model

package
v1.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 2, 2022 License: Apache-2.0 Imports: 17 Imported by: 2

Documentation

Overview

Package model (go:generate go run -mod=mod github.com/mailru/easyjson/easyjson ./$GOFILE)

Index

Constants

View Source
const (
	SeverityHigh   = "HIGH"
	SeverityMedium = "MEDIUM"
	SeverityLow    = "LOW"
	SeverityInfo   = "INFO"
	SeverityTrace  = "TRACE"
)

Constants to describe vulnerability's severity

Variables

Arrays to group all constants of one type

View Source
var (
	// KICSCommentRgxp is the regexp to identify if a comment is a KICS comment
	KICSCommentRgxp = regexp.MustCompile(`^((/{2})|#)*\s*kics-scan\s*`)
	// KICSCommentRgxpYaml is the regexp to identify if the comment has KICS comment at the end of the comment in YAML
	KICSCommentRgxpYaml = regexp.MustCompile(`((/{2})|#)*\s*kics-scan\s*(ignore-line|ignore-block)\s*\n*$`)
)
View Source
var (
	// NewIgnore is the ignore struct
	NewIgnore = &Ignore{}
)

Functions

func Range added in v1.4.7

func Range(start, end int) (lines []int)

Range returns a slice of lines between the start and end line numbers.

func RemoveDuplicates added in v1.4.7

func RemoveDuplicates(lines []int) []int

RemoveDuplicates removes duplicate lines from a slice of lines.

Types

type AnalyzedPaths added in v1.5.0

type AnalyzedPaths struct {
	Types []string
	Exc   []string
}

AnalyzedPaths is a slice of types and excluded files obtained from the Analyzer

type CodeLine added in v1.2.2

type CodeLine struct {
	Position int
	Line     string
}

CodeLine is the lines containing and adjecent to the vulnerability line with their respective positions

type CommentCommand added in v1.4.7

type CommentCommand string

CommentCommand represents a command given from a comment

const (
	IgnoreLine    CommentCommand = "ignore-line"
	IgnoreBlock   CommentCommand = "ignore-block"
	IgnoreComment CommentCommand = "ignore-comment"
)

Constants to describe commands given from comments

func ProcessCommands added in v1.4.7

func ProcessCommands(commands []string) CommentCommand

ProcessCommands processes a slice of commands.

type CommentsCommands added in v1.4.1

type CommentsCommands map[string]string

CommentsCommands list of commands on a file that will be parsed

type Counters

type Counters struct {
	ScannedFiles           int `json:"files_scanned"`
	ParsedFiles            int `json:"files_parsed"`
	FailedToScanFiles      int `json:"files_failed_to_scan"`
	TotalQueries           int `json:"queries_total"`
	FailedToExecuteQueries int `json:"queries_failed_to_execute"`
	FailedSimilarityID     int `json:"queries_failed_to_compute_similarity_id"`
}

Counters hold information about how many files were scanned, parsed, failed to be scaned, the total of queries and how many queries failed to execute

type Document

type Document map[string]interface{}

Document (easyjson:json)

func (Document) MarshalEasyJSON

func (v Document) MarshalEasyJSON(w *jwriter.Writer)

MarshalEasyJSON supports easyjson.Marshaler interface

func (Document) MarshalJSON

func (v Document) MarshalJSON() ([]byte, error)

MarshalJSON supports json.Marshaler interface

func (*Document) UnmarshalEasyJSON

func (v *Document) UnmarshalEasyJSON(l *jlexer.Lexer)

UnmarshalEasyJSON supports easyjson.Unmarshaler interface

func (*Document) UnmarshalJSON

func (v *Document) UnmarshalJSON(data []byte) error

UnmarshalJSON supports json.Unmarshaler interface

func (*Document) UnmarshalYAML added in v1.4.2

func (m *Document) UnmarshalYAML(value *yaml.Node) error

UnmarshalYAML is a custom yaml parser that places line information in the payload

type Documents

type Documents struct {
	Documents []Document `json:"document"`
}

Documents (easyjson:json)

func (Documents) MarshalEasyJSON

func (v Documents) MarshalEasyJSON(w *jwriter.Writer)

MarshalEasyJSON supports easyjson.Marshaler interface

func (Documents) MarshalJSON

func (v Documents) MarshalJSON() ([]byte, error)

MarshalJSON supports json.Marshaler interface

func (*Documents) UnmarshalEasyJSON

func (v *Documents) UnmarshalEasyJSON(l *jlexer.Lexer)

UnmarshalEasyJSON supports easyjson.Unmarshaler interface

func (*Documents) UnmarshalJSON

func (v *Documents) UnmarshalJSON(data []byte) error

UnmarshalJSON supports json.Unmarshaler interface

type Extensions

type Extensions map[string]struct{}

Extensions represents a list of supported extensions

func (Extensions) Include

func (e Extensions) Include(ext string) bool

Include returns true if an extension is included in supported extensions listed otherwise returns false

func (Extensions) MatchedFilesRegex

func (e Extensions) MatchedFilesRegex() string

MatchedFilesRegex returns the regex rule to identify if an extension is supported or not

type ExtractedPathObject added in v1.3.5

type ExtractedPathObject struct {
	Path      string
	LocalPath bool
}

ExtractedPathObject is the struct that contains the path location of extracted source and a boolean to check if it is a local source

type FileKind

type FileKind string

FileKind is the extension of a file

const (
	KindTerraform FileKind = "TF"
	KindJSON      FileKind = "JSON"
	KindYAML      FileKind = "YAML"
	KindDOCKER    FileKind = "DOCKERFILE"
	KindPROTO     FileKind = "PROTO"
	KindCOMMON    FileKind = "*"
	KindHELM      FileKind = "HELM"
	KindBUILDAH   FileKind = "SH"
)

Constants to describe what kind of file refers

type FileMetadata

type FileMetadata struct {
	ID               string `db:"id"`
	ScanID           string `db:"scan_id"`
	Document         Document
	LineInfoDocument map[string]interface{}
	OriginalData     string   `db:"orig_data"`
	Kind             FileKind `db:"kind"`
	FilePath         string   `db:"file_path"`
	Content          string
	HelmID           string
	IDInfo           map[int]interface{}
	Commands         CommentsCommands
	LinesIgnore      []int
}

FileMetadata is a representation of basic information and content of a file

type FileMetadatas

type FileMetadatas []FileMetadata

FileMetadatas is a slice of FileMetadata

func (FileMetadatas) Combine

func (m FileMetadatas) Combine(lineInfo bool) Documents

Combine merge documents from FileMetadatas using the ID as reference for Document ID and FileName as reference for file

func (FileMetadatas) ToMap

func (m FileMetadatas) ToMap() map[string]FileMetadata

ToMap creates a map of FileMetadatas, which the key is the FileMedata ID and the value is the FileMetadata

type Ignore added in v1.4.7

type Ignore struct {
	// Lines is the lines to ignore
	Lines []int
}

Ignore is a struct that holds the lines to ignore

func (*Ignore) GetLines added in v1.4.7

func (i *Ignore) GetLines() []int

GetLines returns the lines to ignore

func (*Ignore) Reset added in v1.4.7

func (i *Ignore) Reset()

Reset resets the ignore struct

type IssueType

type IssueType string

IssueType is the issue's type string representation

const (
	IssueTypeMissingAttribute   IssueType = "MissingAttribute"
	IssueTypeRedundantAttribute IssueType = "RedundantAttribute"
	IssueTypeIncorrectValue     IssueType = "IncorrectValue"
)

Constants to describe issue's type

type LineObject added in v1.4.2

type LineObject struct {
	Line int                     `json:"_kics_line"`
	Arr  []map[string]LineObject `json:"_kics_arr,omitempty"`
}

LineObject is the struct that will hold line information for each key

type PathParameters added in v1.3.4

type PathParameters struct {
	ScannedPaths      []string
	PathExtractionMap map[string]ExtractedPathObject
}

PathParameters - structure wraps the required fields for temporary path translation

type QueryConfig added in v1.1.2

type QueryConfig struct {
	FileKind []FileKind
	Platform string
}

QueryConfig is a struct that contains the fileKind and platform of the rego query

type QueryMetadata

type QueryMetadata struct {
	InputData string
	Query     string
	Content   string
	Metadata  map[string]interface{}
	Platform  string
	// special field for generic queries
	// represents how many queries are aggregated into a single rego file
	Aggregation int
}

QueryMetadata is a representation of general information about a query

type QueryResult added in v1.4.5

type QueryResult struct {
	QueryName                   string           `json:"query_name"`
	QueryID                     string           `json:"query_id"`
	QueryURI                    string           `json:"query_url"`
	Severity                    Severity         `json:"severity"`
	Platform                    string           `json:"platform"`
	CloudProvider               string           `json:"cloud_provider,omitempty"`
	Category                    string           `json:"category"`
	Description                 string           `json:"description"`
	DescriptionID               string           `json:"description_id"`
	CISDescriptionIDFormatted   string           `json:"cis_description_id,omitempty"`
	CISDescriptionTitle         string           `json:"cis_description_title,omitempty"`
	CISDescriptionTextFormatted string           `json:"cis_description_text,omitempty"`
	CISDescriptionID            string           `json:"cis_description_id_raw,omitempty"`
	CISDescriptionText          string           `json:"cis_description_text_raw,omitempty"`
	CISRationaleText            string           `json:"cis_description_rationale,omitempty"`
	CISBenchmarkName            string           `json:"cis_benchmark_name,omitempty"`
	CISBenchmarkVersion         string           `json:"cis_benchmark_version,omitempty"`
	Files                       []VulnerableFile `json:"files"`
}

QueryResult contains a query that tested positive ID, name, severity and a list of files that tested vulnerable

type QueryResultSlice added in v1.4.5

type QueryResultSlice []QueryResult

QueryResultSlice is a slice of QueryResult

type ResolvedFile added in v1.2.1

type ResolvedFile struct {
	FileName     string
	Content      []byte
	OriginalData []byte
	SplitID      string
	IDInfo       map[int]interface{}
}

ResolvedFile keeps the information of a file/template resolved

type ResolvedFiles added in v1.2.1

type ResolvedFiles struct {
	File     []ResolvedFile
	Excluded []string
}

ResolvedFiles keeps the information of all file/template resolved

type Severity

type Severity string

Severity of the vulnerability

type SeveritySummary

type SeveritySummary struct {
	ScanID            string           `json:"scan_id"`
	SeverityCounters  map[Severity]int `json:"severity_counters"`
	TotalCounter      int              `json:"total_counter"`
	TotalBOMResources int              `json:"total_bom_resources"`
}

SeveritySummary contains scans' result numbers, how many vulnerabilities of each severity was detected

type Summary

type Summary struct {
	Version       string  `json:"kics_version,omitempty"`
	LatestVersion Version `json:"-"`
	Counters
	SeveritySummary
	Times
	ScannedPaths []string          `json:"paths"`
	Queries      QueryResultSlice  `json:"queries"`
	Bom          QueryResultSlice  `json:"bill_of_materials,omitempty"`
	FilePaths    map[string]string `json:"-"`
}

Summary is a report of a single scan

func CreateSummary

func CreateSummary(counters Counters, vulnerabilities []Vulnerability,
	scanID string, pathExtractionMap map[string]ExtractedPathObject, version Version) Summary

CreateSummary creates a report for a single scan, based on its scanID

type Times added in v1.3.2

type Times struct {
	Start time.Time `json:"start"`
	End   time.Time `json:"end"`
}

Times represents an object that contains the start and end time of the scan

type Version added in v1.4.6

type Version struct {
	Latest           bool   `json:"is_latest"`
	LatestVersionTag string `json:"latest_version"`
}

Version - is the model for the version response

type VersionResponse added in v1.4.6

type VersionResponse struct {
	Latest           bool   `json:"is_latest"`
	LatestVersionTag string `json:"latest_version"`
}

VersionResponse - is the model for the version response

type Vulnerability

type Vulnerability struct {
	ID               int        `json:"id"`
	ScanID           string     `db:"scan_id" json:"-"`
	SimilarityID     string     `db:"similarity_id" json:"similarityID"`
	FileID           string     `db:"file_id" json:"-"`
	FileName         string     `db:"file_name" json:"fileName"`
	QueryID          string     `db:"query_id" json:"queryID"`
	QueryName        string     `db:"query_name" json:"queryName"`
	QueryURI         string     `json:"-"`
	Category         string     `json:"category"`
	Description      string     `json:"description"`
	DescriptionID    string     `json:"descriptionID"`
	Platform         string     `db:"platform" json:"platform"`
	Severity         Severity   `json:"severity"`
	Line             int        `json:"line"`
	VulnLines        []CodeLine `json:"vulnLines"`
	IssueType        IssueType  `db:"issue_type" json:"issueType"`
	SearchKey        string     `db:"search_key" json:"searchKey"`
	SearchLine       int        `db:"search_line" json:"searchLine"`
	SearchValue      string     `db:"search_value" json:"searchValue"`
	KeyExpectedValue string     `db:"key_expected_value" json:"expectedValue"`
	KeyActualValue   string     `db:"key_actual_value" json:"actualValue"`
	Value            *string    `db:"value" json:"value"`
	Output           string     `json:"-"`
	CloudProvider    string     `json:"cloud_provider"`
}

Vulnerability is a representation of a detected vulnerability in scanned files after running a query

type VulnerabilityLines added in v1.2.2

type VulnerabilityLines struct {
	Line                 int
	VulnLines            []CodeLine
	LineWithVulnerabilty string
}

VulnerabilityLines is the representation of the found line for issue

type VulnerableFile

type VulnerableFile struct {
	FileName         string     `json:"file_name"`
	SimilarityID     string     `json:"similarity_id"`
	Line             int        `json:"line"`
	VulnLines        []CodeLine `json:"-"`
	IssueType        IssueType  `json:"issue_type"`
	SearchKey        string     `json:"search_key"`
	SearchLine       int        `json:"search_line"`
	SearchValue      string     `json:"search_value"`
	KeyExpectedValue string     `json:"expected_value"`
	KeyActualValue   string     `json:"actual_value"`
	Value            *string    `json:"value,omitempty"`
}

VulnerableFile contains information of a vulnerable file and where the vulnerability was found

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL