Skip to content

Commit

Permalink
perf(misconf): do not convert contents of a YAML file to string (aqua…
Browse files Browse the repository at this point in the history
…security#7292)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
  • Loading branch information
nikpivkin authored and fhielpos committed Dec 20, 2024
1 parent 4e90f95 commit 79370b5
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 11 deletions.
10 changes: 5 additions & 5 deletions pkg/iac/detection/detect.go
Original file line number Diff line number Diff line change
Expand Up @@ -221,15 +221,15 @@ func init() {
}
data := buf.Bytes()

marker := "\n---\n"
altMarker := "\r\n---\r\n"
if bytes.Contains(data, []byte(altMarker)) {
marker := []byte("\n---\n")
altMarker := []byte("\r\n---\r\n")
if bytes.Contains(data, altMarker) {
marker = altMarker
}

for _, partial := range strings.Split(string(data), marker) {
for _, partial := range bytes.Split(data, marker) {
var result map[string]any
if err := yaml.Unmarshal([]byte(partial), &result); err != nil {
if err := yaml.Unmarshal(partial, &result); err != nil {
continue
}
match := true
Expand Down
11 changes: 5 additions & 6 deletions pkg/iac/scanners/yaml/parser/parser.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ import (
"io"
"io/fs"
"path/filepath"
"strings"

"gopkg.in/yaml.v3"

Expand Down Expand Up @@ -77,15 +76,15 @@ func (p *Parser) ParseFile(_ context.Context, fsys fs.FS, path string) ([]any, e

var results []any

marker := "\n---\n"
altMarker := "\r\n---\r\n"
if bytes.Contains(contents, []byte(altMarker)) {
marker := []byte("\n---\n")
altMarker := []byte("\r\n---\r\n")
if bytes.Contains(contents, altMarker) {
marker = altMarker
}

for _, partial := range strings.Split(string(contents), marker) {
for _, partial := range bytes.Split(contents, marker) {
var target any
if err := yaml.Unmarshal([]byte(partial), &target); err != nil {
if err := yaml.Unmarshal(partial, &target); err != nil {
return nil, err
}
results = append(results, target)
Expand Down

0 comments on commit 79370b5

Please sign in to comment.