-
Notifications
You must be signed in to change notification settings - Fork 2.4k
/
Copy pathhelm.go
60 lines (49 loc) · 1.51 KB
/
helm.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
package helm
import (
"os"
"path/filepath"
"strings"
"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
"github.com/aquasecurity/trivy/pkg/fanal/analyzer/config"
"github.com/aquasecurity/trivy/pkg/misconf"
)
const (
analyzerType = analyzer.TypeHelm
version = 1
maxTarSize = 209_715_200 // 200MB
)
var acceptedExts = []string{".tpl", ".json", ".yml", ".yaml", ".tar", ".tgz", ".tar.gz"}
func init() {
analyzer.RegisterPostAnalyzer(analyzerType, newHelmConfigAnalyzer)
}
// helmConfigAnalyzer is an analyzer for detecting misconfigurations in Helm charts.
// It embeds config.Analyzer so it can implement analyzer.PostAnalyzer.
type helmConfigAnalyzer struct {
*config.Analyzer
}
func newHelmConfigAnalyzer(opts analyzer.AnalyzerOptions) (analyzer.PostAnalyzer, error) {
a, err := config.NewAnalyzer(analyzerType, version, misconf.NewHelmScanner, opts)
if err != nil {
return nil, err
}
return &helmConfigAnalyzer{Analyzer: a}, nil
}
// Required overrides config.Analyzer.Required() and checks if the given file is a Helm chart.
func (*helmConfigAnalyzer) Required(filePath string, info os.FileInfo) bool {
if info.Size() > maxTarSize {
// tarball is too big to be Helm chart - move on
return false
}
for _, acceptable := range acceptedExts {
if strings.HasSuffix(strings.ToLower(filePath), acceptable) {
return true
}
}
name := filepath.Base(filePath)
for _, acceptable := range []string{"Chart.yaml", ".helmignore"} {
if strings.EqualFold(name, acceptable) {
return true
}
}
return false
}