feat: add post handler (#460)

Co-authored-by: Liam Galvin <liam.galvin@aquasec.com> Co-authored-by: Liam Galvin <liamgalvin@protonmail.com>
aquasecurity · May 9, 2022 · f852893 · f852893
1 parent 4b33c6d
commit f852893
Show file tree

Hide file tree

Showing 141 changed files with 3,232 additions and 5,442 deletions.
diff --git a/analyzer/analyzer.go b/analyzer/analyzer.go
@@ -62,12 +62,6 @@ type Group string
 
 const GroupBuiltin Group = "builtin"
 
-// CustomGroup returns a group name for custom analyzers
-// This is mainly intended to be used in Aqua products.
-type CustomGroup interface {
-	Group() Group
-}
-
 func RegisterAnalyzer(analyzer analyzer) {
 	analyzers[analyzer.Type()] = analyzer
 }
@@ -76,18 +70,30 @@ func RegisterConfigAnalyzer(analyzer configAnalyzer) {
 	configAnalyzers[analyzer.Type()] = analyzer
 }
 
+// CustomGroup returns a group name for custom analyzers
+// This is mainly intended to be used in Aqua products.
+type CustomGroup interface {
+	Group() Group
+}
+
 type Opener func() (dio.ReadSeekCloserAt, error)
 
+type AnalyzerGroup struct {
+	analyzers       []analyzer
+	configAnalyzers []configAnalyzer
+}
+
 type AnalysisResult struct {
 	m                    sync.Mutex
 	OS                   *types.OS
 	Repository           *types.Repository
 	PackageInfos         []types.PackageInfo
 	Applications         []types.Application
-	Configs              []types.Config
 	Secrets              []types.Secret
 	SystemInstalledFiles []string // A list of files installed by OS package manager
 
+	Files map[types.HandlerType][]types.File
+
 	// For Red Hat
 	BuildInfo *types.BuildInfo
 
@@ -96,10 +102,15 @@ type AnalysisResult struct {
 	CustomResources []types.CustomResource
 }
 
+func NewAnalysisResult() *AnalysisResult {
+	result := new(AnalysisResult)
+	result.Files = map[types.HandlerType][]types.File{}
+	return result
+}
+
 func (r *AnalysisResult) isEmpty() bool {
 	return r.OS == nil && r.Repository == nil && len(r.PackageInfos) == 0 && len(r.Applications) == 0 &&
-		len(r.Configs) == 0 && len(r.Secrets) == 0 && len(r.SystemInstalledFiles) == 0 && r.BuildInfo == nil &&
-		len(r.CustomResources) == 0
+		len(r.Secrets) == 0 && len(r.SystemInstalledFiles) == 0 && r.BuildInfo == nil && len(r.Files) == 0 && len(r.CustomResources) == 0
 }
 
 func (r *AnalysisResult) Sort() {
@@ -126,6 +137,12 @@ func (r *AnalysisResult) Sort() {
 		})
 	}
 
+	for _, files := range r.Files {
+		sort.Slice(files, func(i, j int) bool {
+			return files[i].Path < files[j].Path
+		})
+	}
+
 	// Secrets
 	sort.Slice(r.Secrets, func(i, j int) bool {
 		return r.Secrets[i].FilePath < r.Secrets[j].FilePath
@@ -170,7 +187,14 @@ func (r *AnalysisResult) Merge(new *AnalysisResult) {
 		r.Applications = append(r.Applications, new.Applications...)
 	}
 
-	r.Configs = append(r.Configs, new.Configs...)
+	for t, files := range new.Files {
+		if v, ok := r.Files[t]; ok {
+			r.Files[t] = append(v, files...)
+		} else {
+			r.Files[t] = files
+		}
+	}
+
 	r.Secrets = append(r.Secrets, new.Secrets...)
 	r.SystemInstalledFiles = append(r.SystemInstalledFiles, new.SystemInstalledFiles...)
 
@@ -193,9 +217,20 @@ func (r *AnalysisResult) Merge(new *AnalysisResult) {
 	r.CustomResources = append(r.CustomResources, new.CustomResources...)
 }
 
-type AnalyzerGroup struct {
-	analyzers       []analyzer
-	configAnalyzers []configAnalyzer
+func belongToGroup(groupName Group, analyzerType Type, disabledAnalyzers []Type, analyzer any) bool {
+	if slices.Contains(disabledAnalyzers, analyzerType) {
+		return false
+	}
+
+	analyzerGroupName := GroupBuiltin
+	if cg, ok := analyzer.(CustomGroup); ok {
+		analyzerGroupName = cg.Group()
+	}
+	if analyzerGroupName != groupName {
+		return false
+	}
+
+	return true
 }
 
 func NewAnalyzerGroup(groupName Group, disabledAnalyzers []Type) AnalyzerGroup {
@@ -205,23 +240,14 @@ func NewAnalyzerGroup(groupName Group, disabledAnalyzers []Type) AnalyzerGroup {
 
 	var group AnalyzerGroup
 	for analyzerType, a := range analyzers {
-		if isDisabled(analyzerType, disabledAnalyzers) {
+		if !belongToGroup(groupName, analyzerType, disabledAnalyzers, a) {
 			continue
 		}
-
-		analyzerGroupName := GroupBuiltin
-		if cg, ok := a.(CustomGroup); ok {
-			analyzerGroupName = cg.Group()
-		}
-		if analyzerGroupName != groupName {
-			continue
-		}
-
 		group.analyzers = append(group.analyzers, a)
 	}
 
 	for analyzerType, a := range configAnalyzers {
-		if isDisabled(analyzerType, disabledAnalyzers) {
+		if slices.Contains(disabledAnalyzers, analyzerType) {
 			continue
 		}
 		group.configAnalyzers = append(group.configAnalyzers, a)
@@ -233,8 +259,8 @@ func NewAnalyzerGroup(groupName Group, disabledAnalyzers []Type) AnalyzerGroup {
 // AnalyzerVersions returns analyzer version identifier used for cache keys.
 func (ag AnalyzerGroup) AnalyzerVersions() map[string]int {
 	versions := map[string]int{}
-	for _, aa := range ag.analyzers {
-		versions[string(aa.Type())] = aa.Version()
+	for _, a := range ag.analyzers {
+		versions[string(a.Type())] = a.Version()
 	}
 	return versions
 }
@@ -253,6 +279,7 @@ func (ag AnalyzerGroup) AnalyzeFile(ctx context.Context, wg *sync.WaitGroup, lim
 	if info.IsDir() {
 		return nil
 	}
+
 	for _, a := range ag.analyzers {
 		// Skip disabled analyzers
 		if slices.Contains(disabled, a.Type()) {
@@ -313,12 +340,3 @@ func (ag AnalyzerGroup) AnalyzeImageConfig(targetOS types.OS, configBlob []byte)
 	}
 	return nil
 }
-
-func isDisabled(t Type, disabled []Type) bool {
-	for _, d := range disabled {
-		if t == d {
-			return true
-		}
-	}
-	return false
-}
diff --git a/analyzer/analyzer_test.go b/analyzer/analyzer_test.go
@@ -24,7 +24,7 @@ import (
 	_ "github.com/aquasecurity/fanal/analyzer/os/ubuntu"
 	_ "github.com/aquasecurity/fanal/analyzer/pkg/apk"
 	_ "github.com/aquasecurity/fanal/analyzer/repo/apk"
-	_ "github.com/aquasecurity/fanal/hook/all"
+	_ "github.com/aquasecurity/fanal/handler/all"
 )
 
 type mockConfigAnalyzer struct{}

diff --git a/analyzer/config/cloudformation/cloudformation.go b/analyzer/config/cloudformation/cloudformation.go