mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-22 15:16:33 -08:00
feat(library): ignore files under vendor dir (fanal#44)
This commit is contained in:
Teppei Fukuda
@@ -3,7 +3,6 @@ package composer
|
|||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strings"
|
|
||||||
|
|
||||||
"github.com/aquasecurity/fanal/analyzer"
|
"github.com/aquasecurity/fanal/analyzer"
|
||||||
"github.com/aquasecurity/fanal/extractor"
|
"github.com/aquasecurity/fanal/extractor"
|
||||||
@@ -29,11 +28,6 @@ func (a composerLibraryAnalyzer) Analyze(fileMap extractor.FileMap) (map[analyze
|
|||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
// skip analyze files which in dependency folder
|
|
||||||
if utils.StringInSlice(utils.COMPOSER_DEP_DIR, strings.Split(filename, utils.PathSeparator)) {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
r := bytes.NewBuffer(content)
|
r := bytes.NewBuffer(content)
|
||||||
libs, err := composer.Parse(r)
|
libs, err := composer.Parse(r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
5
analyzer/library/const.go
Normal file
5
analyzer/library/const.go
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
package library
|
||||||
|
|
||||||
|
var (
|
||||||
|
IgnoreDirs = []string{"node_modules", "vendor"}
|
||||||
|
)
|
||||||
@@ -3,7 +3,6 @@ package npm
|
|||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strings"
|
|
||||||
|
|
||||||
"github.com/aquasecurity/fanal/analyzer"
|
"github.com/aquasecurity/fanal/analyzer"
|
||||||
"github.com/aquasecurity/fanal/extractor"
|
"github.com/aquasecurity/fanal/extractor"
|
||||||
@@ -29,11 +28,6 @@ func (a npmLibraryAnalyzer) Analyze(fileMap extractor.FileMap) (map[analyzer.Fil
|
|||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
// skip analyze files which in dependency folder
|
|
||||||
if utils.StringInSlice(utils.NODE_DEP_DIR, strings.Split(filename, utils.PathSeparator)) {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
r := bytes.NewBuffer(content)
|
r := bytes.NewBuffer(content)
|
||||||
libs, err := npm.Parse(r)
|
libs, err := npm.Parse(r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
@@ -3,7 +3,6 @@ package yarn
|
|||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strings"
|
|
||||||
|
|
||||||
"github.com/aquasecurity/fanal/analyzer"
|
"github.com/aquasecurity/fanal/analyzer"
|
||||||
"github.com/aquasecurity/fanal/extractor"
|
"github.com/aquasecurity/fanal/extractor"
|
||||||
@@ -31,11 +30,6 @@ func (a yarnLibraryAnalyzer) Analyze(fileMap extractor.FileMap) (map[analyzer.Fi
|
|||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
// skip analyze files which in dependency folder
|
|
||||||
if utils.StringInSlice(utils.NODE_DEP_DIR, strings.Split(filename, utils.PathSeparator)) {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
|
|
||||||
r := bytes.NewBuffer(content)
|
r := bytes.NewBuffer(content)
|
||||||
libs, err := yarn.Parse(r)
|
libs, err := yarn.Parse(r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
@@ -12,6 +12,9 @@ import (
|
|||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/aquasecurity/fanal/analyzer/library"
|
||||||
|
"github.com/aquasecurity/fanal/utils"
|
||||||
|
|
||||||
"github.com/opencontainers/go-digest"
|
"github.com/opencontainers/go-digest"
|
||||||
|
|
||||||
"github.com/aquasecurity/fanal/extractor"
|
"github.com/aquasecurity/fanal/extractor"
|
||||||
@@ -351,6 +354,10 @@ func (d DockerExtractor) ExtractFiles(layer io.Reader, filenames []string) (extr
|
|||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if d.isIgnored(filePath) {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
// Determine if we should extract the element
|
// Determine if we should extract the element
|
||||||
extract := false
|
extract := false
|
||||||
for _, s := range filenames {
|
for _, s := range filenames {
|
||||||
@@ -382,5 +389,13 @@ func (d DockerExtractor) ExtractFiles(layer io.Reader, filenames []string) (extr
|
|||||||
}
|
}
|
||||||
|
|
||||||
return data, opqDirs, nil
|
return data, opqDirs, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (d DockerExtractor) isIgnored(filePath string) bool {
|
||||||
|
for _, path := range strings.Split(filePath, utils.PathSeparator) {
|
||||||
|
if utils.StringInSlice(path, library.IgnoreDirs) {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -84,6 +84,16 @@ func TestExtractFromFile(t *testing.T) {
|
|||||||
},
|
},
|
||||||
err: nil,
|
err: nil,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
file: "testdata/image6.tar",
|
||||||
|
// Not detect package-lock.json and composer.lock under vendor/ or node_modules/"
|
||||||
|
filenames: []string{"foo", "package-lock.json", "composer.lock"},
|
||||||
|
FileMap: extractor.FileMap{
|
||||||
|
"foo": []byte("foo\n"),
|
||||||
|
"/config": []byte(`{"architecture":"amd64","config":{"Hostname":"","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt"],"Cmd":null,"Image":"sha256:7b421e99fb75da8466c90ec04a1c43a3f8b9fd9be0bb71a341d30ca11c75e9e0","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"container_config":{"Hostname":"","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt"],"Cmd":["/bin/sh","-c","#(nop) COPY file:745080737b5cb8cd47dbca9a8819cc8e9034b7748ccb0ed1c60bdb0b5fc6c2e8 in /app/vendor/ "],"Image":"sha256:7b421e99fb75da8466c90ec04a1c43a3f8b9fd9be0bb71a341d30ca11c75e9e0","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"created":"2019-10-30T09:59:16.9071124Z","docker_version":"19.03.4","history":[{"created":"1970-01-01T00:00:00Z","author":"Bazel","created_by":"bazel build ..."},{"created":"1970-01-01T00:00:00Z","author":"Bazel","created_by":"bazel build ..."},{"created":"2019-10-30T09:59:16.1671833Z","created_by":"/bin/sh -c #(nop) COPY file:8d7ea209a266ec183c53e0de5dad09aa6ccd217961306f174884d94eb92369ab in /foo "},{"created":"2019-10-30T09:59:16.5096275Z","created_by":"/bin/sh -c #(nop) COPY file:4772d4fa23206c27b7ddbac967e3d2e3f6b08f6dde8ba8170975efc4b6041255 in /app/node_modules/ "},{"created":"2019-10-30T09:59:16.9071124Z","created_by":"/bin/sh -c #(nop) COPY file:745080737b5cb8cd47dbca9a8819cc8e9034b7748ccb0ed1c60bdb0b5fc6c2e8 in /app/vendor/ "}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:932da51564135c98a49a34a193d6cd363d8fa4184d957fde16c9d8527b3f3b02","sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5","sha256:ca9852efab2ff2b5031a02f69021c6d4c49d351480f9cd7b08beec00d3527d1a","sha256:88d8eebab45ec2cb73ad2859a158617324eadfb904a8fe24b936b07ccd15096d","sha256:ef55f7ceb56d4ccbfb9228ab865f3e411c9a9781814fe4558003a2b2427f457d"]}}`),
|
||||||
|
},
|
||||||
|
err: nil,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, v := range vectors {
|
for _, v := range vectors {
|
||||||
|
|||||||
BIN
extractor/docker/testdata/image6.tar
vendored
Normal file
BIN
extractor/docker/testdata/image6.tar
vendored
Normal file
Binary file not shown.
@@ -9,8 +9,6 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
NODE_DEP_DIR = "node_modules"
|
|
||||||
COMPOSER_DEP_DIR = "vendor"
|
|
||||||
PathSeparator = fmt.Sprintf("%c", os.PathSeparator)
|
PathSeparator = fmt.Sprintf("%c", os.PathSeparator)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user