analyzer

package
v0.39.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 9, 2023 License: Apache-2.0 Imports: 21 Imported by: 75

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (

	// ErrUnknownOS occurs when unknown OS is analyzed.
	ErrUnknownOS = xerrors.New("unknown OS")
	// ErrPkgAnalysis occurs when the analysis of packages is failed.
	ErrPkgAnalysis = xerrors.New("failed to analyze packages")
	// ErrNoPkgsDetected occurs when the required files for an OS package manager are not detected
	ErrNoPkgsDetected = xerrors.New("no packages detected")
)

Functions

func DeregisterAnalyzer

func DeregisterAnalyzer(t Type)

DeregisterAnalyzer is mainly for testing

func DeregisterConfigAnalyzer

func DeregisterConfigAnalyzer(t Type)

DeregisterConfigAnalyzer is mainly for testing

func RegisterAnalyzer

func RegisterAnalyzer(analyzer analyzer)

func RegisterConfigAnalyzer

func RegisterConfigAnalyzer(t Type, init configAnalyzerConstructor)

RegisterConfigAnalyzer adds a constructor of config analyzer

func RegisterPostAnalyzer added in v0.38.0

func RegisterPostAnalyzer(t Type, initializer postAnalyzerInitialize)

Types

type AnalysisInput

type AnalysisInput struct {
	Dir      string
	FilePath string
	Info     os.FileInfo
	Content  dio.ReadSeekerAt

	Options AnalysisOptions
}

type AnalysisOptions

type AnalysisOptions struct {
	Offline      bool
	FileChecksum bool
}

type AnalysisResult

type AnalysisResult struct {
	OS                   types.OS
	Repository           *types.Repository
	PackageInfos         []types.PackageInfo
	Applications         []types.Application
	Secrets              []types.Secret
	Licenses             []types.LicenseFile
	SystemInstalledFiles []string // A list of files installed by OS package manager

	// Files holds necessary file contents for the respective post-handler
	Files map[types.HandlerType][]types.File

	// Digests contains SHA-256 digests of unpackaged files
	// used to search for SBOM attestation.
	Digests map[string]string

	// For Red Hat
	BuildInfo *types.BuildInfo

	// CustomResources hold analysis results from custom analyzers.
	// It is for extensibility and not used in OSS.
	CustomResources []types.CustomResource
	// contains filtered or unexported fields
}

func NewAnalysisResult

func NewAnalysisResult() *AnalysisResult

func (*AnalysisResult) Merge

func (r *AnalysisResult) Merge(new *AnalysisResult)

func (*AnalysisResult) Sort

func (r *AnalysisResult) Sort()

type AnalyzerGroup

type AnalyzerGroup struct {
	// contains filtered or unexported fields
}

func NewAnalyzerGroup

func NewAnalyzerGroup(opt AnalyzerOptions) (AnalyzerGroup, error)

func (AnalyzerGroup) AnalyzeFile

func (ag AnalyzerGroup) AnalyzeFile(ctx context.Context, wg *sync.WaitGroup, limit *semaphore.Weighted, result *AnalysisResult,
	dir, filePath string, info os.FileInfo, opener Opener, disabled []Type, opts AnalysisOptions) error

func (AnalyzerGroup) AnalyzerVersions

func (ag AnalyzerGroup) AnalyzerVersions() Versions

AnalyzerVersions returns analyzer version identifier used for cache keys.

func (AnalyzerGroup) PostAnalyze added in v0.38.0

func (ag AnalyzerGroup) PostAnalyze(ctx context.Context, files *syncx.Map[Type, *mapfs.FS], result *AnalysisResult, opts AnalysisOptions) error

func (AnalyzerGroup) RequiredPostAnalyzers added in v0.38.0

func (ag AnalyzerGroup) RequiredPostAnalyzers(filePath string, info os.FileInfo) []Type

type AnalyzerOptions added in v0.32.0

type AnalyzerOptions struct {
	Group                Group
	Slow                 bool
	FilePatterns         []string
	DisabledAnalyzers    []Type
	SecretScannerOption  SecretScannerOption
	LicenseScannerOption LicenseScannerOption
}

AnalyzerOptions is used to initialize analyzers

type ConfigAnalysisInput added in v0.37.0

type ConfigAnalysisInput struct {
	OS     types.OS
	Config *v1.ConfigFile
}

type ConfigAnalysisResult added in v0.37.0

type ConfigAnalysisResult struct {
	Misconfiguration *types.Misconfiguration
	Secret           *types.Secret
	HistoryPackages  types.Packages
}

func (*ConfigAnalysisResult) Merge added in v0.37.0

type ConfigAnalyzer added in v0.37.0

type ConfigAnalyzer interface {
	Type() Type
	Version() int
	Analyze(ctx context.Context, input ConfigAnalysisInput) (*ConfigAnalysisResult, error)
	Required(osFound types.OS) bool
}

ConfigAnalyzer defines an interface for analyzer of container image config

type ConfigAnalyzerGroup added in v0.37.0

type ConfigAnalyzerGroup struct {
	// contains filtered or unexported fields
}

func NewConfigAnalyzerGroup added in v0.37.0

func NewConfigAnalyzerGroup(opts ConfigAnalyzerOptions) (ConfigAnalyzerGroup, error)

func (*ConfigAnalyzerGroup) AnalyzeImageConfig added in v0.37.0

func (ag *ConfigAnalyzerGroup) AnalyzeImageConfig(ctx context.Context, targetOS types.OS, config *v1.ConfigFile) *ConfigAnalysisResult

func (*ConfigAnalyzerGroup) AnalyzerVersions added in v0.37.0

func (ag *ConfigAnalyzerGroup) AnalyzerVersions() Versions

AnalyzerVersions returns analyzer version identifier used for cache keys.

type ConfigAnalyzerOptions added in v0.37.0

type ConfigAnalyzerOptions struct {
	FilePatterns         []string
	DisabledAnalyzers    []Type
	MisconfScannerOption misconf.ScannerOption
	SecretScannerOption  SecretScannerOption
}

ConfigAnalyzerOptions is used to initialize config analyzers

type CustomGroup

type CustomGroup interface {
	Group() Group
}

CustomGroup returns a group name for custom analyzers This is mainly intended to be used in Aqua products.

type Group

type Group string
const GroupBuiltin Group = "builtin"

type Initializer added in v0.32.0

type Initializer interface {
	Init(AnalyzerOptions) error
}

Initializer represents analyzers that need to take parameters from users

type LicenseScannerOption added in v0.34.0

type LicenseScannerOption struct {
	// Use license classifier to get better results though the classification is expensive.
	Full bool
}

type Opener

type Opener func() (dio.ReadSeekCloserAt, error)

type PostAnalysisInput added in v0.38.0

type PostAnalysisInput struct {
	FS      fs.FS
	Options AnalysisOptions
}

type PostAnalyzer added in v0.38.0

type PostAnalyzer interface {
	Type() Type
	Version() int
	PostAnalyze(ctx context.Context, input PostAnalysisInput) (*AnalysisResult, error)
	Required(filePath string, info os.FileInfo) bool
}

type SecretScannerOption added in v0.32.0

type SecretScannerOption struct {
	ConfigPath string
}

type Type

type Type string
const (
	// ======
	//   OS
	// ======
	TypeOSRelease  Type = "os-release"
	TypeAlpine     Type = "alpine"
	TypeAmazon     Type = "amazon"
	TypeCBLMariner Type = "cbl-mariner"
	TypeDebian     Type = "debian"
	TypePhoton     Type = "photon"
	TypeCentOS     Type = "centos"
	TypeRocky      Type = "rocky"
	TypeAlma       Type = "alma"
	TypeFedora     Type = "fedora"
	TypeOracle     Type = "oracle"
	TypeRedHatBase Type = "redhat"
	TypeSUSE       Type = "suse"
	TypeUbuntu     Type = "ubuntu"
	TypeUbuntuESM  Type = "ubuntu-esm"

	// OS Package
	TypeApk         Type = "apk"
	TypeDpkg        Type = "dpkg"
	TypeDpkgLicense Type = "dpkg-license" // For analyzing licenses
	TypeRpm         Type = "rpm"
	TypeRpmqa       Type = "rpmqa"

	// OS Package Repository
	TypeApkRepo Type = "apk-repo"

	// Ruby
	TypeBundler Type = "bundler"
	TypeGemSpec Type = "gemspec"

	// Rust
	TypeRustBinary Type = "rustbinary"
	TypeCargo      Type = "cargo"

	// PHP
	TypeComposer Type = "composer"

	// Java
	TypeJar        Type = "jar"
	TypePom        Type = "pom"
	TypeGradleLock Type = "gradle-lockfile"

	// Node.js
	TypeNpmPkgLock Type = "npm"
	TypeNodePkg    Type = "node-pkg"
	TypeYarn       Type = "yarn"
	TypePnpm       Type = "pnpm"

	// .NET
	TypeNuget      Type = "nuget"
	TypeDotNetCore Type = "dotnet-core"

	// Conda
	TypeCondaPkg Type = "conda-pkg"

	// Python
	TypePythonPkg Type = "python-pkg"
	TypePip       Type = "pip"
	TypePipenv    Type = "pipenv"
	TypePoetry    Type = "poetry"

	// Go
	TypeGoBinary Type = "gobinary"
	TypeGoMod    Type = "gomod"

	// C/C++
	TypeConanLock Type = "conan-lock"

	// Elixir
	TypeMixLock Type = "mix-lock"

	// Swift
	TypeCocoaPods Type = "cocoapods"

	// Dart
	TypePubSpecLock Type = "pubspec-lock"

	// ============
	// Non-packaged
	// ============
	TypeExecutable Type = "executable"

	// ============
	// Image Config
	// ============
	TypeApkCommand        Type = "apk-command"
	TypeHistoryDockerfile Type = "history-dockerfile"
	TypeImageConfigSecret Type = "image-config-secret"

	// =================
	// Structured Config
	// =================
	TypeYaml           Type = "yaml"
	TypeJSON           Type = "json"
	TypeDockerfile     Type = "dockerfile"
	TypeTerraform      Type = "terraform"
	TypeCloudFormation Type = "cloudFormation"
	TypeHelm           Type = "helm"

	// ========
	// License
	// ========
	TypeLicenseFile Type = "license-file"

	// ========
	// Secrets
	// ========
	TypeSecret Type = "secret"

	// =======
	// Red Hat
	// =======
	TypeRedHatContentManifestType Type = "redhat-content-manifest"
	TypeRedHatDockerfileType      Type = "redhat-dockerfile"
)

type Versions added in v0.38.0

type Versions struct {
	Analyzers     map[string]int
	PostAnalyzers map[string]int
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL