types

package
v0.0.0-...-51f1176 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 16, 2023 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

View Source
const (
	ArtifactJSONSchemaVersion = 1
	BlobJSONSchemaVersion     = 2
)
View Source
const (
	// Programming language dependencies
	Bundler    = "bundler"
	GemSpec    = "gemspec"
	Cargo      = "cargo"
	Composer   = "composer"
	Npm        = "npm"
	NuGet      = "nuget"
	Pip        = "pip"
	Pipenv     = "pipenv"
	Poetry     = "poetry"
	PythonPkg  = "python-pkg"
	NodePkg    = "node-pkg"
	Yarn       = "yarn"
	Jar        = "jar"
	Pom        = "pom"
	GoBinary   = "gobinary"
	GoModule   = "gomod"
	JavaScript = "javascript"

	// Config files
	YAML           = "yaml"
	JSON           = "json"
	Dockerfile     = "dockerfile"
	Terraform      = "terraform"
	CloudFormation = "cloudformation"
	Kubernetes     = "kubernetes"
	Ansible        = "ansible"
	Helm           = "helm"

	// Licensing
	License = "license"

	// Language-specific file names
	NuGetPkgsLock   = "packages.lock.json"
	NuGetPkgsConfig = "packages.config"

	GoMod = "go.mod"
	GoSum = "go.sum"

	MavenPom = "pom.xml"

	NpmPkgLock = "package-lock.json"
	NpmPkg     = "package.json"
	YarnLock   = "yarn.lock"

	ComposerLock = "composer.lock"

	PipRequirements = "requirements.txt"
	PipfileLock     = "Pipfile.lock"
	PoetryLock      = "poetry.lock"

	GemfileLock = "Gemfile.lock"

	CargoLock = "Cargo.lock"
)
View Source
const (
	SystemFileFilteringPostHandler HandlerType = "system-file-filter"
	GoModMergePostHandler          HandlerType = "go-mod-merge"
	MisconfPostHandler             HandlerType = "misconf"
	LicensePostHandler             HandlerType = "license"

	// SystemFileFilterPostHandlerPriority should be higher than other handlers.
	// Otherwise, other handlers need to process unnecessary files.
	SystemFileFilteringPostHandlerPriority = 100

	GoModMergePostHandlerPriority = 50
	MisconfPostHandlerPriority    = 50
	LicensePostHandlerPriority    = 50
)

Variables

View Source
var (
	InvalidURLPattern = xerrors.New("invalid url pattern")
	ErrNoRpmCmd       = xerrors.New("no rpm command")
)

Functions

This section is empty.

Types

type Application

type Application struct {
	// e.g. bundler and pipenv
	Type string

	// Lock files have the file path here, while each package metadata do not have
	FilePath string `json:",omitempty"`

	// Libraries is a list of lang-specific packages
	Libraries []Package
}

type ArtifactDetail

type ArtifactDetail struct {
	OS                *OS                `json:",omitempty"`
	Repository        *Repository        `json:",omitempty"`
	Packages          []Package          `json:",omitempty"`
	Applications      []Application      `json:",omitempty"`
	Misconfigurations []Misconfiguration `json:",omitempty"`
	Secrets           []Secret           `json:",omitempty"`
	Licenses          []LicenseFile      `json:",omitempty"`

	// HistoryPackages are packages extracted from RUN instructions
	HistoryPackages []Package `json:",omitempty"`

	// CustomResources hold analysis results from custom analyzers.
	// It is for extensibility and not used in OSS.
	CustomResources []CustomResource `json:",omitempty"`
}

ArtifactDetail is generated by applying blobs

type ArtifactInfo

type ArtifactInfo struct {
	SchemaVersion int
	Architecture  string
	Created       time.Time
	DockerVersion string
	OS            string

	// HistoryPackages are packages extracted from RUN instructions
	HistoryPackages []Package `json:",omitempty"`
}

ArtifactInfo is stored in cache

type ArtifactReference

type ArtifactReference struct {
	Name          string // image name, tar file name, directory or repository name
	Type          ArtifactType
	ID            string
	BlobIDs       []string
	ImageMetadata ImageMetadata
}

ArtifactReference represents a reference of container image, local filesystem and repository

type ArtifactType

type ArtifactType string

ArtifactType represents a type of artifact

const (
	ArtifactContainerImage   ArtifactType = "container_image"
	ArtifactFilesystem       ArtifactType = "filesystem"
	ArtifactRemoteRepository ArtifactType = "repository"
)

type BlobInfo

type BlobInfo struct {
	SchemaVersion     int
	Digest            string             `json:",omitempty"`
	DiffID            string             `json:",omitempty"`
	OS                *OS                `json:",omitempty"`
	Repository        *Repository        `json:",omitempty"`
	PackageInfos      []PackageInfo      `json:",omitempty"`
	Applications      []Application      `json:",omitempty"`
	Misconfigurations []Misconfiguration `json:",omitempty"`
	Secrets           []Secret           `json:",omitempty"`
	Licenses          []LicenseFile      `json:",omitempty"`
	OpaqueDirs        []string           `json:",omitempty"`
	WhiteoutFiles     []string           `json:",omitempty"`

	// Red Hat distributions have build info per layer.
	// This information will be embedded into packages when applying layers.
	// ref. https://redhat-connect.gitbook.io/partner-guide-for-adopting-red-hat-oval-v2/determining-common-platform-enumeration-cpe
	BuildInfo *BuildInfo `json:",omitempty"`

	// CustomResources hold analysis results from custom analyzers.
	// It is for extensibility and not used in OSS.
	CustomResources []CustomResource `json:",omitempty"`
}

BlobInfo is stored in cache

type BuildInfo

type BuildInfo struct {
	ContentSets []string `json:",omitempty"`
	Nvr         string   `json:",omitempty"`
	Arch        string   `json:",omitempty"`
}

BuildInfo represents information under /root/buildinfo in RHEL

type CauseMetadata

type CauseMetadata struct {
	Resource  string `json:",omitempty"`
	Provider  string `json:",omitempty"`
	Service   string `json:",omitempty"`
	StartLine int    `json:",omitempty"`
	EndLine   int    `json:",omitempty"`
	Code      Code   `json:",omitempty"`
}

type Code

type Code struct {
	Lines []Line
}

type CustomResource

type CustomResource struct {
	Type     string
	FilePath string
	Layer    Layer
	Data     interface{}
}

CustomResource holds the analysis result from a custom analyzer. It is for extensibility and not used in OSS.

type DockerOption

type DockerOption struct {
	// Auth
	UserName string
	Password string

	// RegistryToken is a bearer token to be sent to a registry
	RegistryToken string

	// ECR
	AwsAccessKey    string
	AwsSecretKey    string
	AwsSessionToken string
	AwsRegion       string

	// GCP
	GcpCredPath string

	// SSL/TLS
	InsecureSkipTLSVerify bool
	NonSSL                bool
}

type File

type File struct {
	Type    string
	Path    string
	Content []byte
}

type HandlerType

type HandlerType string

type Image

type Image interface {
	v1.Image
	ImageExtension
}

type ImageExtension

type ImageExtension interface {
	Name() string
	ID() (string, error)
	LayerIDs() ([]string, error)
	RepoTags() []string
	RepoDigests() []string
}

type ImageMetadata

type ImageMetadata struct {
	ID          string   // image ID
	DiffIDs     []string // uncompressed layer IDs
	RepoTags    []string
	RepoDigests []string
	ConfigFile  v1.ConfigFile
}

type Layer

type Layer struct {
	Digest string `json:",omitempty"`
	DiffID string `json:",omitempty"`
}

type LicenseFile

type LicenseFile struct {
	FilePath   string
	Findings   []LicenseFinding
	Layer      Layer  `json:",omitempty"`
	Package    string `json:"package,omitempty"`
	PackageDir string `json:"package_dir,omitempty"`
}

type LicenseFinding

type LicenseFinding struct {
	License                          string  `json:"license"`
	MatchType                        string  `json:"match_type"`
	Confidence                       float64 `json:"match_confidence"`
	StartLine                        int     `json:"start_line"`
	EndLine                          int     `json:"end_line"`
	GoogleLicenseClassificationIndex int     `json:"classification_index"`
	GoogleLicenseClassification      string  `json:"google_license_classification"`
	LicenseLink                      string  `json:"license_link,omitempty"`
}

type Line

type Line struct {
	Number      int    `json:"Number"`
	Content     string `json:"Content"`
	IsCause     bool   `json:"IsCause"`
	Annotation  string `json:"Annotation"`
	Truncated   bool   `json:"Truncated"`
	Highlighted string `json:"Highlighted,omitempty"`
	FirstCause  bool   `json:"FirstCause"`
	LastCause   bool   `json:"LastCause"`
}

type MisconfResult

type MisconfResult struct {
	Namespace      string `json:",omitempty"`
	Query          string `json:",omitempty"`
	Message        string `json:",omitempty"`
	PolicyMetadata `json:",omitempty"`
	CauseMetadata  `json:",omitempty"`

	// For debugging
	Traces []string `json:",omitempty"`
}

type MisconfResults

type MisconfResults []MisconfResult

func (MisconfResults) Len

func (r MisconfResults) Len() int

func (MisconfResults) Less

func (r MisconfResults) Less(i, j int) bool

func (MisconfResults) Swap

func (r MisconfResults) Swap(i, j int)

type Misconfiguration

type Misconfiguration struct {
	FileType   string         `json:",omitempty"`
	FilePath   string         `json:",omitempty"`
	Successes  MisconfResults `json:",omitempty"`
	Warnings   MisconfResults `json:",omitempty"`
	Failures   MisconfResults `json:",omitempty"`
	Exceptions MisconfResults `json:",omitempty"`
	Layer      Layer          `json:",omitempty"`
}

func ToMisconfigurations

func ToMisconfigurations(misconfs map[string]Misconfiguration) []Misconfiguration

type OS

type OS struct {
	Family string
	Name   string
	Eosl   bool `json:"EOSL,omitempty"`
}

type Package

type Package struct {
	ID         string `json:",omitempty"`
	Name       string `json:",omitempty"`
	Version    string `json:",omitempty"`
	Release    string `json:",omitempty"`
	Epoch      int    `json:",omitempty"`
	Arch       string `json:",omitempty"`
	SrcName    string `json:",omitempty"`
	SrcVersion string `json:",omitempty"`
	SrcRelease string `json:",omitempty"`
	SrcEpoch   int    `json:",omitempty"`

	Modularitylabel string     `json:",omitempty"` // only for Red Hat based distributions
	BuildInfo       *BuildInfo `json:",omitempty"` // only for Red Hat

	Ref       string   `json:",omitempty"` // identifier which can be used to reference the component elsewhere
	Indirect  bool     `json:",omitempty"` // this package is direct dependency of the project or not
	DependsOn []string `json:",omitempty"` // dependencies of this package

	License string `json:",omitempty"`
	Layer   Layer  `json:",omitempty"`

	// Each package metadata have the file path, while the package from lock files does not have.
	FilePath string `json:",omitempty"`
}

func (*Package) Empty

func (pkg *Package) Empty() bool

type PackageInfo

type PackageInfo struct {
	FilePath string
	Packages []Package
}

type PolicyInputOption

type PolicyInputOption struct {
	Combine   bool                  `mapstructure:"combine"`
	Selectors []PolicyInputSelector `mapstructure:"selector"`
}

type PolicyInputSelector

type PolicyInputSelector struct {
	Type string `mapstructure:"type"`
}

type PolicyMetadata

type PolicyMetadata struct {
	ID                 string   `json:",omitempty"`
	Type               string   `json:",omitempty"`
	Title              string   `json:",omitempty"`
	Description        string   `json:",omitempty"`
	Severity           string   `json:",omitempty"`
	RecommendedActions string   `json:",omitempty" mapstructure:"recommended_actions"`
	References         []string `json:",omitempty"`
}

type Repository

type Repository struct {
	Family  string `json:",omitempty"`
	Release string `json:",omitempty"`
}

type Secret

type Secret struct {
	FilePath string
	Findings []SecretFinding
	Layer    Layer `json:",omitempty"`
}

type SecretFinding

type SecretFinding struct {
	RuleID    string
	Category  SecretRuleCategory
	Severity  string
	Title     string
	StartLine int
	EndLine   int
	Match     string
}

type SecretRuleCategory

type SecretRuleCategory string

type SrcPackage

type SrcPackage struct {
	Name        string   `json:"name"`
	Version     string   `json:"version"`
	BinaryNames []string `json:"binaryNames"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL