rego

package

v0.0.3 Latest Latest Go to latest Published: Dec 8, 2023 License: MIT Imports: 29 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/khulnasoft/defsec

Documentation ¶

Index ¶

func BuildSchemaSetFromPolicies(policies map[string]*ast.Module, paths []string, fsys fs.FS) (*ast.SchemaSet, bool, error)
func GetInputsContents(inputs []Input) []any
func IsDotFile(name string) bool
func IsJSONFile(name string) bool
func IsRegoFile(name string) bool
func LoadEmbeddedLibraries() (map[string]*ast.Module, error)
func LoadEmbeddedPolicies() (map[string]*ast.Module, error)
func LoadPoliciesFromDirs(target fs.FS, paths ...string) (map[string]*ast.Module, error)
func NewEngineMetadata(schema string, meta map[string]interface{}) (*scan.EngineMetadata, error)
func RegisterRegoRules(modules map[string]*ast.Module)
type DynamicMetadata
type Input
type InputOptions
type MetadataRetriever
- func NewMetadataRetriever(compiler *ast.Compiler) *MetadataRetriever
- func (m *MetadataRetriever) RetrieveMetadata(ctx context.Context, module *ast.Module, contents ...any) (*StaticMetadata, error)
type Scanner
- func NewScanner(source types.Source, options ...options.ScannerOption) *Scanner
- func (s *Scanner) LoadPolicies(enableEmbeddedLibraries, enableEmbeddedPolicies bool, srcFS fs.FS, ...) error
- func (s *Scanner) ScanInput(ctx context.Context, inputs ...Input) (scan.Results, error)
- func (s *Scanner) SetDataDirs(dirs ...string)
- func (s *Scanner) SetDataFilesystem(fs fs.FS)
- func (s *Scanner) SetDebugWriter(writer io.Writer)
- func (s *Scanner) SetFrameworks(frameworks []framework.Framework)
- func (s *Scanner) SetParentDebugLogger(l debug.Logger)
- func (s *Scanner) SetPerResultTracingEnabled(b bool)
- func (s *Scanner) SetPolicyDirs(_ ...string)
- func (s *Scanner) SetPolicyFilesystem(fs fs.FS)
- func (s *Scanner) SetPolicyNamespaces(namespaces ...string)
- func (s *Scanner) SetPolicyReaders(_ []io.Reader)
- func (s *Scanner) SetRegoErrorLimit(limit int)
- func (s *Scanner) SetRegoOnly(bool)
- func (s *Scanner) SetSkipRequiredCheck(_ bool)
- func (s *Scanner) SetSpec(spec string)
- func (s *Scanner) SetTraceWriter(writer io.Writer)
- func (s *Scanner) SetUseEmbeddedLibraries(b bool)
- func (s *Scanner) SetUseEmbeddedPolicies(b bool)
type Selector
type StaticMetadata
- func NewStaticMetadata(pkgPath string, inputOpt InputOptions) *StaticMetadata
- func (sm *StaticMetadata) FromAnnotations(annotations *ast.Annotations) error
- func (m StaticMetadata) ToRule() scan.Rule
- func (sm *StaticMetadata) Update(meta map[string]any) error
type SubType

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func BuildSchemaSetFromPolicies ¶

func BuildSchemaSetFromPolicies(policies map[string]*ast.Module, paths []string, fsys fs.FS) (*ast.SchemaSet, bool, error)

func GetInputsContents ¶ added in v0.0.3

func GetInputsContents(inputs []Input) []any

func IsDotFile ¶ added in v0.0.3

func IsDotFile(name string) bool

func IsJSONFile ¶ added in v0.0.3

func IsJSONFile(name string) bool

func IsRegoFile ¶ added in v0.0.3

func IsRegoFile(name string) bool

func LoadEmbeddedLibraries ¶ added in v0.0.3

func LoadEmbeddedLibraries() (map[string]*ast.Module, error)

func LoadEmbeddedPolicies ¶ added in v0.0.3

func LoadEmbeddedPolicies() (map[string]*ast.Module, error)

func LoadPoliciesFromDirs ¶ added in v0.0.3

func LoadPoliciesFromDirs(target fs.FS, paths ...string) (map[string]*ast.Module, error)

func NewEngineMetadata ¶ added in v0.0.3

func NewEngineMetadata(schema string, meta map[string]interface{}) (*scan.EngineMetadata, error)

func RegisterRegoRules ¶

func RegisterRegoRules(modules map[string]*ast.Module)

Types ¶

type DynamicMetadata ¶

type DynamicMetadata struct {
	Warning   bool
	Filepath  string
	Message   string
	StartLine int
	EndLine   int
}

type Input ¶

type Input struct {
	Path     string      `json:"path"`
	FS       fs.FS       `json:"-"`
	Contents interface{} `json:"contents"`
}

type InputOptions ¶

type InputOptions struct {
	Combined  bool
	Selectors []Selector
}

type MetadataRetriever ¶

type MetadataRetriever struct {
	// contains filtered or unexported fields
}

func NewMetadataRetriever ¶

func NewMetadataRetriever(compiler *ast.Compiler) *MetadataRetriever

func (*MetadataRetriever) RetrieveMetadata ¶

func (m *MetadataRetriever) RetrieveMetadata(ctx context.Context, module *ast.Module, contents ...any) (*StaticMetadata, error)

type Scanner ¶

type Scanner struct {
	// contains filtered or unexported fields
}

func NewScanner ¶

func NewScanner(source types.Source, options ...options.ScannerOption) *Scanner

func (*Scanner) LoadPolicies ¶

func (s *Scanner) LoadPolicies(enableEmbeddedLibraries, enableEmbeddedPolicies bool, srcFS fs.FS, paths []string, readers []io.Reader) error

func (*Scanner) ScanInput ¶

func (s *Scanner) ScanInput(ctx context.Context, inputs ...Input) (scan.Results, error)

func (*Scanner) SetDataDirs ¶

func (s *Scanner) SetDataDirs(dirs ...string)

func (*Scanner) SetDataFilesystem ¶

func (s *Scanner) SetDataFilesystem(fs fs.FS)

func (*Scanner) SetDebugWriter ¶

func (s *Scanner) SetDebugWriter(writer io.Writer)

func (*Scanner) SetFrameworks ¶

func (s *Scanner) SetFrameworks(frameworks []framework.Framework)

func (*Scanner) SetParentDebugLogger ¶

func (s *Scanner) SetParentDebugLogger(l debug.Logger)

func (*Scanner) SetPerResultTracingEnabled ¶

func (s *Scanner) SetPerResultTracingEnabled(b bool)

func (*Scanner) SetPolicyDirs ¶

func (s *Scanner) SetPolicyDirs(_ ...string)

func (*Scanner) SetPolicyFilesystem ¶

func (s *Scanner) SetPolicyFilesystem(fs fs.FS)

func (*Scanner) SetPolicyNamespaces ¶

func (s *Scanner) SetPolicyNamespaces(namespaces ...string)

func (*Scanner) SetPolicyReaders ¶

func (s *Scanner) SetPolicyReaders(_ []io.Reader)

func (*Scanner) SetRegoErrorLimit ¶

func (s *Scanner) SetRegoErrorLimit(limit int)

func (*Scanner) SetRegoOnly ¶

func (s *Scanner) SetRegoOnly(bool)

func (*Scanner) SetSkipRequiredCheck ¶

func (s *Scanner) SetSkipRequiredCheck(_ bool)

func (*Scanner) SetSpec ¶

func (s *Scanner) SetSpec(spec string)

func (*Scanner) SetTraceWriter ¶

func (s *Scanner) SetTraceWriter(writer io.Writer)

func (*Scanner) SetUseEmbeddedLibraries ¶

func (s *Scanner) SetUseEmbeddedLibraries(b bool)

func (*Scanner) SetUseEmbeddedPolicies ¶

func (s *Scanner) SetUseEmbeddedPolicies(b bool)

type Selector ¶

type Selector struct {
	Type     string
	Subtypes []SubType
}

type StaticMetadata ¶

type StaticMetadata struct {
	ID                 string
	AVDID              string
	Title              string
	ShortCode          string
	Description        string
	Severity           string
	RecommendedActions string
	PrimaryURL         string
	References         []string
	InputOptions       InputOptions
	Package            string
	Frameworks         map[framework.Framework][]string
	Provider           string
	Service            string
	Library            bool
	CloudFormation     *scan.EngineMetadata
	Terraform          *scan.EngineMetadata
}

func NewStaticMetadata ¶ added in v0.0.3

func NewStaticMetadata(pkgPath string, inputOpt InputOptions) *StaticMetadata

func (*StaticMetadata) FromAnnotations ¶ added in v0.0.3

func (sm *StaticMetadata) FromAnnotations(annotations *ast.Annotations) error

func (StaticMetadata) ToRule ¶

func (m StaticMetadata) ToRule() scan.Rule

func (*StaticMetadata) Update ¶ added in v0.0.3

func (sm *StaticMetadata) Update(meta map[string]any) error

type SubType ¶

type SubType struct {
	Group     string
	Version   string
	Kind      string
	Namespace string
	Service   string // only for cloud
	Provider  string // only for cloud
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
convert
schemas

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL