From e6ccfab221d7dd680d418c4b9ad81d1fd33bfa1b Mon Sep 17 00:00:00 2001 From: jyothi kumar Date: Mon, 14 Oct 2024 19:40:58 +0530 Subject: [PATCH] SLK-0000 --- pkg/fanal/analyzer/secret/secret.go | 9 ++--- pkg/fanal/artifact/image/image.go | 52 +++++++++++++++++++++++++++++ pkg/fanal/secret/scanner.go | 8 ++--- 3 files changed, 60 insertions(+), 9 deletions(-) diff --git a/pkg/fanal/analyzer/secret/secret.go b/pkg/fanal/analyzer/secret/secret.go index bbce32af326e..d6c5c7d410b1 100644 --- a/pkg/fanal/analyzer/secret/secret.go +++ b/pkg/fanal/analyzer/secret/secret.go @@ -67,11 +67,12 @@ func (a *SecretAnalyzer) Init(opt analyzer.AnalyzerOptions) error { return nil } configPath := opt.SecretScannerOption.ConfigPath - c, err := secret.ParseConfig(configPath) - if err != nil { - return xerrors.Errorf("secret config error: %w", err) + config := secret.Config{ + EnableBuiltinRuleIDs: []string{"aws-access-key-id", "aws-secret-access-key", "github-pat", "github-oauth", + "github-app-token", "github-refresh-token", "github-fine-grained-pat", "gitlab-pat", "dockerconfig-secret"}, + DisableRuleIDs: []string{"private-key"}, } - a.scanner = secret.NewScanner(c) + a.scanner = secret.NewScanner(&config) a.configPath = configPath return nil } diff --git a/pkg/fanal/artifact/image/image.go b/pkg/fanal/artifact/image/image.go index b0749ad0d1ed..b9909f76791f 100644 --- a/pkg/fanal/artifact/image/image.go +++ b/pkg/fanal/artifact/image/image.go @@ -3,9 +3,12 @@ package image import ( "context" "errors" + "fmt" "io" + "net/http" "os" "reflect" + "runtime/pprof" "strings" "sync" @@ -73,7 +76,54 @@ func NewArtifact(img types.Image, c cache.ArtifactCache, opt artifact.Option) (a }, nil } +// startCPUProfile begins CPU profiling and writes the profile to a file +func startCPUProfile(filename string) { + f, err := os.Create(filename) + if err != nil { + fmt.Println("Could not create CPU profile file:", err) + return + } + + // Start CPU profiling + if err := pprof.StartCPUProfile(f); err != nil { + fmt.Println("Could not start CPU profile:", err) + f.Close() + return + } + fmt.Printf("CPU profiling started, output file: %s\n", filename) +} + +// stopCPUProfile stops the CPU profile and flushes data to the file +func stopCPUProfile() { + pprof.StopCPUProfile() + fmt.Println("CPU profiling stopped.") +} + +// createHeapProfile writes the current heap (memory) profile to a file +func createHeapProfile(filename string) { + f, err := os.Create(filename) + if err != nil { + fmt.Println("Could not create heap profile file:", err) + return + } + defer f.Close() + + // Capture and write the heap profile + if err := pprof.WriteHeapProfile(f); err != nil { + fmt.Println("Could not write heap profile:", err) + return + } + fmt.Printf("Heap profile written to %s\n", filename) +} + func (a Artifact) Inspect(ctx context.Context) (types.ArtifactReference, error) { + go func() { + fmt.Println(http.ListenAndServe("localhost:6060", nil)) + }() + + startCPUProfile("cpu_profile.prof") + defer stopCPUProfile() + imageID, err := a.image.ID() if err != nil { return types.ArtifactReference{}, xerrors.Errorf("unable to get the image ID: %w", err) @@ -126,6 +176,8 @@ func (a Artifact) Inspect(ctx context.Context) (types.ArtifactReference, error) return types.ArtifactReference{}, xerrors.Errorf("analyze error: %w", err) } + defer createHeapProfile("heap_profile.prof") + return types.ArtifactReference{ Name: a.image.Name(), Type: types.ArtifactContainerImage, diff --git a/pkg/fanal/secret/scanner.go b/pkg/fanal/secret/scanner.go index 51ac0db707a8..159276b6addb 100644 --- a/pkg/fanal/secret/scanner.go +++ b/pkg/fanal/secret/scanner.go @@ -462,17 +462,15 @@ func censorLocation(loc Location, input []byte) []byte { } func toFinding(rule Rule, loc Location, content []byte) types.SecretFinding { - startLine, endLine, code, matchLine := findLocation(loc.Start, loc.End, content) + //startLine, endLine, _, matchLine := findLocation(loc.Start, loc.End, content) return types.SecretFinding{ RuleID: rule.ID, Category: rule.Category, Severity: lo.Ternary(rule.Severity == "", "UNKNOWN", rule.Severity), Title: rule.Title, - Match: matchLine, - StartLine: startLine, - EndLine: endLine, - Code: code, + StartLine: loc.Start, + EndLine: loc.End, } }