inspec

package
v0.0.0-...-a8b8e24 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 20, 2024 License: Apache-2.0 Imports: 16 Imported by: 20

Documentation

Index

Constants

View Source 
const (
	ResultStatusPassed  string = "passed"
	ResultStatusSkipped string = "skipped"
	ResultStatusFailed  string = "failed"
)
View Source 
const (
	BackendSSH        = "ssh"
	BackendSSM        = "ssm"
	BackendWinRm      = "winrm"
	BackendSSMWindows = "ssm:windows"
	BackendAZ         = "az-run-command"
	BackendAZWindows  = "az-run-command:windows"
	BashScript        = "bash"
	PowershellScript  = "powershell"
)
View Source 
const AUTH_FAILED = "authentication failed"
View Source 
const CONN_REFUSED = "connection refused"
View Source 
const CONN_TIMEOUT = "connection timed out"
View Source 
const CRITICAL = "critical"
View Source 
const INVALID_OUTPUT = "invalid output"
View Source 
const INVALID_PARAM = "invalid parameter"
View Source 
const MAJOR = "major"
View Source 
const MINOR = "minor"

control impact names

View Source 
const NO_CREDS_PROVIDED = "no credentials provided"
View Source 
const NO_SUDO = "no sudo"
View Source 
const RESPONSE_ERROR = "response error"
View Source 
const SUDO_PW_REQUIRED = "sudo password required"
View Source 
const UNKNOWN_ERROR = "unknown error"
View Source 
const UNREACHABLE_HOST = "unreachable host"
View Source 
const UNSUPPORTED_OS = "unsupported OS"
View Source 
const WRONG_SUDO_PW = "wrong sudo password"

Variables

View Source 
var BackendCache bool

BackendCache used for configuring inspec exec command, passed in via config flag

View Source 
var FIREJAIL string
View Source 
var ResultMessageLimit int

ResultMessageLimit used for configuring inspec exec command, passed in via config flag

View Source 
var TmpDir string

TmpDir is used for setting the location of the /tmp dir to be used by inspec for caching

Functions

func Archive 

func Archive(profilePath string, outputPath string, firejailprofilePath string) error

Archives a directory to a TAR.GZ 1. Creates a tmp directory 2. Copy the uploaded file tmp directory 3. Create firejail command sand box env 4. Create script to add archive command

func Detect 

func Detect(target *TargetConfig, timeout time.Duration, env map[string]string) (*OSInfo, *Error)

Detect retrieves a target's operating system and returns connection errors if there were any.

func Json 

func Json(profilePath string, firejailprofilePath string) ([]byte, error)

func PrettyPrintJSON 

func PrettyPrintJSON(b []byte) ([]byte, error)

PrettyPrintJSON does just what one would imagine. Use your imagination.

Types

type Attribute 

type Attribute struct {
	Name    string `json:"name"`
	Options struct {
		Description string           `json:"description"`
		Default     *json.RawMessage `json:"default"` // type varies and can be string and int
	} `json:"options,omitempty"`
}

type CheckMessage 

type CheckMessage struct {
	File      string `json:"file,omitempty"`
	Line      *int   `json:"line,omitempty"`
	Column    *int   `json:"column,omitempty"`
	ControlId string `json:"control_id,omitempty"`
	Msg       string `json:"msg"`
}

type CheckResult 

type CheckResult struct {
	Summary struct {
		Valid     bool   `json:"valid"`
		Timestamp string `json:"timestamp"`
		Location  string `json:"location"`
		Controls  int    `json:"controls"`
	} `json:"summary"`
	Errors   []CheckMessage `json:"errors"`
	Warnings []CheckMessage `json:"warnings"`
}

func Check 

func Check(profilePath string, firejailprofilePath string) (CheckResult, error)

func (*CheckResult) ToJSON 

func (results *CheckResult) ToJSON() ([]byte, error)

ToJSON is a simple helper convert Metadata into a json string

type Control 

type Control struct {
	ID             string                       `json:"id"`
	Code           string                       `json:"code"`
	Desc           string                       `json:"desc"`
	Impact         float32                      `json:"impact"`
	Title          string                       `json:"title"`
	SourceLocation *reportingapi.SourceLocation `json:"source_location"`
	Refs           *json.RawMessage             `json:"refs"`
	Tags           *json.RawMessage             `json:"tags"`
	Results        []*reportingapi.Result       `json:"results,omitempty"`
	StringTags     []*json.RawMessage           `json:"string_tags"`
}

func (*Control) ImpactName 

func (control *Control) ImpactName() string

ImpactName returns a human readable name for the impact

func (*Control) Status 

func (control *Control) Status() string

Status calculates the overall status of all controls based on all results

type Dependency 

type Dependency struct {
	Name        string `yaml:"name" json:"name"`
	URL         string `yaml:"url,omitempty" json:"url,omitempty"`
	Path        string `yaml:"path,omitempty" json:"path,omitempty"`
	Git         string `yaml:"git,omitempty" json:"git,omitempty"`
	Branch      string `yaml:"branch,omitempty" json:"branch,omitempty"`
	Tag         string `yaml:"tag,omitempty" json:"tag,omitempty"`
	Commit      string `yaml:"commit,omitempty" json:"commit,omitempty"`
	Version     string `yaml:"version,omitempty" json:"version,omitempty"`
	Supermarket string `yaml:"supermarket,omitempty" json:"supermarket,omitempty"`
	Github      string `yaml:"github,omitempty" json:"github,omitempty"`
	Compliance  string `yaml:"compliance,omitempty" json:"compliance,omitempty"`
	Status      string `yaml:"status,omitempty" json:"status,omitempty"`
	SkipMessage string `yaml:"skip_message,omitempty" json:"skip_message,omitempty"`
}

see https://github.com/chef/inspec/blob/master/docs/profiles.md

type Error 

type Error struct {
	Type    string `json:"error"`
	Message string `json:"message"`
}

Error describes a failing connection and provides a type for each error as well as a simple message to explain it in a human-readable form.

func NewInspecError 

func NewInspecError(typ string, message string) *Error

NewInspecError creates an Error

func Scan 

func Scan(paths []string, target *TargetConfig, timeout time.Duration, env map[string]string, inputs map[string]string, fireJailExecProfilePath string) ([]byte, []byte, *Error)

Scan a target node with all specified profiles

type Group 

type Group struct {
	ID       string   `json:"id"`
	Title    *string  `json:"title"` //this needs to be a string pointer as in inspec, this is stored as null instead of ""
	Controls []string `json:"controls"`
}

type Metadata 

type Metadata struct {
	Name            string              `yaml:"name" json:"name"`
	Title           string              `yaml:"title"  json:"title"`
	Maintainer      string              `yaml:"maintainer" json:"maintainer"`
	Copyright       string              `yaml:"copyright" json:"copyright"`
	Copyright_Email string              `yaml:"copyright_email" json:"copyright_email"`
	License         string              `yaml:"license" json:"license"`
	Summary         string              `yaml:"summary" json:"summary"`
	Version         string              `yaml:"version" json:"version"`
	Supports        []map[string]string `yaml:"supports" json:"supports"`
	Dependencies    []Dependency        `yaml:"depends" json:"depends"`
	LatestVersion   string              `json:"latest_version,omitempty"`
	Sha256          string              `json:"sha256"`
}

func (*Metadata) Parse 

func (yml *Metadata) Parse(data []byte) error

Parse takes a yml byte array and parses the content into Metadata

func (*Metadata) ParseJSON 

func (yml *Metadata) ParseJSON(data []byte) error

ParseJSON takes a json byte representation and parses the content into Metadata

type OSInfo 

type OSInfo struct {
	OSArch     string   `json:"arch"`
	OSFamilies []string `json:"families"`
	OSName     string   `json:"name"`
	OSRelease  string   `json:"release"`
}

OSInfo contains simple information on a target operating system

type Platform 

type Platform struct {
	Name    string `json:"name"`
	Release string `json:"release"`
}

type Profile 

type Profile struct {
	Name           string                     `json:"name"`
	Full           string                     `json:"full"`
	Title          string                     `json:"title"`
	Version        string                     `json:"version"`
	Summary        string                     `json:"summary"`
	Maintainer     string                     `json:"maintainer"`
	License        string                     `json:"license"`
	Copyright      string                     `json:"copyright"`
	CopyrightEmail string                     `json:"copyright_email"`
	Controls       []Control                  `json:"controls"`
	Supports       []map[string]string        `json:"supports"`
	Attributes     []*Attribute               `json:"attributes"`
	Dependencies   []*reportingapi.Dependency `json:"depends,omitempty"`
	Sha256         string                     `json:"sha256"`
	Groups         []*reportingapi.Group      `json:"groups"`
	Status         string                     `json:"status,omitempty"`
	SkipMessage    string                     `json:"skip_message,omitempty"`
	StatusMessage  string                     `json:"status_message,omitempty"`
}

func (*Profile) FromJSON 

func (profile *Profile) FromJSON(content []byte) error

FromJSON turns a profile in JSON format in Profile struct

func (*Profile) ToJSON 

func (profile *Profile) ToJSON() ([]byte, error)

ToJSON is a simple helper convert Metadata into a json string

type Report 

type Report struct {
	ID            string    `json:"id"`
	InSpecVersion string    `json:"version"`
	Profiles      []Profile `json:"profiles"`
	Platform      Platform  `json:"platform"`
	Statistics    struct {
		Duration float32 `json:"duration"`
	} `json:"statistics"`
}

func (*Report) ToJSON 

func (report *Report) ToJSON() ([]byte, error)

ToJSON is a simple helper convert Metadata into a json string

type Reporter 

type Reporter struct {
	Url         string `json:"url,omitempty"`
	Token       string `json:"token,omitempty"`
	NodeID      string `json:"node_uuid,omitempty"`
	NodeName    string `json:"node_name,omitempty"`
	Environment string `json:"environment,omitempty"`
	ReportUUID  string `json:"report_uuid,omitempty"`
	JobUUID     string `json:"job_uuid,omitempty"`
}

type Result 

type Result struct {
	Status      string  `json:"status"`
	CodeDesc    string  `json:"code_desc"`
	RunTime     float32 `json:"run_time"`
	StartTime   string  `json:"start_time,omitempty"`
	Message     string  `json:"message,omitempty"`
	SkipMessage string  `json:"skip_message,omitempty"`
}

type Secrets 

type Secrets struct {
	User                string   `json:"user,omitempty"`
	Password            string   `json:"password,omitempty"`
	KeyFiles            []string `json:"key_files,omitempty"`
	SudoPassword        string   `json:"sudo_password,omitempty"`
	SudoOptions         string   `json:"sudo_options,omitempty"`
	AwsUser             string   `json:"aws_user,omitempty"`
	AwsPassword         string   `json:"aws_password,omitempty"`
	AzureClientID       string   `json:"azure_client_id,omitempty"`
	AzureClientSecret   string   `json:"azure_client_secret,omitempty"`
	AzureTenantID       string   `json:"azure_tenant_id,omitempty"`
	AzureSubscriptionID string   `json:"azure_subscription_id,omitempty"`
	GcpCredsJson        string   `json:"gcp_creds_json,omitempty"`
	AwsSessionToken     string   `json:"aws_session_token,omitempty"`
}

type SourceLocation 

type SourceLocation struct {
	Ref  string `json:"ref"`
	Line int    `json:"line"`
}

type Support 

type Support struct {
	OSName        string `yaml:"os-name,omitempty" json:"os-name,omitempty"`
	OSFamily      string `yaml:"os-family,omitempty" json:"os-family,omitempty"`
	Release       string `yaml:"release,omitempty" json:"release,omitempty"`
	InSpecVersion string `yaml:"inspec,omitempty" json:"inspec,omitempty"`
	Platform      string `yaml:"platform,omitempty" json:"platform,omitempty"`
}

Support is part of Metadata, holding information about the supported platform

type TargetBaseConfig 

type TargetBaseConfig struct {
	Backend                string              `json:"backend,omitempty"`
	Hostname               string              `json:"host,omitempty"`
	Port                   int                 `json:"port,omitempty"`
	LoginPath              string              `json:"login_path,omitempty"` // winrm
	Sudo                   bool                `json:"sudo,omitempty"`
	Reporter               map[string]Reporter `json:"reporter,omitempty"`
	Ssl                    bool                `json:"ssl,omitempty"`
	SslSelfSigned          bool                `json:"self_signed,omitempty"`
	BackendCache           bool                `json:"backend_cache,omitempty"`
	Region                 string              `json:"region,omitempty"`
	SubscriptionId         string              `json:"subscription_id,omitempty"`
	AttributesJson         *json.RawMessage    `json:"attributes,omitempty"`
	ResultIncludeBacktrace bool                `json:"reporter_backtrace_inclusion"`
	ResultMessageLimit     int                 `json:"reporter_message_truncation"`
}

type TargetConfig 

type TargetConfig struct {
	TargetBaseConfig
	Secrets
	SecretsArr []*Secrets `json:"creds_arr,omitempty"`
}

TargetConfig is inspec's JSON config options

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.