Merge pull request #6665 from liorj-orca/broken_symlink

fix(engine): skip broken symlink/eloop

e2e/fixtures/E2E_CLI_067_PAYLOAD.json

@@ -0,0 +1,3 @@
+{
+  "document": []
+}

e2e/testcases/e2e-cli-067_ingore_broken_symlink_eloop.go

@@ -0,0 +1,22 @@
+// Package testcases provides end-to-end (E2E) testing functionality for the application.
+package testcases
+
+// E2E-CLI-067 - KICS  scan but ignore broken symlinks and symlinks that create endless loops
+// should perform the scan successfully and return exit code 0
+func init() { //nolint
+	testSample := TestCase{
+		Name: "should perform a valid scan but ignore broken symlinks and symlinks that create endless loops [E2E-CLI-067]",
+		Args: args{
+			Args: []cmdArgs{
+				[]string{"scan", "-p", "\"/path/test/fixtures/link_test/broken_symlink\"", "\"/path/test/fixtures/link_test/eloop_link\"",
+					"--silent", "--payload-path", "/path/e2e/output/E2E_CLI_067_PAYLOAD.json"},
+			},
+			ExpectedPayload: []string{
+				"E2E_CLI_067_PAYLOAD.json",
+			},
+		},
+		WantStatus: []int{0},
+	}
+
+	Tests = append(Tests, testSample)
+}

pkg/engine/provider/extract.go

@@ -131,6 +131,9 @@ func GetSources(source []string) (ExtractedPath, error) {
 
 		getterDst, err := getPaths(&goGetter)
 		if err != nil {
+			if ignoreDamagedFiles(path) {
+				continue
+			}
 			log.Error().Msgf("%s", err)
 			return ExtractedPath{}, err
 		}

pkg/engine/provider/extract_test.go

@@ -72,6 +72,16 @@ func TestProvider_GetSources(t *testing.T) {
 			wantErr: true,
 			want:    "",
 		},
+		{
+			name: "broken_sym_link",
+			args: args{
+				source: []string{
+					"test/fixtures/link_test/broken_symlink",
+				},
+			},
+			wantErr: false,
+			want:    "",
+		},
 	}
 
 	for _, tt := range tests {

pkg/engine/provider/filesystem.go

@@ -3,10 +3,12 @@ package provider
 import (
 	"context"
 	"fmt"
+	ioFs "io/fs"
 	"os"
 	"path/filepath"
 	"strings"
 	"sync"
+	"syscall"
 
 	sentryReport "github.com/Checkmarx/kics/internal/sentry"
 	"github.com/Checkmarx/kics/pkg/model"
@@ -60,6 +62,11 @@ func (s *FileSystemSourceProvider) AddExcluded(excludePaths []string) error {
 			if os.IsNotExist(err) {
 				continue
 			}
+			if sysErr, ok := err.(*ioFs.PathError); ok {
+				log.Warn().Msgf("Failed getting file info for file '%s', Skipping due to: %s, Error number: %d",
+					excludePath, sysErr, sysErr.Err.(syscall.Errno))
+				continue
+			}
 			return errors.Wrap(err, "failed to open excluded file")
 		}
 		s.mu.Lock()

pkg/engine/provider/filesystem_test.go

@@ -386,6 +386,19 @@ func TestFileSystemSourceProvider_AddExcluded(t *testing.T) {
 		want    []string
 		wantErr bool
 	}{
+		{
+			name: "test_too_many_levels_of_symbolic_links",
+			fields: fields{
+				fs: fsystem,
+			},
+			args: args{
+				excludePaths: []string{
+					"test/fixtures/link_test/eloop_link",
+				},
+			},
+			want:    []string{},
+			wantErr: false,
+		},
 		{
 			name: "test_add_excluded",
 			fields: fields{

pkg/scan/utils.go

@@ -47,7 +47,9 @@ func (c *Client) prepareAndAnalyzePaths(ctx context.Context) (provider.Extracted
 	}
 
 	allPaths := combinePaths(terraformerExPaths, kuberneterExPaths, regularExPaths, queryExPaths, libExPaths)
-
+	if len(allPaths.Path) == 0 {
+		return provider.ExtractedPath{}, nil
+	}
 	log.Info().Msgf("Total files in the project: %d", getTotalFiles(allPaths.Path))
 
 	a := &analyzer.Analyzer{

test/fixtures/link_test/broken_symlink

@@ -0,0 +1 @@
+doesnotexist/test

test/fixtures/link_test/eloop_link

@@ -0,0 +1 @@
+eloop_link