gasp

package module
v0.0.0-...-3b5c63c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 8, 2019 License: Apache-2.0 Imports: 11 Imported by: 2

README

gasp

Golang library of the AppSec Pipeline Specification - use this to get started on a Golang implementation of your own AppSec Pipeline

Still in active developement - I'd wait till this is removed if I were you

-- Matt Tesauro

Documentation

Overview

Package Gasp is a library for creating AppSec Pipelines in Golang

Index

Constants

This section is empty.

Variables

View Source 
var (
	Trace   *log.Logger
	Info    *log.Logger
	Warning *log.Logger
	Error   *log.Logger
)

Logging items

Functions

func InitLogs 

func InitLogs(traceHandle io.Writer, infoHandle io.Writer, warningHandle io.Writer, errorHandle io.Writer) map[string]*log.Logger

func SetupLogging 

func SetupLogging(name string, logPath string, timestamp bool) map[string]*log.Logger

Types

type Config 

type Config interface {
	ReadMaster(mstr *M, c ConfigOpts) // Read main configuration
	ReadSecPipe(sec *S, c ConfigOpts) // Read tools configuration
}

Interface for reading configs

type ConfigOpts 

type ConfigOpts struct {
	Ctype string // type of config store - currently only "Local Files" supported
	Path  string // path were configs are stored
}

type Deploy 

type Deploy struct {
	Master  string `yaml:"master"`
	Devel   string `yaml:"sast"`
	Preprod string `yaml:"pre-prod"`
}

type Deps 

type Deps struct {
	Bins          []string // Required binaries that need to be in $PATH
	Files         []string // Required files to run Gasp
	FilePath      string   // Path to required files
	ExternalFiles []string // Full path to external files (non-GASP) required by an implementation
}

type Event 

type Event interface {
	ReadArgs(a *[]string, evArgs *EventArgs)
	GetId()
	Startup()
	Pipeline()
	Final()
	Cleanup()
}

Interface for handling event imput (command-line or otherwise)

type EventArgs 

type EventArgs struct {
	Profile     string            // Required - named pipeline from master.yaml, appsec.pipeline or [app name]-pipeline.yaml
	AppName     string            // Required - The name of the app the application that is the target of this pipeline run
	Target      string            // Required - The target to use for this pipeline run, generally a repo URL for SAST or URL for DAST
	DryRun      bool              // default = false - Run he pipeline without actually launching containers, basically loging only
	Keep        bool              // default = false - If true, keep any containers used during the pipeline run, default is to delete them
	Vol         string            // default = "none" - The full path to a local directory to use for all pipeline run files instead of an ephemeral data container
	Src         string            // default = "none" - The full path to a local directory which contains code for SAST pipeline runs
	Rpt         string            // default = "none" - The full path to a local directory where tool ouput/reports will be written
	AppProfile  string            // default = "none" - The application specific named pipeline (profile) to use for this run set in [app-name]-pipeline.yaml
	AppToolProf string            // default = "none" - The custom tool profile to override the default tool profile as defined in [app-name]-tool.yaml
	Loc         string            // default = "/opt/appsecpipeline/source" - Path to where the sourcecode is on the container
	ParamsRaw   string            // default = "" - Required parametetrs for the pipeline tools in this run
	ToolConf    map[string]string // calculated - map["name of tool":"string that contains parameters for tool]

}

Struct for event arguments

type Gconf 

type Gconf struct {
	MinSev      string `yaml:"min-severity"`
	MaxToolRun  int    `yaml:"max-tool-run"`
	MaxParallel int    `yaml:"max-parallel"`
	MaxDynamic  int    `yaml:"max-dynamic"`
	MaxCrital   int    `yaml:"max-critical"`
	MaxHigh     int    `yaml:"max-high"`
	MaxMedium   int    `yaml:"max-medium"`
}

type Images 

type Images interface {
	SyncImages(sec *S) // Ensure needed images are available in the image repo
}

Interface for listing images

type LocalConfigs 

type LocalConfigs struct {
	ConfFile string
	ToolFile string
}

Read configuration yaml files from local disk

func (*LocalConfigs) ReadMaster 

func (l *LocalConfigs) ReadMaster(mstr *M, c ConfigOpts)

func (*LocalConfigs) ReadSecPipe 

func (l *LocalConfigs) ReadSecPipe(sec *S, c ConfigOpts)

type LocalDeps 

type LocalDeps struct {
}

Check dependencies required for the implemented version of Gasp

func (*LocalDeps) VerifyPrereqs 

func (ld *LocalDeps) VerifyPrereqs(d Deps)

type M 

type M struct {
	Version    string              `yaml:"version"`
	Global     Gconf               `yaml:"global"`
	Prof       map[string]Profiles `yaml:"profiles"`
	Deployment Deploy              `yaml:"deployment"`
}

Sturct for master.yaml aka main configuration

type PMeta 

type PMeta struct {
	PType    string `yaml:"type"`
	DataType string `yaml:"data_type"`
	Desc     string `yaml:"description"`
}

type Prereq 

type Prereq interface {
	VerifyPrereqs(d Deps)
}

Interface for checking for prerequisites

type Profiles 

type Profiles struct {
	Pipeline []Tools
	Startup  []Tools
	RunEvery []Tools
	Final    []Tools
}

type S 

type S struct {
	T map[string]SecTool `yaml:"tools"`
}

Struct for secpipeline-config.yaml aka tools configuration

type SecTool 

type SecTool struct {
	Version       string            `yaml:"version"`
	ToolVer       string            `yaml:"tool-version"`
	Tags          []string          `yaml:"tags"`
	ToolType      string            `yaml:"type"`
	ScanType      string            `yaml:"scan_type"`
	IconSm        string            `yaml:"icon-sm"`
	IconLg        string            `yaml:"icon-lg"`
	Description   string            `yaml:"description"`
	Url           string            `yaml:"url"`
	Documentation string            `yaml:"documentation"`
	Docker        string            `yaml:"docker"`
	Parameters    map[string]PMeta  `yaml:"parameters"`
	Cmds          map[string]string `yaml:"commands"`
	Pfls          map[string]string `yaml:"profiles"`
}

type Tools 

type Tools struct {
	Tool        string `yaml:"tool"`
	ToolProfile string `yaml:"tool-profile"`
	MinSev      string `yaml:"min-severity"`
	OnFailure   string `yaml:"on-failure"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.