From dcdc1a7363242e436d28079ed5861e788751063e Mon Sep 17 00:00:00 2001 From: afdesk Date: Wed, 9 Oct 2024 16:42:00 +0600 Subject: [PATCH 1/8] fix(k8s): scan config files as a folder --- pkg/k8s/scanner/io.go | 47 +++++++++++++------- pkg/k8s/scanner/scanner.go | 89 ++++++++++++++++++++------------------ 2 files changed, 78 insertions(+), 58 deletions(-) diff --git a/pkg/k8s/scanner/io.go b/pkg/k8s/scanner/io.go index 9c32699ddd63..540258013d86 100644 --- a/pkg/k8s/scanner/io.go +++ b/pkg/k8s/scanner/io.go @@ -3,6 +3,7 @@ package scanner import ( "fmt" "os" + "path/filepath" "regexp" "runtime" @@ -15,29 +16,43 @@ import ( var r = regexp.MustCompile("\\\\|/|:|\\*|\\?|<|>") -func createTempFile(artifact *artifacts.Artifact) (string, error) { - filename := fmt.Sprintf("%s-%s-%s-*.yaml", artifact.Namespace, artifact.Kind, artifact.Name) - - if runtime.GOOS == "windows" { - // removes characters not permitted in file/directory names on Windows - filename = filenameWindowsFriendly(filename) - } - file, err := os.CreateTemp("", filename) +// generateTempFolder creates a folder with yaml files generated from kubernetes artifacts +// returns a folder name, a map for mapping a temp target file to k8s artifact and error +func generateTempFolder(arts []*artifacts.Artifact) (string, map[string]*artifacts.Artifact, error) { + tempFolder, err := os.MkdirTemp("", "trivyk8s*") if err != nil { - return "", xerrors.Errorf("creating tmp file error: %w", err) + return "", nil, xerrors.Errorf("failed to create temp folder: %w", err) } - defer func() { + + m := map[string]*artifacts.Artifact{} + for _, artifact := range arts { + filename := fmt.Sprintf("%s-%s-%s-*.yaml", artifact.Namespace, artifact.Kind, artifact.Name) + if runtime.GOOS == "windows" { + // removes characters not permitted in file/directory names on Windows + filename = filenameWindowsFriendly(filename) + } + file, err := os.CreateTemp(tempFolder, filename) + if err != nil { + log.Error("Failed to create temp file", log.String("path", filename), log.Err(err)) + continue + } + if err := yaml.NewEncoder(file).Encode(artifact.RawResource); err != nil { + removeFile(filename) + log.Error("Failed marshaling resource to a temp file", log.String("path", filename), log.Err(err)) + continue + } if err := file.Close(); err != nil { log.Error("Failed to close temp file", log.String("path", file.Name()), log.Err(err)) } - }() - - if err := yaml.NewEncoder(file).Encode(artifact.RawResource); err != nil { - removeFile(filename) - return "", xerrors.Errorf("marshaling resource error: %w", err) + m[filepath.Base(file.Name())] = artifact } + return tempFolder, m, nil +} - return file.Name(), nil +func removeFolder(foldername string) { + if err := os.RemoveAll(foldername); err != nil { + log.Error("Failed to remove temp folder", log.String("path", foldername), log.Err(err)) + } } func removeFile(filename string) { diff --git a/pkg/k8s/scanner/scanner.go b/pkg/k8s/scanner/scanner.go index 67d06b4c54bd..710f71828e77 100644 --- a/pkg/k8s/scanner/scanner.go +++ b/pkg/k8s/scanner/scanner.go @@ -52,14 +52,6 @@ func NewScanner(cluster string, runner cmd.Runner, opts flag.Options) *Scanner { } func (s *Scanner) Scan(ctx context.Context, artifactsData []*artifacts.Artifact) (report.Report, error) { - // disable logs before scanning - log.InitLogger(s.opts.Debug, true) - - // enable log, this is done in a defer function, - // to enable logs even when the function returns earlier - // due to an error - defer log.InitLogger(s.opts.Debug, false) - if s.opts.Format == types.FormatCycloneDX { kbom, err := s.clusterInfoToReportResources(artifactsData) if err != nil { @@ -82,14 +74,26 @@ func (s *Scanner) Scan(ctx context.Context, artifactsData []*artifacts.Artifact) var resources []report.Resource - type scanResult struct { - vulns []report.Resource - misconfig report.Resource + // scans kubernetes artifacts as a scope of yaml files + if local.ShouldScanMisconfigOrRbac(s.opts.Scanners) { + misconfigs, err := s.scanMisconfigs(ctx, resourceArtifacts) + if err != nil { + return report.Report{}, xerrors.Errorf("scanning misconfigurations error: %w", err) + } + resources = append(resources, misconfigs...) } - onItem := func(ctx context.Context, artifact *artifacts.Artifact) (scanResult, error) { - scanResults := scanResult{} - if s.opts.Scanners.AnyEnabled(types.VulnerabilityScanner, types.SecretScanner) && !s.opts.SkipImages { + // scan images from kubernetes cluster in parallel + if s.opts.Scanners.AnyEnabled(types.VulnerabilityScanner, types.SecretScanner) && !s.opts.SkipImages { + // disable logs before scanning in parallel + log.InitLogger(s.opts.Debug, true) + + // enable log, this is done in a defer function, + // to enable logs even when the function returns earlier + // due to an error + defer log.InitLogger(s.opts.Debug, false) + + onItem := func(ctx context.Context, artifact *artifacts.Artifact) ([]report.Resource, error) { opts := s.opts opts.Credentials = make([]ftypes.Credential, len(s.opts.Credentials)) copy(opts.Credentials, s.opts.Credentials) @@ -106,33 +110,22 @@ func (s *Scanner) Scan(ctx context.Context, artifactsData []*artifacts.Artifact) } vulns, err := s.scanVulns(ctx, artifact, opts) if err != nil { - return scanResult{}, xerrors.Errorf("scanning vulnerabilities error: %w", err) + return nil, xerrors.Errorf("scanning vulnerabilities error: %w", err) } - scanResults.vulns = vulns + return vulns, nil } - if local.ShouldScanMisconfigOrRbac(s.opts.Scanners) { - misconfig, err := s.scanMisconfigs(ctx, artifact) - if err != nil { - return scanResult{}, xerrors.Errorf("scanning misconfigurations error: %w", err) - } - scanResults.misconfig = misconfig + + onResult := func(result []report.Resource) error { + resources = append(resources, result...) + return nil } - return scanResults, nil - } - onResult := func(result scanResult) error { - resources = append(resources, result.vulns...) - // don't add empty misconfig results to resources slice to avoid an empty resource - if result.misconfig.Results != nil { - resources = append(resources, result.misconfig) + p := parallel.NewPipeline(s.opts.Parallel, !s.opts.Quiet, resourceArtifacts, onItem, onResult) + if err := p.Do(ctx); err != nil { + return report.Report{}, err } - return nil } - p := parallel.NewPipeline(s.opts.Parallel, !s.opts.Quiet, resourceArtifacts, onItem, onResult) - if err := p.Do(ctx); err != nil { - return report.Report{}, err - } if s.opts.Scanners.AnyEnabled(types.VulnerabilityScanner) { k8sResource, err := s.scanK8sVulns(ctx, k8sCoreArtifacts) if err != nil { @@ -173,22 +166,34 @@ func (s *Scanner) scanVulns(ctx context.Context, artifact *artifacts.Artifact, o return resources, nil } -func (s *Scanner) scanMisconfigs(ctx context.Context, artifact *artifacts.Artifact) (report.Resource, error) { - configFile, err := createTempFile(artifact) +func (s *Scanner) scanMisconfigs(ctx context.Context, artifacts []*artifacts.Artifact) ([]report.Resource, error) { + folder, artifactsByFilename, err := generateTempFolder(artifacts) if err != nil { - return report.Resource{}, xerrors.Errorf("scan error: %w", err) + return nil, xerrors.Errorf("failed to generate temp folder: %w", err) } - s.opts.Target = configFile + s.opts.Target = folder configReport, err := s.runner.ScanFilesystem(ctx, s.opts) - // remove config file after scanning - removeFile(configFile) + // remove config files after scanning + removeFolder(folder) + if err != nil { - return report.CreateResource(artifact, configReport, err), err + return nil, xerrors.Errorf("failed to scan filesystem: %w", err) + } + resources := make([]report.Resource, 0, len(artifacts)) + + for _, res := range configReport.Results { + + artifact := artifactsByFilename[res.Target] + resource, err := s.filter(ctx, configReport, artifact) + if err != nil { + resource = report.CreateResource(artifact, configReport, err) + } + resources = append(resources, resource) } - return s.filter(ctx, configReport, artifact) + return resources, nil } func (s *Scanner) filter(ctx context.Context, r types.Report, artifact *artifacts.Artifact) (report.Resource, error) { var err error From a9a9c58b07060001a37b814a34f7fd8c84f2f46f Mon Sep 17 00:00:00 2001 From: afdesk Date: Wed, 9 Oct 2024 16:58:08 +0600 Subject: [PATCH 2/8] split results --- pkg/k8s/scanner/scanner.go | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/pkg/k8s/scanner/scanner.go b/pkg/k8s/scanner/scanner.go index 710f71828e77..7ae7c372a166 100644 --- a/pkg/k8s/scanner/scanner.go +++ b/pkg/k8s/scanner/scanner.go @@ -184,11 +184,20 @@ func (s *Scanner) scanMisconfigs(ctx context.Context, artifacts []*artifacts.Art resources := make([]report.Resource, 0, len(artifacts)) for _, res := range configReport.Results { - artifact := artifactsByFilename[res.Target] - resource, err := s.filter(ctx, configReport, artifact) + + singleReport := types.Report{ + SchemaVersion: configReport.SchemaVersion, + CreatedAt: configReport.CreatedAt, + ArtifactName: res.Target, + ArtifactType: configReport.ArtifactType, + Metadata: configReport.Metadata, + Results: types.Results{res}, + } + + resource, err := s.filter(ctx, singleReport, artifact) if err != nil { - resource = report.CreateResource(artifact, configReport, err) + resource = report.CreateResource(artifact, singleReport, err) } resources = append(resources, resource) } From 33f9633ca4ddf50b03edb2de9006c6a3fe0dbd0a Mon Sep 17 00:00:00 2001 From: afdesk Date: Wed, 9 Oct 2024 17:13:49 +0600 Subject: [PATCH 3/8] fix linter error --- pkg/k8s/scanner/io.go | 2 +- pkg/k8s/scanner/scanner.go | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/k8s/scanner/io.go b/pkg/k8s/scanner/io.go index 540258013d86..d0bb0522232b 100644 --- a/pkg/k8s/scanner/io.go +++ b/pkg/k8s/scanner/io.go @@ -24,7 +24,7 @@ func generateTempFolder(arts []*artifacts.Artifact) (string, map[string]*artifac return "", nil, xerrors.Errorf("failed to create temp folder: %w", err) } - m := map[string]*artifacts.Artifact{} + m := make(map[string]*artifacts.Artifact) for _, artifact := range arts { filename := fmt.Sprintf("%s-%s-%s-*.yaml", artifact.Namespace, artifact.Kind, artifact.Name) if runtime.GOOS == "windows" { diff --git a/pkg/k8s/scanner/scanner.go b/pkg/k8s/scanner/scanner.go index 7ae7c372a166..d91bb6ce2a14 100644 --- a/pkg/k8s/scanner/scanner.go +++ b/pkg/k8s/scanner/scanner.go @@ -166,8 +166,8 @@ func (s *Scanner) scanVulns(ctx context.Context, artifact *artifacts.Artifact, o return resources, nil } -func (s *Scanner) scanMisconfigs(ctx context.Context, artifacts []*artifacts.Artifact) ([]report.Resource, error) { - folder, artifactsByFilename, err := generateTempFolder(artifacts) +func (s *Scanner) scanMisconfigs(ctx context.Context, k8sArtifacts []*artifacts.Artifact) ([]report.Resource, error) { + folder, artifactsByFilename, err := generateTempFolder(k8sArtifacts) if err != nil { return nil, xerrors.Errorf("failed to generate temp folder: %w", err) } @@ -181,7 +181,7 @@ func (s *Scanner) scanMisconfigs(ctx context.Context, artifacts []*artifacts.Art if err != nil { return nil, xerrors.Errorf("failed to scan filesystem: %w", err) } - resources := make([]report.Resource, 0, len(artifacts)) + resources := make([]report.Resource, 0, len(k8sArtifacts)) for _, res := range configReport.Results { artifact := artifactsByFilename[res.Target] From 0b8a9a7ce649aa402376b67124dd9339f0a07f27 Mon Sep 17 00:00:00 2001 From: afdesk Date: Thu, 10 Oct 2024 17:00:34 +0600 Subject: [PATCH 4/8] restore log disabling --- pkg/k8s/scanner/scanner.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/pkg/k8s/scanner/scanner.go b/pkg/k8s/scanner/scanner.go index d91bb6ce2a14..9bcabc4adef2 100644 --- a/pkg/k8s/scanner/scanner.go +++ b/pkg/k8s/scanner/scanner.go @@ -52,6 +52,14 @@ func NewScanner(cluster string, runner cmd.Runner, opts flag.Options) *Scanner { } func (s *Scanner) Scan(ctx context.Context, artifactsData []*artifacts.Artifact) (report.Report, error) { + // disable logs before scanning + log.InitLogger(s.opts.Debug, true) + + // enable log, this is done in a defer function, + // to enable logs even when the function returns earlier + // due to an error + defer log.InitLogger(s.opts.Debug, false) + if s.opts.Format == types.FormatCycloneDX { kbom, err := s.clusterInfoToReportResources(artifactsData) if err != nil { @@ -85,14 +93,6 @@ func (s *Scanner) Scan(ctx context.Context, artifactsData []*artifacts.Artifact) // scan images from kubernetes cluster in parallel if s.opts.Scanners.AnyEnabled(types.VulnerabilityScanner, types.SecretScanner) && !s.opts.SkipImages { - // disable logs before scanning in parallel - log.InitLogger(s.opts.Debug, true) - - // enable log, this is done in a defer function, - // to enable logs even when the function returns earlier - // due to an error - defer log.InitLogger(s.opts.Debug, false) - onItem := func(ctx context.Context, artifact *artifacts.Artifact) ([]report.Resource, error) { opts := s.opts opts.Credentials = make([]ftypes.Credential, len(s.opts.Credentials)) From c941d62f3a84567117268e95dbd9d7a9a42f140f Mon Sep 17 00:00:00 2001 From: afdesk Date: Thu, 17 Oct 2024 16:35:29 +0600 Subject: [PATCH 5/8] refactor: create a temp file in the separate func --- pkg/k8s/scanner/io.go | 45 ++++++++++++++++++++++++++++--------------- 1 file changed, 29 insertions(+), 16 deletions(-) diff --git a/pkg/k8s/scanner/io.go b/pkg/k8s/scanner/io.go index d0bb0522232b..c90d12e0c01e 100644 --- a/pkg/k8s/scanner/io.go +++ b/pkg/k8s/scanner/io.go @@ -16,6 +16,32 @@ import ( var r = regexp.MustCompile("\\\\|/|:|\\*|\\?|<|>") +func generateTempFileByArtifact(artifact *artifacts.Artifact, tempFolder string) (string, error) { + filename := fmt.Sprintf("%s-%s-%s-*.yaml", artifact.Namespace, artifact.Kind, artifact.Name) + if runtime.GOOS == "windows" { + // removes characters not permitted in file/directory names on Windows + filename = filenameWindowsFriendly(filename) + } + file, err := os.CreateTemp(tempFolder, filename) + if err != nil { + return "", xerrors.Errorf("failed to create temporary file: %w", err) + } + shouldRemove := false + defer func() { + if err := file.Close(); err != nil { + log.Error("Failed to close temp file", log.FilePath(file.Name()), log.Err(err)) + } + if shouldRemove { + removeFile(file.Name()) + } + }() + if err := yaml.NewEncoder(file).Encode(artifact.RawResource); err != nil { + shouldRemove = true + return "", xerrors.Errorf("failed to encode artifact: %w", err) + } + return filepath.Base(file.Name()), nil +} + // generateTempFolder creates a folder with yaml files generated from kubernetes artifacts // returns a folder name, a map for mapping a temp target file to k8s artifact and error func generateTempFolder(arts []*artifacts.Artifact) (string, map[string]*artifacts.Artifact, error) { @@ -26,25 +52,12 @@ func generateTempFolder(arts []*artifacts.Artifact) (string, map[string]*artifac m := make(map[string]*artifacts.Artifact) for _, artifact := range arts { - filename := fmt.Sprintf("%s-%s-%s-*.yaml", artifact.Namespace, artifact.Kind, artifact.Name) - if runtime.GOOS == "windows" { - // removes characters not permitted in file/directory names on Windows - filename = filenameWindowsFriendly(filename) - } - file, err := os.CreateTemp(tempFolder, filename) + filename, err := generateTempFileByArtifact(artifact, tempFolder) if err != nil { - log.Error("Failed to create temp file", log.String("path", filename), log.Err(err)) + log.Error("Failed to create temp file", log.FilePath(filename), log.Err(err)) continue } - if err := yaml.NewEncoder(file).Encode(artifact.RawResource); err != nil { - removeFile(filename) - log.Error("Failed marshaling resource to a temp file", log.String("path", filename), log.Err(err)) - continue - } - if err := file.Close(); err != nil { - log.Error("Failed to close temp file", log.String("path", file.Name()), log.Err(err)) - } - m[filepath.Base(file.Name())] = artifact + m[filename] = artifact } return tempFolder, m, nil } From 67cadae09c4818a10c168f3fd0ff7f999c5c0207 Mon Sep 17 00:00:00 2001 From: afdesk Date: Sat, 19 Oct 2024 01:59:28 +0600 Subject: [PATCH 6/8] update regex --- pkg/k8s/scanner/io.go | 2 +- pkg/k8s/scanner/io_test.go | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/pkg/k8s/scanner/io.go b/pkg/k8s/scanner/io.go index c90d12e0c01e..64d351127275 100644 --- a/pkg/k8s/scanner/io.go +++ b/pkg/k8s/scanner/io.go @@ -14,7 +14,7 @@ import ( "github.com/aquasecurity/trivy/pkg/log" ) -var r = regexp.MustCompile("\\\\|/|:|\\*|\\?|<|>") +var r = regexp.MustCompile("[\\\\/:*?<>]") func generateTempFileByArtifact(artifact *artifacts.Artifact, tempFolder string) (string, error) { filename := fmt.Sprintf("%s-%s-%s-*.yaml", artifact.Namespace, artifact.Kind, artifact.Name) diff --git a/pkg/k8s/scanner/io_test.go b/pkg/k8s/scanner/io_test.go index 7587d1bb8282..9e256b39f2b3 100644 --- a/pkg/k8s/scanner/io_test.go +++ b/pkg/k8s/scanner/io_test.go @@ -23,6 +23,11 @@ func Test_FilenameWindowsFriendly(t *testing.T) { fileName: `kube-system-Role-system-controller-bootstrap-signer-2934213283.yaml`, want: `kube-system-Role-system-controller-bootstrap-signer-2934213283.yaml`, }, + { + name: "name with no invalid - slash", + fileName: "-ClusterRoleBinding-system\\basic-user-725844313.yaml", + want: `-ClusterRoleBinding-system_basic-user-725844313.yaml`, + }, } for _, test := range tests { From 84cacc5dc531c09ccce443271b6f0f37bcf05b58 Mon Sep 17 00:00:00 2001 From: afdesk Date: Mon, 21 Oct 2024 15:52:46 +0600 Subject: [PATCH 7/8] refactor: rename a folder to dir --- pkg/k8s/scanner/io.go | 4 ++-- pkg/k8s/scanner/scanner.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/k8s/scanner/io.go b/pkg/k8s/scanner/io.go index 64d351127275..e1602736f1f6 100644 --- a/pkg/k8s/scanner/io.go +++ b/pkg/k8s/scanner/io.go @@ -42,9 +42,9 @@ func generateTempFileByArtifact(artifact *artifacts.Artifact, tempFolder string) return filepath.Base(file.Name()), nil } -// generateTempFolder creates a folder with yaml files generated from kubernetes artifacts +// generateTempDir creates a folder with yaml files generated from kubernetes artifacts // returns a folder name, a map for mapping a temp target file to k8s artifact and error -func generateTempFolder(arts []*artifacts.Artifact) (string, map[string]*artifacts.Artifact, error) { +func generateTempDir(arts []*artifacts.Artifact) (string, map[string]*artifacts.Artifact, error) { tempFolder, err := os.MkdirTemp("", "trivyk8s*") if err != nil { return "", nil, xerrors.Errorf("failed to create temp folder: %w", err) diff --git a/pkg/k8s/scanner/scanner.go b/pkg/k8s/scanner/scanner.go index 9bcabc4adef2..c8b5d5c3ad32 100644 --- a/pkg/k8s/scanner/scanner.go +++ b/pkg/k8s/scanner/scanner.go @@ -167,7 +167,7 @@ func (s *Scanner) scanVulns(ctx context.Context, artifact *artifacts.Artifact, o } func (s *Scanner) scanMisconfigs(ctx context.Context, k8sArtifacts []*artifacts.Artifact) ([]report.Resource, error) { - folder, artifactsByFilename, err := generateTempFolder(k8sArtifacts) + folder, artifactsByFilename, err := generateTempDir(k8sArtifacts) if err != nil { return nil, xerrors.Errorf("failed to generate temp folder: %w", err) } From dba752795590b0c41aa9add09e41189a5f9cce2a Mon Sep 17 00:00:00 2001 From: afdesk Date: Mon, 21 Oct 2024 23:23:18 +0600 Subject: [PATCH 8/8] refactor: rename folders to dirs --- pkg/k8s/scanner/io.go | 24 ++++++++++++------------ pkg/k8s/scanner/scanner.go | 8 ++++---- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/pkg/k8s/scanner/io.go b/pkg/k8s/scanner/io.go index e1602736f1f6..65f102a4b08c 100644 --- a/pkg/k8s/scanner/io.go +++ b/pkg/k8s/scanner/io.go @@ -16,13 +16,13 @@ import ( var r = regexp.MustCompile("[\\\\/:*?<>]") -func generateTempFileByArtifact(artifact *artifacts.Artifact, tempFolder string) (string, error) { +func generateTempFileByArtifact(artifact *artifacts.Artifact, tempDir string) (string, error) { filename := fmt.Sprintf("%s-%s-%s-*.yaml", artifact.Namespace, artifact.Kind, artifact.Name) if runtime.GOOS == "windows" { // removes characters not permitted in file/directory names on Windows filename = filenameWindowsFriendly(filename) } - file, err := os.CreateTemp(tempFolder, filename) + file, err := os.CreateTemp(tempDir, filename) if err != nil { return "", xerrors.Errorf("failed to create temporary file: %w", err) } @@ -42,35 +42,35 @@ func generateTempFileByArtifact(artifact *artifacts.Artifact, tempFolder string) return filepath.Base(file.Name()), nil } -// generateTempDir creates a folder with yaml files generated from kubernetes artifacts -// returns a folder name, a map for mapping a temp target file to k8s artifact and error +// generateTempDir creates a directory with yaml files generated from kubernetes artifacts +// returns a directory name, a map for mapping a temp target file to k8s artifact and error func generateTempDir(arts []*artifacts.Artifact) (string, map[string]*artifacts.Artifact, error) { - tempFolder, err := os.MkdirTemp("", "trivyk8s*") + tempDir, err := os.MkdirTemp("", "trivyk8s*") if err != nil { - return "", nil, xerrors.Errorf("failed to create temp folder: %w", err) + return "", nil, xerrors.Errorf("failed to create temp directory: %w", err) } m := make(map[string]*artifacts.Artifact) for _, artifact := range arts { - filename, err := generateTempFileByArtifact(artifact, tempFolder) + filename, err := generateTempFileByArtifact(artifact, tempDir) if err != nil { log.Error("Failed to create temp file", log.FilePath(filename), log.Err(err)) continue } m[filename] = artifact } - return tempFolder, m, nil + return tempDir, m, nil } -func removeFolder(foldername string) { - if err := os.RemoveAll(foldername); err != nil { - log.Error("Failed to remove temp folder", log.String("path", foldername), log.Err(err)) +func removeDir(dirname string) { + if err := os.RemoveAll(dirname); err != nil { + log.Error("Failed to remove temp directory", log.FilePath(dirname), log.Err(err)) } } func removeFile(filename string) { if err := os.Remove(filename); err != nil { - log.Error("Failed to remove temp file", log.String("path", filename), log.Err(err)) + log.Error("Failed to remove temp file", log.FilePath(filename), log.Err(err)) } } diff --git a/pkg/k8s/scanner/scanner.go b/pkg/k8s/scanner/scanner.go index c8b5d5c3ad32..70debfe6a85f 100644 --- a/pkg/k8s/scanner/scanner.go +++ b/pkg/k8s/scanner/scanner.go @@ -167,16 +167,16 @@ func (s *Scanner) scanVulns(ctx context.Context, artifact *artifacts.Artifact, o } func (s *Scanner) scanMisconfigs(ctx context.Context, k8sArtifacts []*artifacts.Artifact) ([]report.Resource, error) { - folder, artifactsByFilename, err := generateTempDir(k8sArtifacts) + dir, artifactsByFilename, err := generateTempDir(k8sArtifacts) if err != nil { - return nil, xerrors.Errorf("failed to generate temp folder: %w", err) + return nil, xerrors.Errorf("failed to generate temp dir: %w", err) } - s.opts.Target = folder + s.opts.Target = dir configReport, err := s.runner.ScanFilesystem(ctx, s.opts) // remove config files after scanning - removeFolder(folder) + removeDir(dir) if err != nil { return nil, xerrors.Errorf("failed to scan filesystem: %w", err)