rego

package
v0.58.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 24, 2024 License: Apache-2.0 Imports: 33 Imported by: 7

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var LoadAndRegister = sync.OnceFunc(func() {
	modules, err := LoadEmbeddedPolicies()
	if err != nil {

		panic(err)
	}
	loadedLibs, err := LoadEmbeddedLibraries()
	if err != nil {
		panic(err)
	}
	for name, policy := range loadedLibs {
		modules[name] = policy
	}

	RegisterRegoRules(modules)
})

Functions

func BuildSchemaSetFromPolicies 

func BuildSchemaSetFromPolicies(policies map[string]*ast.Module, paths []string, fsys fs.FS, customSchemas map[string][]byte) (*ast.SchemaSet, bool, error)

func BuiltinNamespaces added in v0.51.0 

func BuiltinNamespaces() []string

func GetInputsContents 

func GetInputsContents(inputs []Input) []any

func IsBuiltinNamespace added in v0.51.0 

func IsBuiltinNamespace(namespace string) bool

func IsDotFile 

func IsDotFile(name string) bool

func IsJSONFile 

func IsJSONFile(name string) bool

func IsRegoFile 

func IsRegoFile(name string) bool

func LoadEmbeddedLibraries 

func LoadEmbeddedLibraries() (map[string]*ast.Module, error)

func LoadEmbeddedPolicies 

func LoadEmbeddedPolicies() (map[string]*ast.Module, error)

func LoadPoliciesFromDirs 

func LoadPoliciesFromDirs(target fs.FS, paths ...string) (map[string]*ast.Module, error)

func NewEngineMetadata 

func NewEngineMetadata(schema string, meta map[string]any) (*scan.EngineMetadata, error)

func RegisterRegoRules 

func RegisterRegoRules(modules map[string]*ast.Module)

func WithCustomSchemas added in v0.56.0 

func WithCustomSchemas(schemas map[string][]byte) options.ScannerOption

func WithDataDirs added in v0.56.0 

func WithDataDirs(paths ...string) options.ScannerOption

func WithDataFilesystem added in v0.56.0 

func WithDataFilesystem(fsys fs.FS) options.ScannerOption

func WithDisabledCheckIDs added in v0.56.0 

func WithDisabledCheckIDs(ids ...string) options.ScannerOption

WithDisabledCheckIDs disables checks by their ID (ID field in metadata)

func WithEmbeddedLibraries added in v0.56.0 

func WithEmbeddedLibraries(include bool) options.ScannerOption

func WithEmbeddedPolicies added in v0.56.0 

func WithEmbeddedPolicies(include bool) options.ScannerOption

func WithFrameworks added in v0.58.0 

func WithFrameworks(frameworks ...framework.Framework) options.ScannerOption

func WithIncludeDeprecatedChecks added in v0.58.0 

func WithIncludeDeprecatedChecks(enabled bool) options.ScannerOption

func WithPerResultTracing added in v0.56.0 

func WithPerResultTracing(enabled bool) options.ScannerOption

func WithPolicyDirs added in v0.56.0 

func WithPolicyDirs(paths ...string) options.ScannerOption

func WithPolicyFilesystem added in v0.56.0 

func WithPolicyFilesystem(fsys fs.FS) options.ScannerOption

func WithPolicyNamespaces added in v0.56.0 

func WithPolicyNamespaces(namespaces ...string) options.ScannerOption

WithPolicyNamespaces - namespaces which indicate rego policies containing enforced rules

func WithPolicyReader added in v0.56.0 

func WithPolicyReader(readers ...io.Reader) options.ScannerOption

func WithRegoErrorLimits added in v0.56.0 

func WithRegoErrorLimits(limit int) options.ScannerOption

func WithTrace added in v0.56.0 

func WithTrace(w io.Writer) options.ScannerOption

WithTrace specifies an io.Writer for trace logs (mainly rego tracing) - if not set, they are discarded

Types

type DynamicMetadata 

type DynamicMetadata struct {
	Warning   bool
	Filepath  string
	Message   string
	StartLine int
	EndLine   int
}

type Input 

type Input struct {
	Path     string `json:"path"`
	FS       fs.FS  `json:"-"`
	Contents any    `json:"contents"`
}

type InputOptions 

type InputOptions struct {
	Selectors []Selector
}

type MetadataRetriever 

type MetadataRetriever struct {
	// contains filtered or unexported fields
}

func NewMetadataRetriever 

func NewMetadataRetriever(compiler *ast.Compiler) *MetadataRetriever

func (*MetadataRetriever) RetrieveMetadata 

func (m *MetadataRetriever) RetrieveMetadata(ctx context.Context, module *ast.Module, contents ...any) (*StaticMetadata, error)

type Scanner 

type Scanner struct {
	// contains filtered or unexported fields
}

func NewScanner 

func NewScanner(source types.Source, opts ...options.ScannerOption) *Scanner

func (*Scanner) LoadPolicies 

func (s *Scanner) LoadPolicies(srcFS fs.FS) error

func (*Scanner) ScanInput 

func (s *Scanner) ScanInput(ctx context.Context, inputs ...Input) (scan.Results, error)

type Selector 

type Selector struct {
	Type     string
	Subtypes []SubType
}

type StaticMetadata 

type StaticMetadata struct {
	Deprecated         bool
	ID                 string
	AVDID              string
	Title              string
	ShortCode          string
	Aliases            []string
	Description        string
	Severity           string
	RecommendedActions string
	PrimaryURL         string
	References         []string
	InputOptions       InputOptions
	Package            string
	Frameworks         map[framework.Framework][]string
	Provider           string
	Service            string
	Library            bool
	CloudFormation     *scan.EngineMetadata
	Terraform          *scan.EngineMetadata
}

func NewStaticMetadata 

func NewStaticMetadata(pkgPath string, inputOpt InputOptions) *StaticMetadata

func (*StaticMetadata) FromAnnotations 

func (sm *StaticMetadata) FromAnnotations(annotations *ast.Annotations) error

func (StaticMetadata) ToRule 

func (m StaticMetadata) ToRule() scan.Rule

type SubType 

type SubType struct {
	Group     string
	Version   string
	Kind      string
	Namespace string
	Service   string // only for cloud
	Provider  string // only for cloud
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.