Documentation ¶
Index ¶
- Constants
- Variables
- func GetIgnoreLines(file *FileMetadata) []int
- func Range(start, end int) (lines []int)
- func RemoveDuplicates(lines []int) []int
- type AnalyzedPaths
- type CodeLine
- type CommentCommand
- type CommentsCommands
- type Counters
- type Document
- type Documents
- type Extensions
- type ExtractedPathObject
- type FileKind
- type FileMetadata
- type FileMetadatas
- type Ignore
- type IssueType
- type LineObject
- type PathParameters
- type QueryConfig
- type QueryMetadata
- type QueryResult
- type QueryResultSlice
- type ResolvedFile
- type ResolvedFileSplit
- type ResolvedFiles
- type ResolvedHelm
- type Severity
- type SeveritySummary
- type Summary
- type Times
- type Version
- type VersionResponse
- type Vulnerability
- type VulnerabilityLines
- type VulnerableFile
Constants ¶
const ( SeverityCritical = "CRITICAL" SeverityHigh = "HIGH" SeverityMedium = "MEDIUM" SeverityLow = "LOW" SeverityInfo = "INFO" SeverityTrace = "TRACE" )
Constants to describe vulnerability's severity
Variables ¶
var ( AllSeverities = []Severity{ SeverityCritical, SeverityHigh, SeverityMedium, SeverityLow, SeverityInfo, SeverityTrace, } AllIssueTypesAsString = []string{ string(IssueTypeMissingAttribute), string(IssueTypeRedundantAttribute), string(IssueTypeIncorrectValue), } )
Arrays to group all constants of one type
var ( // KICSCommentRgxp is the regexp to identify if a comment is a KICS comment KICSCommentRgxp = regexp.MustCompile(`(^|\n)((/{2})|#|;)*\s*kics-scan\s*`) // KICSGetContentCommentRgxp to gets the kics comment on the hel case KICSGetContentCommentRgxp = regexp.MustCompile(`(^|\n)((/{2})|#|;)*\s*kics-scan([^\n]*)\n`) // KICSCommentRgxpYaml is the regexp to identify if the comment has KICS comment at the end of the comment in YAML KICSCommentRgxpYaml = regexp.MustCompile(`((/{2})|#)*\s*kics-scan\s*(ignore-line|ignore-block)\s*\n*$`) )
var ( // NewIgnore is the ignore struct NewIgnore = &Ignore{} )
Functions ¶
func GetIgnoreLines ¶
func GetIgnoreLines(file *FileMetadata) []int
GetIgnoreLines get the lines to ignore in the KICS results lines ignore can have the lines from the resolved files since inspector secrets only looks to original data, the lines ignore should be replaced in yaml cases
func RemoveDuplicates ¶
RemoveDuplicates removes duplicate lines from a slice of lines.
Types ¶
type AnalyzedPaths ¶
AnalyzedPaths is a slice of types and excluded files obtained from the Analyzer
type CodeLine ¶
CodeLine is the lines containing and adjacent to the vulnerability line with their respective positions
type CommentCommand ¶
type CommentCommand string
CommentCommand represents a command given from a comment
const ( IgnoreLine CommentCommand = "ignore-line" IgnoreBlock CommentCommand = "ignore-block" IgnoreComment CommentCommand = "ignore-comment" )
Constants to describe commands given from comments
func ProcessCommands ¶
func ProcessCommands(commands []string) CommentCommand
ProcessCommands processes a slice of commands.
type CommentsCommands ¶
CommentsCommands list of commands on a file that will be parsed
type Counters ¶
type Counters struct { ScannedFiles int `json:"files_scanned"` ScannedFilesLines int `json:"lines_scanned"` ParsedFiles int `json:"files_parsed"` ParsedFilesLines int `json:"lines_parsed"` IgnoredFilesLines int `json:"lines_ignored"` FailedToScanFiles int `json:"files_failed_to_scan"` TotalQueries int `json:"queries_total"` FailedToExecuteQueries int `json:"queries_failed_to_execute"` FailedSimilarityID int `json:"queries_failed_to_compute_similarity_id"` }
Counters hold information about how many files were scanned, parsed, failed to be scaned, the total of queries and how many queries failed to execute
type Document ¶
type Document map[string]interface{}
Document
func (*Document) UnmarshalYAML ¶
UnmarshalYAML is a custom yaml parser that places line information in the payload
type Extensions ¶
type Extensions map[string]struct{}
Extensions represents a list of supported extensions
func (Extensions) Include ¶
func (e Extensions) Include(ext string) bool
Include returns true if an extension is included in supported extensions listed otherwise returns false
func (Extensions) MatchedFilesRegex ¶
func (e Extensions) MatchedFilesRegex() string
MatchedFilesRegex returns the regex rule to identify if an extension is supported or not
type ExtractedPathObject ¶
ExtractedPathObject is the struct that contains the path location of extracted source and a boolean to check if it is a local source
type FileKind ¶
type FileKind string
FileKind is the extension of a file
const ( KindTerraform FileKind = "TF" KindBICEP FileKind = "BICEP" KindJSON FileKind = "JSON" KindYAML FileKind = "YAML" KindYML FileKind = "YML" KindDOCKER FileKind = "DOCKERFILE" KindPROTO FileKind = "PROTO" KindCOMMON FileKind = "*" KindHELM FileKind = "HELM" KindBUILDAH FileKind = "SH" KindCFG FileKind = "CFG" KindINI FileKind = "INI" )
Constants to describe what kind of file refers
type FileMetadata ¶
type FileMetadata struct { ID string `db:"id"` ScanID string `db:"scan_id"` Document Document LineInfoDocument map[string]interface{} OriginalData string `db:"orig_data"` Kind FileKind `db:"kind"` FilePath string `db:"file_path"` Content string HelmID string IDInfo map[int]interface{} Commands CommentsCommands LinesIgnore []int ResolvedFiles map[string]ResolvedFile LinesOriginalData *[]string IsMinified bool }
FileMetadata is a representation of basic information and content of a file
type FileMetadatas ¶
type FileMetadatas []FileMetadata
FileMetadatas is a slice of FileMetadata
func (FileMetadatas) Combine ¶
func (m FileMetadatas) Combine(lineInfo bool) Documents
Combine merge documents from FileMetadatas using the ID as reference for Document ID and FileName as reference for file
func (FileMetadatas) ToMap ¶
func (m FileMetadatas) ToMap() map[string]FileMetadata
ToMap creates a map of FileMetadatas, which the key is the FileMedata ID and the value is the FileMetadata
type Ignore ¶
type Ignore struct { // Lines is the lines to ignore Lines []int }
Ignore is a struct that holds the lines to ignore
type LineObject ¶
type LineObject struct { Line int `json:"_kics_line"` Arr []map[string]*LineObject `json:"_kics_arr,omitempty"` }
LineObject is the struct that will hold line information for each key
type PathParameters ¶
type PathParameters struct { ScannedPaths []string PathExtractionMap map[string]ExtractedPathObject }
PathParameters - structure wraps the required fields for temporary path translation
type QueryConfig ¶
QueryConfig is a struct that contains the fileKind and platform of the rego query
type QueryMetadata ¶
type QueryMetadata struct { InputData string Query string Content string Metadata map[string]interface{} Platform string CWE string // special field for generic queries // represents how many queries are aggregated into a single rego file Aggregation int Experimental bool }
QueryMetadata is a representation of general information about a query
type QueryResult ¶
type QueryResult struct { QueryName string `json:"query_name"` QueryID string `json:"query_id"` QueryURI string `json:"query_url"` Severity Severity `json:"severity"` Platform string `json:"platform"` CWE string `json:"cwe,omitempty"` CloudProvider string `json:"cloud_provider,omitempty"` Category string `json:"category"` Experimental bool `json:"experimental"` Description string `json:"description"` DescriptionID string `json:"description_id"` CISDescriptionIDFormatted string `json:"cis_description_id,omitempty"` CISDescriptionTitle string `json:"cis_description_title,omitempty"` CISDescriptionTextFormatted string `json:"cis_description_text,omitempty"` CISDescriptionID string `json:"cis_description_id_raw,omitempty"` CISDescriptionText string `json:"cis_description_text_raw,omitempty"` CISRationaleText string `json:"cis_description_rationale,omitempty"` CISBenchmarkName string `json:"cis_benchmark_name,omitempty"` CISBenchmarkVersion string `json:"cis_benchmark_version,omitempty"` Files []VulnerableFile `json:"files"` }
QueryResult contains a query that tested positive ID, name, severity and a list of files that tested vulnerable
type QueryResultSlice ¶
type QueryResultSlice []QueryResult
QueryResultSlice is a slice of QueryResult
type ResolvedFile ¶
ResolvedFile is a struct that contains the information of a resolved file, the path and the content in bytes of the file
type ResolvedFileSplit ¶
ResolvedFileSplit is a struct that contains the information of a resolved file, the path and the lines of the file
type ResolvedFiles ¶
type ResolvedFiles struct { File []ResolvedHelm Excluded []string }
ResolvedFiles keeps the information of all file/template resolved
type ResolvedHelm ¶
type ResolvedHelm struct { FileName string Content []byte OriginalData []byte SplitID string IDInfo map[int]interface{} }
ResolvedHelm keeps the information of a file/template resolved
type SeveritySummary ¶
type SeveritySummary struct { ScanID string `json:"scan_id"` SeverityCounters map[Severity]int `json:"severity_counters"` TotalCounter int `json:"total_counter"` TotalBOMResources int `json:"total_bom_resources"` }
SeveritySummary contains scans' result numbers, how many vulnerabilities of each severity was detected
type Summary ¶
type Summary struct { Version string `json:"kics_version,omitempty"` LatestVersion Version `json:"-"` Counters SeveritySummary Times ScannedPaths []string `json:"paths"` Queries QueryResultSlice `json:"queries"` Bom QueryResultSlice `json:"bill_of_materials,omitempty"` FilePaths map[string]string `json:"-"` }
Summary is a report of a single scan
func CreateSummary ¶
func CreateSummary(counters Counters, vulnerabilities []Vulnerability, scanID string, pathExtractionMap map[string]ExtractedPathObject, version Version) Summary
CreateSummary creates a report for a single scan, based on its scanID
type Version ¶
type Version struct { Latest bool `json:"is_latest"` LatestVersionTag string `json:"latest_version"` }
Version - is the model for the version response
type VersionResponse ¶
type VersionResponse struct { Latest bool `json:"is_latest"` LatestVersionTag string `json:"latest_version"` }
VersionResponse - is the model for the version response
type Vulnerability ¶
type Vulnerability struct { ID int `json:"id"` ScanID string `db:"scan_id" json:"-"` SimilarityID string `db:"similarity_id" json:"similarityID"` OldSimilarityID string `db:"old_similarity_id" json:"oldSimilarityID"` FileID string `db:"file_id" json:"-"` FileName string `db:"file_name" json:"fileName"` QueryID string `db:"query_id" json:"queryID"` QueryName string `db:"query_name" json:"queryName"` QueryURI string `json:"-"` Category string `json:"category"` Experimental bool `json:"experimental"` Description string `json:"description"` DescriptionID string `json:"descriptionID"` Platform string `db:"platform" json:"platform"` CWE string `db:"cwe" json:"cwe"` Severity Severity `json:"severity"` Line int `json:"line"` VulnLines *[]CodeLine `json:"vulnLines"` ResourceType string `db:"resource_type" json:"resourceType"` ResourceName string `db:"resource_name" json:"resourceName"` IssueType IssueType `db:"issue_type" json:"issueType"` SearchKey string `db:"search_key" json:"searchKey"` SearchLine int `db:"search_line" json:"searchLine"` SearchValue string `db:"search_value" json:"searchValue"` KeyExpectedValue string `db:"key_expected_value" json:"expectedValue"` KeyActualValue string `db:"key_actual_value" json:"actualValue"` Value *string `db:"value" json:"value"` Output string `json:"-"` CloudProvider string `json:"cloud_provider"` Remediation string `db:"remediation" json:"remediation"` RemediationType string `db:"remediation_type" json:"remediation_type"` }
Vulnerability is a representation of a detected vulnerability in scanned files after running a query
type VulnerabilityLines ¶
type VulnerabilityLines struct { Line int VulnLines *[]CodeLine LineWithVulnerability string ResolvedFile string }
VulnerabilityLines is the representation of the found line for issue
type VulnerableFile ¶
type VulnerableFile struct { FileName string `json:"file_name"` SimilarityID string `json:"similarity_id"` OldSimilarityID string `json:"old_similarity_id,omitempty"` Line int `json:"line"` VulnLines *[]CodeLine `json:"-"` ResourceType string `json:"resource_type,omitempty"` ResourceName string `json:"resource_name,omitempty"` IssueType IssueType `json:"issue_type"` SearchKey string `json:"search_key"` SearchLine int `json:"search_line"` SearchValue string `json:"search_value"` KeyExpectedValue string `json:"expected_value"` KeyActualValue string `json:"actual_value"` Value *string `json:"value,omitempty"` Remediation string `json:"remediation,omitempty"` RemediationType string `json:"remediation_type,omitempty"` }
VulnerableFile contains information of a vulnerable file and where the vulnerability was found