mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-22 07:10:41 -08:00
fix(java): download java-db once (#5442)
This commit is contained in:
DmitriyLewen
@@ -15,7 +15,6 @@ import (
|
||||
"github.com/aquasecurity/trivy/pkg/fanal/analyzer/language"
|
||||
"github.com/aquasecurity/trivy/pkg/fanal/types"
|
||||
"github.com/aquasecurity/trivy/pkg/javadb"
|
||||
"github.com/aquasecurity/trivy/pkg/log"
|
||||
"github.com/aquasecurity/trivy/pkg/parallel"
|
||||
)
|
||||
|
||||
@@ -34,8 +33,7 @@ var requiredExtensions = []string{
|
||||
|
||||
// javaLibraryAnalyzer analyzes jar/war/ear/par files
|
||||
type javaLibraryAnalyzer struct {
|
||||
client *javadb.DB
|
||||
slow bool
|
||||
slow bool
|
||||
}
|
||||
|
||||
func newJavaLibraryAnalyzer(options analyzer.AnalyzerOptions) (analyzer.PostAnalyzer, error) {
|
||||
@@ -46,23 +44,20 @@ func newJavaLibraryAnalyzer(options analyzer.AnalyzerOptions) (analyzer.PostAnal
|
||||
|
||||
func (a *javaLibraryAnalyzer) PostAnalyze(ctx context.Context, input analyzer.PostAnalysisInput) (*analyzer.AnalysisResult, error) {
|
||||
// TODO: think about the sonatype API and "--offline"
|
||||
var err error
|
||||
log.Logger.Info("JAR files found")
|
||||
a.client, err = javadb.NewClient()
|
||||
client, err := javadb.NewClient()
|
||||
if err != nil {
|
||||
return nil, xerrors.Errorf("Unable to initialize the Java DB: %s", err)
|
||||
}
|
||||
defer func() { _ = a.client.Close() }()
|
||||
log.Logger.Info("Analyzing JAR files takes a while...")
|
||||
defer func() { _ = client.Close() }()
|
||||
|
||||
// Skip analyzing JAR files as the nil client means the Java DB was not downloaded successfully.
|
||||
if a.client == nil {
|
||||
if client == nil {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
// It will be called on each JAR file
|
||||
onFile := func(path string, info fs.FileInfo, r dio.ReadSeekerAt) (*types.Application, error) {
|
||||
p := jar.NewParser(a.client, jar.WithSize(info.Size()), jar.WithFilePath(path))
|
||||
p := jar.NewParser(client, jar.WithSize(info.Size()), jar.WithFilePath(path))
|
||||
return language.ParsePackage(types.Jar, path, r, p, input.Options.FileChecksum)
|
||||
}
|
||||
|
||||
|
||||
@@ -7,6 +7,7 @@ import (
|
||||
"os"
|
||||
"path/filepath"
|
||||
"sort"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"golang.org/x/xerrors"
|
||||
@@ -31,6 +32,7 @@ type Updater struct {
|
||||
skip bool
|
||||
quiet bool
|
||||
registryOption ftypes.RegistryOptions
|
||||
once sync.Once // we need to update java-db once per run
|
||||
}
|
||||
|
||||
func (u *Updater) Update() error {
|
||||
@@ -93,10 +95,12 @@ func Update() error {
|
||||
if updater == nil {
|
||||
return xerrors.New("Java DB client not initialized")
|
||||
}
|
||||
if err := updater.Update(); err != nil {
|
||||
return xerrors.Errorf("Java DB update error: %w", err)
|
||||
}
|
||||
return nil
|
||||
|
||||
var err error
|
||||
updater.once.Do(func() {
|
||||
err = updater.Update()
|
||||
})
|
||||
return err
|
||||
}
|
||||
|
||||
type DB struct {
|
||||
|
||||
Reference in New Issue
Block a user