From 5899c2b4b8647aeb18c5f4f73fecc9213199e281 Mon Sep 17 00:00:00 2001 From: Simar Date: Mon, 2 Sep 2024 17:22:09 -0600 Subject: [PATCH] feat(misconf): Register checks only when needed Fixes: /~https://github.com/aquasecurity/trivy/issues/7434 --- pkg/iac/rego/embed.go | 6 +++--- pkg/iac/rego/embed_test.go | 1 + pkg/iac/rego/scanner.go | 2 ++ 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/pkg/iac/rego/embed.go b/pkg/iac/rego/embed.go index fddc069d9283..4679102033c2 100644 --- a/pkg/iac/rego/embed.go +++ b/pkg/iac/rego/embed.go @@ -6,6 +6,7 @@ import ( "io/fs" "path/filepath" "strings" + "sync" "github.com/open-policy-agent/opa/ast" @@ -14,8 +15,7 @@ import ( "github.com/aquasecurity/trivy/pkg/log" ) -func init() { - +var LoadAndRegister = sync.OnceFunc(func() { modules, err := LoadEmbeddedPolicies() if err != nil { // we should panic as the policies were not embedded properly @@ -30,7 +30,7 @@ func init() { } RegisterRegoRules(modules) -} +}) func RegisterRegoRules(modules map[string]*ast.Module) { ctx := context.TODO() diff --git a/pkg/iac/rego/embed_test.go b/pkg/iac/rego/embed_test.go index 5b6368dec2eb..9ed0b00747ed 100644 --- a/pkg/iac/rego/embed_test.go +++ b/pkg/iac/rego/embed_test.go @@ -15,6 +15,7 @@ import ( ) func Test_EmbeddedLoading(t *testing.T) { + LoadAndRegister() frameworkRules := rules.GetRegistered() var found bool diff --git a/pkg/iac/rego/scanner.go b/pkg/iac/rego/scanner.go index 23a1e04bc2b8..f6c7cabcb369 100644 --- a/pkg/iac/rego/scanner.go +++ b/pkg/iac/rego/scanner.go @@ -152,6 +152,8 @@ type DynamicMetadata struct { } func NewScanner(source types.Source, opts ...options.ScannerOption) *Scanner { + LoadAndRegister() + schema, ok := schemas.SchemaMap[source] if !ok { schema = schemas.Anything