exclude file paths (#118)

ibreakthecloud · web-flow · commit 4bb35035954d · 2024-04-25T19:26:48.000+05:30
diff --git a/config.yaml b/config.yaml
@@ -3,7 +3,7 @@
 blacklisted_strings: [ ] # skip matches containing any of these strings (case sensitive)
 blacklisted_extensions: [ ".exe", ".jpg", ".jpeg", ".png", ".gif", ".bmp", ".tiff", ".tif", ".psd", ".xcf", ".zip", ".tar", ".tar.gz", ".ttf", ".lock", ".pem", ".so", ".jar", ".gz" ]
 blacklisted_paths: [ "{sep}var{sep}lib{sep}docker", "{sep}var{sep}lib{sep}containerd", "{sep}var{sep}lib{sep}containers", "{sep}var{sep}lib{sep}crio", "{sep}var{sep}run{sep}containers", "{sep}bin", "{sep}boot", "{sep}dev", "{sep}lib", "{sep}lib64", "{sep}media", "{sep}proc", "{sep}run", "{sep}sbin", "{sep}usr{sep}lib", "{sep}sys", "{sep}home{sep}kubernetes" ]
-exclude_paths: [ "{sep}var{sep}lib{sep}docker", "{sep}var{name_sep}lib{name_sep}docker","{sep}var{sep}lib{sep}containerd", "{sep}var{name_sep}lib{name_sep}containerd", "lost+found" ] # use {sep} for the OS' path seperator and {name_sep} for -  (i.e. / or \)
+exclude_paths: [ "{sep}var{sep}lib{sep}docker", "{sep}var{name_sep}lib{name_sep}docker","{sep}var{sep}lib{sep}containerd", "{sep}var{name_sep}lib{name_sep}containerd", "lost+found", "{sep}bin", "{sep}boot", "{sep}dev", "{sep}lib", "{sep}lib64", "{sep}media", "{sep}proc", "{sep}run", "{sep}sbin", "{sep}usr{sep}lib", "{sep}sys", "{sep}home{sep}kubernetes" ] # use {sep} for the OS' path seperator and {name_sep} for -  (i.e. / or \)
 
 
 signatures:
diff --git a/scan/process_image.go b/scan/process_image.go
@@ -173,6 +173,7 @@ func ScanSecretsInDir(layer string, baseDir string, fullDir string,
 
 	walkErr := filepath.WalkDir(fullDir, func(path string, f os.DirEntry, err error) error {
 		if err != nil {
+			log.Debugf("Error in filepath.Walk: %s", err)
 			return err
 		}
 
@@ -231,6 +232,8 @@ func ScanSecretsInDir(layer string, baseDir string, fullDir string,
 			}
 		}
 
+		log.Debugf("attempting scanFile on: %+v, relPath: %s", file, relPath)
+
 		secrets, err := scanFile(file.Path, relPath, file.Filename, file.Extension, layer, &numSecrets, matchedRuleSet)
 		if err != nil {
 			log.Infof("relPath: %s, Filename: %s, Extension: %s, layer: %s", relPath, file.Filename, file.Extension, layer)
@@ -244,6 +247,8 @@ func ScanSecretsInDir(layer string, baseDir string, fullDir string,
 		secrets = signature.MatchSimpleSignatures(relPath, file.Filename, file.Extension, layer, &numSecrets)
 		secretsFound = append(secretsFound, secrets...)
 
+		log.Debugf("scan completed for file: %+v, numSecrets: %d", file, numSecrets)
+
 		// Don't report secrets if number of secrets exceeds MAX value
 		if numSecrets >= *session.Options.MaxSecrets {
 			return maxSecretsExceeded
