gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-22 23:26:39 -08:00
Code Issues Packages Projects Releases Wiki Activity

refactor: add hook interface for extended functionality (#8585)

Browse Source
This commit is contained in:
Teppei Fukuda
2025-04-08 15:49:16 +04:00
committed by GitHub
parent 9dcd06fda7
commit a0dc3b688e
14 changed files with 795 additions and 198 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
pkg/module/module.go
View File

@@ -17,13 +17,12 @@ import (
wasi "github.com/tetratelabs/wazero/imports/wasi_snapshot_preview1"
"golang.org/x/xerrors"
"github.com/aquasecurity/trivy/pkg/extension"
"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
"github.com/aquasecurity/trivy/pkg/log"
tapi "github.com/aquasecurity/trivy/pkg/module/api"
"github.com/aquasecurity/trivy/pkg/module/serialize"
"github.com/aquasecurity/trivy/pkg/scan/post"
"github.com/aquasecurity/trivy/pkg/types"
"github.com/aquasecurity/trivy/pkg/utils/fsutils"
)
var (
@@ -33,10 +32,6 @@ var (
"warn": logWarn,
"error": logError,
}
RelativeDir = filepath.Join(".trivy", "modules")
DefaultDir = dir()
)
// logDebug is defined as an api.GoModuleFunc for lower overhead vs reflection.
@@ -172,7 +167,7 @@ func (m *Manager) Register() {
func (m *Manager) Deregister() {
for _, mod := range m.modules {
analyzer.DeregisterAnalyzer(analyzer.Type(mod.Name()))
post.DeregisterPostScanner(mod.Name())
extension.DeregisterHook(mod.Name())
}
}
@@ -262,6 +257,8 @@ func marshal(ctx context.Context, m api.Module, malloc api.Function, v any) (uin
return ptr, size, nil
}
var _ extension.ScanHook = (*wasmModule)(nil)
type wasmModule struct {
mod api.Module
memFS *memFS
@@ -416,7 +413,7 @@ func (m *wasmModule) Register() {
}
if m.isPostScanner {
logger.Debug("Registering custom post scanner")
post.RegisterPostScanner(m)
extension.RegisterHook(m)
}
}
@@ -486,8 +483,11 @@ func (m *wasmModule) Analyze(ctx context.Context, input analyzer.AnalysisInput)
return &result, nil
}
// PostScan performs post scanning
// e.g. Remove a vulnerability, change severity, etc.
func (m *wasmModule) PreScan(ctx context.Context, target *types.ScanTarget, options types.ScanOptions) error {
// TODO: Implement
return nil
}
func (m *wasmModule) PostScan(ctx context.Context, results types.Results) (types.Results, error) {
// Find custom resources
var custom types.Result
@@ -746,10 +746,6 @@ func isType(ctx context.Context, mod api.Module, name string) (bool, error) {
return isRes[0] > 0, nil
}
func dir() string {
return filepath.Join(fsutils.HomeDir(), RelativeDir)
}
func modulePostScanSpec(ctx context.Context, mod api.Module, freeFn api.Function) (serialize.PostScanSpec, error) {
postScanSpecFunc := mod.ExportedFunction("post_scan_spec")
if postScanSpecFunc == nil {