gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-21 23:00:42 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix(db): check schema version for image name only (#6410)

Browse Source 
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
This commit is contained in:
DmitriyLewen
2024-04-02 17:22:43 +06:00
committed by GitHub
parent e75a90f2e5
commit 8baccd7909
8 changed files with 127 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
pkg/javadb/client.go
View File

@@ -7,10 +7,10 @@ import (
"os"
"path/filepath"
"sort"
"strings"
"sync"
"time"
"github.com/google/go-containerregistry/pkg/name"
"golang.org/x/xerrors"
"github.com/aquasecurity/trivy-java-db/pkg/db"
@@ -22,13 +22,16 @@ import (
)
const (
mediaType = "application/vnd.aquasec.trivy.javadb.layer.v1.tar+gzip"
SchemaVersion = db.SchemaVersion
mediaType = "application/vnd.aquasec.trivy.javadb.layer.v1.tar+gzip"
)
var DefaultRepository = fmt.Sprintf("%s:%d", "ghcr.io/aquasecurity/trivy-java-db", SchemaVersion)
var updater *Updater
type Updater struct {
repo string
repo name.Reference
dbDir string
skip bool
quiet bool
@@ -50,14 +53,14 @@ func (u *Updater) Update() error {
}
}
if (meta.Version != db.SchemaVersion || meta.NextUpdate.Before(time.Now().UTC())) && !u.skip {
if (meta.Version != SchemaVersion || meta.NextUpdate.Before(time.Now().UTC())) && !u.skip {
// Download DB
log.Logger.Infof("Java DB Repository: %s", u.repo)
log.Logger.Info("Downloading the Java DB...")
// TODO: support remote options
var a *oci.Artifact
if a, err = oci.NewArtifact(u.repo, u.quiet, u.registryOption); err != nil {
if a, err = oci.NewArtifact(u.repo.String(), u.quiet, u.registryOption); err != nil {
return xerrors.Errorf("oci error: %w", err)
}
if err = a.Download(context.Background(), dbDir, oci.DownloadOption{MediaType: mediaType}); err != nil {
@@ -82,12 +85,7 @@ func (u *Updater) Update() error {
return nil
}
func Init(cacheDir, javaDBRepository string, skip, quiet bool, registryOption ftypes.RegistryOptions) {
// Add the schema version as a tag if the tag doesn't exist.
// This is required for backward compatibility.
if !strings.Contains(javaDBRepository, ":") {
javaDBRepository = fmt.Sprintf("%s:%d", javaDBRepository, db.SchemaVersion)
}
func Init(cacheDir string, javaDBRepository name.Reference, skip, quiet bool, registryOption ftypes.RegistryOptions) {
updater = &Updater{
repo: javaDBRepository,
dbDir: filepath.Join(cacheDir, "java-db"),