github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/fanal/analyzer/config/dockerfile/docker.go (about) 1 package dockerfile 2 3 import ( 4 "os" 5 "path/filepath" 6 "strings" 7 8 "github.com/devseccon/trivy/pkg/fanal/analyzer" 9 "github.com/devseccon/trivy/pkg/fanal/analyzer/config" 10 "github.com/devseccon/trivy/pkg/misconf" 11 ) 12 13 const ( 14 version = 1 15 analyzerType = analyzer.TypeDockerfile 16 ) 17 18 var requiredFiles = []string{"Dockerfile", "Containerfile"} 19 20 func init() { 21 analyzer.RegisterPostAnalyzer(analyzerType, newDockerfileConfigAnalyzer) 22 } 23 24 // dockerConfigAnalyzer is an analyzer for detecting misconfigurations in Dockerfiles. 25 // It embeds config.Analyzer so it can implement analyzer.PostAnalyzer. 26 type dockerConfigAnalyzer struct { 27 *config.Analyzer 28 } 29 30 func newDockerfileConfigAnalyzer(opts analyzer.AnalyzerOptions) (analyzer.PostAnalyzer, error) { 31 a, err := config.NewAnalyzer(analyzerType, version, misconf.NewDockerfileScanner, opts) 32 if err != nil { 33 return nil, err 34 } 35 return &dockerConfigAnalyzer{Analyzer: a}, nil 36 } 37 38 // Required does a case-insensitive check for filePath and returns true if 39 // filePath equals/startsWith/hasExtension requiredFiles 40 // It overrides config.Analyzer.Required(). 41 func (a *dockerConfigAnalyzer) Required(filePath string, _ os.FileInfo) bool { 42 base := filepath.Base(filePath) 43 ext := filepath.Ext(base) 44 for _, file := range requiredFiles { 45 if strings.EqualFold(base, file+ext) { 46 return true 47 } 48 if strings.EqualFold(ext, "."+file) { 49 return true 50 } 51 } 52 53 return false 54 }