The highest tagged major version is
Documentation
¶
Overview ¶
Package model (go:generate go run -mod=mod github.com/mailru/easyjson/easyjson ./$GOFILE)
Index ¶
- Constants
- Variables
- func Range(start, end int) (lines []int)
- func RemoveDuplicates(lines []int) []int
- type AnalyzedPaths
- type CodeLine
- type CommentCommand
- type CommentsCommands
- type Counters
- type Document
- type Documents
- type Extensions
- type ExtractedPathObject
- type FileKind
- type FileMetadata
- type FileMetadatas
- type Ignore
- type IssueType
- type LineObject
- type PathParameters
- type QueryConfig
- type QueryMetadata
- type QueryResult
- type QueryResultSlice
- type ResolvedFile
- type ResolvedFiles
- type Severity
- type SeveritySummary
- type Summary
- type Times
- type Version
- type VersionResponse
- type Vulnerability
- type VulnerabilityLines
- type VulnerableFile
Constants ¶
const ( SeverityHigh = "HIGH" SeverityMedium = "MEDIUM" SeverityLow = "LOW" SeverityInfo = "INFO" SeverityTrace = "TRACE" )
Constants to describe vulnerability's severity
Variables ¶
var ( AllSeverities = []Severity{ SeverityHigh, SeverityMedium, SeverityLow, SeverityInfo, SeverityTrace, } AllIssueTypesAsString = []string{ string(IssueTypeMissingAttribute), string(IssueTypeRedundantAttribute), string(IssueTypeIncorrectValue), } )
Arrays to group all constants of one type
var ( // KICSCommentRgxp is the regexp to identify if a comment is a KICS comment KICSCommentRgxp = regexp.MustCompile(`^((/{2})|#)*\s*kics-scan\s*`) // KICSCommentRgxpYaml is the regexp to identify if the comment has KICS comment at the end of the comment in YAML KICSCommentRgxpYaml = regexp.MustCompile(`((/{2})|#)*\s*kics-scan\s*(ignore-line|ignore-block)\s*\n*$`) )
var ( // NewIgnore is the ignore struct NewIgnore = &Ignore{} )
Functions ¶
func RemoveDuplicates ¶ added in v1.4.7
RemoveDuplicates removes duplicate lines from a slice of lines.
Types ¶
type AnalyzedPaths ¶ added in v1.5.0
AnalyzedPaths is a slice of types and excluded files obtained from the Analyzer
type CodeLine ¶ added in v1.2.2
CodeLine is the lines containing and adjecent to the vulnerability line with their respective positions
type CommentCommand ¶ added in v1.4.7
type CommentCommand string
CommentCommand represents a command given from a comment
const ( IgnoreLine CommentCommand = "ignore-line" IgnoreBlock CommentCommand = "ignore-block" IgnoreComment CommentCommand = "ignore-comment" )
Constants to describe commands given from comments
func ProcessCommands ¶ added in v1.4.7
func ProcessCommands(commands []string) CommentCommand
ProcessCommands processes a slice of commands.
type CommentsCommands ¶ added in v1.4.1
CommentsCommands list of commands on a file that will be parsed
type Counters ¶
type Counters struct {
ScannedFiles int `json:"files_scanned"`
ScannedFilesLines int `json:"lines_scanned"`
ParsedFiles int `json:"files_parsed"`
ParsedFilesLines int `json:"lines_parsed"`
FailedToScanFiles int `json:"files_failed_to_scan"`
TotalQueries int `json:"queries_total"`
FailedToExecuteQueries int `json:"queries_failed_to_execute"`
FailedSimilarityID int `json:"queries_failed_to_compute_similarity_id"`
}
Counters hold information about how many files were scanned, parsed, failed to be scaned, the total of queries and how many queries failed to execute
type Document ¶
type Document map[string]interface{}
Document (easyjson:json)
func (Document) MarshalEasyJSON ¶
MarshalEasyJSON supports easyjson.Marshaler interface
func (Document) MarshalJSON ¶
MarshalJSON supports json.Marshaler interface
func (*Document) UnmarshalEasyJSON ¶
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
func (*Document) UnmarshalJSON ¶
UnmarshalJSON supports json.Unmarshaler interface
func (*Document) UnmarshalYAML ¶ added in v1.4.2
UnmarshalYAML is a custom yaml parser that places line information in the payload
type Documents ¶
type Documents struct {
Documents []Document `json:"document"`
}
Documents (easyjson:json)
func (Documents) MarshalEasyJSON ¶
MarshalEasyJSON supports easyjson.Marshaler interface
func (Documents) MarshalJSON ¶
MarshalJSON supports json.Marshaler interface
func (*Documents) UnmarshalEasyJSON ¶
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
func (*Documents) UnmarshalJSON ¶
UnmarshalJSON supports json.Unmarshaler interface
type Extensions ¶
type Extensions map[string]struct{}
Extensions represents a list of supported extensions
func (Extensions) Include ¶
func (e Extensions) Include(ext string) bool
Include returns true if an extension is included in supported extensions listed otherwise returns false
func (Extensions) MatchedFilesRegex ¶
func (e Extensions) MatchedFilesRegex() string
MatchedFilesRegex returns the regex rule to identify if an extension is supported or not
type ExtractedPathObject ¶ added in v1.3.5
ExtractedPathObject is the struct that contains the path location of extracted source and a boolean to check if it is a local source
type FileMetadata ¶
type FileMetadata struct {
ID string `db:"id"`
ScanID string `db:"scan_id"`
Document Document
LineInfoDocument map[string]interface{}
OriginalData string `db:"orig_data"`
Kind FileKind `db:"kind"`
FilePath string `db:"file_path"`
Content string
HelmID string
IDInfo map[int]interface{}
Commands CommentsCommands
LinesIgnore []int
}
FileMetadata is a representation of basic information and content of a file
type FileMetadatas ¶
type FileMetadatas []FileMetadata
FileMetadatas is a slice of FileMetadata
func (FileMetadatas) Combine ¶
func (m FileMetadatas) Combine(lineInfo bool) Documents
Combine merge documents from FileMetadatas using the ID as reference for Document ID and FileName as reference for file
func (FileMetadatas) ToMap ¶
func (m FileMetadatas) ToMap() map[string]FileMetadata
ToMap creates a map of FileMetadatas, which the key is the FileMedata ID and the value is the FileMetadata
type Ignore ¶ added in v1.4.7
type Ignore struct {
// Lines is the lines to ignore
Lines []int
}
Ignore is a struct that holds the lines to ignore
type LineObject ¶ added in v1.4.2
type LineObject struct {
Line int `json:"_kics_line"`
Arr []map[string]*LineObject `json:"_kics_arr,omitempty"`
}
LineObject is the struct that will hold line information for each key
type PathParameters ¶ added in v1.3.4
type PathParameters struct {
ScannedPaths []string
PathExtractionMap map[string]ExtractedPathObject
}
PathParameters - structure wraps the required fields for temporary path translation
type QueryConfig ¶ added in v1.1.2
QueryConfig is a struct that contains the fileKind and platform of the rego query
type QueryMetadata ¶
type QueryMetadata struct {
InputData string
Query string
Content string
Metadata map[string]interface{}
Platform string
// special field for generic queries
// represents how many queries are aggregated into a single rego file
Aggregation int
}
QueryMetadata is a representation of general information about a query
type QueryResult ¶ added in v1.4.5
type QueryResult struct {
QueryName string `json:"query_name"`
QueryID string `json:"query_id"`
QueryURI string `json:"query_url"`
Severity Severity `json:"severity"`
Platform string `json:"platform"`
CloudProvider string `json:"cloud_provider,omitempty"`
Category string `json:"category"`
Description string `json:"description"`
DescriptionID string `json:"description_id"`
CISDescriptionIDFormatted string `json:"cis_description_id,omitempty"`
CISDescriptionTitle string `json:"cis_description_title,omitempty"`
CISDescriptionTextFormatted string `json:"cis_description_text,omitempty"`
CISDescriptionID string `json:"cis_description_id_raw,omitempty"`
CISDescriptionText string `json:"cis_description_text_raw,omitempty"`
CISRationaleText string `json:"cis_description_rationale,omitempty"`
CISBenchmarkName string `json:"cis_benchmark_name,omitempty"`
CISBenchmarkVersion string `json:"cis_benchmark_version,omitempty"`
Files []VulnerableFile `json:"files"`
}
QueryResult contains a query that tested positive ID, name, severity and a list of files that tested vulnerable
type QueryResultSlice ¶ added in v1.4.5
type QueryResultSlice []QueryResult
QueryResultSlice is a slice of QueryResult
type ResolvedFile ¶ added in v1.2.1
type ResolvedFile struct {
FileName string
Content []byte
OriginalData []byte
SplitID string
IDInfo map[int]interface{}
}
ResolvedFile keeps the information of a file/template resolved
type ResolvedFiles ¶ added in v1.2.1
type ResolvedFiles struct {
File []ResolvedFile
Excluded []string
}
ResolvedFiles keeps the information of all file/template resolved
type SeveritySummary ¶
type SeveritySummary struct {
ScanID string `json:"scan_id"`
SeverityCounters map[Severity]int `json:"severity_counters"`
TotalCounter int `json:"total_counter"`
TotalBOMResources int `json:"total_bom_resources"`
}
SeveritySummary contains scans' result numbers, how many vulnerabilities of each severity was detected
type Summary ¶
type Summary struct {
Version string `json:"kics_version,omitempty"`
LatestVersion Version `json:"-"`
Counters
SeveritySummary
Times
ScannedPaths []string `json:"paths"`
Queries QueryResultSlice `json:"queries"`
Bom QueryResultSlice `json:"bill_of_materials,omitempty"`
FilePaths map[string]string `json:"-"`
}
Summary is a report of a single scan
func CreateSummary ¶
func CreateSummary(counters Counters, vulnerabilities []Vulnerability, scanID string, pathExtractionMap map[string]ExtractedPathObject, version Version) Summary
CreateSummary creates a report for a single scan, based on its scanID
type Times ¶ added in v1.3.2
Times represents an object that contains the start and end time of the scan
type Version ¶ added in v1.4.6
type Version struct {
Latest bool `json:"is_latest"`
LatestVersionTag string `json:"latest_version"`
}
Version - is the model for the version response
type VersionResponse ¶ added in v1.4.6
type VersionResponse struct {
Latest bool `json:"is_latest"`
LatestVersionTag string `json:"latest_version"`
}
VersionResponse - is the model for the version response
type Vulnerability ¶
type Vulnerability struct {
ID int `json:"id"`
ScanID string `db:"scan_id" json:"-"`
SimilarityID string `db:"similarity_id" json:"similarityID"`
FileID string `db:"file_id" json:"-"`
FileName string `db:"file_name" json:"fileName"`
QueryID string `db:"query_id" json:"queryID"`
QueryName string `db:"query_name" json:"queryName"`
QueryURI string `json:"-"`
Category string `json:"category"`
Description string `json:"description"`
DescriptionID string `json:"descriptionID"`
Platform string `db:"platform" json:"platform"`
Severity Severity `json:"severity"`
Line int `json:"line"`
VulnLines []CodeLine `json:"vulnLines"`
IssueType IssueType `db:"issue_type" json:"issueType"`
SearchKey string `db:"search_key" json:"searchKey"`
SearchLine int `db:"search_line" json:"searchLine"`
SearchValue string `db:"search_value" json:"searchValue"`
KeyExpectedValue string `db:"key_expected_value" json:"expectedValue"`
KeyActualValue string `db:"key_actual_value" json:"actualValue"`
Value *string `db:"value" json:"value"`
Output string `json:"-"`
CloudProvider string `json:"cloud_provider"`
}
Vulnerability is a representation of a detected vulnerability in scanned files after running a query
type VulnerabilityLines ¶ added in v1.2.2
VulnerabilityLines is the representation of the found line for issue
type VulnerableFile ¶
type VulnerableFile struct {
FileName string `json:"file_name"`
SimilarityID string `json:"similarity_id"`
Line int `json:"line"`
VulnLines []CodeLine `json:"-"`
IssueType IssueType `json:"issue_type"`
SearchKey string `json:"search_key"`
SearchLine int `json:"search_line"`
SearchValue string `json:"search_value"`
KeyExpectedValue string `json:"expected_value"`
KeyActualValue string `json:"actual_value"`
Value *string `json:"value,omitempty"`
}
VulnerableFile contains information of a vulnerable file and where the vulnerability was found
Source Files