var PIP_SOURCE_ADDR = os.Getenv("PIP_SOURCE_ADDR")
+var PIPREQS_SERVER_SOURCE_ADDR = os.Getenv("PIPREQS_SERVER_SOURCE_ADDR")

module/go_mod/go.go

@@ -4,11 +4,9 @@ import (
 	"context"
 	"path/filepath"
 
-	"github.com/murphysecurity/murphysec/infra/logctx"
 	"github.com/murphysecurity/murphysec/model"
 	"github.com/murphysecurity/murphysec/utils"
 	"github.com/pkg/errors"
-	"go.uber.org/zap"
 )
 
 type Inspector struct{}
@@ -26,19 +24,6 @@ func (Inspector) CheckDir(dir string) bool {
 }
 
 func (Inspector) InspectProject(ctx context.Context) error {
-	logger := logctx.Use(ctx)
-	if privatePath, ok := ctx.Value("privateSourceAddr").(string); ok {
-		logger.Debug("Use private path", zap.String("path", privatePath))
-		if err := setPrivatePath(privatePath, logger); err != nil {
-			return err
-		}
-	}
-	if proxyPath, ok := ctx.Value("proxyAddr").(string); ok {
-		logger.Debug("Use proxy path", zap.String("path", proxyPath))
-		if err := setProxyPath(proxyPath, logger); err != nil {
-			return err
-		}
-	}
 	if err := buildScan(ctx); err != nil {
 		if err := baseScan(ctx); err != nil {
 			return err

module/python/venv.go

@@ -5,6 +5,7 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
+	"github.com/murphysecurity/murphysec/env"
 	"github.com/murphysecurity/murphysec/model"
 	"go.uber.org/zap"
 	"golang.org/x/net/context"
@@ -42,12 +43,13 @@ func getVenvPath(basePath string) string {
 
 	return ""
 }
-func newVenv(dir string, logger *zap.SugaredLogger) error {
+func newVenv(dir string, pythonVersion string, logger *zap.SugaredLogger) error {
 	var out bytes.Buffer
 	var errout bytes.Buffer
 	env := os.Environ()
 	logger.Debug(zap.Any("env", env))
-	cmd := exec.Command("bash", "-c", "/usr/local/python3.10/bin/python3.10 -m venv virtual_venv")
+	pythonVersion = "./" + pythonVersion
+	cmd := exec.Command("bash", "-c", pythonVersion+" -m venv virtual_venv")
 	cmd.Dir = dir
 	cmd.Stdout = &out
 	cmd.Stderr = &errout
@@ -82,10 +84,11 @@ func newPipConf(basePath string, privateAddr string) error {
 	}
 	return nil
 }
-func updatePip(dir string, logger *zap.SugaredLogger) error {
+func updatePip(dir string, pythonVersion string, logger *zap.SugaredLogger) error {
 	var out bytes.Buffer
 	var errout bytes.Buffer
-	cmd := exec.Command("./python3.10", "-m", "pip", "install", "--upgrade", "pip")
+	pythonVersion = "./" + pythonVersion
+	cmd := exec.Command(pythonVersion, "-m", "pip", "install", "--upgrade", "pip")
 	cmd.Stdout = &out
 	cmd.Dir = dir
 	if err := cmd.Run(); err != nil {
@@ -102,8 +105,8 @@ func pipreqs(dir string, projectPath, savePath string, logger *zap.SugaredLogger
 	logger.Debug(zap.String("pipreqs projectPath", projectPath))
 	logger.Debug(zap.String("pipreqs savepath", savePath))
 	var pypiserverAddr string
-	if s := getPipreqsServerSourctAddr(); s != "" {
-		pypiserverAddr = "--pypi-server=" + s
+	if env.PIPREQS_SERVER_SOURCE_ADDR != "" {
+		pypiserverAddr = "--pypi-server=" + env.PIPREQS_SERVER_SOURCE_ADDR
 	}
 	cmd := exec.Command("./pipreqs", projectPath, "--savepath", savePath, "--encoding=utf-8", "--ignore=virtual_venv", pypiserverAddr)
 	cmd.Dir = dir
@@ -278,34 +281,30 @@ func directDependenceSurvival(mod *[]model.DependencyItem, nvMp map[string]strin
 		}
 	}
 }
-func pipenv() string {
-	return os.Getenv("PIP_SOURCE_ADDR")
-}
-func getPipreqsServerSourctAddr() string {
-	return os.Getenv("PIPREQS_SERVER_SOURCE_ADDR")
+func getPythonVersion() string {
+	_, err := exec.LookPath("python3.10")
+	if err != nil {
+		return "python"
+	}
+	return "python3.10"
 }
 func Run(ctx context.Context, dir string, logger *zap.SugaredLogger, nvMp map[string]string) ([]model.DependencyItem, error) {
 	var mod []model.DependencyItem
 	var venvDir = filepath.Join(dir, "virtual_venv")
 	venvPath := getVenvPath(dir)
 	requirementsPath := filepath.Join(dir, "requirements.txt")
 	venvRequirementsPath := filepath.Join(venvPath, "requirements.txt")
-	if err := newVenv(dir, logger); err != nil {
+	pythonVersion := getPythonVersion()
+	if err := newVenv(dir, pythonVersion, logger); err != nil {
 		return nil, err
 	}
-	if privatePath, ok := ctx.Value("privateSourceAddr").(string); ok {
-		logger.Debug("Use private path", zap.String("path", privatePath))
-		if err := newPipConf(dir, privatePath); err != nil {
-			return nil, err
-		}
-	}
-	if envSource := pipenv(); envSource != "" {
-		logger.Debug("Use private path", zap.String("path", envSource))
-		if err := newPipConf(dir, envSource); err != nil {
+	if env.PIP_SOURCE_ADDR != "" {
+		logger.Debug("Use private path", zap.String("path", env.PIP_SOURCE_ADDR))
+		if err := newPipConf(dir, env.PIP_SOURCE_ADDR); err != nil {
 			return nil, err
 		}
 	}
-	if err := updatePip(venvPath, logger); err != nil {
+	if err := updatePip(venvPath, pythonVersion, logger); err != nil {
 		return nil, err
 	}
 	if err := setPipTimeout(); err != nil {