utils

package
v1.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 27, 2024 License: Apache-2.0 Imports: 49 Imported by: 1

Documentation

Index

Constants

View Source
const (
	EntitlementsMinVersion = "3.66.5"
	ApplicabilityFeatureId = "contextual_analysis"
	AnalyzerManagerZipName = "analyzerManager.zip"

	ErrFailedScannerRun = "failed to run %s scan. Exit code received: %s"

	JfMsiEnvVariable            = "JF_MSI"
	JfPackageManagerEnvVariable = "AM_PACKAGE_MANAGER"
	JfLanguageEnvVariable       = "AM_LANGUAGE"
)
View Source
const (
	JfrogCurationDirName = "curation"

	CurationsDir = "JFROG_CLI_CURATION_DIR"

	// #nosec G101 -- Not credentials.
	CurationSupportFlag = "JFROG_CLI_CURATION"
)
View Source
const (
	BaseDocumentationURL = "https://docs.jfrog-applications.jfrog.io/jfrog-security-features/"
)
View Source
const MissingCveScore = "0"
View Source
const (
	NpmPackageTypeIdentifier = "npm://"
)
View Source
const (
	SeverityDefaultValue = "Medium"
)

Variables

View Source
var Severities = map[string]map[ApplicabilityStatus]*TableSeverity{
	"Critical": {
		Applicable:                {SeverityDetails: formats.SeverityDetails{Severity: "Critical", SeverityNumValue: 20}, /* contains filtered or unexported fields */},
		ApplicabilityUndetermined: {SeverityDetails: formats.SeverityDetails{Severity: "Critical", SeverityNumValue: 19}, /* contains filtered or unexported fields */},
		NotCovered:                {SeverityDetails: formats.SeverityDetails{Severity: "Critical", SeverityNumValue: 18}, /* contains filtered or unexported fields */},
		NotApplicable:             {SeverityDetails: formats.SeverityDetails{Severity: "Critical", SeverityNumValue: 5}, /* contains filtered or unexported fields */},
	},
	"High": {
		Applicable:                {SeverityDetails: formats.SeverityDetails{Severity: "High", SeverityNumValue: 17}, /* contains filtered or unexported fields */},
		ApplicabilityUndetermined: {SeverityDetails: formats.SeverityDetails{Severity: "High", SeverityNumValue: 16}, /* contains filtered or unexported fields */},
		NotCovered:                {SeverityDetails: formats.SeverityDetails{Severity: "High", SeverityNumValue: 15}, /* contains filtered or unexported fields */},
		NotApplicable:             {SeverityDetails: formats.SeverityDetails{Severity: "High", SeverityNumValue: 4}, /* contains filtered or unexported fields */},
	},
	"Medium": {
		Applicable:                {SeverityDetails: formats.SeverityDetails{Severity: "Medium", SeverityNumValue: 14}, /* contains filtered or unexported fields */},
		ApplicabilityUndetermined: {SeverityDetails: formats.SeverityDetails{Severity: "Medium", SeverityNumValue: 13}, /* contains filtered or unexported fields */},
		NotCovered:                {SeverityDetails: formats.SeverityDetails{Severity: "Medium", SeverityNumValue: 12}, /* contains filtered or unexported fields */},
		NotApplicable:             {SeverityDetails: formats.SeverityDetails{Severity: "Medium", SeverityNumValue: 3}, /* contains filtered or unexported fields */},
	},
	"Low": {
		Applicable:                {SeverityDetails: formats.SeverityDetails{Severity: "Low", SeverityNumValue: 11}, /* contains filtered or unexported fields */},
		ApplicabilityUndetermined: {SeverityDetails: formats.SeverityDetails{Severity: "Low", SeverityNumValue: 10}, /* contains filtered or unexported fields */},
		NotCovered:                {SeverityDetails: formats.SeverityDetails{Severity: "Low", SeverityNumValue: 9}, /* contains filtered or unexported fields */},
		NotApplicable:             {SeverityDetails: formats.SeverityDetails{Severity: "Low", SeverityNumValue: 2}, /* contains filtered or unexported fields */},
	},
	"Unknown": {
		Applicable:                {SeverityDetails: formats.SeverityDetails{Severity: "Unknown", SeverityNumValue: 8}, /* contains filtered or unexported fields */},
		ApplicabilityUndetermined: {SeverityDetails: formats.SeverityDetails{Severity: "Unknown", SeverityNumValue: 7}, /* contains filtered or unexported fields */},
		NotCovered:                {SeverityDetails: formats.SeverityDetails{Severity: "Unknown", SeverityNumValue: 6}, /* contains filtered or unexported fields */},
		NotApplicable:             {SeverityDetails: formats.SeverityDetails{Severity: "Unknown", SeverityNumValue: 1}, /* contains filtered or unexported fields */},
	},
}

Functions

func AggregateMultipleRunsIntoSingle

func AggregateMultipleRunsIntoSingle(runs []*sarif.Run, destination *sarif.Run)

func ApplicabilityRuleIdToCve

func ApplicabilityRuleIdToCve(sarifRuleId string) string

func BuildXrayDependencyTree added in v1.2.0

func BuildXrayDependencyTree(treeHelper map[string]DepTreeNode, nodeId string) (*xrayUtils.GraphNode, map[string]*DepTreeNode)

func CheckIfFailBuild

func CheckIfFailBuild(results []services.ScanResponse) bool

func ConvertSarifReportToString

func ConvertSarifReportToString(report *sarif.Report) (sarifStr string, err error)

func ConvertSummaryToString added in v1.2.0

func ConvertSummaryToString(results SecurityCommandsSummary) (summary string, err error)

func ConvertToSarifLevel

func ConvertToSarifLevel(severity string) string

func ConvertXrayScanToSimpleJson

func ConvertXrayScanToSimpleJson(results *Results, isMultipleRoots, includeLicenses, simplifiedOutput bool, allowedLicenses []string) (formats.SimpleJsonResults, error)

func CreateCodeFlow

func CreateCodeFlow(threadFlows ...*sarif.ThreadFlow) *sarif.CodeFlow

func CreateDummyPassingResult

func CreateDummyPassingResult(ruleId string) *sarif.Result

func CreateLocation

func CreateLocation(fileName string, startLine, startCol, endLine, endCol int, snippet string) *sarif.Location

func CreateRestsMockServer added in v1.1.0

func CreateRestsMockServer(testHandler restsTestHandler) *httptest.Server

Create mock server to test REST APIs. testHandler - The HTTP handler of the test

func CreateResultWithLocations

func CreateResultWithLocations(msg, ruleId, level string, locations ...*sarif.Location) *sarif.Result

func CreateResultWithOneLocation

func CreateResultWithOneLocation(fileName string, startLine, startCol, endLine, endCol int, snippet, ruleId, level string) *sarif.Result

func CreateRunWithDummyResultAndRuleProperties added in v1.1.0

func CreateRunWithDummyResultAndRuleProperties(property, value string, result *sarif.Result) *sarif.Run

func CreateRunWithDummyResults

func CreateRunWithDummyResults(results ...*sarif.Result) *sarif.Run

func CreateThreadFlow

func CreateThreadFlow(locations ...*sarif.Location) *sarif.ThreadFlow

func CreateXrayServiceManager

func CreateXrayServiceManager(serverDetails *config.ServerDetails) (*xray.XrayServicesManager, error)

func CreateXrayServiceManagerAndGetVersion

func CreateXrayServiceManagerAndGetVersion(serviceDetails *config.ServerDetails) (*xray.XrayServicesManager, string, error)

func CreateXscRestsMockServer added in v1.1.0

func CreateXscRestsMockServer(t *testing.T, testHandler restsTestHandler) (*httptest.Server, *config.ServerDetails, artifactory.ArtifactoryServicesManager)

func CreateXscServiceManager added in v1.1.0

func CreateXscServiceManager(serviceDetails *config.ServerDetails) (*xsc.XscServicesManager, error)

func CveToApplicabilityRuleId

func CveToApplicabilityRuleId(cveId string) string

func DownloadAnalyzerManagerIfNeeded

func DownloadAnalyzerManagerIfNeeded(threadId int) error

Download the latest AnalyzerManager executable if not cached locally. By default, the zip is downloaded directly from jfrog releases.

func ExtractRelativePath

func ExtractRelativePath(resultPath string, projectRoot string) string

func GenereateSarifReportFromResults

func GenereateSarifReportFromResults(results *Results, isMultipleRoots, includeLicenses bool, allowedLicenses []string) (report *sarif.Report, err error)

func GetAnalyzerManagerDirAbsolutePath

func GetAnalyzerManagerDirAbsolutePath() (string, error)

func GetAnalyzerManagerDownloadPath

func GetAnalyzerManagerDownloadPath() (string, error)

func GetAnalyzerManagerExecutable

func GetAnalyzerManagerExecutable() (analyzerManagerPath string, err error)

func GetAnalyzerManagerExecutableName

func GetAnalyzerManagerExecutableName() string

func GetAnalyzerManagerVersion

func GetAnalyzerManagerVersion() string

func GetApplicableResultCountFromRule added in v1.4.0

func GetApplicableResultCountFromRule(runs ...*sarif.Run) (count int)

func GetCurationCacheFolder added in v1.0.4

func GetCurationCacheFolder() (string, error)

func GetCurationCacheFolderByTech added in v1.3.0

func GetCurationCacheFolderByTech(tech techutils.Technology) (projectDir string, err error)

func GetCurationPipCacheFolder added in v1.1.0

func GetCurationPipCacheFolder() (string, error)

func GetDependenciesGraph added in v1.3.0

func GetDependenciesGraph(projectDir string) (map[string][]string, error)

func GetDependenciesList added in v1.3.0

func GetDependenciesList(projectDir string, errorFunc utils.HandleErrorFunc) (map[string]bool, error)

func GetFullLocationFileName

func GetFullLocationFileName(relative string, invocations []*sarif.Invocation) string

func GetInvocationWorkingDirectory

func GetInvocationWorkingDirectory(invocation *sarif.Invocation) string

func GetIssueIdentifier

func GetIssueIdentifier(cvesRow []formats.CveRow, issueId string) string

func GetLocationEndColumn

func GetLocationEndColumn(location *sarif.Location) int

func GetLocationEndLine

func GetLocationEndLine(location *sarif.Location) int

func GetLocationFileName

func GetLocationFileName(location *sarif.Location) string

func GetLocationId added in v1.2.0

func GetLocationId(location *sarif.Location) string

func GetLocationRelatedCodeFlowsFromResult

func GetLocationRelatedCodeFlowsFromResult(location *sarif.Location, result *sarif.Result) (codeFlows []*sarif.CodeFlow)

func GetLocationSnippet

func GetLocationSnippet(location *sarif.Location) string

func GetLocationStartColumn

func GetLocationStartColumn(location *sarif.Location) int

func GetLocationStartLine

func GetLocationStartLine(location *sarif.Location) int

func GetRelativeLocationFileName

func GetRelativeLocationFileName(location *sarif.Location, invocations []*sarif.Invocation) string

func GetResultMsgText

func GetResultMsgText(result *sarif.Result) string

func GetResultSeverity

func GetResultSeverity(result *sarif.Result) string

func GetResultsLocationCount

func GetResultsLocationCount(runs ...*sarif.Run) (count int)

func GetRuleFullDescription

func GetRuleFullDescription(rule *sarif.ReportingDescriptor) string

func GetRunRules

func GetRunRules(run *sarif.Run) []*sarif.ReportingDescriptor

func GetRunsByWorkingDirectory added in v1.2.0

func GetRunsByWorkingDirectory(workingDirectory string, runs ...*sarif.Run) (filteredRuns []*sarif.Run)

func GetScaSummaryCountString added in v1.2.0

func GetScaSummaryCountString(summary formats.ScanScaResult, padding int) (content string)

func GetScanSummaryString added in v1.2.0

func GetScanSummaryString(summary formats.ScanSummaryResult, singleData bool) (content string)

func GetSeveritiesFormat

func GetSeveritiesFormat(severity string) (string, error)

func GetSeveritySummaryCountString added in v1.2.0

func GetSeveritySummaryCountString(summary formats.SummaryCount, padding int) (content string)

func GetSummaryContentString added in v1.2.0

func GetSummaryContentString(summary formats.SummaryCount, delimiter string, wrapWithBracket bool) (content string)

func GetUniqueKey

func GetUniqueKey(vulnerableDependency, vulnerableVersion, xrayID string, fixVersionExist bool) string

GetUniqueKey returns a unique string key of format "vulnerableDependency:vulnerableVersion:xrayID:fixVersionExist"

func GetViolatedLicenses

func GetViolatedLicenses(allowedLicenses []string, licenses []formats.LicenseRow) (violatedLicenses []formats.LicenseRow)

func IsApplicableResult

func IsApplicableResult(result *sarif.Result) bool

func IsEmptyScanResponse

func IsEmptyScanResponse(results []services.ScanResponse) bool

func IsReportLogErrorEventPossible added in v1.1.0

func IsReportLogErrorEventPossible(xscManager *xsc.XscServicesManager) bool

Determines if reporting the error is feasible.

func NewFailBuildError

func NewFailBuildError() error

func NewReport

func NewReport() (*sarif.Report, error)

func ParseAnalyzerManagerError

func ParseAnalyzerManagerError(scanner JasScanType, err error) error

func PrepareIacs

func PrepareIacs(iacs []*sarif.Run) []formats.SourceCodeRow

Prepare iacs for all non-table formats (without style or emoji)

func PrepareLicenses

func PrepareLicenses(licenses []services.License) ([]formats.LicenseRow, error)

func PrepareSast

func PrepareSast(sasts []*sarif.Run) []formats.SourceCodeRow

func PrepareSecrets

func PrepareSecrets(secrets []*sarif.Run) []formats.SourceCodeRow

Prepare secrets for all non-table formats (without style or emoji)

func PrepareViolations

func PrepareViolations(violations []services.Violation, results *Results, multipleRoots, simplifiedOutput bool) ([]formats.VulnerabilityOrViolationRow, []formats.LicenseRow, []formats.OperationalRiskViolationRow, error)

Prepare violations for all non-table formats (without style or emoji)

func PrepareVulnerabilities

func PrepareVulnerabilities(vulnerabilities []services.Vulnerability, results *Results, multipleRoots, simplifiedOutput bool) ([]formats.VulnerabilityOrViolationRow, error)

Prepare vulnerabilities for all non-table formats (without style or emoji)

func PrintIacTable

func PrintIacTable(iacs []*sarif.Run, entitledForIacScan bool) error

func PrintJson

func PrintJson(output interface{}) error

func PrintLicensesTable

func PrintLicensesTable(licenses []services.License, printExtended bool, scanType services.ScanType) error

PrintLicensesTable prints the licenses in a table. Set multipleRoots to true in case the given licenses array contains (or may contain) results of several projects or files (like in binary scan). In case multipleRoots is true, the field Component will show the root of each impact path, otherwise it will show the root's child. Set printExtended to true to print fields with 'extended' tag. If the scan argument is set to true, print the scan tables.

func PrintSarif

func PrintSarif(results *Results, isMultipleRoots, includeLicenses bool) error

func PrintSastTable

func PrintSastTable(sast []*sarif.Run, entitledForSastScan bool) error

func PrintSecretsTable

func PrintSecretsTable(secrets []*sarif.Run, entitledForSecretsScan bool) error

func PrintViolationsTable

func PrintViolationsTable(violations []services.Violation, results *Results, multipleRoots, printExtended bool, scanType services.ScanType) error

PrintViolationsTable prints the violations in 4 tables: security violations, license compliance violations, operational risk violations and ignore rule URLs. Set multipleRoots to true in case the given violations array contains (or may contain) results of several projects or files (like in binary scan). In case multipleRoots is true, the field Component will show the root of each impact path, otherwise it will show the root's child. In case one (or more) of the violations contains the field FailBuild set to true, CliError with exit code 3 will be returned. Set printExtended to true to print fields with 'extended' tag. If the scan argument is set to true, print the scan tables.

func PrintVulnerabilitiesTable

func PrintVulnerabilitiesTable(vulnerabilities []services.Vulnerability, results *Results, multipleRoots, printExtended bool, scanType services.ScanType) error

PrintVulnerabilitiesTable prints the vulnerabilities in a table. Set multipleRoots to true in case the given vulnerabilities array contains (or may contain) results of several projects or files (like in binary scan). In case multipleRoots is true, the field Component will show the root of each impact path, otherwise it will show the root's child. Set printExtended to true to print fields with 'extended' tag. If the scan argument is set to true, print the scan tables.

func ReadScanRunsFromFile

func ReadScanRunsFromFile(fileName string) (sarifRuns []*sarif.Run, err error)

func RecordSecurityCommandOutput added in v1.2.0

func RecordSecurityCommandOutput(content ScanCommandSummaryResult) (err error)

Record the security command output

func ReportError added in v1.1.0

func ReportError(serverDetails *config.ServerDetails, errorToReport error, source string) error

Sends an error report when the Xsc service is enabled. Errors returned by this function typically do not disrupt the flow, as reporting errors is optional.

func SecurityCommandsJobSummary added in v1.2.0

func SecurityCommandsJobSummary() (js *commandsummary.CommandSummary, err error)

Manage the job summary for security commands

func SendXscLogMessageIfEnabled added in v1.1.0

func SendXscLogMessageIfEnabled(errorLog *services.ExternalErrorLog, xscManager *xsc.XscServicesManager) error

func SetAnalyzerManagerEnvVariables

func SetAnalyzerManagerEnvVariables(serverDetails *config.ServerDetails) error

func SetLocationFileName

func SetLocationFileName(location *sarif.Location, fileName string)

func SetLocationSnippet

func SetLocationSnippet(location *sarif.Location, snippet string)

func SplitComponentId

func SplitComponentId(componentId string) (string, string, string)

SplitComponentId splits a Xray component ID to the component name, version and package type. In case componentId doesn't contain a version, the returned version will be an empty string. In case componentId's format is invalid, it will be returned as the component name and empty strings will be returned instead of the version and the package type. Examples:

  1. componentId: "gav://antparent:ant:1.6.5" Returned values: Component name: "antparent:ant" Component version: "1.6.5" Package type: "Maven"
  2. componentId: "generic://sha256:244fd47e07d1004f0aed9c156aa09083c82bf8944eceb67c946ff7430510a77b/foo.jar" Returned values: Component name: "foo.jar" Component version: "" Package type: "Generic"
  3. componentId: "invalid-comp-id" Returned values: Component name: "invalid-comp-id" Component version: "" Package type: ""

func SplitScanResults

func SplitScanResults(results []*ScaScanResult) ([]services.Violation, []services.Vulnerability, []services.License)

Splits scan responses into aggregated lists of violations, vulnerabilities and licenses.

Types

type AnalyticsMetricsService added in v1.1.0

type AnalyticsMetricsService struct {
	// contains filtered or unexported fields
}

func NewAnalyticsMetricsService added in v1.1.0

func NewAnalyticsMetricsService(serviceDetails *config.ServerDetails) *AnalyticsMetricsService

func (*AnalyticsMetricsService) AddGeneralEvent added in v1.1.0

func (ams *AnalyticsMetricsService) AddGeneralEvent(event *xscservices.XscAnalyticsGeneralEvent)

func (*AnalyticsMetricsService) AddScanFindingsToXscAnalyticsGeneralEventFinalize added in v1.1.0

func (ams *AnalyticsMetricsService) AddScanFindingsToXscAnalyticsGeneralEventFinalize(findingsAmount int)

func (*AnalyticsMetricsService) CreateGeneralEvent added in v1.1.0

func (*AnalyticsMetricsService) CreateXscAnalyticsGeneralEventFinalizeFromAuditResults added in v1.1.0

func (ams *AnalyticsMetricsService) CreateXscAnalyticsGeneralEventFinalizeFromAuditResults(auditResults *Results) *xscservices.XscAnalyticsGeneralEventFinalize

func (*AnalyticsMetricsService) FinalizeEvent added in v1.1.0

func (*AnalyticsMetricsService) GetGeneralEvent added in v1.1.0

func (*AnalyticsMetricsService) GetMsi added in v1.1.0

func (ams *AnalyticsMetricsService) GetMsi() string

func (*AnalyticsMetricsService) GetStartTime added in v1.1.0

func (ams *AnalyticsMetricsService) GetStartTime() time.Time

func (*AnalyticsMetricsService) SetFinalizeEvent added in v1.1.0

func (ams *AnalyticsMetricsService) SetFinalizeEvent(finalizeEvent *xscservices.XscAnalyticsGeneralEventFinalize)

func (*AnalyticsMetricsService) SetMsi added in v1.1.0

func (ams *AnalyticsMetricsService) SetMsi(msi string)

func (*AnalyticsMetricsService) SetShouldReportEvents added in v1.1.0

func (ams *AnalyticsMetricsService) SetShouldReportEvents(shouldReportEvents bool)

func (*AnalyticsMetricsService) SetStartTime added in v1.1.0

func (ams *AnalyticsMetricsService) SetStartTime()

func (*AnalyticsMetricsService) ShouldReportEvents added in v1.1.0

func (ams *AnalyticsMetricsService) ShouldReportEvents() bool

func (*AnalyticsMetricsService) UpdateAndSendXscAnalyticsGeneralEventFinalize added in v1.1.0

func (ams *AnalyticsMetricsService) UpdateAndSendXscAnalyticsGeneralEventFinalize(err error)

func (*AnalyticsMetricsService) UpdateGeneralEvent added in v1.1.0

func (*AnalyticsMetricsService) UpdateXscAnalyticsGeneralEventFinalizeStatus added in v1.1.0

func (ams *AnalyticsMetricsService) UpdateXscAnalyticsGeneralEventFinalizeStatus(status xscservices.EventStatus)

func (*AnalyticsMetricsService) UpdateXscAnalyticsGeneralEventFinalizeWithTotalScanDuration added in v1.1.0

func (ams *AnalyticsMetricsService) UpdateXscAnalyticsGeneralEventFinalizeWithTotalScanDuration()

func (*AnalyticsMetricsService) XscManager added in v1.1.0

func (ams *AnalyticsMetricsService) XscManager() *xsc.XscServicesManager

type AnalyzerManager

type AnalyzerManager struct {
	AnalyzerManagerFullPath string
	MultiScanId             string
}

func (*AnalyzerManager) Exec

func (am *AnalyzerManager) Exec(configFile, scanCommand, workingDir string, serverDetails *config.ServerDetails) (err error)

func (*AnalyzerManager) ExecWithOutputFile

func (am *AnalyzerManager) ExecWithOutputFile(configFile, scanCommand, workingDir, outputFile string, serverDetails *config.ServerDetails) (err error)

type ApplicabilityStatus

type ApplicabilityStatus string
const (
	Applicable                ApplicabilityStatus = "Applicable"
	NotApplicable             ApplicabilityStatus = "Not Applicable"
	ApplicabilityUndetermined ApplicabilityStatus = "Undetermined"
	NotCovered                ApplicabilityStatus = "Not Covered"
	NotScanned                ApplicabilityStatus = ""
)

func (ApplicabilityStatus) String

func (as ApplicabilityStatus) String() string

type AuditBasicParams

type AuditBasicParams struct {
	// contains filtered or unexported fields
}

func (*AuditBasicParams) AppendDependenciesForApplicabilityScan

func (abp *AuditBasicParams) AppendDependenciesForApplicabilityScan(directDependencies []string) *AuditBasicParams

func (*AuditBasicParams) Args

func (abp *AuditBasicParams) Args() []string

func (*AuditBasicParams) DepsRepo

func (abp *AuditBasicParams) DepsRepo() string

func (*AuditBasicParams) DirectDependencies

func (abp *AuditBasicParams) DirectDependencies() *[]string

func (*AuditBasicParams) ExcludeTestDependencies

func (abp *AuditBasicParams) ExcludeTestDependencies() bool

func (*AuditBasicParams) Exclusions added in v1.0.4

func (abp *AuditBasicParams) Exclusions() []string

func (*AuditBasicParams) IgnoreConfigFile

func (abp *AuditBasicParams) IgnoreConfigFile() bool

func (*AuditBasicParams) InsecureTls

func (abp *AuditBasicParams) InsecureTls() bool

func (*AuditBasicParams) InstallCommandArgs

func (abp *AuditBasicParams) InstallCommandArgs() []string

func (*AuditBasicParams) InstallCommandName

func (abp *AuditBasicParams) InstallCommandName() string

func (*AuditBasicParams) IsCurationCmd added in v1.0.2

func (abp *AuditBasicParams) IsCurationCmd() bool

func (*AuditBasicParams) IsMavenDepTreeInstalled

func (abp *AuditBasicParams) IsMavenDepTreeInstalled() bool

func (*AuditBasicParams) IsRecursiveScan added in v1.0.4

func (abp *AuditBasicParams) IsRecursiveScan() bool

func (*AuditBasicParams) OutputFormat

func (abp *AuditBasicParams) OutputFormat() format.OutputFormat

func (*AuditBasicParams) PipRequirementsFile

func (abp *AuditBasicParams) PipRequirementsFile() string

func (*AuditBasicParams) Progress

func (abp *AuditBasicParams) Progress() ioUtils.ProgressMgr

func (*AuditBasicParams) ScansToPerform added in v1.4.0

func (abp *AuditBasicParams) ScansToPerform() []SubScanType

func (*AuditBasicParams) ServerDetails

func (abp *AuditBasicParams) ServerDetails() (*config.ServerDetails, error)

func (*AuditBasicParams) SetDepsRepo

func (abp *AuditBasicParams) SetDepsRepo(depsRepo string) *AuditBasicParams

func (*AuditBasicParams) SetExcludeTestDependencies

func (abp *AuditBasicParams) SetExcludeTestDependencies(excludeTestDependencies bool) *AuditBasicParams

func (*AuditBasicParams) SetExclusions added in v1.0.4

func (abp *AuditBasicParams) SetExclusions(exclusions []string) *AuditBasicParams

func (*AuditBasicParams) SetIgnoreConfigFile

func (abp *AuditBasicParams) SetIgnoreConfigFile(ignoreConfigFile bool) *AuditBasicParams

func (*AuditBasicParams) SetInsecureTls

func (abp *AuditBasicParams) SetInsecureTls(insecureTls bool) *AuditBasicParams

func (*AuditBasicParams) SetInstallCommandArgs

func (abp *AuditBasicParams) SetInstallCommandArgs(installCommandArgs []string) *AuditBasicParams

func (*AuditBasicParams) SetInstallCommandName

func (abp *AuditBasicParams) SetInstallCommandName(installCommandName string) *AuditBasicParams

func (*AuditBasicParams) SetIsCurationCmd added in v1.0.2

func (abp *AuditBasicParams) SetIsCurationCmd(isCurationCmd bool) *AuditBasicParams

func (*AuditBasicParams) SetIsMavenDepTreeInstalled

func (abp *AuditBasicParams) SetIsMavenDepTreeInstalled(isMavenDepTreeInstalled bool) *AuditBasicParams

func (*AuditBasicParams) SetIsRecursiveScan added in v1.0.4

func (abp *AuditBasicParams) SetIsRecursiveScan(isRecursiveScan bool) *AuditBasicParams

func (*AuditBasicParams) SetNpmScope

func (abp *AuditBasicParams) SetNpmScope(depType string) *AuditBasicParams

func (*AuditBasicParams) SetOutputFormat

func (abp *AuditBasicParams) SetOutputFormat(format format.OutputFormat) *AuditBasicParams

func (*AuditBasicParams) SetPipRequirementsFile

func (abp *AuditBasicParams) SetPipRequirementsFile(requirementsFile string) *AuditBasicParams

func (*AuditBasicParams) SetProgress

func (abp *AuditBasicParams) SetProgress(progress ioUtils.ProgressMgr)

func (*AuditBasicParams) SetScansToPerform added in v1.4.0

func (abp *AuditBasicParams) SetScansToPerform(scansToPerform []SubScanType) *AuditBasicParams

func (*AuditBasicParams) SetServerDetails

func (abp *AuditBasicParams) SetServerDetails(serverDetails *config.ServerDetails) *AuditBasicParams

func (*AuditBasicParams) SetTechnologies

func (abp *AuditBasicParams) SetTechnologies(technologies []string) *AuditBasicParams

func (*AuditBasicParams) SetUseJas added in v1.4.0

func (abp *AuditBasicParams) SetUseJas(useJas bool) *AuditBasicParams

func (*AuditBasicParams) SetUseWrapper

func (abp *AuditBasicParams) SetUseWrapper(useWrapper bool) *AuditBasicParams

func (*AuditBasicParams) Technologies

func (abp *AuditBasicParams) Technologies() []string

func (*AuditBasicParams) UseJas added in v1.4.0

func (abp *AuditBasicParams) UseJas() bool

func (*AuditBasicParams) UseWrapper

func (abp *AuditBasicParams) UseWrapper() bool

type AuditNpmParams

type AuditNpmParams struct {
	AuditParams
	// contains filtered or unexported fields
}

func (AuditNpmParams) NpmIgnoreNodeModules

func (anp AuditNpmParams) NpmIgnoreNodeModules() bool

func (AuditNpmParams) NpmOverwritePackageLock

func (anp AuditNpmParams) NpmOverwritePackageLock() bool

func (AuditNpmParams) SetNpmIgnoreNodeModules

func (anp AuditNpmParams) SetNpmIgnoreNodeModules(ignoreNpmNodeModules bool) AuditNpmParams

func (AuditNpmParams) SetNpmOverwritePackageLock

func (anp AuditNpmParams) SetNpmOverwritePackageLock(overwritePackageLock bool) AuditNpmParams

type AuditParams

type AuditParams interface {
	DirectDependencies() *[]string
	AppendDependenciesForApplicabilityScan(directDependencies []string) *AuditBasicParams
	ServerDetails() (*config.ServerDetails, error)
	SetServerDetails(serverDetails *config.ServerDetails) *AuditBasicParams
	PipRequirementsFile() string
	SetPipRequirementsFile(requirementsFile string) *AuditBasicParams
	ExcludeTestDependencies() bool
	SetExcludeTestDependencies(excludeTestDependencies bool) *AuditBasicParams
	UseWrapper() bool
	SetUseWrapper(useWrapper bool) *AuditBasicParams
	InsecureTls() bool
	SetInsecureTls(insecureTls bool) *AuditBasicParams
	Technologies() []string
	SetTechnologies(technologies []string) *AuditBasicParams
	Progress() ioUtils.ProgressMgr
	SetProgress(progress ioUtils.ProgressMgr)
	Args() []string
	InstallCommandName() string
	InstallCommandArgs() []string
	SetNpmScope(depType string) *AuditBasicParams
	OutputFormat() format.OutputFormat
	DepsRepo() string
	SetDepsRepo(depsRepo string) *AuditBasicParams
	IgnoreConfigFile() bool
	SetIgnoreConfigFile(ignoreConfigFile bool) *AuditBasicParams
	IsMavenDepTreeInstalled() bool
	SetIsMavenDepTreeInstalled(isMavenDepTreeInstalled bool) *AuditBasicParams
	IsCurationCmd() bool
	SetIsCurationCmd(bool) *AuditBasicParams
	SetExclusions(exclusions []string) *AuditBasicParams
	Exclusions() []string
	SetIsRecursiveScan(isRecursiveScan bool) *AuditBasicParams
	IsRecursiveScan() bool
}

type DepTreeNode added in v1.2.0

type DepTreeNode struct {
	Classifier *string   `json:"classifier"`
	Types      *[]string `json:"types"`
	Children   []string  `json:"children"`
}

type ExtendedScanResults

type ExtendedScanResults struct {
	ApplicabilityScanResults []*sarif.Run
	SecretsScanResults       []*sarif.Run
	IacScanResults           []*sarif.Run
	SastScanResults          []*sarif.Run
	EntitledForJas           bool
}

func (*ExtendedScanResults) GetResultsForTarget added in v1.2.0

func (e *ExtendedScanResults) GetResultsForTarget(target string) (result *ExtendedScanResults)

func (*ExtendedScanResults) IsIssuesFound

func (e *ExtendedScanResults) IsIssuesFound() bool

type IssueDetails added in v1.3.0

type IssueDetails struct {
	FirstLevelValue  string
	SecondLevelValue string
}

type JasScanType

type JasScanType string
const (
	Applicability JasScanType = "Applicability"
	Secrets       JasScanType = "Secrets"
	IaC           JasScanType = "IaC"
	Sast          JasScanType = "Sast"
)

func (JasScanType) FormattedError

func (jst JasScanType) FormattedError(err error) error

func (JasScanType) String

func (jst JasScanType) String() string

type Results

type Results struct {
	ScaResults  []*ScaScanResult
	XrayVersion string
	ScansErr    error

	ExtendedScanResults *ExtendedScanResults

	MultiScanId string
}

func NewAuditResults

func NewAuditResults() *Results

func (*Results) CountScanResultsFindings added in v1.1.0

func (r *Results) CountScanResultsFindings() (total int)

Counts the total number of unique findings in the provided results. A unique SCA finding is identified by a unique pair of vulnerability's/violation's issueId and component id or by a result returned from one of JAS scans.

func (*Results) GetScaScannedTechnologies

func (r *Results) GetScaScannedTechnologies() []techutils.Technology

func (*Results) GetScaScansXrayResults

func (r *Results) GetScaScansXrayResults() (results []services.ScanResponse)

func (*Results) GetSummary added in v1.2.0

func (r *Results) GetSummary() (summary formats.SummaryResults)

func (*Results) IsIssuesFound

func (r *Results) IsIssuesFound() bool

func (*Results) IsMultipleProject

func (r *Results) IsMultipleProject() bool

func (*Results) IsScaIssuesFound

func (r *Results) IsScaIssuesFound() bool

type ResultsWriter

type ResultsWriter struct {
	// contains filtered or unexported fields
}

func NewResultsWriter

func NewResultsWriter(scanResults *Results) *ResultsWriter

func (*ResultsWriter) PrintScanResults

func (rw *ResultsWriter) PrintScanResults() error

PrintScanResults prints the scan results in the specified format. Note that errors are printed only with SimpleJson format.

func (*ResultsWriter) SetExtraMessages

func (rw *ResultsWriter) SetExtraMessages(messages []string) *ResultsWriter

func (*ResultsWriter) SetIncludeLicenses

func (rw *ResultsWriter) SetIncludeLicenses(licenses bool) *ResultsWriter

func (*ResultsWriter) SetIncludeVulnerabilities

func (rw *ResultsWriter) SetIncludeVulnerabilities(includeVulnerabilities bool) *ResultsWriter

func (*ResultsWriter) SetIsMultipleRootProject

func (rw *ResultsWriter) SetIsMultipleRootProject(isMultipleRootProject bool) *ResultsWriter

func (*ResultsWriter) SetOutputFormat

func (rw *ResultsWriter) SetOutputFormat(f format.OutputFormat) *ResultsWriter

func (*ResultsWriter) SetPrintExtendedTable

func (rw *ResultsWriter) SetPrintExtendedTable(extendedTable bool) *ResultsWriter

func (*ResultsWriter) SetScanType

func (rw *ResultsWriter) SetScanType(scanType services.ScanType) *ResultsWriter

func (*ResultsWriter) SetSimpleJsonError

func (rw *ResultsWriter) SetSimpleJsonError(jsonErrors []formats.SimpleJsonError) *ResultsWriter

func (*ResultsWriter) SetSubScansPreformed added in v1.4.0

func (rw *ResultsWriter) SetSubScansPreformed(subScansPreformed []SubScanType) *ResultsWriter

type SarifLevel

type SarifLevel string

type ScaScanResult

type ScaScanResult struct {
	// Could be working directory (audit), file path (binary scan) or build name+number (build scan)
	Target                string                  `json:"Target"`
	Technology            techutils.Technology    `json:"Technology,omitempty"`
	XrayResults           []services.ScanResponse `json:"XrayResults,omitempty"`
	Descriptors           []string                `json:"Descriptors,omitempty"`
	IsMultipleRootProject *bool                   `json:"IsMultipleRootProject,omitempty"`
}

func (ScaScanResult) HasInformation

func (s ScaScanResult) HasInformation() bool

type ScanCommandSummaryResult added in v1.2.0

type ScanCommandSummaryResult struct {
	Section          SecuritySummarySection `json:"section"`
	WorkingDirectory string                 `json:"workingDirectory"`
	Results          formats.SummaryResults `json:"results"`
}

type SecurityCommandsSummary added in v1.2.0

type SecurityCommandsSummary struct {
	BuildScanCommands []formats.SummaryResults `json:"buildScanCommands"`
	ScanCommands      []formats.SummaryResults `json:"scanCommands"`
	AuditCommands     []formats.SummaryResults `json:"auditCommands"`
}

func (*SecurityCommandsSummary) GenerateMarkdownFromFiles added in v1.2.0

func (scs *SecurityCommandsSummary) GenerateMarkdownFromFiles(dataFilePaths []string) (markdown string, err error)

func (*SecurityCommandsSummary) GetOrderedSectionsWithContent added in v1.2.0

func (scs *SecurityCommandsSummary) GetOrderedSectionsWithContent() (sections []SecuritySummarySection)

type SecurityParallelRunner added in v1.4.0

type SecurityParallelRunner struct {
	Runner        parallel.Runner
	ErrorsQueue   chan error
	ResultsMu     sync.Mutex
	ScaScansWg    sync.WaitGroup // Verify that the sca scan routines are done before running contextual scan
	JasScannersWg sync.WaitGroup // Verify that all scanners routines are done before cleaning temp dir
	JasWg         sync.WaitGroup // Verify that downloading analyzer manager and running all scanners are done
	ErrWg         sync.WaitGroup // Verify that all errors are handled before finishing the audit func
}

func CreateSecurityParallelRunner added in v1.4.0

func CreateSecurityParallelRunner(numOfParallelScans int) *SecurityParallelRunner

func NewSecurityParallelRunner added in v1.4.0

func NewSecurityParallelRunner(numOfParallelScans int) SecurityParallelRunner

func (*SecurityParallelRunner) AddErrorToChan added in v1.4.0

func (spr *SecurityParallelRunner) AddErrorToChan(err error)

type SecuritySummarySection added in v1.2.0

type SecuritySummarySection string
const (
	Build   SecuritySummarySection = "Builds"
	Binary  SecuritySummarySection = "Artifacts"
	Modules SecuritySummarySection = "Modules"
)

type SubScanType added in v1.4.0

type SubScanType string
const (
	ContextualAnalysisScan SubScanType = "contextual_analysis"
	ScaScan                SubScanType = "sca"
	IacScan                SubScanType = "iac"
	SastScan               SubScanType = "sast"
	SecretsScan            SubScanType = "secrets"
)

func GetAllSupportedScans added in v1.4.0

func GetAllSupportedScans() []SubScanType

func (SubScanType) String added in v1.4.0

func (s SubScanType) String() string

type TableSeverity

type TableSeverity struct {
	formats.SeverityDetails
	// contains filtered or unexported fields
}

func GetSeverity

func GetSeverity(severityTitle string, applicable ApplicabilityStatus) *TableSeverity

func (*TableSeverity) Emoji

func (s *TableSeverity) Emoji() string

func (*TableSeverity) NumValue

func (s *TableSeverity) NumValue() int

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL