github.com/google/osv-scalibr@v0.4.1/enricher/secrets/convert/convert.go

github.com/google/osv-scalibr@v0.4.1/enricher/secrets/convert/convert.go (about)

     1  // Copyright 2025 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Package convert provides a utility function for converting Veles plugins
    16  // (Detectors and Validators) to SCALIBR core plugins (FilesystemExtractors and Enrichers)
    17  package convert
    18  
    19  import (
    20  	"context"
    21  	"errors"
    22  	"reflect"
    23  
    24  	"github.com/google/osv-scalibr/enricher"
    25  	se "github.com/google/osv-scalibr/enricher/secrets"
    26  	"github.com/google/osv-scalibr/inventory"
    27  	"github.com/google/osv-scalibr/plugin"
    28  	"github.com/google/osv-scalibr/veles"
    29  )
    30  
    31  // FromVelesValidator converts a Veles Validator into a SCALIBR Enricher plugin.
    32  // This allows enabling Veles Validators individually like regular SCALIBR plugins.
    33  // The wrapped Enricher does not do any enrichment on its own - it's a placeholder plugin
    34  // that is used to configure the Veles validator before the scan starts.
    35  func FromVelesValidator[S veles.Secret](velesValidator veles.Validator[S], name string, version int) func() enricher.Enricher {
    36  	return func() enricher.Enricher {
    37  		return &validatorWrapper{
    38  			velesValidator: veles.NewGenericValidator(velesValidator),
    39  			typ:            reflect.TypeFor[S](),
    40  			name:           name,
    41  			version:        version,
    42  		}
    43  	}
    44  }
    45  
    46  // validatorWrapper is a wrapper around the veles.Validator interface that
    47  // implements the additional functions of the filesystem Enricher interface.
    48  type validatorWrapper struct {
    49  	velesValidator veles.GenericValidator
    50  	// The secret type that this validator checks.
    51  	typ     reflect.Type
    52  	name    string
    53  	version int
    54  }
    55  
    56  // Validate checks whether the given secret is valid.
    57  func (v *validatorWrapper) Validate(ctx context.Context, s veles.Secret) (veles.ValidationStatus, error) {
    58  	return v.velesValidator.Validate(ctx, s)
    59  }
    60  
    61  // Name of the enricher.
    62  func (v *validatorWrapper) Name() string {
    63  	return v.name
    64  }
    65  
    66  // Version of the enricher.
    67  func (v *validatorWrapper) Version() int {
    68  	return v.version
    69  }
    70  
    71  // Requirements of the enricher.
    72  func (v *validatorWrapper) Requirements() *plugin.Capabilities {
    73  	// Veles plugins don't have any special requirements.
    74  	return &plugin.Capabilities{}
    75  }
    76  
    77  // RequiredPlugins returns an empty list - While it works on the results of the
    78  // secret detector plugins, the Enricher itself can run independently.
    79  func (v *validatorWrapper) RequiredPlugins() []string {
    80  	return []string{}
    81  }
    82  
    83  // Enrich is a dummy function to satisfy the interface requirements.
    84  // It always returns an error since wrapped secret scanner plugins all run through the
    85  // central veles Enricher plugin.
    86  func (v *validatorWrapper) Enrich(ctx context.Context, input *enricher.ScanInput, inv *inventory.Inventory) error {
    87  	return errors.New("Enrich not implemented - Plugin should run through the central Veles validation engine")
    88  }
    89  
    90  // Assert that validatorWrapper implements the required interfaces.
    91  var _ veles.GenericValidator = &validatorWrapper{}
    92  var _ enricher.Enricher = &validatorWrapper{}
    93  
    94  // SetupVelesEnrichers configures the central Veles secret validation plugin using the placeholder
    95  // enrichers found in the enricher list. Returns the updated enricher list.
    96  func SetupVelesEnrichers(enrichers []enricher.Enricher) ([]enricher.Enricher, error) {
    97  	result := make([]enricher.Enricher, 0, len(enrichers))
    98  	validators := []veles.ValidationEngineOption{}
    99  	for _, e := range enrichers {
   100  		if v, ok := e.(*validatorWrapper); ok {
   101  			validators = append(validators, veles.WithGenericValidator(v, v.typ))
   102  		} else {
   103  			result = append(result, e)
   104  		}
   105  	}
   106  
   107  	// Add the veles enricher with the configured validators.
   108  	if len(validators) != 0 {
   109  		engine := veles.NewValidationEngine(validators...)
   110  		result = append(result, se.NewWithEngine(engine))
   111  	}
   112  
   113  	return result, nil
   114  }