diff --git a/pkg/iac/scanners/terraform/executor/executor.go b/pkg/iac/scanners/terraform/executor/executor.go index 516c94296ee0..2714d50be6fe 100644 --- a/pkg/iac/scanners/terraform/executor/executor.go +++ b/pkg/iac/scanners/terraform/executor/executor.go @@ -1,8 +1,8 @@ package executor import ( + "context" "fmt" - "runtime" "sort" "github.com/zclconf/go-cty/cty" @@ -35,22 +35,16 @@ func New(options ...Option) *Executor { return s } -func (e *Executor) Execute(modules terraform.Modules) (scan.Results, error) { +func (e *Executor) Execute(ctx context.Context, modules terraform.Modules, basePath string) (scan.Results, error) { e.logger.Debug("Adapting modules...") infra := adapter.Adapt(modules) e.logger.Debug("Adapted module(s) into state data.", log.Int("count", len(modules))) - threads := runtime.NumCPU() - if threads > 1 { - threads-- - } - - e.logger.Debug("Using max routines", log.Int("count", threads)) - - pool := NewPool(threads, modules, infra, e.regoScanner) - - results, err := pool.Run() + results, err := e.regoScanner.ScanInput(ctx, rego.Input{ + Contents: infra.ToRego(), + Path: basePath, + }) if err != nil { return nil, err } diff --git a/pkg/iac/scanners/terraform/executor/pool.go b/pkg/iac/scanners/terraform/executor/pool.go deleted file mode 100644 index 47e32ab32a76..000000000000 --- a/pkg/iac/scanners/terraform/executor/pool.go +++ /dev/null @@ -1,124 +0,0 @@ -package executor - -import ( - "context" - "fmt" - "sync" - - "github.com/aquasecurity/trivy/pkg/iac/rego" - "github.com/aquasecurity/trivy/pkg/iac/scan" - "github.com/aquasecurity/trivy/pkg/iac/state" - "github.com/aquasecurity/trivy/pkg/iac/terraform" -) - -type Pool struct { - size int - modules terraform.Modules - state *state.State - rs *rego.Scanner -} - -func NewPool(size int, modules terraform.Modules, st *state.State, regoScanner *rego.Scanner) *Pool { - return &Pool{ - size: size, - state: st, - modules: modules, - rs: regoScanner, - } -} - -// Run runs the job in the pool - this will only return an error if a job panics -func (p *Pool) Run() (scan.Results, error) { - - outgoing := make(chan *regoJob, p.size*2) - - var workers []*Worker - for i := 0; i < p.size; i++ { - worker := NewWorker(outgoing) - go worker.Start() - workers = append(workers, worker) - } - - if p.rs != nil { - var basePath string - if len(p.modules) > 0 { - basePath = p.modules[0].RootPath() - } - outgoing <- ®oJob{ - state: p.state, - scanner: p.rs, - basePath: basePath, - } - } - - close(outgoing) - - var results scan.Results - for _, worker := range workers { - results = append(results, worker.Wait()...) - if err := worker.Error(); err != nil { - return nil, err - } - } - - return results, nil -} - -type regoJob struct { - state *state.State - scanner *rego.Scanner - basePath string -} - -func (h *regoJob) Run() (results scan.Results, err error) { - regoResults, err := h.scanner.ScanInput(context.TODO(), rego.Input{ - Contents: h.state.ToRego(), - Path: h.basePath, - }) - if err != nil { - return nil, fmt.Errorf("rego scan error: %w", err) - } - return regoResults, nil -} - -type Worker struct { - incoming <-chan *regoJob - mu sync.Mutex - results scan.Results - panic any -} - -func NewWorker(incoming <-chan *regoJob) *Worker { - w := &Worker{ - incoming: incoming, - } - w.mu.Lock() - return w -} - -func (w *Worker) Start() { - defer w.mu.Unlock() - w.results = nil - for job := range w.incoming { - func() { - results, err := job.Run() - if err != nil { - w.panic = err - } - w.results = append(w.results, results...) - }() - } -} - -func (w *Worker) Wait() scan.Results { - w.mu.Lock() - defer w.mu.Unlock() - return w.results -} - -func (w *Worker) Error() error { - if w.panic == nil { - return nil - } - return fmt.Errorf("job failed: %s", w.panic) -} diff --git a/pkg/iac/scanners/terraform/performance_test.go b/pkg/iac/scanners/terraform/performance_test.go index 9015aa25b076..7ef574e27858 100644 --- a/pkg/iac/scanners/terraform/performance_test.go +++ b/pkg/iac/scanners/terraform/performance_test.go @@ -29,7 +29,7 @@ func BenchmarkCalculate(b *testing.B) { if err != nil { b.Fatal(err) } - executor.New().Execute(modules) + executor.New().Execute(context.TODO(), modules, "project") } } diff --git a/pkg/iac/scanners/terraform/scanner.go b/pkg/iac/scanners/terraform/scanner.go index 433623a76076..f1de4f8a2318 100644 --- a/pkg/iac/scanners/terraform/scanner.go +++ b/pkg/iac/scanners/terraform/scanner.go @@ -150,7 +150,7 @@ func (s *Scanner) ScanFS(ctx context.Context, target fs.FS, dir string) (scan.Re s.execLock.RLock() e := executor.New(s.executorOpt...) s.execLock.RUnlock() - results, err := e.Execute(module.childs) + results, err := e.Execute(ctx, module.childs, module.rootPath) if err != nil { return nil, err }