Documentation
¶
Index ¶
- Constants
- Variables
- func CloneGitRepository(target string, branch string, depth int) (string, string, error)
- func ComputeFingerprint(args ...interface{}) string
- func GenerateGithubURL(target string, branch string, file string, line int) string
- func IsAWSAccReachable(accARN, assumeRoleURL, role string, sessDuration int) (bool, *credentials.Credentials, error)
- func IsDockerImgReachable(target, user, pass string) (bool, error)
- func IsDomainReachable(target string) (bool, error)
- func IsGitRepoReachable(target, user, pass string) bool
- func IsHostnameReachable(target string) bool
- func IsReachable(target, assetType string, creds ServiceCreds) (bool, error)
- func IsRedirectingTo(url, domain string) (res bool, lastHostname string, err error)
- func IsScannable(asset string) bool
- func IsWebAddrsReachable(target string) bool
- type AWSCreds
- type DockerCreds
- type GitCreds
- type ServiceCreds
Constants ¶
const (
// OKTADomain contains the domainname of OKTA service.
OKTADomain = "okta.com"
)
Variables ¶
var ( // ErrFailedToGetDNSAnswer represents error returned // when unable to get a valid answer from the current // configured dns servers. ErrFailedToGetDNSAnswer = errors.New("failed to get a valid answer") NotScannableNetsIPV4 []*net.IPNet NotScannableNetsIPV6 []*net.IPNet )
var DockerHubCreds = &DockerCreds{}
DockerHubCreds represents a void DockerCreds struct allowed to be used with Docker Hub registry.
Functions ¶
func CloneGitRepository ¶
CloneGitRepository clones a Git repository into a temporary directory and returns the path and branch name. If a branch is not specified, the default branch will be used and its name will be returned.
func ComputeFingerprint ¶
func ComputeFingerprint(args ...interface{}) string
func GenerateGithubURL ¶
GenerateGithubURL returns a URL poiting to a line of a file on a specific branch in the Github web application.
func IsAWSAccReachable ¶
func IsAWSAccReachable(accARN, assumeRoleURL, role string, sessDuration int) (bool, *credentials.Credentials, error)
IsAWSAccReachable returns whether the AWS account associated with the input ARN allows to assume role with the given params through the vulcan-assume-role service. If role is assumed correctly for the given account, STS credentials are returned.
func IsDockerImgReachable ¶
IsDockerImgReachable returns whether the input Docker image exists in the registry. Void user and pass does not produce an error as long as a token can be generated without authentication.
In order to verify if the Docker image exists, we perform a request to registry API endpoint to get data for given image and tag. This functionality at the moment of this writing is still not implemented in Docker client, so we have to contact registry's REST API directly. Reference: https://github.com/moby/moby/issues/14254
func IsDomainReachable ¶
IsDomainReachable returns whether the input target is a reachable Domain Name. The criteria to determine a target as a Domain is the existence of a SOA record.
func IsGitRepoReachable ¶
IsGitRepoReachable returns whether the input Git repository is reachable by performing a ls-remote. If no authentication is required, user and pass parameters can be void.
func IsHostnameReachable ¶
IsHostnameReachable returns whether the input hostname target can be resolved.
func IsReachable ¶
func IsReachable(target, assetType string, creds ServiceCreds) (bool, error)
IsReachable returns whether target is reachable so the check execution can be performed.
ServiceCredentials are required for AWS, Docker and Git types. Constructors for AWS, Docker and Git credentials can be found in this same package.
Verifications made depend on the asset type:
- IP: None.
- IPRange: None.
- Hostname: NS Lookup resolution.
- WebAddress: HTTP GET request.
- DomainName: NS Lookup checking SOA record.
- AWSAccount: Assume Role.
- DockerImage: Check image exists in registry.
- GitRepository: Git ls-remote.
This function does not return any output related to the process in order to verify the target's reachability. This output can be useful for some cases in order to not repeat work in the check execution (e.g.: Obtaining the Assume Role token). For this purpose other individual methods can be called from this same package with further options for AWS, Docker and Git types.
func IsRedirectingTo ¶
IsRedirectingTo checks if the url that the url param is pointing to is redirecting to a given domain name.
func IsScannable ¶
IsScannable tells you whether an asset can be scanned or not, based in its type and value. The goal it's to prevent scanning hosts that are not public. Limitation: as the asset type is not available the function tries to guess the asset type, and that can lead to the scenario where we want to scan a domain that also is a hostname which resolves to a private IP. In that case the domain won't be scanned while it should.
func IsWebAddrsReachable ¶
IsWebAddrsReachable returns whether the input web address accepts HTTP requests.
Types ¶
type AWSCreds ¶
AWSCreds holds data required to perform an assume role request.
func NewAWSCreds ¶
NewAWSCreds creates a new AWS Credentials for Assume Role.
type DockerCreds ¶
func NewDockerCreds ¶
func NewDockerCreds(user, pass string) *DockerCreds
NewDockerCreds creates a new Docker Credentials struct.
func (*DockerCreds) Password ¶
func (c *DockerCreds) Password() string
func (*DockerCreds) URL ¶
func (c *DockerCreds) URL() string
func (*DockerCreds) Username ¶
func (c *DockerCreds) Username() string
type GitCreds ¶
func NewGitCreds ¶
NewGitCreds creates a new Git Credentials struct. User and pass can be void if no auth is required.
type ServiceCreds ¶
ServiceCreds represents the credentials necessary to access an authenticated service. There are constructors available in this same package for:
- AWS Assume role through vulcan-assume-role svc.
- Docker registry.
- Github repository.
Source Files
Directories