refactor(misconf): migrate from custom Azure JSON parser

Signed-off-by: nikpivkin <[email protected]>

Author: nikpivkin

pkg/iac/scanners/azure/arm/parser/parser.go

@@ -1,16 +1,24 @@
 package parser
 
 import (
+	"bytes"
 	"context"
 	"fmt"
 	"io"
 	"io/fs"
+	"iter"
+	"strconv"
+	"strings"
 
+	"github.com/go-json-experiment/json"
+	"github.com/go-json-experiment/json/jsontext"
+
+	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
 	"github.com/aquasecurity/trivy/pkg/iac/scanners/azure"
-	"github.com/aquasecurity/trivy/pkg/iac/scanners/azure/arm/parser/armjson"
 	"github.com/aquasecurity/trivy/pkg/iac/scanners/azure/resolver"
 	"github.com/aquasecurity/trivy/pkg/iac/types"
 	"github.com/aquasecurity/trivy/pkg/log"
+	xjson "github.com/aquasecurity/trivy/pkg/x/json"
 )
 
 type Parser struct {
@@ -50,6 +58,7 @@ func (p *Parser) ParseFS(ctx context.Context, dir string) ([]azure.Deployment, e
 
 		deployment, err := p.parseFile(f, path)
 		if err != nil {
+			println(err.Error())
 			p.logger.Error("Failed to parse file", log.FilePath(path), log.Err(err))
 			return nil
 		}
@@ -64,22 +73,115 @@ func (p *Parser) ParseFS(ctx context.Context, dir string) ([]azure.Deployment, e
 }
 
 func (p *Parser) parseFile(r io.Reader, filename string) (*azure.Deployment, error) {
-	var template Template
+
 	data, err := io.ReadAll(r)
 	if err != nil {
 		return nil, err
 	}
-	root := types.NewMetadata(
+
+	data = xjson.ToRFC8259(data)
+
+	lr := xjson.NewLineReader(bytes.NewReader(data))
+
+	var template Template
+
+	rootMetadata := types.NewMetadata(
 		types.NewRange(filename, 0, 0, "", p.targetFS),
 		"",
 	).WithInternal(resolver.NewResolver())
 
-	if err := armjson.Unmarshal(data, &template, &root); err != nil {
-		return nil, fmt.Errorf("failed to parse template: %w", err)
+	if err := json.UnmarshalRead(lr, &template, json.WithUnmarshalers(
+		json.JoinUnmarshalers(
+			xjson.UnmarshalerWithObjectLocation(lr, func() xjson.DecodeHook {
+				stack := map[jsontext.Pointer]*types.Metadata{
+					"": {},
+				}
+				return xjson.DecodeHook{
+					Before: func(dec *jsontext.Decoder, obj any) {
+						pointer := dec.StackPointer()
+						if pointer != "" {
+							// Do not overwrite metadata if we have already set it below
+							if _, exists := stack[pointer]; !exists {
+								if _, ok := obj.(MetadataReceiver); ok {
+									stack[pointer] = &types.Metadata{}
+								}
+
+							}
+						}
+
+						// The array node is visited after all its elements,
+						// so the parent metadata must already be created.
+						// parent := pointer.Parent()
+						// if _, err := strconv.Atoi(pointer.Parent().LastToken()); err == nil {
+						// 	stack[parent] = &types.Metadata{}
+						// }
+					},
+					After: func(dec *jsontext.Decoder, obj any, loc ftypes.Location) {
+						pointer := dec.StackPointer()
+						ref := buildNodeRef(pointer.Tokens())
+						rng := types.NewRange(filename, loc.StartLine, loc.EndLine, "", p.targetFS)
+						metadata := types.NewMetadata(rng, ref)
+
+						if pointer == "" {
+							metadata.SetParentPtr(&rootMetadata)
+						} else {
+							parentPtr := pointer.Parent()
+							for parentPtr != "" {
+								if parent, ok := stack[parentPtr]; ok {
+									metadata.SetParentPtr(parent)
+									break
+								}
+								parentPtr = parentPtr.Parent()
+							}
+
+							if parentPtr == "" {
+								metadata.SetParentPtr(&template.Metadata)
+							}
+						}
+
+						existingMeta, ok := stack[pointer]
+						if ok {
+							*existingMeta = metadata
+						} else {
+							stack[pointer.Parent()] = &metadata
+							existingMeta = &metadata
+						}
+
+						if mr, ok := obj.(MetadataReceiver); ok {
+							mr.SetMetadata(*existingMeta)
+						}
+					},
+				}
+			}()),
+		),
+	)); err != nil {
+		return nil, fmt.Errorf("unmarshal template: %w", err)
 	}
 	return p.convertTemplate(template), nil
 }
 
+func buildNodeRef(seq iter.Seq[string]) string {
+	var sb strings.Builder
+	for el := range seq {
+		if _, err := strconv.Atoi(el); err == nil {
+			sb.WriteString("[")
+			sb.WriteString(el)
+			sb.WriteString("]")
+		} else {
+			if sb.Len() > 0 {
+				sb.WriteString(".")
+			}
+			sb.WriteString(el)
+		}
+
+	}
+	return sb.String()
+}
+
+type MetadataReceiver interface {
+	SetMetadata(types.Metadata)
+}
+
 func (p *Parser) convertTemplate(template Template) *azure.Deployment {
 
 	deployment := azure.Deployment{
@@ -142,7 +244,7 @@ func (p *Parser) convertResource(input Resource) azure.Resource {
 		Type:       input.Type,
 		Kind:       input.Kind,
 		Name:       input.Name,
-		Location:   input.Location,
+		Location:   input.Loc,
 		Properties: input.Properties,
 		Resources:  children,
 	}

pkg/iac/scanners/azure/arm/parser/template.go

@@ -4,9 +4,11 @@ import (
 	"github.com/aquasecurity/trivy/pkg/iac/scanners/azure"
 	"github.com/aquasecurity/trivy/pkg/iac/scanners/azure/arm/parser/armjson"
 	"github.com/aquasecurity/trivy/pkg/iac/types"
+	xjson "github.com/aquasecurity/trivy/pkg/x/json"
 )
 
 type Template struct {
+	xjson.Location
 	Metadata       types.Metadata         `json:"-"`
 	Schema         azure.Value            `json:"$schema"`
 	ContentVersion azure.Value            `json:"contentVersion"`
@@ -19,6 +21,7 @@ type Template struct {
 }
 
 type Parameter struct {
+	xjson.Location
 	Metadata     types.Metadata
 	Type         azure.Value `json:"type"`
 	DefaultValue azure.Value `json:"defaultValue"`
@@ -33,24 +36,25 @@ type Resource struct {
 	innerResource
 }
 
-func (t *Template) SetMetadata(m *types.Metadata) {
-	t.Metadata = *m
+func (t *Template) SetMetadata(m types.Metadata) {
+	t.Metadata = m
 }
 
-func (r *Resource) SetMetadata(m *types.Metadata) {
-	r.Metadata = *m
+func (r *Resource) SetMetadata(m types.Metadata) {
+	r.Metadata = m
 }
 
-func (p *Parameter) SetMetadata(m *types.Metadata) {
-	p.Metadata = *m
+func (p *Parameter) SetMetadata(m types.Metadata) {
+	p.Metadata = m
 }
 
 type innerResource struct {
+	xjson.Location
 	APIVersion azure.Value `json:"apiVersion"`
 	Type       azure.Value `json:"type"`
 	Kind       azure.Value `json:"kind"`
 	Name       azure.Value `json:"name"`
-	Location   azure.Value `json:"location"`
+	Loc        azure.Value `json:"location"`
 	Tags       azure.Value `json:"tags"`
 	Sku        azure.Value `json:"sku"`
 	Properties azure.Value `json:"properties"`

pkg/iac/scanners/azure/value.go

@@ -1,12 +1,16 @@
 package azure
 
 import (
+	"fmt"
 	"slices"
 	"strings"
 	"time"
 
-	armjson2 "github.com/aquasecurity/trivy/pkg/iac/scanners/azure/arm/parser/armjson"
+	"github.com/aquasecurity/trivy/pkg/iac/scanners/azure/arm/parser/armjson"
 	"github.com/aquasecurity/trivy/pkg/iac/types"
+	xjson "github.com/aquasecurity/trivy/pkg/x/json"
+	"github.com/go-json-experiment/json"
+	"github.com/go-json-experiment/json/jsontext"
 )
 
 type EvalContext struct{}
@@ -25,6 +29,7 @@ const (
 )
 
 type Value struct {
+	xjson.Location
 	types.Metadata
 	rLit     any
 	rMap     map[string]Value
@@ -97,24 +102,66 @@ func (v *Value) GetMetadata() types.Metadata {
 	return v.Metadata
 }
 
-func (v *Value) UnmarshalJSONWithMetadata(node armjson2.Node) error {
+func (v *Value) SetMetadata(m types.Metadata) {
+	v.Metadata = m
+}
+
+func (n *Value) UnmarshalJSONFrom(dec *jsontext.Decoder) error {
+	switch k := dec.PeekKind(); k {
+	case 't', 'f':
+		n.Kind = KindBoolean
+		if err := json.UnmarshalDecode(dec, &n.rLit); err != nil {
+			return err
+		}
+	case '"':
+		n.Kind = KindString
+		if err := json.UnmarshalDecode(dec, &n.rLit); err != nil {
+			return err
+		}
+	case '0':
+		n.Kind = KindNumber
+		if err := json.UnmarshalDecode(dec, &n.rLit); err != nil {
+			return err
+		}
+	case '[':
+		n.Kind = KindArray
+		if err := json.UnmarshalDecode(dec, &n.rArr); err != nil {
+			return err
+		}
+	case '{':
+		n.Kind = KindObject
+		if err := json.UnmarshalDecode(dec, &n.rMap); err != nil {
+			return err
+		}
+	case 'n':
+		// TODO: UnmarshalJSONFrom is called only for the root null
+		return dec.SkipValue()
+	case 0:
+		return dec.SkipValue()
+	default:
+		return fmt.Errorf("unexpected token kind %q at %d", k.String(), dec.InputOffset())
+	}
+	return nil
+}
+
+func (v *Value) UnmarshalJSONWithMetadata(node armjson.Node) error {
 
 	v.updateValueKind(node)
 
 	v.Metadata = node.Metadata()
 
 	switch node.Kind() {
-	case armjson2.KindArray:
+	case armjson.KindArray:
 		err := v.unmarshallArray(node)
 		if err != nil {
 			return err
 		}
-	case armjson2.KindObject:
+	case armjson.KindObject:
 		err := v.unmarshalObject(node)
 		if err != nil {
 			return err
 		}
-	case armjson2.KindString:
+	case armjson.KindString:
 		err := v.unmarshalString(node)
 		if err != nil {
 			return err
@@ -138,7 +185,7 @@ func (v *Value) UnmarshalJSONWithMetadata(node armjson2.Node) error {
 	return nil
 }
 
-func (v *Value) unmarshalString(node armjson2.Node) error {
+func (v *Value) unmarshalString(node armjson.Node) error {
 	var str string
 	if err := node.Decode(&str); err != nil {
 		return err
@@ -153,7 +200,7 @@ func (v *Value) unmarshalString(node armjson2.Node) error {
 	return nil
 }
 
-func (v *Value) unmarshalObject(node armjson2.Node) error {
+func (v *Value) unmarshalObject(node armjson.Node) error {
 	obj := make(map[string]Value)
 	for i := 0; i < len(node.Content()); i += 2 {
 		var key string
@@ -170,7 +217,7 @@ func (v *Value) unmarshalObject(node armjson2.Node) error {
 	return nil
 }
 
-func (v *Value) unmarshallArray(node armjson2.Node) error {
+func (v *Value) unmarshallArray(node armjson.Node) error {
 	var arr []Value
 	for _, child := range node.Content() {
 		var val Value
@@ -183,19 +230,19 @@ func (v *Value) unmarshallArray(node armjson2.Node) error {
 	return nil
 }
 
-func (v *Value) updateValueKind(node armjson2.Node) {
+func (v *Value) updateValueKind(node armjson.Node) {
 	switch node.Kind() {
-	case armjson2.KindString:
+	case armjson.KindString:
 		v.Kind = KindString
-	case armjson2.KindNumber:
+	case armjson.KindNumber:
 		v.Kind = KindNumber
-	case armjson2.KindBoolean:
+	case armjson.KindBoolean:
 		v.Kind = KindBoolean
-	case armjson2.KindObject:
+	case armjson.KindObject:
 		v.Kind = KindObject
-	case armjson2.KindNull:
+	case armjson.KindNull:
 		v.Kind = KindNull
-	case armjson2.KindArray:
+	case armjson.KindArray:
 		v.Kind = KindArray
 	default:
 		panic(node.Kind())