diff --git a/internal/services/realtimeengine/ossrealtime/oss-realtime.go b/internal/services/realtimeengine/ossrealtime/oss-realtime.go index 9316b1a7..bf65b0c3 100644 --- a/internal/services/realtimeengine/ossrealtime/oss-realtime.go +++ b/internal/services/realtimeengine/ossrealtime/oss-realtime.go @@ -4,6 +4,7 @@ import ( "encoding/json" "fmt" "os" + "path/filepath" "strings" "github.com/Checkmarx/manifest-parser/pkg/parser" @@ -74,6 +75,10 @@ func (o *OssRealtimeService) RunOssRealtimeScan(filePath, ignoredFilePath string return nil, errorconstants.NewRealtimeEngineError("invalid file path").Error() } + if err := validateSupportedManifestFile(filePath); err != nil { + return nil, err + } + pkgs, err := parseManifest(filePath) if err != nil { logger.PrintfIfVerbose("Failed to parse manifest file %s: %v", filePath, err) @@ -174,6 +179,55 @@ func getPackageEntryFromPackageMap( return &entry } +// validateSupportedManifestFile checks if the manifest file format is supported by OSS realtime scanner. +func validateSupportedManifestFile(filePath string) error { + manifestFileName := filepath.Base(filePath) + manifestFileExtension := filepath.Ext(manifestFileName) + + // Check supported extensions + supportedExtensions := map[string]bool{ + ".csproj": true, + ".sbt": true, + } + + // Check supported filenames + supportedFilenames := map[string]bool{ + "pom.xml": true, + "package.json": true, + "Directory.Packages.props": true, + "packages.config": true, + "go.mod": true, + "build.gradle": true, + "build.gradle.kts": true, + "libs.versions.toml": true, + "setup.cfg": true, + "setup.py": true, + "pyproject.toml": true, + } + + // Check by extension + if supportedExtensions[manifestFileExtension] { + return nil + } + + // Check by filename + if supportedFilenames[manifestFileName] { + return nil + } + + // Special handling for .txt files (check prefix) + if manifestFileExtension == ".txt" { + if strings.HasPrefix(manifestFileName, "requirement") || + strings.HasPrefix(manifestFileName, "packages") || + strings.HasPrefix(manifestFileName, "constraint") { + return nil + } + } + + // Manifest format is not supported + return errorconstants.NewRealtimeEngineError(fmt.Sprintf("OSS Realtime scanner doesn't currently support scanning '%s' file.", manifestFileName)).Error() +} + // parseManifest parses the manifest file and returns a list of packages. func parseManifest(filePath string) ([]models.Package, error) { manifestParser := parser.ParsersFactory(filePath)