refactor(misconf): simplify policy filesystem (#3875)

Author: knqyf263

pkg/mapfs/fs.go

@@ -187,6 +187,12 @@ func (m *FS) RemoveAll(path string) error {
 }
 
 func cleanPath(path string) string {
+	// Return if the file path is a volume name only.
+	// Otherwise, `filepath.Clean` changes "C:" to "C:." and
+	// it will no longer match the pathname held by mapfs.
+	if path == filepath.VolumeName(path) {
+		return path
+	}
 	path = filepath.Clean(path)
 	path = filepath.ToSlash(path)
 	path = strings.TrimLeft(path, "/") // Remove the leading slash

pkg/misconf/scanner.go

@@ -131,99 +131,26 @@ func addHelmOpts(opts []options.ScannerOption, scannerOption config.ScannerOptio
 	return opts
 }
 
-// for a given set of paths, find the most specific filesystem path that contains all the descendants
-// the function also returns a filtered version of the input paths that are compatible with a fs.FS
-// using the resultant target path. This means they will always use "/" as a separator
-func findFSTarget(paths []string) (string, []string, error) {
-	if len(paths) == 0 {
-		return "", nil, xerrors.New("must specify at least one path")
-	}
-
-	var absPaths []string
-	var minSegmentCount int
-	for _, relPath := range paths {
-		abs, err := filepath.Abs(relPath)
-		if err != nil {
-			return "", nil, xerrors.Errorf("failed to derive absolute path from '%s': %w", relPath, err)
-		}
-		count := len(strings.Split(filepath.ToSlash(abs), "/"))
-		if count < minSegmentCount || minSegmentCount == 0 {
-			minSegmentCount = count
-		}
-		absPaths = append(absPaths, abs)
-	}
-
-	var outputSegments []string
-	for i := 0; i < minSegmentCount; i++ {
-		required := strings.Split(absPaths[0], string(filepath.Separator))[i]
-		match := true
-		for _, path := range absPaths[1:] {
-			actual := strings.Split(path, string(filepath.Separator))[i]
-			if required != actual {
-				match = false
-				break
-			}
-		}
-		if !match {
-			break
-		}
-		outputSegments = append(outputSegments, required)
-	}
-
-	slashTarget := strings.Join(outputSegments, "/")
-	if slashTarget == "" {
-		slashTarget = string(filepath.Separator)
-	}
-
-	var cleanPaths []string
-	for _, path := range absPaths {
-		path := filepath.ToSlash(path)
-		path = strings.TrimPrefix(path, slashTarget)
-		path = strings.TrimPrefix(path, "/")
-		if path == "" {
-			path = "."
-		}
-		cleanPaths = append(cleanPaths, path)
-	}
-
-	// we don't use filepath.Join here as we need to maintain the root "/"
-	target := strings.Join(outputSegments, string(filepath.Separator))
-	if target == "" || filepath.VolumeName(target) == target {
-		target += string(filepath.Separator)
-	}
-	return target, cleanPaths, nil
-}
-
 func createPolicyFS(policyPaths []string) (fs.FS, []string, error) {
 	if len(policyPaths) == 0 {
 		return nil, nil, nil
 	}
-	var outsideCWD bool
-	for _, path := range policyPaths {
-		if strings.Contains(path, "..") || strings.HasPrefix(path, "/") || (len(path) > 1 && path[1] == ':') {
-			outsideCWD = true
-			break
-		}
-	}
-	// all policy paths are inside the CWD, so create a filesystem from CWD to load from
-	if !outsideCWD {
-		cwd, err := os.Getwd()
+
+	mfs := mapfs.New()
+	for _, p := range policyPaths {
+		abs, err := filepath.Abs(p)
 		if err != nil {
-			return nil, nil, err
+			return nil, nil, xerrors.Errorf("failed to derive absolute path from '%s': %w", p, err)
 		}
-		var cleanPaths []string
-		for _, path := range policyPaths {
-			cleanPaths = append(cleanPaths, filepath.Clean(path))
+		if err = mfs.CopyFilesUnder(abs); err != nil {
+			return nil, nil, xerrors.Errorf("mapfs file copy error: %w", err)
 		}
-		return os.DirFS(cwd), cleanPaths, nil
 	}
 
-	target, cleanPaths, err := findFSTarget(policyPaths)
-	if err != nil {
-		return nil, nil, err
-	}
+	// policy paths are no longer needed as fs.FS contains only needed files now.
+	policyPaths = []string{"."}
 
-	return os.DirFS(target), cleanPaths, nil
+	return mfs, policyPaths, nil
 }
 
 func createDataFS(dataPaths []string, k8sVersion string) (fs.FS, []string, error) {

pkg/misconf/scanner_test.go

@@ -2,10 +2,8 @@ package misconf
 
 import (
 	"context"
-	"fmt"
 	"os"
 	"path/filepath"
-	"runtime"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -63,111 +61,18 @@ func TestScanner_Scan(t *testing.T) {
 	}
 }
 
-func Test_FindingFSTarget(t *testing.T) {
-	tests := []struct {
-		input      []string
-		wantTarget string
-		wantPaths  []string
-		wantErr    bool
-	}{
-		{
-			input:   nil,
-			wantErr: true,
-		},
-		{
-			input:      []string{string(os.PathSeparator)},
-			wantTarget: string(os.PathSeparator),
-			wantPaths:  []string{"."},
-		},
-		{
-			input:      []string{filepath.Join(string(os.PathSeparator), "home", "user")},
-			wantTarget: filepath.Join(string(os.PathSeparator), "home", "user"),
-			wantPaths:  []string{"."},
-		},
-		{
-			input: []string{
-				filepath.Join(string(os.PathSeparator), "home", "user"),
-				filepath.Join(string(os.PathSeparator), "home", "user", "something"),
-			},
-			wantTarget: filepath.Join(string(os.PathSeparator), "home", "user"),
-			wantPaths:  []string{".", "something"},
-		},
-		{
-			input: []string{
-				filepath.Join(string(os.PathSeparator), "home", "user"),
-				filepath.Join(string(os.PathSeparator), "home", "user", "something", "else"),
-			},
-			wantTarget: filepath.Join(string(os.PathSeparator), "home", "user"),
-			wantPaths:  []string{".", "something/else"},
-		},
-		{
-			input: []string{
-				filepath.Join(string(os.PathSeparator), "home", "user"),
-				filepath.Join(string(os.PathSeparator), "home", "user2", "something", "else"),
-			},
-			wantTarget: filepath.Join(string(os.PathSeparator), "home"),
-			wantPaths:  []string{"user", "user2/something/else"},
-		},
-		{
-			input: []string{
-				filepath.Join(string(os.PathSeparator), "foo"),
-				filepath.Join(string(os.PathSeparator), "bar"),
-			},
-			wantTarget: string(os.PathSeparator),
-			wantPaths:  []string{"foo", "bar"},
-		},
-		{
-			input:      []string{string(os.PathSeparator), filepath.Join(string(os.PathSeparator), "bar")},
-			wantTarget: string(os.PathSeparator),
-			wantPaths:  []string{".", "bar"},
-		},
-	}
-
-	for _, test := range tests {
-		t.Run(fmt.Sprintf("%#v", test.input), func(t *testing.T) {
-			if runtime.GOOS == "windows" {
-				wantTarget, err := filepath.Abs(test.wantTarget)
-				require.NoError(t, err)
-				test.wantTarget = filepath.Clean(wantTarget)
-			}
-
-			target, paths, err := findFSTarget(test.input)
-			if test.wantErr {
-				require.Error(t, err)
-			} else {
-				assert.Equal(t, test.wantTarget, target)
-				assert.Equal(t, test.wantPaths, paths)
-			}
-		})
-	}
-}
-
 func Test_createPolicyFS(t *testing.T) {
-	t.Run("inside cwd", func(t *testing.T) {
-		cwd, err := os.Getwd()
-		require.NoError(t, err)
-		require.NoError(t, os.MkdirAll(filepath.Join(cwd, "testdir"), 0750))
-		require.NoError(t, os.MkdirAll(filepath.Join(cwd, ".testdir"), 0750))
-		defer func() {
-			os.RemoveAll(filepath.Join(cwd, "testdir"))
-			os.RemoveAll(filepath.Join(cwd, ".testdir"))
-		}()
-
-		_, got1, err := createPolicyFS([]string{"testdir"})
-		require.NoError(t, err)
-
-		_, got2, err := createPolicyFS([]string{".testdir"})
-		require.NoError(t, err)
-
-		assert.NotEqual(t, got1, got2, "testdir and .testdir are different dirs and should not be equal")
-	})
-
-	t.Run("outside cwd", func(t *testing.T) {
+	t.Run("outside pwd", func(t *testing.T) {
 		tmpDir := t.TempDir()
 		require.NoError(t, os.MkdirAll(filepath.Join(tmpDir, "subdir/testdir"), 0750))
 		f, got, err := createPolicyFS([]string{filepath.Join(tmpDir, "subdir/testdir")})
 		require.NoError(t, err)
 		assert.Equal(t, []string{"."}, got)
-		assert.Contains(t, f, "testdir")
+
+		d, err := f.Open(tmpDir)
+		require.NoError(t, err)
+		stat, err := d.Stat()
+		require.NoError(t, err)
+		assert.True(t, stat.IsDir())
 	})
 }