diff --git a/docs/docs/analyzers/analyzers.md b/docs/docs/analyzers/analyzers.md new file mode 100644 index 000000000000..b341152da03c --- /dev/null +++ b/docs/docs/analyzers/analyzers.md @@ -0,0 +1,68 @@ + +## Analyzers +Use the following types of analyzers for the [--max-file-size] and [--file-pattern] flags +``` +fedora +apk +sbom +packages-props +node-pkg +composer-vendor +rustbinary +cocoapods +redhat-content-manifest +redhat-dockerfile +pom +amazon +alma +os-release +dpkg-license +rpmqa +executable +mix-lock +gemspec +swift +debian +rocky +gobinary +centos +ubuntu +apk-repo +conda-environment +conda-pkg +bundler +alpine +oracle +rpm +dotnet-core +pipenv +license-file +redhat +ubuntu-esm +sbt-lockfile +secret +dockerfile +kubernetes +python-pkg +dpkg +cloudformation +terraformplan-json +conan-lock +jar +npm +pnpm +poetry +terraformplan-snapshot +pubspec-lock +nuget +gomod +gradle-lockfile +composer +azure-arm +helm +terraform +julia +yarn +pip +cargo +``` \ No newline at end of file diff --git a/go.mod b/go.mod index 70277514b22a..f2e692f44c1b 100644 --- a/go.mod +++ b/go.mod @@ -140,6 +140,7 @@ require ( cloud.google.com/go/compute/metadata v0.3.0 // indirect cloud.google.com/go/iam v1.1.6 // indirect cloud.google.com/go/storage v1.39.1 // indirect + cuelang.org/go v0.9.2 // indirect dario.cat/mergo v1.0.0 // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect diff --git a/go.sum b/go.sum index a5dde364799f..ff9665ac2c3a 100644 --- a/go.sum +++ b/go.sum @@ -186,8 +186,11 @@ cloud.google.com/go/workflows v1.6.0/go.mod h1:6t9F5h/unJz41YqfBmqSASJSXccBLtD1V cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoISEXH2bcHC3M= cuelabs.dev/go/oci/ociregistry v0.0.0-20240314152124-224736b49f2e h1:GwCVItFUPxwdsEYnlUcJ6PJxOjTeFFCKOh6QWg4oAzQ= cuelabs.dev/go/oci/ociregistry v0.0.0-20240314152124-224736b49f2e/go.mod h1:ApHceQLLwcOkCEXM1+DyCXTHEJhNGDpJ2kmV6axsx24= +cuelabs.dev/go/oci/ociregistry v0.0.0-20240404174027-a39bec0462d2 h1:BnG6pr9TTr6CYlrJznYUDj6V7xldD1W+1iXPum0wT/w= cuelang.org/go v0.8.1 h1:VFYsxIFSPY5KgSaH1jQ2GxHOrbu6Ga3kEI70yCZwnOg= cuelang.org/go v0.8.1/go.mod h1:CoDbYolfMms4BhWUlhD+t5ORnihR7wvjcfgyO9lL5FI= +cuelang.org/go v0.9.2 h1:pfNiry2PdRBr02G/aKm5k2vhzmqbAOoaB4WurmEbWvs= +cuelang.org/go v0.9.2/go.mod h1:qpAYsLOf7gTM1YdEg6cxh553uZ4q9ZDWlPbtZr9q1Wk= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= diff --git a/magefiles/docs.go b/magefiles/docs.go index 1a59007de229..4c00bc3ffd08 100644 --- a/magefiles/docs.go +++ b/magefiles/docs.go @@ -3,8 +3,10 @@ package main import ( + "bytes" "os" + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/spf13/cobra/doc" "github.com/aquasecurity/trivy/pkg/commands" @@ -26,4 +28,14 @@ func main() { if err := doc.GenMarkdownTree(cmd, "./docs/docs/references/configuration/cli"); err != nil { log.Fatal("Fatal error", log.Err(err)) } + + buf := bytes.NewBuffer([]byte(` +## Analyzers +Use the following types of analyzers for the [--max-file-size] and [--file-pattern] flags`)) + buf.WriteString("\n```\n") + for _, t := range analyzer.AllAnalyzerTypes() { + buf.WriteString(string(t) + "\n") + } + buf.WriteString("```") + os.WriteFile("./docs/docs/analyzers/analyzers.md", buf.Bytes(), 0644) } diff --git a/pkg/commands/artifact/run.go b/pkg/commands/artifact/run.go index 6528ec2c3d36..ddb626cda569 100644 --- a/pkg/commands/artifact/run.go +++ b/pkg/commands/artifact/run.go @@ -485,6 +485,7 @@ func (r *runner) initScannerConfig(opts flag.Options) (ScannerConfig, types.Scan ScanRemovedPackages: opts.ScanRemovedPkgs, // this is valid only for 'image' subcommand LicenseCategories: opts.LicenseCategories, FilePatterns: opts.FilePatterns, + MaxFileSize: opts.MaxFileSize, IncludeDevDeps: opts.IncludeDevDeps, } @@ -585,6 +586,7 @@ func (r *runner) initScannerConfig(opts flag.Options) (ScannerConfig, types.Scan DisabledAnalyzers: disabledAnalyzers(opts), DisabledHandlers: disabledHandlers, FilePatterns: opts.FilePatterns, + MaxFileSize: opts.MaxFileSize, Parallel: opts.Parallel, Offline: opts.OfflineScan, NoProgress: opts.NoProgress || opts.Quiet, diff --git a/pkg/fanal/analyzer/analyzer.go b/pkg/fanal/analyzer/analyzer.go index b5bb8e629acf..0008920458cf 100644 --- a/pkg/fanal/analyzer/analyzer.go +++ b/pkg/fanal/analyzer/analyzer.go @@ -43,6 +43,7 @@ type AnalyzerOptions struct { Group Group Parallel int FilePatterns []string + MaxFileSize map[Type]int64 DisabledAnalyzers []Type DetectionPriority types.DetectionPriority MisconfScannerOption misconf.ScannerOption @@ -74,6 +75,7 @@ type analyzer interface { Version() int Analyze(ctx context.Context, input AnalysisInput) (*AnalysisResult, error) Required(filePath string, info os.FileInfo) bool + Description() string } type PostAnalyzer interface { @@ -81,6 +83,11 @@ type PostAnalyzer interface { Version() int PostAnalyze(ctx context.Context, input PostAnalysisInput) (*AnalysisResult, error) Required(filePath string, info os.FileInfo) bool + Description() string +} + +func AllAnalyzerTypes() []Type { + return append(lo.Keys(analyzers), lo.Keys(postAnalyzers)...) } //////////////////// @@ -125,6 +132,7 @@ type AnalyzerGroup struct { analyzers []analyzer postAnalyzers []PostAnalyzer filePatterns map[Type][]*regexp.Regexp + fileSizes map[Type]int64 detectionPriority types.DetectionPriority } @@ -323,8 +331,10 @@ func NewAnalyzerGroup(opts AnalyzerOptions) (AnalyzerGroup, error) { group := AnalyzerGroup{ logger: log.WithPrefix("analyzer"), filePatterns: make(map[Type][]*regexp.Regexp), + fileSizes: opts.MaxFileSize, detectionPriority: opts.DetectionPriority, } + for _, p := range opts.FilePatterns { // e.g. "dockerfile:my_dockerfile_*" s := strings.SplitN(p, separator, 2) @@ -404,12 +414,14 @@ func (ag AnalyzerGroup) AnalyzeFile(ctx context.Context, wg *sync.WaitGroup, lim // filepath extracted from tar file doesn't have the prefix "/" cleanPath := strings.TrimLeft(filePath, "/") - for _, a := range ag.analyzers { // Skip disabled analyzers if slices.Contains(disabled, a.Type()) { continue } + if !ag.fileSizeMatch(a.Type(), info) { + continue + } if !ag.filePatternMatch(a.Type(), cleanPath) && !a.Required(cleanPath, info) { continue @@ -457,6 +469,9 @@ func (ag AnalyzerGroup) RequiredPostAnalyzers(filePath string, info os.FileInfo) } var postAnalyzerTypes []Type for _, a := range ag.postAnalyzers { + if !ag.fileSizeMatch(a.Type(), info) { + continue + } if ag.filePatternMatch(a.Type(), filePath) || a.Required(filePath, info) { postAnalyzerTypes = append(postAnalyzerTypes, a.Type()) } @@ -523,3 +538,11 @@ func (ag AnalyzerGroup) filePatternMatch(analyzerType Type, filePath string) boo } return false } + +func (ag AnalyzerGroup) fileSizeMatch(analyzerType Type, fileInfo os.FileInfo) bool { + maxSize, ok := ag.fileSizes[analyzerType] + if !ok { + return true + } + return fileInfo.Size() <= maxSize +} diff --git a/pkg/fanal/analyzer/analyzer_test.go b/pkg/fanal/analyzer/analyzer_test.go index 313fccda7e94..ca11a59b1dc8 100644 --- a/pkg/fanal/analyzer/analyzer_test.go +++ b/pkg/fanal/analyzer/analyzer_test.go @@ -295,6 +295,7 @@ func TestAnalyzerGroup_AnalyzeFile(t *testing.T) { testFilePath string disabledAnalyzers []analyzer.Type filePatterns []string + maxFileSize map[analyzer.Type]int64 } tests := []struct { name string @@ -315,6 +316,17 @@ func TestAnalyzerGroup_AnalyzeFile(t *testing.T) { }, }, }, + { + name: "happy path with max file size os analyzer", + args: args{ + filePath: "/etc/alpine-release", + testFilePath: "testdata/etc/alpine-release", + maxFileSize: map[analyzer.Type]int64{ + analyzer.TypeAlpine: 1, + }, + }, + want: &analyzer.AnalysisResult{}, + }, { name: "happy path with disabled os analyzer", args: args{ @@ -514,11 +526,18 @@ func TestAnalyzerGroup_AnalyzeFile(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { var wg sync.WaitGroup + var maxFileSize map[analyzer.Type]int64 limit := semaphore.NewWeighted(3) got := new(analyzer.AnalysisResult) + if tt.args.maxFileSize != nil { + maxFileSize = tt.args.maxFileSize + } else { + maxFileSize = map[analyzer.Type]int64{} + } a, err := analyzer.NewAnalyzerGroup(analyzer.AnalyzerOptions{ FilePatterns: tt.args.filePatterns, + MaxFileSize: maxFileSize, DisabledAnalyzers: tt.args.disabledAnalyzers, }) if err != nil && tt.wantErr != "" { diff --git a/pkg/fanal/analyzer/buildinfo/content_manifest.go b/pkg/fanal/analyzer/buildinfo/content_manifest.go index 1c99a9783ebe..ca3388769bc2 100644 --- a/pkg/fanal/analyzer/buildinfo/content_manifest.go +++ b/pkg/fanal/analyzer/buildinfo/content_manifest.go @@ -53,3 +53,7 @@ func (a contentManifestAnalyzer) Type() analyzer.Type { func (a contentManifestAnalyzer) Version() int { return contentManifestAnalyzerVersion } + +func (a contentManifestAnalyzer) Description() string { + return string(analyzer.TypeRedHatContentManifestType) +} diff --git a/pkg/fanal/analyzer/buildinfo/dockerfile.go b/pkg/fanal/analyzer/buildinfo/dockerfile.go index 10ae20b4a4c9..26ebfa742a6d 100644 --- a/pkg/fanal/analyzer/buildinfo/dockerfile.go +++ b/pkg/fanal/analyzer/buildinfo/dockerfile.go @@ -106,6 +106,10 @@ func (a dockerfileAnalyzer) Version() int { return dockerfileAnalyzerVersion } +func (a dockerfileAnalyzer) Description() string { + return string(analyzer.TypeRedHatDockerfileType) +} + // parseVersion parses version from a file name func parseVersion(nvr string) string { releaseIndex := strings.LastIndex(nvr, "-") diff --git a/pkg/fanal/analyzer/config/azurearm/azurearm.go b/pkg/fanal/analyzer/config/azurearm/azurearm.go index 3c0c4b9828f1..01c2526d8daa 100644 --- a/pkg/fanal/analyzer/config/azurearm/azurearm.go +++ b/pkg/fanal/analyzer/config/azurearm/azurearm.go @@ -36,3 +36,7 @@ func newAzureARMConfigAnalyzer(opts analyzer.AnalyzerOptions) (analyzer.PostAnal func (a *azureARMConfigAnalyzer) Required(filePath string, _ os.FileInfo) bool { return filepath.Ext(filePath) == ".json" } + +func (a *azureARMConfigAnalyzer) Description() string { + return string(analyzer.TypeAzureARM) +} diff --git a/pkg/fanal/analyzer/config/cloudformation/cloudformation.go b/pkg/fanal/analyzer/config/cloudformation/cloudformation.go index 06f7e458a859..0909881c7a74 100644 --- a/pkg/fanal/analyzer/config/cloudformation/cloudformation.go +++ b/pkg/fanal/analyzer/config/cloudformation/cloudformation.go @@ -28,3 +28,7 @@ func newCloudFormationConfigAnalyzer(opts analyzer.AnalyzerOptions) (analyzer.Po } return &cloudFormationConfigAnalyzer{Analyzer: a}, nil } + +func (c cloudFormationConfigAnalyzer) Description() string { + return string(analyzer.TypeCloudFormation) +} diff --git a/pkg/fanal/analyzer/config/config.go b/pkg/fanal/analyzer/config/config.go index b5f3569d0ab4..9eeeb24b7611 100644 --- a/pkg/fanal/analyzer/config/config.go +++ b/pkg/fanal/analyzer/config/config.go @@ -63,3 +63,7 @@ func (a *Analyzer) Type() analyzer.Type { func (a *Analyzer) Version() int { return a.version } + +func (a *Analyzer) Description() string { + return string(a.typ) +} diff --git a/pkg/fanal/analyzer/config/dockerfile/docker.go b/pkg/fanal/analyzer/config/dockerfile/docker.go index 353cef4eb62a..f05e3b568fd8 100644 --- a/pkg/fanal/analyzer/config/dockerfile/docker.go +++ b/pkg/fanal/analyzer/config/dockerfile/docker.go @@ -52,3 +52,7 @@ func (a *dockerConfigAnalyzer) Required(filePath string, _ os.FileInfo) bool { return false } + +func (a *dockerConfigAnalyzer) Description() string { + return string(analyzer.TypeDockerfile) +} diff --git a/pkg/fanal/analyzer/config/helm/helm.go b/pkg/fanal/analyzer/config/helm/helm.go index 14ea6aff63de..59062fca6b46 100644 --- a/pkg/fanal/analyzer/config/helm/helm.go +++ b/pkg/fanal/analyzer/config/helm/helm.go @@ -58,3 +58,7 @@ func (*helmConfigAnalyzer) Required(filePath string, info os.FileInfo) bool { return false } + +func (*helmConfigAnalyzer) Description() string { + return string(analyzer.TypeHelm) +} diff --git a/pkg/fanal/analyzer/config/k8s/k8s.go b/pkg/fanal/analyzer/config/k8s/k8s.go index 6f3a58af16b5..4bdbceefaf76 100644 --- a/pkg/fanal/analyzer/config/k8s/k8s.go +++ b/pkg/fanal/analyzer/config/k8s/k8s.go @@ -28,3 +28,7 @@ func newKubernetesConfigAnalyzer(opts analyzer.AnalyzerOptions) (analyzer.PostAn } return &kubernetesConfigAnalyzer{Analyzer: a}, nil } + +func (k kubernetesConfigAnalyzer) Description() string { + return string(analyzer.TypeKubernetes) +} diff --git a/pkg/fanal/analyzer/config/terraform/terraform.go b/pkg/fanal/analyzer/config/terraform/terraform.go index 363d35de87fe..5099b020faa7 100644 --- a/pkg/fanal/analyzer/config/terraform/terraform.go +++ b/pkg/fanal/analyzer/config/terraform/terraform.go @@ -36,3 +36,7 @@ func newTerraformConfigAnalyzer(opts analyzer.AnalyzerOptions) (analyzer.PostAna func (*terraformConfigAnalyzer) Required(filePath string, _ os.FileInfo) bool { return detection.IsTerraformFile(filePath) } + +func (*terraformConfigAnalyzer) Description() string { + return string(analyzer.TypeTerraform) +} diff --git a/pkg/fanal/analyzer/config/terraformplan/json/json.go b/pkg/fanal/analyzer/config/terraformplan/json/json.go index 5272f0f990f9..3643e1e29c29 100644 --- a/pkg/fanal/analyzer/config/terraformplan/json/json.go +++ b/pkg/fanal/analyzer/config/terraformplan/json/json.go @@ -42,3 +42,7 @@ func newTerraformPlanJSONConfigAnalyzer(opts analyzer.AnalyzerOptions) (analyzer func (*terraformPlanConfigAnalyzer) Required(filePath string, _ os.FileInfo) bool { return slices.Contains(requiredExts, filepath.Ext(filePath)) } + +func (*terraformPlanConfigAnalyzer) Description() string { + return string(analyzer.TypeTerraformPlanJSON) +} diff --git a/pkg/fanal/analyzer/config/terraformplan/snapshot/snapshot.go b/pkg/fanal/analyzer/config/terraformplan/snapshot/snapshot.go index 0597c137d96c..d195ae1f5aaf 100644 --- a/pkg/fanal/analyzer/config/terraformplan/snapshot/snapshot.go +++ b/pkg/fanal/analyzer/config/terraformplan/snapshot/snapshot.go @@ -35,3 +35,7 @@ func newTerraformPlanSnapshotConfigAnalyzer(opts analyzer.AnalyzerOptions) (anal func (*terraformPlanConfigAnalyzer) Required(filePath string, fi os.FileInfo) bool { return filepath.Ext(filePath) == ".tfplan" || filepath.Base(filePath) == "tfplan" } + +func (*terraformPlanConfigAnalyzer) Description() string { + return string(analyzer.TypeTerraformPlanSnapshot) +} diff --git a/pkg/fanal/analyzer/executable/executable.go b/pkg/fanal/analyzer/executable/executable.go index b484cb0fde3a..0c42bc341d60 100644 --- a/pkg/fanal/analyzer/executable/executable.go +++ b/pkg/fanal/analyzer/executable/executable.go @@ -51,3 +51,7 @@ func (a executableAnalyzer) Type() analyzer.Type { func (a executableAnalyzer) Version() int { return version } + +func (a executableAnalyzer) Description() string { + return string(analyzer.TypeExecutable) +} diff --git a/pkg/fanal/analyzer/language/c/conan/conan.go b/pkg/fanal/analyzer/language/c/conan/conan.go index a32591dae7fe..ef1c9d87cdba 100644 --- a/pkg/fanal/analyzer/language/c/conan/conan.go +++ b/pkg/fanal/analyzer/language/c/conan/conan.go @@ -194,3 +194,7 @@ func (a conanLockAnalyzer) Type() analyzer.Type { func (a conanLockAnalyzer) Version() int { return version } + +func (a conanLockAnalyzer) Description() string { + return string(analyzer.TypeConanLock) +} diff --git a/pkg/fanal/analyzer/language/conda/environment/environment.go b/pkg/fanal/analyzer/language/conda/environment/environment.go index 305ac4821855..39a287741e20 100644 --- a/pkg/fanal/analyzer/language/conda/environment/environment.go +++ b/pkg/fanal/analyzer/language/conda/environment/environment.go @@ -117,3 +117,7 @@ func (a environmentAnalyzer) Type() analyzer.Type { func (a environmentAnalyzer) Version() int { return version } + +func (a environmentAnalyzer) Description() string { + return string(analyzer.TypeCondaEnv) +} diff --git a/pkg/fanal/analyzer/language/conda/meta/meta.go b/pkg/fanal/analyzer/language/conda/meta/meta.go index 091587f3435c..e3c42197bad4 100644 --- a/pkg/fanal/analyzer/language/conda/meta/meta.go +++ b/pkg/fanal/analyzer/language/conda/meta/meta.go @@ -37,3 +37,7 @@ func (a metaAnalyzer) Type() analyzer.Type { func (a metaAnalyzer) Version() int { return version } + +func (a metaAnalyzer) Description() string { + return string(analyzer.TypeCondaPkg) +} diff --git a/pkg/fanal/analyzer/language/dart/pub/pubspec.go b/pkg/fanal/analyzer/language/dart/pub/pubspec.go index 30fc2dadb18b..3b6a51d9c8a7 100644 --- a/pkg/fanal/analyzer/language/dart/pub/pubspec.go +++ b/pkg/fanal/analyzer/language/dart/pub/pubspec.go @@ -181,3 +181,7 @@ func (a pubSpecLockAnalyzer) Type() analyzer.Type { func (a pubSpecLockAnalyzer) Version() int { return version } + +func (a pubSpecLockAnalyzer) Description() string { + return string(analyzer.TypePubSpecLock) +} diff --git a/pkg/fanal/analyzer/language/dotnet/deps/deps.go b/pkg/fanal/analyzer/language/dotnet/deps/deps.go index 035142b41708..291ac8833d88 100644 --- a/pkg/fanal/analyzer/language/dotnet/deps/deps.go +++ b/pkg/fanal/analyzer/language/dotnet/deps/deps.go @@ -45,3 +45,7 @@ func (a depsLibraryAnalyzer) Type() analyzer.Type { func (a depsLibraryAnalyzer) Version() int { return version } + +func (a depsLibraryAnalyzer) Description() string { + return string(analyzer.TypeDotNetCore) +} diff --git a/pkg/fanal/analyzer/language/dotnet/nuget/nuget.go b/pkg/fanal/analyzer/language/dotnet/nuget/nuget.go index b7400048edac..be0f821b5156 100644 --- a/pkg/fanal/analyzer/language/dotnet/nuget/nuget.go +++ b/pkg/fanal/analyzer/language/dotnet/nuget/nuget.go @@ -122,3 +122,7 @@ func (a *nugetLibraryAnalyzer) Type() analyzer.Type { func (a *nugetLibraryAnalyzer) Version() int { return version } + +func (a *nugetLibraryAnalyzer) Description() string { + return string(analyzer.TypeNuget) +} diff --git a/pkg/fanal/analyzer/language/dotnet/packagesprops/packagesprops.go b/pkg/fanal/analyzer/language/dotnet/packagesprops/packagesprops.go index 03bf27878e40..4f722e30b143 100644 --- a/pkg/fanal/analyzer/language/dotnet/packagesprops/packagesprops.go +++ b/pkg/fanal/analyzer/language/dotnet/packagesprops/packagesprops.go @@ -47,3 +47,7 @@ func (a packagesPropsAnalyzer) Type() analyzer.Type { func (a packagesPropsAnalyzer) Version() int { return version } + +func (a packagesPropsAnalyzer) Description() string { + return string(analyzer.TypePackagesProps) +} diff --git a/pkg/fanal/analyzer/language/elixir/mix/mix.go b/pkg/fanal/analyzer/language/elixir/mix/mix.go index 24ad59ef94a3..cccfb9d5307e 100644 --- a/pkg/fanal/analyzer/language/elixir/mix/mix.go +++ b/pkg/fanal/analyzer/language/elixir/mix/mix.go @@ -47,3 +47,7 @@ func (a mixLockAnalyzer) Type() analyzer.Type { func (a mixLockAnalyzer) Version() int { return version } + +func (a mixLockAnalyzer) Description() string { + return string(analyzer.TypeMixLock) +} diff --git a/pkg/fanal/analyzer/language/golang/binary/binary.go b/pkg/fanal/analyzer/language/golang/binary/binary.go index a0a7a37c3c0e..7fc6bef6ca24 100644 --- a/pkg/fanal/analyzer/language/golang/binary/binary.go +++ b/pkg/fanal/analyzer/language/golang/binary/binary.go @@ -45,3 +45,7 @@ func (a gobinaryLibraryAnalyzer) Type() analyzer.Type { func (a gobinaryLibraryAnalyzer) Version() int { return version } + +func (a gobinaryLibraryAnalyzer) Description() string { + return string(analyzer.TypeGoBinary) +} diff --git a/pkg/fanal/analyzer/language/golang/mod/mod.go b/pkg/fanal/analyzer/language/golang/mod/mod.go index 96d40ba1c954..27e439c66257 100644 --- a/pkg/fanal/analyzer/language/golang/mod/mod.go +++ b/pkg/fanal/analyzer/language/golang/mod/mod.go @@ -119,6 +119,10 @@ func (a *gomodAnalyzer) Version() int { return version } +func (a *gomodAnalyzer) Description() string { + return string(analyzer.TypeGoMod) +} + // fillAdditionalData collects licenses and dependency relationships, then update applications. func (a *gomodAnalyzer) fillAdditionalData(apps []types.Application) error { gopath := os.Getenv("GOPATH") diff --git a/pkg/fanal/analyzer/language/java/gradle/lockfile.go b/pkg/fanal/analyzer/language/java/gradle/lockfile.go index ce7fc2c31e59..e949ca21981f 100644 --- a/pkg/fanal/analyzer/language/java/gradle/lockfile.go +++ b/pkg/fanal/analyzer/language/java/gradle/lockfile.go @@ -115,6 +115,10 @@ func (a gradleLockAnalyzer) Version() int { return version } +func (a gradleLockAnalyzer) Description() string { + return string(analyzer.TypeGradleLock) +} + func packageID(groupId, artifactId, ver string) string { return fmt.Sprintf("%s:%s:%s", groupId, artifactId, ver) } diff --git a/pkg/fanal/analyzer/language/java/jar/jar.go b/pkg/fanal/analyzer/language/java/jar/jar.go index 42d1004a2f44..288a7e8373ba 100644 --- a/pkg/fanal/analyzer/language/java/jar/jar.go +++ b/pkg/fanal/analyzer/language/java/jar/jar.go @@ -96,3 +96,7 @@ func (a *javaLibraryAnalyzer) Type() analyzer.Type { func (a *javaLibraryAnalyzer) Version() int { return version } + +func (a *javaLibraryAnalyzer) Description() string { + return string(analyzer.TypeJar) +} diff --git a/pkg/fanal/analyzer/language/java/pom/pom.go b/pkg/fanal/analyzer/language/java/pom/pom.go index 382a41dc0f1c..d75ff7f7fcb7 100644 --- a/pkg/fanal/analyzer/language/java/pom/pom.go +++ b/pkg/fanal/analyzer/language/java/pom/pom.go @@ -55,6 +55,10 @@ func (a pomAnalyzer) Version() int { return version } +func (a pomAnalyzer) Description() string { + return string(analyzer.TypePom) +} + // isIntegrationTestDir checks that pom file is in directory with integration tests of `maven-invoker-plugin` // https://maven.apache.org/plugins/maven-invoker-plugin/usage.html func isIntegrationTestDir(filePath string) bool { diff --git a/pkg/fanal/analyzer/language/java/sbt/lockfile.go b/pkg/fanal/analyzer/language/java/sbt/lockfile.go index 4d1d17cb5d34..a7fde18f7175 100644 --- a/pkg/fanal/analyzer/language/java/sbt/lockfile.go +++ b/pkg/fanal/analyzer/language/java/sbt/lockfile.go @@ -45,3 +45,7 @@ func (a sbtDependencyLockAnalyzer) Type() analyzer.Type { func (a sbtDependencyLockAnalyzer) Version() int { return version } + +func (a sbtDependencyLockAnalyzer) Description() string { + return string(analyzer.TypeSbtLock) +} diff --git a/pkg/fanal/analyzer/language/julia/pkg/pkg.go b/pkg/fanal/analyzer/language/julia/pkg/pkg.go index 66d715e061b2..9d17829adf2c 100644 --- a/pkg/fanal/analyzer/language/julia/pkg/pkg.go +++ b/pkg/fanal/analyzer/language/julia/pkg/pkg.go @@ -98,6 +98,10 @@ func (a juliaAnalyzer) Version() int { return version } +func (a juliaAnalyzer) Description() string { + return string(analyzer.TypeJulia) +} + func (a juliaAnalyzer) parseJuliaManifest(path string, r io.Reader) (*types.Application, error) { return language.Parse(types.Julia, path, r, a.lockParser) } diff --git a/pkg/fanal/analyzer/language/nodejs/npm/npm.go b/pkg/fanal/analyzer/language/nodejs/npm/npm.go index 870ba1be88e7..2454aec6333f 100644 --- a/pkg/fanal/analyzer/language/nodejs/npm/npm.go +++ b/pkg/fanal/analyzer/language/nodejs/npm/npm.go @@ -108,6 +108,10 @@ func (a npmLibraryAnalyzer) Version() int { return version } +func (a npmLibraryAnalyzer) Description() string { + return string(analyzer.TypeNpmPkgLock) +} + func (a npmLibraryAnalyzer) parseNpmPkgLock(fsys fs.FS, filePath string) (*types.Application, error) { f, err := fsys.Open(filePath) if err != nil { diff --git a/pkg/fanal/analyzer/language/nodejs/pkg/pkg.go b/pkg/fanal/analyzer/language/nodejs/pkg/pkg.go index 5ca5d4eeae80..1021452e1361 100644 --- a/pkg/fanal/analyzer/language/nodejs/pkg/pkg.go +++ b/pkg/fanal/analyzer/language/nodejs/pkg/pkg.go @@ -57,3 +57,7 @@ func (a nodePkgLibraryAnalyzer) Type() analyzer.Type { func (a nodePkgLibraryAnalyzer) Version() int { return version } + +func (a nodePkgLibraryAnalyzer) Description() string { + return string(analyzer.TypeNodePkg) +} diff --git a/pkg/fanal/analyzer/language/nodejs/pnpm/pnpm.go b/pkg/fanal/analyzer/language/nodejs/pnpm/pnpm.go index 9c8f51a38265..6a65a84f2730 100644 --- a/pkg/fanal/analyzer/language/nodejs/pnpm/pnpm.go +++ b/pkg/fanal/analyzer/language/nodejs/pnpm/pnpm.go @@ -108,6 +108,10 @@ func (a pnpmAnalyzer) Version() int { return version } +func (a pnpmAnalyzer) Description() string { + return string(analyzer.TypePnpm) +} + func (a pnpmAnalyzer) findLicenses(fsys fs.FS, lockPath string) (map[string][]string, error) { dir := path.Dir(lockPath) root := path.Join(dir, "node_modules") diff --git a/pkg/fanal/analyzer/language/nodejs/yarn/yarn.go b/pkg/fanal/analyzer/language/nodejs/yarn/yarn.go index 984f72983ec9..a4ccf745b261 100644 --- a/pkg/fanal/analyzer/language/nodejs/yarn/yarn.go +++ b/pkg/fanal/analyzer/language/nodejs/yarn/yarn.go @@ -158,6 +158,10 @@ func (a yarnAnalyzer) Version() int { return version } +func (a yarnAnalyzer) Description() string { + return string(analyzer.TypeYarn) +} + // analyzeDependencies analyzes the package.json file next to yarn.lock, // distinguishing between direct and transitive dependencies as well as production and development dependencies. func (a yarnAnalyzer) analyzeDependencies(fsys fs.FS, dir string, app *types.Application, patterns map[string][]string) error { diff --git a/pkg/fanal/analyzer/language/php/composer/composer.go b/pkg/fanal/analyzer/language/php/composer/composer.go index d0b3f4466352..32dc8d4cf541 100644 --- a/pkg/fanal/analyzer/language/php/composer/composer.go +++ b/pkg/fanal/analyzer/language/php/composer/composer.go @@ -99,6 +99,10 @@ func (a composerAnalyzer) Version() int { return composerAnalyzerVersion } +func (a composerAnalyzer) Description() string { + return string(analyzer.TypeComposer) +} + func (a composerAnalyzer) parseComposerLock(path string, r io.Reader) (*types.Application, error) { return language.Parse(types.Composer, path, r, a.lockParser) } diff --git a/pkg/fanal/analyzer/language/php/composer/vendor.go b/pkg/fanal/analyzer/language/php/composer/vendor.go index 423de2b7a352..6398661aaee0 100644 --- a/pkg/fanal/analyzer/language/php/composer/vendor.go +++ b/pkg/fanal/analyzer/language/php/composer/vendor.go @@ -37,3 +37,7 @@ func (a composerVendorAnalyzer) Type() analyzer.Type { func (a composerVendorAnalyzer) Version() int { return composerInstalledAnalyzerVersion } + +func (a composerVendorAnalyzer) Description() string { + return string(analyzer.TypeComposer) +} diff --git a/pkg/fanal/analyzer/language/python/packaging/packaging.go b/pkg/fanal/analyzer/language/python/packaging/packaging.go index 51fd585d8a6c..5e17914d2365 100644 --- a/pkg/fanal/analyzer/language/python/packaging/packaging.go +++ b/pkg/fanal/analyzer/language/python/packaging/packaging.go @@ -220,3 +220,7 @@ func (a packagingAnalyzer) Type() analyzer.Type { func (a packagingAnalyzer) Version() int { return version } + +func (a packagingAnalyzer) Description() string { + return string(analyzer.TypePythonPkg) +} diff --git a/pkg/fanal/analyzer/language/python/pip/pip.go b/pkg/fanal/analyzer/language/python/pip/pip.go index e08a90e7a70b..d9ca73cb4cba 100644 --- a/pkg/fanal/analyzer/language/python/pip/pip.go +++ b/pkg/fanal/analyzer/language/python/pip/pip.go @@ -103,6 +103,10 @@ func (a pipLibraryAnalyzer) Version() int { return version } +func (a pipLibraryAnalyzer) Description() string { + return string(analyzer.TypePip) +} + // pkgLicense parses `METADATA` pkg file to look for licenses func (a pipLibraryAnalyzer) pkgLicense(pkgName, pkgVer, spDir string) []string { // METADATA path is `**/site-packages/-.dist-info/METADATA` diff --git a/pkg/fanal/analyzer/language/python/pipenv/pipenv.go b/pkg/fanal/analyzer/language/python/pipenv/pipenv.go index 06fc1f35dccf..feb6d1346dc7 100644 --- a/pkg/fanal/analyzer/language/python/pipenv/pipenv.go +++ b/pkg/fanal/analyzer/language/python/pipenv/pipenv.go @@ -44,3 +44,7 @@ func (a pipenvLibraryAnalyzer) Type() analyzer.Type { func (a pipenvLibraryAnalyzer) Version() int { return version } + +func (a pipenvLibraryAnalyzer) Description() string { + return string(analyzer.TypePipenv) +} diff --git a/pkg/fanal/analyzer/language/python/poetry/poetry.go b/pkg/fanal/analyzer/language/python/poetry/poetry.go index 3b751f747621..33abd566f39a 100644 --- a/pkg/fanal/analyzer/language/python/poetry/poetry.go +++ b/pkg/fanal/analyzer/language/python/poetry/poetry.go @@ -87,6 +87,10 @@ func (a poetryAnalyzer) Version() int { return version } +func (a poetryAnalyzer) Description() string { + return string(analyzer.TypePoetry) +} + func (a poetryAnalyzer) parsePoetryLock(path string, r io.Reader) (*types.Application, error) { return language.Parse(types.Poetry, path, r, a.lockParser) } diff --git a/pkg/fanal/analyzer/language/ruby/bundler/bundler.go b/pkg/fanal/analyzer/language/ruby/bundler/bundler.go index 49f35bf3a3d1..9f315529daad 100644 --- a/pkg/fanal/analyzer/language/ruby/bundler/bundler.go +++ b/pkg/fanal/analyzer/language/ruby/bundler/bundler.go @@ -41,3 +41,7 @@ func (a bundlerLibraryAnalyzer) Type() analyzer.Type { func (a bundlerLibraryAnalyzer) Version() int { return version } + +func (a bundlerLibraryAnalyzer) Description() string { + return string(analyzer.TypeBundler) +} diff --git a/pkg/fanal/analyzer/language/ruby/gemspec/gemspec.go b/pkg/fanal/analyzer/language/ruby/gemspec/gemspec.go index e422771bc565..d9202e80ec73 100644 --- a/pkg/fanal/analyzer/language/ruby/gemspec/gemspec.go +++ b/pkg/fanal/analyzer/language/ruby/gemspec/gemspec.go @@ -38,3 +38,7 @@ func (a gemspecLibraryAnalyzer) Type() analyzer.Type { func (a gemspecLibraryAnalyzer) Version() int { return version } + +func (a gemspecLibraryAnalyzer) Description() string { + return string(analyzer.TypeGemSpec) +} diff --git a/pkg/fanal/analyzer/language/rust/binary/binary.go b/pkg/fanal/analyzer/language/rust/binary/binary.go index 941baacbbee9..aa1a350f0b49 100644 --- a/pkg/fanal/analyzer/language/rust/binary/binary.go +++ b/pkg/fanal/analyzer/language/rust/binary/binary.go @@ -43,3 +43,7 @@ func (a rustBinaryLibraryAnalyzer) Type() analyzer.Type { func (a rustBinaryLibraryAnalyzer) Version() int { return version } + +func (a rustBinaryLibraryAnalyzer) Description() string { + return string(analyzer.TypeRustBinary) +} diff --git a/pkg/fanal/analyzer/language/rust/cargo/cargo.go b/pkg/fanal/analyzer/language/rust/cargo/cargo.go index ab436bf95fe2..5e27952e2170 100644 --- a/pkg/fanal/analyzer/language/rust/cargo/cargo.go +++ b/pkg/fanal/analyzer/language/rust/cargo/cargo.go @@ -101,6 +101,10 @@ func (a cargoAnalyzer) Version() int { return version } +func (a cargoAnalyzer) Description() string { + return string(analyzer.TypeCargo) +} + func (a cargoAnalyzer) parseCargoLock(filePath string, r io.Reader) (*types.Application, error) { return language.Parse(types.Cargo, filePath, r, a.lockParser) } diff --git a/pkg/fanal/analyzer/language/swift/cocoapods/cocoapods.go b/pkg/fanal/analyzer/language/swift/cocoapods/cocoapods.go index 9a10d42f8870..c302619d19c8 100644 --- a/pkg/fanal/analyzer/language/swift/cocoapods/cocoapods.go +++ b/pkg/fanal/analyzer/language/swift/cocoapods/cocoapods.go @@ -43,3 +43,7 @@ func (a cocoaPodsLockAnalyzer) Type() analyzer.Type { func (a cocoaPodsLockAnalyzer) Version() int { return version } + +func (a cocoaPodsLockAnalyzer) Description() string { + return string(analyzer.TypeCocoaPods) +} diff --git a/pkg/fanal/analyzer/language/swift/swift/swift.go b/pkg/fanal/analyzer/language/swift/swift/swift.go index 2b140545b2fb..f9ad60415b3c 100644 --- a/pkg/fanal/analyzer/language/swift/swift/swift.go +++ b/pkg/fanal/analyzer/language/swift/swift/swift.go @@ -44,3 +44,7 @@ func (a swiftLockAnalyzer) Type() analyzer.Type { func (a swiftLockAnalyzer) Version() int { return version } + +func (a swiftLockAnalyzer) Description() string { + return string(analyzer.TypeSwift) +} diff --git a/pkg/fanal/analyzer/licensing/license.go b/pkg/fanal/analyzer/licensing/license.go index e48e08b2814f..b49ab5376ace 100644 --- a/pkg/fanal/analyzer/licensing/license.go +++ b/pkg/fanal/analyzer/licensing/license.go @@ -158,3 +158,7 @@ func (a *licenseFileAnalyzer) Type() analyzer.Type { func (a *licenseFileAnalyzer) Version() int { return version } + +func (a *licenseFileAnalyzer) Description() string { + return string(analyzer.TypeLicenseFile) +} diff --git a/pkg/fanal/analyzer/os/alpine/alpine.go b/pkg/fanal/analyzer/os/alpine/alpine.go index da3d2da00d89..bf27b0f1fe93 100644 --- a/pkg/fanal/analyzer/os/alpine/alpine.go +++ b/pkg/fanal/analyzer/os/alpine/alpine.go @@ -48,3 +48,7 @@ func (a alpineOSAnalyzer) Type() analyzer.Type { func (a alpineOSAnalyzer) Version() int { return version } + +func (a alpineOSAnalyzer) Description() string { + return string(analyzer.TypeAlpine) +} diff --git a/pkg/fanal/analyzer/os/amazonlinux/amazonlinux.go b/pkg/fanal/analyzer/os/amazonlinux/amazonlinux.go index 2dc96646719f..e075cff76420 100644 --- a/pkg/fanal/analyzer/os/amazonlinux/amazonlinux.go +++ b/pkg/fanal/analyzer/os/amazonlinux/amazonlinux.go @@ -73,3 +73,7 @@ func (a amazonlinuxOSAnalyzer) Type() analyzer.Type { func (a amazonlinuxOSAnalyzer) Version() int { return version } + +func (a amazonlinuxOSAnalyzer) Description() string { + return string(analyzer.TypeAmazon) +} diff --git a/pkg/fanal/analyzer/os/debian/debian.go b/pkg/fanal/analyzer/os/debian/debian.go index 5c5f3c766229..8a14ae88751a 100644 --- a/pkg/fanal/analyzer/os/debian/debian.go +++ b/pkg/fanal/analyzer/os/debian/debian.go @@ -48,3 +48,7 @@ func (a debianOSAnalyzer) Type() analyzer.Type { func (a debianOSAnalyzer) Version() int { return version } + +func (a debianOSAnalyzer) Description() string { + return string(analyzer.TypeDebian) +} diff --git a/pkg/fanal/analyzer/os/redhatbase/alma.go b/pkg/fanal/analyzer/os/redhatbase/alma.go index eddf7d82f80b..86cccf531f01 100644 --- a/pkg/fanal/analyzer/os/redhatbase/alma.go +++ b/pkg/fanal/analyzer/os/redhatbase/alma.go @@ -60,3 +60,7 @@ func (a almaOSAnalyzer) Type() analyzer.Type { func (a almaOSAnalyzer) Version() int { return almaAnalyzerVersion } + +func (a almaOSAnalyzer) Description() string { + return string(analyzer.TypeAlma) +} diff --git a/pkg/fanal/analyzer/os/redhatbase/centos.go b/pkg/fanal/analyzer/os/redhatbase/centos.go index 4a57e3e9eac1..52f14522dacf 100644 --- a/pkg/fanal/analyzer/os/redhatbase/centos.go +++ b/pkg/fanal/analyzer/os/redhatbase/centos.go @@ -60,3 +60,7 @@ func (a centOSAnalyzer) Type() analyzer.Type { func (a centOSAnalyzer) Version() int { return centosAnalyzerVersion } + +func (a centOSAnalyzer) Description() string { + return string(analyzer.TypeCentOS) +} diff --git a/pkg/fanal/analyzer/os/redhatbase/fedora.go b/pkg/fanal/analyzer/os/redhatbase/fedora.go index d5b2458e1c5b..5e581a71824a 100644 --- a/pkg/fanal/analyzer/os/redhatbase/fedora.go +++ b/pkg/fanal/analyzer/os/redhatbase/fedora.go @@ -62,3 +62,7 @@ func (a fedoraOSAnalyzer) Type() analyzer.Type { func (a fedoraOSAnalyzer) Version() int { return fedoraAnalyzerVersion } + +func (a fedoraOSAnalyzer) Description() string { + return string(analyzer.TypeFedora) +} diff --git a/pkg/fanal/analyzer/os/redhatbase/oracle.go b/pkg/fanal/analyzer/os/redhatbase/oracle.go index 90864aefd848..8aa65ec4c3f2 100644 --- a/pkg/fanal/analyzer/os/redhatbase/oracle.go +++ b/pkg/fanal/analyzer/os/redhatbase/oracle.go @@ -56,3 +56,7 @@ func (a oracleOSAnalyzer) Type() analyzer.Type { func (a oracleOSAnalyzer) Version() int { return oracleAnalyzerVersion } + +func (a oracleOSAnalyzer) Description() string { + return string(analyzer.TypeOracle) +} diff --git a/pkg/fanal/analyzer/os/redhatbase/redhatbase.go b/pkg/fanal/analyzer/os/redhatbase/redhatbase.go index 9fc69a8753ca..a485600714a3 100644 --- a/pkg/fanal/analyzer/os/redhatbase/redhatbase.go +++ b/pkg/fanal/analyzer/os/redhatbase/redhatbase.go @@ -97,3 +97,7 @@ func (a redhatOSAnalyzer) Type() analyzer.Type { func (a redhatOSAnalyzer) Version() int { return redhatAnalyzerVersion } + +func (a redhatOSAnalyzer) Description() string { + return string(analyzer.TypeRedHatBase) +} diff --git a/pkg/fanal/analyzer/os/redhatbase/rocky.go b/pkg/fanal/analyzer/os/redhatbase/rocky.go index ac443d29ae83..f96f7261d2db 100644 --- a/pkg/fanal/analyzer/os/redhatbase/rocky.go +++ b/pkg/fanal/analyzer/os/redhatbase/rocky.go @@ -60,3 +60,7 @@ func (a rockyOSAnalyzer) Type() analyzer.Type { func (a rockyOSAnalyzer) Version() int { return rockyAnalyzerVersion } + +func (a rockyOSAnalyzer) Description() string { + return string(analyzer.TypeRocky) +} diff --git a/pkg/fanal/analyzer/os/release/release.go b/pkg/fanal/analyzer/os/release/release.go index 8da24644d5f7..c145067b3866 100644 --- a/pkg/fanal/analyzer/os/release/release.go +++ b/pkg/fanal/analyzer/os/release/release.go @@ -91,3 +91,7 @@ func (a osReleaseAnalyzer) Type() analyzer.Type { func (a osReleaseAnalyzer) Version() int { return version } + +func (a osReleaseAnalyzer) Description() string { + return string(analyzer.TypeOSRelease) +} diff --git a/pkg/fanal/analyzer/os/ubuntu/esm.go b/pkg/fanal/analyzer/os/ubuntu/esm.go index d6fa38d30c16..07a512407b74 100644 --- a/pkg/fanal/analyzer/os/ubuntu/esm.go +++ b/pkg/fanal/analyzer/os/ubuntu/esm.go @@ -77,3 +77,7 @@ func esmEnabled(st status) bool { } return false } + +func (a ubuntuESMAnalyzer) Description() string { + return string(analyzer.TypeUbuntuESM) +} diff --git a/pkg/fanal/analyzer/os/ubuntu/ubuntu.go b/pkg/fanal/analyzer/os/ubuntu/ubuntu.go index 75a24756365d..109a06ed9ddf 100644 --- a/pkg/fanal/analyzer/os/ubuntu/ubuntu.go +++ b/pkg/fanal/analyzer/os/ubuntu/ubuntu.go @@ -62,3 +62,7 @@ func (a ubuntuOSAnalyzer) Type() analyzer.Type { func (a ubuntuOSAnalyzer) Version() int { return version } + +func (a ubuntuOSAnalyzer) Description() string { + return string(analyzer.TypeUbuntu) +} diff --git a/pkg/fanal/analyzer/pkg/apk/apk.go b/pkg/fanal/analyzer/pkg/apk/apk.go index 9ce13e4b013d..cdf7f15545c2 100644 --- a/pkg/fanal/analyzer/pkg/apk/apk.go +++ b/pkg/fanal/analyzer/pkg/apk/apk.go @@ -226,6 +226,10 @@ func (a alpinePkgAnalyzer) Version() int { return analyzerVersion } +func (a alpinePkgAnalyzer) Description() string { + return string(analyzer.TypeApk) +} + // decodeChecksumLine decodes checksum line func (a alpinePkgAnalyzer) decodeChecksumLine(ctx context.Context, line string) digest.Digest { if len(line) < 2 { diff --git a/pkg/fanal/analyzer/pkg/dpkg/copyright.go b/pkg/fanal/analyzer/pkg/dpkg/copyright.go index ac98c2e404c3..74cce8b66475 100644 --- a/pkg/fanal/analyzer/pkg/dpkg/copyright.go +++ b/pkg/fanal/analyzer/pkg/dpkg/copyright.go @@ -138,6 +138,10 @@ func (a *dpkgLicenseAnalyzer) Version() int { return dpkgLicenseAnalyzerVersion } +func (a *dpkgLicenseAnalyzer) Description() string { + return string(analyzer.TypeDpkgLicense) +} + // normalizeLicense returns a normalized license identifier in a heuristic way func normalizeLicense(s string) string { // "The MIT License (MIT)" => "The MIT License" diff --git a/pkg/fanal/analyzer/pkg/dpkg/dpkg.go b/pkg/fanal/analyzer/pkg/dpkg/dpkg.go index 9002af2949ab..4936970c5767 100644 --- a/pkg/fanal/analyzer/pkg/dpkg/dpkg.go +++ b/pkg/fanal/analyzer/pkg/dpkg/dpkg.go @@ -372,3 +372,7 @@ func (a dpkgAnalyzer) Type() analyzer.Type { func (a dpkgAnalyzer) Version() int { return analyzerVersion } + +func (a dpkgAnalyzer) Description() string { + return string(analyzer.TypeDpkg) +} diff --git a/pkg/fanal/analyzer/pkg/rpm/rpm.go b/pkg/fanal/analyzer/pkg/rpm/rpm.go index 70d4de217418..eccc11bd942d 100644 --- a/pkg/fanal/analyzer/pkg/rpm/rpm.go +++ b/pkg/fanal/analyzer/pkg/rpm/rpm.go @@ -209,6 +209,10 @@ func (a rpmPkgAnalyzer) Version() int { return version } +func (a rpmPkgAnalyzer) Description() string { + return string(analyzer.TypeRpm) +} + // splitFileName returns a name, version, release, epoch, arch: // // e.g. diff --git a/pkg/fanal/analyzer/pkg/rpm/rpmqa.go b/pkg/fanal/analyzer/pkg/rpm/rpmqa.go index 55f4feaa9232..e275d2dfdcff 100644 --- a/pkg/fanal/analyzer/pkg/rpm/rpmqa.go +++ b/pkg/fanal/analyzer/pkg/rpm/rpmqa.go @@ -92,3 +92,7 @@ func (a rpmqaPkgAnalyzer) Type() analyzer.Type { func (a rpmqaPkgAnalyzer) Version() int { return versionRpmqa } + +func (a rpmqaPkgAnalyzer) Description() string { + return string(analyzer.TypeRpmqa) +} diff --git a/pkg/fanal/analyzer/repo/apk/apk.go b/pkg/fanal/analyzer/repo/apk/apk.go index cdbc23d5e076..48113baec42f 100644 --- a/pkg/fanal/analyzer/repo/apk/apk.go +++ b/pkg/fanal/analyzer/repo/apk/apk.go @@ -96,3 +96,7 @@ func (a apkRepoAnalyzer) Type() analyzer.Type { func (a apkRepoAnalyzer) Version() int { return version } + +func (a apkRepoAnalyzer) Description() string { + return string(analyzer.TypeApkRepo) +} diff --git a/pkg/fanal/analyzer/sbom/sbom.go b/pkg/fanal/analyzer/sbom/sbom.go index 55768cff3a9b..e28c884b3c65 100644 --- a/pkg/fanal/analyzer/sbom/sbom.go +++ b/pkg/fanal/analyzer/sbom/sbom.go @@ -74,6 +74,10 @@ func (a sbomAnalyzer) Version() int { return version } +func (a sbomAnalyzer) Description() string { + return string(analyzer.TypeSBOM) +} + func handleBitnamiImages(componentPath string, bom types.SBOM) { for i, app := range bom.Applications { if app.Type == ftypes.Bitnami { diff --git a/pkg/fanal/analyzer/secret/secret.go b/pkg/fanal/analyzer/secret/secret.go index d2627a840c1b..8d19b94c6084 100644 --- a/pkg/fanal/analyzer/secret/secret.go +++ b/pkg/fanal/analyzer/secret/secret.go @@ -180,3 +180,7 @@ func (a *SecretAnalyzer) Type() analyzer.Type { func (a *SecretAnalyzer) Version() int { return version } + +func (a *SecretAnalyzer) Description() string { + return string(analyzer.TypeSecret) +} diff --git a/pkg/fanal/artifact/artifact.go b/pkg/fanal/artifact/artifact.go index b6034cb5ac63..5c2565da57a8 100644 --- a/pkg/fanal/artifact/artifact.go +++ b/pkg/fanal/artifact/artifact.go @@ -18,6 +18,7 @@ type Option struct { DisabledAnalyzers []analyzer.Type DisabledHandlers []types.HandlerType FilePatterns []string + MaxFileSize map[analyzer.Type]int64 Parallel int NoProgress bool Insecure bool @@ -49,6 +50,7 @@ func (o *Option) AnalyzerOptions() analyzer.AnalyzerOptions { return analyzer.AnalyzerOptions{ Group: o.AnalyzerGroup, FilePatterns: o.FilePatterns, + MaxFileSize: o.MaxFileSize, Parallel: o.Parallel, DisabledAnalyzers: o.DisabledAnalyzers, DetectionPriority: o.DetectionPriority, diff --git a/pkg/flag/scan_flags.go b/pkg/flag/scan_flags.go index 544d56691883..4cfe4e6fce4e 100644 --- a/pkg/flag/scan_flags.go +++ b/pkg/flag/scan_flags.go @@ -2,8 +2,12 @@ package flag import ( "runtime" + "strings" + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" + "github.com/docker/go-units" "github.com/samber/lo" + "golang.org/x/xerrors" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/log" @@ -69,6 +73,11 @@ var ( ConfigName: "scan.file-patterns", Usage: "specify config file patterns", } + MaxFileSizeFlag = Flag[[]string]{ + Name: "max-file-size", + ConfigName: "scan.max-file-size", + Usage: "specify the maximum file size", + } SlowFlag = Flag[bool]{ Name: "slow", ConfigName: "scan.slow", @@ -118,6 +127,7 @@ type ScanFlagGroup struct { OfflineScan *Flag[bool] Scanners *Flag[[]string] FilePatterns *Flag[[]string] + MaxFileSize *Flag[[]string] Slow *Flag[bool] // deprecated Parallel *Flag[int] SBOMSources *Flag[[]string] @@ -132,6 +142,7 @@ type ScanOptions struct { OfflineScan bool Scanners types.Scanners FilePatterns []string + MaxFileSize map[analyzer.Type]int64 Parallel int SBOMSources []string RekorURL string @@ -145,6 +156,7 @@ func NewScanFlagGroup() *ScanFlagGroup { OfflineScan: OfflineScanFlag.Clone(), Scanners: ScannersFlag.Clone(), FilePatterns: FilePatternsFlag.Clone(), + MaxFileSize: MaxFileSizeFlag.Clone(), Parallel: ParallelFlag.Clone(), SBOMSources: SBOMSourcesFlag.Clone(), RekorURL: RekorURLFlag.Clone(), @@ -164,6 +176,7 @@ func (f *ScanFlagGroup) Flags() []Flagger { f.OfflineScan, f.Scanners, f.FilePatterns, + f.MaxFileSize, f.Slow, f.Parallel, f.SBOMSources, @@ -172,6 +185,8 @@ func (f *ScanFlagGroup) Flags() []Flagger { } } +const separator = ":" + func (f *ScanFlagGroup) ToOptions(args []string) (ScanOptions, error) { if err := parseFlags(f); err != nil { return ScanOptions{}, err @@ -188,6 +203,22 @@ func (f *ScanFlagGroup) ToOptions(args []string) (ScanOptions, error) { parallel = runtime.NumCPU() } + maxFileSize := make(map[analyzer.Type]int64) + for _, f := range f.MaxFileSize.Value() { + // e.g. "jar:5mb secret:5kb" + s := strings.SplitN(f, separator, 2) + if len(s) != 2 { + return ScanOptions{}, xerrors.Errorf("invalid max file size (%s) expected format: \"analyzerType:maxFileSize\" e.g. \"jar:5mb secret:5kb\"", f) + } + + analyzerType := analyzer.Type(s[0]) + fileSize, err := units.FromHumanSize(s[1]) + if err != nil { + return ScanOptions{}, xerrors.Errorf("invalid file size (%s):%w", s[1], err) + } + maxFileSize[analyzerType] = fileSize + } + return ScanOptions{ Target: target, SkipDirs: f.SkipDirs.Value(), @@ -195,6 +226,7 @@ func (f *ScanFlagGroup) ToOptions(args []string) (ScanOptions, error) { OfflineScan: f.OfflineScan.Value(), Scanners: xstrings.ToTSlice[types.Scanner](f.Scanners.Value()), FilePatterns: f.FilePatterns.Value(), + MaxFileSize: maxFileSize, Parallel: parallel, SBOMSources: f.SBOMSources.Value(), RekorURL: f.RekorURL.Value(), diff --git a/pkg/module/module.go b/pkg/module/module.go index 0f0e0e84a450..b63c3b01319d 100644 --- a/pkg/module/module.go +++ b/pkg/module/module.go @@ -443,6 +443,10 @@ func (m *wasmModule) Required(filePath string, _ os.FileInfo) bool { return false } +func (m *wasmModule) Description() string { + return m.name +} + func (m *wasmModule) Analyze(ctx context.Context, input analyzer.AnalysisInput) (*analyzer.AnalysisResult, error) { filePath := "/" + filepath.ToSlash(input.FilePath) log.Debug("Module analyzing...", log.String("module", m.name), log.FilePath(filePath)) diff --git a/pkg/types/scan.go b/pkg/types/scan.go index 0fef0028bef3..bb8cdeabc86f 100644 --- a/pkg/types/scan.go +++ b/pkg/types/scan.go @@ -3,6 +3,7 @@ package types import ( "slices" + "github.com/aquasecurity/trivy/pkg/fanal/analyzer" "github.com/aquasecurity/trivy/pkg/fanal/types" ) @@ -120,5 +121,6 @@ type ScanOptions struct { ScanRemovedPackages bool LicenseCategories map[types.LicenseCategory][]string FilePatterns []string + MaxFileSize map[analyzer.Type]int64 IncludeDevDeps bool }