From e395689a8a9e03dd2fd3ad9847466df8b691cc06 Mon Sep 17 00:00:00 2001
From: Ankush K <akhobragade42@gmail.com>
Date: Fri, 19 Aug 2022 17:37:54 +0530
Subject: [PATCH 1/3] feat(secret): Secret analyzer initialization using config
 object

---
 pkg/fanal/analyzer/secret/secret.go | 16 ++++++++++++----
 pkg/fanal/secret/scanner.go         | 11 +++++++----
 2 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/pkg/fanal/analyzer/secret/secret.go b/pkg/fanal/analyzer/secret/secret.go
index f8b3a0888fa..dc149565991 100644
--- a/pkg/fanal/analyzer/secret/secret.go
+++ b/pkg/fanal/analyzer/secret/secret.go
@@ -39,6 +39,7 @@ var (
 
 type ScannerOption struct {
 	ConfigPath string
+	Config     *secret.Config
 }
 
 // SecretAnalyzer is an analyzer for secrets
@@ -48,7 +49,7 @@ type SecretAnalyzer struct {
 }
 
 func RegisterSecretAnalyzer(opt ScannerOption) error {
-	a, err := newSecretAnalyzer(opt.ConfigPath)
+	a, err := newSecretAnalyzer(opt)
 	if err != nil {
 		return xerrors.Errorf("secret scanner init error: %w", err)
 	}
@@ -56,14 +57,21 @@ func RegisterSecretAnalyzer(opt ScannerOption) error {
 	return nil
 }
 
-func newSecretAnalyzer(configPath string) (SecretAnalyzer, error) {
-	s, err := secret.NewScanner(configPath)
+func newSecretAnalyzer(opt ScannerOption) (SecretAnalyzer, error) {
+	if opt.Config != nil {
+		s, err := secret.NewScannerByConfig(*opt.Config)
+		if err != nil {
+			return SecretAnalyzer{}, xerrors.Errorf("secret scanner error: %w", err)
+		}
+		return SecretAnalyzer{scanner: s}, nil
+	}
+	s, err := secret.NewScanner(opt.ConfigPath)
 	if err != nil {
 		return SecretAnalyzer{}, xerrors.Errorf("secret scanner error: %w", err)
 	}
 	return SecretAnalyzer{
 		scanner:    s,
-		configPath: configPath,
+		configPath: opt.ConfigPath,
 	}, nil
 }
 
diff --git a/pkg/fanal/secret/scanner.go b/pkg/fanal/secret/scanner.go
index fb101c79ae3..9f0f24de639 100644
--- a/pkg/fanal/secret/scanner.go
+++ b/pkg/fanal/secret/scanner.go
@@ -287,14 +287,17 @@ func NewScanner(configPath string) (Scanner, error) {
 
 	log.Logger.Infof("Loading %s for secret scanning...", configPath)
 
-	// reset global
-	global = Global{}
-
 	var config Config
 	if err = yaml.NewDecoder(f).Decode(&config); err != nil {
 		return Scanner{}, xerrors.Errorf("secrets config decode error: %w", err)
 	}
 
+	return NewScannerByConfig(config)
+}
+
+func NewScannerByConfig(config Config) (Scanner, error) {
+	global := &Global{}
+
 	enabledRules := builtinRules
 	if len(config.EnableBuiltinRuleIDs) != 0 {
 		// Enable only specified built-in rules
@@ -319,7 +322,7 @@ func NewScanner(configPath string) (Scanner, error) {
 
 	global.ExcludeBlock = config.ExcludeBlock
 
-	return Scanner{Global: &global}, nil
+	return Scanner{Global: global}, nil
 }
 
 type ScanArgs struct {

From e466e1fea83e0eeacb42755ae391a9561d705375 Mon Sep 17 00:00:00 2001
From: Ankush K <akhobragade42@gmail.com>
Date: Mon, 22 Aug 2022 09:32:18 +0530
Subject: [PATCH 2/3] added happy path unit test for config parameter

---
 pkg/fanal/analyzer/secret/secret_test.go | 34 +++++++++++++++++++++---
 1 file changed, 31 insertions(+), 3 deletions(-)

diff --git a/pkg/fanal/analyzer/secret/secret_test.go b/pkg/fanal/analyzer/secret/secret_test.go
index 5c2f238d722..bde9da1fe78 100644
--- a/pkg/fanal/analyzer/secret/secret_test.go
+++ b/pkg/fanal/analyzer/secret/secret_test.go
@@ -9,6 +9,7 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/aquasecurity/trivy/pkg/fanal/analyzer"
+	"github.com/aquasecurity/trivy/pkg/fanal/secret"
 	"github.com/aquasecurity/trivy/pkg/fanal/types"
 )
 
@@ -97,12 +98,13 @@ func TestSecretAnalyzer(t *testing.T) {
 	tests := []struct {
 		name       string
 		configPath string
+		config     *secret.Config
 		filePath   string
 		dir        string
 		want       *analyzer.AnalysisResult
 	}{
 		{
-			name:       "return results",
+			name:       "return results with config file",
 			configPath: "testdata/config.yaml",
 			filePath:   "testdata/secret.txt",
 			dir:        ".",
@@ -115,6 +117,32 @@ func TestSecretAnalyzer(t *testing.T) {
 				},
 			},
 		},
+		{
+			name:       "return results with config",
+			configPath: "",
+			config: &secret.Config{
+				CustomRules: []secret.Rule{
+					{
+						ID:              "rule1",
+						Category:        "general",
+						Title:           "Generic Rule",
+						Severity:        "HIGH",
+						Regex:           secret.MustCompile("(?i)(?P<key>(secret))(=|:).{0,5}['\"](?P<secret>[0-9a-zA-Z\\-_=]{8,64})['\"]"),
+						SecretGroupName: "secret",
+					},
+				},
+			},
+			filePath: "testdata/secret.txt",
+			dir:      ".",
+			want: &analyzer.AnalysisResult{
+				Secrets: []types.Secret{
+					{
+						FilePath: "testdata/secret.txt",
+						Findings: []types.SecretFinding{wantFinding1, wantFinding2},
+					},
+				},
+			},
+		},
 		{
 			name:       "image scan return result",
 			configPath: "testdata/image-config.yaml",
@@ -150,7 +178,7 @@ func TestSecretAnalyzer(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			a, err := newSecretAnalyzer(tt.configPath)
+			a, err := newSecretAnalyzer(ScannerOption{tt.configPath, tt.config})
 			require.NoError(t, err)
 			content, err := os.Open(tt.filePath)
 			require.NoError(t, err)
@@ -205,7 +233,7 @@ func TestSecretRequire(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			a, err := newSecretAnalyzer("")
+			a, err := newSecretAnalyzer(ScannerOption{"", nil})
 			require.NoError(t, err)
 
 			fi, err := os.Stat(tt.filePath)

From 93e2da158c4fe77d0d537d7c7f8e7efc605c6b36 Mon Sep 17 00:00:00 2001
From: Ankush K <akhobragade42@gmail.com>
Date: Tue, 6 Sep 2022 19:28:20 +0530
Subject: [PATCH 3/3] exported Scanner in SecretAnalyzer removed the config
 initialization with unit tests

---
 pkg/fanal/analyzer/secret/secret.go      | 23 +++++++-----------
 pkg/fanal/analyzer/secret/secret_test.go | 30 ++----------------------
 2 files changed, 10 insertions(+), 43 deletions(-)

diff --git a/pkg/fanal/analyzer/secret/secret.go b/pkg/fanal/analyzer/secret/secret.go
index dc149565991..362ddd6af00 100644
--- a/pkg/fanal/analyzer/secret/secret.go
+++ b/pkg/fanal/analyzer/secret/secret.go
@@ -44,12 +44,12 @@ type ScannerOption struct {
 
 // SecretAnalyzer is an analyzer for secrets
 type SecretAnalyzer struct {
-	scanner    secret.Scanner
+	Scanner    secret.Scanner
 	configPath string
 }
 
 func RegisterSecretAnalyzer(opt ScannerOption) error {
-	a, err := newSecretAnalyzer(opt)
+	a, err := newSecretAnalyzer(opt.ConfigPath)
 	if err != nil {
 		return xerrors.Errorf("secret scanner init error: %w", err)
 	}
@@ -57,21 +57,14 @@ func RegisterSecretAnalyzer(opt ScannerOption) error {
 	return nil
 }
 
-func newSecretAnalyzer(opt ScannerOption) (SecretAnalyzer, error) {
-	if opt.Config != nil {
-		s, err := secret.NewScannerByConfig(*opt.Config)
-		if err != nil {
-			return SecretAnalyzer{}, xerrors.Errorf("secret scanner error: %w", err)
-		}
-		return SecretAnalyzer{scanner: s}, nil
-	}
-	s, err := secret.NewScanner(opt.ConfigPath)
+func newSecretAnalyzer(configPath string) (SecretAnalyzer, error) {
+	s, err := secret.NewScanner(configPath)
 	if err != nil {
 		return SecretAnalyzer{}, xerrors.Errorf("secret scanner error: %w", err)
 	}
 	return SecretAnalyzer{
-		scanner:    s,
-		configPath: opt.ConfigPath,
+		Scanner:    s,
+		configPath: configPath,
 	}, nil
 }
 
@@ -95,7 +88,7 @@ func (a SecretAnalyzer) Analyze(_ context.Context, input analyzer.AnalysisInput)
 		filePath = fmt.Sprintf("/%s", filePath)
 	}
 
-	result := a.scanner.Scan(secret.ScanArgs{
+	result := a.Scanner.Scan(secret.ScanArgs{
 		FilePath: filePath,
 		Content:  content,
 	})
@@ -162,7 +155,7 @@ func (a SecretAnalyzer) Required(filePath string, fi os.FileInfo) bool {
 		return false
 	}
 
-	if a.scanner.AllowPath(filePath) {
+	if a.Scanner.AllowPath(filePath) {
 		return false
 	}
 
diff --git a/pkg/fanal/analyzer/secret/secret_test.go b/pkg/fanal/analyzer/secret/secret_test.go
index bde9da1fe78..b36f360251a 100644
--- a/pkg/fanal/analyzer/secret/secret_test.go
+++ b/pkg/fanal/analyzer/secret/secret_test.go
@@ -117,32 +117,6 @@ func TestSecretAnalyzer(t *testing.T) {
 				},
 			},
 		},
-		{
-			name:       "return results with config",
-			configPath: "",
-			config: &secret.Config{
-				CustomRules: []secret.Rule{
-					{
-						ID:              "rule1",
-						Category:        "general",
-						Title:           "Generic Rule",
-						Severity:        "HIGH",
-						Regex:           secret.MustCompile("(?i)(?P<key>(secret))(=|:).{0,5}['\"](?P<secret>[0-9a-zA-Z\\-_=]{8,64})['\"]"),
-						SecretGroupName: "secret",
-					},
-				},
-			},
-			filePath: "testdata/secret.txt",
-			dir:      ".",
-			want: &analyzer.AnalysisResult{
-				Secrets: []types.Secret{
-					{
-						FilePath: "testdata/secret.txt",
-						Findings: []types.SecretFinding{wantFinding1, wantFinding2},
-					},
-				},
-			},
-		},
 		{
 			name:       "image scan return result",
 			configPath: "testdata/image-config.yaml",
@@ -178,7 +152,7 @@ func TestSecretAnalyzer(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			a, err := newSecretAnalyzer(ScannerOption{tt.configPath, tt.config})
+			a, err := newSecretAnalyzer(tt.configPath)
 			require.NoError(t, err)
 			content, err := os.Open(tt.filePath)
 			require.NoError(t, err)
@@ -233,7 +207,7 @@ func TestSecretRequire(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			a, err := newSecretAnalyzer(ScannerOption{"", nil})
+			a, err := newSecretAnalyzer("")
 			require.NoError(t, err)
 
 			fi, err := os.Stat(tt.filePath)