/
fs.go
103 lines (88 loc) · 3.01 KB
/
fs.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
package analyzer
import (
"errors"
"io"
"io/fs"
"os"
"path"
"golang.org/x/xerrors"
"github.com/aquasecurity/trivy/pkg/mapfs"
"github.com/aquasecurity/trivy/pkg/x/sync"
)
// CompositeFS contains multiple filesystems for post-analyzers
type CompositeFS struct {
group AnalyzerGroup
dir string
files *sync.Map[Type, *mapfs.FS]
}
func NewCompositeFS(group AnalyzerGroup) (*CompositeFS, error) {
tmpDir, err := os.MkdirTemp("", "analyzer-fs-*")
if err != nil {
return nil, xerrors.Errorf("unable to create temporary directory: %w", err)
}
return &CompositeFS{
group: group,
dir: tmpDir,
files: new(sync.Map[Type, *mapfs.FS]),
}, nil
}
// CopyFileToTemp takes a file path and information, opens the file, copies its contents to a temporary file
func (c *CompositeFS) CopyFileToTemp(opener Opener, info os.FileInfo) (string, error) {
// Create a temporary file to which the file in the layer will be copied
// so that all the files will not be loaded into memory
f, err := os.CreateTemp(c.dir, "file-*")
if err != nil {
return "", xerrors.Errorf("create temp error: %w", err)
}
defer f.Close()
// Open a file in the layer
r, err := opener()
if err != nil {
return "", xerrors.Errorf("file open error: %w", err)
}
defer r.Close()
// Copy file content into the temporary file
if _, err = io.Copy(f, r); err != nil {
return "", xerrors.Errorf("copy error: %w", err)
}
// Use 0600 instead of file permissions to avoid errors when a file uses incorrect permissions (e.g. 0044).
if err = os.Chmod(f.Name(), 0600); err != nil {
return "", xerrors.Errorf("chmod error: %w", err)
}
return f.Name(), nil
}
// CreateLink creates a link in the virtual filesystem that corresponds to a real file.
// The linked virtual file will have the same path as the real file path provided.
func (c *CompositeFS) CreateLink(analyzerTypes []Type, rootDir, virtualPath, realPath string) error {
// Create fs.FS for each post-analyzer that wants to analyze the current file
for _, t := range analyzerTypes {
// Since filesystem scanning may require access outside the specified path, (e.g. Terraform modules)
// it allows "../" access with "WithUnderlyingRoot".
var opts []mapfs.Option
if rootDir != "" {
opts = append(opts, mapfs.WithUnderlyingRoot(rootDir))
}
mfs, _ := c.files.LoadOrStore(t, mapfs.New(opts...))
if d := path.Dir(virtualPath); d != "." {
if err := mfs.MkdirAll(d, os.ModePerm); err != nil && !errors.Is(err, fs.ErrExist) {
return xerrors.Errorf("mapfs mkdir error: %w", err)
}
}
if err := mfs.WriteFile(virtualPath, realPath); err != nil {
return xerrors.Errorf("mapfs write error: %w", err)
}
}
return nil
}
// Set sets the fs.FS for the specified post-analyzer
func (c *CompositeFS) Set(t Type, mfs *mapfs.FS) {
c.files.Store(t, mfs)
}
// Get returns the fs.FS for the specified post-analyzer
func (c *CompositeFS) Get(t Type) (*mapfs.FS, bool) {
return c.files.Load(t)
}
// Cleanup removes the temporary directory
func (c *CompositeFS) Cleanup() error {
return os.RemoveAll(c.dir)
}