Skip to content

fix(misconf): do not log scanners when misconfig scanning is disabled #8345

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 4, 2025
Merged

fix(misconf): do not log scanners when misconfig scanning is disabled #8345

merged 2 commits into from
Feb 4, 2025

Conversation

nikpivkin
Copy link
Contributor

Description

This PR logs enabled misconfiguration scanners only when misconfig scanning is enabled.

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@nikpivkin nikpivkin marked this pull request as ready for review February 4, 2025 07:53
@nikpivkin nikpivkin requested a review from knqyf263 as a code owner February 4, 2025 07:53
knqyf263
knqyf263 reviewed Feb 4, 2025
View reviewed changes
Copy link
Collaborator

@knqyf263 knqyf263 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need this even when the misconfiguration scanner is disabled?

trivy/pkg/commands/artifact/run.go

Lines 437 to 444 in 6826601

// Filter only enabled misconfiguration scanners
ma, err := filterMisconfigAnalyzers(opts.MisconfigScanners, analyzer.TypeConfigFiles)
if err != nil {
log.Error("Invalid misconfiguration scanners specified, defaulting to use all misconfig scanners",
log.Any("scanners", opts.MisconfigScanners))
} else {
analyzers = append(analyzers, ma...)
}

@nikpivkin nikpivkin force-pushed the fix/misconf-log-scanners branch from 6826601 to af4379f Compare February 4, 2025 08:18
@nikpivkin
Copy link
Contributor Author

Fixed af4379f

@knqyf263 knqyf263 added this pull request to the merge queue Feb 4, 2025
DmitriyLewen
DmitriyLewen reviewed Feb 4, 2025
View reviewed changes
pkg/commands/artifact/run.go Outdated
}

log.Debug("Enabling misconfiguration scanners",
log.Any("scanners", lo.Without(analyzer.TypeConfigFiles, analyzers...)))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IIUC we don't need to check all analyzers here.

Suggested change
log.Any("scanners", lo.Without(analyzer.TypeConfigFiles, analyzers...)))
log.Any("scanners", lo.Without(analyzer.TypeConfigFiles, ma...)))

pkg/commands/artifact/run.go Outdated
// Do not perform misconfiguration scanning when it is not specified.
if !opts.Scanners.AnyEnabled(types.MisconfigScanner, types.RBACScanner) {
analyzers = append(analyzers, analyzer.TypeConfigFiles...)
} else {
// Filter only enabled misconfiguration scanners
ma, err := disabledMisconfigAnalyzers(analyzer.TypeConfigFiles, opts.MisconfigScanners)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit:
is there any point in passing analyzer.TypeConfigFiles as an argument to the function?

@DmitriyLewen DmitriyLewen removed this pull request from the merge queue due to a manual request Feb 4, 2025
@DmitriyLewen DmitriyLewen added this to the v0.59.1 milestone Feb 4, 2025
@DmitriyLewen DmitriyLewen added this pull request to the merge queue Feb 4, 2025
Merged via the queue into aquasecurity:main with commit 5695eb2 Feb 4, 2025
12 checks passed
@aqua-bot aqua-bot mentioned this pull request Feb 4, 2025
Merged
@DmitriyLewen
Copy link
Contributor

@aqua-bot backport release/v0.59

github-actions bot pushed a commit that referenced this pull request Feb 4, 2025
@nikpivkin @actions-user
fix(misconf): do not log scanners when misconfig scanning is disabled (
e27c74b 
…#8345)

Signed-off-by: nikpivkin <[email protected]>
@aqua-bot aqua-bot mentioned this pull request Feb 4, 2025
Merged
@aqua-bot
Copy link
Contributor

aqua-bot commented Feb 4, 2025

Backport PR created: #8349

RingoDev pushed a commit to RingoDev/trivy that referenced this pull request Feb 26, 2025
@nikpivkin @RingoDev
fix(misconf): do not log scanners when misconfig scanning is disabled (
d96c6aa 
…aquasecurity#8345)

Signed-off-by: nikpivkin <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knqyf263 knqyf263 knqyf263 approved these changes

@DmitriyLewen DmitriyLewen DmitriyLewen approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.59.1
Development

Successfully merging this pull request may close these issues.
4 participants
@nikpivkin @DmitriyLewen @aqua-bot @knqyf263