From e1f0df74c21ca3855eec55c41c6d5c328444673d Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Wed, 22 Nov 2023 12:43:39 +0600 Subject: [PATCH 1/5] fix(jar): check if a version exists when determining gav by file name --- go.mod | 2 + go.sum | 4 +- pkg/javadb/client.go | 46 ++++++++++++++-------- pkg/javadb/client_test.go | 81 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 114 insertions(+), 19 deletions(-) create mode 100644 pkg/javadb/client_test.go diff --git a/go.mod b/go.mod index b31d0f1b5744..9402975e46cf 100644 --- a/go.mod +++ b/go.mod @@ -416,3 +416,5 @@ replace oras.land/oras-go => oras.land/oras-go v1.2.4-0.20230801060855-932dd06d3 // testcontainers-go has a bug with versions v0.25.0 and v0.26.0 // ref: https://github.com/testcontainers/testcontainers-go/issues/1782 replace github.com/testcontainers/testcontainers-go => github.com/testcontainers/testcontainers-go v0.23.0 + +replace github.com/aquasecurity/go-dep-parser => github.com/DmitriyLewen/go-dep-parser v0.0.0-20231122061023-caed3e2bfc35 diff --git a/go.sum b/go.sum index 0bd9e6aceb22..dc52bce39755 100644 --- a/go.sum +++ b/go.sum @@ -239,6 +239,8 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym github.com/CycloneDX/cyclonedx-go v0.7.2 h1:kKQ0t1dPOlugSIYVOMiMtFqeXI2wp/f5DBIdfux8gnQ= github.com/CycloneDX/cyclonedx-go v0.7.2/go.mod h1:K2bA+324+Og0X84fA8HhN2X066K7Bxz4rpMQ4ZhjtSk= github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60= +github.com/DmitriyLewen/go-dep-parser v0.0.0-20231122061023-caed3e2bfc35 h1:f71OSqVXUmCNHPa841Bc+Vsb4krcXIz0MRWaq5z6Hqg= +github.com/DmitriyLewen/go-dep-parser v0.0.0-20231122061023-caed3e2bfc35/go.mod h1:7+xrs6AWD5+onpmX8f7qIkAhUgkPP0mhUdBjxJBcfas= github.com/GoogleCloudPlatform/docker-credential-gcr v2.0.5+incompatible h1:juIaKLLVhqzP55d8x4cSVgwyQv76Z55/fRv/UBr2KkQ= github.com/GoogleCloudPlatform/docker-credential-gcr v2.0.5+incompatible/go.mod h1:BB1eHdMLYEFuFdBlRMb0N7YGVdM5s6Pt0njxgvfbGGs= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= @@ -322,8 +324,6 @@ github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8= github.com/aquasecurity/defsec v0.93.2-0.20231024055158-015ab97ce898 h1:gu7XQvv2CswgzOdOFHg/AmtR4vBonG35XvGxHHvcIr4= github.com/aquasecurity/defsec v0.93.2-0.20231024055158-015ab97ce898/go.mod h1:J30VViSgmoW2Ic/6aqVJO2qvuADsmZ3MYuNxPcU6Vt0= -github.com/aquasecurity/go-dep-parser v0.0.0-20231120074854-8322cc2242bf h1:kweQrNMfarPfjZGI1537GtuujhpzhsuT/MvmW2FwaBE= -github.com/aquasecurity/go-dep-parser v0.0.0-20231120074854-8322cc2242bf/go.mod h1:7+xrs6AWD5+onpmX8f7qIkAhUgkPP0mhUdBjxJBcfas= github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM= github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce/go.mod h1:HXgVzOPvXhVGLJs4ZKO817idqr/xhwsTcj17CLYY74s= github.com/aquasecurity/go-mock-aws v0.0.0-20230810212901-d6feebd39060 h1:V7nC90NpRDEubNpNEgRDtTfLH3RKQlZeY9/HSqxEze8= diff --git a/pkg/javadb/client.go b/pkg/javadb/client.go index e1b67b81f781..1e8d480d41c8 100644 --- a/pkg/javadb/client.go +++ b/pkg/javadb/client.go @@ -142,37 +142,49 @@ func (d *DB) SearchBySHA1(sha1 string) (jar.Properties, error) { }, nil } -func (d *DB) SearchByArtifactID(artifactID string) (string, error) { +func (d *DB) SearchByArtifactID(artifactID, version string) (string, error) { indexes, err := d.driver.SelectIndexesByArtifactIDAndFileType(artifactID, types.JarType) if err != nil { return "", xerrors.Errorf("select error: %w", err) } else if len(indexes) == 0 { return "", xerrors.Errorf("artifactID %s: %w", artifactID, jar.ArtifactNotFoundErr) } + + return foundGroupID(version, indexes), nil +} + +// foundGroupID checks all indexes and returns a group ID containing the required version and with the maximum number of indexes(versions). +func foundGroupID(version string, indexes []types.Index) string { + var groupID, maxGroupID string + var count, maxCount int + var versionFound bool + sort.Slice(indexes, func(i, j int) bool { return indexes[i].GroupID < indexes[j].GroupID }) - // Some artifacts might have the same artifactId. - // e.g. "javax.servlet:jstl" and "jstl:jstl" - groupIDs := make(map[string]int) for _, index := range indexes { - if i, ok := groupIDs[index.GroupID]; ok { - groupIDs[index.GroupID] = i + 1 - continue + if index.GroupID != groupID { + // save a new GroupID with the max number of indexes (if this GroupID contains the required version) + if count > maxCount && versionFound { + maxGroupID = groupID + maxCount = count + } + count = 0 + versionFound = false } - groupIDs[index.GroupID] = 1 - } - maxCount := 0 - var groupID string - for k, v := range groupIDs { - if v > maxCount { - maxCount = v - groupID = k + // iterate over all indexes of the current GroupID + groupID = index.GroupID + count++ + if index.Version == version { + versionFound = true } } - - return groupID, nil + // save latest groupID + if count > maxCount && versionFound { + maxGroupID = groupID + } + return maxGroupID } func (d *DB) Close() error { diff --git a/pkg/javadb/client_test.go b/pkg/javadb/client_test.go new file mode 100644 index 000000000000..d52921ba9a98 --- /dev/null +++ b/pkg/javadb/client_test.go @@ -0,0 +1,81 @@ +package javadb + +import ( + "github.com/aquasecurity/trivy-java-db/pkg/types" + "github.com/stretchr/testify/assert" + "testing" +) + +func TestFoundGroupID(t *testing.T) { + tests := []struct { + name string + indexes []types.Index + version string + wantGroupID string + }{ + { + name: "Only one groupID has required version", + indexes: []types.Index{ + { + GroupID: "com.example1", + Version: "1.0.0", + }, + { + GroupID: "com.example1", + Version: "1.0.1", + }, + { + GroupID: "com.example2", + Version: "2.0.0", + }, + }, + version: "2.0.0", + wantGroupID: "com.example2", + }, + { + name: "Two groupIDs have required version", + indexes: []types.Index{ + { + GroupID: "com.example1", + Version: "1.0.0", + }, + { + GroupID: "com.example2", + Version: "1.0.1", + }, + { + GroupID: "com.example2", + Version: "1.0.0", + }, + }, + version: "1.0.0", + wantGroupID: "com.example2", + }, + { + name: "There are no groupIDs with required version", + indexes: []types.Index{ + { + GroupID: "com.example1", + Version: "1.0.0", + }, + { + GroupID: "com.example1", + Version: "2.0.0", + }, + { + GroupID: "com.example2", + Version: "2.0.0", + }, + }, + version: "3.0.0", + wantGroupID: "", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + gotGroupID := foundGroupID(tt.version, tt.indexes) + assert.Equal(t, tt.wantGroupID, gotGroupID) + }) + } +} From 5f790bfe70fa5030e2aeec795ac513928cc2ee2b Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Tue, 28 Nov 2023 09:47:56 +0600 Subject: [PATCH 2/5] chore(deps): bump go-dep-parser --- go.mod | 4 +--- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 9402975e46cf..9c4233313cae 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/alicebob/miniredis/v2 v2.30.4 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 github.com/aquasecurity/defsec v0.93.2-0.20231024055158-015ab97ce898 - github.com/aquasecurity/go-dep-parser v0.0.0-20231120074854-8322cc2242bf + github.com/aquasecurity/go-dep-parser v0.0.0-20231128011057-a175d05161dd github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46 @@ -416,5 +416,3 @@ replace oras.land/oras-go => oras.land/oras-go v1.2.4-0.20230801060855-932dd06d3 // testcontainers-go has a bug with versions v0.25.0 and v0.26.0 // ref: https://github.com/testcontainers/testcontainers-go/issues/1782 replace github.com/testcontainers/testcontainers-go => github.com/testcontainers/testcontainers-go v0.23.0 - -replace github.com/aquasecurity/go-dep-parser => github.com/DmitriyLewen/go-dep-parser v0.0.0-20231122061023-caed3e2bfc35 diff --git a/go.sum b/go.sum index dc52bce39755..4795567214e2 100644 --- a/go.sum +++ b/go.sum @@ -239,8 +239,6 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym github.com/CycloneDX/cyclonedx-go v0.7.2 h1:kKQ0t1dPOlugSIYVOMiMtFqeXI2wp/f5DBIdfux8gnQ= github.com/CycloneDX/cyclonedx-go v0.7.2/go.mod h1:K2bA+324+Og0X84fA8HhN2X066K7Bxz4rpMQ4ZhjtSk= github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60= -github.com/DmitriyLewen/go-dep-parser v0.0.0-20231122061023-caed3e2bfc35 h1:f71OSqVXUmCNHPa841Bc+Vsb4krcXIz0MRWaq5z6Hqg= -github.com/DmitriyLewen/go-dep-parser v0.0.0-20231122061023-caed3e2bfc35/go.mod h1:7+xrs6AWD5+onpmX8f7qIkAhUgkPP0mhUdBjxJBcfas= github.com/GoogleCloudPlatform/docker-credential-gcr v2.0.5+incompatible h1:juIaKLLVhqzP55d8x4cSVgwyQv76Z55/fRv/UBr2KkQ= github.com/GoogleCloudPlatform/docker-credential-gcr v2.0.5+incompatible/go.mod h1:BB1eHdMLYEFuFdBlRMb0N7YGVdM5s6Pt0njxgvfbGGs= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= @@ -324,6 +322,8 @@ github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8= github.com/aquasecurity/defsec v0.93.2-0.20231024055158-015ab97ce898 h1:gu7XQvv2CswgzOdOFHg/AmtR4vBonG35XvGxHHvcIr4= github.com/aquasecurity/defsec v0.93.2-0.20231024055158-015ab97ce898/go.mod h1:J30VViSgmoW2Ic/6aqVJO2qvuADsmZ3MYuNxPcU6Vt0= +github.com/aquasecurity/go-dep-parser v0.0.0-20231128011057-a175d05161dd h1:bhSbfJyZg4okPlAfIQ8pKsj8BCvs9LZErdkqUcpvD04= +github.com/aquasecurity/go-dep-parser v0.0.0-20231128011057-a175d05161dd/go.mod h1:7+xrs6AWD5+onpmX8f7qIkAhUgkPP0mhUdBjxJBcfas= github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM= github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce/go.mod h1:HXgVzOPvXhVGLJs4ZKO817idqr/xhwsTcj17CLYY74s= github.com/aquasecurity/go-mock-aws v0.0.0-20230810212901-d6feebd39060 h1:V7nC90NpRDEubNpNEgRDtTfLH3RKQlZeY9/HSqxEze8= From ee0ac38fdd8695f808da17acea37f2c0708fd8d0 Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Mon, 11 Dec 2023 12:55:12 +0600 Subject: [PATCH 3/5] refactor: move logic to trivy-java-db --- go.mod | 2 + go.sum | 4 +- pkg/javadb/client.go | 41 ++------------------ pkg/javadb/client_test.go | 81 --------------------------------------- 4 files changed, 7 insertions(+), 121 deletions(-) delete mode 100644 pkg/javadb/client_test.go diff --git a/go.mod b/go.mod index 4668dac558cc..b107e650c661 100644 --- a/go.mod +++ b/go.mod @@ -416,3 +416,5 @@ replace oras.land/oras-go => oras.land/oras-go v1.2.4-0.20230801060855-932dd06d3 // testcontainers-go has a bug with versions v0.25.0 and v0.26.0 // ref: https://github.com/testcontainers/testcontainers-go/issues/1782 replace github.com/testcontainers/testcontainers-go => github.com/testcontainers/testcontainers-go v0.23.0 + +replace github.com/aquasecurity/trivy-java-db => github.com/dmitriylewen/trivy-java-db v0.0.0-20231211064214-68c706b80bab diff --git a/go.sum b/go.sum index 3e7cdd77f809..f9d52407dce7 100644 --- a/go.sum +++ b/go.sum @@ -351,8 +351,6 @@ github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d h1:fjI9mkoTU github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d/go.mod h1:cj9/QmD9N3OZnKQMp+/DvdV+ym3HyIkd4e+F0ZM3ZGs= github.com/aquasecurity/trivy-iac v0.7.0 h1:L2/mqQJD1iwY4xOr1un5Prg51epYBQgM34JVZtkp4Gg= github.com/aquasecurity/trivy-iac v0.7.0/go.mod h1:GG9Y2YylH3e16PoJ0RUZ+C0Xw93Gic/5fwdkKjKwwqU= -github.com/aquasecurity/trivy-java-db v0.0.0-20230209231723-7cddb1406728 h1:0eS+V7SXHgqoT99tV1mtMW6HL4HdoB9qGLMCb1fZp8A= -github.com/aquasecurity/trivy-java-db v0.0.0-20230209231723-7cddb1406728/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8= github.com/aquasecurity/trivy-kubernetes v0.5.9-0.20231115100645-921512b4d163 h1:6TsI0lQN7H/d3pM5vK1/taYbWMgnNYEOk+V2ydBdg0s= github.com/aquasecurity/trivy-kubernetes v0.5.9-0.20231115100645-921512b4d163/go.mod h1:u+rEg3lTLpv3EJVSC7HOhWWlUwuuxlfczMncYPMqTPI= github.com/aquasecurity/trivy-policies v0.6.1-0.20231120231532-f6f2330bf842 h1:RnxM3eTcwPlA/WBwnmaEpeEk3WOCDcnz7yTIFxVL7us= @@ -725,6 +723,8 @@ github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aB github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= github.com/dlclark/regexp2 v1.4.0 h1:F1rxgk7p4uKjwIQxBs9oAXe5CqrXlCduYEJvrF4u93E= github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= +github.com/dmitriylewen/trivy-java-db v0.0.0-20231211064214-68c706b80bab h1:gwuluWh/XYFqGJ7QVESn85gxC0OFi1RyAvMCIbKxJDw= +github.com/dmitriylewen/trivy-java-db v0.0.0-20231211064214-68c706b80bab/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8= github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= diff --git a/pkg/javadb/client.go b/pkg/javadb/client.go index 1e8d480d41c8..2f5cb9f6685c 100644 --- a/pkg/javadb/client.go +++ b/pkg/javadb/client.go @@ -6,7 +6,6 @@ import ( "fmt" "os" "path/filepath" - "sort" "sync" "time" @@ -143,48 +142,14 @@ func (d *DB) SearchBySHA1(sha1 string) (jar.Properties, error) { } func (d *DB) SearchByArtifactID(artifactID, version string) (string, error) { - indexes, err := d.driver.SelectIndexesByArtifactIDAndFileType(artifactID, types.JarType) + groupID, err := d.driver.SelectGroupIDByArtifactIDVersionAndFileType(artifactID, version, types.JarType) if err != nil { return "", xerrors.Errorf("select error: %w", err) - } else if len(indexes) == 0 { + } else if groupID == "" { return "", xerrors.Errorf("artifactID %s: %w", artifactID, jar.ArtifactNotFoundErr) } - return foundGroupID(version, indexes), nil -} - -// foundGroupID checks all indexes and returns a group ID containing the required version and with the maximum number of indexes(versions). -func foundGroupID(version string, indexes []types.Index) string { - var groupID, maxGroupID string - var count, maxCount int - var versionFound bool - - sort.Slice(indexes, func(i, j int) bool { - return indexes[i].GroupID < indexes[j].GroupID - }) - - for _, index := range indexes { - if index.GroupID != groupID { - // save a new GroupID with the max number of indexes (if this GroupID contains the required version) - if count > maxCount && versionFound { - maxGroupID = groupID - maxCount = count - } - count = 0 - versionFound = false - } - // iterate over all indexes of the current GroupID - groupID = index.GroupID - count++ - if index.Version == version { - versionFound = true - } - } - // save latest groupID - if count > maxCount && versionFound { - maxGroupID = groupID - } - return maxGroupID + return groupID, nil } func (d *DB) Close() error { diff --git a/pkg/javadb/client_test.go b/pkg/javadb/client_test.go deleted file mode 100644 index d52921ba9a98..000000000000 --- a/pkg/javadb/client_test.go +++ /dev/null @@ -1,81 +0,0 @@ -package javadb - -import ( - "github.com/aquasecurity/trivy-java-db/pkg/types" - "github.com/stretchr/testify/assert" - "testing" -) - -func TestFoundGroupID(t *testing.T) { - tests := []struct { - name string - indexes []types.Index - version string - wantGroupID string - }{ - { - name: "Only one groupID has required version", - indexes: []types.Index{ - { - GroupID: "com.example1", - Version: "1.0.0", - }, - { - GroupID: "com.example1", - Version: "1.0.1", - }, - { - GroupID: "com.example2", - Version: "2.0.0", - }, - }, - version: "2.0.0", - wantGroupID: "com.example2", - }, - { - name: "Two groupIDs have required version", - indexes: []types.Index{ - { - GroupID: "com.example1", - Version: "1.0.0", - }, - { - GroupID: "com.example2", - Version: "1.0.1", - }, - { - GroupID: "com.example2", - Version: "1.0.0", - }, - }, - version: "1.0.0", - wantGroupID: "com.example2", - }, - { - name: "There are no groupIDs with required version", - indexes: []types.Index{ - { - GroupID: "com.example1", - Version: "1.0.0", - }, - { - GroupID: "com.example1", - Version: "2.0.0", - }, - { - GroupID: "com.example2", - Version: "2.0.0", - }, - }, - version: "3.0.0", - wantGroupID: "", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - gotGroupID := foundGroupID(tt.version, tt.indexes) - assert.Equal(t, tt.wantGroupID, gotGroupID) - }) - } -} From e362ed879dafb8c0a01f522590e555b9e747b08a Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Mon, 18 Dec 2023 13:06:26 +0600 Subject: [PATCH 4/5] refactor: update trivy-java-db --- go.mod | 2 +- go.sum | 4 ++-- pkg/javadb/client.go | 27 +++++++++++++++++++++++++-- 3 files changed, 28 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index b107e650c661..24cb9f8d2ec6 100644 --- a/go.mod +++ b/go.mod @@ -417,4 +417,4 @@ replace oras.land/oras-go => oras.land/oras-go v1.2.4-0.20230801060855-932dd06d3 // ref: https://github.com/testcontainers/testcontainers-go/issues/1782 replace github.com/testcontainers/testcontainers-go => github.com/testcontainers/testcontainers-go v0.23.0 -replace github.com/aquasecurity/trivy-java-db => github.com/dmitriylewen/trivy-java-db v0.0.0-20231211064214-68c706b80bab +replace github.com/aquasecurity/trivy-java-db => github.com/dmitriylewen/trivy-java-db v0.0.0-20231218063732-5c3066767e8e diff --git a/go.sum b/go.sum index f9d52407dce7..34631f57bb94 100644 --- a/go.sum +++ b/go.sum @@ -723,8 +723,8 @@ github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aB github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= github.com/dlclark/regexp2 v1.4.0 h1:F1rxgk7p4uKjwIQxBs9oAXe5CqrXlCduYEJvrF4u93E= github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= -github.com/dmitriylewen/trivy-java-db v0.0.0-20231211064214-68c706b80bab h1:gwuluWh/XYFqGJ7QVESn85gxC0OFi1RyAvMCIbKxJDw= -github.com/dmitriylewen/trivy-java-db v0.0.0-20231211064214-68c706b80bab/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8= +github.com/dmitriylewen/trivy-java-db v0.0.0-20231218063732-5c3066767e8e h1:5lbPrbJvVbWbm65bJ7jkHIk+e3kmLqv3hVpj7272W14= +github.com/dmitriylewen/trivy-java-db v0.0.0-20231218063732-5c3066767e8e/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8= github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= diff --git a/pkg/javadb/client.go b/pkg/javadb/client.go index 2f5cb9f6685c..7b206b6fc9e9 100644 --- a/pkg/javadb/client.go +++ b/pkg/javadb/client.go @@ -6,6 +6,7 @@ import ( "fmt" "os" "path/filepath" + "sort" "sync" "time" @@ -142,12 +143,34 @@ func (d *DB) SearchBySHA1(sha1 string) (jar.Properties, error) { } func (d *DB) SearchByArtifactID(artifactID, version string) (string, error) { - groupID, err := d.driver.SelectGroupIDByArtifactIDVersionAndFileType(artifactID, version, types.JarType) + indexes, err := d.driver.SelectIndexesByArtifactIDAndFileType(artifactID, version, types.JarType) if err != nil { return "", xerrors.Errorf("select error: %w", err) - } else if groupID == "" { + } else if len(indexes) == 0 { return "", xerrors.Errorf("artifactID %s: %w", artifactID, jar.ArtifactNotFoundErr) } + sort.Slice(indexes, func(i, j int) bool { + return indexes[i].GroupID < indexes[j].GroupID + }) + + // Some artifacts might have the same artifactId. + // e.g. "javax.servlet:jstl" and "jstl:jstl" + groupIDs := make(map[string]int) + for _, index := range indexes { + if i, ok := groupIDs[index.GroupID]; ok { + groupIDs[index.GroupID] = i + 1 + continue + } + groupIDs[index.GroupID] = 1 + } + maxCount := 0 + var groupID string + for k, v := range groupIDs { + if v > maxCount { + maxCount = v + groupID = k + } + } return groupID, nil } From a762dc959b20a92084d9391a6f58d0eb217a8264 Mon Sep 17 00:00:00 2001 From: DmitriyLewen Date: Wed, 10 Jan 2024 12:48:54 +0600 Subject: [PATCH 5/5] chore(deps): bump trivy-java-db --- go.mod | 4 +--- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index c7fd2fb48262..1724650ff5ad 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/aquasecurity/trivy-aws v0.5.0 github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d github.com/aquasecurity/trivy-iac v0.7.1 - github.com/aquasecurity/trivy-java-db v0.0.0-20230209231723-7cddb1406728 + github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 github.com/aquasecurity/trivy-kubernetes v0.5.9-0.20231203080602-50a069120091 github.com/aquasecurity/trivy-policies v0.6.1-0.20231120231532-f6f2330bf842 github.com/aws/aws-sdk-go-v2 v1.23.5 @@ -420,5 +420,3 @@ replace oras.land/oras-go => oras.land/oras-go v1.2.4-0.20230801060855-932dd06d3 // testcontainers-go has a bug with versions v0.25.0 and v0.26.0 // ref: https://github.com/testcontainers/testcontainers-go/issues/1782 replace github.com/testcontainers/testcontainers-go => github.com/testcontainers/testcontainers-go v0.23.0 - -replace github.com/aquasecurity/trivy-java-db => github.com/dmitriylewen/trivy-java-db v0.0.0-20231218063732-5c3066767e8e diff --git a/go.sum b/go.sum index ee2182a0ae90..af9a34f2039f 100644 --- a/go.sum +++ b/go.sum @@ -350,6 +350,8 @@ github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d h1:fjI9mkoTU github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d/go.mod h1:cj9/QmD9N3OZnKQMp+/DvdV+ym3HyIkd4e+F0ZM3ZGs= github.com/aquasecurity/trivy-iac v0.7.1 h1:YqA0B1P/5uJy2YOrT+QtoB8Z/DCqMxApsMkvmyd5Lsg= github.com/aquasecurity/trivy-iac v0.7.1/go.mod h1:SK5XaVwGh5M17QV81139BSPXNlm3bIGp+YmAYs7slRw= +github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 h1:JVgBIuIYbwG+ekC5lUHUpGJboPYiCcxiz06RCtz8neI= +github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8= github.com/aquasecurity/trivy-kubernetes v0.5.9-0.20231203080602-50a069120091 h1:OTJMSbvKQYxbQ2NQ8Nht2NSL1bL36YfBCrlsGGxHPlI= github.com/aquasecurity/trivy-kubernetes v0.5.9-0.20231203080602-50a069120091/go.mod h1:Yh+tmpPtbqVWYONrAuapImHfD1ghZgnZHLlMBA6Ukfg= github.com/aquasecurity/trivy-policies v0.6.1-0.20231120231532-f6f2330bf842 h1:RnxM3eTcwPlA/WBwnmaEpeEk3WOCDcnz7yTIFxVL7us= @@ -731,8 +733,6 @@ github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aB github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= github.com/dlclark/regexp2 v1.4.0 h1:F1rxgk7p4uKjwIQxBs9oAXe5CqrXlCduYEJvrF4u93E= github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= -github.com/dmitriylewen/trivy-java-db v0.0.0-20231218063732-5c3066767e8e h1:5lbPrbJvVbWbm65bJ7jkHIk+e3kmLqv3hVpj7272W14= -github.com/dmitriylewen/trivy-java-db v0.0.0-20231218063732-5c3066767e8e/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8= github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=