types

package
v0.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 4, 2024 License: Apache-2.0 Imports: 10 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	ArtifactJSONSchemaVersion = 1
	BlobJSONSchemaVersion     = 2
)
View Source 
const (
	NuGetPkgsLock   = "packages.lock.json"
	NuGetPkgsConfig = "packages.config"

	GoMod = "go.mod"
	GoSum = "go.sum"

	MavenPom = "pom.xml"
	SbtLock  = "build.sbt.lock"

	NpmPkg     = "package.json"
	NpmPkgLock = "package-lock.json"
	YarnLock   = "yarn.lock"
	PnpmLock   = "pnpm-lock.yaml"

	ComposerLock          = "composer.lock"
	ComposerJson          = "composer.json"
	ComposerInstalledJson = "installed.json"

	PyProject       = "pyproject.toml"
	PipRequirements = "requirements.txt"
	PipfileLock     = "Pipfile.lock"
	PoetryLock      = "poetry.lock"

	GemfileLock = "Gemfile.lock"

	CargoLock = "Cargo.lock"
	CargoToml = "Cargo.toml"

	ConanLock = "conan.lock"

	CocoaPodsLock = "Podfile.lock"
	SwiftResolved = "Package.resolved"

	PubSpecLock = "pubspec.lock"

	MixLock = "mix.lock"

	CondaEnvYaml = "environment.yaml"
	CondaEnvYml  = "environment.yml"

	JuliaProject  = "Project.toml"
	JuliaManifest = "Manifest.toml"
)

Language-specific file names

View Source 
const (
	SystemFileFilteringPostHandler HandlerType = "system-file-filter"
	UnpackagedPostHandler          HandlerType = "unpackaged"

	// SystemFileFilteringPostHandlerPriority should be higher than other handlers.
	// Otherwise, other handlers need to process unnecessary files.
	SystemFileFilteringPostHandlerPriority = 100
	UnpackagedPostHandlerPriority          = 50
)

Variables

View Source 
var (
	InvalidURLPattern = xerrors.New("invalid url pattern")
	ErrNoRpmCmd       = xerrors.New("no rpm command")
)
View Source 
var AggregatingTypes = []LangType{
	PythonPkg,
	CondaPkg,
	GemSpec,
	NodePkg,
	Jar,
}
View Source 
var (
	AllImageSources = ImageSources{
		DockerImageSource,
		ContainerdImageSource,
		PodmanImageSource,
		RemoteImageSource,
	}
)
View Source 
var (
	Relationships = []Relationship{
		RelationshipUnknown,
		RelationshipRoot,
		RelationshipWorkspace,
		RelationshipDirect,
		RelationshipIndirect,
	}
)

Functions

This section is empty.

Types

type Application 

type Application struct {
	// e.g. bundler and pipenv
	Type LangType

	// Lock files have the file path here, while each package metadata do not have
	FilePath string `json:",omitempty"`

	// Packages is a list of lang-specific packages
	Packages Packages
}

type ArtifactDetail 

type ArtifactDetail struct {
	OS                OS                 `json:",omitempty"`
	Repository        *Repository        `json:",omitempty"`
	Packages          Packages           `json:",omitempty"`
	Applications      []Application      `json:",omitempty"`
	Misconfigurations []Misconfiguration `json:",omitempty"`
	Secrets           []Secret           `json:",omitempty"`
	Licenses          []LicenseFile      `json:",omitempty"`

	// ImageConfig has information from container image config
	ImageConfig ImageConfigDetail

	// CustomResources hold analysis results from custom analyzers.
	// It is for extensibility and not used in OSS.
	CustomResources []CustomResource `json:",omitempty"`
}

ArtifactDetail represents the analysis result.

func (*ArtifactDetail) ToBlobInfo 

func (a *ArtifactDetail) ToBlobInfo() BlobInfo

ToBlobInfo is used to store a merged layer in cache.

type ArtifactInfo 

type ArtifactInfo struct {
	SchemaVersion int
	Architecture  string
	Created       time.Time
	DockerVersion string
	OS            string

	// Misconfiguration holds misconfiguration in container image config
	Misconfiguration *Misconfiguration `json:",omitempty"`

	// Secret holds secrets in container image config such as environment variables
	Secret *Secret `json:",omitempty"`

	// HistoryPackages are packages extracted from RUN instructions
	HistoryPackages Packages `json:",omitempty"`
}

ArtifactInfo is stored in cache

type BlobInfo 

type BlobInfo struct {
	SchemaVersion int

	// Layer information
	Digest        string   `json:",omitempty"`
	DiffID        string   `json:",omitempty"`
	CreatedBy     string   `json:",omitempty"`
	OpaqueDirs    []string `json:",omitempty"`
	WhiteoutFiles []string `json:",omitempty"`

	// Analysis result
	OS                OS                 `json:",omitempty"`
	Repository        *Repository        `json:",omitempty"`
	PackageInfos      []PackageInfo      `json:",omitempty"`
	Applications      []Application      `json:",omitempty"`
	Misconfigurations []Misconfiguration `json:",omitempty"`
	Secrets           []Secret           `json:",omitempty"`
	Licenses          []LicenseFile      `json:",omitempty"`

	// Red Hat distributions have build info per layer.
	// This information will be embedded into packages when applying layers.
	// ref. https://redhat-connect.gitbook.io/partner-guide-for-adopting-red-hat-oval-v2/determining-common-platform-enumeration-cpe
	BuildInfo *BuildInfo `json:",omitempty"`

	// CustomResources hold analysis results from custom analyzers.
	// It is for extensibility and not used in OSS.
	CustomResources []CustomResource `json:",omitempty"`
}

BlobInfo is stored in cache

type BuildInfo 

type BuildInfo struct {
	ContentSets []string `json:",omitempty"`
	Nvr         string   `json:",omitempty"`
	Arch        string   `json:",omitempty"`
}

BuildInfo represents information under /root/buildinfo in RHEL

type CauseMetadata 

type CauseMetadata struct {
	Resource    string       `json:",omitempty"`
	Provider    string       `json:",omitempty"`
	Service     string       `json:",omitempty"`
	StartLine   int          `json:",omitempty"`
	EndLine     int          `json:",omitempty"`
	Code        Code         `json:",omitempty"`
	Occurrences []Occurrence `json:",omitempty"`
}

type Code 

type Code struct {
	Lines []Line
}

type ConfigType 

type ConfigType = TargetType

ConfigType is an alias of TargetType for configuration files 

const (
	JSON                  ConfigType = "json"
	YAML                  ConfigType = "yaml"
	Dockerfile            ConfigType = "dockerfile"
	Terraform             ConfigType = "terraform"
	TerraformPlanJSON     ConfigType = "terraformplan"
	TerraformPlanSnapshot ConfigType = "terraformplan-snapshot"
	CloudFormation        ConfigType = "cloudformation"
	Kubernetes            ConfigType = "kubernetes"
	Helm                  ConfigType = "helm"
	Cloud                 ConfigType = "cloud"
	AzureARM              ConfigType = "azure-arm"
)

Config files

type ContainerdOptions 

type ContainerdOptions struct {
}

type Credential 

type Credential struct {
	Username string
	Password string
}

type CustomResource 

type CustomResource struct {
	Type     string
	FilePath string
	Layer    Layer
	Data     any
}

CustomResource holds the analysis result from a custom analyzer. It is for extensibility and not used in OSS.

type Dependencies 

type Dependencies []Dependency

func (Dependencies) Len 

func (deps Dependencies) Len() int

func (Dependencies) Less 

func (deps Dependencies) Less(i, j int) bool

func (Dependencies) Swap 

func (deps Dependencies) Swap(i, j int)

type Dependency 

type Dependency struct {
	ID        string
	DependsOn []string
}

type DetectionPriority 

type DetectionPriority string

DetectionPriority represents the priority of detection 

const PriorityComprehensive DetectionPriority = "comprehensive"

PriorityComprehensive tries to minimize false negatives 

const PriorityPrecise DetectionPriority = "precise"

PriorityPrecise tries to minimize false positives

type DockerOptions 

type DockerOptions struct {
	Host string
}

type ExternalRef 

type ExternalRef struct {
	Type RefType
	URL  string
}

type File 

type File struct {
	Type    string
	Path    string
	Content []byte
}

type HandlerType 

type HandlerType string

type Image 

type Image interface {
	v1.Image
	ImageExtension
}

type ImageConfigDetail 

type ImageConfigDetail struct {
	// Packages are packages extracted from RUN instructions in history
	Packages []Package `json:",omitempty"`

	// Misconfiguration holds misconfigurations in container image config
	Misconfiguration *Misconfiguration `json:",omitempty"`

	// Secret holds secrets in container image config
	Secret *Secret `json:",omitempty"`
}

ImageConfigDetail has information from container image config

type ImageExtension 

type ImageExtension interface {
	Name() string
	ID() (string, error)
	RepoTags() []string
	RepoDigests() []string
}

type ImageOptions 

type ImageOptions struct {
	RegistryOptions   RegistryOptions
	DockerOptions     DockerOptions
	PodmanOptions     PodmanOptions
	ContainerdOptions ContainerdOptions
	ImageSources      ImageSources
}

type ImageSource 

type ImageSource string

ImageSource represents the source of an image. It can be a string that identifies the container registry or a type of container runtime. 

const (
	// DockerImageSource is the docker runtime
	DockerImageSource ImageSource = "docker"

	// ContainerdImageSource is the containerd runtime
	ContainerdImageSource ImageSource = "containerd"

	// PodmanImageSource is the podman runtime
	PodmanImageSource ImageSource = "podman"

	// RemoteImageSource represents a remote scan
	RemoteImageSource ImageSource = "remote"
)

type ImageSources 

type ImageSources []ImageSource

ImageSources is a slice of image sources

type LangType 

type LangType = TargetType

LangType is an alias of TargetType for programming languages 

const (
	Bundler        LangType = "bundler"
	GemSpec        LangType = "gemspec"
	Cargo          LangType = "cargo"
	Composer       LangType = "composer"
	ComposerVendor LangType = "composer-vendor"
	Npm            LangType = "npm"
	NuGet          LangType = "nuget"
	DotNetCore     LangType = "dotnet-core"
	PackagesProps  LangType = "packages-props"
	Pip            LangType = "pip"
	Pipenv         LangType = "pipenv"
	Poetry         LangType = "poetry"
	CondaPkg       LangType = "conda-pkg"
	CondaEnv       LangType = "conda-environment"
	PythonPkg      LangType = "python-pkg"
	NodePkg        LangType = "node-pkg"
	Yarn           LangType = "yarn"
	Pnpm           LangType = "pnpm"
	Jar            LangType = "jar"
	Pom            LangType = "pom"
	Gradle         LangType = "gradle"
	Sbt            LangType = "sbt"
	GoBinary       LangType = "gobinary"
	GoModule       LangType = "gomod"
	JavaScript     LangType = "javascript"
	RustBinary     LangType = "rustbinary"
	Conan          LangType = "conan"
	Cocoapods      LangType = "cocoapods"
	Swift          LangType = "swift"
	Pub            LangType = "pub"
	Hex            LangType = "hex"
	Bitnami        LangType = "bitnami"
	Julia          LangType = "julia"

	K8sUpstream LangType = "kubernetes"
	EKS         LangType = "eks" // Amazon Elastic Kubernetes Service
	GKE         LangType = "gke" // Google Kubernetes Engine
	AKS         LangType = "aks" // Azure Kubernetes Service
	RKE         LangType = "rke" // Rancher Kubernetes Engine
	OCP         LangType = "ocp" // Red Hat OpenShift Container Platform
)

Programming language dependencies

type Layer 

type Layer struct {
	Digest    string `json:",omitempty"`
	DiffID    string `json:",omitempty"`
	CreatedBy string `json:",omitempty"`
}

type LicenseCategory 

type LicenseCategory string
const (
	CategoryForbidden    LicenseCategory = "forbidden"
	CategoryRestricted   LicenseCategory = "restricted"
	CategoryReciprocal   LicenseCategory = "reciprocal"
	CategoryNotice       LicenseCategory = "notice"
	CategoryPermissive   LicenseCategory = "permissive"
	CategoryUnencumbered LicenseCategory = "unencumbered"
	CategoryUnknown      LicenseCategory = "unknown"
)

type LicenseFile 

type LicenseFile struct {
	Type     LicenseType
	FilePath string
	PkgName  string
	Findings LicenseFindings
	Layer    Layer `json:",omitempty"`
}

type LicenseFinding 

type LicenseFinding struct {
	Category   LicenseCategory // such as "forbidden"
	Name       string
	Confidence float64
	Link       string
}

type LicenseFindings 

type LicenseFindings []LicenseFinding

func (LicenseFindings) Len 

func (findings LicenseFindings) Len() int

func (LicenseFindings) Less 

func (findings LicenseFindings) Less(i, j int) bool

func (LicenseFindings) Names 

func (findings LicenseFindings) Names() []string

func (LicenseFindings) Swap 

func (findings LicenseFindings) Swap(i, j int)

type LicenseType 

type LicenseType string
const (
	LicenseTypeDpkg   LicenseType = "dpkg"         // From /usr/share/doc/*/copyright
	LicenseTypeHeader LicenseType = "header"       // From file headers
	LicenseTypeFile   LicenseType = "license-file" // From LICENSE, COPYRIGHT, etc.
)

type Line 

type Line struct {
	Number      int    `json:"Number"`
	Content     string `json:"Content"`
	IsCause     bool   `json:"IsCause"`
	Annotation  string `json:"Annotation"`
	Truncated   bool   `json:"Truncated"`
	Highlighted string `json:"Highlighted,omitempty"`
	FirstCause  bool   `json:"FirstCause"`
	LastCause   bool   `json:"LastCause"`
}

type Location 

type Location struct {
	StartLine int `json:",omitempty"`
	EndLine   int `json:",omitempty"`
}

type Locations 

type Locations []Location

func (Locations) Len 

func (locs Locations) Len() int

func (Locations) Less 

func (locs Locations) Less(i, j int) bool

func (Locations) Swap 

func (locs Locations) Swap(i, j int)

type MisconfResult 

type MisconfResult struct {
	Namespace      string `json:",omitempty"`
	Query          string `json:",omitempty"`
	Message        string `json:",omitempty"`
	PolicyMetadata `json:",omitempty"`
	CauseMetadata  `json:",omitempty"`

	// For debugging
	Traces []string `json:",omitempty"`
}

type MisconfResults 

type MisconfResults []MisconfResult

func (MisconfResults) Len 

func (r MisconfResults) Len() int

func (MisconfResults) Less 

func (r MisconfResults) Less(i, j int) bool

func (MisconfResults) Swap 

func (r MisconfResults) Swap(i, j int)

type Misconfiguration 

type Misconfiguration struct {
	FileType  ConfigType     `json:",omitempty"`
	FilePath  string         `json:",omitempty"`
	Successes MisconfResults `json:",omitempty"`
	Warnings  MisconfResults `json:",omitempty"`
	Failures  MisconfResults `json:",omitempty"`
	Layer     Layer          `json:",omitempty"`
}

func ToMisconfigurations 

func ToMisconfigurations(misconfs map[string]Misconfiguration) []Misconfiguration

type OS 

type OS struct {
	Family OSType
	Name   string
	Eosl   bool `json:"EOSL,omitempty"`

	// This field is used for enhanced security maintenance programs such as Ubuntu ESM, Debian Extended LTS.
	Extended bool `json:"extended,omitempty"`
}

func (*OS) Detected 

func (o *OS) Detected() bool

func (*OS) Merge 

func (o *OS) Merge(newOS OS)

Merge merges OS version and enhanced security maintenance programs

type OSType 

type OSType = TargetType

OSType is an alias of TargetType for operating systems 

const (
	Alma               OSType = "alma"
	Alpine             OSType = "alpine"
	Amazon             OSType = "amazon"
	Azure              OSType = "azurelinux"
	CBLMariner         OSType = "cbl-mariner"
	CentOS             OSType = "centos"
	Chainguard         OSType = "chainguard"
	Debian             OSType = "debian"
	Fedora             OSType = "fedora"
	OpenSUSE           OSType = "opensuse"
	OpenSUSELeap       OSType = "opensuse-leap"
	OpenSUSETumbleweed OSType = "opensuse-tumbleweed"
	Oracle             OSType = "oracle"
	Photon             OSType = "photon"
	RedHat             OSType = "redhat"
	Rocky              OSType = "rocky"
	SLEMicro           OSType = "slem"
	SLES               OSType = "sles"
	Ubuntu             OSType = "ubuntu"
	Wolfi              OSType = "wolfi"
)

Operating systems

type Occurrence 

type Occurrence struct {
	Resource string `json:",omitempty"`
	Filename string `json:",omitempty"`
	Location Location
}

type Package 

type Package struct {
	ID                 string        `json:",omitempty"`
	Name               string        `json:",omitempty"`
	Identifier         PkgIdentifier `json:",omitempty"`
	Version            string        `json:",omitempty"`
	Release            string        `json:",omitempty"`
	Epoch              int           `json:",omitempty"`
	Arch               string        `json:",omitempty"`
	Dev                bool          `json:",omitempty"`
	SrcName            string        `json:",omitempty"`
	SrcVersion         string        `json:",omitempty"`
	SrcRelease         string        `json:",omitempty"`
	SrcEpoch           int           `json:",omitempty"`
	Licenses           []string      `json:",omitempty"`
	Maintainer         string        `json:",omitempty"`
	ExternalReferences []ExternalRef `json:"-" hash:"ignore"`

	Modularitylabel string     `json:",omitempty"` // only for Red Hat based distributions
	BuildInfo       *BuildInfo `json:",omitempty"` // only for Red Hat

	Indirect     bool         `json:",omitempty"` // Deprecated: Use relationship. Kept for backward compatibility.
	Relationship Relationship `json:",omitempty"`

	// Dependencies of this package
	// Note: it may have interdependencies, which may lead to infinite loops.
	DependsOn []string `json:",omitempty"`

	Layer Layer `json:",omitempty"`

	// Each package metadata have the file path, while the package from lock files does not have.
	FilePath string `json:",omitempty"`

	// This is required when using SPDX formats. Otherwise, it will be empty.
	Digest digest.Digest `json:",omitempty"`

	// lines from the lock file where the dependency is written
	Locations Locations `json:",omitempty"`

	// Files installed by the package
	InstalledFiles []string `json:",omitempty"`
}

func (*Package) Empty 

func (pkg *Package) Empty() bool

type PackageInfo 

type PackageInfo struct {
	FilePath string
	Packages Packages
}

type Packages 

type Packages []Package

func (Packages) Len 

func (pkgs Packages) Len() int

func (Packages) Less 

func (pkgs Packages) Less(i, j int) bool

func (Packages) ParentDeps 

func (pkgs Packages) ParentDeps() map[string]Packages

ParentDeps returns a map where the keys are package IDs and the values are the packages that depend on the respective package ID (parent dependencies).

func (Packages) Swap 

func (pkgs Packages) Swap(i, j int)

type PkgIdentifier 

type PkgIdentifier struct {
	UID    string                 `json:",omitempty"` // Calculated by the package struct
	PURL   *packageurl.PackageURL `json:"-"`
	BOMRef string                 `json:",omitempty"` // For CycloneDX
}

PkgIdentifier represents a software identifiers in one of more of the supported formats.

func (*PkgIdentifier) Empty 

func (id *PkgIdentifier) Empty() bool

func (PkgIdentifier) MarshalJSON 

func (id PkgIdentifier) MarshalJSON() ([]byte, error)

MarshalJSON customizes the JSON encoding of PkgIdentifier.

func (*PkgIdentifier) Match 

func (id *PkgIdentifier) Match(s string) bool

func (*PkgIdentifier) UnmarshalJSON 

func (id *PkgIdentifier) UnmarshalJSON(data []byte) error

UnmarshalJSON customizes the JSON decoding of PkgIdentifier.

type Platform 

type Platform struct {
	*v1.Platform

	// Force returns an error if the specified platform is not found.
	// This option is for KhulnaSoft, and cannot be configured via Tunnel CLI.
	Force bool
}

type PodmanOptions 

type PodmanOptions struct {
	Host string
}

type PolicyInputOption 

type PolicyInputOption struct {
	Combine   bool                  `mapstructure:"combine"`
	Selectors []PolicyInputSelector `mapstructure:"selector"`
}

type PolicyInputSelector 

type PolicyInputSelector struct {
	Type string `mapstructure:"type"`
}

type PolicyMetadata 

type PolicyMetadata struct {
	ID                 string   `json:",omitempty"`
	AVDID              string   `json:",omitempty"`
	Type               string   `json:",omitempty"`
	Title              string   `json:",omitempty"`
	Description        string   `json:",omitempty"`
	Severity           string   `json:",omitempty"`
	RecommendedActions string   `json:",omitempty" mapstructure:"recommended_actions"`
	References         []string `json:",omitempty"`
}

type RefType 

type RefType string
const (
	RefVCS   RefType = "vcs"
	RefOther RefType = "other"
)

type RegistryOptions 

type RegistryOptions struct {
	// Auth for registries
	Credentials []Credential

	// RegistryToken is a bearer token to be sent to a registry
	RegistryToken string

	// SSL/TLS
	Insecure bool

	// For internal use. Needed for mTLS authentication.
	ClientCert []byte
	ClientKey  []byte

	// Architecture
	Platform Platform

	// ECR
	AWSAccessKey    string
	AWSSecretKey    string
	AWSSessionToken string
	AWSRegion       string

	// GCP
	GCPCredPath string
}

type Relationship 

type Relationship int
const (
	RelationshipUnknown Relationship = iota
	RelationshipRoot
	RelationshipWorkspace // For maven `modules`. TODO use it for cargo and npm workspaces
	RelationshipDirect
	RelationshipIndirect
)

func NewRelationship 

func NewRelationship(s string) (Relationship, error)

func (Relationship) MarshalJSON 

func (r Relationship) MarshalJSON() ([]byte, error)

func (Relationship) String 

func (r Relationship) String() string

func (*Relationship) UnmarshalJSON 

func (r *Relationship) UnmarshalJSON(data []byte) error

type Repository 

type Repository struct {
	Family  OSType `json:",omitempty"`
	Release string `json:",omitempty"`
}

type Secret 

type Secret struct {
	FilePath string
	Findings []SecretFinding
}

type SecretFinding 

type SecretFinding struct {
	RuleID    string
	Category  SecretRuleCategory
	Severity  string
	Title     string
	StartLine int
	EndLine   int
	Code      Code
	Match     string
	Layer     Layer `json:",omitempty"`
}

type SecretRuleCategory 

type SecretRuleCategory string

type TargetType 

type TargetType string

TargetType represents the type of target

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.