Skip to content

Commit

Permalink
chore(deps): bump the aws group with 5 updates (#2043)
Browse files Browse the repository at this point in the history
Bumps the aws group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.31.0` | `1.32.1` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.27.39` | `1.27.42` |
| [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) | `1.17.37` | `1.17.40` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.63.3` | `1.65.1` |
| [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) | `1.31.3` | `1.32.1` |

Updates `github.com/aws/aws-sdk-go-v2` from 1.31.0 to 1.32.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@v1.31.0...v1.32.1)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.27.39 to 1.27.42
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@config/v1.27.39...config/v1.27.42)

Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.17.37 to 1.17.40
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@credentials/v1.17.37...credentials/v1.17.40)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.63.3 to 1.65.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.63.3...service/s3/v1.65.1)

Updates `github.com/aws/aws-sdk-go-v2/service/sts` from 1.31.3 to 1.32.1
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.31.3...v1.32.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws
- dependency-name: github.com/aws/aws-sdk-go-v2/service/sts
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Loading branch information
dependabot[bot] authored and shino committed Oct 9, 2024
1 parent 7c749ea commit 1687e72
Show file tree
Hide file tree
Showing 9 changed files with 314 additions and 477 deletions.
7 changes: 4 additions & 3 deletions config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -89,9 +89,10 @@ type ReportOpts struct {

// TrivyOpts is options for trivy DBs
type TrivyOpts struct {
TrivyCacheDBDir string `json:"trivyCacheDBDir,omitempty"`
TrivyJavaDBRepository string `json:"trivyJavaDBRepository,omitempty"`
TrivySkipJavaDBUpdate bool `json:"trivySkipJavaDBUpdate,omitempty"`
TrivyCacheDBDir string `json:"trivyCacheDBDir,omitempty"`
TrivyDBRepositories []string `json:"trivyDBRepositories,omitempty"`
TrivyJavaDBRepositories []string `json:"trivyJavaDBRepositories,omitempty"`
TrivySkipJavaDBUpdate bool `json:"trivySkipJavaDBUpdate,omitempty"`
}

// ValidateOnConfigtest validates
Expand Down
89 changes: 69 additions & 20 deletions detector/javadb/javadb.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,18 @@ package javadb
import (
"context"
"errors"
"fmt"
"os"
"path/filepath"
"strings"
"time"

"github.com/aquasecurity/trivy-java-db/pkg/db"
"github.com/aquasecurity/trivy/pkg/dependency/parser/java/jar"
"github.com/aquasecurity/trivy/pkg/fanal/types"
trivyjavadb "github.com/aquasecurity/trivy/pkg/javadb"
"github.com/aquasecurity/trivy/pkg/oci"
"github.com/google/go-containerregistry/pkg/name"
"golang.org/x/xerrors"

"github.com/future-architect/vuls/config"
Expand All @@ -37,35 +41,80 @@ func UpdateJavaDB(trivyOpts config.TrivyOpts, noProgress bool) error {
}
}

if (meta.Version != db.SchemaVersion || meta.NextUpdate.Before(time.Now().UTC())) && !trivyOpts.TrivySkipJavaDBUpdate {
// Download DB
logging.Log.Infof("Trivy Java DB Repository: %s", trivyOpts.TrivyJavaDBRepository)
logging.Log.Info("Downloading Trivy Java DB...")

var a *oci.Artifact
if a, err = oci.NewArtifact(trivyOpts.TrivyJavaDBRepository, noProgress, types.RegistryOptions{}); err != nil {
return xerrors.Errorf("Failed to new oci artifact. err: %w", err)
}
if err = a.Download(context.Background(), dbDir, oci.DownloadOption{MediaType: "application/vnd.aquasec.trivy.javadb.layer.v1.tar+gzip"}); err != nil {
return xerrors.Errorf("Failed to download Trivy Java DB. err: %w", err)
}
if trivyOpts.TrivySkipJavaDBUpdate {
return nil
}
if meta.Version == db.SchemaVersion && isNewDB(meta) {
return nil
}

// Parse the newly downloaded metadata.json
meta, err = metac.Get()
// Download DB
logging.Log.Infof("Trivy Java DB Repository: %s", strings.Join(trivyOpts.TrivyJavaDBRepositories, ", "))
logging.Log.Info("Downloading Trivy Java DB...")

refs := make([]name.Reference, 0, len(trivyOpts.TrivyJavaDBRepositories))
for _, repo := range trivyOpts.TrivyJavaDBRepositories {
ref, err := func() (name.Reference, error) {
ref, err := name.ParseReference(repo, name.WithDefaultTag(""))
if err != nil {
return nil, err
}

// Add the schema version if the tag is not specified for backward compatibility.
t, ok := ref.(name.Tag)
if !ok || t.TagStr() != "" {
return ref, nil
}

ref = t.Tag(fmt.Sprint(trivyjavadb.SchemaVersion))
logging.Log.Infof("Adding schema version to the DB repository for backward compatibility. repository: %s", ref.String())

return ref, nil
}()
if err != nil {
return xerrors.Errorf("Failed to get Trivy Java DB metadata. err: %w", err)
return xerrors.Errorf("invalid javadb repository: %w", err)
}
refs = append(refs, ref)
}

// Update DownloadedAt
meta.DownloadedAt = time.Now().UTC()
if err = metac.Update(meta); err != nil {
return xerrors.Errorf("Failed to update Trivy Java DB metadata. err: %w", err)
}
a := oci.NewArtifacts(refs, types.RegistryOptions{})

if err = a.Download(context.Background(), dbDir, oci.DownloadOption{
MediaType: "application/vnd.aquasec.trivy.javadb.layer.v1.tar+gzip",
Quiet: noProgress,
}); err != nil {
return xerrors.Errorf("Failed to download Trivy Java DB. err: %w", err)
}

// Parse the newly downloaded metadata.json
meta, err = metac.Get()
if err != nil {
return xerrors.Errorf("Failed to get Trivy Java DB metadata. err: %w", err)
}

// Update DownloadedAt
meta.DownloadedAt = time.Now().UTC()
if err = metac.Update(meta); err != nil {
return xerrors.Errorf("Failed to update Trivy Java DB metadata. err: %w", err)
}

return nil
}

func isNewDB(meta db.Metadata) bool {
now := time.Now().UTC()
if now.Before(meta.NextUpdate) {
logging.Log.Debug("Java DB update was skipped because the local Java DB is the latest")
return true
}

if now.Before(meta.DownloadedAt.Add(time.Hour * 24)) { // 1 day
logging.Log.Debug("Java DB update was skipped because the local Java DB was downloaded during the last day")
return true
}
return false
}

// DBClient is Trivy Java DB Client
type DBClient struct {
driver db.DB
Expand Down
40 changes: 33 additions & 7 deletions detector/library.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"context"
"errors"
"fmt"
"path/filepath"
"strings"
"time"

Expand All @@ -19,6 +20,7 @@ import (
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/types"
"github.com/google/go-containerregistry/pkg/name"
"github.com/samber/lo"
"golang.org/x/xerrors"

Expand Down Expand Up @@ -47,7 +49,7 @@ func DetectLibsCves(r *models.ScanResult, trivyOpts config.TrivyOpts, logOpts lo
if err := downloadDB("", trivyOpts, noProgress, false); err != nil {
return xerrors.Errorf("Failed to download trivy DB. err: %w", err)
}
if err := trivydb.Init(trivyOpts.TrivyCacheDBDir); err != nil {
if err := trivydb.Init(filepath.Join(trivyOpts.TrivyCacheDBDir, "db")); err != nil {
return xerrors.Errorf("Failed to init trivy DB. err: %w", err)
}
defer trivydb.Close()
Expand Down Expand Up @@ -94,17 +96,41 @@ func DetectLibsCves(r *models.ScanResult, trivyOpts config.TrivyOpts, logOpts lo
}

func downloadDB(appVersion string, trivyOpts config.TrivyOpts, noProgress, skipUpdate bool) error {
client := db.NewClient(trivyOpts.TrivyCacheDBDir, noProgress)
refs := make([]name.Reference, 0, len(trivyOpts.TrivyDBRepositories))
for _, repo := range trivyOpts.TrivyDBRepositories {
ref, err := func() (name.Reference, error) {
ref, err := name.ParseReference(repo, name.WithDefaultTag(""))
if err != nil {
return nil, err
}

// Add the schema version if the tag is not specified for backward compatibility.
t, ok := ref.(name.Tag)
if !ok || t.TagStr() != "" {
return ref, nil
}

ref = t.Tag(fmt.Sprint(trivydb.SchemaVersion))
logging.Log.Infof("Adding schema version to the DB repository for backward compatibility. repository: %s", ref.String())

return ref, nil
}()
if err != nil {
return xerrors.Errorf("invalid db repository: %w", err)
}
refs = append(refs, ref)
}
client := db.NewClient(filepath.Join(trivyOpts.TrivyCacheDBDir, "db"), noProgress, db.WithDBRepository(refs))
ctx := context.Background()
needsUpdate, err := client.NeedsUpdate(context.TODO(), appVersion, skipUpdate)
needsUpdate, err := client.NeedsUpdate(ctx, appVersion, skipUpdate)
if err != nil {
return xerrors.Errorf("database error: %w", err)
return xerrors.Errorf("Failed to check NeedsUpdate. err: %w", err)
}

if needsUpdate {
logging.Log.Info("Need to update DB")
logging.Log.Info("Downloading DB...")
if err := client.Download(ctx, trivyOpts.TrivyCacheDBDir, ftypes.RegistryOptions{}); err != nil {
logging.Log.Infof("Downloading DB from %s...", strings.Join(trivyOpts.TrivyDBRepositories, ", "))
if err := client.Download(ctx, filepath.Join(trivyOpts.TrivyCacheDBDir, "db"), ftypes.RegistryOptions{}); err != nil {
return xerrors.Errorf("Failed to download vulnerability DB. err: %w", err)
}
}
Expand All @@ -117,7 +143,7 @@ func downloadDB(appVersion string, trivyOpts config.TrivyOpts, noProgress, skipU
}

func showDBInfo(cacheDir string) error {
m := metadata.NewClient(cacheDir)
m := metadata.NewClient(filepath.Join(cacheDir, "db"))
meta, err := m.Get()
if err != nil {
return xerrors.Errorf("Failed to get DB metadata. err: %w", err)
Expand Down
Loading

0 comments on commit 1687e72

Please sign in to comment.