check

package
v0.7.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 1, 2024 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// PASS check passed.
	PASS State = "PASS"
	// FAIL check failed.
	FAIL State = "FAIL"
	// WARN could not carry out check.
	WARN State = "WARN"
	// INFO informational message
	INFO State = "INFO"

	// SKIP for when a check should be skipped.
	SKIP = "skip"

	// MASTER a master node
	MASTER NodeType = "master"
	// NODE a node
	NODE NodeType = "node"
	// FEDERATED a federated deployment.
	FEDERATED NodeType = "federated"

	// ETCD an etcd node
	ETCD NodeType = "etcd"
	// CONTROLPLANE a control plane node
	CONTROLPLANE NodeType = "controlplane"
	// POLICIES a node to run policies from
	POLICIES NodeType = "policies"
	// MANAGEDSERVICES a node to run managedservices from
	MANAGEDSERVICES = "managedservices"

	// MANUAL Check Type
	MANUAL string = "manual"
)
View Source
const (
	// UNKNOWN is when the AWS account can't be found
	UNKNOWN = "Unknown"
	// ARN for the AWS Security Hub service
	ARN = "arn:aws:securityhub:%s::product/khulnasoft-security/kube-bench"
	// SCHEMA for the AWS Security Hub service
	SCHEMA = "2018-10-08"
	// TYPE is type of Security Hub finding
	TYPE = "Software and Configuration Checks/Industry and Regulatory Standards/CIS Kubernetes Benchmark"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AuditUsed

type AuditUsed string
const (
	AuditCommand AuditUsed = "auditCommand"
	AuditConfig  AuditUsed = "auditConfig"
	AuditEnv     AuditUsed = "auditEnv"
)

type Check

type Check struct {
	ID                string   `yaml:"id" json:"test_number"`
	Text              string   `json:"test_desc"`
	Audit             string   `json:"audit"`
	AuditEnv          string   `yaml:"audit_env"`
	AuditConfig       string   `yaml:"audit_config"`
	Type              string   `json:"type"`
	Tests             *tests   `json:"-"`
	Set               bool     `json:"-"`
	Remediation       string   `json:"remediation"`
	TestInfo          []string `json:"test_info"`
	State             `json:"status"`
	ActualValue       string `json:"actual_value"`
	Scored            bool   `json:"scored"`
	IsMultiple        bool   `yaml:"use_multiple_values"`
	ExpectedResult    string `json:"expected_result"`
	Reason            string `json:"reason,omitempty"`
	AuditOutput       string `json:"-"`
	AuditEnvOutput    string `json:"-"`
	AuditConfigOutput string `json:"-"`
	DisableEnvTesting bool   `json:"-"`
}

Check contains information about a recommendation in the CIS Kubernetes document.

type Controls

type Controls struct {
	ID              string   `yaml:"id" json:"id"`
	Version         string   `json:"version"`
	DetectedVersion string   `json:"detected_version,omitempty"`
	Text            string   `json:"text"`
	Type            NodeType `json:"node_type"`
	Groups          []*Group `json:"tests"`
	Summary
}

Controls holds all controls to check for master nodes.

func NewControls

func NewControls(t NodeType, in []byte, detectedVersion string) (*Controls, error)

NewControls instantiates a new master Controls object.

func (*Controls) ASFF

func (controls *Controls) ASFF() ([]types.AwsSecurityFinding, error)

ASFF encodes the results of last run to AWS Security Finding Format(ASFF).

func (*Controls) JSON

func (controls *Controls) JSON() ([]byte, error)

JSON encodes the results of last run to JSON.

func (*Controls) JUnit

func (controls *Controls) JUnit() ([]byte, error)

JUnit encodes the results of last run to JUnit.

func (*Controls) RunChecks

func (controls *Controls) RunChecks(runner Runner, filter Predicate, skipIDMap map[string]bool) Summary

RunChecks runs the checks with the given Runner. Only checks for which the filter Predicate returns `true` will run.

type Group

type Group struct {
	ID     string   `yaml:"id" json:"section"`
	Type   string   `yaml:"type" json:"type"`
	Pass   int      `json:"pass"`
	Fail   int      `json:"fail"`
	Warn   int      `json:"warn"`
	Info   int      `json:"info"`
	Text   string   `json:"desc"`
	Checks []*Check `json:"results"`
}

Group is a collection of similar checks.

type NodeType

type NodeType string

NodeType indicates the type of node (master, node).

type OverallControls

type OverallControls struct {
	Controls []*Controls
	Totals   Summary
}

type Predicate

type Predicate func(group *Group, check *Check) bool

Predicate a predicate on the given Group and Check arguments.

type Runner

type Runner interface {
	// Run runs a given check and returns the execution state.
	Run(c *Check) State
}

Runner wraps the basic Run method.

func NewRunner

func NewRunner() Runner

NewRunner constructs a default Runner.

type State

type State string

State is the state of a control check.

type Summary

type Summary struct {
	Pass int `json:"total_pass"`
	Fail int `json:"total_fail"`
	Warn int `json:"total_warn"`
	Info int `json:"total_info"`
}

Summary is a summary of the results of control checks run.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL