-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(fs): add --max-file-size flag to skip the files greater than a particular size #7304
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
|
||
## Analyzers | ||
Use the following types of analyzers for the [--max-file-size] and [--file-pattern] flags | ||
``` | ||
fedora | ||
apk | ||
sbom | ||
packages-props | ||
node-pkg | ||
composer-vendor | ||
rustbinary | ||
cocoapods | ||
redhat-content-manifest | ||
redhat-dockerfile | ||
pom | ||
amazon | ||
alma | ||
os-release | ||
dpkg-license | ||
rpmqa | ||
executable | ||
mix-lock | ||
gemspec | ||
swift | ||
debian | ||
rocky | ||
gobinary | ||
centos | ||
ubuntu | ||
apk-repo | ||
conda-environment | ||
conda-pkg | ||
bundler | ||
alpine | ||
oracle | ||
rpm | ||
dotnet-core | ||
pipenv | ||
license-file | ||
redhat | ||
ubuntu-esm | ||
sbt-lockfile | ||
secret | ||
dockerfile | ||
kubernetes | ||
python-pkg | ||
dpkg | ||
cloudformation | ||
terraformplan-json | ||
conan-lock | ||
jar | ||
npm | ||
pnpm | ||
poetry | ||
terraformplan-snapshot | ||
pubspec-lock | ||
nuget | ||
gomod | ||
gradle-lockfile | ||
composer | ||
azure-arm | ||
helm | ||
terraform | ||
julia | ||
yarn | ||
pip | ||
cargo | ||
``` |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -43,6 +43,7 @@ type AnalyzerOptions struct { | |
Group Group | ||
Parallel int | ||
FilePatterns []string | ||
MaxFileSize map[Type]int64 | ||
DisabledAnalyzers []Type | ||
DetectionPriority types.DetectionPriority | ||
MisconfScannerOption misconf.ScannerOption | ||
|
@@ -74,13 +75,19 @@ type analyzer interface { | |
Version() int | ||
Analyze(ctx context.Context, input AnalysisInput) (*AnalysisResult, error) | ||
Required(filePath string, info os.FileInfo) bool | ||
Description() string | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This method is not used anywhere. I think the point is that the description should return a human-readable description of the analyser and be used in generating documentation. /cc @knqyf263 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes, but we can do it in another PR. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I agree with @knqyf263 |
||
} | ||
|
||
type PostAnalyzer interface { | ||
Type() Type | ||
Version() int | ||
PostAnalyze(ctx context.Context, input PostAnalysisInput) (*AnalysisResult, error) | ||
Required(filePath string, info os.FileInfo) bool | ||
Description() string | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same as above. |
||
} | ||
|
||
func AllAnalyzerTypes() []Type { | ||
return append(lo.Keys(analyzers), lo.Keys(postAnalyzers)...) | ||
} | ||
|
||
//////////////////// | ||
|
@@ -125,6 +132,7 @@ type AnalyzerGroup struct { | |
analyzers []analyzer | ||
postAnalyzers []PostAnalyzer | ||
filePatterns map[Type][]*regexp.Regexp | ||
fileSizes map[Type]int64 | ||
detectionPriority types.DetectionPriority | ||
} | ||
|
||
|
@@ -323,8 +331,10 @@ func NewAnalyzerGroup(opts AnalyzerOptions) (AnalyzerGroup, error) { | |
group := AnalyzerGroup{ | ||
logger: log.WithPrefix("analyzer"), | ||
filePatterns: make(map[Type][]*regexp.Regexp), | ||
fileSizes: opts.MaxFileSize, | ||
detectionPriority: opts.DetectionPriority, | ||
} | ||
|
||
for _, p := range opts.FilePatterns { | ||
// e.g. "dockerfile:my_dockerfile_*" | ||
s := strings.SplitN(p, separator, 2) | ||
|
@@ -404,12 +414,14 @@ func (ag AnalyzerGroup) AnalyzeFile(ctx context.Context, wg *sync.WaitGroup, lim | |
|
||
// filepath extracted from tar file doesn't have the prefix "/" | ||
cleanPath := strings.TrimLeft(filePath, "/") | ||
|
||
for _, a := range ag.analyzers { | ||
// Skip disabled analyzers | ||
if slices.Contains(disabled, a.Type()) { | ||
continue | ||
} | ||
if !ag.fileSizeMatch(a.Type(), info) { | ||
continue | ||
} | ||
|
||
if !ag.filePatternMatch(a.Type(), cleanPath) && !a.Required(cleanPath, info) { | ||
continue | ||
|
@@ -457,6 +469,9 @@ func (ag AnalyzerGroup) RequiredPostAnalyzers(filePath string, info os.FileInfo) | |
} | ||
var postAnalyzerTypes []Type | ||
for _, a := range ag.postAnalyzers { | ||
if !ag.fileSizeMatch(a.Type(), info) { | ||
continue | ||
} | ||
if ag.filePatternMatch(a.Type(), filePath) || a.Required(filePath, info) { | ||
postAnalyzerTypes = append(postAnalyzerTypes, a.Type()) | ||
} | ||
|
@@ -523,3 +538,11 @@ func (ag AnalyzerGroup) filePatternMatch(analyzerType Type, filePath string) boo | |
} | ||
return false | ||
} | ||
|
||
func (ag AnalyzerGroup) fileSizeMatch(analyzerType Type, fileInfo os.FileInfo) bool { | ||
maxSize, ok := ag.fileSizes[analyzerType] | ||
if !ok { | ||
return true | ||
} | ||
return fileInfo.Size() <= maxSize | ||
} |
Original file line number | Diff line number | Diff line change | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
@@ -295,6 +295,7 @@ func TestAnalyzerGroup_AnalyzeFile(t *testing.T) { | |||||||||||||||||||
testFilePath string | ||||||||||||||||||||
disabledAnalyzers []analyzer.Type | ||||||||||||||||||||
filePatterns []string | ||||||||||||||||||||
maxFileSize map[analyzer.Type]int64 | ||||||||||||||||||||
} | ||||||||||||||||||||
tests := []struct { | ||||||||||||||||||||
name string | ||||||||||||||||||||
|
@@ -315,6 +316,17 @@ func TestAnalyzerGroup_AnalyzeFile(t *testing.T) { | |||||||||||||||||||
}, | ||||||||||||||||||||
}, | ||||||||||||||||||||
}, | ||||||||||||||||||||
{ | ||||||||||||||||||||
name: "happy path with max file size os analyzer", | ||||||||||||||||||||
args: args{ | ||||||||||||||||||||
filePath: "/etc/alpine-release", | ||||||||||||||||||||
testFilePath: "testdata/etc/alpine-release", | ||||||||||||||||||||
maxFileSize: map[analyzer.Type]int64{ | ||||||||||||||||||||
analyzer.TypeAlpine: 1, | ||||||||||||||||||||
}, | ||||||||||||||||||||
}, | ||||||||||||||||||||
want: &analyzer.AnalysisResult{}, | ||||||||||||||||||||
}, | ||||||||||||||||||||
{ | ||||||||||||||||||||
name: "happy path with disabled os analyzer", | ||||||||||||||||||||
args: args{ | ||||||||||||||||||||
|
@@ -514,11 +526,18 @@ func TestAnalyzerGroup_AnalyzeFile(t *testing.T) { | |||||||||||||||||||
for _, tt := range tests { | ||||||||||||||||||||
t.Run(tt.name, func(t *testing.T) { | ||||||||||||||||||||
var wg sync.WaitGroup | ||||||||||||||||||||
var maxFileSize map[analyzer.Type]int64 | ||||||||||||||||||||
limit := semaphore.NewWeighted(3) | ||||||||||||||||||||
|
||||||||||||||||||||
got := new(analyzer.AnalysisResult) | ||||||||||||||||||||
if tt.args.maxFileSize != nil { | ||||||||||||||||||||
maxFileSize = tt.args.maxFileSize | ||||||||||||||||||||
} else { | ||||||||||||||||||||
maxFileSize = map[analyzer.Type]int64{} | ||||||||||||||||||||
} | ||||||||||||||||||||
Comment on lines
+533
to
+537
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||||||||||||||||
a, err := analyzer.NewAnalyzerGroup(analyzer.AnalyzerOptions{ | ||||||||||||||||||||
FilePatterns: tt.args.filePatterns, | ||||||||||||||||||||
MaxFileSize: maxFileSize, | ||||||||||||||||||||
DisabledAnalyzers: tt.args.disabledAnalyzers, | ||||||||||||||||||||
}) | ||||||||||||||||||||
if err != nil && tt.wantErr != "" { | ||||||||||||||||||||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You need to add this page to docs.
Update mkdocs.yml for that.
But i am not sure about place for this page.
I think we can add this page to
References
.@knqyf263 wdyt?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, sounds good