Chrome extensions support #534
Conversation
add: better id constraints
| flatpak.Name: {flatpak.NewDefault}, | ||
| homebrew.Name: {homebrew.New}, | ||
| macapps.Name: {macapps.NewDefault}, | ||
| chromeextensions.Name: {chromeextensions.New}, |
There was a problem hiding this comment.
Move into a separate Misc list
| // limitations under the License. | ||
|
|
||
| // Package extensions extracts chrome extensions. | ||
| package extensions |
There was a problem hiding this comment.
Move into filesystem/misc/
| path = filepath.ToSlash(path) | ||
|
|
||
| switch runtime.GOOS { | ||
| case "windows": |
There was a problem hiding this comment.
The ScanConfig receives a Capabilities struct that contains which OS SCALIBR is running on.
One thing you could do to have OS-specific behavior is to have 3 separate extractors: One for Linux, Win, and Mac. Each would set Capabilities{OS: plugin.OSLinux}, etc. in their Requirements() function.
When a user enables extractors through the SCALIBR library, they either call list.FromCapabilities or list.FilterByCapabilities to only enable the one for the OS they're running SCALIBR on. Similarly, when running SCALIBR through the CLI, cli.go already calls FilterByCapabilities so the extractors not relevant to the OS will be disabled automatically.
You can avoid code duplication by moving the common parts of Extract, ToPURL, etc. into a helper library that they all call.
| return nil, fmt.Errorf("bad format in manifest %s: %w", input.Path, err) | ||
| } | ||
|
|
||
| // extract the extensions ID from the path |
There was a problem hiding this comment.
No need for this comment, the function name already says the same thing
| // | ||
| // /extensionID/version/manifest.json | ||
| func extractExtensionsIDFromPath(input *filesystem.ScanInput) (string, error) { | ||
| path, err := filepath.Abs(input.Path) |
There was a problem hiding this comment.
file paths should already be absolute when receiving them through the ScanInput so no need for this.
| // extractLocaleInfo extract locale information from the _locales/LOCALE_CODE/messages.json | ||
| // following manifest.json v3 specification | ||
| func extractLocaleInfo(m *manifest, input *filesystem.ScanInput) error { | ||
| messagePath := filepath.Join(filepath.Dir(input.Path), "/_locales/", m.DefaultLocale, "message.json") |
There was a problem hiding this comment.
No need for the leading and ending slashes in "/_locales/" if you use filepath.Join
| return nil | ||
| } | ||
|
|
||
| // cutPrefixSuffix cuts the specified prefix and suffix |
There was a problem hiding this comment.
"...if they exist, returns false otherwise"
| func (e Extractor) Requirements() *plugin.Capabilities { return &plugin.Capabilities{} } | ||
|
|
||
| // FileRequired returns true if the file is chrome manifest extension | ||
| func (e Extractor) FileRequired(api filesystem.FileAPI) bool { |
There was a problem hiding this comment.
This function is called on every single file of the filesystem and hence can be a bottleneck for performances. I would recommend performing a pre-check to return early before using regexp.
For example, just returning early if the filename is not manifest.json before doing the regexp matching. This should significantly improve performances.
Extraction of chrome extensions support for
scalibrResources:
Notes:
I used
runtime.GOOSto detect the operating system where scalibr is running. This approach works when the scan target is the host machine, but it doesn't function as expected when scanning a remote image.Do
scalibrplugins have a way to detect if the scan target is running a different operating system than the host?