gopls/internal/vulncheck: synchronize cache access

hyangah · hyangah · commit a518b798ae2b · 2022-05-12T21:16:40.000Z
Corresponds to https://go.dev/cl/396594 adds basic support for cache thread safety https://go.dev/cl/398115 change references to GCS bucket to vuln.go.dev Change-Id: I16587a703431e1e28bc6d5f84ab54b4c88fcbdce Reviewed-on: https://go-review.googlesource.com/c/tools/+/405794 Reviewed-by: Jonathan Amsterdam <jba@google.com>
diff --git a/gopls/internal/vulncheck/cache.go b/gopls/internal/vulncheck/cache.go
@@ -10,6 +10,7 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"sync"
 	"time"
 
 	"golang.org/x/vuln/client"
@@ -18,12 +19,6 @@ import (
 
 // copy from x/vuln/cmd/govulncheck/cache.go
 
-// NOTE: this cache implementation should be kept internal to the go tooling
-// (i.e. cmd/go/internal/something) so that the vulndb cache is owned by the
-// go command. Also it is currently NOT CONCURRENCY SAFE since it does not
-// implement file locking. If ported to the stdlib it should use
-// cmd/go/internal/lockedfile.
-
 // The cache uses a single JSON index file for each vulnerability database
 // which contains the map from packages to the time the last
 // vulnerability for that package was added/modified and the time that
@@ -42,9 +37,11 @@ import (
 // $GOPATH/pkg/mod/cache/download/vulndb/{db hostname}/{import path}/vulns.json
 //   []*osv.Entry
 
-// fsCache is file-system cache implementing osv.Cache
-// TODO: make cache thread-safe
+// fsCache is a thread-safe file-system cache implementing osv.Cache
+//
+// TODO: use something like cmd/go/internal/lockedfile for thread safety?
 type fsCache struct {
+	mu      sync.Mutex
 	rootDir string
 }
 
@@ -61,6 +58,9 @@ type cachedIndex struct {
 }
 
 func (c *fsCache) ReadIndex(dbName string) (client.DBIndex, time.Time, error) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
 	b, err := ioutil.ReadFile(filepath.Join(c.rootDir, dbName, "index.json"))
 	if err != nil {
 		if os.IsNotExist(err) {
@@ -76,6 +76,9 @@ func (c *fsCache) ReadIndex(dbName string) (client.DBIndex, time.Time, error) {
 }
 
 func (c *fsCache) WriteIndex(dbName string, index client.DBIndex, retrieved time.Time) error {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
 	path := filepath.Join(c.rootDir, dbName)
 	if err := os.MkdirAll(path, 0755); err != nil {
 		return err
@@ -94,6 +97,9 @@ func (c *fsCache) WriteIndex(dbName string, index client.DBIndex, retrieved time
 }
 
 func (c *fsCache) ReadEntries(dbName string, p string) ([]*osv.Entry, error) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
 	b, err := ioutil.ReadFile(filepath.Join(c.rootDir, dbName, p, "vulns.json"))
 	if err != nil {
 		if os.IsNotExist(err) {
@@ -109,6 +115,9 @@ func (c *fsCache) ReadEntries(dbName string, p string) ([]*osv.Entry, error) {
 }
 
 func (c *fsCache) WriteEntries(dbName string, p string, entries []*osv.Entry) error {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
 	path := filepath.Join(c.rootDir, dbName, p)
 	if err := os.MkdirAll(path, 0777); err != nil {
 		return err
diff --git a/gopls/internal/vulncheck/command.go b/gopls/internal/vulncheck/command.go
@@ -53,7 +53,7 @@ func findGOVULNDB(cfg *packages.Config) []string {
 	if GOVULNDB := os.Getenv("GOVULNDB"); GOVULNDB != "" {
 		return strings.Split(GOVULNDB, ",")
 	}
-	return []string{"https://storage.googleapis.com/go-vulndb"}
+	return []string{"https://vuln.go.dev"}
 }
 
 type Vuln = command.Vuln

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ func findGOVULNDB(cfg *packages.Config) []string {`
`53`	`53`	`if GOVULNDB := os.Getenv("GOVULNDB"); GOVULNDB != "" {`
`54`	`54`	`return strings.Split(GOVULNDB, ",")`
`55`	`55`	`}`
`56`		`- return []string{"https://storage.googleapis.com/go-vulndb"}`
	`56`	`+ return []string{"https://vuln.go.dev"}`
`57`	`57`	`}`
`58`	`58`
`59`	`59`	`type Vuln = command.Vuln`