deepfence · fengshunli · Mar 2, 2023
diff --git a/core/config.go b/core/config.go
@@ -120,7 +120,7 @@ func getDefaultConfig() (*Config, error) {
 
 func loadConfigFile(configPath string) (*Config, error) {
 	var (
-		config *Config = &Config{}
+		config = &Config{}
 		data   []byte
 		err    error
 	)

diff --git a/core/lock.go b/core/lock.go
@@ -25,7 +25,7 @@ func getBootId() ([]byte, error) {
 	return bootId, nil
 }
 
-// Acquires a shared lock on the file.
+// LockFile Acquires a shared lock on the file.
 func (f *Flock) LockFile() error {
 	f.m.Lock()
 	defer f.m.Unlock()
@@ -51,7 +51,7 @@ func (f *Flock) LockFile() error {
 	return nil
 }
 
-// Releases the lock on the file.
+// UnlockFile Releases the lock on the file.
 func (f *Flock) UnlockFile() error {
 	f.m.Lock()
 	defer f.m.Unlock()

diff --git a/core/match.go b/core/match.go
@@ -19,7 +19,6 @@ func NewMatchFile(path string) MatchFile {
 	path = filepath.ToSlash(path)
 	_, filename := filepath.Split(path)
 	extension := filepath.Ext(path)
-	// contents, _ := ioutil.ReadFile(path)
 
 	return MatchFile{
 		Path:      path,
@@ -29,7 +28,7 @@ func NewMatchFile(path string) MatchFile {
 	}
 }
 
-// IsSkippableFile Checks if the path is blacklisted
+// IsSkippableDir Checks if the path is blacklisted
 func IsSkippableDir(path string, baseDir string) bool {
 	hostMountPath := *session.Options.HostMountPath
 	if hostMountPath != "" {
@@ -92,8 +91,8 @@ func ContainsBlacklistedString(input []byte) bool {
 	return false
 }
 
-//// GetMatchingFiles Return the list of all applicable files inside the given directory for scanning
-//func GetMatchingFiles(dir string, baseDir string) (*bytes.Buffer, *bytes.Buffer, error) {
+// // GetMatchingFiles Return the list of all applicable files inside the given directory for scanning
+// func GetMatchingFiles(dir string, baseDir string) (*bytes.Buffer, *bytes.Buffer, error) {
 //	findCmd := "find " + dir
 //	for _, skippableExt := range session.Config.BlacklistedExtensions {
 //		findCmd += " -not -name \"*" + skippableExt + "\""
@@ -110,7 +109,7 @@ func ContainsBlacklistedString(input []byte) bool {
 //	GetSession().Log.Info("find command: %s", findCmd)
 //
 //	return ExecuteCommand(findCmd)
-//}
+// }
 
 // UpdateDirsPermissionsRW Update permissions for dirs in container images, so that they can be properly deleted
 func UpdateDirsPermissionsRW(dir string) {

diff --git a/core/session.go b/core/session.go
@@ -27,7 +27,7 @@ var (
 )
 
 func (s *Session) Start() {
-	rand.Seed(time.Now().Unix())
+	rand.New(rand.NewSource(time.Now().Unix()))
 
 	s.InitLogger()
 	s.InitThreads()

diff --git a/core/util.go b/core/util.go
@@ -85,9 +85,9 @@ func GetTmpDir(imageName string) (string, error) {
 	dir := *session.Options.TempDirectory
 	tempPath := filepath.Join(dir, "Deepfence", TempDirSuffix, scanId)
 
-	//if runtime.GOOS == "windows" {
+	// if runtime.GOOS == "windows" {
 	//	tempPath = dir + "\temp\Deepfence\SecretScanning\df_" + scanId
-	//}
+	// }
 
 	completeTempPath := path.Join(tempPath, ExtractedImageFilesDir)
 

diff --git a/signature/hs_pattens.go b/signature/hs_pattens.go
@@ -9,6 +9,7 @@ import (
 
 // Build hyperscan Databases for matching different parts in the beginning
 // This can be used for repeated scanning
+
 func BuildHsDb() {
 	for _, part := range []string{ContentsPart, FilenamePart, PathPart, ExtPart} {
 		core.GetSession().Log.Info("Creating hyperscan database for %s", part)
@@ -27,6 +28,7 @@ func BuildHsDb() {
 // @returns
 // []*hyperscan.Pattern - List of hyperscan patterns
 // error - Errors if any. Otherwise, returns nil
+
 func CreateHsPatterns(part string) ([]*hyperscan.Pattern, error) {
 	var hsPatterns []*hyperscan.Pattern
 
@@ -56,6 +58,7 @@ func CreateHsPatterns(part string) ([]*hyperscan.Pattern, error) {
 // hsPatterns -  List of hyperscan patterns
 // @returns
 // BlockDatabase - Hyperscan database for the given list of patterns
+
 func CreateHsDb(hsPatterns []*hyperscan.Pattern) hyperscan.BlockDatabase {
 	hyperscanBlockDb, err := hyperscan.NewBlockDatabase(hsPatterns...)
 	if err != nil {
@@ -71,6 +74,7 @@ func CreateHsDb(hsPatterns []*hyperscan.Pattern) hyperscan.BlockDatabase {
 // hsIOData - Metadata containing the contents being matched, filename, layerID etc.
 // @returns
 // Error - Errors if any. Otherwise, returns nil
+
 func RunHyperscan(hyperscanBlockDb hyperscan.BlockDatabase, hsIOData HsInputOutputData) error {
 	hyperscanScratch, err := hyperscan.NewScratch(hyperscanBlockDb)
 	if err != nil {

diff --git a/signature/signatures.go b/signature/signatures.go
@@ -28,6 +28,7 @@ const (
 )
 
 // Data structure for passing inputs and getting outputs for hyperscan
+
 type HsInputOutputData struct {
 	inputData []byte
 	// Avoids extra memory during blacklist comparison, reduces memory pressure
@@ -64,6 +65,7 @@ func init() {
 // layerID - layer ID of this file in the container image
 // @returns
 // []output.SecretFound - List of all secrets found
+
 func MatchSimpleSignatures(path string, filename string, extension string, layerID string, numSecrets *uint) []output.SecretFound {
 	var tempSecretsFound []output.SecretFound
 	var matchingPart string
@@ -99,6 +101,7 @@ func MatchSimpleSignatures(path string, filename string, extension string, layer
 // @returns
 // []output.SecretFound - List of all secrets found
 // Error - Errors if any. Otherwise, returns nil
+
 func MatchPatternSignatures(contents []byte, path string, filename string, extension string, layerID string,
 	numSecrets *uint, matchedRuleSet map[uint]uint) ([]output.SecretFound, error) {
 	var tempSecretsFound []output.SecretFound
@@ -152,6 +155,7 @@ func MatchPatternSignatures(contents []byte, path string, filename string, exten
 // store them in appropriate maps
 // @parameters
 // configSignatures - Extracted patterns from signature config file
+
 func ProcessSignatures(configSignatures []core.ConfigSignature) {
 	var simpleContentSignatures []core.ConfigSignature
 	var simpleExtSignatures []core.ConfigSignature
@@ -418,7 +422,7 @@ func printMatchedSignatures(sid int, from, to int, hsIOData HsInputOutputData) (
 	}
 
 	coloredMatch := fmt.Sprintf("%s%s%s\n", inputData[start:from], color.RedString(string(inputData[from:to])), inputData[to:end])
-	//core.GetSession().Log.Info("%s%s%s\n", inputData[start:from], color.RedString(string(inputData[from:to])), inputData[to:end])
+	// core.GetSession().Log.Info("%s%s%s\n", inputData[start:from], color.RedString(string(inputData[from:to])), inputData[to:end])
 	core.GetSession().Log.Info(coloredMatch)
 
 	secret := output.SecretFound{
@@ -474,6 +478,7 @@ func calculateSeverity(inputMatch []byte, severity string, severityScore float64
 }
 
 // Find min of 2 int values
+
 func Min(value_0, value_1 int) int {
 	if value_0 < value_1 {
 		return value_0
@@ -482,6 +487,7 @@ func Min(value_0, value_1 int) int {
 }
 
 // Find max of 2 int values
+
 func Max(value_0, value_1 int) int {
 	if value_0 > value_1 {
 		return value_0