mirror of
https://github.com/anchore/syft.git
synced 2025-11-17 16:33:21 +01:00
9ec09add67
* add initial secrets cataloger Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update ETUI elements with new catalogers (file metadata, digests, and secrets) Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update secrets cataloger to read full contents into memory for searching Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * quick prototype of parallelization secret regex search Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * quick prototype with single aggregated regex Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * quick prototype for secret search line-by-line Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * quick prototype hybrid secrets search Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add secrets cataloger with line strategy Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * adjust verbiage towards SearchResults instead of Secrets + add tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update json schema with secrets cataloger results Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * address PR comments Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update readme with secrets config options Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * ensure file catalogers call AllLocations once Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
159 lines
3.5 KiB
Go
159 lines
3.5 KiB
Go
package cmd
|
|
|
|
import (
|
|
"crypto"
|
|
"fmt"
|
|
|
|
"github.com/anchore/syft/internal/presenter/poweruser"
|
|
"github.com/anchore/syft/syft"
|
|
"github.com/anchore/syft/syft/file"
|
|
"github.com/anchore/syft/syft/source"
|
|
)
|
|
|
|
type powerUserTask func(*poweruser.JSONDocumentConfig, source.Source) error
|
|
|
|
func powerUserTasks() ([]powerUserTask, error) {
|
|
var tasks []powerUserTask
|
|
|
|
generators := []func() (powerUserTask, error){
|
|
catalogPackagesTask,
|
|
catalogFileMetadataTask,
|
|
catalogFileDigestsTask,
|
|
catalogSecretsTask,
|
|
}
|
|
|
|
for _, generator := range generators {
|
|
task, err := generator()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if task != nil {
|
|
tasks = append(tasks, task)
|
|
}
|
|
}
|
|
|
|
return tasks, nil
|
|
}
|
|
|
|
func catalogPackagesTask() (powerUserTask, error) {
|
|
if !appConfig.Package.Cataloger.Enabled {
|
|
return nil, nil
|
|
}
|
|
|
|
task := func(results *poweruser.JSONDocumentConfig, src source.Source) error {
|
|
packageCatalog, theDistro, err := syft.CatalogPackages(src, appConfig.Package.Cataloger.ScopeOpt)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
results.PackageCatalog = packageCatalog
|
|
results.Distro = theDistro
|
|
|
|
return nil
|
|
}
|
|
|
|
return task, nil
|
|
}
|
|
|
|
func catalogFileMetadataTask() (powerUserTask, error) {
|
|
if !appConfig.FileMetadata.Cataloger.Enabled {
|
|
return nil, nil
|
|
}
|
|
|
|
metadataCataloger := file.NewMetadataCataloger()
|
|
|
|
task := func(results *poweruser.JSONDocumentConfig, src source.Source) error {
|
|
resolver, err := src.FileResolver(appConfig.FileMetadata.Cataloger.ScopeOpt)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
result, err := metadataCataloger.Catalog(resolver)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
results.FileMetadata = result
|
|
return nil
|
|
}
|
|
|
|
return task, nil
|
|
}
|
|
|
|
func catalogFileDigestsTask() (powerUserTask, error) {
|
|
if !appConfig.FileMetadata.Cataloger.Enabled {
|
|
return nil, nil
|
|
}
|
|
|
|
supportedHashAlgorithms := make(map[string]crypto.Hash)
|
|
for _, h := range []crypto.Hash{
|
|
crypto.MD5,
|
|
crypto.SHA1,
|
|
crypto.SHA256,
|
|
} {
|
|
supportedHashAlgorithms[file.DigestAlgorithmName(h)] = h
|
|
}
|
|
|
|
var hashes []crypto.Hash
|
|
for _, hashStr := range appConfig.FileMetadata.Digests {
|
|
name := file.CleanDigestAlgorithmName(hashStr)
|
|
hashObj, ok := supportedHashAlgorithms[name]
|
|
if !ok {
|
|
return nil, fmt.Errorf("unsupported hash algorithm: %s", hashStr)
|
|
}
|
|
hashes = append(hashes, hashObj)
|
|
}
|
|
|
|
digestsCataloger, err := file.NewDigestsCataloger(hashes)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
task := func(results *poweruser.JSONDocumentConfig, src source.Source) error {
|
|
resolver, err := src.FileResolver(appConfig.FileMetadata.Cataloger.ScopeOpt)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
result, err := digestsCataloger.Catalog(resolver)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
results.FileDigests = result
|
|
return nil
|
|
}
|
|
|
|
return task, nil
|
|
}
|
|
|
|
func catalogSecretsTask() (powerUserTask, error) {
|
|
if !appConfig.Secrets.Cataloger.Enabled {
|
|
return nil, nil
|
|
}
|
|
|
|
patterns, err := file.GenerateSearchPatterns(file.DefaultSecretsPatterns, appConfig.Secrets.AdditionalPatterns, appConfig.Secrets.ExcludePatternNames)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
secretsCataloger, err := file.NewSecretsCataloger(patterns, appConfig.Secrets.RevealValues, appConfig.Secrets.SkipFilesAboveSize)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
task := func(results *poweruser.JSONDocumentConfig, src source.Source) error {
|
|
resolver, err := src.FileResolver(appConfig.Secrets.Cataloger.ScopeOpt)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
result, err := secretsCataloger.Catalog(resolver)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
results.Secrets = result
|
|
return nil
|
|
}
|
|
|
|
return task, nil
|
|
}
|