Skip to content

Commit 68f0215

Browse files
cx-leonardo-fontescx-leonardo-fontes
authored
feat: add limits fields to scan config (#369)
1 parent db73484 commit 68f0215

4 files changed

Lines changed: 254 additions & 40 deletions

File tree

internal/resources/scanner.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,4 +9,9 @@ type ScanConfig struct {
99
CustomRules []*ruledefine.Rule
1010
WithValidation bool
1111
PluginName string
12+
13+
// Limit settings
14+
MaxFindings uint64 // Total findings limit across entire scan (0 = no limit)
15+
MaxRuleMatchesPerFragment uint64 // Regex matches limit per rule per fragment (0 = no limit)
16+
MaxSecretSize uint64 // Maximum secret size in bytes (0 = no limit)
1217
}

pkg/scan.go

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -33,28 +33,31 @@ func NewScanner() Scanner {
3333
return &scanner{}
3434
}
3535

36-
func (s *scanner) Reset(scanConfig resources.ScanConfig, opts ...engine.EngineOption) error {
36+
func (s *scanner) Reset(scanConfig *resources.ScanConfig, opts ...engine.EngineOption) error {
3737
s.mu.Lock()
3838
defer s.mu.Unlock()
3939

4040
engineInstance, err := engine.Init(&engine.EngineConfig{
41-
IgnoredIds: scanConfig.IgnoreResultIds,
42-
SelectedList: scanConfig.SelectRules,
43-
CustomRules: scanConfig.CustomRules,
44-
IgnoreList: scanConfig.IgnoreRules,
45-
ScanConfig: scanConfig,
41+
IgnoredIds: scanConfig.IgnoreResultIds,
42+
SelectedList: scanConfig.SelectRules,
43+
CustomRules: scanConfig.CustomRules,
44+
IgnoreList: scanConfig.IgnoreRules,
45+
MaxFindings: scanConfig.MaxFindings,
46+
MaxRuleMatchesPerFragment: scanConfig.MaxRuleMatchesPerFragment,
47+
MaxSecretSize: scanConfig.MaxSecretSize,
48+
ScanConfig: *scanConfig,
4649
}, opts...)
4750
if err != nil {
4851
return fmt.Errorf("error initializing engine: %w", err)
4952
}
5053

5154
s.engineInstance = engineInstance
52-
s.scanConfig = scanConfig
55+
s.scanConfig = *scanConfig
5356

5457
return nil
5558
}
5659

57-
func (s *scanner) Scan(scanItems []ScanItem, scanConfig resources.ScanConfig, opts ...engine.EngineOption) (reporting.IReport, error) {
60+
func (s *scanner) Scan(scanItems []ScanItem, scanConfig *resources.ScanConfig, opts ...engine.EngineOption) (reporting.IReport, error) {
5861
var wg conc.WaitGroup
5962
err := s.Reset(scanConfig, opts...)
6063
if err != nil {
@@ -106,7 +109,7 @@ func (s *scanner) Scan(scanItems []ScanItem, scanConfig resources.ScanConfig, op
106109

107110
func (s *scanner) ScanDynamic(
108111
itemsIn <-chan ScanItem,
109-
scanConfig resources.ScanConfig,
112+
scanConfig *resources.ScanConfig,
110113
opts ...engine.EngineOption,
111114
) (reporting.IReport, error) {
112115
var wg conc.WaitGroup

0 commit comments

Comments
 (0)