feat: Export functions for trivy plugin (#3204)

aquasecurity · Nov 22, 2022 · 604a73d · 604a73d
1 parent 7594b1f
commit 604a73d
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 6 deletions.
diff --git a/pkg/fanal/analyzer/language/nodejs/yarn/yarn_test.go b/pkg/fanal/analyzer/language/nodejs/yarn/yarn_test.go
@@ -2,12 +2,13 @@ package yarn
 
 import (
 	"context"
+	"os"
+	"testing"
+
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"os"
-	"testing"
 )
 
 func Test_yarnLibraryAnalyzer_Analyze(t *testing.T) {

diff --git a/pkg/fanal/handler/misconf/misconf.go b/pkg/fanal/handler/misconf/misconf.go
@@ -293,7 +293,7 @@ func (h misconfPostHandler) Handle(ctx context.Context, result *analyzer.Analysi
 			return xerrors.Errorf("scan config error: %w", err)
 		}
 
-		misconfs = append(misconfs, resultsToMisconf(t, scanner.Name(), results)...)
+		misconfs = append(misconfs, ResultsToMisconf(t, scanner.Name(), results)...)
 	}
 
 	// Add misconfigurations
@@ -335,7 +335,8 @@ func (h misconfPostHandler) Priority() int {
 	return types.MisconfPostHandlerPriority
 }
 
-func resultsToMisconf(configType string, scannerName string, results scan.Results) []types.Misconfiguration {
+// This function is exported for trivy-plugin-aqua purposes only
+func ResultsToMisconf(configType string, scannerName string, results scan.Results) []types.Misconfiguration {
 	misconfs := map[string]types.Misconfiguration{}
 
 	for _, result := range results {

diff --git a/pkg/fanal/secret/builtin-rules.go b/pkg/fanal/secret/builtin-rules.go
@@ -3,6 +3,9 @@ package secret
 import (
 	"fmt"
 
+	"github.com/samber/lo"
+
+	defsecRules "github.com/aquasecurity/defsec/pkg/rules"
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
 )
 
@@ -76,6 +79,16 @@ const (
 	aws = `(aws)?_?`
 )
 
+// This function is exported for trivy-plugin-aqua purposes only
+func GetSecretRulesMetadata() []defsecRules.Check {
+	return lo.Map(builtinRules, func(rule Rule, i int) defsecRules.Check {
+		return defsecRules.Check{
+			Name:        rule.ID,
+			Description: rule.Title,
+		}
+	})
+}
+
 var builtinRules = []Rule{
 	{
 		ID:              "aws-access-key-id",

diff --git a/pkg/scanner/local/scan.go b/pkg/scanner/local/scan.go
@@ -134,7 +134,7 @@ func (s Scanner) Scan(ctx context.Context, target, artifactKey string, blobKeys
 
 	// Scan IaC config files
 	if ShouldScanMisconfigOrRbac(options.SecurityChecks) {
-		configResults := s.misconfsToResults(artifactDetail.Misconfigurations)
+		configResults := s.MisconfsToResults(artifactDetail.Misconfigurations)
 		results = append(results, configResults...)
 	}
 
@@ -334,7 +334,8 @@ func (s Scanner) fillPkgsInVulns(pkgResults, vulnResults types.Results) types.Re
 	return results
 }
 
-func (s Scanner) misconfsToResults(misconfs []ftypes.Misconfiguration) types.Results {
+// This function is exported for trivy-plugin-aqua purposes only
+func (s Scanner) MisconfsToResults(misconfs []ftypes.Misconfiguration) types.Results {
 	log.Logger.Infof("Detected config files: %d", len(misconfs))
 	var results types.Results
 	for _, misconf := range misconfs {