Take file extension from uploaded file (#593)

This adds support for scanning yml, json, etc.
Slight security issue here taking file type from caller, but that issue already exists
and I haven't fully evaluated the risk there...

pkg/http-server/file-scan.go

@@ -22,6 +22,7 @@ import (
 	"io/ioutil"
 	"net/http"
 	"os"
+	"path"
 	"strconv"
 	"strings"
 
@@ -63,12 +64,17 @@ func (g *APIHandler) scanFile(w http.ResponseWriter, r *http.Request) {
 	}
 	defer file.Close()
 
+	// fileExtension will include the period. (eg ".yaml")
+	fileExtension := path.Ext(handler.Filename)
+
 	zap.S().Debugf("uploaded file: %+v", handler.Filename)
+	zap.S().Debugf("uploaded file extension: %+v", fileExtension)
 	zap.S().Debugf("file size: %+v", handler.Size)
 	zap.S().Debugf("MIME header: %+v", handler.Header)
 
 	// Create a temporary file within temp directory
-	tempFile, err := ioutil.TempFile("", "terrascan-*.tf")
+	tempFileTemplate := fmt.Sprintf("terrascan-*%s", fileExtension)
+	tempFile, err := ioutil.TempFile("", tempFileTemplate)
 	if err != nil {
 		errMsg := fmt.Sprintf("failed to create temp file. error: '%v'", err)
 		zap.S().Error(errMsg)

pkg/http-server/file-scan_test.go

@@ -233,6 +233,22 @@ func TestUpload(t *testing.T) {
 			invalidShowPassed: true,
 			wantStatus:        http.StatusBadRequest,
 		},
+		{
+			name:       "scan valid kubernetes yaml",
+			path:       "../iac-providers/kubernetes/v1/testdata/yaml-extension2/test_pod.yml",
+			param:      testParamName,
+			iacType:    "k8s",
+			cloudType:  testCloudType,
+			wantStatus: http.StatusOK,
+		},
+		{
+			name:       "scan valid tfplan json",
+			path:       "../iac-providers/tfplan/v1/testdata/valid-tfplan.json",
+			param:      testParamName,
+			iacType:    "tfplan",
+			cloudType:  testCloudType,
+			wantStatus: http.StatusOK,
+		},
 	}
 
 	for _, tt := range table {