From 27a3e55e8ed40a8db9d5b73849591f0f222c97ae Mon Sep 17 00:00:00 2001 From: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com> Date: Thu, 26 Oct 2023 07:50:32 +0600 Subject: [PATCH] fix(java): download java-db once (#5442) --- pkg/fanal/analyzer/language/java/jar/jar.go | 15 +++++---------- pkg/javadb/client.go | 12 ++++++++---- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/pkg/fanal/analyzer/language/java/jar/jar.go b/pkg/fanal/analyzer/language/java/jar/jar.go index 8e4ed4820f18..0690fc0d9f20 100644 --- a/pkg/fanal/analyzer/language/java/jar/jar.go +++ b/pkg/fanal/analyzer/language/java/jar/jar.go @@ -15,7 +15,6 @@ import ( "github.com/aquasecurity/trivy/pkg/fanal/analyzer/language" "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/javadb" - "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/parallel" ) @@ -34,8 +33,7 @@ var requiredExtensions = []string{ // javaLibraryAnalyzer analyzes jar/war/ear/par files type javaLibraryAnalyzer struct { - client *javadb.DB - slow bool + slow bool } func newJavaLibraryAnalyzer(options analyzer.AnalyzerOptions) (analyzer.PostAnalyzer, error) { @@ -46,23 +44,20 @@ func newJavaLibraryAnalyzer(options analyzer.AnalyzerOptions) (analyzer.PostAnal func (a *javaLibraryAnalyzer) PostAnalyze(ctx context.Context, input analyzer.PostAnalysisInput) (*analyzer.AnalysisResult, error) { // TODO: think about the sonatype API and "--offline" - var err error - log.Logger.Info("JAR files found") - a.client, err = javadb.NewClient() + client, err := javadb.NewClient() if err != nil { return nil, xerrors.Errorf("Unable to initialize the Java DB: %s", err) } - defer func() { _ = a.client.Close() }() - log.Logger.Info("Analyzing JAR files takes a while...") + defer func() { _ = client.Close() }() // Skip analyzing JAR files as the nil client means the Java DB was not downloaded successfully. - if a.client == nil { + if client == nil { return nil, nil } // It will be called on each JAR file onFile := func(path string, info fs.FileInfo, r dio.ReadSeekerAt) (*types.Application, error) { - p := jar.NewParser(a.client, jar.WithSize(info.Size()), jar.WithFilePath(path)) + p := jar.NewParser(client, jar.WithSize(info.Size()), jar.WithFilePath(path)) return language.ParsePackage(types.Jar, path, r, p, input.Options.FileChecksum) } diff --git a/pkg/javadb/client.go b/pkg/javadb/client.go index f2a68abedb00..e1b67b81f781 100644 --- a/pkg/javadb/client.go +++ b/pkg/javadb/client.go @@ -7,6 +7,7 @@ import ( "os" "path/filepath" "sort" + "sync" "time" "golang.org/x/xerrors" @@ -31,6 +32,7 @@ type Updater struct { skip bool quiet bool registryOption ftypes.RegistryOptions + once sync.Once // we need to update java-db once per run } func (u *Updater) Update() error { @@ -93,10 +95,12 @@ func Update() error { if updater == nil { return xerrors.New("Java DB client not initialized") } - if err := updater.Update(); err != nil { - return xerrors.Errorf("Java DB update error: %w", err) - } - return nil + + var err error + updater.once.Do(func() { + err = updater.Update() + }) + return err } type DB struct {