Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): bump github.com/aquasecurity/trivy from 0.55.2 to 0.56.1 #2044

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -89,9 +89,10 @@ type ReportOpts struct {

// TrivyOpts is options for trivy DBs
type TrivyOpts struct {
TrivyCacheDBDir string `json:"trivyCacheDBDir,omitempty"`
TrivyJavaDBRepository string `json:"trivyJavaDBRepository,omitempty"`
TrivySkipJavaDBUpdate bool `json:"trivySkipJavaDBUpdate,omitempty"`
TrivyCacheDBDir string `json:"trivyCacheDBDir,omitempty"`
TrivyDBRepositories []string `json:"trivyDBRepositories,omitempty"`
TrivyJavaDBRepositories []string `json:"trivyJavaDBRepositories,omitempty"`
TrivySkipJavaDBUpdate bool `json:"trivySkipJavaDBUpdate,omitempty"`
}

// ValidateOnConfigtest validates
Expand Down
89 changes: 69 additions & 20 deletions detector/javadb/javadb.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,18 @@ package javadb
import (
"context"
"errors"
"fmt"
"os"
"path/filepath"
"strings"
"time"

"github.com/aquasecurity/trivy-java-db/pkg/db"
"github.com/aquasecurity/trivy/pkg/dependency/parser/java/jar"
"github.com/aquasecurity/trivy/pkg/fanal/types"
trivyjavadb "github.com/aquasecurity/trivy/pkg/javadb"
"github.com/aquasecurity/trivy/pkg/oci"
"github.com/google/go-containerregistry/pkg/name"
"golang.org/x/xerrors"

"github.com/future-architect/vuls/config"
Expand All @@ -37,35 +41,80 @@ func UpdateJavaDB(trivyOpts config.TrivyOpts, noProgress bool) error {
}
}

if (meta.Version != db.SchemaVersion || meta.NextUpdate.Before(time.Now().UTC())) && !trivyOpts.TrivySkipJavaDBUpdate {
// Download DB
logging.Log.Infof("Trivy Java DB Repository: %s", trivyOpts.TrivyJavaDBRepository)
logging.Log.Info("Downloading Trivy Java DB...")

var a *oci.Artifact
if a, err = oci.NewArtifact(trivyOpts.TrivyJavaDBRepository, noProgress, types.RegistryOptions{}); err != nil {
return xerrors.Errorf("Failed to new oci artifact. err: %w", err)
}
if err = a.Download(context.Background(), dbDir, oci.DownloadOption{MediaType: "application/vnd.aquasec.trivy.javadb.layer.v1.tar+gzip"}); err != nil {
return xerrors.Errorf("Failed to download Trivy Java DB. err: %w", err)
}
if trivyOpts.TrivySkipJavaDBUpdate {
return nil
}
if meta.Version == db.SchemaVersion && isNewDB(meta) {
return nil
}

// Parse the newly downloaded metadata.json
meta, err = metac.Get()
// Download DB
logging.Log.Infof("Trivy Java DB Repository: %s", strings.Join(trivyOpts.TrivyJavaDBRepositories, ", "))
logging.Log.Info("Downloading Trivy Java DB...")

refs := make([]name.Reference, 0, len(trivyOpts.TrivyJavaDBRepositories))
for _, repo := range trivyOpts.TrivyJavaDBRepositories {
ref, err := func() (name.Reference, error) {
ref, err := name.ParseReference(repo, name.WithDefaultTag(""))
if err != nil {
return nil, err
}

// Add the schema version if the tag is not specified for backward compatibility.
t, ok := ref.(name.Tag)
if !ok || t.TagStr() != "" {
return ref, nil
}

ref = t.Tag(fmt.Sprint(trivyjavadb.SchemaVersion))
logging.Log.Infof("Adding schema version to the DB repository for backward compatibility. repository: %s", ref.String())

return ref, nil
}()
if err != nil {
return xerrors.Errorf("Failed to get Trivy Java DB metadata. err: %w", err)
return xerrors.Errorf("invalid javadb repository: %w", err)
}
refs = append(refs, ref)
}

// Update DownloadedAt
meta.DownloadedAt = time.Now().UTC()
if err = metac.Update(meta); err != nil {
return xerrors.Errorf("Failed to update Trivy Java DB metadata. err: %w", err)
}
a := oci.NewArtifacts(refs, types.RegistryOptions{})

if err = a.Download(context.Background(), dbDir, oci.DownloadOption{
MediaType: "application/vnd.aquasec.trivy.javadb.layer.v1.tar+gzip",
Quiet: noProgress,
}); err != nil {
return xerrors.Errorf("Failed to download Trivy Java DB. err: %w", err)
}

// Parse the newly downloaded metadata.json
meta, err = metac.Get()
if err != nil {
return xerrors.Errorf("Failed to get Trivy Java DB metadata. err: %w", err)
}

// Update DownloadedAt
meta.DownloadedAt = time.Now().UTC()
if err = metac.Update(meta); err != nil {
return xerrors.Errorf("Failed to update Trivy Java DB metadata. err: %w", err)
}

return nil
}

func isNewDB(meta db.Metadata) bool {
now := time.Now().UTC()
if now.Before(meta.NextUpdate) {
logging.Log.Debug("Java DB update was skipped because the local Java DB is the latest")
return true
}

if now.Before(meta.DownloadedAt.Add(time.Hour * 24)) { // 1 day
logging.Log.Debug("Java DB update was skipped because the local Java DB was downloaded during the last day")
return true
}
return false
}

// DBClient is Trivy Java DB Client
type DBClient struct {
driver db.DB
Expand Down
40 changes: 33 additions & 7 deletions detector/library.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"context"
"errors"
"fmt"
"path/filepath"
"strings"
"time"

Expand All @@ -19,6 +20,7 @@ import (
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/types"
"github.com/google/go-containerregistry/pkg/name"
"github.com/samber/lo"
"golang.org/x/xerrors"

Expand Down Expand Up @@ -47,7 +49,7 @@ func DetectLibsCves(r *models.ScanResult, trivyOpts config.TrivyOpts, logOpts lo
if err := downloadDB("", trivyOpts, noProgress, false); err != nil {
return xerrors.Errorf("Failed to download trivy DB. err: %w", err)
}
if err := trivydb.Init(trivyOpts.TrivyCacheDBDir); err != nil {
if err := trivydb.Init(filepath.Join(trivyOpts.TrivyCacheDBDir, "db")); err != nil {
return xerrors.Errorf("Failed to init trivy DB. err: %w", err)
}
defer trivydb.Close()
Expand Down Expand Up @@ -94,17 +96,41 @@ func DetectLibsCves(r *models.ScanResult, trivyOpts config.TrivyOpts, logOpts lo
}

func downloadDB(appVersion string, trivyOpts config.TrivyOpts, noProgress, skipUpdate bool) error {
client := db.NewClient(trivyOpts.TrivyCacheDBDir, noProgress)
refs := make([]name.Reference, 0, len(trivyOpts.TrivyDBRepositories))
for _, repo := range trivyOpts.TrivyDBRepositories {
ref, err := func() (name.Reference, error) {
ref, err := name.ParseReference(repo, name.WithDefaultTag(""))
if err != nil {
return nil, err
}

// Add the schema version if the tag is not specified for backward compatibility.
t, ok := ref.(name.Tag)
if !ok || t.TagStr() != "" {
return ref, nil
}

ref = t.Tag(fmt.Sprint(trivydb.SchemaVersion))
logging.Log.Infof("Adding schema version to the DB repository for backward compatibility. repository: %s", ref.String())

return ref, nil
}()
if err != nil {
return xerrors.Errorf("invalid db repository: %w", err)
}
refs = append(refs, ref)
}
client := db.NewClient(filepath.Join(trivyOpts.TrivyCacheDBDir, "db"), noProgress, db.WithDBRepository(refs))
ctx := context.Background()
needsUpdate, err := client.NeedsUpdate(context.TODO(), appVersion, skipUpdate)
needsUpdate, err := client.NeedsUpdate(ctx, appVersion, skipUpdate)
if err != nil {
return xerrors.Errorf("database error: %w", err)
return xerrors.Errorf("Failed to check NeedsUpdate. err: %w", err)
}

if needsUpdate {
logging.Log.Info("Need to update DB")
logging.Log.Info("Downloading DB...")
if err := client.Download(ctx, trivyOpts.TrivyCacheDBDir, ftypes.RegistryOptions{}); err != nil {
logging.Log.Infof("Downloading DB from %s...", strings.Join(trivyOpts.TrivyDBRepositories, ", "))
if err := client.Download(ctx, filepath.Join(trivyOpts.TrivyCacheDBDir, "db"), ftypes.RegistryOptions{}); err != nil {
return xerrors.Errorf("Failed to download vulnerability DB. err: %w", err)
}
}
Expand All @@ -117,7 +143,7 @@ func downloadDB(appVersion string, trivyOpts config.TrivyOpts, noProgress, skipU
}

func showDBInfo(cacheDir string) error {
m := metadata.NewClient(cacheDir)
m := metadata.NewClient(filepath.Join(cacheDir, "db"))
meta, err := m.Get()
if err != nil {
return xerrors.Errorf("Failed to get DB metadata. err: %w", err)
Expand Down
Loading
Loading