rules

package
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 9, 2024 License: GPL-3.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	//go:embed assets/ghsa.json
	GHSAJson            []byte
	GHSAVulnerabilities []models.Vulnerability
)
View Source 
var CustomUntrustedInputSearchRoots = []*actionlint.UntrustedInputMap{
	envUntrustedInput,
	needsOutputData,
	stepsOutputData,
}
View Source 
var OIDCActions = []string{
	"aws-actions/configure-aws-credentials",
	"azure/login",
}

Functions

This section is empty.

Types

type RuleBotCheck 

type RuleBotCheck struct {
	actionlint.RuleBase
	// contains filtered or unexported fields
}

func NewRuleBotCheck 

func NewRuleBotCheck(filterTriggers []string) *RuleBotCheck

NewRuleBotCheck creates new RuleDebugJSExec instance.

func (*RuleBotCheck) VisitStep 

func (rule *RuleBotCheck) VisitStep(n *actionlint.Step) error

VisitStep is callback when visiting Step node.

func (*RuleBotCheck) VisitWorkflowPre 

func (rule *RuleBotCheck) VisitWorkflowPre(n *actionlint.Workflow) error

type RuleDangerousAction 

type RuleDangerousAction struct {
	actionlint.RuleBase
	// contains filtered or unexported fields
}

func NewRuleDangerousAction 

func NewRuleDangerousAction(filterTriggers []string) *RuleDangerousAction

NewRuleDangerousAction creates new RuleDangerousAction instance.

func (*RuleDangerousAction) VisitStep 

func (rule *RuleDangerousAction) VisitStep(n *actionlint.Step) error

VisitStep is callback when visiting Step node.

func (*RuleDangerousAction) VisitWorkflowPre 

func (rule *RuleDangerousAction) VisitWorkflowPre(n *actionlint.Workflow) error

type RuleDangerousArtefact added in v0.1.3 

type RuleDangerousArtefact struct {
	actionlint.RuleBase
	// contains filtered or unexported fields
}

func NewRuleRuleDangerousArtefact added in v0.1.3 

func NewRuleRuleDangerousArtefact(filterTriggers []string) *RuleDangerousArtefact

NewRuleOIDCAction creates new RuleOIDCAction instance.

func (*RuleDangerousArtefact) VisitJobPost added in v0.1.3 

func (rule *RuleDangerousArtefact) VisitJobPost(job *actionlint.Job) error

func (*RuleDangerousArtefact) VisitStep added in v0.1.3 

func (rule *RuleDangerousArtefact) VisitStep(n *actionlint.Step) error

VisitStep is callback when visiting Step node.

func (*RuleDangerousArtefact) VisitWorkflowPre added in v0.1.3 

func (rule *RuleDangerousArtefact) VisitWorkflowPre(n *actionlint.Workflow) error

type RuleDangerousCheckout 

type RuleDangerousCheckout struct {
	actionlint.RuleBase
	// contains filtered or unexported fields
}

func NewRuleDangerousCheckout 

func NewRuleDangerousCheckout(filterTriggers []string) *RuleDangerousCheckout

NewRuleDangerousCheckout creates new RuleDangerousCheckout instance.

func (*RuleDangerousCheckout) VisitStep 

func (rule *RuleDangerousCheckout) VisitStep(n *actionlint.Step) error

VisitStep is callback when visiting Step node.

func (*RuleDangerousCheckout) VisitWorkflowPre 

func (rule *RuleDangerousCheckout) VisitWorkflowPre(n *actionlint.Workflow) error

type RuleDangerousWrite 

type RuleDangerousWrite struct {
	actionlint.RuleBase
	// contains filtered or unexported fields
}

func NewRuleDangerousWrite 

func NewRuleDangerousWrite(filterTriggers []string) *RuleDangerousWrite

NewRuleDangerousWrite creates new RuleDangerousWrite instance.

func (*RuleDangerousWrite) VisitStep 

func (rule *RuleDangerousWrite) VisitStep(n *actionlint.Step) error

VisitStep is callback when visiting Step node.

func (*RuleDangerousWrite) VisitWorkflowPre 

func (rule *RuleDangerousWrite) VisitWorkflowPre(n *actionlint.Workflow) error

type RuleDebugArtefacts 

type RuleDebugArtefacts struct {
	actionlint.RuleBase
	// contains filtered or unexported fields
}

func NewRuleRuleDebugArtefacts 

func NewRuleRuleDebugArtefacts(filterTriggers []string) *RuleDebugArtefacts

NewRuleOIDCAction creates new RuleOIDCAction instance.

func (*RuleDebugArtefacts) VisitStep 

func (rule *RuleDebugArtefacts) VisitStep(n *actionlint.Step) error

VisitStep is callback when visiting Step node.

func (*RuleDebugArtefacts) VisitWorkflowPre added in v0.1.2 

func (rule *RuleDebugArtefacts) VisitWorkflowPre(n *actionlint.Workflow) error

type RuleDebugExternalTrigger 

type RuleDebugExternalTrigger struct {
	actionlint.RuleBase
	// contains filtered or unexported fields
}

func NewRuleDebugExternalTrigger 

func NewRuleDebugExternalTrigger(filterTriggers []string) *RuleDebugExternalTrigger

NewRuleDebugExternalTrigger creates new RuleDebugExternalTrigger instance.

func (*RuleDebugExternalTrigger) VisitWorkflowPre 

func (rule *RuleDebugExternalTrigger) VisitWorkflowPre(n *actionlint.Workflow) error

type RuleDebugJSExec 

type RuleDebugJSExec struct {
	actionlint.RuleBase
	// contains filtered or unexported fields
}

func NewRuleDebugJSExec 

func NewRuleDebugJSExec(filterTriggers []string) *RuleDebugJSExec

NewRuleDebugJSExec creates new RuleDebugJSExec instance.

func (*RuleDebugJSExec) VisitStep 

func (rule *RuleDebugJSExec) VisitStep(n *actionlint.Step) error

VisitStep is callback when visiting Step node.

func (*RuleDebugJSExec) VisitWorkflowPre 

func (rule *RuleDebugJSExec) VisitWorkflowPre(n *actionlint.Workflow) error

type RuleExpressionInjection 

type RuleExpressionInjection struct {
	actionlint.RuleBase
	// contains filtered or unexported fields
}

func NewRuleExpressionInjection 

func NewRuleExpressionInjection(filterTriggers []string, filterRun bool) *RuleExpressionInjection

NewRuleExpressionInjection creates new RuleExpressionInjection instance.

func (*RuleExpressionInjection) VisitStep 

func (rule *RuleExpressionInjection) VisitStep(n *actionlint.Step) error

VisitStep is callback when visiting Step node.

func (*RuleExpressionInjection) VisitWorkflowPost 

func (rule *RuleExpressionInjection) VisitWorkflowPost(n *actionlint.Workflow) error

VisitWorkflowPost is callback when visiting Workflow node after visiting its children

func (*RuleExpressionInjection) VisitWorkflowPre 

func (rule *RuleExpressionInjection) VisitWorkflowPre(n *actionlint.Workflow) error

type RuleKnownVulnerability 

type RuleKnownVulnerability struct {
	actionlint.RuleBase
	// contains filtered or unexported fields
}

func NewRuleKnownVulnerability 

func NewRuleKnownVulnerability(filterTriggers []string) *RuleKnownVulnerability

NewRuleKnownVulnerability creates new RuleKnownVulnerability instance.

func (*RuleKnownVulnerability) VisitStep 

func (rule *RuleKnownVulnerability) VisitStep(n *actionlint.Step) error

VisitStep is callback when visiting Step node.

func (*RuleKnownVulnerability) VisitWorkflowPre 

func (rule *RuleKnownVulnerability) VisitWorkflowPre(n *actionlint.Workflow) error

type RuleLocalAction 

type RuleLocalAction struct {
	actionlint.RuleBase
	// contains filtered or unexported fields
}

func NewRuleLocalAction 

func NewRuleLocalAction(filterTriggers []string) *RuleLocalAction

NewRuleLocalAction creates new RuleLocalAction instance.

func (*RuleLocalAction) VisitStep 

func (rule *RuleLocalAction) VisitStep(n *actionlint.Step) error

VisitStep is callback when visiting Step node.

func (*RuleLocalAction) VisitWorkflowPre 

func (rule *RuleLocalAction) VisitWorkflowPre(n *actionlint.Workflow) error

type RuleOIDCAction 

type RuleOIDCAction struct {
	actionlint.RuleBase
}

func NewRuleOIDCAction 

func NewRuleOIDCAction() *RuleOIDCAction

NewRuleOIDCAction creates new RuleOIDCAction instance.

func (*RuleOIDCAction) VisitStep 

func (rule *RuleOIDCAction) VisitStep(n *actionlint.Step) error

VisitStep is callback when visiting Step node.

type RuleRepoJacking 

type RuleRepoJacking struct {
	actionlint.RuleBase
	// contains filtered or unexported fields
}

func NewRuleRepoJacking 

func NewRuleRepoJacking() *RuleRepoJacking

NewRuleRepoJacking creates new RuleRepoJacking instance.

func (*RuleRepoJacking) VisitStep 

func (rule *RuleRepoJacking) VisitStep(n *actionlint.Step) error

VisitStep is callback when visiting Step node.

func (*RuleRepoJacking) VisitWorkflowPost 

func (rule *RuleRepoJacking) VisitWorkflowPost(n *actionlint.Workflow) error

VisitWorkflowPost is callback when visiting Workflow node after visiting its children

type RuleRunnerLabel 

type RuleRunnerLabel struct {
	actionlint.RuleBase
	// contains filtered or unexported fields
}

RuleRunnerLabel is a rule to check runner label like "ubuntu-latest". There are two types of runners, GitHub-hosted runner and Self-hosted runner. GitHub-hosted runner is described at https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners . And Self-hosted runner is described at https://docs.github.com/en/actions/hosting-your-own-runners/using-self-hosted-runners-in-a-workflow .

func NewRuleRunnerLabel 

func NewRuleRunnerLabel() *RuleRunnerLabel

NewRuleRunnerLabel creates new RuleRunnerLabel instance.

func (*RuleRunnerLabel) VisitJobPre 

func (rule *RuleRunnerLabel) VisitJobPre(n *actionlint.Job) error

VisitJobPre is callback when visiting Job node before visiting its children.

type RuleUnsecureCommands 

type RuleUnsecureCommands struct {
	actionlint.RuleBase
	// contains filtered or unexported fields
}

func NewRuleUnsecureCommands 

func NewRuleUnsecureCommands(filterTriggers []string) *RuleUnsecureCommands

NewRuleUnsecureCommands creates new RuleUnsecureCommands instance.

func (*RuleUnsecureCommands) VisitJobPre 

func (rule *RuleUnsecureCommands) VisitJobPre(n *actionlint.Job) error

func (*RuleUnsecureCommands) VisitStep 

func (rule *RuleUnsecureCommands) VisitStep(n *actionlint.Step) error

VisitStep is callback when visiting Step node.

func (*RuleUnsecureCommands) VisitWorkflowPre 

func (rule *RuleUnsecureCommands) VisitWorkflowPre(n *actionlint.Workflow) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.