Skip to content

Commit

Permalink
🐛 Avoid reading every file searching for sonar configs (ossf#3929)
Browse files Browse the repository at this point in the history
* use reader instead of contents

if the filename doesn't match we don't use the file content.

Signed-off-by: Spencer Schrock <[email protected]>

* compare bytes to avoid allocations

we don't save the line, just the offset.
using the bytes versions avoids allocating new strings

Signed-off-by: Spencer Schrock <[email protected]>

---------

Signed-off-by: Spencer Schrock <[email protected]>
  • Loading branch information
spencerschrock authored and fhoeborn committed Apr 1, 2024
1 parent 8f67887 commit 7933c20
Showing 1 changed file with 12 additions and 7 deletions.
19 changes: 12 additions & 7 deletions checks/raw/sast.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import (
"bytes"
"errors"
"fmt"
"io"
"path"
"regexp"
"strings"
Expand Down Expand Up @@ -230,7 +231,8 @@ type sonarConfig struct {
func getSonarWorkflows(c *checker.CheckRequest) ([]checker.SASTWorkflow, error) {
var config []sonarConfig
var sastWorkflows []checker.SASTWorkflow
err := fileparser.OnMatchingFileContentDo(c.RepoClient, fileparser.PathMatcher{
// in the future, we may want to use ListFiles instead, so we don't open every file
err := fileparser.OnMatchingFileReaderDo(c.RepoClient, fileparser.PathMatcher{
Pattern: "*",
CaseSensitive: false,
}, validateSonarConfig, &config)
Expand All @@ -255,8 +257,8 @@ func getSonarWorkflows(c *checker.CheckRequest) ([]checker.SASTWorkflow, error)
}

// Check file content.
var validateSonarConfig fileparser.DoWhileTrueOnFileContent = func(pathfn string,
content []byte,
var validateSonarConfig fileparser.DoWhileTrueOnFileReader = func(pathfn string,
reader io.Reader,
args ...interface{},
) (bool, error) {
if !strings.EqualFold(path.Base(pathfn), "pom.xml") {
Expand All @@ -275,6 +277,10 @@ var validateSonarConfig fileparser.DoWhileTrueOnFileContent = func(pathfn string
"validateSonarConfig expects arg[0] of type *[]sonarConfig]: %w", errInvalid)
}

content, err := io.ReadAll(reader)
if err != nil {
return false, fmt.Errorf("read file: %w", err)
}
regex := regexp.MustCompile(`<sonar\.host\.url>\s*(\S+)\s*<\/sonar\.host\.url>`)
match := regex.FindSubmatch(content)

Expand Down Expand Up @@ -308,12 +314,11 @@ func findLine(content, data []byte) (uint, error) {
r := bytes.NewReader(content)
scanner := bufio.NewScanner(r)

line := 0
// https://golang.org/pkg/bufio/#Scanner.Scan
var line uint
for scanner.Scan() {
line++
if strings.Contains(scanner.Text(), string(data)) {
return uint(line), nil
if bytes.Contains(scanner.Bytes(), data) {
return line, nil
}
}

Expand Down

0 comments on commit 7933c20

Please sign in to comment.