DmitriyLewen
diff --git a/‎.golangci.yaml‎
Lines changed: 3 additions & 0 deletions b/‎.golangci.yaml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎go.mod‎
Lines changed: 0 additions & 1 deletion b/‎go.mod‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎go.sum‎
Lines changed: 0 additions & 2 deletions b/‎go.sum‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎internal/testutil/util.go‎
Lines changed: 5 additions & 12 deletions b/‎internal/testutil/util.go‎
Lines changed: 5 additions & 12 deletions
diff --git a/‎pkg/iac/adapters/arm/adaptertest/adaptertest.go‎
Lines changed: 1 addition & 1 deletion b/‎pkg/iac/adapters/arm/adaptertest/adaptertest.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎pkg/iac/adapters/cloudformation/testutil/testutil.go‎
Lines changed: 1 addition & 1 deletion b/‎pkg/iac/adapters/cloudformation/testutil/testutil.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎pkg/iac/adapters/terraform/tftestutil/testutil.go‎
Lines changed: 1 addition & 1 deletion b/‎pkg/iac/adapters/terraform/tftestutil/testutil.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎pkg/iac/rego/scanner_test.go‎
Lines changed: 23 additions & 36 deletions b/‎pkg/iac/rego/scanner_test.go‎
Lines changed: 23 additions & 36 deletions
@@ -59,6 +59,9 @@ linters:
               recommendations:
                 - github.com/aquasecurity/go-version
               reason: "`aquasecurity/go-version` is designed for our use-cases"
+          - github.com/liamg/memoryfs:
+              recommendations:
+                - github.com/aquasecurity/trivy/pkg/mapfs
     gosec:
       excludes:
         - G101
 
@@ -70,7 +70,6 @@ require (
 	github.com/knqyf263/go-rpmdb v0.1.1
 	github.com/knqyf263/nested v0.0.1
 	github.com/kylelemons/godebug v1.1.0
-	github.com/liamg/memoryfs v1.6.0
 	github.com/magefile/mage v1.15.0
 	github.com/masahiro331/go-disk v0.0.0-20240625071113-56c933208fee
 	github.com/masahiro331/go-ebs-file v0.0.0-20240917043618-e6d2bea5c32e
 
@@ -860,8 +860,6 @@ github.com/lestrrat-go/option/v2 v2.0.0 h1:XxrcaJESE1fokHy3FpaQ/cXW8ZsIdWcdFzzLO
 github.com/lestrrat-go/option/v2 v2.0.0/go.mod h1:oSySsmzMoR0iRzCDCaUfsCzxQHUEuhOViQObyy7S6Vg=
 github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec h1:2tTW6cDth2TSgRbAhD7yjZzTQmcN25sDRPEeinR51yQ=
 github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec/go.mod h1:TmwEoGCwIti7BCeJ9hescZgRtatxRE+A72pCoPfmcfk=
-github.com/liamg/memoryfs v1.6.0 h1:jAFec2HI1PgMTem5gR7UT8zi9u4BfG5jorCRlLH06W8=
-github.com/liamg/memoryfs v1.6.0/go.mod h1:z7mfqXFQS8eSeBBsFjYLlxYRMRyiPktytvYCYTb3BSk=
 github.com/lib/pq v0.0.0-20150723085316-0dad96c0b94f/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 
@@ -3,11 +3,10 @@ package testutil
 import (
 	"encoding/json"
 	"io/fs"
-	"path/filepath"
 	"strings"
 	"testing"
+	"testing/fstest"
 
-	"github.com/liamg/memoryfs"
 	"github.com/samber/lo"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -56,16 +55,10 @@ func ruleIDInResults(ruleID string, results scan.Results) bool {
 	return false
 }
 
-func CreateFS(t *testing.T, files map[string]string) fs.FS {
-	memfs := memoryfs.New()
-	for name, content := range files {
-		name := strings.TrimPrefix(name, "/")
-		err := memfs.MkdirAll(filepath.Dir(name), 0o700)
-		require.NoError(t, err)
-		err = memfs.WriteFile(name, []byte(content), 0o644)
-		require.NoError(t, err)
-	}
-	return memfs
+func CreateFS(files map[string]string) fs.FS {
+	return fstest.MapFS(lo.MapEntries(files, func(k, v string) (string, *fstest.MapFile) {
+		return strings.TrimPrefix(k, "/"), &fstest.MapFile{Data: []byte(v)}
+	}))
 }
 
 func AssertDefsecEqual(t *testing.T, expected, actual any) {
 
@@ -13,7 +13,7 @@ import (
 type adaptFn[T any] func(deployment azure.Deployment) T
 
 func AdaptAndCompare[T any](t *testing.T, source string, expected any, fn adaptFn[T]) {
-	fsys := testutil.CreateFS(t, map[string]string{
+	fsys := testutil.CreateFS(map[string]string{
 		"test.json": source,
 	})
 
 
@@ -12,7 +12,7 @@ import (
 type adaptFn[T any] func(fctx parser.FileContext) T
 
 func AdaptAndCompare[T any](t *testing.T, source string, expected any, fn adaptFn[T]) {
-	fsys := testutil.CreateFS(t, map[string]string{
+	fsys := testutil.CreateFS(map[string]string{
 		"main.yaml": source,
 	})
 
 
@@ -11,7 +11,7 @@ import (
 )
 
 func CreateModulesFromSource(t *testing.T, source, ext string) terraform.Modules {
-	fs := testutil.CreateFS(t, map[string]string{
+	fs := testutil.CreateFS(map[string]string{
 		"source" + ext: source,
 	})
 	p := parser.New(fs, "", parser.OptionStopOnHCLError(true))
 
@@ -3,38 +3,25 @@ package rego_test
 import (
 	"bytes"
 	"fmt"
-	"io/fs"
 	"os"
 	"path/filepath"
 	"strings"
 	"testing"
 	"testing/fstest"
 
-	"github.com/liamg/memoryfs"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
+	"github.com/aquasecurity/trivy/internal/testutil"
 	"github.com/aquasecurity/trivy/pkg/iac/rego"
 	"github.com/aquasecurity/trivy/pkg/iac/scanners/options"
 	"github.com/aquasecurity/trivy/pkg/iac/severity"
 	"github.com/aquasecurity/trivy/pkg/iac/types"
 )
 
-func CreateFS(t *testing.T, files map[string]string) fs.FS {
-	memfs := memoryfs.New()
-	for name, content := range files {
-		name := strings.TrimPrefix(name, "/")
-		err := memfs.MkdirAll(filepath.Dir(name), 0o700)
-		require.NoError(t, err)
-		err = memfs.WriteFile(name, []byte(content), 0o644)
-		require.NoError(t, err)
-	}
-	return memfs
-}
-
 func Test_RegoScanning_Deny(t *testing.T) {
 
-	srcFS := CreateFS(t, map[string]string{
+	srcFS := testutil.CreateFS(map[string]string{
 		"policies/test.rego": `
 # METADATA
 # title: Custom policy
@@ -128,7 +115,7 @@ deny {
 }
 
 func Test_RegoScanning_Allow(t *testing.T) {
-	srcFS := CreateFS(t, map[string]string{
+	srcFS := testutil.CreateFS(map[string]string{
 		"policies/test.rego": `# METADATA
 # title: Custom policy
 # description: Custom policy for testing
@@ -176,7 +163,7 @@ func Test_RegoScanning_WithRuntimeValues(t *testing.T) {
 
 	t.Setenv("DEFSEC_RUNTIME_VAL", "AOK")
 
-	srcFS := CreateFS(t, map[string]string{
+	srcFS := testutil.CreateFS(map[string]string{
 		"policies/test.rego": `# METADATA
 # title: Custom policy
 # description: Custom policy for testing
@@ -220,7 +207,7 @@ deny_evil {
 }
 
 func Test_RegoScanning_WithDenyMessage(t *testing.T) {
-	srcFS := CreateFS(t, map[string]string{
+	srcFS := testutil.CreateFS(map[string]string{
 		"policies/test.rego": `# METADATA
 # title: Custom policy
 # description: Custom policy for testing
@@ -267,7 +254,7 @@ deny[msg] {
 }
 
 func Test_RegoScanning_WithDenyMetadata_ImpliedPath(t *testing.T) {
-	srcFS := CreateFS(t, map[string]string{
+	srcFS := testutil.CreateFS(map[string]string{
 		"policies/test.rego": `
 # METADATA
 # title: Custom policy
@@ -322,7 +309,7 @@ deny[res] {
 }
 
 func Test_RegoScanning_WithDenyMetadata_PersistedPath(t *testing.T) {
-	srcFS := CreateFS(t, map[string]string{
+	srcFS := testutil.CreateFS(map[string]string{
 		"policies/test.rego": `
 # METADATA
 # title: Custom policy
@@ -378,7 +365,7 @@ deny[res] {
 }
 
 func Test_RegoScanning_WithStaticMetadata(t *testing.T) {
-	srcFS := CreateFS(t, map[string]string{
+	srcFS := testutil.CreateFS(map[string]string{
 		"policies/test.rego": `
 package defsec.test
 
@@ -439,7 +426,7 @@ deny[res] {
 }
 
 func Test_RegoScanning_WithMatchingInputSelector(t *testing.T) {
-	srcFS := CreateFS(t, map[string]string{
+	srcFS := testutil.CreateFS(map[string]string{
 		"policies/test.rego": `# METADATA
 # title: Custom policy
 # description: Custom policy for testing
@@ -487,7 +474,7 @@ deny {
 }
 
 func Test_RegoScanning_WithNonMatchingInputSelector(t *testing.T) {
-	srcFS := CreateFS(t, map[string]string{
+	srcFS := testutil.CreateFS(map[string]string{
 		"policies/test.rego": `
 package defsec.test
 
@@ -521,7 +508,7 @@ deny {
 
 func Test_RegoScanning_NoTracingByDefault(t *testing.T) {
 
-	srcFS := CreateFS(t, map[string]string{
+	srcFS := testutil.CreateFS(map[string]string{
 		"policies/test.rego": `# METADATA
 # title: Custom policy
 # description: Custom policy for testing
@@ -567,7 +554,7 @@ deny {
 
 func Test_RegoScanning_GlobalTracingEnabled(t *testing.T) {
 
-	srcFS := CreateFS(t, map[string]string{
+	srcFS := testutil.CreateFS(map[string]string{
 		"policies/test.rego": `# METADATA
 # title: Custom policy
 # description: Custom policy for testing
@@ -617,7 +604,7 @@ deny {
 
 func Test_RegoScanning_PerResultTracingEnabled(t *testing.T) {
 
-	srcFS := CreateFS(t, map[string]string{
+	srcFS := testutil.CreateFS(map[string]string{
 		"policies/test.rego": `# METADATA
 # title: Custom policy
 # description: Custom policy for testing
@@ -663,7 +650,7 @@ deny {
 
 func Test_dynamicMetadata(t *testing.T) {
 
-	srcFS := CreateFS(t, map[string]string{
+	srcFS := testutil.CreateFS(map[string]string{
 		"policies/test.rego": `
 package defsec.test
 
@@ -695,7 +682,7 @@ deny {
 
 func Test_staticMetadata(t *testing.T) {
 
-	srcFS := CreateFS(t, map[string]string{
+	srcFS := testutil.CreateFS(map[string]string{
 		"policies/test.rego": `
 package defsec.test
 
@@ -727,7 +714,7 @@ deny {
 
 func Test_annotationMetadata(t *testing.T) {
 
-	srcFS := CreateFS(t, map[string]string{
+	srcFS := testutil.CreateFS(map[string]string{
 		"policies/test.rego": `# METADATA
 # title: i am a title
 # description: i am a description
@@ -782,7 +769,7 @@ deny {
 
 func Test_RegoScanning_WithInvalidInputSchema(t *testing.T) {
 
-	srcFS := CreateFS(t, map[string]string{
+	srcFS := testutil.CreateFS(map[string]string{
 		"policies/test.rego": `# METADATA
 # schemas:
 # - input: schema["input"]
@@ -802,7 +789,7 @@ deny {
 
 func Test_RegoScanning_WithValidInputSchema(t *testing.T) {
 
-	srcFS := CreateFS(t, map[string]string{
+	srcFS := testutil.CreateFS(map[string]string{
 		"policies/test.rego": `# METADATA
 # schemas:
 # - input: schema["input"]
@@ -821,7 +808,7 @@ deny {
 }
 
 func Test_RegoScanning_WithFilepathToSchema(t *testing.T) {
-	srcFS := CreateFS(t, map[string]string{
+	srcFS := testutil.CreateFS(map[string]string{
 		"policies/test.rego": `# METADATA
 # schemas:
 # - input: schema["dockerfile"]
@@ -846,7 +833,7 @@ deny {
 }
 
 func Test_RegoScanning_CustomData(t *testing.T) {
-	srcFS := CreateFS(t, map[string]string{
+	srcFS := testutil.CreateFS(map[string]string{
 		"policies/test.rego": `# METADATA
 # title: Custom policy
 # description: Custom policy for testing
@@ -871,7 +858,7 @@ deny {
 `,
 	})
 
-	dataFS := CreateFS(t, map[string]string{
+	dataFS := testutil.CreateFS(map[string]string{
 		"data/data.json": `{
 	"settings": {
 		"DS123":{
@@ -899,7 +886,7 @@ deny {
 }
 
 func Test_RegoScanning_InvalidFS(t *testing.T) {
-	srcFS := CreateFS(t, map[string]string{
+	srcFS := testutil.CreateFS(map[string]string{
 		"policies/test.rego": `# METADATA
 # title: Custom policy
 # description: Custom policy for testing
@@ -924,7 +911,7 @@ deny {
 `,
 	})
 
-	dataFS := CreateFS(t, map[string]string{
+	dataFS := testutil.CreateFS(map[string]string{
 		"data/data.json": `{
 	"settings": {
 		"DS123":{
Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ import (`
`11`	`11`	`)`
`12`	`12`
`13`	`13`	`func CreateModulesFromSource(t *testing.T, source, ext string) terraform.Modules {`
`14`		`- fs := testutil.CreateFS(t, map[string]string{`
	`14`	`+ fs := testutil.CreateFS(map[string]string{`
`15`	`15`	`"source" + ext: source,`
`16`	`16`	`})`
`17`	`17`	`p := parser.New(fs, "", parser.OptionStopOnHCLError(true))`