config

package
v0.15.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 12, 2021 License: AGPL-3.0 Imports: 15 Imported by: 123

Documentation

Index

Constants

View Source
const (
	// RedHat is
	RedHat = "redhat"

	// Debian is
	Debian = "debian"

	// Ubuntu is
	Ubuntu = "ubuntu"

	// CentOS is
	CentOS = "centos"

	// Amazon is
	Amazon = "amazon"

	// Oracle is
	Oracle = "oracle"

	// FreeBSD is
	FreeBSD = "freebsd"

	// Raspbian is
	Raspbian = "raspbian"

	// Windows is
	Windows = "windows"

	// OpenSUSE is
	OpenSUSE = "opensuse"

	// OpenSUSELeap is
	OpenSUSELeap = "opensuse.leap"

	// SUSEEnterpriseServer is
	SUSEEnterpriseServer = "suse.linux.enterprise.server"

	// SUSEEnterpriseDesktop is
	SUSEEnterpriseDesktop = "suse.linux.enterprise.desktop"

	// SUSEOpenstackCloud is
	SUSEOpenstackCloud = "suse.openstack.cloud"

	// Alpine is
	Alpine = "alpine"

	// ServerTypePseudo is used for ServerInfo.Type, r.Family
	ServerTypePseudo = "pseudo"
)
View Source
const (
	// Fast is fast scan mode
	Fast = byte(1 << iota)
	// FastRoot is scanmode
	FastRoot
	// Deep is scanmode
	Deep
	// Offline is scanmode
	Offline
)
View Source
const (
	// OSPkg is scanmodule
	OSPkg = byte(1 << iota)
	// WordPress is scanmodule
	WordPress
	// Lockfile is scanmodule
	Lockfile
	// Port is scanmodule
	Port
)

Variables

View Source
var (
	// Colors has ansi color list
	Colors = []string{
		"\033[32m",
		"\033[33m",
		"\033[36m",
		"\033[35m",
		"\033[31m",
		"\033[34m",
	}
	// ResetColor is reset color
	ResetColor = "\033[0m"
)
View Source
var Revision string

Revision of Git

View Source
var Version = "`make build` or `make install` will show the version"

Version of Vuls

Functions

func Load

func Load(path, keyPass string) error

Load loads configuration

Types

type AWSConf added in v0.15.0

type AWSConf struct {
	// AWS profile to use
	Profile string `json:"profile"`

	// AWS region to use
	Region string `json:"region"`

	// S3 bucket name
	S3Bucket string `json:"s3Bucket"`

	// /bucket/path/to/results
	S3ResultsDir string `json:"s3ResultsDir"`

	// The Server-side encryption algorithm used when storing the reports in S3 (e.g., AES256, aws:kms).
	S3ServerSideEncryption string `json:"s3ServerSideEncryption"`
}

AWSConf is aws config

type AzureConf added in v0.15.0

type AzureConf struct {
	// Azure account name to use. AZURE_STORAGE_ACCOUNT environment variable is used if not specified
	AccountName string `json:"accountName"`

	// Azure account key to use. AZURE_STORAGE_ACCESS_KEY environment variable is used if not specified
	AccountKey string `json:"-"`

	// Azure storage container name
	ContainerName string `json:"containerName"`
}

AzureConf is azure config

type ChatWorkConf added in v0.5.0

type ChatWorkConf struct {
	APIToken string `json:"-"`
	Room     string `json:"-"`
}

ChatWorkConf is ChatWork config

func (*ChatWorkConf) Validate added in v0.5.0

func (c *ChatWorkConf) Validate() (errs []error)

Validate validates configuration

type Config

type Config struct {
	Debug      bool   `json:"debug,omitempty"`
	DebugSQL   bool   `json:"debugSQL,omitempty"`
	Lang       string `json:"lang,omitempty"`
	HTTPProxy  string `valid:"url" json:"httpProxy,omitempty"`
	LogDir     string `json:"logDir,omitempty"`
	ResultsDir string `json:"resultsDir,omitempty"`
	Pipe       bool   `json:"pipe,omitempty"`
	Quiet      bool   `json:"quiet,omitempty"`
	NoProgress bool   `json:"noProgress,omitempty"`
	SSHNative  bool   `json:"sshNative,omitempty"`
	Vvv        bool   `json:"vvv,omitempty"`

	Default       ServerInfo            `json:"default,omitempty"`
	Servers       map[string]ServerInfo `json:"servers,omitempty"`
	CvssScoreOver float64               `json:"cvssScoreOver,omitempty"`

	IgnoreUnscoredCves    bool `json:"ignoreUnscoredCves,omitempty"`
	IgnoreUnfixed         bool `json:"ignoreUnfixed,omitempty"`
	IgnoreGitHubDismissed bool `json:"ignore_git_hub_dismissed,omitempty"`

	CacheDBPath     string `json:"cacheDBPath,omitempty"`
	TrivyCacheDBDir string `json:"trivyCacheDBDir,omitempty"`

	CveDict    GoCveDictConf  `json:"cveDict,omitempty"`
	OvalDict   GovalDictConf  `json:"ovalDict,omitempty"`
	Gost       GostConf       `json:"gost,omitempty"`
	Exploit    ExploitConf    `json:"exploit,omitempty"`
	Metasploit MetasploitConf `json:"metasploit,omitempty"`

	Slack    SlackConf    `json:"-"`
	EMail    SMTPConf     `json:"-"`
	HTTP     HTTPConf     `json:"-"`
	Syslog   SyslogConf   `json:"-"`
	AWS      AWSConf      `json:"-"`
	Azure    AzureConf    `json:"-"`
	ChatWork ChatWorkConf `json:"-"`
	Telegram TelegramConf `json:"-"`

	WpScan WpScanConf `json:"WpScan,omitempty"`

	Saas      SaasConf `json:"-"`
	DetectIPS bool     `json:"detectIps,omitempty"`

	RefreshCve        bool `json:"refreshCve,omitempty"`
	ToSlack           bool `json:"toSlack,omitempty"`
	ToChatWork        bool `json:"toChatWork,omitempty"`
	ToTelegram        bool `json:"ToTelegram,omitempty"`
	ToEmail           bool `json:"toEmail,omitempty"`
	ToSyslog          bool `json:"toSyslog,omitempty"`
	ToLocalFile       bool `json:"toLocalFile,omitempty"`
	ToS3              bool `json:"toS3,omitempty"`
	ToAzureBlob       bool `json:"toAzureBlob,omitempty"`
	ToHTTP            bool `json:"toHTTP,omitempty"`
	FormatXML         bool `json:"formatXML,omitempty"`
	FormatJSON        bool `json:"formatJSON,omitempty"`
	FormatOneEMail    bool `json:"formatOneEMail,omitempty"`
	FormatOneLineText bool `json:"formatOneLineText,omitempty"`
	FormatList        bool `json:"formatList,omitempty"`
	FormatFullText    bool `json:"formatFullText,omitempty"`
	FormatCsvList     bool `json:"formatCsvList,omitempty"`
	GZIP              bool `json:"gzip,omitempty"`
	Diff              bool `json:"diff,omitempty"`
}

Config is struct of Configuration

var Conf Config

Conf has Configuration

func (Config) ValidateOnConfigtest added in v0.2.0

func (c Config) ValidateOnConfigtest() bool

ValidateOnConfigtest validates

func (Config) ValidateOnReport added in v0.2.0

func (c Config) ValidateOnReport() bool

ValidateOnReport validates configuration

func (Config) ValidateOnReportDB added in v0.5.0

func (c Config) ValidateOnReportDB() bool

ValidateOnReportDB validates configuration

func (Config) ValidateOnSaaS added in v0.15.0

func (c Config) ValidateOnSaaS() bool

ValidateOnSaaS validates configuration

func (Config) ValidateOnScan added in v0.2.0

func (c Config) ValidateOnScan() bool

ValidateOnScan validates configuration

func (Config) ValidateOnTui added in v0.2.0

func (c Config) ValidateOnTui() bool

ValidateOnTui validates configuration

type Container added in v0.1.4

type Container struct {
	ContainerID string
	Name        string
	Image       string
}

Container has Container information.

type ContainerSetting added in v0.5.0

type ContainerSetting struct {
	Cpes             []string `json:"cpes,omitempty"`
	OwaspDCXMLPath   string   `json:"owaspDCXMLPath,omitempty"`
	IgnorePkgsRegexp []string `json:"ignorePkgsRegexp,omitempty"`
	IgnoreCves       []string `json:"ignoreCves,omitempty"`
}

ContainerSetting is used for loading container setting in config.toml

type Distro added in v0.1.6

type Distro struct {
	Family  string
	Release string
}

Distro has distribution info

func (Distro) MajorVersion added in v0.3.0

func (l Distro) MajorVersion() (int, error)

MajorVersion returns Major version

func (Distro) String added in v0.1.6

func (l Distro) String() string

type EOL added in v0.15.0

type EOL struct {
	StandardSupportUntil time.Time
	ExtendedSupportUntil time.Time
	Ended                bool
}

EOL has End-of-Life information

func GetEOL added in v0.15.0

func GetEOL(family, release string) (eol EOL, found bool)

GetEOL return EOL information for the OS-release passed by args https://github.com/aquasecurity/trivy/blob/master/pkg/detector/ospkg/redhat/redhat.go#L20

func (EOL) IsExtendedSuppportEnded added in v0.15.0

func (e EOL) IsExtendedSuppportEnded(now time.Time) bool

IsExtendedSuppportEnded checks now is under extended support

func (EOL) IsStandardSupportEnded added in v0.15.0

func (e EOL) IsStandardSupportEnded(now time.Time) bool

IsStandardSupportEnded checks now is under standard support

type ExploitConf added in v0.6.0

type ExploitConf struct {
	// DB type for exploit dictionary (sqlite3, mysql, postgres or redis)
	Type string

	// http://exploit-dictionary.com:1324 or DB connection string
	URL string `json:"-"`

	// /path/to/exploit.sqlite3
	SQLite3Path string `json:"-"`
}

ExploitConf is exploit config

func (*ExploitConf) Init added in v0.14.1

func (cnf *ExploitConf) Init()

Init set options with the following priority. 1. Environment variable 2. config.toml

func (*ExploitConf) IsFetchViaHTTP added in v0.6.1

func (cnf *ExploitConf) IsFetchViaHTTP() bool

IsFetchViaHTTP returns wether fetch via http

type GitHubConf added in v0.6.3

type GitHubConf struct {
	Token string `json:"-"`
}

GitHubConf is used for GitHub Security Alerts

type GoCveDictConf added in v0.5.0

type GoCveDictConf struct {
	// DB type of CVE dictionary (sqlite3, mysql, postgres or redis)
	Type string

	// http://cve-dictionary.com:1323 or DB connection string
	URL string `json:"-"`

	// /path/to/cve.sqlite3
	SQLite3Path string `json:"-"`
}

GoCveDictConf is go-cve-dictionary config

func (*GoCveDictConf) Init added in v0.14.1

func (cnf *GoCveDictConf) Init()

Init set options with the following priority. 1. Environment variable 2. config.toml

func (*GoCveDictConf) IsFetchViaHTTP added in v0.6.1

func (cnf *GoCveDictConf) IsFetchViaHTTP() bool

IsFetchViaHTTP returns wether fetch via http

type GostConf added in v0.5.0

type GostConf struct {
	// DB type for gost dictionary (sqlite3, mysql, postgres or redis)
	Type string

	// http://gost-dictionary.com:1324 or DB connection string
	URL string `json:"-"`

	// /path/to/gost.sqlite3
	SQLite3Path string `json:"-"`
}

GostConf is gost config

func (*GostConf) Init added in v0.14.1

func (cnf *GostConf) Init()

Init set options with the following priority. 1. Environment variable 2. config.toml

func (*GostConf) IsFetchViaHTTP added in v0.6.1

func (cnf *GostConf) IsFetchViaHTTP() bool

IsFetchViaHTTP returns wether fetch via http

type GovalDictConf added in v0.5.0

type GovalDictConf struct {

	// DB type of OVAL dictionary (sqlite3, mysql, postgres or redis)
	Type string

	// http://goval-dictionary.com:1324 or DB connection string
	URL string `json:"-"`

	// /path/to/oval.sqlite3
	SQLite3Path string `json:"-"`
}

GovalDictConf is goval-dictionary config

func (*GovalDictConf) Init added in v0.14.1

func (cnf *GovalDictConf) Init()

Init set options with the following priority. 1. Environment variable 2. config.toml

func (*GovalDictConf) IsFetchViaHTTP added in v0.6.1

func (cnf *GovalDictConf) IsFetchViaHTTP() bool

IsFetchViaHTTP returns wether fetch via http

type HTTPConf added in v0.5.0

type HTTPConf struct {
	URL string `valid:"url" json:"-"`
}

HTTPConf is HTTP config

func (*HTTPConf) Init added in v0.14.1

func (c *HTTPConf) Init(toml HTTPConf)

Init set options with the following priority. 1. Environment variable 2. config.toml

func (*HTTPConf) Validate added in v0.5.0

func (c *HTTPConf) Validate() (errs []error)

Validate validates configuration

type IPS added in v0.8.3

type IPS string

IPS is

const (
	// DeepSecurity is
	DeepSecurity IPS = "deepsecurity"
)

type JSONLoader

type JSONLoader struct {
}

JSONLoader loads configuration

func (JSONLoader) Load

func (c JSONLoader) Load(path, sudoPass, keyPass string) (err error)

Load load the configuration JSON file specified by path arg.

type Loader

type Loader interface {
	Load(string, string) error
}

Loader is interface of concrete loader

type MetasploitConf added in v0.11.0

type MetasploitConf struct {
	// DB type for metasploit dictionary (sqlite3, mysql, postgres or redis)
	Type string

	// http://metasploit-dictionary.com:1324 or DB connection string
	URL string `json:"-"`

	// /path/to/metasploit.sqlite3
	SQLite3Path string `json:"-"`
}

MetasploitConf is metasploit config

func (*MetasploitConf) Init added in v0.14.1

func (cnf *MetasploitConf) Init()

Init set options with the following priority. 1. Environment variable 2. config.toml

func (*MetasploitConf) IsFetchViaHTTP added in v0.11.0

func (cnf *MetasploitConf) IsFetchViaHTTP() bool

IsFetchViaHTTP returns wether fetch via http

type SMTPConf added in v0.3.0

type SMTPConf struct {
	SMTPAddr      string   `toml:"smtpAddr,omitempty" json:"-"`
	SMTPPort      string   `toml:"smtpPort,omitempty" valid:"port" json:"-"`
	User          string   `toml:"user,omitempty" json:"-"`
	Password      string   `toml:"password,omitempty" json:"-"`
	From          string   `toml:"from,omitempty" json:"-"`
	To            []string `toml:"to,omitempty" json:"-"`
	Cc            []string `toml:"cc,omitempty" json:"-"`
	SubjectPrefix string   `toml:"subjectPrefix,omitempty" json:"-"`
}

SMTPConf is smtp config

func (*SMTPConf) Validate added in v0.3.0

func (c *SMTPConf) Validate() (errs []error)

Validate SMTP configuration

type SaasConf added in v0.5.0

type SaasConf struct {
	GroupID int64  `json:"-"`
	Token   string `json:"-"`
	URL     string `json:"-"`
}

SaasConf is FutureVuls config

func (*SaasConf) Validate added in v0.5.0

func (c *SaasConf) Validate() (errs []error)

Validate validates configuration

type ScanMode added in v0.5.0

type ScanMode struct {
	// contains filtered or unexported fields
}

ScanMode has a type of scan mode. fast, fast-root, deep and offline

func (ScanMode) IsDeep added in v0.5.0

func (s ScanMode) IsDeep() bool

IsDeep return whether scan mode is deep

func (ScanMode) IsFast added in v0.5.0

func (s ScanMode) IsFast() bool

IsFast return whether scan mode is fast

func (ScanMode) IsFastRoot added in v0.5.0

func (s ScanMode) IsFastRoot() bool

IsFastRoot return whether scan mode is fastroot

func (ScanMode) IsOffline added in v0.5.0

func (s ScanMode) IsOffline() bool

IsOffline return whether scan mode is offline

func (*ScanMode) Set added in v0.5.0

func (s *ScanMode) Set(f byte)

Set mode

func (ScanMode) String added in v0.5.0

func (s ScanMode) String() string

type ScanModule added in v0.15.0

type ScanModule struct {
	// contains filtered or unexported fields
}

ScanModule has a type of scan module

func (ScanModule) IsScanLockFile added in v0.15.0

func (s ScanModule) IsScanLockFile() bool

IsScanLockFile whether scanning lock file

func (ScanModule) IsScanOSPkg added in v0.15.0

func (s ScanModule) IsScanOSPkg() bool

IsScanOSPkg return whether scanning os pkg

func (ScanModule) IsScanPort added in v0.15.0

func (s ScanModule) IsScanPort() bool

IsScanPort whether scanning listening ports

func (ScanModule) IsScanWordPress added in v0.15.0

func (s ScanModule) IsScanWordPress() bool

IsScanWordPress return whether scanning wordpress

func (ScanModule) IsZero added in v0.15.0

func (s ScanModule) IsZero() bool

IsZero return the struct value are all false

func (*ScanModule) Set added in v0.15.0

func (s *ScanModule) Set(f byte)

Set module

type ServerInfo

type ServerInfo struct {
	ServerName         string                      `toml:"-" json:"serverName,omitempty"`
	User               string                      `toml:"user,omitempty" json:"user,omitempty"`
	Host               string                      `toml:"host,omitempty" json:"host,omitempty"`
	JumpServer         []string                    `toml:"jumpServer,omitempty" json:"jumpServer,omitempty"`
	Port               string                      `toml:"port,omitempty" json:"port,omitempty"`
	SSHConfigPath      string                      `toml:"sshConfigPath,omitempty" json:"sshConfigPath,omitempty"`
	KeyPath            string                      `toml:"keyPath,omitempty" json:"keyPath,omitempty"`
	KeyPassword        string                      `json:"-" toml:"-"`
	CpeNames           []string                    `toml:"cpeNames,omitempty" json:"cpeNames,omitempty"`
	ScanMode           []string                    `toml:"scanMode,omitempty" json:"scanMode,omitempty"`
	ScanModules        []string                    `toml:"scanModules,omitempty" json:"scanModules,omitempty"`
	OwaspDCXMLPath     string                      `toml:"owaspDCXMLPath,omitempty" json:"owaspDCXMLPath,omitempty"`
	ContainersOnly     bool                        `toml:"containersOnly,omitempty" json:"containersOnly,omitempty"`
	ContainersIncluded []string                    `toml:"containersIncluded,omitempty" json:"containersIncluded,omitempty"`
	ContainersExcluded []string                    `toml:"containersExcluded,omitempty" json:"containersExcluded,omitempty"`
	ContainerType      string                      `toml:"containerType,omitempty" json:"containerType,omitempty"`
	Containers         map[string]ContainerSetting `toml:"containers,omitempty" json:"containers,omitempty"`
	IgnoreCves         []string                    `toml:"ignoreCves,omitempty" json:"ignoreCves,omitempty"`
	IgnorePkgsRegexp   []string                    `toml:"ignorePkgsRegexp,omitempty" json:"ignorePkgsRegexp,omitempty"`
	GitHubRepos        map[string]GitHubConf       `toml:"githubs" json:"githubs,omitempty"` // key: owner/repo
	UUIDs              map[string]string           `toml:"uuids,omitempty" json:"uuids,omitempty"`
	Memo               string                      `toml:"memo,omitempty" json:"memo,omitempty"`
	Enablerepo         []string                    `toml:"enablerepo,omitempty" json:"enablerepo,omitempty"` // For CentOS, RHEL, Amazon
	Optional           map[string]interface{}      `toml:"optional,omitempty" json:"optional,omitempty"`     // Optional key-value set that will be outputted to JSON
	Lockfiles          []string                    `toml:"lockfiles,omitempty" json:"lockfiles,omitempty"`   // ie) path/to/package-lock.json
	FindLock           bool                        `toml:"findLock,omitempty" json:"findLock,omitempty"`
	Type               string                      `toml:"type,omitempty" json:"type,omitempty"` // "pseudo" or ""
	IgnoredJSONKeys    []string                    `toml:"ignoredJSONKeys,omitempty" json:"ignoredJSONKeys,omitempty"`
	IPv4Addrs          []string                    `toml:"-" json:"ipv4Addrs,omitempty"`
	IPv6Addrs          []string                    `toml:"-" json:"ipv6Addrs,omitempty"`
	IPSIdentifiers     map[IPS]string              `toml:"-" json:"ipsIdentifiers,omitempty"`
	WordPress          *WordPressConf              `toml:"wordpress,omitempty" json:"wordpress,omitempty"`

	// internal use
	LogMsgAnsiColor string     `toml:"-" json:"-"` // DebugLog Color
	Container       Container  `toml:"-" json:"-"`
	Distro          Distro     `toml:"-" json:"-"`
	Mode            ScanMode   `toml:"-" json:"-"`
	Module          ScanModule `toml:"-" json:"-"`
}

ServerInfo has SSH Info, additional CPE packages to scan.

func (ServerInfo) GetServerName added in v0.1.7

func (s ServerInfo) GetServerName() string

GetServerName returns ServerName if this serverInfo is about host. If this serverInfo is about a container, returns containerID@ServerName

func (ServerInfo) IsContainer added in v0.1.4

func (s ServerInfo) IsContainer() bool

IsContainer returns whether this ServerInfo is about container

func (*ServerInfo) SetContainer added in v0.1.4

func (s *ServerInfo) SetContainer(d Container)

SetContainer set container

type SlackConf

type SlackConf struct {
	HookURL     string   `valid:"url" json:"-" toml:"hookURL,omitempty"`
	LegacyToken string   `json:"-" toml:"legacyToken,omitempty"`
	Channel     string   `json:"-" toml:"channel,omitempty"`
	IconEmoji   string   `json:"-" toml:"iconEmoji,omitempty"`
	AuthUser    string   `json:"-" toml:"authUser,omitempty"`
	NotifyUsers []string `toml:"notifyUsers,omitempty" json:"-"`
	Text        string   `json:"-"`
}

SlackConf is slack config

func (*SlackConf) Validate

func (c *SlackConf) Validate() (errs []error)

Validate validates configuration

type SyslogConf added in v0.5.0

type SyslogConf struct {
	Protocol string `json:"-"`
	Host     string `valid:"host" json:"-"`
	Port     string `valid:"port" json:"-"`
	Severity string `json:"-"`
	Facility string `json:"-"`
	Tag      string `json:"-"`
	Verbose  bool   `json:"-"`
}

SyslogConf is syslog config

func (*SyslogConf) GetFacility added in v0.5.0

func (c *SyslogConf) GetFacility() (syslog.Priority, error)

GetFacility gets facility

func (*SyslogConf) GetSeverity added in v0.5.0

func (c *SyslogConf) GetSeverity() (syslog.Priority, error)

GetSeverity gets severity

func (*SyslogConf) Validate added in v0.5.0

func (c *SyslogConf) Validate() (errs []error)

Validate validates configuration

type TOMLLoader

type TOMLLoader struct {
}

TOMLLoader loads config

func (TOMLLoader) Load

func (c TOMLLoader) Load(pathToToml, keyPass string) error

Load load the configuration TOML file specified by path arg.

type TelegramConf added in v0.6.2

type TelegramConf struct {
	Token  string `json:"-"`
	ChatID string `json:"-"`
}

TelegramConf is Telegram config

func (*TelegramConf) Validate added in v0.6.2

func (c *TelegramConf) Validate() (errs []error)

Validate validates configuration

type WordPressConf added in v0.7.0

type WordPressConf struct {
	OSUser  string `toml:"osUser,omitempty" json:"osUser,omitempty"`
	DocRoot string `toml:"docRoot,omitempty" json:"docRoot,omitempty"`
	CmdPath string `toml:"cmdPath,omitempty" json:"cmdPath,omitempty"`
}

WordPressConf used for WordPress Scanning

func (WordPressConf) IsZero added in v0.15.0

func (cnf WordPressConf) IsZero() bool

IsZero return whether this struct is not specified in config.toml

type WpScanConf added in v0.15.0

type WpScanConf struct {
	Token          string `toml:"Token,omitempty" json:"-"`
	DetectInactive bool   `toml:"detectInactive,omitempty" json:"detectInactive,omitempty"`
}

WpScanConf is wpscan.com config

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL