mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-12 07:40:48 -08:00
refactor: pass DB dir to trivy-db (#7057)
Signed-off-by: knqyf263 <knqyf263@gmail.com>
This commit is contained in:
Teppei Fukuda
4
go.mod
4
go.mod
@@ -26,7 +26,7 @@ require (
|
||||
github.com/aquasecurity/testdocker v0.0.0-20240613070307-2c3868d658ac
|
||||
github.com/aquasecurity/tml v0.6.1
|
||||
github.com/aquasecurity/trivy-checks v0.13.0
|
||||
github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d
|
||||
github.com/aquasecurity/trivy-db v0.0.0-20240701103400-8e907467e9ab
|
||||
github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48
|
||||
github.com/aquasecurity/trivy-kubernetes v0.6.7-0.20240627095026-cf9d48837f6d
|
||||
github.com/aws/aws-sdk-go-v2 v1.27.2
|
||||
@@ -192,7 +192,7 @@ require (
|
||||
github.com/containerd/ttrpc v1.2.4 // indirect
|
||||
github.com/containerd/typeurl/v2 v2.1.1 // indirect
|
||||
github.com/cpuguy83/dockercfg v0.3.1 // indirect
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
|
||||
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
|
||||
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
|
||||
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
|
||||
|
||||
7
go.sum
7
go.sum
@@ -771,8 +771,8 @@ github.com/aquasecurity/tml v0.6.1 h1:y2ZlGSfrhnn7t4ZJ/0rotuH+v5Jgv6BDDO5jB6A9gw
|
||||
github.com/aquasecurity/tml v0.6.1/go.mod h1:OnYMWY5lvI9ejU7yH9LCberWaaTBW7hBFsITiIMY2yY=
|
||||
github.com/aquasecurity/trivy-checks v0.13.0 h1:na6PTdY4U0uK/fjz3HNRYBxvYSJ8vgTb57a5T8Y5t9w=
|
||||
github.com/aquasecurity/trivy-checks v0.13.0/go.mod h1:Xec/SMVGV66I7RgUqOX9MEr+YxBqHXDVLTYmpspPi3E=
|
||||
github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d h1:fjI9mkoTUAkbGqpzt9nJsO24RAdfG+ZSiLFj0G2jO8c=
|
||||
github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d/go.mod h1:cj9/QmD9N3OZnKQMp+/DvdV+ym3HyIkd4e+F0ZM3ZGs=
|
||||
github.com/aquasecurity/trivy-db v0.0.0-20240701103400-8e907467e9ab h1:EmpLGFgRJOstPWDpL4KW+Xap4zRYxyctXDTj5luMQdE=
|
||||
github.com/aquasecurity/trivy-db v0.0.0-20240701103400-8e907467e9ab/go.mod h1:f+wSW9D5txv8S+tw4D4WNOibaUJYwvNnQuQlGQ8gO6c=
|
||||
github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 h1:JVgBIuIYbwG+ekC5lUHUpGJboPYiCcxiz06RCtz8neI=
|
||||
github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8=
|
||||
github.com/aquasecurity/trivy-kubernetes v0.6.7-0.20240627095026-cf9d48837f6d h1:z5Ug+gqNjgHzCo7rmv6wKTmyJ8E3bAVEU2AASo3740s=
|
||||
@@ -1019,8 +1019,9 @@ github.com/cpuguy83/dockercfg v0.3.1/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHf
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
|
||||
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
|
||||
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
|
||||
github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
|
||||
|
||||
@@ -26,12 +26,11 @@ import (
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/xeipuuv/gojsonschema"
|
||||
|
||||
"github.com/aquasecurity/trivy-db/pkg/db"
|
||||
"github.com/aquasecurity/trivy-db/pkg/metadata"
|
||||
|
||||
"github.com/aquasecurity/trivy/internal/dbtest"
|
||||
"github.com/aquasecurity/trivy/pkg/clock"
|
||||
"github.com/aquasecurity/trivy/pkg/commands"
|
||||
"github.com/aquasecurity/trivy/pkg/db"
|
||||
"github.com/aquasecurity/trivy/pkg/types"
|
||||
"github.com/aquasecurity/trivy/pkg/uuid"
|
||||
|
||||
@@ -56,15 +55,9 @@ func initDB(t *testing.T) string {
|
||||
}
|
||||
|
||||
cacheDir := dbtest.InitDB(t, fixtures)
|
||||
defer db.Close()
|
||||
defer dbtest.Close()
|
||||
|
||||
dbDir := filepath.Dir(db.Path(cacheDir))
|
||||
|
||||
metadataFile := filepath.Join(dbDir, "metadata.json")
|
||||
f, err := os.Create(metadataFile)
|
||||
require.NoError(t, err)
|
||||
|
||||
err = json.NewEncoder(f).Encode(metadata.Metadata{
|
||||
err = metadata.NewClient(db.Dir(cacheDir)).Update(metadata.Metadata{
|
||||
Version: db.SchemaVersion,
|
||||
NextUpdate: time.Now().Add(24 * time.Hour),
|
||||
UpdatedAt: time.Now(),
|
||||
|
||||
@@ -9,17 +9,18 @@ import (
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
fixtures "github.com/aquasecurity/bolt-fixtures"
|
||||
"github.com/aquasecurity/trivy-db/pkg/db"
|
||||
trivydb "github.com/aquasecurity/trivy-db/pkg/db"
|
||||
jdb "github.com/aquasecurity/trivy-java-db/pkg/db"
|
||||
"github.com/aquasecurity/trivy/pkg/db"
|
||||
)
|
||||
|
||||
// InitDB initializes testing database.
|
||||
func InitDB(t *testing.T, fixtureFiles []string) string {
|
||||
// Create a temp dir
|
||||
dir := t.TempDir()
|
||||
cacheDir := t.TempDir()
|
||||
|
||||
dbPath := db.Path(dir)
|
||||
dbDir := filepath.Dir(dbPath)
|
||||
dbDir := db.Dir(cacheDir)
|
||||
dbPath := trivydb.Path(dbDir)
|
||||
err := os.MkdirAll(dbDir, 0700)
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -30,9 +31,9 @@ func InitDB(t *testing.T, fixtureFiles []string) string {
|
||||
require.NoError(t, loader.Close())
|
||||
|
||||
// Initialize DB
|
||||
require.NoError(t, db.Init(dir))
|
||||
require.NoError(t, db.Init(dbDir))
|
||||
|
||||
return dir
|
||||
return cacheDir
|
||||
}
|
||||
|
||||
func Close() error {
|
||||
|
||||
@@ -11,9 +11,9 @@ import (
|
||||
"github.com/spf13/viper"
|
||||
"golang.org/x/xerrors"
|
||||
|
||||
"github.com/aquasecurity/trivy-db/pkg/db"
|
||||
"github.com/aquasecurity/trivy/pkg/cache"
|
||||
"github.com/aquasecurity/trivy/pkg/commands/operation"
|
||||
"github.com/aquasecurity/trivy/pkg/db"
|
||||
"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
|
||||
"github.com/aquasecurity/trivy/pkg/fanal/artifact"
|
||||
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
|
||||
@@ -295,7 +295,7 @@ func (r *runner) initDB(ctx context.Context, opts flag.Options) error {
|
||||
return SkipScan
|
||||
}
|
||||
|
||||
if err := db.Init(opts.CacheDir); err != nil {
|
||||
if err := db.Init(db.Dir(opts.CacheDir)); err != nil {
|
||||
return xerrors.Errorf("error in vulnerability DB initialize: %w", err)
|
||||
}
|
||||
r.dbOpen = true
|
||||
|
||||
@@ -76,7 +76,7 @@ func cleanScanCache(ctx context.Context, opts flag.Options) error {
|
||||
|
||||
func cleanVulnerabilityDB(ctx context.Context, opts flag.Options) error {
|
||||
log.InfoContext(ctx, "Removing vulnerability database...")
|
||||
if err := db.NewClient(opts.CacheDir, true).Clear(ctx); err != nil {
|
||||
if err := db.NewClient(db.Dir(opts.CacheDir), true).Clear(ctx); err != nil {
|
||||
return xerrors.Errorf("clear vulnerability database: %w", err)
|
||||
|
||||
}
|
||||
|
||||
@@ -7,7 +7,6 @@ import (
|
||||
"github.com/google/go-containerregistry/pkg/name"
|
||||
"golang.org/x/xerrors"
|
||||
|
||||
"github.com/aquasecurity/trivy-db/pkg/metadata"
|
||||
"github.com/aquasecurity/trivy/pkg/db"
|
||||
ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
|
||||
"github.com/aquasecurity/trivy/pkg/flag"
|
||||
@@ -24,7 +23,8 @@ func DownloadDB(ctx context.Context, appVersion, cacheDir string, dbRepository n
|
||||
mu.Lock()
|
||||
defer mu.Unlock()
|
||||
|
||||
client := db.NewClient(cacheDir, quiet, db.WithDBRepository(dbRepository))
|
||||
dbDir := db.Dir(cacheDir)
|
||||
client := db.NewClient(dbDir, quiet, db.WithDBRepository(dbRepository))
|
||||
needsUpdate, err := client.NeedsUpdate(ctx, appVersion, skipUpdate)
|
||||
if err != nil {
|
||||
return xerrors.Errorf("database error: %w", err)
|
||||
@@ -33,29 +33,18 @@ func DownloadDB(ctx context.Context, appVersion, cacheDir string, dbRepository n
|
||||
if needsUpdate {
|
||||
log.Info("Need to update DB")
|
||||
log.Info("Downloading DB...", log.String("repository", dbRepository.String()))
|
||||
if err = client.Download(ctx, cacheDir, opt); err != nil {
|
||||
if err = client.Download(ctx, dbDir, opt); err != nil {
|
||||
return xerrors.Errorf("failed to download vulnerability DB: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
// for debug
|
||||
if err = showDBInfo(cacheDir); err != nil {
|
||||
if err = client.ShowInfo(); err != nil {
|
||||
return xerrors.Errorf("failed to show database info: %w", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func showDBInfo(cacheDir string) error {
|
||||
m := metadata.NewClient(cacheDir)
|
||||
meta, err := m.Get()
|
||||
if err != nil {
|
||||
return xerrors.Errorf("something wrong with DB: %w", err)
|
||||
}
|
||||
log.Debug("DB info", log.Int("schema", meta.Version), log.Time("updated_at", meta.UpdatedAt),
|
||||
log.Time("next_update", meta.NextUpdate), log.Time("downloaded_at", meta.DownloadedAt))
|
||||
return nil
|
||||
}
|
||||
|
||||
// InitBuiltinPolicies downloads the built-in policies and loads them
|
||||
func InitBuiltinPolicies(ctx context.Context, cacheDir string, quiet, skipUpdate bool, checkBundleRepository string, registryOpts ftypes.RegistryOptions) ([]string, error) {
|
||||
mu.Lock()
|
||||
|
||||
@@ -5,9 +5,9 @@ import (
|
||||
|
||||
"golang.org/x/xerrors"
|
||||
|
||||
"github.com/aquasecurity/trivy-db/pkg/db"
|
||||
"github.com/aquasecurity/trivy/pkg/cache"
|
||||
"github.com/aquasecurity/trivy/pkg/commands/operation"
|
||||
"github.com/aquasecurity/trivy/pkg/db"
|
||||
"github.com/aquasecurity/trivy/pkg/flag"
|
||||
"github.com/aquasecurity/trivy/pkg/log"
|
||||
"github.com/aquasecurity/trivy/pkg/module"
|
||||
@@ -35,7 +35,7 @@ func Run(ctx context.Context, opts flag.Options) (err error) {
|
||||
return nil
|
||||
}
|
||||
|
||||
if err = db.Init(opts.CacheDir); err != nil {
|
||||
if err = db.Init(db.Dir(opts.CacheDir)); err != nil {
|
||||
return xerrors.Errorf("error in vulnerability DB initialize: %w", err)
|
||||
}
|
||||
|
||||
|
||||
37
pkg/db/db.go
37
pkg/db/db.go
@@ -5,6 +5,7 @@ import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"time"
|
||||
|
||||
"github.com/google/go-containerregistry/pkg/name"
|
||||
@@ -28,6 +29,10 @@ const (
|
||||
var (
|
||||
DefaultRepository = fmt.Sprintf("%s:%d", "ghcr.io/aquasecurity/trivy-db", db.SchemaVersion)
|
||||
defaultRepository, _ = name.NewTag(DefaultRepository)
|
||||
|
||||
Init = db.Init
|
||||
Close = db.Close
|
||||
Path = db.Path
|
||||
)
|
||||
|
||||
type options struct {
|
||||
@@ -56,13 +61,17 @@ func WithDBRepository(dbRepository name.Reference) Option {
|
||||
type Client struct {
|
||||
*options
|
||||
|
||||
cacheDir string
|
||||
dbDir string
|
||||
metadata metadata.Client
|
||||
quiet bool
|
||||
}
|
||||
|
||||
func Dir(cacheDir string) string {
|
||||
return filepath.Join(cacheDir, "db")
|
||||
}
|
||||
|
||||
// NewClient is the factory method for DB client
|
||||
func NewClient(cacheDir string, quiet bool, opts ...Option) *Client {
|
||||
func NewClient(dbDir string, quiet bool, opts ...Option) *Client {
|
||||
o := &options{
|
||||
dbRepository: defaultRepository,
|
||||
}
|
||||
@@ -73,8 +82,8 @@ func NewClient(cacheDir string, quiet bool, opts ...Option) *Client {
|
||||
|
||||
return &Client{
|
||||
options: o,
|
||||
cacheDir: cacheDir,
|
||||
metadata: metadata.NewClient(cacheDir),
|
||||
dbDir: dbDir,
|
||||
metadata: metadata.NewClient(dbDir),
|
||||
quiet: quiet,
|
||||
}
|
||||
}
|
||||
@@ -149,7 +158,7 @@ func (c *Client) Download(ctx context.Context, dst string, opt types.RegistryOpt
|
||||
return xerrors.Errorf("OCI artifact error: %w", err)
|
||||
}
|
||||
|
||||
if err = art.Download(ctx, db.Dir(dst), oci.DownloadOption{MediaType: dbMediaType}); err != nil {
|
||||
if err = art.Download(ctx, dst, oci.DownloadOption{MediaType: dbMediaType}); err != nil {
|
||||
return xerrors.Errorf("database download error: %w", err)
|
||||
}
|
||||
|
||||
@@ -159,19 +168,19 @@ func (c *Client) Download(ctx context.Context, dst string, opt types.RegistryOpt
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c *Client) Clear(ctx context.Context) error {
|
||||
if err := os.RemoveAll(db.Dir(c.cacheDir)); err != nil {
|
||||
func (c *Client) Clear(_ context.Context) error {
|
||||
if err := os.RemoveAll(c.dbDir); err != nil {
|
||||
return xerrors.Errorf("failed to remove vulnerability database: %w", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c *Client) updateDownloadedAt(ctx context.Context, dst string) error {
|
||||
func (c *Client) updateDownloadedAt(ctx context.Context, dbDir string) error {
|
||||
log.Debug("Updating database metadata...")
|
||||
|
||||
// We have to initialize a metadata client here
|
||||
// since the destination may be different from the cache directory.
|
||||
client := metadata.NewClient(dst)
|
||||
client := metadata.NewClient(dbDir)
|
||||
meta, err := client.Get()
|
||||
if err != nil {
|
||||
return xerrors.Errorf("unable to get metadata: %w", err)
|
||||
@@ -207,3 +216,13 @@ func (c *Client) initOCIArtifact(opt types.RegistryOptions) (*oci.Artifact, erro
|
||||
}
|
||||
return art, nil
|
||||
}
|
||||
|
||||
func (c *Client) ShowInfo() error {
|
||||
meta, err := c.metadata.Get()
|
||||
if err != nil {
|
||||
return xerrors.Errorf("something wrong with DB: %w", err)
|
||||
}
|
||||
log.Debug("DB info", log.Int("schema", meta.Version), log.Time("updated_at", meta.UpdatedAt),
|
||||
log.Time("next_update", meta.NextUpdate), log.Time("downloaded_at", meta.DownloadedAt))
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -9,7 +9,6 @@ import (
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
tdb "github.com/aquasecurity/trivy-db/pkg/db"
|
||||
"github.com/aquasecurity/trivy-db/pkg/metadata"
|
||||
"github.com/aquasecurity/trivy/internal/dbtest"
|
||||
"github.com/aquasecurity/trivy/pkg/clock"
|
||||
@@ -31,7 +30,7 @@ func TestClient_NeedsUpdate(t *testing.T) {
|
||||
{
|
||||
name: "happy path",
|
||||
metadata: metadata.Metadata{
|
||||
Version: tdb.SchemaVersion,
|
||||
Version: db.SchemaVersion,
|
||||
NextUpdate: timeNextUpdateDay1,
|
||||
},
|
||||
want: true,
|
||||
@@ -52,7 +51,7 @@ func TestClient_NeedsUpdate(t *testing.T) {
|
||||
{
|
||||
name: "happy path with --skip-update",
|
||||
metadata: metadata.Metadata{
|
||||
Version: tdb.SchemaVersion,
|
||||
Version: db.SchemaVersion,
|
||||
NextUpdate: timeNextUpdateDay1,
|
||||
},
|
||||
skip: true,
|
||||
@@ -61,7 +60,7 @@ func TestClient_NeedsUpdate(t *testing.T) {
|
||||
{
|
||||
name: "skip downloading DB",
|
||||
metadata: metadata.Metadata{
|
||||
Version: tdb.SchemaVersion,
|
||||
Version: db.SchemaVersion,
|
||||
NextUpdate: timeNextUpdateDay2,
|
||||
},
|
||||
want: false,
|
||||
@@ -69,11 +68,11 @@ func TestClient_NeedsUpdate(t *testing.T) {
|
||||
{
|
||||
name: "newer schema version",
|
||||
metadata: metadata.Metadata{
|
||||
Version: tdb.SchemaVersion + 1,
|
||||
Version: db.SchemaVersion + 1,
|
||||
NextUpdate: timeNextUpdateDay2,
|
||||
},
|
||||
wantErr: fmt.Sprintf("the version of DB schema doesn't match. Local DB: %d, Expected: %d",
|
||||
tdb.SchemaVersion+1, tdb.SchemaVersion),
|
||||
db.SchemaVersion+1, db.SchemaVersion),
|
||||
},
|
||||
{
|
||||
name: "--skip-update on the first run",
|
||||
@@ -89,12 +88,12 @@ func TestClient_NeedsUpdate(t *testing.T) {
|
||||
},
|
||||
skip: true,
|
||||
wantErr: fmt.Sprintf("--skip-update cannot be specified with the old DB schema. Local DB: %d, Expected: %d",
|
||||
0, tdb.SchemaVersion),
|
||||
0, db.SchemaVersion),
|
||||
},
|
||||
{
|
||||
name: "happy with old DownloadedAt",
|
||||
metadata: metadata.Metadata{
|
||||
Version: tdb.SchemaVersion,
|
||||
Version: db.SchemaVersion,
|
||||
NextUpdate: timeNextUpdateDay1,
|
||||
DownloadedAt: time.Date(2019, 9, 30, 22, 30, 0, 0, time.UTC),
|
||||
},
|
||||
@@ -103,7 +102,7 @@ func TestClient_NeedsUpdate(t *testing.T) {
|
||||
{
|
||||
name: "skip downloading DB with recent DownloadedAt",
|
||||
metadata: metadata.Metadata{
|
||||
Version: tdb.SchemaVersion,
|
||||
Version: db.SchemaVersion,
|
||||
NextUpdate: timeNextUpdateDay1,
|
||||
DownloadedAt: time.Date(2019, 9, 30, 23, 30, 0, 0, time.UTC),
|
||||
},
|
||||
@@ -113,9 +112,9 @@ func TestClient_NeedsUpdate(t *testing.T) {
|
||||
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
cacheDir := t.TempDir()
|
||||
dbDir := db.Dir(t.TempDir())
|
||||
if tt.metadata != (metadata.Metadata{}) {
|
||||
meta := metadata.NewClient(cacheDir)
|
||||
meta := metadata.NewClient(dbDir)
|
||||
err := meta.Update(tt.metadata)
|
||||
require.NoError(t, err)
|
||||
}
|
||||
@@ -123,7 +122,7 @@ func TestClient_NeedsUpdate(t *testing.T) {
|
||||
// Set a fake time
|
||||
ctx := clock.With(context.Background(), time.Date(2019, 10, 1, 0, 0, 0, 0, time.UTC))
|
||||
|
||||
client := db.NewClient(cacheDir, true)
|
||||
client := db.NewClient(dbDir, true)
|
||||
needsUpdate, err := client.NeedsUpdate(ctx, "test", tt.skip)
|
||||
|
||||
switch {
|
||||
@@ -172,9 +171,9 @@ func TestClient_Download(t *testing.T) {
|
||||
// Fake DB
|
||||
art := dbtest.NewFakeDB(t, tt.input, dbtest.FakeDBOptions{})
|
||||
|
||||
cacheDir := t.TempDir()
|
||||
client := db.NewClient(cacheDir, true, db.WithOCIArtifact(art))
|
||||
err := client.Download(ctx, cacheDir, ftypes.RegistryOptions{})
|
||||
dbDir := db.Dir(t.TempDir())
|
||||
client := db.NewClient(dbDir, true, db.WithOCIArtifact(art))
|
||||
err := client.Download(ctx, dbDir, ftypes.RegistryOptions{})
|
||||
if tt.wantErr != "" {
|
||||
require.Error(t, err)
|
||||
assert.ErrorContains(t, err, tt.wantErr)
|
||||
@@ -182,7 +181,7 @@ func TestClient_Download(t *testing.T) {
|
||||
}
|
||||
require.NoError(t, err)
|
||||
|
||||
meta := metadata.NewClient(cacheDir)
|
||||
meta := metadata.NewClient(dbDir)
|
||||
got, err := meta.Get()
|
||||
require.NoError(t, err)
|
||||
|
||||
|
||||
@@ -13,10 +13,9 @@ import (
|
||||
"github.com/twitchtv/twirp"
|
||||
"golang.org/x/xerrors"
|
||||
|
||||
"github.com/aquasecurity/trivy-db/pkg/db"
|
||||
"github.com/aquasecurity/trivy-db/pkg/metadata"
|
||||
"github.com/aquasecurity/trivy/pkg/cache"
|
||||
dbc "github.com/aquasecurity/trivy/pkg/db"
|
||||
"github.com/aquasecurity/trivy/pkg/db"
|
||||
"github.com/aquasecurity/trivy/pkg/fanal/types"
|
||||
"github.com/aquasecurity/trivy/pkg/log"
|
||||
"github.com/aquasecurity/trivy/pkg/utils/fsutils"
|
||||
@@ -31,7 +30,7 @@ const updateInterval = 1 * time.Hour
|
||||
type Server struct {
|
||||
appVersion string
|
||||
addr string
|
||||
cacheDir string
|
||||
dbDir string
|
||||
token string
|
||||
tokenHeader string
|
||||
dbRepository name.Reference
|
||||
@@ -45,7 +44,7 @@ func NewServer(appVersion, addr, cacheDir, token, tokenHeader string, dbReposito
|
||||
return Server{
|
||||
appVersion: appVersion,
|
||||
addr: addr,
|
||||
cacheDir: cacheDir,
|
||||
dbDir: db.Dir(cacheDir),
|
||||
token: token,
|
||||
tokenHeader: tokenHeader,
|
||||
dbRepository: dbRepository,
|
||||
@@ -59,16 +58,16 @@ func (s Server) ListenAndServe(ctx context.Context, serverCache cache.Cache, ski
|
||||
dbUpdateWg := &sync.WaitGroup{}
|
||||
|
||||
go func() {
|
||||
worker := newDBWorker(dbc.NewClient(s.cacheDir, true, dbc.WithDBRepository(s.dbRepository)))
|
||||
worker := newDBWorker(db.NewClient(s.dbDir, true, db.WithDBRepository(s.dbRepository)))
|
||||
for {
|
||||
time.Sleep(updateInterval)
|
||||
if err := worker.update(ctx, s.appVersion, s.cacheDir, skipDBUpdate, dbUpdateWg, requestWg, s.RegistryOptions); err != nil {
|
||||
if err := worker.update(ctx, s.appVersion, s.dbDir, skipDBUpdate, dbUpdateWg, requestWg, s.RegistryOptions); err != nil {
|
||||
log.Errorf("%+v\n", err)
|
||||
}
|
||||
}
|
||||
}()
|
||||
|
||||
mux := newServeMux(ctx, serverCache, dbUpdateWg, requestWg, s.token, s.tokenHeader, s.cacheDir)
|
||||
mux := newServeMux(ctx, serverCache, dbUpdateWg, requestWg, s.token, s.tokenHeader, s.dbDir)
|
||||
log.Infof("Listening %s...", s.addr)
|
||||
|
||||
return http.ListenAndServe(s.addr, mux)
|
||||
@@ -128,14 +127,14 @@ func withToken(base http.Handler, token, tokenHeader string) http.Handler {
|
||||
}
|
||||
|
||||
type dbWorker struct {
|
||||
dbClient *dbc.Client
|
||||
dbClient *db.Client
|
||||
}
|
||||
|
||||
func newDBWorker(dbClient *dbc.Client) dbWorker {
|
||||
func newDBWorker(dbClient *db.Client) dbWorker {
|
||||
return dbWorker{dbClient: dbClient}
|
||||
}
|
||||
|
||||
func (w dbWorker) update(ctx context.Context, appVersion, cacheDir string,
|
||||
func (w dbWorker) update(ctx context.Context, appVersion, dbDir string,
|
||||
skipDBUpdate bool, dbUpdateWg, requestWg *sync.WaitGroup, opt types.RegistryOptions) error {
|
||||
log.Debug("Check for DB update...")
|
||||
needsUpdate, err := w.dbClient.NeedsUpdate(ctx, appVersion, skipDBUpdate)
|
||||
@@ -146,13 +145,13 @@ func (w dbWorker) update(ctx context.Context, appVersion, cacheDir string,
|
||||
}
|
||||
|
||||
log.Info("Updating DB...")
|
||||
if err = w.hotUpdate(ctx, cacheDir, dbUpdateWg, requestWg, opt); err != nil {
|
||||
if err = w.hotUpdate(ctx, dbDir, dbUpdateWg, requestWg, opt); err != nil {
|
||||
return xerrors.Errorf("failed DB hot update: %w", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (w dbWorker) hotUpdate(ctx context.Context, cacheDir string, dbUpdateWg, requestWg *sync.WaitGroup, opt types.RegistryOptions) error {
|
||||
func (w dbWorker) hotUpdate(ctx context.Context, dbDir string, dbUpdateWg, requestWg *sync.WaitGroup, opt types.RegistryOptions) error {
|
||||
tmpDir, err := os.MkdirTemp("", "db")
|
||||
if err != nil {
|
||||
return xerrors.Errorf("failed to create a temp dir: %w", err)
|
||||
@@ -175,17 +174,17 @@ func (w dbWorker) hotUpdate(ctx context.Context, cacheDir string, dbUpdateWg, re
|
||||
}
|
||||
|
||||
// Copy trivy.db
|
||||
if _, err = fsutils.CopyFile(db.Path(tmpDir), db.Path(cacheDir)); err != nil {
|
||||
if _, err = fsutils.CopyFile(db.Path(tmpDir), db.Path(dbDir)); err != nil {
|
||||
return xerrors.Errorf("failed to copy the database file: %w", err)
|
||||
}
|
||||
|
||||
// Copy metadata.json
|
||||
if _, err = fsutils.CopyFile(metadata.Path(tmpDir), metadata.Path(cacheDir)); err != nil {
|
||||
if _, err = fsutils.CopyFile(metadata.Path(tmpDir), metadata.Path(dbDir)); err != nil {
|
||||
return xerrors.Errorf("failed to copy the metadata file: %w", err)
|
||||
}
|
||||
|
||||
log.Info("Reopening DB...")
|
||||
if err = db.Init(cacheDir); err != nil {
|
||||
if err = db.Init(dbDir); err != nil {
|
||||
return xerrors.Errorf("failed to open DB: %w", err)
|
||||
}
|
||||
|
||||
|
||||
@@ -14,7 +14,6 @@ import (
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
trivydb "github.com/aquasecurity/trivy-db/pkg/db"
|
||||
"github.com/aquasecurity/trivy-db/pkg/metadata"
|
||||
"github.com/aquasecurity/trivy/internal/dbtest"
|
||||
"github.com/aquasecurity/trivy/pkg/cache"
|
||||
@@ -75,17 +74,17 @@ func Test_dbWorker_update(t *testing.T) {
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
cacheDir := t.TempDir()
|
||||
dbDir := db.Dir(t.TempDir())
|
||||
|
||||
// Initialize the cache
|
||||
meta := metadata.NewClient(cacheDir)
|
||||
meta := metadata.NewClient(dbDir)
|
||||
err := meta.Update(cachedMetadata)
|
||||
require.NoError(t, err)
|
||||
|
||||
err = trivydb.Init(cacheDir)
|
||||
err = db.Init(dbDir)
|
||||
require.NoError(t, err)
|
||||
|
||||
defer func() { _ = trivydb.Close() }()
|
||||
defer func() { _ = db.Close() }()
|
||||
|
||||
// Set a fake time
|
||||
ctx := clock.With(context.Background(), tt.now)
|
||||
@@ -95,11 +94,11 @@ func Test_dbWorker_update(t *testing.T) {
|
||||
art := dbtest.NewFakeDB(t, dbPath, dbtest.FakeDBOptions{
|
||||
MediaType: tt.layerMediaType,
|
||||
})
|
||||
client := db.NewClient(cacheDir, true, db.WithOCIArtifact(art))
|
||||
client := db.NewClient(dbDir, true, db.WithOCIArtifact(art))
|
||||
w := newDBWorker(client)
|
||||
|
||||
var dbUpdateWg, requestWg sync.WaitGroup
|
||||
err = w.update(ctx, "1.2.3", cacheDir,
|
||||
err = w.update(ctx, "1.2.3", dbDir,
|
||||
tt.skipUpdate, &dbUpdateWg, &requestWg, ftypes.RegistryOptions{})
|
||||
if tt.wantErr != "" {
|
||||
require.Error(t, err, tt.name)
|
||||
@@ -108,7 +107,7 @@ func Test_dbWorker_update(t *testing.T) {
|
||||
}
|
||||
require.NoError(t, err, tt.name)
|
||||
|
||||
mc := metadata.NewClient(cacheDir)
|
||||
mc := metadata.NewClient(dbDir)
|
||||
got, err := mc.Get()
|
||||
require.NoError(t, err, tt.name)
|
||||
assert.Equal(t, tt.want, got, tt.name)
|
||||
|
||||
@@ -6,6 +6,7 @@ import (
|
||||
|
||||
"github.com/aquasecurity/trivy-db/pkg/metadata"
|
||||
javadb "github.com/aquasecurity/trivy-java-db/pkg/db"
|
||||
"github.com/aquasecurity/trivy/pkg/db"
|
||||
"github.com/aquasecurity/trivy/pkg/log"
|
||||
"github.com/aquasecurity/trivy/pkg/policy"
|
||||
"github.com/aquasecurity/trivy/pkg/version/app"
|
||||
@@ -45,7 +46,7 @@ func NewVersionInfo(cacheDir string) VersionInfo {
|
||||
var dbMeta *metadata.Metadata
|
||||
var javadbMeta *metadata.Metadata
|
||||
|
||||
mc := metadata.NewClient(cacheDir)
|
||||
mc := metadata.NewClient(db.Dir(cacheDir))
|
||||
meta, err := mc.Get()
|
||||
if err != nil {
|
||||
log.Debug("Failed to get DB metadata", log.Err(err))
|
||||
|
||||
Reference in New Issue
Block a user