github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/fanal/analyzer/executable/executable.go

github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/fanal/analyzer/executable/executable.go (about)

     1  package executable
     2  
     3  import (
     4  	"context"
     5  	"os"
     6  
     7  	"golang.org/x/xerrors"
     8  
     9  	"github.com/devseccon/trivy/pkg/digest"
    10  	"github.com/devseccon/trivy/pkg/fanal/analyzer"
    11  	"github.com/devseccon/trivy/pkg/fanal/utils"
    12  )
    13  
    14  func init() {
    15  	analyzer.RegisterAnalyzer(&executableAnalyzer{})
    16  }
    17  
    18  const version = 1
    19  
    20  // executableAnalyzer calculates SHA-256 for each binary not managed by package managers (called unpackaged binaries)
    21  // so that it can search for SBOM attestation in post-handler.
    22  type executableAnalyzer struct{}
    23  
    24  func (a executableAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInput) (*analyzer.AnalysisResult, error) {
    25  	// Skip non-binaries
    26  	isBinary, err := utils.IsBinary(input.Content, input.Info.Size())
    27  	if !isBinary || err != nil {
    28  		return nil, nil
    29  	}
    30  
    31  	dig, err := digest.CalcSHA256(input.Content)
    32  	if err != nil {
    33  		return nil, xerrors.Errorf("sha256 error: %w", err)
    34  	}
    35  
    36  	return &analyzer.AnalysisResult{
    37  		Digests: map[string]string{
    38  			input.FilePath: dig.String(),
    39  		},
    40  	}, nil
    41  }
    42  
    43  func (a executableAnalyzer) Required(_ string, fileInfo os.FileInfo) bool {
    44  	return utils.IsExecutable(fileInfo)
    45  }
    46  
    47  func (a executableAnalyzer) Type() analyzer.Type {
    48  	return analyzer.TypeExecutable
    49  }
    50  
    51  func (a executableAnalyzer) Version() int {
    52  	return version
    53  }