Skip to content

Commit 37802b1

Browse files
authored
Add additional guardrails and checks against nil pointers; clean up some confusing code as well (#1063)
* [WIP] pass file contents by reference; add more nil checks Signed-off-by: egibs <20933572+egibs@users.noreply.github.com> * More improvements to report and strings.go Signed-off-by: egibs <20933572+egibs@users.noreply.github.com> * Add another length check for terminal output Signed-off-by: egibs <20933572+egibs@users.noreply.github.com> * More cleanup Signed-off-by: egibs <20933572+egibs@users.noreply.github.com> * More cleaup and consolidation Signed-off-by: egibs <20933572+egibs@users.noreply.github.com> * Small tweaks Signed-off-by: egibs <20933572+egibs@users.noreply.github.com> * Update third-party src assignment Signed-off-by: egibs <20933572+egibs@users.noreply.github.com> * Clean up hex key conditional Signed-off-by: egibs <20933572+egibs@users.noreply.github.com> --------- Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
1 parent 3a3cda6 commit 37802b1

24 files changed

Lines changed: 158 additions & 137 deletions

pkg/action/diff.go

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,9 @@ func relPath(from string, fr *malcontent.FileReport, isArchive bool, isImage boo
6060
from = fr.Path
6161
if strings.Contains(fr.Path, "∴") {
6262
parts := strings.Split(fr.Path, "∴")
63-
from = strings.TrimSpace(parts[0])
63+
if len(parts) > 0 {
64+
from = strings.TrimSpace(parts[0])
65+
}
6466
}
6567
base, err = filepath.Abs(from)
6668
if err != nil {

pkg/action/scan.go

Lines changed: 17 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -167,9 +167,7 @@ func scanSinglePath(ctx context.Context, c malcontent.Config, path string, ruleF
167167
initializeOnce.Do(func() {
168168
scannerPool = pool.NewScannerPool(yrs, getMaxConcurrency(c.Concurrency))
169169
})
170-
171-
scanner := scannerPool.Get()
172-
defer scannerPool.Put(scanner)
170+
scanner := scannerPool.Get(yrs)
173171

174172
fc, mrs, size, checksum, err := scanFD(scanner, fd, logger)
175173
if err != nil {
@@ -195,6 +193,7 @@ func scanSinglePath(ctx context.Context, c malcontent.Config, path string, ruleF
195193
}
196194

197195
defer func() {
196+
scannerPool.Put(scanner)
198197
fc = nil
199198
mrs = nil
200199
}()
@@ -788,20 +787,22 @@ func Scan(ctx context.Context, c malcontent.Config) (*malcontent.Report, error)
788787
return r, err
789788
}
790789

791-
r.Files.Range(func(key, value any) bool {
792-
if scanCtx.Err() != nil {
793-
return false
794-
}
795-
if key == nil || value == nil {
796-
return true
797-
}
798-
if fr, ok := value.(*malcontent.FileReport); ok {
799-
if fr.RiskScore < c.MinFileRisk {
800-
r.Files.Delete(key)
790+
if r != nil {
791+
r.Files.Range(func(key, value any) bool {
792+
if scanCtx.Err() != nil {
793+
return false
801794
}
802-
}
803-
return true
804-
})
795+
if key == nil || value == nil {
796+
return true
797+
}
798+
if fr, ok := value.(*malcontent.FileReport); ok {
799+
if fr.RiskScore < c.MinFileRisk {
800+
r.Files.Delete(key)
801+
}
802+
}
803+
return true
804+
})
805+
}
805806
if scanCtx.Err() == nil && c.Stats && c.Renderer.Name() != "JSON" && c.Renderer.Name() != "YAML" {
806807
err = render.Statistics(&c, r)
807808
if err != nil {

pkg/archive/archive.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -244,7 +244,7 @@ func handleDirectory(target string) error {
244244

245245
// handleFile extracts valid files within .deb or .tar archives.
246246
func handleFile(target string, tr *tar.Reader) error {
247-
buf := tarPool.Get(extractBuffer)
247+
buf := tarPool.Get(extractBuffer) //nolint:nilaway // the buffer pool is created above
248248
defer tarPool.Put(buf)
249249

250250
if err := os.MkdirAll(filepath.Dir(target), 0o700); err != nil {

pkg/archive/bz2.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ func ExtractBz2(ctx context.Context, d, f string) error {
3131
return nil
3232
}
3333

34-
buf := archivePool.Get(extractBuffer)
34+
buf := archivePool.Get(extractBuffer) //nolint:nilaway // the buffer pool is created in archive.go
3535

3636
tf, err := os.Open(f)
3737
if err != nil {

pkg/archive/gzip.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@ func ExtractGzip(ctx context.Context, d string, f string) error {
5353
return nil
5454
}
5555

56-
buf := archivePool.Get(extractBuffer)
56+
buf := archivePool.Get(extractBuffer) //nolint:nilaway // the buffer pool is created in archive.go
5757

5858
gf, err := os.Open(f)
5959
if err != nil {

pkg/archive/rpm.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ func ExtractRPM(ctx context.Context, d, f string) error {
4040
return nil
4141
}
4242

43-
buf := archivePool.Get(extractBuffer)
43+
buf := archivePool.Get(extractBuffer) //nolint:nilaway // the buffer pool is created in archive.go
4444
defer archivePool.Put(buf)
4545

4646
pkg, err := rpm.Read(rpmFile)

pkg/archive/tar.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ func ExtractTar(ctx context.Context, d string, f string) error {
4848
return nil
4949
}
5050

51-
buf := tarPool.Get(extractBuffer)
51+
buf := tarPool.Get(extractBuffer) //nolint:nilaway // the buffer pool is created in archive.go
5252

5353
filename := filepath.Base(f)
5454
tf, err := os.Open(f)

pkg/archive/zip.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -123,7 +123,7 @@ func extractFile(ctx context.Context, file *zip.File, destDir string, logger *cl
123123
}
124124
}
125125

126-
buf := zipPool.Get(zipBuffer)
126+
buf := zipPool.Get(zipBuffer) //nolint:nilaway // the buffer pool is created in archive.go
127127

128128
clean := filepath.Clean(filepath.ToSlash(file.Name))
129129
if strings.Contains(clean, "..") {

pkg/archive/zlib.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ func ExtractZlib(ctx context.Context, d string, f string) error {
3030
return nil
3131
}
3232

33-
buf := archivePool.Get(extractBuffer)
33+
buf := archivePool.Get(extractBuffer) //nolint:nilaway // the buffer pool is created in archive.go
3434
defer archivePool.Put(buf)
3535

3636
zf, err := os.Open(f)

pkg/archive/zstd.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ func ExtractZstd(ctx context.Context, d string, f string) error {
3030
return nil
3131
}
3232

33-
buf := archivePool.Get(extractBuffer)
33+
buf := archivePool.Get(extractBuffer) //nolint:nilaway // the buffer pool is created in archive.go
3434

3535
uncompressed := strings.TrimSuffix(filepath.Base(f), ".zstd")
3636
uncompressed = strings.TrimSuffix(uncompressed, ".zst")

0 commit comments

Comments
 (0)