chore: consolidate common buffer and size values into a single package (#1245)

* chore: consolidate common buffer values into a single package

Signed-off-by: egibs <[email protected]>

* move the pool values as well

Signed-off-by: egibs <[email protected]>

* use int64 for all of the consts

Signed-off-by: egibs <[email protected]>

* fix comment

Signed-off-by: egibs <[email protected]>

* use more appropriate file variable names

Signed-off-by: egibs <[email protected]>

* update remaining file variable names to avoid shadowing in the future

Signed-off-by: egibs <[email protected]>

---------

Signed-off-by: egibs <[email protected]>

Author: egibs

pkg/action/scan.go

@@ -22,6 +22,7 @@ import (
 	"github.com/chainguard-dev/clog"
 	"github.com/chainguard-dev/malcontent/pkg/archive"
 	"github.com/chainguard-dev/malcontent/pkg/compile"
+	"github.com/chainguard-dev/malcontent/pkg/file"
 	"github.com/chainguard-dev/malcontent/pkg/malcontent"
 	"github.com/chainguard-dev/malcontent/pkg/pool"
 	"github.com/chainguard-dev/malcontent/pkg/programkind"
@@ -41,10 +42,8 @@ var (
 	compiledRuleCache   atomic.Pointer[yarax.Rules] // compiledRuleCache are a cache of previously compiled rules.
 	compileOnce         sync.Once                   // compileOnce ensures that we compile rules only once even across threads.
 	ErrMatchedCondition = errors.New("matched exit criteria")
-	initReadPool        sync.Once             // initReadPool ensures that the bytes read pool is only initialized once.
-	initScannerPool     sync.Once             // initScannerPool ensures that the scanner pool is only initialized once.
-	maxBytes            int64     = 1 << 32   // 4GB
-	readBuffer          int64     = 64 * 1024 // 64KB
+	initReadPool        sync.Once // initReadPool ensures that the bytes read pool is only initialized once.
+	initScannerPool     sync.Once // initScannerPool ensures that the scanner pool is only initialized once.
 	readPool            *pool.BufferPool
 	scannerPool         *pool.ScannerPool
 )
@@ -82,7 +81,7 @@ func scanSinglePath(ctx context.Context, c malcontent.Config, path string, ruleF
 	initReadPool.Do(func() {
 		readPool = pool.NewBufferPool(runtime.GOMAXPROCS(0))
 	})
-	buf := readPool.Get(readBuffer) //nolint:nilaway // the buffer pool is created above
+	buf := readPool.Get(file.ReadBuffer) //nolint:nilaway // the buffer pool is created above
 
 	mime := "<unknown>"
 	kind, err := programkind.File(ctx, path)
@@ -141,7 +140,7 @@ func scanSinglePath(ctx context.Context, c malcontent.Config, path string, ruleF
 
 	// Only retrieve the file's contents and calculate its checksum if we need to generate a report
 	var fc bytes.Buffer
-	_, err = io.CopyBuffer(&fc, io.LimitReader(f, maxBytes), buf)
+	_, err = io.CopyBuffer(&fc, io.LimitReader(f, file.MaxBytes), buf)
 	if err != nil {
 		return nil, err
 	}

pkg/action/scan_test.go

@@ -77,11 +77,11 @@ func TestCleanPath(t *testing.T) {
 			}
 
 			filePath := filepath.Join(nestedDir, "test.txt")
-			file, err := os.Create(filePath)
+			f, err := os.Create(filePath)
 			if err != nil {
 				t.Fatalf("failed to create file: %v", err)
 			}
-			file.Close()
+			defer f.Close()
 
 			fullPath := filepath.Join(tempDir, tt.path)
 			fullPrefix := filepath.Join(tempDir, tt.prefix)

pkg/archive/archive.go

@@ -13,17 +13,12 @@ import (
 	"time"
 
 	"github.com/chainguard-dev/clog"
+	"github.com/chainguard-dev/malcontent/pkg/file"
 	"github.com/chainguard-dev/malcontent/pkg/malcontent"
 	"github.com/chainguard-dev/malcontent/pkg/pool"
 	"github.com/chainguard-dev/malcontent/pkg/programkind"
 )
 
-const (
-	extractBuffer = 64 * 1024 // 64KB
-	maxBytes      = 1 << 31   // 2048MB
-	zipBuffer     = 2 * 1024  // 2KB
-)
-
 var (
 	archivePool, tarPool, zipPool *pool.BufferPool
 	initializeOnce                sync.Once
@@ -132,16 +127,16 @@ func extractNestedArchive(ctx context.Context, c malcontent.Config, d string, f
 		return fmt.Errorf("failed to remove archive file: %w", err)
 	}
 
-	files, err := os.ReadDir(d)
+	entries, err := os.ReadDir(d)
 	if err != nil {
 		return fmt.Errorf("failed to read directory after extraction: %w", err)
 	}
 
-	for _, file := range files {
+	for _, entry := range entries {
 		if ctx.Err() != nil {
 			return ctx.Err()
 		}
-		rel := file.Name()
+		rel := entry.Name()
 		if _, alreadyProcessed := extracted.Load(rel); !alreadyProcessed {
 			if err := extractNestedArchive(ctx, c, d, rel, extracted, logger); err != nil {
 				return fmt.Errorf("process nested file %s: %w", rel, err)
@@ -263,7 +258,7 @@ func handleDirectory(target string) error {
 
 // handleFile extracts valid files within .deb or .tar archives.
 func handleFile(target string, tr *tar.Reader) error {
-	buf := tarPool.Get(extractBuffer) //nolint:nilaway // the buffer pool is created above
+	buf := tarPool.Get(file.ExtractBuffer) //nolint:nilaway // the buffer pool is created above
 	defer tarPool.Put(buf)
 
 	if err := os.MkdirAll(filepath.Dir(target), 0o700); err != nil {
@@ -276,15 +271,15 @@ func handleFile(target string, tr *tar.Reader) error {
 	}
 	defer out.Close()
 
-	written, err := io.CopyBuffer(out, io.LimitReader(tr, maxBytes), buf)
+	written, err := io.CopyBuffer(out, io.LimitReader(tr, file.MaxBytes), buf)
 	if err != nil {
 		if (strings.Contains(err.Error(), "unexpected EOF") && written == 0) ||
 			!strings.Contains(err.Error(), "unexpected EOF") {
 			return fmt.Errorf("failed to copy file: %w", err)
 		}
 	}
-	if written >= maxBytes {
-		return fmt.Errorf("file exceeds maximum allowed size (%d bytes): %s", maxBytes, target)
+	if written >= file.MaxBytes {
+		return fmt.Errorf("file exceeds maximum allowed size (%d bytes): %s", file.MaxBytes, target)
 	}
 
 	return nil

pkg/archive/bz2.go

@@ -10,6 +10,7 @@ import (
 	"strings"
 
 	"github.com/chainguard-dev/clog"
+	"github.com/chainguard-dev/malcontent/pkg/file"
 	bzip2 "github.com/cosnicolaou/pbzip2"
 )
 
@@ -31,7 +32,7 @@ func ExtractBz2(ctx context.Context, d, f string) error {
 		return nil
 	}
 
-	buf := archivePool.Get(extractBuffer) //nolint:nilaway // the buffer pool is created in archive.go
+	buf := archivePool.Get(file.ExtractBuffer) //nolint:nilaway // the buffer pool is created in archive.go
 
 	tf, err := os.Open(f)
 	if err != nil {
@@ -69,15 +70,15 @@ func ExtractBz2(ctx context.Context, d, f string) error {
 
 	var written int64
 	for {
-		if written > 0 && written%extractBuffer == 0 && ctx.Err() != nil {
+		if written > 0 && written%file.ExtractBuffer == 0 && ctx.Err() != nil {
 			return ctx.Err()
 		}
 
 		n, err := br.Read(buf)
 		if n > 0 {
 			written += int64(n)
-			if written > maxBytes {
-				return fmt.Errorf("file exceeds maximum allowed size (%d bytes): %s", maxBytes, target)
+			if written > file.MaxBytes {
+				return fmt.Errorf("file exceeds maximum allowed size (%d bytes): %s", file.MaxBytes, target)
 			}
 			if _, writeErr := out.Write(buf[:n]); writeErr != nil {
 				return fmt.Errorf("failed to write file contents: %w", writeErr)

pkg/archive/gzip.go

@@ -9,6 +9,7 @@ import (
 	"path/filepath"
 
 	"github.com/chainguard-dev/clog"
+	"github.com/chainguard-dev/malcontent/pkg/file"
 	"github.com/chainguard-dev/malcontent/pkg/programkind"
 	gzip "github.com/klauspost/pgzip"
 )
@@ -53,7 +54,7 @@ func ExtractGzip(ctx context.Context, d string, f string) error {
 		return nil
 	}
 
-	buf := archivePool.Get(extractBuffer) //nolint:nilaway // the buffer pool is created in archive.go
+	buf := archivePool.Get(file.ExtractBuffer) //nolint:nilaway // the buffer pool is created in archive.go
 
 	gf, err := os.Open(f)
 	if err != nil {
@@ -85,15 +86,15 @@ func ExtractGzip(ctx context.Context, d string, f string) error {
 
 	var written int64
 	for {
-		if written > 0 && written%extractBuffer == 0 && ctx.Err() != nil {
+		if written > 0 && written%file.ExtractBuffer == 0 && ctx.Err() != nil {
 			return ctx.Err()
 		}
 
 		n, err := gr.Read(buf)
 		if n > 0 {
 			written += int64(n)
-			if written > maxBytes {
-				return fmt.Errorf("file exceeds maximum allowed size (%d bytes): %s", maxBytes, target)
+			if written > file.MaxBytes {
+				return fmt.Errorf("file exceeds maximum allowed size (%d bytes): %s", file.MaxBytes, target)
 			}
 
 			if _, writeErr := out.Write(buf[:n]); writeErr != nil {

pkg/archive/rpm.go

@@ -13,6 +13,7 @@ import (
 	"github.com/cavaliergopher/cpio"
 	"github.com/cavaliergopher/rpm"
 	"github.com/chainguard-dev/clog"
+	"github.com/chainguard-dev/malcontent/pkg/file"
 	"github.com/klauspost/compress/zstd"
 	"github.com/ulikunitz/xz"
 )
@@ -40,7 +41,7 @@ func ExtractRPM(ctx context.Context, d, f string) error {
 		return nil
 	}
 
-	buf := archivePool.Get(extractBuffer) //nolint:nilaway // the buffer pool is created in archive.go
+	buf := archivePool.Get(file.ExtractBuffer) //nolint:nilaway // the buffer pool is created in archive.go
 	defer archivePool.Put(buf)
 
 	pkg, err := rpm.Read(rpmFile)
@@ -123,15 +124,15 @@ func ExtractRPM(ctx context.Context, d, f string) error {
 
 		var written int64
 		for {
-			if written > 0 && written%extractBuffer == 0 && ctx.Err() != nil {
+			if written > 0 && written%file.ExtractBuffer == 0 && ctx.Err() != nil {
 				return ctx.Err()
 			}
 
 			n, err := cr.Read(buf)
 			if n > 0 {
 				written += int64(n)
-				if written > maxBytes {
-					return fmt.Errorf("file exceeds maximum allowed size (%d bytes): %s", maxBytes, target)
+				if written > file.MaxBytes {
+					return fmt.Errorf("file exceeds maximum allowed size (%d bytes): %s", file.MaxBytes, target)
 				}
 				if _, writeErr := out.Write(buf[:n]); writeErr != nil {
 					return fmt.Errorf("failed to write file contents: %w", writeErr)

pkg/archive/tar.go

@@ -13,6 +13,7 @@ import (
 	"sync"
 
 	"github.com/chainguard-dev/clog"
+	"github.com/chainguard-dev/malcontent/pkg/file"
 	"github.com/chainguard-dev/malcontent/pkg/pool"
 	"github.com/chainguard-dev/malcontent/pkg/programkind"
 	bzip2 "github.com/cosnicolaou/pbzip2"
@@ -48,7 +49,7 @@ func ExtractTar(ctx context.Context, d string, f string) error {
 		return nil
 	}
 
-	buf := tarPool.Get(extractBuffer) //nolint:nilaway // the buffer pool is created in archive.go
+	buf := tarPool.Get(file.ExtractBuffer) //nolint:nilaway // the buffer pool is created in archive.go
 
 	filename := filepath.Base(f)
 	tf, err := os.Open(f)
@@ -109,15 +110,15 @@ func ExtractTar(ctx context.Context, d string, f string) error {
 
 		var written int64
 		for {
-			if written > 0 && written%extractBuffer == 0 && ctx.Err() != nil {
+			if written > 0 && written%file.ExtractBuffer == 0 && ctx.Err() != nil {
 				return ctx.Err()
 			}
 
 			n, err := xzStream.Read(buf)
 			if n > 0 {
 				written += int64(n)
-				if written > maxBytes {
-					return fmt.Errorf("file exceeds maximum allowed size (%d bytes): %s", maxBytes, target)
+				if written > file.MaxBytes {
+					return fmt.Errorf("file exceeds maximum allowed size (%d bytes): %s", file.MaxBytes, target)
 				}
 				if _, writeErr := out.Write(buf[:n]); writeErr != nil {
 					return fmt.Errorf("failed to write file contents: %w", writeErr)
@@ -146,15 +147,15 @@ func ExtractTar(ctx context.Context, d string, f string) error {
 		}
 		var written int64
 		for {
-			if written > 0 && written%extractBuffer == 0 && ctx.Err() != nil {
+			if written > 0 && written%file.ExtractBuffer == 0 && ctx.Err() != nil {
 				return ctx.Err()
 			}
 
 			n, err := br.Read(buf)
 			if n > 0 {
 				written += int64(n)
-				if written > maxBytes {
-					return fmt.Errorf("file exceeds maximum allowed size (%d bytes): %s", maxBytes, target)
+				if written > file.MaxBytes {
+					return fmt.Errorf("file exceeds maximum allowed size (%d bytes): %s", file.MaxBytes, target)
 				}
 
 				if _, writeErr := out.Write(buf[:n]); writeErr != nil {

pkg/archive/zip.go

@@ -13,6 +13,7 @@ import (
 	"time"
 
 	"github.com/chainguard-dev/clog"
+	"github.com/chainguard-dev/malcontent/pkg/file"
 	"github.com/chainguard-dev/malcontent/pkg/pool"
 	"github.com/chainguard-dev/malcontent/pkg/programkind"
 	zip "github.com/klauspost/compress/zip"
@@ -72,11 +73,11 @@ func ExtractZip(ctx context.Context, d string, f string) error {
 		return fmt.Errorf("failed to create extraction directory: %w", err)
 	}
 
-	for _, file := range read.File {
-		if file.Mode().IsDir() {
-			clean := filepath.Clean(filepath.ToSlash(file.Name))
+	for _, zf := range read.File {
+		if zf.Mode().IsDir() {
+			clean := filepath.Clean(filepath.ToSlash(zf.Name))
 			if strings.Contains(clean, "..") {
-				logger.Warnf("skipping potentially unsafe directory path: %s", file.Name)
+				logger.Warnf("skipping potentially unsafe directory path: %s", zf.Name)
 				continue
 			}
 
@@ -95,12 +96,12 @@ func ExtractZip(ctx context.Context, d string, f string) error {
 	g, gCtx := errgroup.WithContext(ctx)
 	g.SetLimit(runtime.GOMAXPROCS(0))
 
-	for _, file := range read.File {
-		if file.Mode().IsDir() {
+	for _, zf := range read.File {
+		if zf.Mode().IsDir() {
 			continue
 		}
 		g.Go(func() error {
-			return extractFile(gCtx, file, d, logger)
+			return extractFile(gCtx, zf, d, logger)
 		})
 	}
 
@@ -110,24 +111,24 @@ func ExtractZip(ctx context.Context, d string, f string) error {
 	return nil
 }
 
-func extractFile(ctx context.Context, file *zip.File, destDir string, logger *clog.Logger) error {
+func extractFile(ctx context.Context, zf *zip.File, destDir string, logger *clog.Logger) error {
 	if ctx.Err() != nil {
 		return ctx.Err()
 	}
 
 	// macOS will encounter issues with paths like META-INF/LICENSE and META-INF/license/foo
 	// this case insensitivity will break scans, so rename files that collide with existing directories
 	if runtime.GOOS == "darwin" {
-		if _, err := os.Stat(filepath.Join(destDir, file.Name)); err == nil {
-			file.Name = fmt.Sprintf("%s%d", file.Name, time.Now().UnixNano())
+		if _, err := os.Stat(filepath.Join(destDir, zf.Name)); err == nil {
+			zf.Name = fmt.Sprintf("%s%d", zf.Name, time.Now().UnixNano())
 		}
 	}
 
-	buf := zipPool.Get(zipBuffer) //nolint:nilaway // the buffer pool is created in archive.go
+	buf := zipPool.Get(file.ZipBuffer) //nolint:nilaway // the buffer pool is created in archive.go
 
-	clean := filepath.Clean(filepath.ToSlash(file.Name))
+	clean := filepath.Clean(filepath.ToSlash(zf.Name))
 	if strings.Contains(clean, "..") {
-		logger.Warnf("skipping potentially unsafe file path: %s", file.Name)
+		logger.Warnf("skipping potentially unsafe file path: %s", zf.Name)
 		return nil
 	}
 
@@ -141,7 +142,7 @@ func extractFile(ctx context.Context, file *zip.File, destDir string, logger *cl
 		return fmt.Errorf("failed to create directory structure: %w", err)
 	}
 
-	src, err := file.Open()
+	src, err := zf.Open()
 	if err != nil {
 		return fmt.Errorf("failed to open archived file: %w", err)
 	}
@@ -159,15 +160,15 @@ func extractFile(ctx context.Context, file *zip.File, destDir string, logger *cl
 
 	var written int64
 	for {
-		if written > 0 && written%zipBuffer == 0 && ctx.Err() != nil {
+		if written > 0 && written%file.ZipBuffer == 0 && ctx.Err() != nil {
 			return ctx.Err()
 		}
 
 		n, err := src.Read(buf)
 		if n > 0 {
 			written += int64(n)
-			if written > maxBytes {
-				return fmt.Errorf("file exceeds maximum allowed size (%d bytes): %s", maxBytes, target)
+			if written > file.MaxBytes {
+				return fmt.Errorf("file exceeds maximum allowed size (%d bytes): %s", file.MaxBytes, target)
 			}
 
 			if _, writeErr := dst.Write(buf[:n]); writeErr != nil {