github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/fanal/analyzer/config/helm/helm.go (about) 1 package helm 2 3 import ( 4 "os" 5 "path/filepath" 6 "strings" 7 8 "github.com/devseccon/trivy/pkg/fanal/analyzer" 9 "github.com/devseccon/trivy/pkg/fanal/analyzer/config" 10 "github.com/devseccon/trivy/pkg/misconf" 11 ) 12 13 const ( 14 analyzerType = analyzer.TypeHelm 15 version = 1 16 maxTarSize = 209_715_200 // 200MB 17 ) 18 19 var acceptedExts = []string{".tpl", ".json", ".yml", ".yaml", ".tar", ".tgz", ".tar.gz"} 20 21 func init() { 22 analyzer.RegisterPostAnalyzer(analyzerType, newHelmConfigAnalyzer) 23 } 24 25 // helmConfigAnalyzer is an analyzer for detecting misconfigurations in Helm charts. 26 // It embeds config.Analyzer so it can implement analyzer.PostAnalyzer. 27 type helmConfigAnalyzer struct { 28 *config.Analyzer 29 } 30 31 func newHelmConfigAnalyzer(opts analyzer.AnalyzerOptions) (analyzer.PostAnalyzer, error) { 32 a, err := config.NewAnalyzer(analyzerType, version, misconf.NewHelmScanner, opts) 33 if err != nil { 34 return nil, err 35 } 36 return &helmConfigAnalyzer{Analyzer: a}, nil 37 } 38 39 // Required overrides config.Analyzer.Required() and checks if the given file is a Helm chart. 40 func (*helmConfigAnalyzer) Required(filePath string, info os.FileInfo) bool { 41 if info.Size() > maxTarSize { 42 // tarball is too big to be Helm chart - move on 43 return false 44 } 45 46 for _, acceptable := range acceptedExts { 47 if strings.HasSuffix(strings.ToLower(filePath), acceptable) { 48 return true 49 } 50 } 51 52 name := filepath.Base(filePath) 53 for _, acceptable := range []string{"Chart.yaml", ".helmignore"} { 54 if strings.EqualFold(name, acceptable) { 55 return true 56 } 57 } 58 59 return false 60 }