analyze

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 25, 2024 License: GPL-3.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var Command = &cobra.Command{
	Use:   "analyze",
	Short: "Analyze an image for secrets",
	Long:  `Analyze an image for secrets, either statically or dynamically.`,
	PersistentPreRun: func(cmd *cobra.Command, args []string) {
		var (
			cfg  config.File
			spnr *spinner.Spinner
			ctx  = context.Background()
		)

		imageName, _ := cmd.Flags().GetString("image")

		spnr = logging.StartSpinner("parsing configuration...")
		err := viper.Unmarshal(&cfg)

		logrus.Infof("parsing regular expression detection configuration")
		staticRules, invalidStaticRules := secrets.ParseStaticRules(cfg.StaticRules)
		dynamicRules, invalidDynamicRules := secrets.ParseDynamicRules(cfg.DynamicRules)

		logging.FinishSpinnerWithError(spnr, err)
		for _, iR := range invalidStaticRules {
			logrus.Errorf("invalid static rule 'pattern: %s'", iR.Pattern)
		}
		for _, iR := range invalidDynamicRules {
			logrus.Errorf("invalid dynamic rule 'pattern: %s, file: %s'", iR.Pattern, iR.FilePattern)
		}
		if len(invalidStaticRules) > 0 || len(invalidDynamicRules) > 0 {
			if !cfg.IgnoreInvalidRules {
				logging.Fatal("invalid rules found, exiting due to flag `ignore-invalid` not set")
			}
		}

		detector := secrets.NewDetector(
			secrets.Opts{
				UseDefaultStaticRules:  !cfg.ExcludeDefaultStaticRules,
				UseDefaultDynamicRules: !cfg.ExcludeDefaultDynamicRules,
			},
			staticRules,
			dynamicRules,
		)
		ctx = context.WithValue(ctx, detectorContextKey, detector)

		spnr = logging.StartSpinner("connecting to docker daemon...")
		i, err := image.NewImage(imageName)
		logging.FinishSpinnerWithError(spnr, err)

		if pull, _ := cmd.Flags().GetBool("pull"); pull {
			spnr = logging.StartSpinner("pulling image from remote")
			err = i.Pull()
			logging.FinishSpinnerWithError(spnr, err)
		}
		ctx = context.WithValue(ctx, imageContextKey, i)
		cmd.SetContext(ctx)
	},

	PersistentPostRun: func(cmd *cobra.Command, args []string) {

		ctx := cmd.Context()

		findings, ok := ctx.Value(findingsContextKey).([]analysis.Finding)
		if !ok {
			logging.Fatal(errorMsgFmt, "error parsing findings from context")
		}

		var formatter analysis.Formatter
		switch format, _ := cmd.Flags().GetString("output"); format {
		case "json":
			formatter = analysis.JSONFormatter
		default:
			formatter = analysis.DefaultFormatter
		}

		if len(findings) == 0 {
			logging.Header("no secret strings found", logging.H1)
		} else {
			logging.Header(fmt.Sprintf("%d secrets found", len(findings)), logging.H1)
		}
		output, err := formatter(findings)
		if err != nil {
			logrus.Errorf("error formatting findings: %s", err)
			logging.Fatal(errorMsgFmt, "error formatting findings")
		}
		fmt.Println(output)
	},
}

Functions

This section is empty.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.