feat(misconf): Register checks only when needed (#7435)

simar7 · web-flow · commit f768d3a767a9 · 2024-09-17T03:57:10.000Z
diff --git a/pkg/iac/rego/embed.go b/pkg/iac/rego/embed.go
@@ -6,6 +6,7 @@ import (
 	"io/fs"
 	"path/filepath"
 	"strings"
+	"sync"
 
 	"github.com/open-policy-agent/opa/ast"
 
@@ -14,8 +15,7 @@ import (
 	"github.com/aquasecurity/trivy/pkg/log"
 )
 
-func init() {
-
+var LoadAndRegister = sync.OnceFunc(func() {
 	modules, err := LoadEmbeddedPolicies()
 	if err != nil {
 		// we should panic as the policies were not embedded properly
@@ -30,7 +30,7 @@ func init() {
 	}
 
 	RegisterRegoRules(modules)
-}
+})
 
 func RegisterRegoRules(modules map[string]*ast.Module) {
 	ctx := context.TODO()
diff --git a/pkg/iac/rego/embed_test.go b/pkg/iac/rego/embed_test.go
@@ -15,6 +15,7 @@ import (
 )
 
 func Test_EmbeddedLoading(t *testing.T) {
+	LoadAndRegister()
 
 	frameworkRules := rules.GetRegistered()
 	var found bool
diff --git a/pkg/iac/rego/scanner.go b/pkg/iac/rego/scanner.go
@@ -152,6 +152,8 @@ type DynamicMetadata struct {
 }
 
 func NewScanner(source types.Source, opts ...options.ScannerOption) *Scanner {
+	LoadAndRegister()
+
 	schema, ok := schemas.SchemaMap[source]
 	if !ok {
 		schema = schemas.Anything

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@ import (`
`15`	`15`	`)`
`16`	`16`
`17`	`17`	`func Test_EmbeddedLoading(t *testing.T) {`
	`18`	`+ LoadAndRegister()`
`18`	`19`
`19`	`20`	`frameworkRules := rules.GetRegistered()`
`20`	`21`	`var found bool`
Original file line number	Diff line number	Diff line change
`@@ -152,6 +152,8 @@ type DynamicMetadata struct {`
`152`	`152`	`}`
`153`	`153`
`154`	`154`	`func NewScanner(source types.Source, opts ...options.ScannerOption) *Scanner {`
	`155`	`+ LoadAndRegister()`
	`156`	`+`
`155`	`157`	`schema, ok := schemas.SchemaMap[source]`
`156`	`158`	`if !ok {`
`157`	`159`	`schema = schemas.Anything`