Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 54 additions & 0 deletions internal/services/realtimeengine/ossrealtime/oss-realtime.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"encoding/json"
"fmt"
"os"
"path/filepath"
"strings"

"github.com/Checkmarx/manifest-parser/pkg/parser"
Expand Down Expand Up @@ -74,6 +75,10 @@ func (o *OssRealtimeService) RunOssRealtimeScan(filePath, ignoredFilePath string
return nil, errorconstants.NewRealtimeEngineError("invalid file path").Error()
}

if err := validateSupportedManifestFile(filePath); err != nil {
return nil, err
}

pkgs, err := parseManifest(filePath)
if err != nil {
logger.PrintfIfVerbose("Failed to parse manifest file %s: %v", filePath, err)
Expand Down Expand Up @@ -174,6 +179,55 @@ func getPackageEntryFromPackageMap(
return &entry
}

// validateSupportedManifestFile checks if the manifest file format is supported by OSS realtime scanner.
func validateSupportedManifestFile(filePath string) error {
manifestFileName := filepath.Base(filePath)
manifestFileExtension := filepath.Ext(manifestFileName)

// Check supported extensions
supportedExtensions := map[string]bool{
".csproj": true,
".sbt": true,
}

// Check supported filenames
supportedFilenames := map[string]bool{
"pom.xml": true,
"package.json": true,
"Directory.Packages.props": true,
"packages.config": true,
"go.mod": true,
"build.gradle": true,
"build.gradle.kts": true,
"libs.versions.toml": true,
"setup.cfg": true,
"setup.py": true,
"pyproject.toml": true,
}

// Check by extension
if supportedExtensions[manifestFileExtension] {
return nil
}

// Check by filename
if supportedFilenames[manifestFileName] {
return nil
}

// Special handling for .txt files (check prefix)
if manifestFileExtension == ".txt" {
if strings.HasPrefix(manifestFileName, "requirement") ||
strings.HasPrefix(manifestFileName, "packages") ||
strings.HasPrefix(manifestFileName, "constraint") {
return nil
}
}

// Manifest format is not supported
return errorconstants.NewRealtimeEngineError(fmt.Sprintf("OSS Realtime scanner doesn't currently support scanning '%s' file.", manifestFileName)).Error()
}

// parseManifest parses the manifest file and returns a list of packages.
func parseManifest(filePath string) ([]models.Package, error) {
manifestParser := parser.ParsersFactory(filePath)
Expand Down
Loading