security

package
v0.3.13 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 8, 2022 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ImageScanExecutionDetail

type ImageScanExecutionDetail struct {
	ImageScanDeployInfoId int                `json:"imageScanDeployInfoId"`
	AppId                 int                `json:"appId,omitempty"`
	EnvId                 int                `json:"envId,omitempty"`
	AppName               string             `json:"appName,omitempty"`
	EnvName               string             `json:"envName,omitempty"`
	ArtifactId            int                `json:"artifactId,omitempty"`
	Image                 string             `json:"image,omitempty"`
	PodName               string             `json:"podName,omitempty"`
	ReplicaSet            string             `json:"replicaSet,omitempty"`
	Vulnerabilities       []*Vulnerabilities `json:"vulnerabilities,omitempty"`
	SeverityCount         *SeverityCount     `json:"severityCount,omitempty"`
	ExecutionTime         time.Time          `json:"executionTime,omitempty"`
	ScanEnabled           bool               `json:"scanEnabled,notnull"`
	Scanned               bool               `json:"scanned,notnull"`
	ObjectType            string             `json:"objectType,notnull"`
}

type ImageScanHistoryListingResponse

type ImageScanHistoryListingResponse struct {
	Offset                   int                         `json:"offset"`
	Size                     int                         `json:"size"`
	Total                    int                         `json:"total"`
	ImageScanHistoryResponse []*ImageScanHistoryResponse `json:"scanList"`
}

type ImageScanHistoryResponse

type ImageScanHistoryResponse struct {
	ImageScanDeployInfoId int            `json:"imageScanDeployInfoId"`
	AppId                 int            `json:"appId"`
	EnvId                 int            `json:"envId"`
	Name                  string         `json:"name"`
	Type                  string         `json:"type"`
	Environment           string         `json:"environment"`
	LastChecked           *time.Time     `json:"lastChecked"`
	Image                 string         `json:"image,omitempty"`
	SeverityCount         *SeverityCount `json:"severityCount,omitempty"`
}

type ImageScanRequest

type ImageScanRequest struct {
	ScanExecutionId       int    `json:"ScanExecutionId"`
	ImageScanDeployInfoId int    `json:"imageScanDeployInfo"`
	AppId                 int    `json:"appId"`
	EnvId                 int    `json:"envId"`
	ObjectId              int    `json:"objectId"`
	ArtifactId            int    `json:"artifactId"`
	Image                 string `json:"image"`
	security.ImageScanFilter
}

type ImageScanService

type ImageScanService interface {
	FetchAllDeployInfo(request *ImageScanRequest) ([]*security.ImageScanDeployInfo, error)
	FetchScanExecutionListing(request *ImageScanRequest, ids []int) (*ImageScanHistoryListingResponse, error)
	FetchExecutionDetailResult(request *ImageScanRequest) (*ImageScanExecutionDetail, error)
	FetchMinScanResultByAppIdAndEnvId(request *ImageScanRequest) (*ImageScanExecutionDetail, error)
	VulnerabilityExposure(request *security.VulnerabilityRequest) (*security.VulnerabilityExposureListingResponse, error)
}

type ImageScanServiceImpl

type ImageScanServiceImpl struct {
	Logger *zap.SugaredLogger
	// contains filtered or unexported fields
}

func NewImageScanServiceImpl

func NewImageScanServiceImpl(Logger *zap.SugaredLogger, scanHistoryRepository security.ImageScanHistoryRepository,
	scanResultRepository security.ImageScanResultRepository, scanObjectMetaRepository security.ImageScanObjectMetaRepository,
	cveStoreRepository security.CveStoreRepository, imageScanDeployInfoRepository security.ImageScanDeployInfoRepository,
	userService user.UserService, teamRepository repository2.TeamRepository,
	appRepository app.AppRepository,
	envService cluster.EnvironmentService, ciArtifactRepository repository.CiArtifactRepository, policyService PolicyService,
	pipelineRepository pipelineConfig.PipelineRepository,
	installedAppRepository appstore.InstalledAppRepository, ciPipelineRepository pipelineConfig.CiPipelineRepository) *ImageScanServiceImpl

func (ImageScanServiceImpl) FetchAllDeployInfo

func (impl ImageScanServiceImpl) FetchAllDeployInfo(request *ImageScanRequest) ([]*security.ImageScanDeployInfo, error)

func (ImageScanServiceImpl) FetchExecutionDetailResult

func (impl ImageScanServiceImpl) FetchExecutionDetailResult(request *ImageScanRequest) (*ImageScanExecutionDetail, error)

func (ImageScanServiceImpl) FetchMinScanResultByAppIdAndEnvId

func (impl ImageScanServiceImpl) FetchMinScanResultByAppIdAndEnvId(request *ImageScanRequest) (*ImageScanExecutionDetail, error)

func (ImageScanServiceImpl) FetchScanExecutionListing

func (impl ImageScanServiceImpl) FetchScanExecutionListing(request *ImageScanRequest, deployInfoIds []int) (*ImageScanHistoryListingResponse, error)

func (ImageScanServiceImpl) VulnerabilityExposure

type PolicyService

type PolicyService interface {
	SavePolicy(request bean.CreateVulnerabilityPolicyRequest, userId int32) (*bean.IdVulnerabilityPolicyResult, error)
	UpdatePolicy(updatePolicyParams bean.UpdatePolicyParams, userId int32) (*bean.IdVulnerabilityPolicyResult, error)
	DeletePolicy(id int, userId int32) (*bean.IdVulnerabilityPolicyResult, error)
	GetPolicies(policyLevel security.PolicyLevel, clusterId, environmentId, appId int) (*bean.GetVulnerabilityPolicyResult, error)
	GetBlockedCVEList(cves []*security.CveStore, clusterId, envId, appId int, isAppstore bool) ([]*security.CveStore, error)
	VerifyImage(verifyImageRequest *VerifyImageRequest) (map[string][]*VerifyImageResponse, error)
	GetCvePolicy(id int, userId int32) (*security.CvePolicy, error)
}

type PolicyServiceImpl

type PolicyServiceImpl struct {
	PipelineRepository pipelineConfig.PipelineRepository
	// contains filtered or unexported fields
}

func NewPolicyServiceImpl

func NewPolicyServiceImpl(environmentService cluster.EnvironmentService,
	logger *zap.SugaredLogger,
	apRepository app.AppRepository,
	pipelineOverride chartConfig.PipelineOverrideRepository,
	cvePolicyRepository security.CvePolicyRepository,
	clusterService cluster.ClusterService,
	PipelineRepository pipelineConfig.PipelineRepository,
	scanResultRepository security.ImageScanResultRepository,
	imageScanDeployInfoRepository security.ImageScanDeployInfoRepository,
	imageScanObjectMetaRepository security.ImageScanObjectMetaRepository, client *http.Client,
	ciArtifactRepository repository.CiArtifactRepository, ciConfig *pipeline.CiConfig,
	scanHistoryRepository security.ImageScanHistoryRepository, cveStoreRepository security.CveStoreRepository,
	ciTemplateRepository pipelineConfig.CiTemplateRepository) *PolicyServiceImpl

func (*PolicyServiceImpl) DeletePolicy

func (impl *PolicyServiceImpl) DeletePolicy(id int, userId int32) (*bean.IdVulnerabilityPolicyResult, error)

input : policyId output: id

func (*PolicyServiceImpl) GetBlockedCVEList

func (impl *PolicyServiceImpl) GetBlockedCVEList(cves []*security.CveStore, clusterId, envId, appId int, isAppstore bool) ([]*security.CveStore, error)

func (*PolicyServiceImpl) GetCvePolicy

func (impl *PolicyServiceImpl) GetCvePolicy(id int, userId int32) (*security.CvePolicy, error)

func (*PolicyServiceImpl) GetPolicies

func (impl *PolicyServiceImpl) GetPolicies(policyLevel security.PolicyLevel, clusterId, environmentId, appId int) (*bean.GetVulnerabilityPolicyResult, error)
global: na
cluster: clusterId
environment: environmentId
application : appId, envId

res:

func (*PolicyServiceImpl) SavePolicy

func (*PolicyServiceImpl) SendEventToClairUtility

func (impl *PolicyServiceImpl) SendEventToClairUtility(event *ScanEvent) error

func (*PolicyServiceImpl) UpdatePolicy

func (impl *PolicyServiceImpl) UpdatePolicy(updatePolicyParams bean.UpdatePolicyParams, userId int32) (*bean.IdVulnerabilityPolicyResult, error)

1. policy id 2. action

func (*PolicyServiceImpl) VerifyImage

func (impl *PolicyServiceImpl) VerifyImage(verifyImageRequest *VerifyImageRequest) (map[string][]*VerifyImageResponse, error)

type ScanEvent

type ScanEvent struct {
	Image        string `json:"image"`
	ImageDigest  string `json:"imageDigest"`
	AppId        int    `json:"appId"`
	EnvId        int    `json:"envId"`
	PipelineId   int    `json:"pipelineId"`
	CiArtifactId int    `json:"ciArtifactId"`
	UserId       int    `json:"userId"`
	AccessKey    string `json:"accessKey"`
	SecretKey    string `json:"secretKey"`
	Token        string `json:"token"`
	AwsRegion    string `json:"awsRegion"`
}

type SeverityCount

type SeverityCount struct {
	High     int `json:"high"`
	Moderate int `json:"moderate"`
	Low      int `json:"low"`
}

type VerifyImageRequest

type VerifyImageRequest struct {
	Images      []string
	ReleaseName string
	Namespace   string
	ClusterName string
	PodName     string
}

type VerifyImageResponse

type VerifyImageResponse struct {
	Name         string
	Severity     string
	Package      string
	Version      string
	FixedVersion string
}

type Vulnerabilities

type Vulnerabilities struct {
	CVEName    string `json:"cveName"`
	Severity   string `json:"severity"`
	Package    string `json:"package,omitempty"`
	CVersion   string `json:"currentVersion"`
	FVersion   string `json:"fixedVersion"`
	Permission string `json:"permission"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL