analyzer

package
v0.58.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 24, 2024 License: Apache-2.0 Imports: 23 Imported by: 75

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (

	// ErrUnknownOS occurs when unknown OS is analyzed.
	ErrUnknownOS = xerrors.New("unknown OS")
	// ErrPkgAnalysis occurs when the analysis of packages is failed.
	ErrPkgAnalysis = xerrors.New("failed to analyze packages")
	// ErrNoPkgsDetected occurs when the required files for an OS package manager are not detected
	ErrNoPkgsDetected = xerrors.New("no packages detected")
)
View Source
var (
	// TypeOSes has all OS-related analyzers
	TypeOSes = []Type{
		TypeOSRelease,
		TypeAlpine,
		TypeAmazon,
		TypeCBLMariner,
		TypeDebian,
		TypePhoton,
		TypeCentOS,
		TypeRocky,
		TypeAlma,
		TypeFedora,
		TypeOracle,
		TypeRedHatBase,
		TypeSUSE,
		TypeUbuntu,
		TypeApk,
		TypeDpkg,
		TypeDpkgLicense,
		TypeRpm,
		TypeRpmqa,
		TypeApkRepo,
	}

	// TypeLanguages has all language analyzers
	TypeLanguages = []Type{
		TypeBundler,
		TypeGemSpec,
		TypeCargo,
		TypeComposer,
		TypeJar,
		TypePom,
		TypeGradleLock,
		TypeSbtLock,
		TypeNpmPkgLock,
		TypeNodePkg,
		TypeYarn,
		TypePnpm,
		TypeNuget,
		TypeDotNetCore,
		TypePackagesProps,
		TypeCondaPkg,
		TypeCondaEnv,
		TypePythonPkg,
		TypePip,
		TypePipenv,
		TypePoetry,
		TypeGoBinary,
		TypeGoMod,
		TypeRustBinary,
		TypeConanLock,
		TypeCocoaPods,
		TypeSwift,
		TypePubSpecLock,
		TypeMixLock,
		TypeJulia,
	}

	// TypeLockfiles has all lock file analyzers
	TypeLockfiles = []Type{
		TypeBundler,
		TypeNpmPkgLock,
		TypeYarn,
		TypePnpm,
		TypePip,
		TypePipenv,
		TypePoetry,
		TypeGoMod,
		TypePom,
		TypeConanLock,
		TypeGradleLock,
		TypeSbtLock,
		TypeCocoaPods,
		TypeSwift,
		TypePubSpecLock,
		TypeMixLock,
		TypeCondaEnv,
		TypeComposer,
	}

	// TypeIndividualPkgs has all analyzers for individual packages
	TypeIndividualPkgs = []Type{
		TypeGemSpec,
		TypeNodePkg,
		TypeCondaPkg,
		TypePythonPkg,
		TypeGoBinary,
		TypeJar,
		TypeRustBinary,
		TypeComposerVendor,
	}

	// TypeConfigFiles has all config file analyzers
	TypeConfigFiles = []Type{
		TypeAzureARM,
		TypeCloudFormation,
		TypeDockerfile,
		TypeHelm,
		TypeKubernetes,
		TypeTerraform,
		TypeTerraformPlanJSON,
		TypeTerraformPlanSnapshot,
		TypeYAML,
		TypeJSON,
	}
)

Functions

func DeregisterAnalyzer

func DeregisterAnalyzer(t Type)

DeregisterAnalyzer is mainly for testing

func DeregisterConfigAnalyzer

func DeregisterConfigAnalyzer(t Type)

DeregisterConfigAnalyzer is mainly for testing

func RegisterAnalyzer

func RegisterAnalyzer(analyzer analyzer)

func RegisterConfigAnalyzer

func RegisterConfigAnalyzer(t Type, init configAnalyzerConstructor)

RegisterConfigAnalyzer adds a constructor of config analyzer

func RegisterPostAnalyzer added in v0.38.0

func RegisterPostAnalyzer(t Type, initializer postAnalyzerInitialize)

Types

type AnalysisInput

type AnalysisInput struct {
	Dir      string
	FilePath string
	Info     os.FileInfo
	Content  xio.ReadSeekerAt

	Options AnalysisOptions
}

type AnalysisOptions

type AnalysisOptions struct {
	Offline      bool
	FileChecksum bool
}

type AnalysisResult

type AnalysisResult struct {
	OS                   types.OS
	Repository           *types.Repository
	PackageInfos         []types.PackageInfo
	Applications         []types.Application
	Misconfigurations    []types.Misconfiguration
	Secrets              []types.Secret
	Licenses             []types.LicenseFile
	SystemInstalledFiles []string // A list of files installed by OS package manager

	// Digests contains SHA-256 digests of unpackaged files
	// used to search for SBOM attestation.
	Digests map[string]string

	// For Red Hat
	BuildInfo *types.BuildInfo

	// CustomResources hold analysis results from custom analyzers.
	// It is for extensibility and not used in OSS.
	CustomResources []types.CustomResource
	// contains filtered or unexported fields
}

func NewAnalysisResult

func NewAnalysisResult() *AnalysisResult

func (*AnalysisResult) Merge

func (r *AnalysisResult) Merge(newResult *AnalysisResult)

func (*AnalysisResult) Sort

func (r *AnalysisResult) Sort()

type AnalyzerGroup

type AnalyzerGroup struct {
	// contains filtered or unexported fields
}

func NewAnalyzerGroup

func NewAnalyzerGroup(opts AnalyzerOptions) (AnalyzerGroup, error)

func (AnalyzerGroup) AnalyzeFile

func (ag AnalyzerGroup) AnalyzeFile(ctx context.Context, wg *sync.WaitGroup, limit *semaphore.Weighted, result *AnalysisResult,
	dir, filePath string, info os.FileInfo, opener Opener, disabled []Type, opts AnalysisOptions) error

AnalyzeFile determines which files are required by the analyzers based on the file name and attributes, and passes only those files to the analyzer for analysis. This function may be called concurrently and must be thread-safe.

func (AnalyzerGroup) AnalyzerVersions

func (ag AnalyzerGroup) AnalyzerVersions() Versions

AnalyzerVersions returns analyzer version identifier used for cache keys.

func (AnalyzerGroup) PostAnalyze added in v0.38.0

func (ag AnalyzerGroup) PostAnalyze(ctx context.Context, compositeFS *CompositeFS, result *AnalysisResult, opts AnalysisOptions) error

PostAnalyze passes a virtual filesystem containing only required files and passes it to the respective post-analyzer. The obtained results are merged into the "result". This function may be called concurrently and must be thread-safe.

func (AnalyzerGroup) PostAnalyzerFS added in v0.42.1

func (ag AnalyzerGroup) PostAnalyzerFS() (*CompositeFS, error)

PostAnalyzerFS returns a composite filesystem that contains multiple filesystems for each post-analyzer

func (AnalyzerGroup) RequiredPostAnalyzers added in v0.38.0

func (ag AnalyzerGroup) RequiredPostAnalyzers(filePath string, info os.FileInfo) []Type

RequiredPostAnalyzers returns a list of analyzer types that require the given file.

type AnalyzerOptions added in v0.32.0

type AnalyzerOptions struct {
	Group                Group
	Parallel             int
	FilePatterns         []string
	DisabledAnalyzers    []Type
	DetectionPriority    types.DetectionPriority
	MisconfScannerOption misconf.ScannerOption
	SecretScannerOption  SecretScannerOption
	LicenseScannerOption LicenseScannerOption
}

AnalyzerOptions is used to initialize analyzers

type CompositeFS added in v0.42.1

type CompositeFS struct {
	// contains filtered or unexported fields
}

CompositeFS contains multiple filesystems for post-analyzers

func NewCompositeFS added in v0.42.1

func NewCompositeFS() (*CompositeFS, error)

func (*CompositeFS) Cleanup added in v0.42.1

func (c *CompositeFS) Cleanup() error

Cleanup removes the temporary directory

func (*CompositeFS) CopyFileToTemp added in v0.42.1

func (c *CompositeFS) CopyFileToTemp(opener Opener, info os.FileInfo) (string, error)

CopyFileToTemp takes a file path and information, opens the file, copies its contents to a temporary file

func (c *CompositeFS) CreateLink(analyzerTypes []Type, rootDir, virtualPath, realPath string) error

CreateLink creates a link in the virtual filesystem that corresponds to a real file. The linked virtual file will have the same path as the real file path provided.

func (*CompositeFS) Get added in v0.42.1

func (c *CompositeFS) Get(t Type) (*mapfs.FS, bool)

Get returns the fs.FS for the specified post-analyzer

func (*CompositeFS) Set added in v0.42.1

func (c *CompositeFS) Set(t Type, mfs *mapfs.FS)

Set sets the fs.FS for the specified post-analyzer

type ConfigAnalysisInput added in v0.37.0

type ConfigAnalysisInput struct {
	OS     types.OS
	Config *v1.ConfigFile
}

type ConfigAnalysisResult added in v0.37.0

type ConfigAnalysisResult struct {
	Misconfiguration *types.Misconfiguration
	Secret           *types.Secret
	HistoryPackages  types.Packages
}

func (*ConfigAnalysisResult) Merge added in v0.37.0

func (r *ConfigAnalysisResult) Merge(newResult *ConfigAnalysisResult)

type ConfigAnalyzer added in v0.37.0

type ConfigAnalyzer interface {
	Type() Type
	Version() int
	Analyze(ctx context.Context, input ConfigAnalysisInput) (*ConfigAnalysisResult, error)
	Required(osFound types.OS) bool
}

ConfigAnalyzer defines an interface for analyzer of container image config

type ConfigAnalyzerGroup added in v0.37.0

type ConfigAnalyzerGroup struct {
	// contains filtered or unexported fields
}

func NewConfigAnalyzerGroup added in v0.37.0

func NewConfigAnalyzerGroup(opts ConfigAnalyzerOptions) (ConfigAnalyzerGroup, error)

func (*ConfigAnalyzerGroup) AnalyzeImageConfig added in v0.37.0

func (ag *ConfigAnalyzerGroup) AnalyzeImageConfig(ctx context.Context, targetOS types.OS, config *v1.ConfigFile) *ConfigAnalysisResult

func (*ConfigAnalyzerGroup) AnalyzerVersions added in v0.37.0

func (ag *ConfigAnalyzerGroup) AnalyzerVersions() Versions

AnalyzerVersions returns analyzer version identifier used for cache keys.

type ConfigAnalyzerOptions added in v0.37.0

type ConfigAnalyzerOptions struct {
	FilePatterns         []string
	DisabledAnalyzers    []Type
	MisconfScannerOption misconf.ScannerOption
	SecretScannerOption  SecretScannerOption
}

ConfigAnalyzerOptions is used to initialize config analyzers

type CustomGroup

type CustomGroup interface {
	Group() Group
}

CustomGroup returns a group name for custom analyzers This is mainly intended to be used in Aqua products.

type Group

type Group string
const GroupBuiltin Group = "builtin"

type Initializer added in v0.32.0

type Initializer interface {
	Init(AnalyzerOptions) error
}

Initializer represents analyzers that need to take parameters from users

type LicenseScannerOption added in v0.34.0

type LicenseScannerOption struct {
	// Use license classifier to get better results though the classification is expensive.
	Full                      bool
	ClassifierConfidenceLevel float64
}

type Opener

type Opener func() (xio.ReadSeekCloserAt, error)

type PostAnalysisInput added in v0.38.0

type PostAnalysisInput struct {
	FS      fs.FS
	Options AnalysisOptions
}

type PostAnalyzer added in v0.38.0

type PostAnalyzer interface {
	Type() Type
	Version() int
	PostAnalyze(ctx context.Context, input PostAnalysisInput) (*AnalysisResult, error)
	Required(filePath string, info os.FileInfo) bool
}

type SecretScannerOption added in v0.32.0

type SecretScannerOption struct {
	ConfigPath string
}

type Type

type Type string
const (
	// ======
	//   OS
	// ======
	TypeOSRelease  Type = "os-release"
	TypeAlpine     Type = "alpine"
	TypeAmazon     Type = "amazon"
	TypeAzure      Type = "azurelinux"
	TypeCBLMariner Type = "cbl-mariner"
	TypeDebian     Type = "debian"
	TypePhoton     Type = "photon"
	TypeCentOS     Type = "centos"
	TypeRocky      Type = "rocky"
	TypeAlma       Type = "alma"
	TypeFedora     Type = "fedora"
	TypeOracle     Type = "oracle"
	TypeRedHatBase Type = "redhat"
	TypeSUSE       Type = "suse"
	TypeUbuntu     Type = "ubuntu"
	TypeUbuntuESM  Type = "ubuntu-esm"

	// OS Package
	TypeApk         Type = "apk"
	TypeDpkg        Type = "dpkg"
	TypeDpkgLicense Type = "dpkg-license" // For analyzing licenses
	TypeRpm         Type = "rpm"
	TypeRpmArchive  Type = "rpm-archive"
	TypeRpmqa       Type = "rpmqa"

	// OS Package Repository
	TypeApkRepo Type = "apk-repo"

	// Ruby
	TypeBundler Type = "bundler"
	TypeGemSpec Type = "gemspec"

	// Rust
	TypeRustBinary Type = "rustbinary"
	TypeCargo      Type = "cargo"

	// PHP
	TypeComposer       Type = "composer"
	TypeComposerVendor Type = "composer-vendor"

	// Java
	TypeJar        Type = "jar"
	TypePom        Type = "pom"
	TypeGradleLock Type = "gradle-lockfile"
	TypeSbtLock    Type = "sbt-lockfile"

	// Node.js
	TypeNpmPkgLock Type = "npm"
	TypeNodePkg    Type = "node-pkg"
	TypeYarn       Type = "yarn"
	TypePnpm       Type = "pnpm"

	// .NET
	TypeNuget         Type = "nuget"
	TypeDotNetCore    Type = "dotnet-core"
	TypePackagesProps Type = "packages-props"

	// Conda
	TypeCondaPkg Type = "conda-pkg"
	TypeCondaEnv Type = "conda-environment"

	// Python
	TypePythonPkg    Type = "python-pkg"
	TypePythonPkgEgg Type = "python-egg"
	TypePip          Type = "pip"
	TypePipenv       Type = "pipenv"
	TypePoetry       Type = "poetry"

	// Go
	TypeGoBinary Type = "gobinary"
	TypeGoMod    Type = "gomod"

	// C/C++
	TypeConanLock Type = "conan-lock"

	// Elixir
	TypeMixLock Type = "mix-lock"

	// Swift
	TypeSwift     Type = "swift"
	TypeCocoaPods Type = "cocoapods"

	// Dart
	TypePubSpecLock Type = "pubspec-lock"

	// Julia
	TypeJulia Type = "julia"

	// ============
	// Non-packaged
	// ============
	TypeExecutable Type = "executable"
	TypeSBOM       Type = "sbom"

	// ============
	// Image Config
	// ============
	TypeApkCommand        Type = "apk-command"
	TypeHistoryDockerfile Type = "history-dockerfile"
	TypeImageConfigSecret Type = "image-config-secret"

	// =================
	// Structured Config
	// =================
	TypeAzureARM              Type = Type(detection.FileTypeAzureARM)
	TypeCloudFormation        Type = Type(detection.FileTypeCloudFormation)
	TypeDockerfile            Type = Type(detection.FileTypeDockerfile)
	TypeHelm                  Type = Type(detection.FileTypeHelm)
	TypeKubernetes            Type = Type(detection.FileTypeKubernetes)
	TypeTerraform             Type = Type(detection.FileTypeTerraform)
	TypeTerraformPlanJSON     Type = Type(detection.FileTypeTerraformPlanJSON)
	TypeTerraformPlanSnapshot Type = Type(detection.FileTypeTerraformPlanSnapshot)
	TypeYAML                  Type = Type(detection.FileTypeYAML)
	TypeJSON                  Type = Type(detection.FileTypeJSON)

	// ========
	// License
	// ========
	TypeLicenseFile Type = "license-file"

	// ========
	// Secrets
	// ========
	TypeSecret Type = "secret"

	// =======
	// Red Hat
	// =======
	TypeRedHatContentManifestType Type = "redhat-content-manifest"
	TypeRedHatDockerfileType      Type = "redhat-dockerfile"
)

type Versions added in v0.38.0

type Versions struct {
	Analyzers     map[string]int
	PostAnalyzers map[string]int
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL