perf: improve memory consumption in 2ms file walk by cx-rui-oliveira · Pull Request #287 · Checkmarx/2ms

cx-rui-oliveira · 2025-05-07T10:01:14Z

Proposed Changes

Separate secret detection logic for filesystem plugin
- Chunking when the processed file is larger than 10 MB (with peeking so as not to lose the context of the secrets);
- Weighted semaphore to control the use of memory (with a dynamic budget, i.e., dependent on the host's RAM).

Checklist

I covered my changes with tests.
I Updated the documentation that is affected by my changes:
- Change in the CLI arguments
- Change in the configuration file

github-actions · 2025-05-08T14:40:59Z

KICS version: v1.7.13

	Category	Results
	HIGH	0
	MEDIUM	0
	LOW	0
	INFO	0
	TRACE	0
	TOTAL	0

Metric	Values
Files scanned	11
Files parsed	11
Files failed to scan	0
Total executed queries	53
Queries failed to execute	0
Execution time	1

github-actions · 2025-05-08T14:49:12Z

Checkmarx One – Scan Summary & Details – 1ebce5bf-6ac3-48aa-be12-0196b419ef01

Great job, no security vulnerabilities found in this Pull Request

cx-rogerio-dalot

I think we should have a package under engine, something like engine/semaphore. We can have all the logic there that handles everything related to the weights and memory (including the one in cmd/memory).

In cmd we can then handle the DI of the semaphore by injecting it on the engine instance. It is in the end, the semaphore that knows which memory budget to allocate and how to handle the weights, and the engine, that should operate and depend on the semaphore.

WDYT?

cmd/memory.go

engine/engine.go

engine/utils/utils.go

cmd/memory.go

cx-rui-oliveira · 2025-05-13T11:40:44Z

I think we should have a package under engine, something like engine/semaphore. We can have all the logic there that handles everything related to the weights and memory (including the one in cmd/memory).

In cmd we can then handle the DI of the semaphore by injecting it on the engine instance. It is in the end, the semaphore that knows which memory budget to allocate and how to handle the weights, and the engine, that should operate and depend on the semaphore.

WDYT?

It makes perfect sense, it is a cleaner and more modular approach.

engine/engine.go

engine/utils/utils.go

engine/chunk/chunk.go

engine/engine.go

engine/semaphore/semaphore_test.go

engine/engine.go

cx-rogerio-dalot · 2025-05-22T09:46:45Z

Awesome work 🎉

…memory-consumption-in-2-ms-file-walk

**Proposed Changes** - Separate secret detection logic for filesystem plugin - Chunking when the processed file is larger than 10 MB (with peeking so as not to lose the context of the secrets); - Weighted semaphore to control the use of memory (with a dynamic budget, i.e., dependent on the host's RAM). **Checklist** - [x] I covered my changes with tests. - [ ] I Updated the documentation that is affected by my changes: - [ ] Change in the CLI arguments - [ ] Change in the configuration file --------- Co-authored-by: cx-leonardo-fontes <204389152+cx-leonardo-fontes@users.noreply.github.com>

cx-rui-oliveira added 3 commits April 23, 2025 12:15

feat: add chunking

dd37da0

feat: add concurrency limit

32460c6

refactor: use chunking with threshold and weighted semaphore

3891f22

cx-rui-oliveira changed the title ~~Ast 79069 improve memory consumption in 2 ms file walk~~ perf: improve memory consumption in 2ms file walk May 7, 2025

cx-rui-oliveira added 2 commits May 8, 2025 12:41

refactor: remove unnecessary flag

1b9fb40

chore: merge and resolve conflicts

66b5f18

cx-rui-oliveira added 5 commits May 8, 2025 16:03

chore: run go mod tidy

5eaec37

refactor: clean up code

c1d499d

test: add UTs for chunking and peeking logic

0be4b5f

test: update getItems UT for filesystem

ced6eef

chore: merge and resolve conflicts

93f6752

cx-rui-oliveira marked this pull request as ready for review May 12, 2025 14:29

cx-rui-oliveira requested a review from a team as a code owner May 12, 2025 14:29

cx-rui-oliveira added 2 commits May 12, 2025 18:25

chore: fix lint issues

6dcde46

chore: ignore test secrets

7249d81