feature: Only consider specific files for Trivy CF-1742

Author: machadoit

plugins/runtime-utils_test.go

@@ -69,21 +69,21 @@ func TestProcessRuntimes(t *testing.T) {
 	// Assert the download URL is correctly formatted
 	expectedDownloadURL := "https://nodejs.org/dist/v18.17.1/" + expectedFileName + "." + expectedExtension
 	assert.Equal(t, expectedDownloadURL, nodeInfo.DownloadURL)
-	
+
 	// Assert binary paths are correctly set
 	assert.NotNil(t, nodeInfo.Binaries)
 	assert.Greater(t, len(nodeInfo.Binaries), 0)
-	
+
 	// Check if node and npm binaries are present
 	nodeBinary := nodeInfo.InstallDir + "/bin/node"
 	npmBinary := nodeInfo.InstallDir + "/bin/npm"
-	
+
 	// Add .exe extension for Windows
 	if runtime.GOOS == "windows" {
 		nodeBinary += ".exe"
 		npmBinary += ".exe"
 	}
-	
+
 	assert.Equal(t, nodeBinary, nodeInfo.Binaries["node"])
 	assert.Equal(t, npmBinary, nodeInfo.Binaries["npm"])
 }

plugins/tool-utils.go

@@ -55,18 +55,19 @@ type RuntimeBinaries struct {
 
 // ToolPluginConfig holds the structure of the tool plugin.yaml file
 type ToolPluginConfig struct {
-	Name            string             `yaml:"name"`
-	Description     string             `yaml:"description"`
-	DefaultVersion  string             `yaml:"default_version"`
-	Runtime         string             `yaml:"runtime"`
-	RuntimeBinaries RuntimeBinaries    `yaml:"runtime_binaries"`
-	Installation    InstallationConfig `yaml:"installation"`
-	Download        DownloadConfig     `yaml:"download"`
-	Environment     map[string]string  `yaml:"environment"`
-	Binaries        []ToolBinary       `yaml:"binaries"`
-	Formatters      []Formatter        `yaml:"formatters"`
-	OutputOptions   OutputOptions      `yaml:"output_options"`
-	AnalysisOptions AnalysisOptions    `yaml:"analysis_options"`
+	Name                  string             `yaml:"name"`
+	Description           string             `yaml:"description"`
+	DefaultVersion        string             `yaml:"default_version"`
+	SupportsSpecificFiles bool               `yaml:"support_specific_files"`
+	Runtime               string             `yaml:"runtime"`
+	RuntimeBinaries       RuntimeBinaries    `yaml:"runtime_binaries"`
+	Installation          InstallationConfig `yaml:"installation"`
+	Download              DownloadConfig     `yaml:"download"`
+	Environment           map[string]string  `yaml:"environment"`
+	Binaries              []ToolBinary       `yaml:"binaries"`
+	Formatters            []Formatter        `yaml:"formatters"`
+	OutputOptions         OutputOptions      `yaml:"output_options"`
+	AnalysisOptions       AnalysisOptions    `yaml:"analysis_options"`
 }
 
 // ToolConfig represents configuration for a tool
@@ -78,15 +79,16 @@ type ToolConfig struct {
 
 // ToolInfo contains all processed information about a tool
 type ToolInfo struct {
-	Name        string
-	Version     string
-	Runtime     string
-	InstallDir  string
-	Binaries    map[string]string // Map of binary name to full path
-	Formatters  map[string]string // Map of formatter name to flag
-	OutputFlag  string
-	AutofixFlag string
-	DefaultPath string
+	Name                  string
+	Version               string
+	Runtime               string
+	InstallDir            string
+	Binaries              map[string]string // Map of binary name to full path
+	Formatters            map[string]string // Map of formatter name to flag
+	OutputFlag            string
+	AutofixFlag           string
+	DefaultPath           string
+	SupportsSpecificFiles bool // Whether tool supports specific file analysis
 	// Runtime binaries
 	PackageManager  string
 	ExecutionBinary string
@@ -135,15 +137,16 @@ func ProcessTools(configs []ToolConfig, toolDir string, runtimes map[string]*Run
 		}
 		// Create ToolInfo with basic information
 		info := &ToolInfo{
-			Name:        config.Name,
-			Version:     config.Version,
-			Runtime:     toolRuntime,
-			InstallDir:  installDir,
-			Binaries:    make(map[string]string),
-			Formatters:  make(map[string]string),
-			OutputFlag:  pluginConfig.OutputOptions.FileFlag,
-			AutofixFlag: pluginConfig.AnalysisOptions.AutofixFlag,
-			DefaultPath: pluginConfig.AnalysisOptions.DefaultPath,
+			Name:                  config.Name,
+			Version:               config.Version,
+			Runtime:               toolRuntime,
+			InstallDir:            installDir,
+			Binaries:              make(map[string]string),
+			Formatters:            make(map[string]string),
+			OutputFlag:            pluginConfig.OutputOptions.FileFlag,
+			AutofixFlag:           pluginConfig.AnalysisOptions.AutofixFlag,
+			DefaultPath:           pluginConfig.AnalysisOptions.DefaultPath,
+			SupportsSpecificFiles: pluginConfig.SupportsSpecificFiles,
 			// Store runtime binary information
 			PackageManager:  pluginConfig.RuntimeBinaries.PackageManager,
 			ExecutionBinary: pluginConfig.RuntimeBinaries.Execution,

plugins/tool-utils_test.go

@@ -66,6 +66,9 @@ func TestProcessTools(t *testing.T) {
 	// Assert installation command templates are correctly set
 	assert.Equal(t, "install --prefix {{.InstallDir}} {{.PackageName}}@{{.Version}} @microsoft/eslint-formatter-sarif", eslintInfo.InstallCommand)
 	assert.Equal(t, "config set registry {{.Registry}}", eslintInfo.RegistryCommand)
+
+	// Assert that eslint does not support specific files (default false)
+	assert.False(t, eslintInfo.SupportsSpecificFiles, "eslint should not support specific files")
 }
 
 func TestProcessToolsWithDownload(t *testing.T) {
@@ -120,6 +123,9 @@ func TestProcessToolsWithDownload(t *testing.T) {
 	trivyBinary := filepath.Join(expectedInstallDir, "trivy")
 	assert.Equal(t, trivyBinary, trivyInfo.Binaries["trivy"])
 
+	// Assert that trivy supports specific files (from plugin.yaml)
+	assert.True(t, trivyInfo.SupportsSpecificFiles, "trivy should support specific files")
+
 	// Verify URL components
 	assert.Contains(t, trivyInfo.DownloadURL, "aquasecurity/trivy/releases/download")
 	assert.Contains(t, trivyInfo.DownloadURL, trivyInfo.Version)
@@ -199,3 +205,47 @@ func TestGetSupportedTools(t *testing.T) {
 		})
 	}
 }
+
+func TestGetToolConfig(t *testing.T) {
+	pluginManager := GetPluginManager()
+
+	tests := []struct {
+		name                          string
+		toolName                      string
+		expectedSupportsSpecificFiles bool
+		expectedError                 bool
+	}{
+		{
+			name:                          "trivy should support specific files",
+			toolName:                      "trivy",
+			expectedSupportsSpecificFiles: true,
+			expectedError:                 false,
+		},
+		{
+			name:                          "eslint should not support specific files",
+			toolName:                      "eslint",
+			expectedSupportsSpecificFiles: false,
+			expectedError:                 false,
+		},
+		{
+			name:          "non-existent tool should return error",
+			toolName:      "non-existent-tool",
+			expectedError: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			config, err := pluginManager.GetToolConfig(tt.toolName)
+
+			if tt.expectedError {
+				assert.Error(t, err)
+				return
+			}
+
+			assert.NoError(t, err)
+			assert.Equal(t, tt.expectedSupportsSpecificFiles, config.SupportsSpecificFiles,
+				"SupportsSpecificFiles should match expected value for %s", tt.toolName)
+		})
+	}
+}

plugins/tools/pylint/test/src/.codacy/tools-configs/languages-config.yaml

@@ -2,4 +2,4 @@ tools:
     - name: pylint
       languages: [Python]
       extensions: [.py]
-      files: [Pipfile.lock, poetry.lock, requirements.txt, uv.lock]
+      files: []

plugins/tools/trivy/plugin.yaml

@@ -1,6 +1,7 @@
 name: trivy
 description: Trivy is a comprehensive security scanner for containers and other artifacts.
 default_version: 0.59.1
+support_specific_files: true
 download:
   url_template: "https://github.com/aquasecurity/trivy/releases/download/v{{.Version}}/trivy_{{.Version}}_{{.OS}}-{{.Arch}}.{{.Extension}}"
   file_name_template: "trivy_{{.Version}}_{{.OS}}_{{.Arch}}"

plugins/tools/trivy/test/src/.codacy/tools-configs/languages-config.yaml

@@ -0,0 +1,5 @@
+tools:
+    - name: trivy
+      languages: [C, CPP, CSharp, Dart, Dockerfile, Elixir, Go, JSON, Java, Javascript, PHP, Python, Ruby, Rust, Scala, Swift, Terraform, TypeScript, XML, YAML]
+      extensions: [.c, .cc, .cpp, .cs, .cxx, .dart, .dockerfile, .ex, .exs, .gemspec, .go, .h, .hpp, .ino, .java, .jbuilder, .js, .jsm, .json, .jsx, .mjs, .opal, .php, .podspec, .pom, .py, .rake, .rb, .rlib, .rs, .scala, .swift, .tf, .ts, .tsx, .vue, .wsdl, .xml, .xsl, .yaml, .yml]
+      files: [.deps.json, Berksfile, Capfile, Cargo.lock, Cheffile, Directory.Packages.props, Dockerfile, Fastfile, Gemfile, Gemfile.lock, Guardfile, Package.resolved, Packages.props, Pipfile.lock, Podfile, Podfile.lock, Rakefile, Thorfile, Vagabondfile, Vagrantfile, build.sbt.lock, composer.lock, conan.lock, config.ru, go.mod, gradle.lockfile, mix.lock, package-lock.json, package.json, packages.config, packages.lock.json, pnpm-lock.yaml, poetry.lock, pom.xml, pubspec.lock, requirements.txt, uv.lock, yarn.lock]

plugins/tools/trivy/test/src/.codacy/tools-configs/trivy.yaml

@@ -0,0 +1,10 @@
+severity:
+  - LOW
+  - MEDIUM
+  - HIGH
+  - CRITICAL
+
+scan:
+  scanners:
+    - vuln
+    - secret

tools/language_config.go

@@ -82,16 +82,23 @@ func buildToolLanguageInfoFromAPI() (map[string]domain.ToolLanguageInfo, error)
 		extensionsSet := make(map[string]struct{})
 		filesSet := make(map[string]struct{})
 
+		// Check if this tool supports specific files
+		toolInfo := config.Config.Tools()[toolName]
+		supportsSpecificFiles := toolInfo != nil && toolInfo.SupportsSpecificFiles
+
 		for _, apiLang := range tool.Languages {
 			lowerLang := strings.ToLower(apiLang)
 			if extensions, exists := languageExtensionsMap[lowerLang]; exists {
 				for _, ext := range extensions {
 					extensionsSet[ext] = struct{}{}
 				}
 			}
-			if files, exists := languageFilesMap[lowerLang]; exists {
-				for _, file := range files {
-					filesSet[file] = struct{}{}
+			// Only populate files if the tool supports specific files
+			if supportsSpecificFiles {
+				if files, exists := languageFilesMap[lowerLang]; exists {
+					for _, file := range files {
+						filesSet[file] = struct{}{}
+					}
 				}
 			}
 		}
@@ -244,12 +251,16 @@ func buildRemoteModeLanguagesConfig(apiTools []domain.Tool, toolIDMap map[string
 		extensionsSet := make(map[string]struct{})
 		filesSet := make(map[string]struct{})
 
+		// Check if this tool supports specific files
+		toolInfo := config.Config.Tools()[shortName]
+		supportsSpecificFiles := toolInfo != nil && toolInfo.SupportsSpecificFiles
+
 		for _, lang := range tool.Languages {
 			lowerLang := strings.ToLower(lang)
 			if repoLang, exists := repositoryLanguages[lowerLang]; exists {
 				// Check if this language has either extensions or files
 				hasExtensions := len(repoLang.Extensions) > 0
-				hasFiles := len(repoLang.Files) > 0
+				hasFiles := len(repoLang.Files) > 0 && supportsSpecificFiles
 
 				if hasExtensions || hasFiles {
 					configTool.Languages = append(configTool.Languages, lang)
@@ -261,7 +272,7 @@ func buildRemoteModeLanguagesConfig(apiTools []domain.Tool, toolIDMap map[string
 						}
 					}
 
-					// Add repository-specific files if they exist
+					// Add repository-specific files if they exist (only if tool supports it)
 					if hasFiles {
 						for _, file := range repoLang.Files {
 							filesSet[file] = struct{}{}