output

package
v1.18.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 14, 2023 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func IsConfigPresent

func IsConfigPresent(resources []ResourceConfig, resourceConfig ResourceConfig) bool

IsConfigPresent checks whether a resource is already present in the list of configs or not. The equality of a resource is based on name, source and config of the resource.

Types

type ACRAdditionalData

type ACRAdditionalData struct {
	AssessedResourceType string          `json:"assessedResourceType"`
	Type                 string          `json:"type"`
	VendorReferences     []ACRVendorInfo `json:"vendorReferences"`
	PublishedTime        time.Time       `json:"publishedTime"`
	Patchable            bool            `json:"patchable"`
	Cvss                 ACRCvss         `json:"cvss"`
	RepositoryName       string          `json:"repositoryName"`
	Cve                  []ACRCve        `json:"cve"`
	RegistryHost         string          `json:"registryHost"`
	ImageDigest          string          `json:"imageDigest"`
	CicdData             ACRCicdData     `json:"cicdData"`
}

ACRAdditionalData holds ACR vulnerability's additional data

type ACRCicdData

type ACRCicdData struct {
	Status string `json:"status"`
}

ACRCicdData holds information about the cicd job completion

type ACRCve

type ACRCve struct {
	Title string `json:"title"`
	Link  string `json:"link"`
}

ACRCve holds cve details such as cve id and link to cve details

type ACRCvss

type ACRCvss struct {
	V2 ACRCvssBase `json:"2.0"`
	V3 ACRCvssBase `json:"3.0"`
}

ACRCvss holds cvss score details in v2 and v3 vector

type ACRCvssBase

type ACRCvssBase struct {
	Base float64 `json:"base"`
}

ACRCvssBase base holds the actual cvss score of vulnerability eg. "base": 7.8

type ACRResourceDetails

type ACRResourceDetails struct {
	ID     string `json:"id"`
	Source string `json:"source"`
}

ACRResourceDetails holds ACR vulnerability resource details

type ACRResponse

type ACRResponse struct {
	Properties ACRVulnerabilityConfig `json:"properties"`
}

ACRResponse holds response from ACR api call

type ACRStatus

type ACRStatus struct {
	Severity string `json:"severity"`
	Code     string `json:"code"`
}

ACRStatus holds ACR vulnerability severity details

type ACRVendorInfo

type ACRVendorInfo struct {
	Title string `json:"title"`
	Link  string `json:"link"`
}

ACRVendorInfo holds vendor information

type ACRVulnerabilityConfig

type ACRVulnerabilityConfig struct {
	Description     string             `json:"description"`
	DisplayName     string             `json:"displayName"`
	ResourceDetails ACRResourceDetails `json:"resourceDetails"`
	Status          ACRStatus          `json:"status"`
	AdditionalData  ACRAdditionalData  `json:"additionalData"`
	TimeGenerated   time.Time          `json:"timeGenerated"`
	Remediation     string             `json:"remediation"`
	ID              string             `json:"id"`
	Category        string             `json:"category"`
	Impact          string             `json:"impact"`
}

ACRVulnerabilityConfig holds ACR api vulnerability information

type AllResourceConfigs

type AllResourceConfigs map[string][]ResourceConfig

AllResourceConfigs is a list/slice of resource configs present in IaC

func (AllResourceConfigs) FindAllResourcesByID

func (a AllResourceConfigs) FindAllResourcesByID(resourceID string) ([]*ResourceConfig, error)

FindAllResourcesByID Finds all resources within the resource map

func (AllResourceConfigs) GetResourceCount

func (a AllResourceConfigs) GetResourceCount() (count int)

GetResourceCount gives out the total number of resources present in a output.ResourceConfig object. Since the ResourceConfig mapping stores resources in lists which can be located resourceMapping[Type], `len(resourceMapping)` does not give the count of the resources but only gives out the total number of the type of resources inside the object.

func (AllResourceConfigs) UpdateResourceConfigs

func (a AllResourceConfigs) UpdateResourceConfigs(resourceType string, resources []ResourceConfig)

UpdateResourceConfigs adds a resource of given type if it is not present in allResources

type CVSS

type CVSS struct {
	V2Vector string  `json:"v2_vector,omitempty"`
	V3Vector string  `json:"v3_vector,omitempty"`
	V2Score  float64 `json:"v2_score,omitempty"`
	V3Score  float64 `json:"v3_score,omitempty"`
}

CVSS holds score and vector details

func (*CVSS) PrepareFromECRImageScanAttribute

func (cvss *CVSS) PrepareFromECRImageScanAttribute(attribute *ecr.Attribute)

PrepareFromECRImageScanAttribute prepares cvss object from ECR image scan attribute

func (*CVSS) PrepareFromHarborImageScanAttribute

func (cvss *CVSS) PrepareFromHarborImageScanAttribute(attr map[string]interface{})

PrepareFromHarborImageScanAttribute prepares cvss object from harbor image scan attribute

type ContainerDetails

type ContainerDetails struct {
	Name            string          `json:"name"`
	Image           string          `json:"image"`
	Vulnerabilities []Vulnerability `json:"vulnerabilities"`
}

ContainerDetails holds information about container name, image and vulnerabilities

type ResourceConfig

type ResourceConfig struct {
	ID         string      `json:"id"`
	Name       string      `json:"name"`
	ModuleName string      `json:"module_name,omitempty" yaml:"module_name,omitempty"`
	Source     string      `json:"source"`
	PlanRoot   string      `json:"plan_root,omitempty" yaml:"plan_root,omitempty" `
	Line       int         `json:"line"`
	Type       string      `json:"type"`
	Config     interface{} `json:"config"`
	LineConfig interface{} `json:"line_config,omitempty" yaml:"line_config,omitempty"`
	// SkipRules will hold the rules to be skipped for the resource.
	// Each iac provider should append the rules to be skipped for a resource,
	// while extracting resource from the iac files
	SkipRules           []SkipRule         `json:"skip_rules" yaml:"skip_rules"`
	MaxSeverity         string             `json:"max_severity"`
	MinSeverity         string             `json:"min_severity"`
	ContainerImages     []ContainerDetails `json:"container_images,omitempty"`
	InitContainerImages []ContainerDetails `json:"init_container_images,omitempty"`
	IsRemoteModule      *bool              `json:"is_remote_module,omitempty"`
	TerraformVersion    string             `json:"terraform_version,omitempty"`
	ProviderVersion     string             `json:"provider_version,omitempty"`
}

ResourceConfig describes a resource present in IaC

type SkipRule

type SkipRule struct {
	Rule    string `json:"rule"`
	Comment string `json:"comment"`
}

SkipRule struct will hold the skipped rule and any comment for the skipped rule

type VendorCVSS

type VendorCVSS map[string]CVSS

VendorCVSS holds cvss scoring vector for different vendors

type Vulnerability

type Vulnerability struct {
	Target           string     `json:"target"`
	Type             string     `json:"type,omitempty"`
	VulnerabilityID  string     `json:"vulnerability_id,omitempty"`
	PkgName          string     `json:"pkg_name,omitempty"`
	InstalledVersion string     `json:"installed_version,omitempty"`
	FixedVersion     string     `json:"fixed_version,omitempty"`
	SeveritySource   string     `json:"severity_source,omitempty"`
	PrimaryURL       string     `json:"primary_url,omitempty"`
	Title            string     `json:"title,omitempty"`
	Description      string     `json:"description,omitempty"`
	Severity         string     `json:"severity,omitempty"`
	CweIDs           []string   `json:"cwe_ids,omitempty"`
	CVSS             VendorCVSS `json:"cvss,omitempty"`
	References       []string   `json:"references,omitempty"`
	PublishedDate    *time.Time `json:"published_date,omitempty"`
	LastModifiedDate *time.Time `json:"lastModified_date,omitempty"`
}

Vulnerability holds vulnerability details of image

func (*Vulnerability) PrepareFromACRImageScan

func (v *Vulnerability) PrepareFromACRImageScan(acrResponse ACRResponse)

PrepareFromACRImageScan - prepares vulnerability object from ACR image scan findings

func (*Vulnerability) PrepareFromECRImageScan

func (v *Vulnerability) PrepareFromECRImageScan(imageScanFinding *ecr.ImageScanFinding)

PrepareFromECRImageScan prepares vulnerability object from ECR image scan findings

func (*Vulnerability) PrepareFromGCRImageScan

func (v *Vulnerability) PrepareFromGCRImageScan(gcpVulnerability *grafeaspb.Occurrence)

PrepareFromGCRImageScan - prepares vulnerability object from GCP image scan findings

func (*Vulnerability) PrepareFromHarborImageScan

func (v *Vulnerability) PrepareFromHarborImageScan(vulnerability map[string]interface{})

PrepareFromHarborImageScan - prepares vulnerability object from Harbor image scan findings

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL