SLK-0000

aquasecurity · Oct 14, 2024 · e6ccfab · e6ccfab
1 parent c06f467
commit e6ccfab
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 9 deletions.
diff --git a/pkg/fanal/analyzer/secret/secret.go b/pkg/fanal/analyzer/secret/secret.go
@@ -67,11 +67,12 @@ func (a *SecretAnalyzer) Init(opt analyzer.AnalyzerOptions) error {
  return nil
  }
  configPath := opt.SecretScannerOption.ConfigPath
- c, err := secret.ParseConfig(configPath)
- if err != nil {
- return xerrors.Errorf("secret config error: %w", err)
+ config := secret.Config{
+ EnableBuiltinRuleIDs: []string{"aws-access-key-id", "aws-secret-access-key", "github-pat", "github-oauth",
+ "github-app-token", "github-refresh-token", "github-fine-grained-pat", "gitlab-pat", "dockerconfig-secret"},
+ DisableRuleIDs: []string{"private-key"},
  }
- a.scanner = secret.NewScanner(c)
+ a.scanner = secret.NewScanner(&config)
  a.configPath = configPath
  return nil
 }

diff --git a/pkg/fanal/artifact/image/image.go b/pkg/fanal/artifact/image/image.go
@@ -3,9 +3,12 @@ package image
 import (
  "context"
  "errors"
+ "fmt"
  "io"
+ "net/http"
  "os"
  "reflect"
+ "runtime/pprof"
  "strings"
  "sync"
 
@@ -73,7 +76,54 @@ func NewArtifact(img types.Image, c cache.ArtifactCache, opt artifact.Option) (a
  }, nil
 }
 
+// startCPUProfile begins CPU profiling and writes the profile to a file
+func startCPUProfile(filename string) {
+ f, err := os.Create(filename)
+ if err != nil {
+ fmt.Println("Could not create CPU profile file:", err)
+ return
+ }
+
+ // Start CPU profiling
+ if err := pprof.StartCPUProfile(f); err != nil {
+ fmt.Println("Could not start CPU profile:", err)
+ f.Close()
+ return
+ }
+ fmt.Printf("CPU profiling started, output file: %s\n", filename)
+}
+
+// stopCPUProfile stops the CPU profile and flushes data to the file
+func stopCPUProfile() {
+ pprof.StopCPUProfile()
+ fmt.Println("CPU profiling stopped.")
+}
+
+// createHeapProfile writes the current heap (memory) profile to a file
+func createHeapProfile(filename string) {
+ f, err := os.Create(filename)
+ if err != nil {
+ fmt.Println("Could not create heap profile file:", err)
+ return
+ }
+ defer f.Close()
+
+ // Capture and write the heap profile
+ if err := pprof.WriteHeapProfile(f); err != nil {
+ fmt.Println("Could not write heap profile:", err)
+ return
+ }
+ fmt.Printf("Heap profile written to %s\n", filename)
+}
+
 func (a Artifact) Inspect(ctx context.Context) (types.ArtifactReference, error) {
+ go func() {
+ fmt.Println(http.ListenAndServe("localhost:6060", nil))
+ }()
+
+ startCPUProfile("cpu_profile.prof")
+ defer stopCPUProfile()
+
  imageID, err := a.image.ID()
  if err != nil {
  return types.ArtifactReference{}, xerrors.Errorf("unable to get the image ID: %w", err)
@@ -126,6 +176,8 @@ func (a Artifact) Inspect(ctx context.Context) (types.ArtifactReference, error)
  return types.ArtifactReference{}, xerrors.Errorf("analyze error: %w", err)
  }
 
+ defer createHeapProfile("heap_profile.prof")
+
  return types.ArtifactReference{
  Name: a.image.Name(),
  Type: types.ArtifactContainerImage,

diff --git a/pkg/fanal/secret/scanner.go b/pkg/fanal/secret/scanner.go
@@ -462,17 +462,15 @@ func censorLocation(loc Location, input []byte) []byte {
 }
 
 func toFinding(rule Rule, loc Location, content []byte) types.SecretFinding {
- startLine, endLine, code, matchLine := findLocation(loc.Start, loc.End, content)
+ //startLine, endLine, _, matchLine := findLocation(loc.Start, loc.End, content)
 
  return types.SecretFinding{
  RuleID: rule.ID,
  Category: rule.Category,
  Severity: lo.Ternary(rule.Severity == "", "UNKNOWN", rule.Severity),
  Title: rule.Title,
- Match: matchLine,
- StartLine: startLine,
- EndLine: endLine,
- Code: code,
+ StartLine: loc.Start,
+ EndLine: loc.End,
  }
 }