Allow to scan a single file (fanal#356)

Co-authored-by: knqyf263 <[email protected]>

Author: jerbob92

artifact/local/fs.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"crypto/sha256"
 	"encoding/json"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
@@ -29,9 +28,9 @@ const (
 )
 
 type Artifact struct {
-	dir         string
+	rootPath    string
 	cache       cache.ArtifactCache
-	walker      walker.Dir
+	walker      walker.FS
 	analyzer    analyzer.AnalyzerGroup
 	hookManager hook.Manager
 	scanner     scanner.Scanner
@@ -40,21 +39,21 @@ type Artifact struct {
 	configScannerOption config.ScannerOption
 }
 
-func NewArtifact(dir string, c cache.ArtifactCache, artifactOpt artifact.Option, scannerOpt config.ScannerOption) (artifact.Artifact, error) {
+func NewArtifact(rootPath string, c cache.ArtifactCache, artifactOpt artifact.Option, scannerOpt config.ScannerOption) (artifact.Artifact, error) {
 	// Register config analyzers
 	if err := config.RegisterConfigAnalyzers(scannerOpt.FilePatterns); err != nil {
 		return nil, xerrors.Errorf("config analyzer error: %w", err)
 	}
 
-	s, err := scanner.New(dir, scannerOpt.Namespaces, scannerOpt.PolicyPaths, scannerOpt.DataPaths, scannerOpt.Trace)
+	s, err := scanner.New(rootPath, scannerOpt.Namespaces, scannerOpt.PolicyPaths, scannerOpt.DataPaths, scannerOpt.Trace)
 	if err != nil {
 		return nil, xerrors.Errorf("scanner error: %w", err)
 	}
 
 	return Artifact{
-		dir:         dir,
+		rootPath:    filepath.Clean(rootPath),
 		cache:       c,
-		walker:      walker.NewDir(buildAbsPaths(dir, artifactOpt.SkipFiles), buildAbsPaths(dir, artifactOpt.SkipDirs)),
+		walker:      walker.NewFS(buildAbsPaths(rootPath, artifactOpt.SkipFiles), buildAbsPaths(rootPath, artifactOpt.SkipDirs)),
 		analyzer:    analyzer.NewAnalyzerGroup(artifactOpt.AnalyzerGroup, artifactOpt.DisabledAnalyzers),
 		hookManager: hook.NewManager(artifactOpt.DisabledHooks),
 		scanner:     s,
@@ -81,21 +80,29 @@ func (a Artifact) Inspect(ctx context.Context) (types.ArtifactReference, error)
 	result := new(analyzer.AnalysisResult)
 	limit := semaphore.NewWeighted(parallel)
 
-	err := a.walker.Walk(a.dir, func(filePath string, info os.FileInfo, opener analyzer.Opener) error {
+	err := a.walker.Walk(a.rootPath, func(filePath string, info os.FileInfo, opener analyzer.Opener) error {
+		directory := a.rootPath
+
+		// When the directory is the same as the filePath, a file was given
+		// instead of a directory, rewrite the directory in this case.
+		if a.rootPath == filePath {
+			directory = filepath.Dir(a.rootPath)
+		}
+
 		// For exported rootfs (e.g. images/alpine/etc/alpine-release)
-		filePath, err := filepath.Rel(a.dir, filePath)
+		filePath, err := filepath.Rel(directory, filePath)
 		if err != nil {
 			return xerrors.Errorf("filepath rel (%s): %w", filePath, err)
 		}
 
 		opts := analyzer.AnalysisOptions{Offline: a.artifactOption.Offline}
-		if err = a.analyzer.AnalyzeFile(ctx, &wg, limit, result, a.dir, filePath, info, opener, opts); err != nil {
+		if err = a.analyzer.AnalyzeFile(ctx, &wg, limit, result, directory, filePath, info, opener, opts); err != nil {
 			return xerrors.Errorf("analyze file (%s): %w", filePath, err)
 		}
 		return nil
 	})
 	if err != nil {
-		return types.ArtifactReference{}, xerrors.Errorf("walk dir: %w", err)
+		return types.ArtifactReference{}, xerrors.Errorf("walk filesystem: %w", err)
 	}
 
 	// Wait for all the goroutine to finish.
@@ -144,11 +151,11 @@ func (a Artifact) Inspect(ctx context.Context) (types.ArtifactReference, error)
 
 	// get hostname
 	var hostName string
-	b, err := ioutil.ReadFile(filepath.Join(a.dir, "etc", "hostname"))
+	b, err := os.ReadFile(filepath.Join(a.rootPath, "etc", "hostname"))
 	if err == nil && string(b) != "" {
 		hostName = strings.TrimSpace(string(b))
 	} else {
-		hostName = a.dir
+		hostName = a.rootPath
 	}
 
 	return types.ArtifactReference{

artifact/local/fs_test.go

@@ -36,7 +36,7 @@ func TestArtifact_Inspect(t *testing.T) {
 		{
 			name: "happy path",
 			fields: fields{
-				dir: "./testdata",
+				dir: "./testdata/alpine",
 			},
 			putBlobExpectation: cache.ArtifactCachePutBlobExpectation{
 				Args: cache.ArtifactCachePutBlobArgs{
@@ -72,7 +72,7 @@ func TestArtifact_Inspect(t *testing.T) {
 		{
 			name: "disable analyzers",
 			fields: fields{
-				dir: "./testdata",
+				dir: "./testdata/alpine",
 			},
 			artifactOpt: artifact.Option{
 				DisabledAnalyzers: []analyzer.Type{analyzer.TypeAlpine, analyzer.TypeApk},
@@ -99,7 +99,7 @@ func TestArtifact_Inspect(t *testing.T) {
 		{
 			name: "sad path PutBlob returns an error",
 			fields: fields{
-				dir: "./testdata",
+				dir: "./testdata/alpine",
 			},
 			putBlobExpectation: cache.ArtifactCachePutBlobExpectation{
 				Args: cache.ArtifactCachePutBlobArgs{
@@ -134,6 +134,78 @@ func TestArtifact_Inspect(t *testing.T) {
 			},
 			wantErr: "no such file or directory",
 		},
+		{
+			name: "happy path with single file",
+			fields: fields{
+				dir: "testdata/requirements.txt",
+			},
+			putBlobExpectation: cache.ArtifactCachePutBlobExpectation{
+				Args: cache.ArtifactCachePutBlobArgs{
+					BlobID: "sha256:66ba8d6fd07f032638ec8ee517f85b3aad8c6b263c9b1f784237511558002851",
+					BlobInfo: types.BlobInfo{
+						SchemaVersion: types.BlobJSONSchemaVersion,
+						DiffID:        "sha256:de52b03af926ba8f646bd11b794f014161b11a3dbad0213d556ea9af120e1623",
+						Applications: []types.Application{
+							{
+								Type:     "pip",
+								FilePath: "requirements.txt",
+								Libraries: []types.Package{
+									{
+										Name:    "Flask",
+										Version: "2.0.0",
+									},
+								},
+							},
+						},
+					},
+				},
+				Returns: cache.ArtifactCachePutBlobReturns{},
+			},
+			want: types.ArtifactReference{
+				Name: "testdata/requirements.txt",
+				Type: types.ArtifactFilesystem,
+				ID:   "sha256:66ba8d6fd07f032638ec8ee517f85b3aad8c6b263c9b1f784237511558002851",
+				BlobIDs: []string{
+					"sha256:66ba8d6fd07f032638ec8ee517f85b3aad8c6b263c9b1f784237511558002851",
+				},
+			},
+		},
+		{
+			name: "happy path with single file using relative path",
+			fields: fields{
+				dir: "./testdata/requirements.txt",
+			},
+			putBlobExpectation: cache.ArtifactCachePutBlobExpectation{
+				Args: cache.ArtifactCachePutBlobArgs{
+					BlobID: "sha256:66ba8d6fd07f032638ec8ee517f85b3aad8c6b263c9b1f784237511558002851",
+					BlobInfo: types.BlobInfo{
+						SchemaVersion: types.BlobJSONSchemaVersion,
+						DiffID:        "sha256:de52b03af926ba8f646bd11b794f014161b11a3dbad0213d556ea9af120e1623",
+						Applications: []types.Application{
+							{
+								Type:     "pip",
+								FilePath: "requirements.txt",
+								Libraries: []types.Package{
+									{
+										Name:    "Flask",
+										Version: "2.0.0",
+									},
+								},
+							},
+						},
+					},
+				},
+				Returns: cache.ArtifactCachePutBlobReturns{},
+			},
+			want: types.ArtifactReference{
+				Name: "testdata/requirements.txt",
+				Type: types.ArtifactFilesystem,
+				ID:   "sha256:66ba8d6fd07f032638ec8ee517f85b3aad8c6b263c9b1f784237511558002851",
+				BlobIDs: []string{
+					"sha256:66ba8d6fd07f032638ec8ee517f85b3aad8c6b263c9b1f784237511558002851",
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

artifact/local/testdata/etc/alpine-release renamed to artifact/local/testdata/alpine/etc/alpine-release

@@ -0,0 +1 @@
+Flask==2.0.0

artifact/local/testdata/etc/hostname renamed to artifact/local/testdata/alpine/etc/hostname

@@ -10,19 +10,19 @@ import (
 	dio "github.com/aquasecurity/go-dep-parser/pkg/io"
 )
 
-type Dir struct {
+type FS struct {
 	walker
 }
 
-func NewDir(skipFiles, skipDirs []string) Dir {
-	return Dir{
+func NewFS(skipFiles, skipDirs []string) FS {
+	return FS{
 		walker: newWalker(skipFiles, skipDirs),
 	}
 }
 
 // Walk walks the file tree rooted at root, calling WalkFunc for each file or
 // directory in the tree, including root, but a directory to be ignored will be skipped.
-func (w Dir) Walk(root string, fn WalkFunc) error {
+func (w FS) Walk(root string, fn WalkFunc) error {
 	// walk function called for every path found
 	walkFn := func(pathname string, fi os.FileInfo) error {
 		pathname = filepath.Clean(pathname)

artifact/local/testdata/lib/apk/db/installed renamed to artifact/local/testdata/alpine/lib/apk/db/installed

@@ -79,7 +79,7 @@ func TestDir_Walk(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			w := walker.NewDir(tt.fields.skipFiles, tt.fields.skipDirs)
+			w := walker.NewFS(tt.fields.skipFiles, tt.fields.skipDirs)
 
 			err := w.Walk(tt.rootDir, tt.analyzeFn)
 			if tt.wantErr != "" {