Documentation ¶
Index ¶
Constants ¶
const ( UndetectedVulnerabilityLine = -1 DefaultQueryID = "Undefined" DefaultQueryName = "Anonymous" DefaultQueryDescription = "Undefined" DefaultQueryURI = "https://github.com/Checkmarx/kics/" DefaultIssueType = model.IssueTypeIncorrectValue )
Default values for inspector
Variables ¶
var DefaultVulnerabilityBuilder = func(ctx *QueryContext, tracker Tracker, v interface{}) (model.Vulnerability, error) { vObj, ok := v.(map[string]interface{}) if !ok { return model.Vulnerability{}, ErrInvalidResult } vObj = mergeWithMetadata(vObj, ctx.query.metadata.Metadata) var err error var output []byte output, err = json.Marshal(vObj) if err != nil { return model.Vulnerability{}, errors.Wrap(err, "failed to marshall query output") } var fileID *string fileID, err = mapKeyToString(vObj, "documentId", false) if err != nil { return model.Vulnerability{}, errors.Wrap(err, "failed to recognize file id") } file, ok := ctx.files[*fileID] if !ok { return model.Vulnerability{}, errors.New("failed to find file from query response") } logWithFields := log.With(). Str("scanID", ctx.scanID). Str("fileName", file.FileName). Str("queryName", ctx.query.metadata.Query). Logger() linesVulne := vulnerabilityLines{ line: UndetectedVulnerabilityLine, vulnLine: model.VulnLines{}, } searchKey := "" if s, ok := vObj["searchKey"]; ok { searchKey = s.(string) switch file.Kind { case model.KindDOCKER: linesVulne = detectDockerLine(&file, searchKey, &logWithFields, tracker.GetOutputLines()) default: linesVulne = detectLine(&file, searchKey, &logWithFields, tracker.GetOutputLines()) } } else { logWithFields.Error().Msg("saving result. failed to detect line") } searchValue := "" if s, ok := vObj["searchValue"]; ok { searchValue = s.(string) } queryID := getStringFromMap("id", DefaultQueryID, vObj, &logWithFields) var severity model.Severity = model.SeverityInfo var s *string if s, err = mapKeyToString(vObj, "severity", false); err == nil { su := strings.ToUpper(*s) var found bool for _, si := range model.AllSeverities { if su == string(si) { severity = si found = true break } } if !found { logWithFields.Warn().Str("severity", *s).Msg("saving result. invalid severity constant value") } } else { logWithFields.Info().Msg("saving result. failed to detect severity") } issueType := DefaultIssueType if v := mustMapKeyToString(vObj, "issueType"); v != nil { issueType = model.IssueType(*v) } var similarityID *string similarityID, err = ComputeSimilarityID(ctx.baseScanPath, file.FileName, queryID, searchKey, searchValue) if err != nil { logWithFields.Err(err).Send() tracker.FailedComputeSimilarityID() } return model.Vulnerability{ ID: 0, SimilarityID: ptrStringToString(similarityID), ScanID: ctx.scanID, FileID: file.ID, FileName: file.FileName, QueryName: getStringFromMap("queryName", DefaultQueryName, vObj, &logWithFields), QueryID: queryID, QueryURI: getStringFromMap("descriptionUrl", DefaultQueryURI, vObj, &logWithFields), Category: getStringFromMap("category", "", vObj, &logWithFields), Description: getStringFromMap("descriptionText", "", vObj, &logWithFields), Severity: severity, Platform: getStringFromMap("platform", "", vObj, &logWithFields), Line: linesVulne.line, VulnLines: linesVulne.vulnLine, IssueType: issueType, SearchKey: searchKey, SearchValue: searchValue, KeyExpectedValue: ptrStringToString(mustMapKeyToString(vObj, "keyExpectedValue")), KeyActualValue: ptrStringToString(mustMapKeyToString(vObj, "keyActualValue")), Value: mustMapKeyToString(vObj, "value"), Output: string(output), }, nil }
DefaultVulnerabilityBuilder defines a vulnerability builder to execute default actions of scan
var ErrInvalidResult = errors.New("query: invalid result format")
ErrInvalidResult - error representing invalid result
var ErrNoResult = errors.New("query: not result")
ErrNoResult - error representing when a query didn't return a result
Functions ¶
func ComputeSimilarityID ¶ added in v1.1.2
func ComputeSimilarityID(basePath, filePath, queryID, searchKey, searchValue string) (*string, error)
ComputeSimilarityID This function receives four string parameters and computes a sha256 hash
Types ¶
type Inspector ¶
type Inspector struct {
// contains filtered or unexported fields
}
Inspector represents a list of compiled queries, a builder for vulnerabilities, an information tracker a flag to enable coverage and the coverage report if it is enabled
func NewInspector ¶
func NewInspector( ctx context.Context, source QueriesSource, vb VulnerabilityBuilder, tracker Tracker, excludeQueries []string, excludeResults map[string]bool) (*Inspector, error)
NewInspector initializes a inspector, compiling and loading queries for scan and its tracker
func (*Inspector) EnableCoverageReport ¶
func (c *Inspector) EnableCoverageReport()
EnableCoverageReport enables the flag to create a coverage report
func (*Inspector) GetCoverageReport ¶
GetCoverageReport returns the scan coverage report
func (*Inspector) GetFailedQueries ¶ added in v1.1.2
GetFailedQueries returns a map of failed queries and the associated error
type QueriesSource ¶
type QueriesSource interface { GetQueries(excludeQueries []string) ([]model.QueryMetadata, error) GetGenericQuery(platform string) (string, error) }
QueriesSource wraps an interface that contains basic methods: GetQueries and GetGenericQuery GetQueries gets all queries from a QueryMetadata list GetGenericQuery gets a base query based in plataform's name
type QueryContext ¶
type QueryContext struct {
// contains filtered or unexported fields
}
QueryContext contains the context where the query is executed, which scan it belongs, basic information of query, the query compiled and its payload
type Tracker ¶
type Tracker interface { TrackQueryLoad(queryAggregation int) TrackQueryExecution(queryAggregation int) FailedDetectLine() FailedComputeSimilarityID() GetOutputLines() int }
Tracker wraps an interface that contain basic methods: TrackQueryLoad, TrackQueryExecution and FailedDetectLine TrackQueryLoad increments the number of loaded queries TrackQueryExecution increments the number of queries executed FailedDetectLine decrements the number of queries executed GetOutputLines returns the number of lines to be displayed in results outputs
type VulnerabilityBuilder ¶
type VulnerabilityBuilder func(ctx *QueryContext, tracker Tracker, v interface{}) (model.Vulnerability, error)
VulnerabilityBuilder represents a function that will build a vulnerability