containerscan

package
v3.0.9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 1, 2024 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	//defines Relevancy as enum-like
	Unknown   = "Unknown"
	Relevant  = "Relevant"
	Irelevant = "Irelevant"
	NoSP      = "No signature profile to compare"

	//Clair Severities
	UnknownSeverity    = "Unknown"
	NegligibleSeverity = "Negligible"
	LowSeverity        = "Low"
	MediumSeverity     = "Medium"
	HighSeverity       = "High"
	CriticalSeverity   = "Critical"

	ContainerScanRedisPrefix = "_containerscan"
)

Variables

View Source 
var KnownSeverities = map[string]bool{
	UnknownSeverity:    true,
	NegligibleSeverity: true,
	LowSeverity:        true,
	MediumSeverity:     true,
	HighSeverity:       true,
	CriticalSeverity:   true,
}

Functions

func CalculateFixed 

func CalculateFixed(Fixes []FixedIn) int

CalculateFixed calculates the number of fixes in a given list of FixedIn objects.

Example Usage: 

fixes := []FixedIn{
  {Version: "None"},
  {Version: "1.2.3"},
  {Version: ""},
}

result := CalculateFixed(fixes) fmt.Println(result) // Output: 1

Inputs: - Fixes: a slice of FixedIn objects representing the fixes for a vulnerability.

Flow: 1. Iterate over each FixedIn object in the Fixes slice. 2. Check if the Version field of the current FixedIn object is not equal to "None" and not empty. 3. If the condition is true for any FixedIn object, return 1. 4. If the loop completes without returning, return 0.

Outputs: - An integer representing the number of fixes found in the Fixes slice.

func GenerateContainerScanLayer 

func GenerateContainerScanLayer(layer *ScanResultLayer)

GenerateContainerScanLayer - generate a layer with random vuls

func GenerateVulnerability 

func GenerateVulnerability(v *Vulnerability) error

GenerateVulnerability - generate a vul (just diff "cve"'s)

Types

type ESLayer 

type ESLayer struct {
	LayerHash       string `json:"layerHash"`
	ParentLayerHash string `json:"parentLayerHash"`
}

type ElasticContainerScanSeveritySummary 

type ElasticContainerScanSeveritySummary struct {
	Designators identifiers.PortalDesignator `json:"designators"`
	Context     []identifiers.ArmoContext    `json:"context"`

	SeverityStats
	CustomerGUID    string `json:"customerGUID"`
	ContainerScanID string `json:"containersScanID"`
	Timestamp       int64  `json:"timestamp"`
	WLID            string `json:"wlid"`
	ImgTag          string `json:"imageTag"`
	ImgHash         string `json:"imageHash"`
	Cluster         string `json:"cluster"`
	Namespace       string `json:"namespace"`
	ContainerName   string `json:"containerName"`
	Status          string `json:"status"`
	Registry        string `json:"registry"`
	VersionImage    string `json:"versionImage"`
	Version         string `json:"version"`
	DayDate         string `json:"dayDate"`
}

type ElasticContainerScanSummaryResult 

type ElasticContainerScanSummaryResult struct {
	SeverityStats
	Designators identifiers.PortalDesignator `json:"designators"`
	Context     []identifiers.ArmoContext    `json:"context"`

	CustomerGUID    string `json:"customerGUID"`
	ContainerScanID string `json:"containersScanID"`

	Timestamp     int64    `json:"timestamp"`
	WLID          string   `json:"wlid"`
	ImgTag        string   `json:"imageTag"`
	ImgHash       string   `json:"imageHash"`
	Cluster       string   `json:"cluster"`
	Namespace     string   `json:"namespace"`
	ContainerName string   `json:"containerName"`
	PackagesName  []string `json:"packages"`

	ListOfDangerousArtifcats []string `json:"listOfDangerousArtifcats"`

	Status string `json:"status"`

	Registry     string `json:"registry"`
	VersionImage string `json:"versionImage"`

	SeveritiesStats []SeverityStats `json:"severitiesStats"`

	Version string `json:"version"`
}

func (*ElasticContainerScanSummaryResult) Validate 

func (summary *ElasticContainerScanSummaryResult) Validate() bool

Validate checks if the ElasticContainerScanSummaryResult object is valid.

type ElasticContainerVulnerabilityResult 

type ElasticContainerVulnerabilityResult struct {
	Designators identifiers.PortalDesignator `json:"designators"`
	Context     []identifiers.ArmoContext    `json:"context"`

	WLID              string    `json:"wlid"`
	ContainerScanID   string    `json:"containersScanID"`
	Layers            []ESLayer `json:"layers"`
	Timestamp         int64     `json:"timestamp"`
	IsFixed           int       `json:"isFixed"`
	IntroducedInLayer string    `json:"layerHash"`
	RelevantLinks     []string  `json:"links"` // Bad SE practice

	Vulnerability `json:",inline"`
}

type FixedIn 

type FixedIn struct {
	Name    string `json:"name"`
	ImgTag  string `json:"imageTag"`
	Version string `json:"version"`
}

FixedIn when and which pkg was fixed (which version as well)

func (*FixedIn) NKeys 

func (file *FixedIn) NKeys() int

func (*FixedIn) UnmarshalJSONObject 

func (fx *FixedIn) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error)

--------Vul fixed in----------------------------------

type LayersList 

type LayersList []ScanResultLayer

VulnerabilitiesList -s.e

func (*LayersList) UnmarshalJSONArray 

func (t *LayersList) UnmarshalJSONArray(dec *gojay.Decoder) error

type LinuxPackage 

type LinuxPackage struct {
	PackageName    string   `json:"packageName"`
	Files          PkgFiles `json:"files"`
	PackageVersion string   `json:"version"`
}

LinuxPackage- Linux package representation

func (*LinuxPackage) NKeys 

func (file *LinuxPackage) NKeys() int

func (*LinuxPackage) UnmarshalJSONObject 

func (pkgnx *LinuxPackage) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error)

UnmarshalJSONObject--- Package

type LinuxPkgs 

type LinuxPkgs []LinuxPackage

LinuxPkgs - slice of linux pkgs

func (*LinuxPkgs) UnmarshalJSONArray 

func (pkgs *LinuxPkgs) UnmarshalJSONArray(dec *gojay.Decoder) error

type PackageFile 

type PackageFile struct {
	Filename string `json:"name"`
}

PackageFile - s.e

func (*PackageFile) NKeys 

func (file *PackageFile) NKeys() int

func (*PackageFile) UnmarshalJSONObject 

func (file *PackageFile) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error)

UnmarshalJSONObject - File inside a pkg

type PkgFiles 

type PkgFiles []PackageFile

PkgFiles - slice of files belong to specific pkg

func (*PkgFiles) UnmarshalJSONArray 

func (files *PkgFiles) UnmarshalJSONArray(dec *gojay.Decoder) error

type ScanResultLayer 

type ScanResultLayer struct {
	LayerHash       string              `json:"layerHash"`
	ParentLayerHash string              `json:"parentLayerHash"`
	Vulnerabilities VulnerabilitiesList `json:"vulnerabilities"`
	Packages        LinuxPkgs           `json:"packageToFile"`
}

ScanResultLayer - represents a single layer from container scan result

func (*ScanResultLayer) GetPackagesNames 

func (layer *ScanResultLayer) GetPackagesNames() []string

GetPackagesNames retrieves the names of all the packages stored in the Packages field of the ScanResultLayer object and returns them as a slice of strings.

func (*ScanResultLayer) NKeys 

func (scan *ScanResultLayer) NKeys() int

func (*ScanResultLayer) UnmarshalJSONObject 

func (scan *ScanResultLayer) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error)

type ScanResultReport 

type ScanResultReport struct {
	CustomerGUID             string     `json:"customerGUID"`
	ImgTag                   string     `json:"imageTag"`
	ImgHash                  string     `json:"imageHash"`
	WLID                     string     `json:"wlid"`
	ContainerName            string     `json:"containerName"`
	Timestamp                int64      `json:"timestamp"`
	Layers                   LayersList `json:"layers"`
	ListOfDangerousArtifcats []string   `json:"listOfDangerousArtifcats"`
}

ScanResultReport - the report given from scanner to event receiver

func GenerateContainerScanReportMock 

func GenerateContainerScanReportMock() ScanResultReport

GenerateContainerScanReportMock - generate a scan result

func GenerateContainerScanReportNoVulMock 

func GenerateContainerScanReportNoVulMock() ScanResultReport

GenerateContainerScanReportNoVulMock - generate a scan result

func (*ScanResultReport) AsFNVHash 

func (v *ScanResultReport) AsFNVHash() string

func (*ScanResultReport) GetDesignatorsNContext 

func (scanresult *ScanResultReport) GetDesignatorsNContext() (*identifiers.PortalDesignator, []identifiers.ArmoContext)

GetDesignatorsNContext retrieves the designators and context information from the ScanResultReport object and returns them as a pair of objects.

func (*ScanResultReport) NKeys 

func (scan *ScanResultReport) NKeys() int

func (*ScanResultReport) Summarize 

func (scanresult *ScanResultReport) Summarize() *ElasticContainerScanSummaryResult

Summarize generates a summary of the scan result report.

func (*ScanResultReport) UnmarshalJSONObject 

func (scan *ScanResultReport) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error)

func (*ScanResultReport) Validate 

func (scanresult *ScanResultReport) Validate() bool

Validate checks if the scan result report is valid.

type SeverityStats 

type SeverityStats struct {
	Severity                     string `json:"severity,omitempty"`
	TotalCount                   int64  `json:"total"`
	FixAvailableOfTotalCount     int64  `json:"fixedTotal"`
	RelevantCount                int64  `json:"totalRelevant"`
	FixAvailableForRelevantCount int64  `json:"fixedRelevant"`
	RCECount                     int64  `json:"rceTotal"`
	UrgentCount                  int64  `json:"urgent"`
	NeglectedCount               int64  `json:"neglected"`
	HealthStatus                 string `json:"healthStatus"`
}

type VulFixes 

type VulFixes []FixedIn

VulFixes - information bout when/how this vul was fixed

func (*VulFixes) UnmarshalJSONArray 

func (t *VulFixes) UnmarshalJSONArray(dec *gojay.Decoder) error

type VulnerabilitiesList 

type VulnerabilitiesList []Vulnerability

VulnerabilitiesList -s.e

func (*VulnerabilitiesList) UnmarshalJSONArray 

func (t *VulnerabilitiesList) UnmarshalJSONArray(dec *gojay.Decoder) error

type Vulnerability 

type Vulnerability struct {
	Name               string                `json:"name"`
	ImgHash            string                `json:"imageHash"`
	ImgTag             string                `json:"imageTag"`
	RelatedPackageName string                `json:"packageName"`
	PackageVersion     string                `json:"packageVersion"`
	Link               string                `json:"link"`
	Description        string                `json:"description"`
	Severity           string                `json:"severity"`
	Metadata           interface{}           `json:"metadata"`
	Fixes              VulFixes              `json:"fixedIn"`
	Relevancy          string                `json:"relevant"` // use the related enum
	UrgentCount        int                   `json:"urgent"`
	NeglectedCount     int                   `json:"neglected"`
	HealthStatus       string                `json:"healthStatus"`
	Categories         VulnerabilityCategory `json:"categories"`
}

Vulnerability - a vul object

func (*Vulnerability) IsRCE 

func (v *Vulnerability) IsRCE() bool

IsRCE checks if a vulnerability description contains any keywords related to remote code execution (RCE) or arbitrary code injection.

func (*Vulnerability) NKeys 

func (v *Vulnerability) NKeys() int

func (*Vulnerability) UnmarshalJSONObject 

func (v *Vulnerability) UnmarshalJSONObject(dec *gojay.Decoder, key string) (err error)

type VulnerabilityCategory 

type VulnerabilityCategory struct {
	IsRCE bool `json:"isRce"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.