feat(java): support jar/war/ear (#837)

* refactor(server): remove Detect endpoint * refactor(library): do not use interface * refactor: add dbtest package * test: add bolt fixtures * feat: support jar scanning * refactor: rename node to npm * refactor: fix lint issues * test(maven): remove some tests * chore(mod): update fanal * docs: update README * chore(mod): update trivy-db * fix(library/drive): add ecosystem * fix: do not display 0 vulnerabilities * refactor(table): split method * Update README.md (#838) * fix(app): increase the default value of timeout (#842) * feat(maven): use go-mvn-version * test(maven): update tests * fix(scan): skip files and dirs before vulnerability detection * fix: display log messages only once per type * docs(README): add file suffixes * chore(mod): update go-mvn-version * feat(log): set go-dep-parser logger * chore(mod): update fanal * docs: update README * docs(README): add java source * test(maven): fix invalid case
2025-12-23 07:29:00 -08:00 · 2021-02-14 18:19:42 +02:00
parent 3047c524d9
commit c9f22f4e55
43 changed files with 455 additions and 2695 deletions
--- a/pkg/detector/library/detect.go
+++ b/pkg/detector/library/detect.go
@@ -1,44 +1,15 @@
 package library

 import (
-	"path/filepath"
-	"time"
-
-	"github.com/google/wire"
 	"golang.org/x/xerrors"

 	ftypes "github.com/aquasecurity/fanal/types"
-	"github.com/aquasecurity/trivy/pkg/log"
 	"github.com/aquasecurity/trivy/pkg/types"
 )

-// SuperSet binds the dependencies for library scan
-var SuperSet = wire.NewSet(
-	wire.Struct(new(DriverFactory)),
-	wire.Bind(new(Factory), new(DriverFactory)),
-	NewDetector,
-	wire.Bind(new(Operation), new(Detector)),
-)
-
-// Operation defines library scan operations
-type Operation interface {
-	Detect(imageName string, filePath string, created time.Time, pkgs []ftypes.LibraryInfo) (vulns []types.DetectedVulnerability, err error)
-}
-
-// Detector implements driverFactory
-type Detector struct {
-	driverFactory Factory
-}
-
-// NewDetector is the factory method for detector
-func NewDetector(factory Factory) Detector {
-	return Detector{driverFactory: factory}
-}
-
 // Detect scans and returns vulnerabilities of library
-func (d Detector) Detect(_, filePath string, _ time.Time, pkgs []ftypes.LibraryInfo) ([]types.DetectedVulnerability, error) {
-	log.Logger.Debugf("Detecting library vulnerabilities, path: %s", filePath)
-	driver, err := d.driverFactory.NewDriver(filepath.Base(filePath))
+func Detect(libType string, pkgs []ftypes.LibraryInfo) ([]types.DetectedVulnerability, error) {
+	driver, err := NewDriver(libType)
 	if err != nil {
 		return nil, xerrors.Errorf("failed to new driver: %w", err)
 	}
@@ -52,7 +23,6 @@ func (d Detector) Detect(_, filePath string, _ time.Time, pkgs []ftypes.LibraryI
 }

 func detect(driver Driver, libs []ftypes.LibraryInfo) ([]types.DetectedVulnerability, error) {
-	log.Logger.Infof("Detecting %s vulnerabilities...", driver.Type())
 	var vulnerabilities []types.DetectedVulnerability
 	for _, lib := range libs {
 		vulns, err := driver.Detect(lib.Library.Name, lib.Library.Version)