MCPcopy
hub / github.com/docker/compose / checkForSensitiveData

Method checkForSensitiveData

pkg/compose/publish.go:687–746  ·  view source on GitHub ↗
(ctx context.Context, project *types.Project)

Source from the content-addressed store, hash-verified

685}
686
687func (s *composeService) checkForSensitiveData(ctx context.Context, project *types.Project) ([]secrets.DetectedSecret, error) {
688 var allFindings []secrets.DetectedSecret
689 scan := scanner.NewDefaultScanner()
690 // Check all compose files
691 for _, file := range project.ComposeFiles {
692 in, err := composeFileAsByteReader(ctx, file, project)
693 if err != nil {
694 return nil, err
695 }
696
697 findings, err := scan.ScanReader(in)
698 if err != nil {
699 return nil, fmt.Errorf("failed to scan compose file %s: %w", file, err)
700 }
701 allFindings = append(allFindings, findings...)
702 }
703 for _, service := range project.Services {
704 // Check env files
705 for _, envFile := range service.EnvFiles {
706 if _, statErr := os.Stat(envFile.Path); statErr != nil {
707 if !os.IsNotExist(statErr) {
708 return nil, fmt.Errorf("failed to access env file %s: %w", envFile.Path, statErr)
709 }
710 if envFile.Required {
711 return nil, fmt.Errorf("env file %s not found", envFile.Path)
712 }
713 continue
714 }
715 findings, err := scan.ScanFile(envFile.Path)
716 if err != nil {
717 return nil, fmt.Errorf("failed to scan env file %s: %w", envFile.Path, err)
718 }
719 allFindings = append(allFindings, findings...)
720 }
721 }
722
723 // Check configs defined by files
724 for _, config := range project.Configs {
725 if config.File != "" {
726 findings, err := scan.ScanFile(config.File)
727 if err != nil {
728 return nil, fmt.Errorf("failed to scan config file %s: %w", config.File, err)
729 }
730 allFindings = append(allFindings, findings...)
731 }
732 }
733
734 // Check secrets defined by files
735 for _, secret := range project.Secrets {
736 if secret.File != "" {
737 findings, err := scan.ScanFile(secret.File)
738 if err != nil {
739 return nil, fmt.Errorf("failed to scan secret file %s: %w", secret.File, err)
740 }
741 allFindings = append(allFindings, findings...)
742 }
743 }
744

Calls 1

composeFileAsByteReaderFunction · 0.85