MCPcopy
hub / github.com/aquasecurity/trivy / Analyze

Method Analyze

pkg/fanal/analyzer/secret/secret.go:77–118  ·  view source on GitHub ↗
(_ context.Context, input analyzer.AnalysisInput)

Source from the content-addressed store, hash-verified

75}
76
77func (a *SecretAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInput) (*analyzer.AnalysisResult, error) {
78 // Do not scan binaries
79 binary, err := utils.IsBinary(input.Content, input.Info.Size())
80 if err != nil || (binary && !allowedBinary(input.FilePath)) {
81 return nil, nil
82 }
83
84 if size := input.Info.Size(); size > 10485760 { // 10MB
85 log.WithPrefix("secret").Warn("The size of the scanned file is too large. It is recommended to use `--skip-files` for this file to avoid high memory consumption.", log.FilePath(input.FilePath), log.Int64("size (MB)", size/1048576))
86 }
87
88 filePath := input.FilePath
89 // Files extracted from the image have an empty input.Dir.
90 // Also, paths to these files do not have "/" prefix.
91 // We need to add a "/" prefix to properly filter paths from the config file.
92 if input.Dir == "" { // add leading `/` for files extracted from image
93 filePath = fmt.Sprintf("/%s", filePath)
94 }
95
96 reader := input.Content
97 if binary {
98 content, err := utils.ExtractPrintableBytes(input.Content)
99 if err != nil {
100 return nil, xerrors.Errorf("binary read error %s: %w", input.FilePath, err)
101 }
102 reader = bytes.NewReader(content)
103 }
104
105 result := a.scanner.Scan(secret.ScanArgs{
106 FilePath: filePath,
107 Content: reader,
108 Binary: binary,
109 })
110
111 if len(result.Findings) == 0 {
112 return nil, nil
113 }
114
115 return &analyzer.AnalysisResult{
116 Secrets: []types.Secret{result},
117 }, nil
118}
119
120func (a *SecretAnalyzer) Required(filePath string, fi os.FileInfo) bool {
121 if fi.Size() < 10 {

Callers 1

TestSecretAnalyzerFunction · 0.95

Calls 8

IsBinaryFunction · 0.92
WithPrefixFunction · 0.92
FilePathFunction · 0.92
ExtractPrintableBytesFunction · 0.92
allowedBinaryFunction · 0.85
SizeMethod · 0.65
NewReaderMethod · 0.65
ScanMethod · 0.65

Tested by 1

TestSecretAnalyzerFunction · 0.76