github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/fanal/analyzer/config/terraformplan/terraformplan.go

github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/fanal/analyzer/config/terraformplan/terraformplan.go (about)

     1  package terraformplan
     2  
     3  import (
     4  	"os"
     5  	"path/filepath"
     6  
     7  	"k8s.io/utils/strings/slices"
     8  
     9  	"github.com/devseccon/trivy/pkg/fanal/analyzer"
    10  	"github.com/devseccon/trivy/pkg/fanal/analyzer/config"
    11  	"github.com/devseccon/trivy/pkg/misconf"
    12  )
    13  
    14  const (
    15  	analyzerType = analyzer.TypeTerraformPlan
    16  	version      = 1
    17  )
    18  
    19  var requiredExts = []string{
    20  	".json",
    21  }
    22  
    23  func init() {
    24  	analyzer.RegisterPostAnalyzer(analyzerType, newTerraformPlanConfigAnalyzer)
    25  }
    26  
    27  // terraformPlanConfigAnalyzer is an analyzer for detecting misconfigurations in Terraform files.
    28  // It embeds config.Analyzer so it can implement analyzer.PostAnalyzer.
    29  type terraformPlanConfigAnalyzer struct {
    30  	*config.Analyzer
    31  }
    32  
    33  func newTerraformPlanConfigAnalyzer(opts analyzer.AnalyzerOptions) (analyzer.PostAnalyzer, error) {
    34  	a, err := config.NewAnalyzer(analyzerType, version, misconf.NewTerraformPlanScanner, opts)
    35  	if err != nil {
    36  		return nil, err
    37  	}
    38  	return &terraformPlanConfigAnalyzer{Analyzer: a}, nil
    39  }
    40  
    41  // Required overrides config.Analyzer.Required() and checks if the given file is a Terraform file.
    42  func (*terraformPlanConfigAnalyzer) Required(filePath string, _ os.FileInfo) bool {
    43  	return slices.Contains(requiredExts, filepath.Ext(filePath))
    44  }