Documentation
¶
Index ¶
- Constants
- type Config
- func (c *Config) GetCertInsecureSkipVerify() bool
- func (c *Config) GetCertPath() string
- func (c *Config) GetEnableGitHistoryAnalysis() bool
- func (c *Config) GetFalsePositiveHashes() string
- func (c *Config) GetFalsePositiveHashesList() (list []string)
- func (c *Config) GetFilesOrPathsToIgnore() string
- func (c *Config) GetFilterPath() string
- func (c *Config) GetHeaders() (headers map[string]string)
- func (c *Config) GetHorusecAPIUri() string
- func (c *Config) GetJSONOutputFilePath() string
- func (c *Config) GetMonitorRetryInSeconds() int64
- func (c *Config) GetPrintOutputType() string
- func (c *Config) GetProjectPath() string
- func (c *Config) GetRepositoryAuthorization() string
- func (c *Config) GetRepositoryName() string
- func (c *Config) GetReturnErrorIfFoundVulnerability() bool
- func (c *Config) GetRiskAcceptHashes() string
- func (c *Config) GetRiskAcceptHashesList() (list []string)
- func (c *Config) GetTimeoutInSecondsAnalysis() int64
- func (c *Config) GetTimeoutInSecondsRequest() int64
- func (c *Config) GetToolsToIgnore() string
- func (c *Config) GetTypesOfVulnerabilitiesToIgnore() string
- func (c *Config) GetWorkDir() *workdir.WorkDir
- func (c *Config) IsCommitAuthorEnable() bool
- func (c *Config) IsEmptyRepositoryAuthorization() bool
- func (c *Config) SetCertInsecureSkipVerify(certInsecureSkipVerify bool)
- func (c *Config) SetCertPath(certPath string)
- func (c *Config) SetConfigsFromEnvironments()
- func (c *Config) SetConfigsFromViper()
- func (c *Config) SetEnableCommitAuthor(isEnable bool)
- func (c *Config) SetEnableGitHistoryAnalysis(enableGitHistoryAnalysis bool)
- func (c *Config) SetFalsePositiveHashes(falsePositive string)
- func (c *Config) SetFilesOrPathsToIgnore(filesOrPaths string)
- func (c *Config) SetFilterPath(filterPath string)
- func (c *Config) SetHeaders(headers interface{})
- func (c *Config) SetHorusecAPIURI(horusecAPIURI string)
- func (c *Config) SetJSONOutputFilePath(jsonOutputFilePath string)
- func (c *Config) SetMonitorRetryInSeconds(retryInterval int64)
- func (c *Config) SetPrintOutputType(printOutputType string)
- func (c *Config) SetProjectPath(projectPath string)
- func (c *Config) SetRepositoryAuthorization(repositoryAuthorization string)
- func (c *Config) SetRepositoryName(repositoryName string)
- func (c *Config) SetReturnErrorIfFoundVulnerability(returnError bool)
- func (c *Config) SetRiskAcceptHashes(riskAccept string)
- func (c *Config) SetTimeoutInSecondsAnalysis(timeoutInSecondsAnalysis int64)
- func (c *Config) SetTimeoutInSecondsRequest(timeoutInSecondsRequest int64)
- func (c *Config) SetToolsToIgnore(toolsToIgnore string)
- func (c *Config) SetTypesOfVulnerabilitiesToIgnore(typesOfVulnerabilitiesToIgnore string)
- func (c *Config) SetWorkDir(toParse interface{})
- func (c *Config) ToBytes(isMarshalIndent bool) (bytes []byte)
Constants ¶
View Source
const ( // This setting has the purpose of identifying where the url where the horusec-api service is hosted will be // By default is http://0.0.0.0:8000 // Validation: It is mandatory to be a valid url EnvHorusecAPIUri = "HORUSEC_CLI_HORUSEC_API_URI" // This setting will identify how long I want to wait in seconds to send the analysis object to horusec-api // By default is 300 // Validation: It is mandatory to be greater than 10 EnvTimeoutInSecondsRequest = "HORUSEC_CLI_TIMEOUT_IN_SECONDS_REQUEST" // This setting will identify how long I want to wait in seconds to carry out an analysis that includes: // acquiring a project, sending it to analysis containers and acquiring a response // By default is 600 // Validation: It is mandatory to be greater than 10 EnvTimeoutInSecondsAnalysis = "HORUSEC_CLI_TIMEOUT_IN_SECONDS_ANALYSIS" // This setting will identify how many in how many seconds // I want to check if my analysis is close to the timeout // By default is 15 // Validation: It is mandatory to be greater than 10 EnvMonitorRetryInSeconds = "HORUSEC_CLI_MONITOR_RETRY_IN_SECONDS" // This setting is to identify which repository you are analyzing from. // This repository is created within the horusec webapp // By default is 00000000-0000-0000-0000-000000000000 // Validation: If exist It is mandatory to be valid uuid EnvRepositoryAuthorization = "HORUSEC_CLI_REPOSITORY_AUTHORIZATION" // This setting is to know what type of output you want for the analysis (text, json, sonarqube) // By default is text // Validation: It is mandatory to be in text, json, sonarqube EnvPrintOutputType = "HORUSEC_CLI_PRINT_OUTPUT_TYPE" // This setting is to know in which directory you want the output of the json file // generated by the output types json or sonarqube to be located. // By default if the type is json or sonarqube o path is ./output.json // Validation: It is mandatory to be valid path EnvJSONOutputFilePath = "HORUSEC_CLI_JSON_OUTPUT_FILEPATH" // This setting is to find out what types of severity I don't want you to recognize as a vulnerability. // The types are: "LOW", "MEDIUM", "HIGH", "NOSEC", "AUDIT" // If you want ignore other you can add in value. Ex.: "LOW, MEDIUM, NOSEC" // This setting is to know what types of severity // I do not want you to recognize as a vulnerability // and will not count towards the return of exit (1) if configured // Validation: It is mandatory to be in "LOW", "MEDIUM", "HIGH", "NOSEC", "AUDIT" EnvTypesOfVulnerabilitiesToIgnore = "HORUSEC_CLI_TYPES_OF_VULNERABILITIES_TO_IGNORE" // This setting is to know which files and folders I want to ignore to send for analysis // By default we ignore each other: // * Folders: "/.horusec/", "/.idea/", "/.vscode/", "/tmp/", "/bin/", "/node_modules/", "/vendor/" // * Files: ".jpg", ".png", ".gif", ".webp", ".tiff", ".psd", ".raw", ".bmp", ".heif", ".indd", // ".jpeg", ".svg", ".ai", ".eps", ".pdf", ".webm", ".mpg", ".mp2", ".mpeg", ".mpe", // ".mp4", ".m4p", ".m4v", ".avi", ".wmv", ".mov", ".qt", ".flv", ".swf", ".avchd", ".mpv", ".ogg", EnvFilesOrPathsToIgnore = "HORUSEC_CLI_FILES_OR_PATHS_TO_IGNORE" // This setting is to know if I want return exit(1) if I find any vulnerability in the analysis // By default is false // Validation: It is mandatory to be in "false", "true" EnvReturnErrorIfFoundVulnerability = "HORUSEC_CLI_RETURN_ERROR_IF_FOUND_VULNERABILITY" // This setting is to know if I want to change the analysis directory // and do not want to run in the current directory. // If this value is not passed, Horusec will ask if you want to run the analysis in the current directory. // If you pass it it will start the analysis in the directory informed by you without asking anything. // By default is CURRENT DIRECTORY // Validation: It is mandatory to be valid path EnvProjectPath = "HORUSEC_CLI_PROJECT_PATH" // This setting is to know in which directory I want to perform the analysis of each language. // As a key you must pass the name of the language and the value the directory from within your project. // Example: // Let's assume that your project is a netcore app using angular and has the following structure: // - NetCoreProject/ // - controllers/ // - NetCoreProject.csproj // - views/ // - pages/ // - package.json // - package-lock.json // Then your workdir would be: // { // "netCore": "NetCoreProject", // "javaScript": "NetCoreProject/views" // } // The interface is: // { // go string // netCore string // ruby string // python string // java string // kotlin string // javaScript string // git string // generic string // } // Validation: It is mandatory to be valid interface of workdir to proceed EnvWorkDirPath = "HORUSEC_CLI_WORK_DIR" // This setting is to setup the path to run analysis keep current path in your base. // By default is empty // Validation: if exists is required valid path EnvFilterPath = "HORUSEC_CLI_FILTER_PATH" // This setting is to know if I want enable run gitleaks tools // and analysis in all git history searching vulnerabilities // By default is false // Validation: It is mandatory to be in "false", "true" EnvEnableGitHistoryAnalysis = "HORUSEC_CLI_ENABLE_GIT_HISTORY_ANALYSIS" // Used to authorize the sending of unsafe requests. Its use is not recommended outside testing scenarios. // By default is false // Validation: It is mandatory to be in "false", "true" EnvCertInsecureSkipVerify = "HORUSEC_CLI_CERT_INSECURE_SKIP_VERIFY" // Used to pass the path to a certificate that will be sent on the http request to the horusec server. // Example: /home/certs/ca.crt // Validation: It must be a valid path EnvCertPath = "HORUSEC_CLI_CERT_PATH" // Used to enable or disable search with vulnerability author. // By default is false // Validation: It is mandatory to be in "false", "true" EnvEnableCommitAuthor = "HORUSEC_CLI_ENABLE_COMMIT_AUTHOR" // Used to send the repository name to the server, must be used together with the company token. // By default is empty EnvRepositoryName = "HORUSEC_CLI_REPOSITORY_NAME" // Used to skip vulnerability of type false positive // By default is empty EnvFalsePositiveHashes = "HORUSEC_CLI_FALSE_POSITIVE_HASHES" // Used to skip vulnerability of type risk accept // By default is empty EnvRiskAcceptHashes = "HORUSEC_CLI_RISK_ACCEPT_HASHES" // Used to ignore tools for run // By default is empty EnvToolsToIgnore = "HORUSEC_CLI_TOOLS_TO_IGNORE" // Used send others headers on request to send in horusec-api // By default is empty EnvHeaders = "HORUSEC_CLI_HEADERS" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
ConfigFilePath string
HorusecAPIUri string
TimeoutInSecondsRequest int64
IsTimeout bool
TimeoutInSecondsAnalysis int64
MonitorRetryInSeconds int64
RepositoryAuthorization string
Headers string
PrintOutputType string
JSONOutputFilePath string
TypesOfVulnerabilitiesToIgnore string
FilesOrPathsToIgnore string
ReturnErrorIfFoundVulnerability bool
ProjectPath string
WorkDir *workdir.WorkDir
FilterPath string
EnableGitHistoryAnalysis bool
CertInsecureSkipVerify bool
CertPath string
EnableCommitAuthor bool
RepositoryName string
FalsePositiveHashes string
RiskAcceptHashes string
ToolsToIgnore string
}
func (*Config) GetCertInsecureSkipVerify ¶
func (*Config) GetCertPath ¶
func (*Config) GetEnableGitHistoryAnalysis ¶
func (*Config) GetFalsePositiveHashes ¶ added in v1.1.0
func (*Config) GetFalsePositiveHashesList ¶ added in v1.1.0
func (*Config) GetFilesOrPathsToIgnore ¶
func (*Config) GetFilterPath ¶
func (*Config) GetHeaders ¶ added in v1.4.0
func (*Config) GetHorusecAPIUri ¶
func (*Config) GetJSONOutputFilePath ¶
func (*Config) GetMonitorRetryInSeconds ¶
func (*Config) GetPrintOutputType ¶
func (*Config) GetProjectPath ¶
func (*Config) GetRepositoryAuthorization ¶
func (*Config) GetRepositoryName ¶
func (*Config) GetReturnErrorIfFoundVulnerability ¶
func (*Config) GetRiskAcceptHashes ¶ added in v1.1.0
func (*Config) GetRiskAcceptHashesList ¶ added in v1.1.0
func (*Config) GetTimeoutInSecondsAnalysis ¶
func (*Config) GetTimeoutInSecondsRequest ¶
func (*Config) GetToolsToIgnore ¶ added in v1.3.0
func (*Config) GetTypesOfVulnerabilitiesToIgnore ¶
func (*Config) GetWorkDir ¶
func (*Config) IsCommitAuthorEnable ¶
func (*Config) IsEmptyRepositoryAuthorization ¶
func (*Config) SetCertInsecureSkipVerify ¶
func (*Config) SetCertPath ¶
func (*Config) SetEnableCommitAuthor ¶
func (*Config) SetEnableGitHistoryAnalysis ¶
func (*Config) SetFalsePositiveHashes ¶ added in v1.1.0
func (*Config) SetFilesOrPathsToIgnore ¶
func (*Config) SetFilterPath ¶
func (*Config) SetHeaders ¶ added in v1.4.0
func (c *Config) SetHeaders(headers interface{})
func (*Config) SetHorusecAPIURI ¶
func (*Config) SetJSONOutputFilePath ¶
func (*Config) SetMonitorRetryInSeconds ¶
func (*Config) SetPrintOutputType ¶
func (*Config) SetProjectPath ¶
func (*Config) SetRepositoryAuthorization ¶
func (*Config) SetRepositoryName ¶
func (*Config) SetReturnErrorIfFoundVulnerability ¶
func (*Config) SetRiskAcceptHashes ¶ added in v1.1.0
func (*Config) SetTimeoutInSecondsAnalysis ¶
func (*Config) SetTimeoutInSecondsRequest ¶
func (*Config) SetToolsToIgnore ¶ added in v1.3.0
func (*Config) SetTypesOfVulnerabilitiesToIgnore ¶
func (*Config) SetWorkDir ¶
func (c *Config) SetWorkDir(toParse interface{})
Source Files
Click to show internal directories.
Click to hide internal directories.