feat(resolver): kubernetes circular dependency is causing resource exhaustion (#7421)

* stage

* draft check for circular references

* comment failing test and solve lint

* remove stashed currentResolutionPath from previous resolved files allowing once resolutions

* remove wrong comments and add no lint statement

* fix TestResolver_Resolve_Ansible_Vars unit test

* fix 2 tests on TestResolver_Resolve_With_ResolveReferences and 1 test on TestResolver_Resolve_Without_ResolveReferences (5/8)

* fix all unit tests

* add lint ignore

* remove lint ignore

* add Test_checkCircularReference tests

* remove deprecated function ioutil.ReadFile

* remove unnecessary comments

* first json temporary solution and handleMap RefMedatada refactor

* add resolution for json files

* solve unit tests although they seem to be wrongly implementedgi

* refactor code and solve unit tests

* fix lint issues and e2e test

* add e2e that compares the payload between json and yaml files

* fix mixing want status and lint lll

* add missing payloads

* refactor payload, folder name and fix e2e

* change comments on e2e

* refactor names to be according to other files naming conventions

* remove duplicated unit test

* fix typo on e2e comment

* remove resolved file at least once solution

* update e2e 099 payload with new implemented code

* update file and id from e2e payload

* remove currentResolutionPath from TestResolver

* revert addition of \n to test error output

* add Clear mechanism on ResolvedFilesCache to force re-resolution of all files

* add nolint gocyclo

* check if the file can or cannot be cached during the for cycle

---------

Co-authored-by: ArturRibeiro-CX <[email protected]>
Co-authored-by: ArturRibeiro-CX <[email protected]>

Author: cx-miguel-silva

e2e/fixtures/E2E_CLI_099_JSON_PAYLOAD.json

@@ -0,0 +1,114 @@
+{
+  "document": [
+    {
+      "components": {
+        "schemas": {
+          "Author": {
+            "RefMetadata": {
+              "$ref": "./components/schemas/Author.json",
+              "alone": true
+            },
+            "properties": {
+              "books": {
+                "items": {
+                  "RefMetadata": {
+                    "$ref": "Book.json",
+                    "alone": true
+                  },
+                  "properties": {
+                    "author": {
+                      "RefMetadata": {
+                        "$ref": "Author.json",
+                        "alone": true
+                      }
+                    },
+                    "books": {
+                      "items": {
+                        "RefMetadata": {
+                          "$ref": "Book.json",
+                          "alone": true
+                        }
+                      },
+                      "type": "array"
+                    },
+                    "id": {
+                      "type": "integer"
+                    },
+                    "title": {
+                      "type": "string"
+                    }
+                  },
+                  "type": "object"
+                },
+                "type": "array"
+              },
+              "id": {
+                "type": "integer"
+              },
+              "name": {
+                "type": "string"
+              }
+            },
+            "type": "object"
+          },
+          "Book": {
+            "RefMetadata": {
+              "$ref": "./components/schemas/Book.json",
+              "alone": true
+            },
+            "properties": {
+              "author": {
+                "RefMetadata": {
+                  "$ref": "Author.json",
+                  "alone": true
+                },
+                "properties": {
+                  "books": {
+                    "items": {
+                      "RefMetadata": {
+                        "$ref": "Book.json",
+                        "alone": true
+                      }
+                    },
+                    "type": "array"
+                  },
+                  "id": {
+                    "type": "integer"
+                  },
+                  "name": {
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "books": {
+                "items": {
+                  "RefMetadata": {
+                    "$ref": "Book.json",
+                    "alone": true
+                  }
+                },
+                "type": "array"
+              },
+              "id": {
+                "type": "integer"
+              },
+              "title": {
+                "type": "string"
+              }
+            },
+            "type": "object"
+          }
+        }
+      },
+      "file": "file",
+      "id": "0",
+      "info": {
+        "title": "Complex Cyclic References API",
+        "version": "1.0.0"
+      },
+      "openapi": "3.0.0",
+      "paths": {}
+    }
+  ]
+}

e2e/fixtures/E2E_CLI_099_YAML_PAYLOAD.json

@@ -0,0 +1,114 @@
+{
+	"document": [
+		{
+			"components": {
+				"schemas": {
+					"Author": {
+						"RefMetadata": {
+							"$ref": "./components/schemas/Author.yaml",
+							"alone": true
+						},
+						"properties": {
+							"books": {
+								"items": {
+									"RefMetadata": {
+										"$ref": "Book.yaml",
+										"alone": true
+									},
+									"properties": {
+										"author": {
+											"RefMetadata": {
+												"$ref": "Author.yaml",
+												"alone": true
+											}
+										},
+										"books": {
+											"items": {
+												"RefMetadata": {
+													"$ref": "Book.yaml",
+													"alone": true
+												}
+											},
+											"type": "array"
+										},
+										"id": {
+											"type": "integer"
+										},
+										"title": {
+											"type": "string"
+										}
+									},
+									"type": "object"
+								},
+								"type": "array"
+							},
+							"id": {
+								"type": "integer"
+							},
+							"name": {
+								"type": "string"
+							}
+						},
+						"type": "object"
+					},
+					"Book": {
+						"RefMetadata": {
+							"$ref": "./components/schemas/Book.yaml",
+							"alone": true
+						},
+						"properties": {
+							"author": {
+								"RefMetadata": {
+									"$ref": "Author.yaml",
+									"alone": true
+								},
+								"properties": {
+									"books": {
+										"items": {
+											"RefMetadata": {
+												"$ref": "Book.yaml",
+												"alone": true
+											}
+										},
+										"type": "array"
+									},
+									"id": {
+										"type": "integer"
+									},
+									"name": {
+										"type": "string"
+									}
+								},
+								"type": "object"
+							},
+							"books": {
+								"items": {
+									"RefMetadata": {
+										"$ref": "Book.yaml",
+										"alone": true
+									}
+								},
+								"type": "array"
+							},
+							"id": {
+								"type": "integer"
+							},
+							"title": {
+								"type": "string"
+							}
+						},
+						"type": "object"
+					}
+				}
+			},
+			"file": "file",
+			"id": "0",
+			"info": {
+				"title": "Complex Cyclic References API",
+				"version": "1.0.0"
+			},
+			"openapi": "3.0.0",
+			"paths": {}
+		}
+	]
+}

e2e/fixtures/samples/compare-openapi-payload-json-yaml/openAPIJson/components/schemas/Author.json

@@ -0,0 +1,17 @@
+{
+  "type": "object",
+  "properties": {
+    "id": {
+      "type": "integer"
+    },
+    "name": {
+      "type": "string"
+    },
+    "books": {
+      "type": "array",
+      "items": {
+        "$ref": "Book.json"
+      }
+    }
+  }
+}

e2e/fixtures/samples/compare-openapi-payload-json-yaml/openAPIJson/components/schemas/Book.json

@@ -0,0 +1,20 @@
+{
+  "type": "object",
+  "properties": {
+    "id": {
+      "type": "integer"
+    },
+    "title": {
+      "type": "string"
+    },
+    "author": {
+      "$ref": "Author.json"
+    },
+    "books": {
+      "type": "array",
+      "items": {
+        "$ref": "Book.json"
+      }
+    }
+  }
+}

e2e/fixtures/samples/compare-openapi-payload-json-yaml/openAPIJson/openAPI.json

@@ -0,0 +1,18 @@
+{
+  "openapi": "3.0.0",
+  "info": {
+    "title": "Complex Cyclic References API",
+    "version": "1.0.0"
+  },
+  "paths": {},
+  "components": {
+    "schemas": {
+      "Author": {
+        "$ref": "./components/schemas/Author.json"
+      },
+      "Book": {
+        "$ref": "./components/schemas/Book.json"
+      }
+    }
+  }
+}

e2e/fixtures/samples/compare-openapi-payload-json-yaml/openAPIYaml/components/schemas/Author.yaml

@@ -0,0 +1,10 @@
+type: object
+properties:
+  id:
+    type: integer
+  name:
+    type: string
+  books:
+    type: array
+    items:
+      $ref: "Book.yaml"

e2e/fixtures/samples/compare-openapi-payload-json-yaml/openAPIYaml/components/schemas/Book.yaml

@@ -0,0 +1,12 @@
+type: object
+properties:
+  id:
+    type: integer
+  title:
+    type: string
+  author:
+    $ref: "Author.yaml"
+  books:
+    type: array
+    items:
+      $ref: "Book.yaml"

e2e/fixtures/samples/compare-openapi-payload-json-yaml/openAPIYaml/openAPI.yaml

@@ -0,0 +1,11 @@
+openapi: 3.0.0
+info:
+  title: Complex Cyclic References API
+  version: 1.0.0
+paths: {}
+components:
+  schemas:
+    Author:
+      $ref: "./components/schemas/Author.yaml"
+    Book:
+      $ref: "./components/schemas/Book.yaml"

e2e/testcases/e2e-cli-099_compare_openapi_payload_json_yaml.go

@@ -0,0 +1,30 @@
+// Package testcases provides end-to-end (E2E) testing functionality for the application.
+package testcases
+
+// E2E-CLI-099 - KICS scan with OpenAPI reference resolution enabled on JSON and YAML files containing circular references.
+// The scan should complete successfully, returning exit code 50, producing equivalent payloads for both formats.
+// The only differences should be the file extensions between payloads.
+func init() { //nolint
+	testSample := TestCase{
+		Name: "scan should generate equivalent payloads for OpenAPI YAML and JSON files with circular references [E2E-CLI-099]",
+		Args: args{
+			Args: []cmdArgs{
+				[]string{
+					"scan", "-p", "\"/path/e2e/fixtures/samples/compare-openapi-payload-json-yaml/openAPIJson/openAPI.json\"",
+					"-v", "-d", "/path/e2e/output/E2E_CLI_099_JSON_PAYLOAD.json", "--enable-openapi-refs",
+				},
+				[]string{
+					"scan", "-p", "\"/path/e2e/fixtures/samples/compare-openapi-payload-json-yaml/openAPIYaml/openAPI.yaml\"",
+					"-v", "-d", "/path/e2e/output/E2E_CLI_099_YAML_PAYLOAD.json", "--enable-openapi-refs",
+				},
+			},
+			ExpectedPayload: []string{
+				"E2E_CLI_099_JSON_PAYLOAD.json",
+				"E2E_CLI_099_YAML_PAYLOAD.json",
+			},
+		},
+		WantStatus: []int{50, 50},
+	}
+
+	Tests = append(Tests, testSample)
+}

pkg/engine/provider/filesystem.go

@@ -123,7 +123,6 @@ func ignoreDamagedFiles(path string) bool {
 func (s *FileSystemSourceProvider) GetSources(ctx context.Context,
 	extensions model.Extensions, sink Sink, resolverSink ResolverSink) error {
 	for _, scanPath := range s.paths {
-		resolved := false
 		fileInfo, err := os.Stat(scanPath)
 		if err != nil {
 			return errors.Wrap(err, "failed to open path")
@@ -132,7 +131,7 @@ func (s *FileSystemSourceProvider) GetSources(ctx context.Context,
 		if !fileInfo.IsDir() {
 			c, openFileErr := openScanFile(scanPath, extensions)
 			if openFileErr != nil {
-				if openFileErr == ErrNotSupportedFile || ignoreDamagedFiles(scanPath) {
+				if errors.Is(openFileErr, ErrNotSupportedFile) || ignoreDamagedFiles(scanPath) {
 					continue
 				}
 				return openFileErr
@@ -143,7 +142,7 @@ func (s *FileSystemSourceProvider) GetSources(ctx context.Context,
 			continue
 		}
 
-		err = s.walkDir(ctx, scanPath, resolved, sink, resolverSink, extensions)
+		err = s.walkDir(ctx, scanPath, false, sink, resolverSink, extensions)
 		if err != nil {
 			return errors.Wrap(err, "failed to walk directory")
 		}