| 75 | } |
| 76 | |
| 77 | func (a *SecretAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInput) (*analyzer.AnalysisResult, error) { |
| 78 | // Do not scan binaries |
| 79 | binary, err := utils.IsBinary(input.Content, input.Info.Size()) |
| 80 | if err != nil || (binary && !allowedBinary(input.FilePath)) { |
| 81 | return nil, nil |
| 82 | } |
| 83 | |
| 84 | if size := input.Info.Size(); size > 10485760 { // 10MB |
| 85 | log.WithPrefix("secret").Warn("The size of the scanned file is too large. It is recommended to use `--skip-files` for this file to avoid high memory consumption.", log.FilePath(input.FilePath), log.Int64("size (MB)", size/1048576)) |
| 86 | } |
| 87 | |
| 88 | filePath := input.FilePath |
| 89 | // Files extracted from the image have an empty input.Dir. |
| 90 | // Also, paths to these files do not have "/" prefix. |
| 91 | // We need to add a "/" prefix to properly filter paths from the config file. |
| 92 | if input.Dir == "" { // add leading `/` for files extracted from image |
| 93 | filePath = fmt.Sprintf("/%s", filePath) |
| 94 | } |
| 95 | |
| 96 | reader := input.Content |
| 97 | if binary { |
| 98 | content, err := utils.ExtractPrintableBytes(input.Content) |
| 99 | if err != nil { |
| 100 | return nil, xerrors.Errorf("binary read error %s: %w", input.FilePath, err) |
| 101 | } |
| 102 | reader = bytes.NewReader(content) |
| 103 | } |
| 104 | |
| 105 | result := a.scanner.Scan(secret.ScanArgs{ |
| 106 | FilePath: filePath, |
| 107 | Content: reader, |
| 108 | Binary: binary, |
| 109 | }) |
| 110 | |
| 111 | if len(result.Findings) == 0 { |
| 112 | return nil, nil |
| 113 | } |
| 114 | |
| 115 | return &analyzer.AnalysisResult{ |
| 116 | Secrets: []types.Secret{result}, |
| 117 | }, nil |
| 118 | } |
| 119 | |
| 120 | func (a *SecretAnalyzer) Required(filePath string, fi os.FileInfo) bool { |
| 121 | if fi.Size() < 10 { |