gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 15:50:15 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix(misconf): do not log scanners when misconfig scanning is disabled [backport: release/v0.59] (#8349)

Browse Source 
Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
Co-authored-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
This commit is contained in:
Aqua Security automated builds
2025-02-04 04:27:18 -07:00
committed by GitHub
parent 98f9ba295a
commit 412c690924
1 changed files with 15 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
pkg/commands/artifact/run.go
View File

@@ -418,7 +418,6 @@ func disabledAnalyzers(opts flag.Options) []analyzer.Type {
// Specified analyzers to be disabled depending on scanning modes // Specified analyzers to be disabled depending on scanning modes
// e.g. The 'image' subcommand should disable the lock file scanning. // e.g. The 'image' subcommand should disable the lock file scanning.
analyzers := opts.DisabledAnalyzers analyzers := opts.DisabledAnalyzers
// It doesn't analyze apk commands by default. // It doesn't analyze apk commands by default.
if !opts.ScanRemovedPkgs { if !opts.ScanRemovedPkgs {
analyzers = append(analyzers, analyzer.TypeApkCommand) analyzers = append(analyzers, analyzer.TypeApkCommand)
@@ -434,18 +433,16 @@ func disabledAnalyzers(opts flag.Options) []analyzer.Type {
analyzers = append(analyzers, analyzer.TypeSecret) analyzers = append(analyzers, analyzer.TypeSecret)
} }
// Filter only enabled misconfiguration scanners
ma, err := filterMisconfigAnalyzers(opts.MisconfigScanners, analyzer.TypeConfigFiles)
if err != nil {
log.Error("Invalid misconfiguration scanners specified, defaulting to use all misconfig scanners",
log.Any("scanners", opts.MisconfigScanners))
} else {
analyzers = append(analyzers, ma...)
}
// Do not perform misconfiguration scanning when it is not specified. // Do not perform misconfiguration scanning when it is not specified.
if !opts.Scanners.AnyEnabled(types.MisconfigScanner, types.RBACScanner) { if !opts.Scanners.AnyEnabled(types.MisconfigScanner, types.RBACScanner) {
analyzers = append(analyzers, analyzer.TypeConfigFiles...) analyzers = append(analyzers, analyzer.TypeConfigFiles...)
} else {
// Filter only enabled misconfiguration scanners
ma := disabledMisconfigAnalyzers(opts.MisconfigScanners)
analyzers = append(analyzers, ma...)
log.Debug("Enabling misconfiguration scanners",
log.Any("scanners", lo.Without(analyzer.TypeConfigFiles, ma...)))
} }
// Scanning file headers and license files is expensive. // Scanning file headers and license files is expensive.
@@ -482,14 +479,17 @@ func disabledAnalyzers(opts flag.Options) []analyzer.Type {
return analyzers return analyzers
} }
func filterMisconfigAnalyzers(included, all []analyzer.Type) ([]analyzer.Type, error) { func disabledMisconfigAnalyzers(included []analyzer.Type) []analyzer.Type {
_, missing := lo.Difference(all, included) _, missing := lo.Difference(analyzer.TypeConfigFiles, included)
if len(missing) > 0 { if len(missing) > 0 {
return nil, xerrors.Errorf("invalid misconfiguration scanner specified %s valid scanners: %s", missing, all) log.Error(
"Invalid misconfiguration scanners provided, using default scanners",
log.Any("invalid_scanners", missing), log.Any("default_scanners", analyzer.TypeConfigFiles),
)
return nil
} }
log.Debug("Enabling misconfiguration scanners", log.Any("scanners", included)) return lo.Without(analyzer.TypeConfigFiles, included...)
return lo.Without(all, included...), nil
} }
func (r *runner) initScannerConfig(ctx context.Context, opts flag.Options) (ScannerConfig, types.ScanOptions, error) { func (r *runner) initScannerConfig(ctx context.Context, opts flag.Options) (ScannerConfig, types.ScanOptions, error) {