A utility library that support Snyk IaC parsing. The two supported types of functionalities are:
- Identify issue path in a cloud config file.
- Parse a serialized string issue path into an array for use with the
getLineNumber()function.
Identifying the issue path in a YAML/JSON/HCL file and returning the relevant line number in order to highlight the relevant line to the users in their files.
It also exposes a customised YAML parser.
This library is being used as part of snyk cloud configuration product.
The library has three main methods:
getTrees- this function receives a fileType and a configuration fileContent and builds the relevant tree (FileStructureTree). An example tree would look like this:
'0': {
nodes: [
{
key: 'apiVersion',
lineLocation: {
columnEnd: 14,
columnStart: 4,
line: 2,
},
values: [...],
{...},
],
'1': {...}
...
},
getLineNumber- this function receives a path (array of strings) , a fileType (YAML/JSON/HCL), and a tree and returns the number of the line which is the closest to the path received. In case that the full path does not exist, the returned line number will correspond to the deepest entry in the path array that was found.
The function issuesToLineNumbers invokes both of them: it will build the tree by parsing the fileContent and then return the lineNumber.
parseFileContent- this function receives the contents of a file and returns the parsed JSON representation of the contents. The file contents can be either YAML or JSON. Note This parser uses a different underlying parser to thegetTreesfunction - the implementation ofgetTreeswill change once we replace theyaml-jsparser with this one.
For the received path:
['spec', 'template', 'spec', 'containers[0]', 'nonExistingResource', 'securityContext', 'capabilities']
It will return the line number of the first element in the containers array (because nonExistingResource does not exist).
For the received path:
['spec', 'template', 'spec', 'containers[0]', 'resources', 'securityContext', 'capabilities']
It will return the line number of 'capabilities'.
Until now, the paths received in the Cloud Config issues were containers[snyky1], where snyky1 was the value of the name property in one of the objects in containers.
We are supporting both containers[snyky1] and containers[0], while the new issues will be in the format of containers[0].
The piece of code that creates the paths is creating elements like containers[0], but in cases of containers[snyky1], it goes over the elements of the array and looks for a sub-element with key: name and value snyky1.
For example:
['input', 'spec', 'template', 'spec', 'containers[0]', 'resources', 'securityContext', 'capabilities']
The input value will be removed and the path we are looking for will be like this:
['spec', 'template', 'spec', 'containers[0]', 'resources', 'securityContext', 'capabilities']
- In the case that the files are JSON or single YAML - the
DocIdwill be0. - In the case of a multi-document file - the
DocIdwill be according to the order of the documents.
Are 1 based!
We are looking for the key in the path and not the value.
For example , drop may have multiple values as an array of strings. We can show drop[0] as the first array of values but not drop['192.168.0.1'].
This parser get an issue path and returns array of it's components.
The parser split by ., unless the object is inside brackets and then it remain it as single object
- Input: foo Output: ['foo']
- Input: foo.bar.baz Output: ['foo', 'bar', 'baz']
- Input: foo_1._bar2.baz3_ Output: ['foo_1', '_bar2', 'baz3_']
- Input: foo.bar[abc].baz Output: ['foo', 'bar[abc]', 'baz']
- Input: foo.bar[abc.def].baz Output: ['foo', 'bar[abc.def]', 'baz']
- Input: foo.bar['abc.def'].baz Output: ['foo', "bar['abc.def']", 'baz']
- Input: foo.bar["abc.def"].baz Output: ['foo', 'bar["abc.def"]', 'baz']
- Input: foo.bar['abc/def'].baz Output: ['foo', "bar['abc/def']", 'baz']