analyzer

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 18, 2023 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (

	// ErrUnknownOS occurs when unknown OS is analyzed.
	ErrUnknownOS = xerrors.New("unknown OS")
	// ErrPkgAnalysis occurs when the analysis of packages is failed.
	ErrPkgAnalysis = xerrors.New("failed to analyze packages")
	// ErrNoPkgsDetected occurs when the required files for an OS package manager are not detected
	ErrNoPkgsDetected = xerrors.New("no packages detected")
)

Functions

func DeregisterAnalyzer

func DeregisterAnalyzer(t Type)

DeregisterAnalyzer is mainly for testing

func DeregisterConfigAnalyzer

func DeregisterConfigAnalyzer(t Type)

DeregisterConfigAnalyzer is mainly for testing

func RegisterAnalyzer

func RegisterAnalyzer(analyzer analyzer)

func RegisterConfigAnalyzer

func RegisterConfigAnalyzer(t Type, init configAnalyzerConstructor)

RegisterConfigAnalyzer adds a constructor of config analyzer

func RegisterPostAnalyzer

func RegisterPostAnalyzer(t Type, initializer postAnalyzerInitialize)

Types

type AnalysisInput

type AnalysisInput struct {
	Dir      string
	FilePath string
	Info     os.FileInfo
	Content  dio.ReadSeekerAt

	Options AnalysisOptions
}

type AnalysisOptions

type AnalysisOptions struct {
	Offline      bool
	FileChecksum bool
}

type AnalysisResult

type AnalysisResult struct {
	OS                   types.OS
	Repository           *types.Repository
	PackageInfos         []types.PackageInfo
	Applications         []types.Application
	Misconfigurations    []types.Misconfiguration
	Secrets              []types.Secret
	Licenses             []types.LicenseFile
	SystemInstalledFiles []string // A list of files installed by OS package manager

	// Digests contains SHA-256 digests of unpackaged files
	// used to search for SBOM attestation.
	Digests map[string]string

	// For Red Hat
	BuildInfo *types.BuildInfo

	// CustomResources hold analysis results from custom analyzers.
	// It is for extensibility and not used in OSS.
	CustomResources []types.CustomResource
	// contains filtered or unexported fields
}

func NewAnalysisResult

func NewAnalysisResult() *AnalysisResult

func (*AnalysisResult) Merge

func (r *AnalysisResult) Merge(new *AnalysisResult)

func (*AnalysisResult) Sort

func (r *AnalysisResult) Sort()

type AnalyzerGroup

type AnalyzerGroup struct {
	// contains filtered or unexported fields
}

func NewAnalyzerGroup

func NewAnalyzerGroup(opt AnalyzerOptions) (AnalyzerGroup, error)

func (AnalyzerGroup) AnalyzeFile

func (ag AnalyzerGroup) AnalyzeFile(ctx context.Context, wg *sync.WaitGroup, limit *semaphore.Weighted, result *AnalysisResult,
	dir, filePath string, info os.FileInfo, opener Opener, disabled []Type, opts AnalysisOptions) error

AnalyzeFile determines which files are required by the analyzers based on the file name and attributes, and passes only those files to the analyzer for analysis. This function may be called concurrently and must be thread-safe.

func (AnalyzerGroup) AnalyzerVersions

func (ag AnalyzerGroup) AnalyzerVersions() Versions

AnalyzerVersions returns analyzer version identifier used for cache keys.

func (AnalyzerGroup) PostAnalyze

func (ag AnalyzerGroup) PostAnalyze(ctx context.Context, compositeFS *CompositeFS, result *AnalysisResult, opts AnalysisOptions) error

PostAnalyze passes a virtual filesystem containing only required files and passes it to the respective post-analyzer. The obtained results are merged into the "result". This function may be called concurrently and must be thread-safe.

func (AnalyzerGroup) PostAnalyzerFS

func (ag AnalyzerGroup) PostAnalyzerFS() (*CompositeFS, error)

PostAnalyzerFS returns a composite filesystem that contains multiple filesystems for each post-analyzer

func (AnalyzerGroup) RequiredPostAnalyzers

func (ag AnalyzerGroup) RequiredPostAnalyzers(filePath string, info os.FileInfo) []Type

RequiredPostAnalyzers returns a list of analyzer types that require the given file.

type AnalyzerOptions

type AnalyzerOptions struct {
	Group                Group
	Slow                 bool
	FilePatterns         []string
	DisabledAnalyzers    []Type
	MisconfScannerOption misconf.ScannerOption
	SecretScannerOption  SecretScannerOption
	LicenseScannerOption LicenseScannerOption
}

AnalyzerOptions is used to initialize analyzers

type CompositeFS

type CompositeFS struct {
	// contains filtered or unexported fields
}

CompositeFS contains multiple filesystems for post-analyzers

func NewCompositeFS

func NewCompositeFS(group AnalyzerGroup) (*CompositeFS, error)

func (*CompositeFS) Cleanup

func (c *CompositeFS) Cleanup() error

Cleanup removes the temporary directory

func (*CompositeFS) CopyFileToTemp

func (c *CompositeFS) CopyFileToTemp(opener Opener, info os.FileInfo) (string, error)

CopyFileToTemp takes a file path and information, opens the file, copies its contents to a temporary file

func (c *CompositeFS) CreateLink(analyzerTypes []Type, rootDir, virtualPath, realPath string) error

CreateLink creates a link in the virtual filesystem that corresponds to a real file. The linked virtual file will have the same path as the real file path provided.

func (*CompositeFS) Get

func (c *CompositeFS) Get(t Type) (*mapfs.FS, bool)

Get returns the fs.FS for the specified post-analyzer

func (*CompositeFS) Set

func (c *CompositeFS) Set(t Type, fs *mapfs.FS)

Set sets the fs.FS for the specified post-analyzer

type ConfigAnalysisInput

type ConfigAnalysisInput struct {
	OS     types.OS
	Config *v1.ConfigFile
}

type ConfigAnalysisResult

type ConfigAnalysisResult struct {
	Misconfiguration *types.Misconfiguration
	Secret           *types.Secret
	HistoryPackages  types.Packages
}

func (*ConfigAnalysisResult) Merge

type ConfigAnalyzer

type ConfigAnalyzer interface {
	Type() Type
	Version() int
	Analyze(ctx context.Context, input ConfigAnalysisInput) (*ConfigAnalysisResult, error)
	Required(osFound types.OS) bool
}

ConfigAnalyzer defines an interface for analyzer of container image config

type ConfigAnalyzerGroup

type ConfigAnalyzerGroup struct {
	// contains filtered or unexported fields
}

func NewConfigAnalyzerGroup

func NewConfigAnalyzerGroup(opts ConfigAnalyzerOptions) (ConfigAnalyzerGroup, error)

func (*ConfigAnalyzerGroup) AnalyzeImageConfig

func (ag *ConfigAnalyzerGroup) AnalyzeImageConfig(ctx context.Context, targetOS types.OS, config *v1.ConfigFile) *ConfigAnalysisResult

func (*ConfigAnalyzerGroup) AnalyzerVersions

func (ag *ConfigAnalyzerGroup) AnalyzerVersions() Versions

AnalyzerVersions returns analyzer version identifier used for cache keys.

type ConfigAnalyzerOptions

type ConfigAnalyzerOptions struct {
	FilePatterns         []string
	DisabledAnalyzers    []Type
	MisconfScannerOption misconf.ScannerOption
	SecretScannerOption  SecretScannerOption
}

ConfigAnalyzerOptions is used to initialize config analyzers

type CustomGroup

type CustomGroup interface {
	Group() Group
}

CustomGroup returns a group name for custom analyzers This is mainly intended to be used in KhulnaSoft products.

type Group

type Group string
const GroupBuiltin Group = "builtin"

type Initializer

type Initializer interface {
	Init(AnalyzerOptions) error
}

Initializer represents analyzers that need to take parameters from users

type LicenseScannerOption

type LicenseScannerOption struct {
	// Use license classifier to get better results though the classification is expensive.
	Full                      bool
	ClassifierConfidenceLevel float64
}

type Opener

type Opener func() (dio.ReadSeekCloserAt, error)

type PostAnalysisInput

type PostAnalysisInput struct {
	FS      fs.FS
	Options AnalysisOptions
}

type PostAnalyzer

type PostAnalyzer interface {
	Type() Type
	Version() int
	PostAnalyze(ctx context.Context, input PostAnalysisInput) (*AnalysisResult, error)
	Required(filePath string, info os.FileInfo) bool
}

type SecretScannerOption

type SecretScannerOption struct {
	ConfigPath string
}

type Type

type Type string
const (
	// ======
	//   OS
	// ======
	TypeOSRelease  Type = "os-release"
	TypeAlpine     Type = "alpine"
	TypeAmazon     Type = "amazon"
	TypeCBLMariner Type = "cbl-mariner"
	TypeDebian     Type = "debian"
	TypePhoton     Type = "photon"
	TypeCentOS     Type = "centos"
	TypeRocky      Type = "rocky"
	TypeAlma       Type = "alma"
	TypeFedora     Type = "fedora"
	TypeOracle     Type = "oracle"
	TypeRedHatBase Type = "redhat"
	TypeSUSE       Type = "suse"
	TypeUbuntu     Type = "ubuntu"
	TypeUbuntuESM  Type = "ubuntu-esm"

	// OS Package
	TypeApk         Type = "apk"
	TypeDpkg        Type = "dpkg"
	TypeDpkgLicense Type = "dpkg-license" // For analyzing licenses
	TypeRpm         Type = "rpm"
	TypeRpmqa       Type = "rpmqa"

	// OS Package Repository
	TypeApkRepo Type = "apk-repo"

	// Ruby
	TypeBundler Type = "bundler"
	TypeGemSpec Type = "gemspec"

	// Rust
	TypeRustBinary Type = "rustbinary"
	TypeCargo      Type = "cargo"

	// PHP
	TypeComposer Type = "composer"

	// Java
	TypeJar        Type = "jar"
	TypePom        Type = "pom"
	TypeGradleLock Type = "gradle-lockfile"

	// Node.js
	TypeNpmPkgLock Type = "npm"
	TypeNodePkg    Type = "node-pkg"
	TypeYarn       Type = "yarn"
	TypePnpm       Type = "pnpm"

	// .NET
	TypeNuget      Type = "nuget"
	TypeDotNetCore Type = "dotnet-core"

	// Conda
	TypeCondaPkg Type = "conda-pkg"

	// Python
	TypePythonPkg Type = "python-pkg"
	TypePip       Type = "pip"
	TypePipenv    Type = "pipenv"
	TypePoetry    Type = "poetry"

	// Go
	TypeGoBinary Type = "gobinary"
	TypeGoMod    Type = "gomod"

	// C/C++
	TypeConanLock Type = "conan-lock"

	// Elixir
	TypeMixLock Type = "mix-lock"

	// Swift
	TypeCocoaPods Type = "cocoapods"

	// Dart
	TypePubSpecLock Type = "pubspec-lock"

	// ============
	// Non-packaged
	// ============
	TypeExecutable Type = "executable"
	TypeSBOM       Type = "sbom"

	// ============
	// Image Config
	// ============
	TypeApkCommand        Type = "apk-command"
	TypeHistoryDockerfile Type = "history-dockerfile"
	TypeImageConfigSecret Type = "image-config-secret"

	// =================
	// Structured Config
	// =================
	TypeAzureARM       Type = Type(detection.FileTypeAzureARM)
	TypeCloudFormation Type = Type(detection.FileTypeCloudFormation)
	TypeDockerfile     Type = Type(detection.FileTypeDockerfile)
	TypeHelm           Type = Type(detection.FileTypeHelm)
	TypeKubernetes     Type = Type(detection.FileTypeKubernetes)
	TypeTerraform      Type = Type(detection.FileTypeTerraform)
	TypeTerraformPlan  Type = Type(detection.FileTypeTerraformPlan)

	// ========
	// License
	// ========
	TypeLicenseFile Type = "license-file"

	// ========
	// Secrets
	// ========
	TypeSecret Type = "secret"

	// =======
	// Red Hat
	// =======
	TypeRedHatContentManifestType Type = "redhat-content-manifest"
	TypeRedHatDockerfileType      Type = "redhat-dockerfile"
)

type Versions

type Versions struct {
	Analyzers     map[string]int
	PostAnalyzers map[string]int
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL