feat(fs): add --max-file-size flag to skip the files greater than a particular size #7304
Conversation
zesiar0
requested review from
simar7,
nikpivkin,
knqyf263 and
DmitriyLewen
as code owners
|
|
|
|
| @@ -74,13 +76,19 @@ type analyzer interface { | |||
| Version() int | |||
| Analyze(ctx context.Context, input AnalysisInput) (*AnalysisResult, error) | |||
| Required(filePath string, info os.FileInfo) bool | |||
| Description() string | |||
There was a problem hiding this comment.
This method is not used anywhere. I think the point is that the description should return a human-readable description of the analyser and be used in generating documentation.
/cc @knqyf263
There was a problem hiding this comment.
Yes, but we can do it in another PR.
There was a problem hiding this comment.
I agree with @knqyf263
Let's move adding of this function to another PR.
| } | ||
|
|
||
| type PostAnalyzer interface { | ||
| Type() Type | ||
| Version() int | ||
| PostAnalyze(ctx context.Context, input PostAnalysisInput) (*AnalysisResult, error) | ||
| Required(filePath string, info os.FileInfo) bool | ||
| Description() string |
pkg/fanal/analyzer/analyzer.go
Outdated
| if _, ok := ag.fileSizes[analyzerType]; !ok { | ||
| return true | ||
| } | ||
| if fileInfo.Size() > ag.fileSizes[analyzerType] { | ||
| return false | ||
| } | ||
| return true |
There was a problem hiding this comment.
| if _, ok := ag.fileSizes[analyzerType]; !ok { | |
| return true | |
| } | |
| if fileInfo.Size() > ag.fileSizes[analyzerType] { | |
| return false | |
| } | |
| return true | |
| maxSize, ok := ag.fileSizes[analyzerType] | |
| if !ok { | |
| return true | |
| } | |
| return fileInfo.Size() <= maxSize |
|
Tests should be added for the new flag, similar to the |
pkg/fanal/analyzer/analyzer.go
Outdated
| @@ -411,6 +435,10 @@ func (ag AnalyzerGroup) AnalyzeFile(ctx context.Context, wg *sync.WaitGroup, lim | |||
| continue | |||
| } | |||
|
|
|||
| if ag.fileSizeMatch(a.Type(), info) { | |||
There was a problem hiding this comment.
Should the condition be inverted?
|
A flag needs to be added when the group is initialised. https://github.com/aquasecurity/trivy/blob/main/pkg/flag/scan_flags.go#L147 |
docs/docs/analyzers/analyzers.md
Outdated
| @@ -0,0 +1,68 @@ | |||
|
|
|||
| ## Analyzers | |||
| Use the following types of analyzers for the [--max-file-size] flags | |||
There was a problem hiding this comment.
| Use the following types of analyzers for the [--max-file-size] flags | |
| Use the following types of analyzers for the [--max-file-size] and [--file-pattern] flags |
pkg/fanal/analyzer/analyzer.go
Outdated
| for _, f := range opts.MaxFileSize { | ||
| // e.g. "jar:5mb secret:5kb" | ||
| s := strings.SplitN(f, separator, 2) | ||
| if len(s) != 2 { | ||
| return group, xerrors.Errorf("invalid max file size (%s) expected format: \"analyzerType:maxFileSize\" e.g. \"jar:5mb secret:5kb\"", f) | ||
| } | ||
|
|
||
| analyzerType := Type(s[0]) | ||
| maxFileSize, err := units.FromHumanSize(s[1]) | ||
| if err != nil { | ||
| return group, xerrors.Errorf("invalid file size (%s): %w", s[1], err) | ||
| } | ||
| group.fileSizes[analyzerType] = maxFileSize | ||
| } |
| @@ -196,14 +203,30 @@ func (f *ScanFlagGroup) ToOptions(args []string) (ScanOptions, error) { | |||
| parallel = runtime.NumCPU() | |||
| } | |||
|
|
|||
| maxFileSize := make(map[analyzer.Type]int64) | |||
| for _, f := range f.MaxFileSize.Value() { | |||
There was a problem hiding this comment.
You should not overwrite a variable that is in use:
| for _, f := range f.MaxFileSize.Value() { | |
| for _, fileSize := range f.MaxFileSize.Value() { |
There was a problem hiding this comment.
You need to add this page to docs.
Update mkdocs.yml for that.
But i am not sure about place for this page.
I think we can add this page to References.
@knqyf263 wdyt?
| @@ -74,13 +76,19 @@ type analyzer interface { | |||
| Version() int | |||
| Analyze(ctx context.Context, input AnalysisInput) (*AnalysisResult, error) | |||
| Required(filePath string, info os.FileInfo) bool | |||
| Description() string | |||
There was a problem hiding this comment.
I agree with @knqyf263
Let's move adding of this function to another PR.
| if tt.args.maxFileSize != nil { | ||
| maxFileSize = tt.args.maxFileSize | ||
| } else { | ||
| maxFileSize = map[analyzer.Type]int64{} | ||
| } |
There was a problem hiding this comment.
| if tt.args.maxFileSize != nil { | |
| maxFileSize = tt.args.maxFileSize | |
| } else { | |
| maxFileSize = map[analyzer.Type]int64{} | |
| } | |
| maxFileSize := map[analyzer.Type]int64{} | |
| if tt.args.maxFileSize != nil { | |
| maxFileSize = tt.args.maxFileSize | |
| } |
| return ScanOptions{}, xerrors.Errorf("invalid max file size (%s) expected format: \"analyzerType:maxFileSize\" e.g. \"jar:5mb secret:5kb\"", f) | ||
| } | ||
|
|
||
| analyzerType := analyzer.Type(s[0]) |
There was a problem hiding this comment.
You added AllAnalyzerTypes.
We can currently check analyzerType
| analyzerType := analyzer.Type(s[0]) | |
| analyzerType := analyzer.Type(s[0]) | |
| if !slices.Contains(analyzer.AllAnalyzerTypes(), analyzerType) { | |
| return ScanOptions{}, xerrors.Errorf("invalid analyzer type %q. See analyzer list in %s", analyzerType, doc.URL("/docs/references/analyzers", "")) | |
| } |
|
This PR is stale because it has been labeled with inactivity. |
github-actions
bot
added
the
lifecycle/stale
DmitriyLewen
removed
the
lifecycle/stale
Description
Related issues