/
parser.go
151 lines (129 loc) · 3.48 KB
/
parser.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
package parser
import (
"context"
"fmt"
"io"
"io/fs"
"path/filepath"
"strings"
"github.com/aquasecurity/defsec/pkg/debug"
"github.com/aquasecurity/defsec/pkg/detection"
"github.com/aquasecurity/defsec/pkg/providers/dockerfile"
"github.com/aquasecurity/defsec/pkg/scanners/options"
"github.com/moby/buildkit/frontend/dockerfile/instructions"
"github.com/moby/buildkit/frontend/dockerfile/parser"
)
var _ options.ConfigurableParser = (*Parser)(nil)
type Parser struct {
debug debug.Logger
skipRequired bool
}
func (p *Parser) SetDebugWriter(writer io.Writer) {
p.debug = debug.New(writer, "dockerfile", "parser")
}
func (p *Parser) SetSkipRequiredCheck(b bool) {
p.skipRequired = b
}
// New creates a new Dockerfile parser
func New(options ...options.ParserOption) *Parser {
p := &Parser{}
for _, option := range options {
option(p)
}
return p
}
func (p *Parser) ParseFS(ctx context.Context, target fs.FS, path string) (map[string]*dockerfile.Dockerfile, error) {
files := make(map[string]*dockerfile.Dockerfile)
if err := fs.WalkDir(target, filepath.ToSlash(path), func(path string, entry fs.DirEntry, err error) error {
select {
case <-ctx.Done():
return ctx.Err()
default:
}
if err != nil {
return err
}
if entry.IsDir() {
return nil
}
if !p.Required(path) {
return nil
}
df, err := p.ParseFile(ctx, target, path)
if err != nil {
// TODO add debug for parse errors
return nil
}
files[path] = df
return nil
}); err != nil {
return nil, err
}
return files, nil
}
// ParseFile parses Dockerfile content from the provided filesystem path.
func (p *Parser) ParseFile(_ context.Context, fs fs.FS, path string) (*dockerfile.Dockerfile, error) {
f, err := fs.Open(filepath.ToSlash(path))
if err != nil {
return nil, err
}
defer func() { _ = f.Close() }()
return p.parse(path, f)
}
func (p *Parser) Required(path string) bool {
if p.skipRequired {
return true
}
return detection.IsType(path, nil, detection.FileTypeDockerfile)
}
func (p *Parser) parse(path string, r io.Reader) (*dockerfile.Dockerfile, error) {
parsed, err := parser.Parse(r)
if err != nil {
return nil, fmt.Errorf("dockerfile parse error: %w", err)
}
var parsedFile dockerfile.Dockerfile
var stage dockerfile.Stage
var stageIndex int
fromValue := "args"
for _, child := range parsed.AST.Children {
child.Value = strings.ToLower(child.Value)
instr, err := instructions.ParseInstruction(child)
if err != nil {
return nil, fmt.Errorf("process dockerfile instructions: %w", err)
}
if _, ok := instr.(*instructions.Stage); ok {
if len(stage.Commands) > 0 {
parsedFile.Stages = append(parsedFile.Stages, stage)
}
if fromValue != "args" {
stageIndex++
}
fromValue = strings.TrimSpace(strings.TrimPrefix(child.Original, "FROM "))
stage = dockerfile.Stage{
Name: fromValue,
}
}
cmd := dockerfile.Command{
Cmd: child.Value,
Original: child.Original,
Flags: child.Flags,
Stage: stageIndex,
Path: path,
StartLine: child.StartLine,
EndLine: child.EndLine,
}
if child.Next != nil && len(child.Next.Children) > 0 {
cmd.SubCmd = child.Next.Children[0].Value
child = child.Next.Children[0]
}
cmd.JSON = child.Attributes["json"]
for n := child.Next; n != nil; n = n.Next {
cmd.Value = append(cmd.Value, n.Value)
}
stage.Commands = append(stage.Commands, cmd)
}
if len(stage.Commands) > 0 {
parsedFile.Stages = append(parsedFile.Stages, stage)
}
return &parsedFile, nil
}