engine

package
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 10, 2021 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	UndetectedVulnerabilityLine = -1
	DefaultQueryID              = "Undefined"
	DefaultQueryName            = "Anonymous"
	DefaultQueryDescription     = "Undefined"
	DefaultQueryURI             = "https://github.com/Checkmarx/kics/"
	DefaultIssueType            = model.IssueTypeIncorrectValue
)

Default values for inspector

Variables

View Source 
var DefaultVulnerabilityBuilder = func(ctx *QueryContext, tracker Tracker, v interface{}) (model.Vulnerability, error) {
	vObj, ok := v.(map[string]interface{})
	if !ok {
		return model.Vulnerability{}, ErrInvalidResult
	}

	vObj = mergeWithMetadata(vObj, ctx.query.metadata.Metadata)

	var err error
	var output []byte

	output, err = json.Marshal(vObj)
	if err != nil {
		return model.Vulnerability{}, errors.Wrap(err, "failed to marshall query output")
	}

	var fileID *string

	fileID, err = mapKeyToString(vObj, "documentId", false)
	if err != nil {
		return model.Vulnerability{}, errors.Wrap(err, "failed to recognize file id")
	}

	file, ok := ctx.files[*fileID]
	if !ok {
		return model.Vulnerability{}, errors.New("failed to find file from query response")
	}

	logWithFields := log.With().
		Str("scanID", ctx.scanID).
		Str("fileName", file.FileName).
		Str("queryName", ctx.query.metadata.Query).
		Logger()

	linesVulne := vulnerabilityLines{
		line:     UndetectedVulnerabilityLine,
		vulnLine: model.VulnLines{},
	}
	searchKey := ""
	if s, ok := vObj["searchKey"]; ok {
		searchKey = s.(string)
		switch file.Kind {
		case model.KindDOCKER:
			linesVulne = detectDockerLine(&file, searchKey, &logWithFields, tracker.GetOutputLines())
		default:
			linesVulne = detectLine(&file, searchKey, &logWithFields, tracker.GetOutputLines())
		}
	} else {
		logWithFields.Error().Msg("saving result. failed to detect line")
	}

	searchValue := ""
	if s, ok := vObj["searchValue"]; ok {
		searchValue = s.(string)
	}

	queryID := getStringFromMap("id", DefaultQueryID, vObj, &logWithFields)

	var severity model.Severity = model.SeverityInfo
	var s *string

	if s, err = mapKeyToString(vObj, "severity", false); err == nil {
		su := strings.ToUpper(*s)
		var found bool
		for _, si := range model.AllSeverities {
			if su == string(si) {
				severity = si
				found = true
				break
			}
		}

		if !found {
			logWithFields.Warn().Str("severity", *s).Msg("saving result. invalid severity constant value")
		}
	} else {
		logWithFields.Info().Msg("saving result. failed to detect severity")
	}

	issueType := DefaultIssueType
	if v := mustMapKeyToString(vObj, "issueType"); v != nil {
		issueType = model.IssueType(*v)
	}

	var similarityID *string

	similarityID, err = ComputeSimilarityID(ctx.baseScanPath, file.FileName, queryID, searchKey, searchValue)
	if err != nil {
		logWithFields.Err(err).Send()
		tracker.FailedComputeSimilarityID()
	}

	return model.Vulnerability{
		ID:               0,
		SimilarityID:     ptrStringToString(similarityID),
		ScanID:           ctx.scanID,
		FileID:           file.ID,
		FileName:         file.FileName,
		QueryName:        getStringFromMap("queryName", DefaultQueryName, vObj, &logWithFields),
		QueryID:          queryID,
		QueryURI:         getStringFromMap("descriptionUrl", DefaultQueryURI, vObj, &logWithFields),
		Category:         getStringFromMap("category", "", vObj, &logWithFields),
		Description:      getStringFromMap("descriptionText", "", vObj, &logWithFields),
		Severity:         severity,
		Platform:         getStringFromMap("platform", "", vObj, &logWithFields),
		Line:             linesVulne.line,
		VulnLines:        linesVulne.vulnLine,
		IssueType:        issueType,
		SearchKey:        searchKey,
		SearchValue:      searchValue,
		KeyExpectedValue: ptrStringToString(mustMapKeyToString(vObj, "keyExpectedValue")),
		KeyActualValue:   ptrStringToString(mustMapKeyToString(vObj, "keyActualValue")),
		Value:            mustMapKeyToString(vObj, "value"),
		Output:           string(output),
	}, nil
}

DefaultVulnerabilityBuilder defines a vulnerability builder to execute default actions of scan

View Source 
var ErrInvalidResult = errors.New("query: invalid result format")

ErrInvalidResult - error representing invalid result

View Source 
var ErrNoResult = errors.New("query: not result")

ErrNoResult - error representing when a query didn't return a result

Functions

func ComputeSimilarityID added in v1.1.2 

func ComputeSimilarityID(basePath, filePath, queryID, searchKey, searchValue string) (*string, error)

ComputeSimilarityID This function receives four string parameters and computes a sha256 hash

Types

type Inspector 

type Inspector struct {
	// contains filtered or unexported fields
}

Inspector represents a list of compiled queries, a builder for vulnerabilities, an information tracker a flag to enable coverage and the coverage report if it is enabled

func NewInspector 

func NewInspector(
	ctx context.Context,
	source QueriesSource,
	vb VulnerabilityBuilder,
	tracker Tracker,
	excludeQueries []string,
	excludeResults map[string]bool) (*Inspector, error)

NewInspector initializes a inspector, compiling and loading queries for scan and its tracker

func (*Inspector) EnableCoverageReport 

func (c *Inspector) EnableCoverageReport()

EnableCoverageReport enables the flag to create a coverage report

func (*Inspector) GetCoverageReport 

func (c *Inspector) GetCoverageReport() cover.Report

GetCoverageReport returns the scan coverage report

func (*Inspector) GetFailedQueries added in v1.1.2 

func (c *Inspector) GetFailedQueries() map[string]error

GetFailedQueries returns a map of failed queries and the associated error

func (*Inspector) Inspect 

func (c *Inspector) Inspect(
	ctx context.Context,
	scanID string,
	files model.FileMetadatas,
	hideProgress bool,
	baseScanPath string) ([]model.Vulnerability, error)

Inspect scan files and return the a list of vulnerabilities found on the process

type QueriesSource 

type QueriesSource interface {
	GetQueries(excludeQueries []string) ([]model.QueryMetadata, error)
	GetGenericQuery(platform string) (string, error)
}

QueriesSource wraps an interface that contains basic methods: GetQueries and GetGenericQuery GetQueries gets all queries from a QueryMetadata list GetGenericQuery gets a base query based in plataform's name

type QueryContext 

type QueryContext struct {
	// contains filtered or unexported fields
}

QueryContext contains the context where the query is executed, which scan it belongs, basic information of query, the query compiled and its payload

type Tracker 

type Tracker interface {
	TrackQueryLoad(queryAggregation int)
	TrackQueryExecution(queryAggregation int)
	FailedDetectLine()
	FailedComputeSimilarityID()
	GetOutputLines() int
}

Tracker wraps an interface that contain basic methods: TrackQueryLoad, TrackQueryExecution and FailedDetectLine TrackQueryLoad increments the number of loaded queries TrackQueryExecution increments the number of queries executed FailedDetectLine decrements the number of queries executed GetOutputLines returns the number of lines to be displayed in results outputs

type VulnerabilityBuilder 

type VulnerabilityBuilder func(ctx *QueryContext, tracker Tracker, v interface{}) (model.Vulnerability, error)

VulnerabilityBuilder represents a function that will build a vulnerability

Source Files

View all Source files

Directories

Path Synopsis
Package mock is a generated GoMock package.
 Package mock is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.