From 2a00339da123f30626470d4487ec53ddd515719b Mon Sep 17 00:00:00 2001
From: MaineK00n <mainek00n.1229@gmail.com>
Date: Fri, 2 Sep 2022 18:18:00 +0900
Subject: [PATCH] fix(lockfiles): fix privileges in lockfile scan (#1512)

* fix(lockfiles): fix privileges in lockfile scan

* style(fmt): add space in comment line
---
 scanner/base.go | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/scanner/base.go b/scanner/base.go
index 05463826..7808a955 100644
--- a/scanner/base.go
+++ b/scanner/base.go
@@ -603,6 +603,11 @@ func (l *base) scanLibraries() (err error) {
 	libFilemap := map[string]LibFile{}
 	detectFiles := l.ServerInfo.Lockfiles
 
+	priv := noSudo
+	if l.getServerInfo().Mode.IsFastRoot() || l.getServerInfo().Mode.IsDeep() {
+		priv = sudo
+	}
+
 	// auto detect lockfile
 	if l.ServerInfo.FindLock {
 		findopt := ""
@@ -613,7 +618,7 @@ func (l *base) scanLibraries() (err error) {
 		// delete last "-o "
 		// find / -type f -and \( -name "package-lock.json" -o -name "yarn.lock" ... \) 2>&1 | grep -v "find: "
 		cmd := fmt.Sprintf(`find / -type f -and \( ` + findopt[:len(findopt)-3] + ` \) 2>&1 | grep -v "find: "`)
-		r := exec(l.ServerInfo, cmd, noSudo)
+		r := exec(l.ServerInfo, cmd, priv)
 		if r.ExitStatus != 0 && r.ExitStatus != 1 {
 			return xerrors.Errorf("Failed to find lock files")
 		}
@@ -648,7 +653,7 @@ func (l *base) scanLibraries() (err error) {
 			}
 		default:
 			cmd := fmt.Sprintf(`stat -c "%%a" %s`, path)
-			r := exec(l.ServerInfo, cmd, noSudo)
+			r := exec(l.ServerInfo, cmd, priv)
 			if !r.isSuccess() {
 				return xerrors.Errorf("Failed to get target file permission: %s, filepath: %s", r, path)
 			}
@@ -660,7 +665,7 @@ func (l *base) scanLibraries() (err error) {
 			f.Filemode = os.FileMode(perm)
 
 			cmd = fmt.Sprintf("cat %s", path)
-			r = exec(l.ServerInfo, cmd, noSudo)
+			r = exec(l.ServerInfo, cmd, priv)
 			if !r.isSuccess() {
 				return xerrors.Errorf("Failed to get target file contents: %s, filepath: %s", r, path)
 			}
@@ -785,13 +790,13 @@ func (d *DummyFileInfo) Size() int64 { return d.size }
 // Mode is
 func (d *DummyFileInfo) Mode() os.FileMode { return d.filemode }
 
-//ModTime is
+// ModTime is
 func (d *DummyFileInfo) ModTime() time.Time { return time.Now() }
 
 // IsDir is
 func (d *DummyFileInfo) IsDir() bool { return false }
 
-//Sys is
+// Sys is
 func (d *DummyFileInfo) Sys() interface{} { return nil }
 
 func (l *base) scanWordPress() error {