feat(misconf): scanning support for YAML and JSON

Signed-off-by: nikpivkin <[email protected]>
aquasecurity · Aug 6, 2024 · 210294a · 210294a
1 parent fd8348d
commit 210294a
Show file tree

Hide file tree

Showing 5 changed files with 102 additions and 8 deletions.
diff --git a/pkg/fanal/analyzer/config/all/import.go b/pkg/fanal/analyzer/config/all/import.go
@@ -5,8 +5,10 @@ import (
 	_ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/config/cloudformation"
 	_ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/config/dockerfile"
 	_ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/config/helm"
+	_ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/config/json"
 	_ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/config/k8s"
 	_ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/config/terraform"
 	_ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/config/terraformplan/json"
 	_ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/config/terraformplan/snapshot"
+	_ "github.com/aquasecurity/trivy/pkg/fanal/analyzer/config/yaml"
 )
diff --git a/pkg/fanal/analyzer/config/json/json.go b/pkg/fanal/analyzer/config/json/json.go
@@ -0,0 +1,36 @@
+package json
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
+	"github.com/aquasecurity/trivy/pkg/fanal/analyzer/config"
+	"github.com/aquasecurity/trivy/pkg/misconf"
+)
+
+const (
+	analyzerType = analyzer.TypeJSON
+	version      = 1
+)
+
+func init() {
+	analyzer.RegisterPostAnalyzer(analyzerType, newJSONConfigAnalyzer)
+}
+
+// jsonConfigAnalyzer analyzes JSON files
+type jsonConfigAnalyzer struct {
+	*config.Analyzer
+}
+
+func newJSONConfigAnalyzer(opts analyzer.AnalyzerOptions) (analyzer.PostAnalyzer, error) {
+	a, err := config.NewAnalyzer(analyzerType, version, misconf.NewJSONScanner, opts)
+	if err != nil {
+		return nil, err
+	}
+	return &jsonConfigAnalyzer{Analyzer: a}, nil
+}
+
+func (*jsonConfigAnalyzer) Required(filePath string, _ os.FileInfo) bool {
+	return filepath.Ext(filePath) == ".json"
+}
diff --git a/pkg/fanal/analyzer/config/yaml/yaml.go b/pkg/fanal/analyzer/config/yaml/yaml.go
@@ -0,0 +1,36 @@
+package yaml
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
+	"github.com/aquasecurity/trivy/pkg/fanal/analyzer/config"
+	"github.com/aquasecurity/trivy/pkg/misconf"
+)
+
+const (
+	analyzerType = analyzer.TypeYAML
+	version      = 1
+)
+
+func init() {
+	analyzer.RegisterPostAnalyzer(analyzerType, newYAMLConfigAnalyzer)
+}
+
+// yamlConfigAnalyzer analyzes YAML files
+type yamlConfigAnalyzer struct {
+	*config.Analyzer
+}
+
+func newYAMLConfigAnalyzer(opts analyzer.AnalyzerOptions) (analyzer.PostAnalyzer, error) {
+	a, err := config.NewAnalyzer(analyzerType, version, misconf.NewYAMLScanner, opts)
+	if err != nil {
+		return nil, err
+	}
+	return &yamlConfigAnalyzer{Analyzer: a}, nil
+}
+
+func (*yamlConfigAnalyzer) Required(filePath string, _ os.FileInfo) bool {
+	return filepath.Ext(filePath) == ".yaml" || filepath.Ext(filePath) == ".yml"
+}
diff --git a/pkg/fanal/analyzer/const.go b/pkg/fanal/analyzer/const.go
@@ -124,6 +124,8 @@ const (
 	TypeTerraform             Type = Type(detection.FileTypeTerraform)
 	TypeTerraformPlanJSON     Type = Type(detection.FileTypeTerraformPlanJSON)
 	TypeTerraformPlanSnapshot Type = Type(detection.FileTypeTerraformPlanSnapshot)
+	TypeYAML                  Type = Type(detection.FileTypeYAML)
+	TypeJSON                  Type = Type(detection.FileTypeJSON)
 
 	// ========
 	// License
@@ -245,5 +247,7 @@ var (
 		TypeTerraform,
 		TypeTerraformPlanJSON,
 		TypeTerraformPlanSnapshot,
+		TypeYAML,
+		TypeJSON,
 	}
 )
diff --git a/pkg/misconf/scanner.go b/pkg/misconf/scanner.go
@@ -22,12 +22,14 @@ import (
 	cfscanner "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation"
 	cfparser "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser"
 	dfscanner "github.com/aquasecurity/trivy/pkg/iac/scanners/dockerfile"
-	helm2 "github.com/aquasecurity/trivy/pkg/iac/scanners/helm"
+	"github.com/aquasecurity/trivy/pkg/iac/scanners/helm"
+	jsonscanner "github.com/aquasecurity/trivy/pkg/iac/scanners/json"
 	k8sscanner "github.com/aquasecurity/trivy/pkg/iac/scanners/kubernetes"
 	"github.com/aquasecurity/trivy/pkg/iac/scanners/options"
 	"github.com/aquasecurity/trivy/pkg/iac/scanners/terraform"
 	tfprawscanner "github.com/aquasecurity/trivy/pkg/iac/scanners/terraformplan/snapshot"
 	tfpjsonscanner "github.com/aquasecurity/trivy/pkg/iac/scanners/terraformplan/tfjson"
+	yamlscanner "github.com/aquasecurity/trivy/pkg/iac/scanners/yaml"
 	"github.com/aquasecurity/trivy/pkg/log"
 	"github.com/aquasecurity/trivy/pkg/mapfs"
 
@@ -112,6 +114,14 @@ func NewTerraformPlanSnapshotScanner(filePatterns []string, opt ScannerOption) (
 	return newScanner(detection.FileTypeTerraformPlanSnapshot, filePatterns, opt)
 }
 
+func NewYAMLScanner(filePatterns []string, opt ScannerOption) (*Scanner, error) {
+	return newScanner(detection.FileTypeYAML, filePatterns, opt)
+}
+
+func NewJSONScanner(filePatterns []string, opt ScannerOption) (*Scanner, error) {
+	return newScanner(detection.FileTypeJSON, filePatterns, opt)
+}
+
 func newScanner(t detection.FileType, filePatterns []string, opt ScannerOption) (*Scanner, error) {
 	opts, err := scannerOptions(t, opt)
 	if err != nil {
@@ -127,7 +137,7 @@ func newScanner(t detection.FileType, filePatterns []string, opt ScannerOption)
 	case detection.FileTypeDockerfile:
 		scanner = dfscanner.NewScanner(opts...)
 	case detection.FileTypeHelm:
-		scanner = helm2.New(opts...)
+		scanner = helm.New(opts...)
 	case detection.FileTypeKubernetes:
 		scanner = k8sscanner.NewScanner(opts...)
 	case detection.FileTypeTerraform:
@@ -136,6 +146,12 @@ func newScanner(t detection.FileType, filePatterns []string, opt ScannerOption)
 		scanner = tfpjsonscanner.New(opts...)
 	case detection.FileTypeTerraformPlanSnapshot:
 		scanner = tfprawscanner.New(opts...)
+	case detection.FileTypeYAML:
+		scanner = yamlscanner.NewScanner(opts...)
+	case detection.FileTypeJSON:
+		scanner = jsonscanner.NewScanner(opts...)
+	default:
+		return nil, xerrors.Errorf("unknown file type: %s", t)
 	}
 
 	return &Scanner{
@@ -320,27 +336,27 @@ func addCFOpts(opts []options.ScannerOption, scannerOption ScannerOption) ([]opt
 
 func addHelmOpts(opts []options.ScannerOption, scannerOption ScannerOption) []options.ScannerOption {
 	if len(scannerOption.HelmValueFiles) > 0 {
-		opts = append(opts, helm2.ScannerWithValuesFile(scannerOption.HelmValueFiles...))
+		opts = append(opts, helm.ScannerWithValuesFile(scannerOption.HelmValueFiles...))
 	}
 
 	if len(scannerOption.HelmValues) > 0 {
-		opts = append(opts, helm2.ScannerWithValues(scannerOption.HelmValues...))
+		opts = append(opts, helm.ScannerWithValues(scannerOption.HelmValues...))
 	}
 
 	if len(scannerOption.HelmFileValues) > 0 {
-		opts = append(opts, helm2.ScannerWithFileValues(scannerOption.HelmFileValues...))
+		opts = append(opts, helm.ScannerWithFileValues(scannerOption.HelmFileValues...))
 	}
 
 	if len(scannerOption.HelmStringValues) > 0 {
-		opts = append(opts, helm2.ScannerWithStringValues(scannerOption.HelmStringValues...))
+		opts = append(opts, helm.ScannerWithStringValues(scannerOption.HelmStringValues...))
 	}
 
 	if len(scannerOption.HelmAPIVersions) > 0 {
-		opts = append(opts, helm2.ScannerWithAPIVersions(scannerOption.HelmAPIVersions...))
+		opts = append(opts, helm.ScannerWithAPIVersions(scannerOption.HelmAPIVersions...))
 	}
 
 	if scannerOption.HelmKubeVersion != "" {
-		opts = append(opts, helm2.ScannerWithKubeVersion(scannerOption.HelmKubeVersion))
+		opts = append(opts, helm.ScannerWithKubeVersion(scannerOption.HelmKubeVersion))
 	}
 
 	return opts