Skip to content

Commit 11ad1fb

Browse files
nikpivkinnikpivkin
committed
fix: pass all data file paths to OPA
Signed-off-by: nikpivkin <[email protected]>
1 parent aa47845 commit 11ad1fb

File tree

1 file changed

+29
-13
lines changed

1 file changed

+29
-13
lines changed

pkg/iac/rego/store.go

+29-13
Original file line numberDiff line numberDiff line change
@@ -3,26 +3,42 @@ package rego
33
import (
44
"fmt"
55
"io/fs"
6-
"os"
7-
"path/filepath"
6+
"path"
87
"slices"
98
"strings"
109

10+
"github.com/aquasecurity/trivy/pkg/log"
11+
"github.com/aquasecurity/trivy/pkg/set"
1112
"github.com/open-policy-agent/opa/v1/loader"
1213
"github.com/open-policy-agent/opa/v1/storage"
1314
)
1415

1516
// initialize a store populated with OPA data files found in dataPaths
1617
func initStore(dataFS fs.FS, dataPaths, namespaces []string) (storage.Store, error) {
17-
// FilteredPaths will recursively find all file paths that contain a valid document
18-
// extension from the given list of data paths.
19-
allDocumentPaths, _ := loader.FilteredPathsFS(dataFS, dataPaths,
20-
func(abspath string, info os.FileInfo, depth int) bool {
21-
return !info.IsDir() && !isDataFile(info)
22-
},
23-
)
24-
25-
documents, err := loader.NewFileLoader().WithFS(dataFS).All(allDocumentPaths)
18+
dataFiles := set.New[string]()
19+
20+
// The virtual file system uses a slash ('/') as a path separator,
21+
// but OPA uses the filepath package, which is OS-dependent.
22+
// Therefore, we need to collect all the paths ourselves and pass them to OPA.
23+
for _, root := range dataPaths {
24+
if err := fs.WalkDir(dataFS, root, func(path string, d fs.DirEntry, err error) error {
25+
if err != nil {
26+
return err
27+
}
28+
if d.IsDir() {
29+
return nil
30+
}
31+
32+
if isDataFile(path) {
33+
dataFiles.Append(path)
34+
}
35+
return nil
36+
}); err != nil {
37+
log.Error("Failed to collect data file paths", log.String("root", root), log.Err(err))
38+
}
39+
}
40+
41+
documents, err := loader.NewFileLoader().WithFS(dataFS).All(dataFiles.Items())
2642
if err != nil {
2743
return nil, fmt.Errorf("load documents: %w", err)
2844
}
@@ -37,10 +53,10 @@ func initStore(dataFS fs.FS, dataPaths, namespaces []string) (storage.Store, err
3753
return store, nil
3854
}
3955

40-
func isDataFile(fi fs.FileInfo) bool {
56+
func isDataFile(filePath string) bool {
4157
return slices.Contains([]string{
4258
".yaml",
4359
".yml",
4460
".json",
45-
}, strings.ToLower(filepath.Ext(fi.Name())))
61+
}, strings.ToLower(path.Ext(filePath)))
4662
}

0 commit comments

Comments
 (0)