add support to skip non-executable

deepfence · Jul 1, 2024 · 57fa63e · 57fa63e
1 parent cf36d6d
commit 57fa63e
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/config.yaml b/config.yaml
@@ -3,3 +3,4 @@
 exclude_extensions: [ ".log", ".jpg", ".jpeg", ".png", ".gif", ".bmp", ".tiff", ".tif", ".psd", ".xcf", ".zip", ".tar.gz",".gz",".so", ".0", ".1", ".2", ".3",".4",".5",".6",".7",".8",".9", ".ttf", ".lock", ".yar", ".log", ".chk", ".sdb", ".jdb", ".pat", ".jrs", ".dit", ".pol", ".mdb", ".dns", ".admx", ".adml", ".adm", ".edb", ".db", ".evtx"]
 exclude_paths: ["/var/lib/docker", "/var/lib/containerd", "/dev", "/proc", "/usr/lib", "/sys", "/boot", "/run"]
 max_file_size: 1073741824
+skip_non_executable: true
diff --git a/pkg/scan/scanner.go b/pkg/scan/scanner.go
@@ -3,6 +3,7 @@ package scan
 import (
 	"context"
 	"fmt"
+	"os"
 	"sync"
 
 	"github.com/deepfence/YaraHunter/pkg/config"
@@ -64,6 +65,10 @@ func ScanTypeString(st ScanType) string {
 	return ""
 }
 
+func IsExecAll(mode os.FileMode) bool {
+	return mode&0111 == 0111
+}
+
 func (s *Scanner) Scan(ctx *tasks.ScanContext, stype ScanType, namespace, id string, scanID string, outputFn func(output.IOCFound, string)) error {
 	var (
 		extract extractor.FileExtractor
@@ -109,6 +114,11 @@ func (s *Scanner) Scan(ctx *tasks.ScanContext, stype ScanType, namespace, id str
 			}
 		}
 
+		if s.Filters.SkipNonExecutable && !IsExecAll(f.FilePermissions) {
+			logrus.Debugf("Skipping non-executable file: %v", f.Filename)
+			return
+		}
+
 		err = ScanFile(s, f.Filename, f.Content, f.ContentSize, &m[i], "")
 		if err != nil {
 			logrus.Warnf("file: %v, err: %v", f.Filename, err)