fix: avoid 2nd Rego compilation in json format (#132)

Co-authored-by: Becojo <[email protected]>

Author: becojo

analyze/analyze.go

@@ -52,7 +52,7 @@ type GitClient interface {
 	GetRepoHeadBranchName(ctx context.Context, repoPath string) (string, error)
 }
 
-func NewAnalyzer(scmClient ScmClient, gitClient GitClient, formatter Formatter, config *models.Config) *Analyzer {
+func NewAnalyzer(scmClient ScmClient, gitClient GitClient, formatter Formatter, config *models.Config, opaClient *opa.Opa) *Analyzer {
 	if config == nil {
 		config = &models.Config{}
 	}
@@ -61,6 +61,7 @@ func NewAnalyzer(scmClient ScmClient, gitClient GitClient, formatter Formatter,
 		GitClient: gitClient,
 		Formatter: formatter,
 		Config:    config,
+		Opa:       opaClient,
 	}
 }
 
@@ -69,6 +70,7 @@ type Analyzer struct {
 	GitClient GitClient
 	Formatter Formatter
 	Config    *models.Config
+	Opa       *opa.Opa
 }
 
 func (a *Analyzer) AnalyzeOrg(ctx context.Context, org string, numberOfGoroutines *int) error {
@@ -84,12 +86,8 @@ func (a *Analyzer) AnalyzeOrg(ctx context.Context, org string, numberOfGoroutine
 	log.Debug().Msgf("Fetching list of repositories for organization: %s on %s", org, provider)
 	orgReposBatches := a.ScmClient.GetOrgRepos(ctx, org)
 
-	opaClient, err := a.newOpa(ctx)
-	if err != nil {
-		return err
-	}
 	pkgsupplyClient := pkgsupply.NewStaticClient()
-	inventory := scanner.NewInventory(opaClient, pkgsupplyClient, provider, providerVersion)
+	inventory := scanner.NewInventory(a.Opa, pkgsupplyClient, provider, providerVersion)
 
 	log.Debug().Msgf("Starting repository analysis for organization: %s on %s", org, provider)
 	bar := progressbar.NewOptions(
@@ -185,13 +183,8 @@ func (a *Analyzer) AnalyzeRepo(ctx context.Context, repoString string, ref strin
 
 	log.Debug().Msgf("Provider: %s, Version: %s", provider, providerVersion)
 
-	opaClient, err := a.newOpa(ctx)
-	if err != nil {
-		return err
-	}
 	pkgsupplyClient := pkgsupply.NewStaticClient()
-
-	inventory := scanner.NewInventory(opaClient, pkgsupplyClient, provider, providerVersion)
+	inventory := scanner.NewInventory(a.Opa, pkgsupplyClient, provider, providerVersion)
 
 	log.Debug().Msgf("Starting repository analysis for: %s/%s on %s", org, repoName, provider)
 	bar := progressbar.NewOptions(
@@ -240,13 +233,8 @@ func (a *Analyzer) AnalyzeLocalRepo(ctx context.Context, repoPath string) error
 
 	log.Debug().Msgf("Provider: %s, Version: %s", provider, providerVersion)
 
-	opaClient, err := a.newOpa(ctx)
-	if err != nil {
-		return err
-	}
 	pkgsupplyClient := pkgsupply.NewStaticClient()
-
-	inventory := scanner.NewInventory(opaClient, pkgsupplyClient, provider, providerVersion)
+	inventory := scanner.NewInventory(a.Opa, pkgsupplyClient, provider, providerVersion)
 
 	log.Debug().Msgf("Starting repository analysis for: %s/%s on %s", org, repoName, provider)
 	bar := progressbar.NewOptions(
@@ -337,14 +325,3 @@ func (a *Analyzer) cloneRepoToTemp(ctx context.Context, gitURL string, token str
 	}
 	return tempDir, nil
 }
-
-func (a *Analyzer) newOpa(ctx context.Context) (*opa.Opa, error) {
-	opaClient, err := opa.NewOpa()
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to create OPA client")
-		return nil, err
-	}
-	_ = opaClient.WithConfig(ctx, a.Config)
-
-	return opaClient, nil
-}

cmd/analyzeLocal.go

@@ -20,7 +20,12 @@ Example: poutine analyze_local /path/to/repo`,
 		ctx := cmd.Context()
 		repoPath := args[0]
 
-		formatter := GetFormatter()
+		opaClient, err := newOpa(ctx)
+		if err != nil {
+			return err
+		}
+
+		formatter := GetFormatter(opaClient)
 
 		localScmClient, err := local.NewGitSCMClient(ctx, repoPath, nil)
 		if err != nil {
@@ -29,7 +34,7 @@ Example: poutine analyze_local /path/to/repo`,
 
 		localGitClient := gitops.NewLocalGitClient(nil)
 
-		analyzer := analyze.NewAnalyzer(localScmClient, localGitClient, formatter, config)
+		analyzer := analyze.NewAnalyzer(localScmClient, localGitClient, formatter, config, opaClient)
 
 		err = analyzer.AnalyzeLocalRepo(ctx, repoPath)
 		if err != nil {

cmd/root.go

@@ -152,17 +152,15 @@ func cleanup() {
 	log.Debug().Msg("Finished cleaning up temp directories")
 }
 
-func GetFormatter() analyze.Formatter {
+func GetFormatter(opaClient *opa.Opa) analyze.Formatter {
 	switch Format {
 	case "pretty":
 		return &pretty.Format{}
-	case "json":
-		opaClient, _ := opa.NewOpa()
-		return json.NewFormat(opaClient, Format, os.Stdout)
 	case "sarif":
 		return sarif.NewFormat(os.Stdout)
 	}
-	return &pretty.Format{}
+
+	return json.NewFormat(opaClient, Format, os.Stdout)
 }
 
 func GetAnalyzer(ctx context.Context, command string) (*analyze.Analyzer, error) {
@@ -171,10 +169,26 @@ func GetAnalyzer(ctx context.Context, command string) (*analyze.Analyzer, error)
 		return nil, fmt.Errorf("failed to create SCM client: %w", err)
 	}
 
-	formatter := GetFormatter()
+	opaClient, err := newOpa(ctx)
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to create OPA client")
+		return nil, err
+	}
 
+	formatter := GetFormatter(opaClient)
 	gitClient := gitops.NewGitClient(nil)
 
-	analyzer := analyze.NewAnalyzer(scmClient, gitClient, formatter, config)
+	analyzer := analyze.NewAnalyzer(scmClient, gitClient, formatter, config, opaClient)
 	return analyzer, nil
 }
+
+func newOpa(ctx context.Context) (*opa.Opa, error) {
+	opaClient, err := opa.NewOpa()
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to create OPA client")
+		return nil, err
+	}
+	_ = opaClient.WithConfig(ctx, config)
+
+	return opaClient, nil
+}

formatters/json/json.go

@@ -23,20 +23,28 @@ type Format struct {
 }
 
 func (f *Format) Format(ctx context.Context, report *opa.FindingsResult, packages []*models.PackageInsights) error {
-	var reportString string
+	var result struct {
+		Output string `json:"output"`
+		Error  string `json:"error"`
+	}
 	err := f.opa.Eval(ctx,
-		"data.poutine.format[input.format].result",
+		"data.poutine.queries.format.result",
 		map[string]interface{}{
-			"packages": packages,
-			"results":  report,
-			"format":   f.format,
+			"packages":        packages,
+			"results":         report,
+			"format":          f.format,
+			"builtin_formats": []string{"sarif", "pretty"},
 		},
-		&reportString,
+		&result,
 	)
 	if err != nil {
 		return err
 	}
 
-	fmt.Fprint(f.out, reportString)
+	if result.Error != "" {
+		return fmt.Errorf(result.Error)
+	}
+
+	fmt.Fprint(f.out, result.Output)
 	return nil
 }

opa/rego/poutine/queries/format.rego

@@ -0,0 +1,24 @@
+package poutine.queries.format
+
+import rego.v1
+
+default output := ""
+
+output = data.poutine.format[input.format].result
+
+formats contains format if data.poutine.format[format]
+
+formats contains input.builtin_formats[_]
+
+errors contains error if {
+	not input.format in formats
+	error := sprintf("format %s not found in the available formats: %s", [
+		input.format,
+		concat(", ", formats),
+	])
+}
+
+result = {
+	"output": output,
+	"error": concat(", ", errors),
+}

providers/github/client.go

@@ -254,7 +254,7 @@ func (c *Client) GetOrgRepos(ctx context.Context, org string) <-chan analyze.Rep
 		for {
 			var query struct {
 				RepositoryOwner struct {
-					Login string
+					Login        string
 					Repositories struct {
 						TotalCount int
 						Nodes      []GithubRepository