github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/fanal/analyzer/config/terraform/terraform.go

github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/fanal/analyzer/config/terraform/terraform.go (about)

     1  package terraform
     2  
     3  import (
     4  	"os"
     5  
     6  	"github.com/aquasecurity/trivy-iac/pkg/detection"
     7  	"github.com/devseccon/trivy/pkg/fanal/analyzer"
     8  	"github.com/devseccon/trivy/pkg/fanal/analyzer/config"
     9  	"github.com/devseccon/trivy/pkg/misconf"
    10  )
    11  
    12  const (
    13  	analyzerType = analyzer.TypeTerraform
    14  	version      = 1
    15  )
    16  
    17  func init() {
    18  	analyzer.RegisterPostAnalyzer(analyzerType, newTerraformConfigAnalyzer)
    19  }
    20  
    21  // terraformConfigAnalyzer is an analyzer for detecting misconfigurations in Terraform files.
    22  // It embeds config.Analyzer so it can implement analyzer.PostAnalyzer.
    23  type terraformConfigAnalyzer struct {
    24  	*config.Analyzer
    25  }
    26  
    27  func newTerraformConfigAnalyzer(opts analyzer.AnalyzerOptions) (analyzer.PostAnalyzer, error) {
    28  	a, err := config.NewAnalyzer(analyzerType, version, misconf.NewTerraformScanner, opts)
    29  	if err != nil {
    30  		return nil, err
    31  	}
    32  	return &terraformConfigAnalyzer{Analyzer: a}, nil
    33  }
    34  
    35  // Required overrides config.Analyzer.Required() and checks if the given file is a Terraform file.
    36  func (*terraformConfigAnalyzer) Required(filePath string, _ os.FileInfo) bool {
    37  	return detection.IsTerraformFile(filePath)
    38  }