fix: Only consider LanguageFiles from the API for Trivy CF-1742

Author: machadoit

plugins/tools/eslint/test/src/.codacy/tools-configs/eslint.config.mjs

@@ -0,0 +1,67 @@
+export default [
+    {
+        rules: {
+          "constructor-super": ["error"],
+          "for-direction": ["error"],
+          "getter-return": ["error", {"allowImplicit": false}],
+          "no-async-promise-executor": ["error"],
+          "no-case-declarations": ["error"],
+          "no-class-assign": ["error"],
+          "no-compare-neg-zero": ["error"],
+          "no-cond-assign": ["error", "except-parens"],
+          "no-constant-condition": ["error", {"checkLoops": true}],
+          "no-const-assign": ["error"],
+          "no-control-regex": ["error"],
+          "no-debugger": ["error"],
+          "no-delete-var": ["error"],
+          "no-dupe-args": ["error"],
+          "no-dupe-class-members": ["error"],
+          "no-dupe-else-if": ["error"],
+          "no-dupe-keys": ["error"],
+          "no-duplicate-case": ["error"],
+          "no-empty": ["error", {"allowEmptyCatch": false}],
+          "no-empty-character-class": ["error"],
+          "no-empty-pattern": ["error", {"allowObjectPatternsAsParameters": false}],
+          "no-ex-assign": ["error"],
+          "no-extra-boolean-cast": ["error", {"enforceForLogicalOperands": false}],
+          "no-extra-semi": ["error"],
+          "no-fallthrough": ["error", {"allowEmptyCase": false}],
+          "no-func-assign": ["error"],
+          "no-global-assign": ["error"],
+          "no-import-assign": ["error"],
+          "no-inner-declarations": ["error", "functions"],
+          "no-invalid-regexp": ["error"],
+          "no-irregular-whitespace": ["error", {"skipComments": false, "skipJSXText": false, "skipRegExps": false, "skipStrings": true, "skipTemplates": false}],
+          "no-loss-of-precision": ["error"],
+          "no-misleading-character-class": ["error"],
+          "no-mixed-spaces-and-tabs": ["error"],
+          "no-new-symbol": ["error"],
+          "no-nonoctal-decimal-escape": ["error"],
+          "no-obj-calls": ["error"],
+          "no-octal": ["error"],
+          "no-prototype-builtins": ["error"],
+          "no-redeclare": ["error", {"builtinGlobals": true}],
+          "no-regex-spaces": ["error"],
+          "no-self-assign": ["error", {"props": true}],
+          "no-setter-return": ["error"],
+          "no-shadow-restricted-names": ["error"],
+          "no-sparse-arrays": ["error"],
+          "no-this-before-super": ["error"],
+          "no-undef": ["error", {"typeof": false}],
+          "no-unexpected-multiline": ["error"],
+          "no-unreachable": ["error"],
+          "no-unsafe-finally": ["error"],
+          "no-unsafe-negation": ["error", {"enforceForOrderingRelations": false}],
+          "no-unsafe-optional-chaining": ["error", {"disallowArithmeticOperators": false}],
+          "no-unused-labels": ["error"],
+          "no-unused-vars": ["error"],
+          "no-useless-backreference": ["error"],
+          "no-useless-catch": ["error"],
+          "no-useless-escape": ["error"],
+          "no-with": ["error"],
+          "require-yield": ["error"],
+          "use-isnan": ["error", {"enforceForIndexOf": false, "enforceForSwitchCase": true}],
+          "valid-typeof": ["error", {"requireStringLiterals": false}],
+        }
+    }
+];

plugins/tools/eslint/test/src/.codacy/tools-configs/languages-config.yaml

@@ -0,0 +1,4 @@
+tools:
+    - name: eslint
+      languages: [Javascript, TypeScript]
+      extensions: [.js, .jsm, .jsx, .mjs, .ts, .tsx, .vue]

plugins/tools/pylint/test/src/.codacy/tools-configs/languages-config.yaml

@@ -2,3 +2,4 @@ tools:
     - name: pylint
       languages: [Python]
       extensions: [.py]
+      files: []

plugins/tools/trivy/test/src/.codacy/tools-configs/languages-config.yaml

@@ -0,0 +1,33 @@
+tools:
+    - name: dartanalyzer
+      languages: [Dart]
+      extensions: [.dart]
+      files: []
+    - name: eslint
+      languages: [Javascript, TypeScript]
+      extensions: [.js, .jsm, .jsx, .mjs, .ts, .tsx, .vue]
+      files: []
+    - name: lizard
+      languages: [C, CPP, CSharp, Erlang, Fortran, Go, Java, Javascript, Kotlin, Lua, Objective C, PHP, Python, Ruby, Rust, Scala, Solidity, Swift, TypeScript]
+      extensions: [.c, .cc, .cpp, .cs, .cxx, .gemspec, .go, .h, .hpp, .ino, .java, .jbuilder, .js, .jsm, .jsx, .kt, .kts, .m, .mjs, .opal, .php, .podspec, .py, .rake, .rb, .rlib, .rs, .scala, .swift, .ts, .tsx, .vue]
+      files: []
+    - name: pmd
+      languages: [Apex, JSP, Java, Javascript, PLSQL, SQL, Velocity, VisualForce, XML]
+      extensions: [.cls, .component, .fnc, .java, .js, .jsm, .jsp, .jsx, .mjs, .page, .pck, .pkb, .pkh, .pks, .plb, .pld, .plh, .pls, .pom, .prc, .sql, .tpb, .tps, .trg, .trigger, .tyb, .typ, .vm, .vue, .wsdl, .xml, .xsl]
+      files: []
+    - name: pylint
+      languages: [Python]
+      extensions: [.py]
+      files: []
+    - name: revive
+      languages: [Go]
+      extensions: [.go]
+      files: []
+    - name: semgrep
+      languages: [Apex, C, CPP, CSharp, Dockerfile, Go, Java, Javascript, Kotlin, PHP, PLSQL, Python, Ruby, Rust, SQL, Scala, Shell, Swift, Terraform, TypeScript, YAML]
+      extensions: [.bash, .c, .cc, .cls, .cpp, .cs, .cxx, .dockerfile, .fnc, .gemspec, .go, .h, .hpp, .ino, .java, .jbuilder, .js, .jsm, .jsx, .kt, .kts, .mjs, .opal, .pck, .php, .pkb, .pkh, .pks, .plb, .pld, .plh, .pls, .podspec, .prc, .py, .rake, .rb, .rlib, .rs, .scala, .sh, .sql, .swift, .tf, .tpb, .tps, .trg, .trigger, .ts, .tsx, .tyb, .typ, .vue, .yaml, .yml]
+      files: []
+    - name: trivy
+      languages: [C, CPP, CSharp, Dart, Dockerfile, Elixir, Go, JSON, Java, Javascript, PHP, Python, Ruby, Rust, Scala, Swift, Terraform, TypeScript, XML, YAML]
+      extensions: [.c, .cc, .cpp, .cs, .cxx, .dart, .dockerfile, .ex, .exs, .gemspec, .go, .h, .hpp, .ino, .java, .jbuilder, .js, .jsm, .json, .jsx, .mjs, .opal, .php, .podspec, .pom, .py, .rake, .rb, .rlib, .rs, .scala, .swift, .tf, .ts, .tsx, .vue, .wsdl, .xml, .xsl, .yaml, .yml]
+      files: [.deps.json, Berksfile, Capfile, Cargo.lock, Cheffile, Directory.Packages.props, Dockerfile, Fastfile, Gemfile, Gemfile.lock, Guardfile, Package.resolved, Packages.props, Pipfile.lock, Podfile, Podfile.lock, Rakefile, Thorfile, Vagabondfile, Vagrantfile, build.sbt.lock, composer.lock, conan.lock, config.ru, go.mod, gradle.lockfile, mix.lock, package-lock.json, package.json, packages.config, packages.lock.json, pnpm-lock.yaml, poetry.lock, pom.xml, pubspec.lock, requirements.txt, uv.lock, yarn.lock]

plugins/tools/trivy/test/src/.codacy/tools-configs/trivy.yaml

@@ -0,0 +1,10 @@
+severity:
+  - LOW
+  - MEDIUM
+  - HIGH
+  - CRITICAL
+
+scan:
+  scanners:
+    - vuln
+    - secret

tools/language_config.go

@@ -23,6 +23,12 @@ import (
 // This file is responsible for building the languages-config.yaml file.
 //
 
+// Tools that support specific files (hardcoded list)
+// We want to move this to the API in the future
+var supportSpecificFiles = map[string]bool{
+	"trivy": true,
+}
+
 // buildToolLanguageInfoFromAPI builds tool language information from API data
 // This is the core shared logic used by both GetToolLanguageMappingFromAPI and buildToolLanguageConfigFromAPI
 func buildToolLanguageInfoFromAPI() (map[string]domain.ToolLanguageInfo, error) {
@@ -90,9 +96,12 @@ func buildToolLanguageInfoFromAPI() (map[string]domain.ToolLanguageInfo, error)
 					extensionsSet[ext] = struct{}{}
 				}
 			}
-			if files, exists := languageFilesMap[lowerLang]; exists {
-				for _, file := range files {
-					filesSet[file] = struct{}{}
+			// Only populate files if the tool supports specific files
+			if supportSpecificFiles[toolName] {
+				if files, exists := languageFilesMap[lowerLang]; exists {
+					for _, file := range files {
+						filesSet[file] = struct{}{}
+					}
 				}
 			}
 		}
@@ -262,8 +271,8 @@ func buildRemoteModeLanguagesConfig(apiTools []domain.Tool, toolIDMap map[string
 						}
 					}
 
-					// Add repository-specific files if they exist
-					if hasFiles {
+					// Add repository-specific files if they exist and tool supports specific files
+					if hasFiles && supportSpecificFiles[shortName] {
 						for _, file := range repoLang.Files {
 							filesSet[file] = struct{}{}
 						}