skip scan composer.lock in vendor dir (fanal#34)

2025-12-21 14:50:53 -08:00 · 2019-09-25 15:32:02 +09:00
parent a8380ab5e5
commit f9a8f80485
2 changed files with 9 additions and 2 deletions
--- a/analyzer/library/composer/composer.go
+++ b/analyzer/library/composer/composer.go
@@ -3,6 +3,7 @@ package composer
 import (
 	"bytes"
 	"path/filepath"
+	"strings"

 	"github.com/aquasecurity/fanal/analyzer"
 	"github.com/aquasecurity/fanal/extractor"
@@ -28,6 +29,11 @@ func (a composerLibraryAnalyzer) Analyze(fileMap extractor.FileMap) (map[analyze
 			continue
 		}

+		// skip analyze files which in dependency folder
+		if utils.StringInSlice(utils.COMPOSER_DEP_DIR, strings.Split(filename, utils.PathSeparator)) {
+			continue
+		}
+
 		r := bytes.NewBuffer(content)
 		libs, err := composer.Parse(r)
 		if err != nil {
--- a/utils/utils.go
+++ b/utils/utils.go
@@ -8,6 +8,7 @@ import (

 var (
 	NODE_DEP_DIR     = "node_modules"
+	COMPOSER_DEP_DIR = "vendor"
 	PathSeparator    = fmt.Sprintf("%c", os.PathSeparator)
 )