Skip to content

Commit

Permalink
feat: add support for .snyk in for OSS, Container and IaC products (#…
Browse files Browse the repository at this point in the history 
…562)
  • Loading branch information
Cata authored Jul 10, 2024
1 parent 3a2cfaa commit 4adb2b3
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 8 deletions.
8 changes: 8 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,13 @@
# Snyk Security Changelog

## [2.8.9]
### Added
- Updated Open Source, Containers and IaC products to include `.snyk` in the list of supported build files.
- When a `.snyk` file changes, the OSS cache will be dropped triggering a scan.

Related PRs:
- [Language Server PR #563](https://github.com/snyk/snyk-ls/pull/563)

## [2.8.8]
### Added
- renders code actions and code lenses for OpenSource scans via the LS
Expand Down
11 changes: 9 additions & 2 deletions src/main/kotlin/snyk/container/ContainerBulkFileListener.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ class ContainerBulkFileListener : SnykBulkFileListener() {
.flatMap { it.workloadImages }
.map { it.virtualFile }
// if file was cached before - we should update cache even if it's none k8s file anymore
if (containerFilesCached.contains(virtualFile)) return@filter true
if (containerFilesCached.contains(virtualFile) || isDotSnykFile(virtualFile)) return@filter true

val psiFile = findPsiFileIgnoringExceptions(virtualFile, project) ?: return@filter false
YAMLImageExtractor.isKubernetes(psiFile)
Expand All @@ -51,22 +51,29 @@ class ContainerBulkFileListener : SnykBulkFileListener() {
}
}

private fun isDotSnykFile(virtualFile: VirtualFile) = virtualFile.name.endsWith(".snyk")

private fun updateContainerCache(
containerRelatedVirtualFilesAffected: List<VirtualFile>,
project: Project
) {
if (containerRelatedVirtualFilesAffected.isEmpty()) return
log.debug("update Container cache for $containerRelatedVirtualFilesAffected")

val isDotSnyk = containerRelatedVirtualFilesAffected.any(::isDotSnykFile)

val snykCachedResults = getSnykCachedResults(project)
val currentContainerResult = snykCachedResults?.currentContainerResult ?: return
val containerIssuesForImages = currentContainerResult.allCliIssues ?: return

val newContainerIssuesForImagesList = containerIssuesForImages.map { issuesForImage ->
if (issuesForImage.workloadImages.any { containerRelatedVirtualFilesAffected.contains(it.virtualFile) }) {
if (issuesForImage.workloadImages.any { containerRelatedVirtualFilesAffected.contains(it.virtualFile) } || isDotSnyk) {
makeObsolete(issuesForImage)
} else {
issuesForImage
}


}

val newContainerCache = ContainerResult(newContainerIssuesForImagesList, currentContainerResult.errors)
Expand Down
7 changes: 4 additions & 3 deletions src/main/kotlin/snyk/iac/IacBulkFileListener.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ class IacBulkFileListener : SnykBulkFileListener() {
val allIacIssuesForFiles = currentIacResult.allCliIssues ?: return

val iacRelatedVFsAffected = virtualFilesAffected
.filter { iacFileExtensions.contains(it.extension) }
.filter { scanInvalidatingFiles.contains(it.extension) }
.filter { ProjectRootManager.getInstance(project).fileIndex.isInContent(it) }

allIacIssuesForFiles
Expand Down Expand Up @@ -66,11 +66,12 @@ class IacBulkFileListener : SnykBulkFileListener() {

companion object {
// see https://github.com/snyk/snyk/blob/master/src/lib/iac/constants.ts#L7
private val iacFileExtensions = listOf(
private val scanInvalidatingFiles = listOf(
"yaml",
"yml",
"json",
"tf"
"tf",
".snyk"
)
}
}
7 changes: 4 additions & 3 deletions src/main/kotlin/snyk/oss/OssBulkFileListener.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ class OssBulkFileListener : SnykBulkFileListener() {
val snykCachedResults = getSnykCachedResults(project)
if (snykCachedResults?.currentOssResults != null) {
val buildFileChanged = virtualFilesAffected
.filter { supportedBuildFiles.contains(it.name) }
.filter { scanInvalidatingFiles.contains(it.name) }
.find { ProjectRootManager.getInstance(project).fileIndex.isInContent(it) }
if (buildFileChanged != null) {
snykCachedResults.currentOssResults = null
Expand All @@ -88,7 +88,7 @@ class OssBulkFileListener : SnykBulkFileListener() {

companion object {
// see https://github.com/snyk/snyk/blob/master/src/lib/detect.ts#L10
private val supportedBuildFiles = listOf(
private val scanInvalidatingFiles = listOf(
"yarn.lock",
"package-lock.json",
"package.json",
Expand All @@ -111,7 +111,8 @@ class OssBulkFileListener : SnykBulkFileListener() {
"Podfile",
"Podfile.lock",
"pyproject.toml",
"poetry.lock"
"poetry.lock",
".snyk"
)
}
}

0 comments on commit 4adb2b3

Please sign in to comment.