Skip to content

Commit

Permalink
chore(deps): bump github.com/aquasecurity/trivy from 0.55.2 to 0.56.1
Browse files Browse the repository at this point in the history
Bumps [github.com/aquasecurity/trivy](https://github.com/aquasecurity/trivy) from 0.55.2 to 0.56.1.
- [Release notes](https://github.com/aquasecurity/trivy/releases)
- [Changelog](https://github.com/aquasecurity/trivy/blob/v0.56.1/CHANGELOG.md)
- [Commits](aquasecurity/trivy@v0.55.2...v0.56.1)

---
updated-dependencies:
- dependency-name: github.com/aquasecurity/trivy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
  • Loading branch information
2 people authored and shino committed Oct 9, 2024
1 parent 7c749ea commit bae5cc2
Show file tree
Hide file tree
Showing 9 changed files with 316 additions and 477 deletions.
7 changes: 4 additions & 3 deletions config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -89,9 +89,10 @@ type ReportOpts struct {

// TrivyOpts is options for trivy DBs
type TrivyOpts struct {
TrivyCacheDBDir string `json:"trivyCacheDBDir,omitempty"`
TrivyJavaDBRepository string `json:"trivyJavaDBRepository,omitempty"`
TrivySkipJavaDBUpdate bool `json:"trivySkipJavaDBUpdate,omitempty"`
TrivyCacheDBDir string `json:"trivyCacheDBDir,omitempty"`
TrivyDBRepositories []string `json:"trivyDBRepositories,omitempty"`
TrivyJavaDBRepositories []string `json:"trivyJavaDBRepositories,omitempty"`
TrivySkipJavaDBUpdate bool `json:"trivySkipJavaDBUpdate,omitempty"`
}

// ValidateOnConfigtest validates
Expand Down
89 changes: 69 additions & 20 deletions detector/javadb/javadb.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,18 @@ package javadb
import (
"context"
"errors"
"fmt"
"os"
"path/filepath"
"strings"
"time"

"github.com/aquasecurity/trivy-java-db/pkg/db"
"github.com/aquasecurity/trivy/pkg/dependency/parser/java/jar"
"github.com/aquasecurity/trivy/pkg/fanal/types"
trivyjavadb "github.com/aquasecurity/trivy/pkg/javadb"
"github.com/aquasecurity/trivy/pkg/oci"
"github.com/google/go-containerregistry/pkg/name"
"golang.org/x/xerrors"

"github.com/future-architect/vuls/config"
Expand All @@ -37,35 +41,80 @@ func UpdateJavaDB(trivyOpts config.TrivyOpts, noProgress bool) error {
}
}

if (meta.Version != db.SchemaVersion || meta.NextUpdate.Before(time.Now().UTC())) && !trivyOpts.TrivySkipJavaDBUpdate {
// Download DB
logging.Log.Infof("Trivy Java DB Repository: %s", trivyOpts.TrivyJavaDBRepository)
logging.Log.Info("Downloading Trivy Java DB...")

var a *oci.Artifact
if a, err = oci.NewArtifact(trivyOpts.TrivyJavaDBRepository, noProgress, types.RegistryOptions{}); err != nil {
return xerrors.Errorf("Failed to new oci artifact. err: %w", err)
}
if err = a.Download(context.Background(), dbDir, oci.DownloadOption{MediaType: "application/vnd.aquasec.trivy.javadb.layer.v1.tar+gzip"}); err != nil {
return xerrors.Errorf("Failed to download Trivy Java DB. err: %w", err)
}
if trivyOpts.TrivySkipJavaDBUpdate {
return nil
}
if meta.Version == db.SchemaVersion && isNewDB(meta) {
return nil
}

// Parse the newly downloaded metadata.json
meta, err = metac.Get()
// Download DB
logging.Log.Infof("Trivy Java DB Repository: %s", strings.Join(trivyOpts.TrivyJavaDBRepositories, ", "))
logging.Log.Info("Downloading Trivy Java DB...")

refs := make([]name.Reference, 0, len(trivyOpts.TrivyJavaDBRepositories))
for _, repo := range trivyOpts.TrivyJavaDBRepositories {
ref, err := func() (name.Reference, error) {
ref, err := name.ParseReference(repo, name.WithDefaultTag(""))
if err != nil {
return nil, err
}

// Add the schema version if the tag is not specified for backward compatibility.
t, ok := ref.(name.Tag)
if !ok || t.TagStr() != "" {
return ref, nil
}

ref = t.Tag(fmt.Sprint(trivyjavadb.SchemaVersion))
logging.Log.Infof("Adding schema version to the DB repository for backward compatibility. repository: %s", ref.String())

return ref, nil
}()
if err != nil {
return xerrors.Errorf("Failed to get Trivy Java DB metadata. err: %w", err)
return xerrors.Errorf("invalid javadb repository: %w", err)
}
refs = append(refs, ref)
}

// Update DownloadedAt
meta.DownloadedAt = time.Now().UTC()
if err = metac.Update(meta); err != nil {
return xerrors.Errorf("Failed to update Trivy Java DB metadata. err: %w", err)
}
a := oci.NewArtifacts(refs, types.RegistryOptions{})

if err = a.Download(context.Background(), dbDir, oci.DownloadOption{
MediaType: "application/vnd.aquasec.trivy.javadb.layer.v1.tar+gzip",
Quiet: noProgress,
}); err != nil {
return xerrors.Errorf("Failed to download Trivy Java DB. err: %w", err)
}

// Parse the newly downloaded metadata.json
meta, err = metac.Get()
if err != nil {
return xerrors.Errorf("Failed to get Trivy Java DB metadata. err: %w", err)
}

// Update DownloadedAt
meta.DownloadedAt = time.Now().UTC()
if err = metac.Update(meta); err != nil {
return xerrors.Errorf("Failed to update Trivy Java DB metadata. err: %w", err)
}

return nil
}

func isNewDB(meta db.Metadata) bool {
now := time.Now().UTC()
if now.Before(meta.NextUpdate) {
logging.Log.Debug("Java DB update was skipped because the local Java DB is the latest")
return true
}

if now.Before(meta.DownloadedAt.Add(time.Hour * 24)) { // 1 day
logging.Log.Debug("Java DB update was skipped because the local Java DB was downloaded during the last day")
return true
}
return false
}

// DBClient is Trivy Java DB Client
type DBClient struct {
driver db.DB
Expand Down
40 changes: 33 additions & 7 deletions detector/library.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"context"
"errors"
"fmt"
"path/filepath"
"strings"
"time"

Expand All @@ -19,6 +20,7 @@ import (
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
"github.com/aquasecurity/trivy/pkg/log"
"github.com/aquasecurity/trivy/pkg/types"
"github.com/google/go-containerregistry/pkg/name"
"github.com/samber/lo"
"golang.org/x/xerrors"

Expand Down Expand Up @@ -47,7 +49,7 @@ func DetectLibsCves(r *models.ScanResult, trivyOpts config.TrivyOpts, logOpts lo
if err := downloadDB("", trivyOpts, noProgress, false); err != nil {
return xerrors.Errorf("Failed to download trivy DB. err: %w", err)
}
if err := trivydb.Init(trivyOpts.TrivyCacheDBDir); err != nil {
if err := trivydb.Init(filepath.Join(trivyOpts.TrivyCacheDBDir, "db")); err != nil {
return xerrors.Errorf("Failed to init trivy DB. err: %w", err)
}
defer trivydb.Close()
Expand Down Expand Up @@ -94,17 +96,41 @@ func DetectLibsCves(r *models.ScanResult, trivyOpts config.TrivyOpts, logOpts lo
}

func downloadDB(appVersion string, trivyOpts config.TrivyOpts, noProgress, skipUpdate bool) error {
client := db.NewClient(trivyOpts.TrivyCacheDBDir, noProgress)
refs := make([]name.Reference, 0, len(trivyOpts.TrivyDBRepositories))
for _, repo := range trivyOpts.TrivyDBRepositories {
ref, err := func() (name.Reference, error) {
ref, err := name.ParseReference(repo, name.WithDefaultTag(""))
if err != nil {
return nil, err
}

// Add the schema version if the tag is not specified for backward compatibility.
t, ok := ref.(name.Tag)
if !ok || t.TagStr() != "" {
return ref, nil
}

ref = t.Tag(fmt.Sprint(trivydb.SchemaVersion))
logging.Log.Infof("Adding schema version to the DB repository for backward compatibility. repository: %s", ref.String())

return ref, nil
}()
if err != nil {
return xerrors.Errorf("invalid db repository: %w", err)
}
refs = append(refs, ref)
}
client := db.NewClient(filepath.Join(trivyOpts.TrivyCacheDBDir, "db"), noProgress, db.WithDBRepository(refs))
ctx := context.Background()
needsUpdate, err := client.NeedsUpdate(context.TODO(), appVersion, skipUpdate)
needsUpdate, err := client.NeedsUpdate(ctx, appVersion, skipUpdate)
if err != nil {
return xerrors.Errorf("database error: %w", err)
return xerrors.Errorf("Failed to check NeedsUpdate. err: %w", err)
}

if needsUpdate {
logging.Log.Info("Need to update DB")
logging.Log.Info("Downloading DB...")
if err := client.Download(ctx, trivyOpts.TrivyCacheDBDir, ftypes.RegistryOptions{}); err != nil {
logging.Log.Infof("Downloading DB from %s...", strings.Join(trivyOpts.TrivyDBRepositories, ", "))
if err := client.Download(ctx, filepath.Join(trivyOpts.TrivyCacheDBDir, "db"), ftypes.RegistryOptions{}); err != nil {
return xerrors.Errorf("Failed to download vulnerability DB. err: %w", err)
}
}
Expand All @@ -117,7 +143,7 @@ func downloadDB(appVersion string, trivyOpts config.TrivyOpts, noProgress, skipU
}

func showDBInfo(cacheDir string) error {
m := metadata.NewClient(cacheDir)
m := metadata.NewClient(filepath.Join(cacheDir, "db"))
meta, err := m.Get()
if err != nil {
return xerrors.Errorf("Failed to get DB metadata. err: %w", err)
Expand Down
Loading

0 comments on commit bae5cc2

Please sign in to comment.