data

package
v0.0.0-...-b3aaee5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 22, 2023 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ComplianceRiskItem

type ComplianceRiskItem struct {
	ComplianceRisks []string `json:"compliance_risks"`
}

ComplianceRiskItem risk item

type DefaultEvaluator

type DefaultEvaluator struct {
	// contains filtered or unexported fields
}

DefaultEvaluator the default evaluator for image risk evaluation

func NewDefaultEvaluator

func NewDefaultEvaluator() *DefaultEvaluator

NewDefaultEvaluator the new evaluator

func (*DefaultEvaluator) Eval

func (d *DefaultEvaluator) Eval(i *ResourceItem, w *Workloads, report *vuln.Report) (risks []*RiskItem)

Eval the default the eval function

type Evaluator

type Evaluator interface {
	Eval(*ResourceItem, *Workloads, *vuln.Report) []*RiskItem
}

Evaluator Interface

type ExposureRiskItem

type ExposureRiskItem struct {
	Addresses []string `json:"addresses"`
}

ExposureRiskItem exposure risk item

type HostRiskItem

type HostRiskItem struct {
	Privileges         []string `json:"privileges"`
	HostConfigurations []string `json:"host_configurations"`
}

HostRiskItem risky host configuration and privilege misuses

type ImageItem

type ImageItem struct {
	ID         string          `json:"uuid"`
	ImageName  string          `json:"image"`
	ArtifactID core.ArtifactID `json:"artifact_id"`
	Related    []*ResourceItem `json:"related"`
	Reports    []*vuln.Report
}

ImageItem the image item get from the work load

func NewImageItem

func NewImageItem(containerImage string, ArtifactID core.ArtifactID) *ImageItem

NewImageItem new image item

func (*ImageItem) AddRelatedResource

func (i *ImageItem) AddRelatedResource(v *ResourceItem)

AddRelatedResource add resource

func (*ImageItem) FetchHarborReport

func (i *ImageItem) FetchHarborReport(Adapter providers.Adapter) (*vuln.Report, error)

FetchHarborReport fetch the harbor report

func (*ImageItem) UUID

func (i *ImageItem) UUID() string

UUID uuid

type ResourceItem

type ResourceItem struct {
	ID             string             `json:"uuid"`
	Type           string             `json:"type"`
	Pod            v1.Pod             `json:"pod,omitempty"`
	Service        v1.Service         `json:"service,omitempty"`
	Node           *v1.Node           `json:"node,omitempty"`
	ServiceAccount *v1.ServiceAccount `json:"service_account,omitempty"`
	Secret         *v1.Secret         `json:"secret,omitempty"`
	Deployment     appsv1.Deployment  `json:"deployment,omitempty"`
	Selector       map[string]string  `json:"selector,omitempty"`
	metav1.ObjectMeta
}

ResourceItem the resource item is to list all the resource is relating the ImageItem

func NewResourceItem

func NewResourceItem(kind string) *ResourceItem

NewResourceItem create a new resource item given one of the source item

func (*ResourceItem) GenerateReportItems

func (r *ResourceItem) GenerateReportItems(w *Workloads, report *vuln.Report, evaluator Evaluator) (rs []*RiskItem, e error)

GenerateReportItems generate report Item

func (*ResourceItem) GenerateUUID

func (r *ResourceItem) GenerateUUID()

GenerateUUID generate uuid for all types of resource items

func (*ResourceItem) GetImages

func (r *ResourceItem) GetImages(ctx context.Context, adapter providers.Adapter, baselines []*v1alpha1.ComplianceBaseline) (images []*ImageItem)

GetImages get images from a pod

func (*ResourceItem) IsDeployment

func (r *ResourceItem) IsDeployment() bool

func (*ResourceItem) IsNode

func (r *ResourceItem) IsNode() bool

func (*ResourceItem) IsPod

func (r *ResourceItem) IsPod() bool

func (*ResourceItem) IsSecret

func (r *ResourceItem) IsSecret() bool

func (*ResourceItem) IsService

func (r *ResourceItem) IsService() bool

func (*ResourceItem) IsServiceAccount

func (r *ResourceItem) IsServiceAccount() bool

func (*ResourceItem) SetDeployment

func (r *ResourceItem) SetDeployment(deploy appsv1.Deployment)

func (*ResourceItem) SetNode

func (r *ResourceItem) SetNode(node *v1.Node)

func (*ResourceItem) SetPod

func (r *ResourceItem) SetPod(pod v1.Pod)

func (*ResourceItem) SetSecret

func (r *ResourceItem) SetSecret(secret *v1.Secret)

func (*ResourceItem) SetService

func (r *ResourceItem) SetService(service v1.Service)

func (*ResourceItem) SetServiceAccount

func (r *ResourceItem) SetServiceAccount(serviceAccount *v1.ServiceAccount)

func (*ResourceItem) UUID

func (r *ResourceItem) UUID() string

UUID get uuid

type ResourceSelector

type ResourceSelector struct {
	Category  string
	Selectors map[string]string
}

ResourceSelector resource selector

type RiskCollection

type RiskCollection map[string][]*RiskItem

RiskCollection generate all risk items summary for all workloads

type RiskItem

type RiskItem struct {
	Score                  int    `json:"score,omitempty"`  //risk score
	Scale                  int    `json:"scale,omitempty"`  //risk scale(maximum)
	Reason                 string `json:"reason,omitempty"` //reason of the risk
	*HostRiskItem          `json:"host,omitempty"`
	*VulnerabilityRiskItem `json:"vuln,omitempty"`
	*ExposureRiskItem      `json:"exposure,omitempty"`
	*ComplianceRiskItem    `json:"compliance,omitempty"`
}

RiskItem the detail of the risk item

type VulnerabilityRiskItem

type VulnerabilityRiskItem struct {
	POCReferences    []string `json:"poc_references"`
	InfectionVectors string   `json:"infection_vectors"`
	// An operating system or software dependency package containing the vulnerability.
	// e.g: dpkg
	Package string `json:"package"`
	// The version of the package containing the vulnerability.
	// e.g: 1.17.27
	Version string `json:"version"`
	// The version of the package containing the fix if available.
	// e.g: 1.18.0
	FixVersion string `json:"fix_version"`
	// example: dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program
	// and does not offer a protection mechanism for blank-indented diff hunks, which allows remote
	// attackers to conduct directory traversal attacks via a crafted Debian source package, as
	// demonstrated by using of dpkg-source on NetBSD.
	Description string `json:"description"`
}

VulnerabilityRiskItem risky vulnerability items

type Workload

type Workload interface {
	UUID() string
	GenerateReportItems() ([]*RiskItem, error)
	GetWorkload() ResourceItem
}

Workload the workload

type Workloads

type Workloads struct {
	Items map[string]*ResourceItem `json:"items"`
	Risks RiskCollection           `json:"risks"`
}

Workloads the workloads in the cluster

func NewWorkloads

func NewWorkloads(risks RiskCollection, w map[string]*ResourceItem) *Workloads

NewWorkloads new workloads summary

func (*Workloads) AddResource

func (w *Workloads) AddResource(r *ResourceItem)

AddResource add resource

func (*Workloads) AddRiskItem

func (w *Workloads) AddRiskItem(id string, r *RiskItem)

AddRiskItem add risk item for workload

func (*Workloads) GetWorkloads

func (w *Workloads) GetWorkloads(selector *ResourceSelector, uuid string) (rs []*ResourceItem)

GetWorkloads given either a selector or uuid name

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL