feat(trivy): go mod update trivy v0.17.2 (#1235)

* feat(trivy): go mod update trivy v0.17.2 * wg.Wait * fix reporting * fix test case * add gemfile.lock of redmine to integration test * fix(test): add Pipfile.lock * add poetry.lock to integration test * add composer.lock to integration test * add integration test case
2021-05-12 18:27:55 +09:00
parent 47652ef0fb
commit e553f8b4c5
27 changed files with 22061 additions and 50334 deletions
--- a/scanner/base.go
+++ b/scanner/base.go
@@ -2,13 +2,16 @@ package scanner

 import (
 	"bufio"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"net"
 	"os"
+	"path/filepath"
 	"regexp"
 	"strings"
+	"sync"
 	"time"

 	"github.com/aquasecurity/fanal/analyzer"
@@ -18,6 +21,7 @@ import (
 	"github.com/future-architect/vuls/logging"
 	"github.com/future-architect/vuls/models"
 	"github.com/future-architect/vuls/util"
+	"golang.org/x/sync/semaphore"
 	"golang.org/x/xerrors"

 	// Import library scanner
@@ -579,6 +583,11 @@ func (l *base) scanLibraries() (err error) {
 		if path == "" {
 			continue
 		}
+
+		if path, err = filepath.Abs(path); err != nil {
+			return xerrors.Errorf("Failed to abs the lockfile. err: %w, filepath: %s", err, path)
+		}
+
 		// skip already exist
 		if _, ok := libFilemap[path]; ok {
 			continue
@@ -589,7 +598,7 @@ func (l *base) scanLibraries() (err error) {
 		case constant.ServerTypePseudo:
 			bytes, err = ioutil.ReadFile(path)
 			if err != nil {
-				return xerrors.Errorf("Failed to get target file: %s, filepath: %s", err, path)
+				return xerrors.Errorf("Failed to get target file. err: %w, filepath: %s", err, path)
 			}
 		default:
 			cmd := fmt.Sprintf("cat %s", path)
@@ -602,16 +611,47 @@ func (l *base) scanLibraries() (err error) {
 		libFilemap[path] = bytes
 	}

+	disabledAnalyzers := []analyzer.Type{
+		analyzer.TypeAlpine,
+		analyzer.TypeAmazon,
+		analyzer.TypeDebian,
+		analyzer.TypePhoton,
+		analyzer.TypeCentOS,
+		analyzer.TypeFedora,
+		analyzer.TypeOracle,
+		analyzer.TypeRedHatBase,
+		analyzer.TypeSUSE,
+		analyzer.TypeUbuntu,
+		analyzer.TypeApk,
+		analyzer.TypeDpkg,
+		analyzer.TypeRpm,
+		analyzer.TypeApkCommand,
+		analyzer.TypeYaml,
+		analyzer.TypeTOML,
+		analyzer.TypeJSON,
+		analyzer.TypeDockerfile,
+		analyzer.TypeHCL,
+	}
+	anal := analyzer.NewAnalyzer(disabledAnalyzers)
+
 	for path, b := range libFilemap {
-		res, err := analyzer.AnalyzeFile(path, &DummyFileInfo{}, func() ([]byte, error) {
-			return b, nil
-		})
-		if err != nil {
-			return xerrors.Errorf("Failed to get libs: %w", err)
+		var wg sync.WaitGroup
+		result := new(analyzer.AnalysisResult)
+		if err := anal.AnalyzeFile(
+			context.Background(),
+			&wg,
+			semaphore.NewWeighted(1),
+			result,
+			path,
+			&DummyFileInfo{},
+			func() ([]byte, error) { return b, nil }); err != nil {
+			return xerrors.Errorf("Failed to get libs. err: %w", err)
 		}
-		libscan, err := convertLibWithScanner(res.Applications)
+		wg.Wait()
+
+		libscan, err := convertLibWithScanner(result.Applications)
 		if err != nil {
-			return xerrors.Errorf("Failed to scan libraries: %w", err)
+			return xerrors.Errorf("Failed to convert libs. err: %w", err)
 		}
 		l.LibraryScanners = append(l.LibraryScanners, libscan...)
 	}
--- a/scanner/library.go
+++ b/scanner/library.go
@@ -18,6 +18,7 @@ func convertLibWithScanner(apps []types.Application) ([]models.LibraryScanner, e
 			})
 		}
 		scanners = append(scanners, models.LibraryScanner{
+			Type: app.Type,
 			Path: app.FilePath,
 			Libs: libs,
 		})