config

package
v0.15.10-saas Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 1, 2021 License: AGPL-3.0 Imports: 16 Imported by: 122

Documentation

Index

Constants

View Source
const (
	// Fast is fast scan mode
	Fast = byte(1 << iota)
	// FastRoot is scanmode
	FastRoot
	// Deep is scanmode
	Deep
	// Offline is scanmode
	Offline
)
View Source
const (
	// OSPkg is scanmodule
	OSPkg = byte(1 << iota)
	// WordPress is scanmodule
	WordPress
	// Lockfile is scanmodule
	Lockfile
	// Port is scanmodule
	Port
)

Variables

View Source
var (
	// Colors has ansi color list
	Colors = []string{
		"\033[32m",
		"\033[33m",
		"\033[36m",
		"\033[35m",
		"\033[31m",
		"\033[34m",
	}
	// ResetColor is reset color
	ResetColor = "\033[0m"
)
View Source
var Revision string

Revision of Git

View Source
var Version = "`make build` or `make install` will show the version"

Version of Vuls

Functions

func Load

func Load(path, keyPass string) error

Load loads configuration

Types

type AWSConf added in v0.15.0

type AWSConf struct {
	// AWS profile to use
	Profile string `json:"profile"`

	// AWS region to use
	Region string `json:"region"`

	// S3 bucket name
	S3Bucket string `json:"s3Bucket"`

	// /bucket/path/to/results
	S3ResultsDir string `json:"s3ResultsDir"`

	// The Server-side encryption algorithm used when storing the reports in S3 (e.g., AES256, aws:kms).
	S3ServerSideEncryption string `json:"s3ServerSideEncryption"`

	Enabled bool `toml:"-" json:"-"`
}

AWSConf is aws config

func (*AWSConf) Validate added in v0.15.10

func (c *AWSConf) Validate() (errs []error)

Validate configuration

type AzureConf added in v0.15.0

type AzureConf struct {
	// Azure account name to use. AZURE_STORAGE_ACCOUNT environment variable is used if not specified
	AccountName string `json:"accountName"`

	// Azure account key to use. AZURE_STORAGE_ACCESS_KEY environment variable is used if not specified
	AccountKey string `json:"-"`

	// Azure storage container name
	ContainerName string `json:"containerName"`

	Enabled bool `toml:"-" json:"-"`
}

AzureConf is azure config

func (*AzureConf) Validate added in v0.15.10

func (c *AzureConf) Validate() (errs []error)

Validate configuration

type ChatWorkConf added in v0.5.0

type ChatWorkConf struct {
	APIToken string `json:"-"`
	Room     string `json:"-"`
	Enabled  bool   `toml:"-" json:"-"`
}

ChatWorkConf is ChatWork config

func (*ChatWorkConf) Validate added in v0.5.0

func (c *ChatWorkConf) Validate() (errs []error)

Validate validates configuration

type Config

type Config struct {
	logging.LogOpts

	// scan, report
	HTTPProxy  string `valid:"url" json:"httpProxy,omitempty"`
	ResultsDir string `json:"resultsDir,omitempty"`
	Pipe       bool   `json:"pipe,omitempty"`

	Default ServerInfo            `json:"default,omitempty"`
	Servers map[string]ServerInfo `json:"servers,omitempty"`

	ScanOpts

	// report
	CveDict    GoCveDictConf  `json:"cveDict,omitempty"`
	OvalDict   GovalDictConf  `json:"ovalDict,omitempty"`
	Gost       GostConf       `json:"gost,omitempty"`
	Exploit    ExploitConf    `json:"exploit,omitempty"`
	Metasploit MetasploitConf `json:"metasploit,omitempty"`

	Slack    SlackConf    `json:"-"`
	EMail    SMTPConf     `json:"-"`
	HTTP     HTTPConf     `json:"-"`
	Syslog   SyslogConf   `json:"-"`
	AWS      AWSConf      `json:"-"`
	Azure    AzureConf    `json:"-"`
	ChatWork ChatWorkConf `json:"-"`
	Telegram TelegramConf `json:"-"`
	WpScan   WpScanConf   `json:"-"`
	Saas     SaasConf     `json:"-"`

	ReportOpts
}

Config is struct of Configuration

var Conf Config

Conf has Configuration

func (Config) ValidateOnConfigtest added in v0.2.0

func (c Config) ValidateOnConfigtest() bool

ValidateOnConfigtest validates

func (*Config) ValidateOnReport added in v0.2.0

func (c *Config) ValidateOnReport() bool

ValidateOnReport validates configuration

func (Config) ValidateOnSaaS added in v0.15.0

func (c Config) ValidateOnSaaS() bool

ValidateOnSaaS validates configuration

func (Config) ValidateOnScan added in v0.2.0

func (c Config) ValidateOnScan() bool

ValidateOnScan validates configuration

type Container added in v0.1.4

type Container struct {
	ContainerID string
	Name        string
	Image       string
}

Container has Container information.

type ContainerSetting added in v0.5.0

type ContainerSetting struct {
	Cpes             []string `json:"cpes,omitempty"`
	OwaspDCXMLPath   string   `json:"owaspDCXMLPath,omitempty"`
	IgnorePkgsRegexp []string `json:"ignorePkgsRegexp,omitempty"`
	IgnoreCves       []string `json:"ignoreCves,omitempty"`
}

ContainerSetting is used for loading container setting in config.toml

type Distro added in v0.1.6

type Distro struct {
	Family  string
	Release string
}

Distro has distribution info

func (Distro) MajorVersion added in v0.3.0

func (l Distro) MajorVersion() (int, error)

MajorVersion returns Major version

func (Distro) String added in v0.1.6

func (l Distro) String() string

type EOL added in v0.15.0

type EOL struct {
	StandardSupportUntil time.Time
	ExtendedSupportUntil time.Time
	Ended                bool
}

EOL has End-of-Life information

func GetEOL added in v0.15.0

func GetEOL(family, release string) (eol EOL, found bool)

GetEOL return EOL information for the OS-release passed by args https://github.com/aquasecurity/trivy/blob/master/pkg/detector/ospkg/redhat/redhat.go#L20

func (EOL) IsExtendedSuppportEnded added in v0.15.0

func (e EOL) IsExtendedSuppportEnded(now time.Time) bool

IsExtendedSuppportEnded checks now is under extended support

func (EOL) IsStandardSupportEnded added in v0.15.0

func (e EOL) IsStandardSupportEnded(now time.Time) bool

IsStandardSupportEnded checks now is under standard support

type ExploitConf added in v0.6.0

type ExploitConf struct {
	VulnDict
}

ExploitConf is exploit config

func (*ExploitConf) Init added in v0.14.1

func (cnf *ExploitConf) Init()

Init set options with the following priority. 1. Environment variable 2. config.toml

type GitHubConf added in v0.6.3

type GitHubConf struct {
	Token string `json:"-"`
}

GitHubConf is used for GitHub Security Alerts

type GoCveDictConf added in v0.5.0

type GoCveDictConf struct {
	VulnDict
}

GoCveDictConf is GoCveDict config

func (*GoCveDictConf) Init added in v0.14.1

func (cnf *GoCveDictConf) Init()

Init set options with the following priority. 1. Environment variable 2. config.toml

type GostConf added in v0.5.0

type GostConf struct {
	VulnDict
}

GostConf is gost config

func (*GostConf) Init added in v0.14.1

func (cnf *GostConf) Init()

Init set options with the following priority. 1. Environment variable 2. config.toml

type GovalDictConf added in v0.5.0

type GovalDictConf struct {
	VulnDict
}

GovalDictConf is goval-dictionary config

func (*GovalDictConf) Init added in v0.14.1

func (cnf *GovalDictConf) Init()

Init set options with the following priority. 1. Environment variable 2. config.toml

type HTTPConf added in v0.5.0

type HTTPConf struct {
	URL     string `valid:"url" json:"-"`
	Enabled bool   `toml:"-" json:"-"`
}

HTTPConf is HTTP config

func (*HTTPConf) Validate added in v0.5.0

func (c *HTTPConf) Validate() (errs []error)

Validate validates configuration

type JSONLoader

type JSONLoader struct {
}

JSONLoader loads configuration

func (JSONLoader) Load

func (c JSONLoader) Load(path, sudoPass, keyPass string) (err error)

Load load the configuration JSON file specified by path arg.

type Loader

type Loader interface {
	Load(string, string) error
}

Loader is interface of concrete loader

type MetasploitConf added in v0.11.0

type MetasploitConf struct {
	VulnDict
}

MetasploitConf is gost go-metasploitdb

func (*MetasploitConf) Init added in v0.14.1

func (cnf *MetasploitConf) Init()

Init set options with the following priority. 1. Environment variable 2. config.toml

type ReportConf added in v0.15.10

type ReportConf interface {
	Validate() []error
}

ReportConf is an interface to Validate Report Config

type ReportOpts added in v0.15.10

type ReportOpts struct {
	// refactored
	CvssScoreOver      float64 `json:"cvssScoreOver,omitempty"`
	TrivyCacheDBDir    string  `json:"trivyCacheDBDir,omitempty"`
	NoProgress         bool    `json:"noProgress,omitempty"`
	RefreshCve         bool    `json:"refreshCve,omitempty"`
	IgnoreUnfixed      bool    `json:"ignoreUnfixed,omitempty"`
	IgnoreUnscoredCves bool    `json:"ignoreUnscoredCves,omitempty"`
	DiffPlus           bool    `json:"diffPlus,omitempty"`
	DiffMinus          bool    `json:"diffMinus,omitempty"`
	Diff               bool    `json:"diff,omitempty"`
	Lang               string  `json:"lang,omitempty"`

	//TODO move to GitHubConf
	IgnoreGitHubDismissed bool `json:"ignore_git_hub_dismissed,omitempty"`
}

ReportOpts is options for report

type SMTPConf added in v0.3.0

type SMTPConf struct {
	SMTPAddr      string   `toml:"smtpAddr,omitempty" json:"-"`
	SMTPPort      string   `toml:"smtpPort,omitempty" valid:"port" json:"-"`
	User          string   `toml:"user,omitempty" json:"-"`
	Password      string   `toml:"password,omitempty" json:"-"`
	From          string   `toml:"from,omitempty" json:"-"`
	To            []string `toml:"to,omitempty" json:"-"`
	Cc            []string `toml:"cc,omitempty" json:"-"`
	SubjectPrefix string   `toml:"subjectPrefix,omitempty" json:"-"`
	Enabled       bool     `toml:"-" json:"-"`
}

SMTPConf is smtp config

func (*SMTPConf) Validate added in v0.3.0

func (c *SMTPConf) Validate() (errs []error)

Validate SMTP configuration

type SaasConf added in v0.5.0

type SaasConf struct {
	GroupID int64  `json:"-"`
	Token   string `json:"-"`
	URL     string `json:"-"`
}

SaasConf is FutureVuls config

func (*SaasConf) Validate added in v0.5.0

func (c *SaasConf) Validate() (errs []error)

Validate validates configuration

type ScanMode added in v0.5.0

type ScanMode struct {
	// contains filtered or unexported fields
}

ScanMode has a type of scan mode. fast, fast-root, deep and offline

func (ScanMode) IsDeep added in v0.5.0

func (s ScanMode) IsDeep() bool

IsDeep return whether scan mode is deep

func (ScanMode) IsFast added in v0.5.0

func (s ScanMode) IsFast() bool

IsFast return whether scan mode is fast

func (ScanMode) IsFastRoot added in v0.5.0

func (s ScanMode) IsFastRoot() bool

IsFastRoot return whether scan mode is fastroot

func (ScanMode) IsOffline added in v0.5.0

func (s ScanMode) IsOffline() bool

IsOffline return whether scan mode is offline

func (*ScanMode) Set added in v0.5.0

func (s *ScanMode) Set(f byte)

Set mode

func (ScanMode) String added in v0.5.0

func (s ScanMode) String() string

type ScanModule added in v0.15.0

type ScanModule struct {
	// contains filtered or unexported fields
}

ScanModule has a type of scan module

func (ScanModule) IsScanLockFile added in v0.15.0

func (s ScanModule) IsScanLockFile() bool

IsScanLockFile whether scanning lock file

func (ScanModule) IsScanOSPkg added in v0.15.0

func (s ScanModule) IsScanOSPkg() bool

IsScanOSPkg return whether scanning os pkg

func (ScanModule) IsScanPort added in v0.15.0

func (s ScanModule) IsScanPort() bool

IsScanPort whether scanning listening ports

func (ScanModule) IsScanWordPress added in v0.15.0

func (s ScanModule) IsScanWordPress() bool

IsScanWordPress return whether scanning wordpress

func (ScanModule) IsZero added in v0.15.0

func (s ScanModule) IsZero() bool

IsZero return the struct value are all false

func (*ScanModule) Set added in v0.15.0

func (s *ScanModule) Set(f byte)

Set module

type ScanOpts added in v0.15.10

type ScanOpts struct {
	Vvv bool `json:"vvv,omitempty"`
}

ScanOpts is options for scan

type ServerInfo

type ServerInfo struct {
	ServerName         string                      `toml:"-" json:"serverName,omitempty"`
	User               string                      `toml:"user,omitempty" json:"user,omitempty"`
	Host               string                      `toml:"host,omitempty" json:"host,omitempty"`
	JumpServer         []string                    `toml:"jumpServer,omitempty" json:"jumpServer,omitempty"`
	Port               string                      `toml:"port,omitempty" json:"port,omitempty"`
	SSHConfigPath      string                      `toml:"sshConfigPath,omitempty" json:"sshConfigPath,omitempty"`
	KeyPath            string                      `toml:"keyPath,omitempty" json:"keyPath,omitempty"`
	CpeNames           []string                    `toml:"cpeNames,omitempty" json:"cpeNames,omitempty"`
	ScanMode           []string                    `toml:"scanMode,omitempty" json:"scanMode,omitempty"`
	ScanModules        []string                    `toml:"scanModules,omitempty" json:"scanModules,omitempty"`
	OwaspDCXMLPath     string                      `toml:"owaspDCXMLPath,omitempty" json:"owaspDCXMLPath,omitempty"`
	ContainersOnly     bool                        `toml:"containersOnly,omitempty" json:"containersOnly,omitempty"`
	ContainersIncluded []string                    `toml:"containersIncluded,omitempty" json:"containersIncluded,omitempty"`
	ContainersExcluded []string                    `toml:"containersExcluded,omitempty" json:"containersExcluded,omitempty"`
	ContainerType      string                      `toml:"containerType,omitempty" json:"containerType,omitempty"`
	Containers         map[string]ContainerSetting `toml:"containers,omitempty" json:"containers,omitempty"`
	IgnoreCves         []string                    `toml:"ignoreCves,omitempty" json:"ignoreCves,omitempty"`
	IgnorePkgsRegexp   []string                    `toml:"ignorePkgsRegexp,omitempty" json:"ignorePkgsRegexp,omitempty"`
	GitHubRepos        map[string]GitHubConf       `toml:"githubs" json:"githubs,omitempty"` // key: owner/repo
	UUIDs              map[string]string           `toml:"uuids,omitempty" json:"uuids,omitempty"`
	Memo               string                      `toml:"memo,omitempty" json:"memo,omitempty"`
	Enablerepo         []string                    `toml:"enablerepo,omitempty" json:"enablerepo,omitempty"` // For CentOS, RHEL, Amazon
	Optional           map[string]interface{}      `toml:"optional,omitempty" json:"optional,omitempty"`     // Optional key-value set that will be outputted to JSON
	Lockfiles          []string                    `toml:"lockfiles,omitempty" json:"lockfiles,omitempty"`   // ie) path/to/package-lock.json
	FindLock           bool                        `toml:"findLock,omitempty" json:"findLock,omitempty"`
	Type               string                      `toml:"type,omitempty" json:"type,omitempty"` // "pseudo" or ""
	IgnoredJSONKeys    []string                    `toml:"ignoredJSONKeys,omitempty" json:"ignoredJSONKeys,omitempty"`
	IPv4Addrs          []string                    `toml:"-" json:"ipv4Addrs,omitempty"`
	IPv6Addrs          []string                    `toml:"-" json:"ipv6Addrs,omitempty"`
	IPSIdentifiers     map[string]string           `toml:"-" json:"ipsIdentifiers,omitempty"`
	WordPress          *WordPressConf              `toml:"wordpress,omitempty" json:"wordpress,omitempty"`

	// internal use
	LogMsgAnsiColor string     `toml:"-" json:"-"` // DebugLog Color
	Container       Container  `toml:"-" json:"-"`
	Distro          Distro     `toml:"-" json:"-"`
	Mode            ScanMode   `toml:"-" json:"-"`
	Module          ScanModule `toml:"-" json:"-"`
}

ServerInfo has SSH Info, additional CPE packages to scan.

func (ServerInfo) GetServerName added in v0.1.7

func (s ServerInfo) GetServerName() string

GetServerName returns ServerName if this serverInfo is about host. If this serverInfo is about a container, returns containerID@ServerName

func (ServerInfo) IsContainer added in v0.1.4

func (s ServerInfo) IsContainer() bool

IsContainer returns whether this ServerInfo is about container

func (*ServerInfo) SetContainer added in v0.1.4

func (s *ServerInfo) SetContainer(d Container)

SetContainer set container

type SlackConf

type SlackConf struct {
	HookURL     string   `valid:"url" json:"-" toml:"hookURL,omitempty"`
	LegacyToken string   `json:"-" toml:"legacyToken,omitempty"`
	Channel     string   `json:"-" toml:"channel,omitempty"`
	IconEmoji   string   `json:"-" toml:"iconEmoji,omitempty"`
	AuthUser    string   `json:"-" toml:"authUser,omitempty"`
	NotifyUsers []string `toml:"notifyUsers,omitempty" json:"-"`
	Text        string   `json:"-"`
	Enabled     bool     `toml:"-" json:"-"`
}

SlackConf is slack config

func (*SlackConf) Validate

func (c *SlackConf) Validate() (errs []error)

Validate validates configuration

type SyslogConf added in v0.5.0

type SyslogConf struct {
	Protocol string `json:"-"`
	Host     string `valid:"host" json:"-"`
	Port     string `valid:"port" json:"-"`
	Severity string `json:"-"`
	Facility string `json:"-"`
	Tag      string `json:"-"`
	Verbose  bool   `json:"-"`
	Enabled  bool   `toml:"-" json:"-"`
}

SyslogConf is syslog config

func (*SyslogConf) GetFacility added in v0.5.0

func (c *SyslogConf) GetFacility() (syslog.Priority, error)

GetFacility gets facility

func (*SyslogConf) GetSeverity added in v0.5.0

func (c *SyslogConf) GetSeverity() (syslog.Priority, error)

GetSeverity gets severity

func (*SyslogConf) Validate added in v0.5.0

func (c *SyslogConf) Validate() (errs []error)

Validate validates configuration

type TOMLLoader

type TOMLLoader struct {
}

TOMLLoader loads config

func (TOMLLoader) Load

func (c TOMLLoader) Load(pathToToml, keyPass string) error

Load load the configuration TOML file specified by path arg.

type TelegramConf added in v0.6.2

type TelegramConf struct {
	Token   string `json:"-"`
	ChatID  string `json:"-"`
	Enabled bool   `toml:"-" json:"-"`
}

TelegramConf is Telegram config

func (*TelegramConf) Validate added in v0.6.2

func (c *TelegramConf) Validate() (errs []error)

Validate validates configuration

type VulnDict added in v0.15.10

type VulnDict struct {
	Name string

	// DB type of CVE dictionary (sqlite3, mysql, postgres or redis)
	Type string

	// http://cve-dictionary.com:1323 or DB connection string
	URL string `json:"-"`

	// /path/to/cve.sqlite3
	SQLite3Path string

	DebugSQL bool
}

VulnDict is a base struct of vuln dicts

func (VulnDict) CheckHTTPHealth added in v0.15.10

func (cnf VulnDict) CheckHTTPHealth() error

CheckHTTPHealth checks http server status

func (VulnDict) GetDebugSQL added in v0.15.10

func (cnf VulnDict) GetDebugSQL() bool

GetDebugSQL return debugSQL flag

func (VulnDict) GetName added in v0.15.10

func (cnf VulnDict) GetName() string

GetName returns name

func (VulnDict) GetSQLite3Path added in v0.15.10

func (cnf VulnDict) GetSQLite3Path() string

GetSQLite3Path return the path of SQLite3

func (VulnDict) GetType added in v0.15.10

func (cnf VulnDict) GetType() string

GetType returns type

func (VulnDict) GetURL added in v0.15.10

func (cnf VulnDict) GetURL() string

GetURL returns url

func (VulnDict) Init added in v0.15.10

func (cnf VulnDict) Init()

Init the struct

func (VulnDict) IsFetchViaHTTP added in v0.15.10

func (cnf VulnDict) IsFetchViaHTTP() bool

IsFetchViaHTTP returns if fetch via HTTP

func (VulnDict) Validate added in v0.15.10

func (cnf VulnDict) Validate() error

Validate settings

type VulnDictInterface added in v0.15.10

type VulnDictInterface interface {
	Init()
	Validate() error
	IsFetchViaHTTP() bool
	CheckHTTPHealth() error
	GetName() string
	GetType() string
	GetURL() string
	GetSQLite3Path() string
	GetDebugSQL() bool
}

VulnDictInterface is an interface of vulnsrc

type WordPressConf added in v0.7.0

type WordPressConf struct {
	OSUser  string `toml:"osUser,omitempty" json:"osUser,omitempty"`
	DocRoot string `toml:"docRoot,omitempty" json:"docRoot,omitempty"`
	CmdPath string `toml:"cmdPath,omitempty" json:"cmdPath,omitempty"`
}

WordPressConf used for WordPress Scanning

func (WordPressConf) IsZero added in v0.15.0

func (cnf WordPressConf) IsZero() bool

IsZero return whether this struct is not specified in config.toml

type WpScanConf added in v0.15.0

type WpScanConf struct {
	Token          string `toml:"token,omitempty" json:"-"`
	DetectInactive bool   `toml:"detectInactive,omitempty" json:"detectInactive,omitempty"`
}

WpScanConf is wpscan.com config

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL