fix(tools): Load tool configs for docker (#84)

* Some tweaks to how tools work; there's no more 'runs_once' field. More importantly, the config load wasn't running for all commands, and the test for which commands to load it on was wrong; docker wasn't on the list. I removed the test, because this is going to get cached anyway before too long. * Pick up new nimutils to pick up all the new implementations for command execution, to test those. * Pick up platform fixes * New nimu * Remove the nimutil bump * Revert printing dump output
crashappsec · Oct 30, 2023 · 0d9ff40 · 0d9ff40
1 parent 1dd895d
commit 0d9ff40
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 18 deletions.
diff --git a/src/configs/chalk.c42spec b/src/configs/chalk.c42spec
@@ -367,13 +367,6 @@ tools that ship with chalk (see `chalk config`) currently respect it
      doc:        "Specifies which kind of tool this is."
    }
 
-   field runs_once {
-     type:       bool
-     default:    true
-     write_lock: true
-     doc:        "Does the tool implementation get invoked per-artifact or per-run?"
-   }
-
    field priority {
      type:     int
      default:  50

diff --git a/src/confload.nim b/src/confload.nim
@@ -187,11 +187,8 @@ proc loadAllConfigs*() =
   stack.addConfLoad(ioConfName, toStream(ioConfig), notEvenDefaults).
         addConfLoad(attestConfName, toStream(attestConfig), checkNone)
 
-  let chalkOps = chalkConfig.getValidChalkCommandNames()
-  if commandName in chalkOps or (commandName == "not_supplied" and
-    chalkConfig.defaultCommand.getOrElse("") in chalkOps):
-    stack.addConfLoad(sbomConfName,   toStream(sbomConfig),   checkNone)
-    stack.addConfLoad(sastConfName,   toStream(sastConfig),   checkNone)
+  stack.addConfLoad(sbomConfName,   toStream(sbomConfig),   checkNone)
+  stack.addConfLoad(sastConfName,   toStream(sastConfig),   checkNone)
 
   stack.addCallback(loadLocalStructs)
   doRun()

diff --git a/src/plugins/externalTool.nim b/src/plugins/externalTool.nim
@@ -93,7 +93,7 @@ proc runOneTool(info: PIInfo, path: string, dict: var ChalkDict): bool =
 
   return info.obj.stopOnSuccess
 
-template toolBase(s: untyped, hostScope: static[bool]) {.dirty.} =
+template toolBase(s: untyped) {.dirty.} =
   result = ChalkDict()
 
   var
@@ -104,9 +104,9 @@ template toolBase(s: untyped, hostScope: static[bool]) {.dirty.} =
     runSast = chalkConfig.getRunSastTools()
 
   for k, v in chalkConfig.tools:
-    if not v.enabled or hostScope != v.runs_once: continue
-    if not runSbom and v.kind == "sbom":          continue
-    if not runSast and v.kind == "sast":          continue
+    if not v.enabled:                    continue
+    if not runSbom and v.kind == "sbom": continue
+    if not runSast and v.kind == "sast": continue
     let priority = v.priority
     if v.kind notin toolInfo:
       toolInfo[v.kind] =  @[(priority, PIInfo(name: k, obj: v))]
@@ -123,11 +123,14 @@ template toolBase(s: untyped, hostScope: static[bool]) {.dirty.} =
   return dict
 
 proc toolGetChalkTimeHostInfo*(self: Plugin): ChalkDict {.cdecl.} =
-  toolBase(getContextDirectories()[0], true)
+  toolBase(getContextDirectories()[0])
 
 proc toolGetChalkTimeArtifactInfo*(self: Plugin, obj: ChalkObj):
                                  ChalkDict {.cdecl.} =
- toolbase(obj.name, false)
+  if obj.fsRef != "":
+    toolbase(obj.fsRef)
+  else:
+    toolbase(obj.name)
 
 proc loadExternalTool*() =
   newPlugin("tool",