aquasecurity
diff --git a/‎.github/workflows/bench.yml
Lines changed: 0 additions & 1 deletion b/‎.github/workflows/bench.yml
Lines changed: 0 additions & 1 deletion
diff --git a/‎.github/workflows/test.yml
Lines changed: 0 additions & 1 deletion b/‎.github/workflows/test.yml
Lines changed: 0 additions & 1 deletion
diff --git a/‎analyzer/all/import.go
Lines changed: 1 addition & 0 deletions b/‎analyzer/all/import.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎analyzer/analyzer.go
Lines changed: 20 additions & 1 deletion b/‎analyzer/analyzer.go
Lines changed: 20 additions & 1 deletion
diff --git a/‎analyzer/analyzer_test.go
Lines changed: 13 additions & 62 deletions b/‎analyzer/analyzer_test.go
Lines changed: 13 additions & 62 deletions
diff --git a/‎analyzer/buildinfo/content_manifest.go
Lines changed: 55 additions & 0 deletions b/‎analyzer/buildinfo/content_manifest.go
Lines changed: 55 additions & 0 deletions
diff --git a/‎analyzer/buildinfo/content_manifest_test.go
Lines changed: 88 additions & 0 deletions b/‎analyzer/buildinfo/content_manifest_test.go
Lines changed: 88 additions & 0 deletions
@@ -10,7 +10,6 @@ jobs:
       uses: actions/setup-go@v2
       with:
         go-version: 1.17
-      id: go
 
     - name: Check out code into the Go module directory
       uses: actions/checkout@v2
 
@@ -31,7 +31,6 @@ jobs:
       uses: actions/setup-go@v2
       with:
         go-version: ${{ env.GO_VERSION }}
-      id: go
 
     - name: Check out code into the Go module directory
       uses: actions/checkout@v2
 
@@ -1,6 +1,7 @@
 package all
 
 import (
+	_ "github.com/aquasecurity/fanal/analyzer/buildinfo"
 	_ "github.com/aquasecurity/fanal/analyzer/command/apk"
 	_ "github.com/aquasecurity/fanal/analyzer/language/dotnet/nuget"
 	_ "github.com/aquasecurity/fanal/analyzer/language/golang/binary"
 
@@ -83,14 +83,17 @@ type AnalysisResult struct {
 	Configs              []types.Config
 	SystemInstalledFiles []string // A list of files installed by OS package manager
 
+	// For Red Hat
+	BuildInfo *types.BuildInfo
+
 	// CustomResources hold analysis results from custom analyzers.
 	// It is for extensibility and not used in OSS.
 	CustomResources []types.CustomResource
 }
 
 func (r *AnalysisResult) isEmpty() bool {
 	return r.OS == nil && len(r.PackageInfos) == 0 && len(r.Applications) == 0 &&
-		len(r.Configs) == 0 && len(r.SystemInstalledFiles) == 0 && len(r.CustomResources) == 0
+		len(r.Configs) == 0 && len(r.SystemInstalledFiles) == 0 && r.BuildInfo == nil && len(r.CustomResources) == 0
 }
 
 func (r *AnalysisResult) Sort() {
@@ -148,6 +151,22 @@ func (r *AnalysisResult) Merge(new *AnalysisResult) {
 
 	r.SystemInstalledFiles = append(r.SystemInstalledFiles, new.SystemInstalledFiles...)
 
+	if new.BuildInfo != nil {
+		if r.BuildInfo == nil {
+			r.BuildInfo = new.BuildInfo
+		} else {
+			// We don't need to merge build info here
+			// because there is theoretically only one file about build info in each layer.
+			if new.BuildInfo.Nvr != "" || new.BuildInfo.Arch != "" {
+				r.BuildInfo.Nvr = new.BuildInfo.Nvr
+				r.BuildInfo.Arch = new.BuildInfo.Arch
+			}
+			if len(new.BuildInfo.ContentSets) > 0 {
+				r.BuildInfo.ContentSets = new.BuildInfo.ContentSets
+			}
+		}
+	}
+
 	r.CustomResources = append(r.CustomResources, new.CustomResources...)
 }
 
 
@@ -14,11 +14,16 @@ import (
 	"golang.org/x/xerrors"
 
 	"github.com/aquasecurity/fanal/analyzer"
-	_ "github.com/aquasecurity/fanal/analyzer/all"
 	aos "github.com/aquasecurity/fanal/analyzer/os"
-	_ "github.com/aquasecurity/fanal/hook/all"
 	"github.com/aquasecurity/fanal/types"
 	dio "github.com/aquasecurity/go-dep-parser/pkg/io"
+
+	_ "github.com/aquasecurity/fanal/analyzer/command/apk"
+	_ "github.com/aquasecurity/fanal/analyzer/language/ruby/bundler"
+	_ "github.com/aquasecurity/fanal/analyzer/os/alpine"
+	_ "github.com/aquasecurity/fanal/analyzer/os/ubuntu"
+	_ "github.com/aquasecurity/fanal/analyzer/pkg/apk"
+	_ "github.com/aquasecurity/fanal/hook/all"
 )
 
 type mockConfigAnalyzer struct{}
@@ -453,72 +458,18 @@ func TestAnalyzer_AnalyzerVersions(t *testing.T) {
 			name:     "happy path",
 			disabled: []analyzer.Type{},
 			want: map[string]int{
-				"alpine":     1,
-				"amazon":     1,
-				"apk":        1,
-				"bundler":    1,
-				"cargo":      1,
-				"centos":     1,
-				"rocky":      1,
-				"alma":       1,
-				"composer":   1,
-				"debian":     1,
-				"dpkg":       2,
-				"fedora":     1,
-				"gobinary":   1,
-				"gomod":      1,
-				"jar":        1,
-				"node-pkg":   1,
-				"npm":        1,
-				"nuget":      2,
-				"oracle":     1,
-				"photon":     1,
-				"pip":        1,
-				"pipenv":     1,
-				"poetry":     1,
-				"pom":        1,
-				"redhat":     1,
-				"rpm":        1,
-				"suse":       1,
-				"ubuntu":     1,
-				"yarn":       1,
-				"python-pkg": 1,
-				"gemspec":    1,
+				"alpine":  1,
+				"apk":     1,
+				"bundler": 1,
+				"ubuntu":  1,
 			},
 		},
 		{
 			name:     "disable analyzers",
 			disabled: []analyzer.Type{analyzer.TypeAlpine, analyzer.TypeUbuntu},
 			want: map[string]int{
-				"amazon":     1,
-				"apk":        1,
-				"bundler":    1,
-				"cargo":      1,
-				"centos":     1,
-				"rocky":      1,
-				"alma":       1,
-				"composer":   1,
-				"debian":     1,
-				"dpkg":       2,
-				"fedora":     1,
-				"gobinary":   1,
-				"gomod":      1,
-				"jar":        1,
-				"node-pkg":   1,
-				"npm":        1,
-				"nuget":      2,
-				"oracle":     1,
-				"photon":     1,
-				"pip":        1,
-				"pipenv":     1,
-				"poetry":     1,
-				"pom":        1,
-				"redhat":     1,
-				"rpm":        1,
-				"suse":       1,
-				"yarn":       1,
-				"python-pkg": 1,
-				"gemspec":    1,
+				"apk":     1,
+				"bundler": 1,
 			},
 		},
 	}
 
@@ -0,0 +1,55 @@
+package buildinfo
+
+import (
+	"context"
+	"encoding/json"
+	"os"
+	"path/filepath"
+
+	"golang.org/x/xerrors"
+
+	"github.com/aquasecurity/fanal/analyzer"
+	"github.com/aquasecurity/fanal/types"
+)
+
+func init() {
+	analyzer.RegisterAnalyzer(&contentManifestAnalyzer{})
+}
+
+const contentManifestAnalyzerVersion = 1
+
+type contentManifest struct {
+	ContentSets []string `json:"content_sets"`
+}
+
+// For Red Hat products
+type contentManifestAnalyzer struct{}
+
+func (a contentManifestAnalyzer) Analyze(_ context.Context, target analyzer.AnalysisInput) (*analyzer.AnalysisResult, error) {
+	var manifest contentManifest
+	if err := json.NewDecoder(target.Content).Decode(&manifest); err != nil {
+		return nil, xerrors.Errorf("invalid content manifest: %w", err)
+	}
+
+	return &analyzer.AnalysisResult{
+		BuildInfo: &types.BuildInfo{
+			ContentSets: manifest.ContentSets,
+		},
+	}, nil
+}
+
+func (a contentManifestAnalyzer) Required(filePath string, _ os.FileInfo) bool {
+	dir, file := filepath.Split(filepath.ToSlash(filePath))
+	if dir != "root/buildinfo/content_manifests/" {
+		return false
+	}
+	return filepath.Ext(file) == ".json"
+}
+
+func (a contentManifestAnalyzer) Type() analyzer.Type {
+	return analyzer.TypeRedHatContentManifestType
+}
+
+func (a contentManifestAnalyzer) Version() int {
+	return contentManifestAnalyzerVersion
+}
@@ -0,0 +1,88 @@
+package buildinfo
+
+import (
+	"context"
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/aquasecurity/fanal/analyzer"
+	"github.com/aquasecurity/fanal/types"
+)
+
+func Test_contentManifestAnalyzer_Analyze(t *testing.T) {
+	tests := []struct {
+		name    string
+		input   string
+		want    *analyzer.AnalysisResult
+		wantErr string
+	}{
+		{
+			name:  "happy path",
+			input: "testdata/content_manifests/ubi8-minimal-container-8.5-218.json",
+			want: &analyzer.AnalysisResult{
+				BuildInfo: &types.BuildInfo{
+					ContentSets: []string{
+						"rhel-8-for-x86_64-baseos-rpms",
+						"rhel-8-for-x86_64-appstream-rpms",
+					},
+				},
+			},
+		},
+		{
+			name:    "broken json",
+			input:   "testdata/content_manifests/broken.json",
+			wantErr: "invalid content manifest",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			f, err := os.Open(tt.input)
+			require.NoError(t, err)
+			defer f.Close()
+
+			a := contentManifestAnalyzer{}
+			got, err := a.Analyze(context.Background(), analyzer.AnalysisInput{
+				FilePath: tt.input,
+				Content:  f,
+			})
+
+			if tt.wantErr != "" {
+				require.Error(t, err)
+				assert.Contains(t, err.Error(), tt.wantErr)
+				return
+			}
+
+			require.NoError(t, err)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
+
+func Test_contentManifestAnalyzer_Required(t *testing.T) {
+	tests := []struct {
+		name     string
+		filePath string
+		want     bool
+	}{
+		{
+			name:     "happy path",
+			filePath: "root/buildinfo/content_manifests/nodejs-12-container-1-66.json",
+			want:     true,
+		},
+		{
+			name:     "sad path",
+			filePath: "root/buildinfo/content_manifests/nodejs-12-container-1-66.xml",
+			want:     false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			a := contentManifestAnalyzer{}
+			got := a.Required(tt.filePath, nil)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}