Documentation
¶
Index ¶
- Constants
- func PermSetFromFlags(flags map[string]bool) string
- type ArtifactProps
- type ArtifactType
- type BuildCommand
- type BuildpackInfo
- type Command
- type ContainerEntryInfo
- type ContainerFileInfo
- type ContainerReport
- type ContainerizeCommand
- type ConvertCommand
- type DebugCommand
- type DistroInfo
- type EditCommand
- type FSActivityInfo
- type FanMonitorReport
- type FileInfo
- type ImageIdentity
- type ImageMetadata
- type ImageReport
- type LintCommand
- type MergeCommand
- type MonitorDataEvent
- type MonitorReports
- type PeMonitorReport
- type ProbeCommand
- type ProcessInfo
- type ProfileCommand
- type PtMonitorReport
- type RegistryCommand
- type RunCommand
- type ServerCommand
- type SyscallStatInfo
- type SystemMetadata
- type SystemReport
- type XrayCommand
Constants ¶
const ( MDESourceDel = ".del" //Data Event Logger event MDESourceFan = "m.fa" //FaNotify monitor event MDESourcePT = "m.pt" //PTrace monitor event )
Event source
const ( MDETypeArtifact = "a" //Artifact event type MDETypeProcess = "p" //Process event type MDETypeState = "s" //State event )
Event types
const ( OpTypeRead = "r" OpTypeWrite = "w" OpTypeExec = "x" OpTypeCheck = "c" )
Operation types
const DefaultContainerReportFileName = "creport.json"
DefaultContainerReportFileName is the default container report file name
const DefaultFilename = "slim.report.json"
DefaultFilename is the default name for the command report
const DefaultMonDelFileName = "mondel.ndjson"
DefaultContainerReportFileName is the default Monitor Data Event Log file name
const OVBuildCommand = "1.1"
Output Version for 'build'
const OVContainerizeCommand = "1.0"
Output Version for 'containerize'
const OVConvertCommand = "1.0"
Output Version for 'convert'
const OVDebugCommand = "1.0"
Output Version for 'debug'
const OVEditCommand = "1.0"
Output Version for 'edit'
const OVLintCommand = "1.0"
Output Version for 'lint'
const OVMergeCommand = "1.0"
Output Version for 'merge'
const OVProbeCommand = "1.0"
Output Version for 'probe'
const OVProfileCommand = "1.0"
Output Version for 'profile'
const OVRegistryCommand = "1.0"
Output Version for 'registry'
const OVRunCommand = "1.0"
Output Version for 'run'
const OVServerCommand = "1.0"
Output Version for 'server'
const OVXrayCommand = "1.2.2"
Output Version for 'xray'
Variables ¶
This section is empty.
Functions ¶
func PermSetFromFlags ¶
PermSetFromFlags maps artifact flags to permissions
Types ¶
type ArtifactProps ¶
type ArtifactProps struct {
FileType ArtifactType `json:"-"` //todo
FilePath string `json:"file_path"`
Mode os.FileMode `json:"-"` //todo
ModeText string `json:"mode"`
LinkRef string `json:"link_ref,omitempty"`
Flags map[string]bool `json:"flags,omitempty"`
DataType string `json:"data_type,omitempty"`
FileSize int64 `json:"file_size"`
Sha1Hash string `json:"sha1_hash,omitempty"`
AppType string `json:"app_type,omitempty"`
FileInode uint64 `json:"-"` //todo
FSActivity *FSActivityInfo `json:"-"`
}
ArtifactProps contains various file system artifact properties
func (*ArtifactProps) MarshalJSON ¶
func (p *ArtifactProps) MarshalJSON() ([]byte, error)
MarshalJSON encodes artifact property data
func (*ArtifactProps) UnmarshalJSON ¶
func (p *ArtifactProps) UnmarshalJSON(data []byte) error
UnmarshalJSON decodes artifact property data
type ArtifactType ¶
type ArtifactType int
ArtifactType is an artifact type ID
const ( DirArtifactType ArtifactType = 1 FileArtifactType ArtifactType = 2 SymlinkArtifactType ArtifactType = 3 UnknownArtifactType ArtifactType = 99 )
Artifact type ID constants
func GetArtifactTypeValue ¶
func GetArtifactTypeValue(s string) ArtifactType
GetArtifactTypeValue maps an artifact type name to an artifact type ID
func (ArtifactType) String ¶
func (t ArtifactType) String() string
String converts the artifact type ID to a string
type BuildCommand ¶
type BuildCommand struct {
Command
TargetReference string `json:"target_reference"`
System SystemMetadata `json:"system"`
SourceImage ImageMetadata `json:"source_image"`
MinifiedImageSize int64 `json:"minified_image_size"`
MinifiedImageSizeHuman string `json:"minified_image_size_human"`
MinifiedImage string `json:"minified_image"`
MinifiedImageHasData bool `json:"minified_image_has_data"`
MinifiedBy float64 `json:"minified_by"`
ArtifactLocation string `json:"artifact_location"`
ContainerReportName string `json:"container_report_name"`
SeccompProfileName string `json:"seccomp_profile_name"`
AppArmorProfileName string `json:"apparmor_profile_name"`
ImageStack []*reverse.ImageInfo `json:"image_stack"`
ImageCreated bool `json:"image_created"`
ImageBuildEngine string `json:"image_build_engine"`
}
BuildCommand is the 'build' command report data
func NewBuildCommand ¶
func NewBuildCommand(reportLocation string, containerized bool) *BuildCommand
NewBuildCommand creates a new 'build' command report
func (*BuildCommand) Save ¶
func (p *BuildCommand) Save() bool
Save saves the Build command report data to the configured location
type BuildpackInfo ¶
type Command ¶
type Command struct {
Version string `json:"version"`
Engine string `json:"engine"`
Containerized bool `json:"containerized"`
HostDistro DistroInfo `json:"host_distro"`
//Docker string `json:"docker,omitempty"`
Type command.Type `json:"type"`
State command.State `json:"state"`
Error string `json:"error,omitempty"`
// contains filtered or unexported fields
}
Command is the common command report data
func (*Command) ReportLocation ¶
type ContainerEntryInfo ¶
type ContainerEntryInfo struct {
Entrypoint []string `json:"entrypoint,omitempty"`
Cmd []string `json:"cmd,omitempty"`
ExePath string `json:"exe_path"`
FullExePath *ContainerFileInfo `json:"full_exe_path,omitempty"`
ExeArgs []string `json:"exe_args,omitempty"`
ArgFiles []*ContainerFileInfo `json:"arg_files,omitempty"`
}
type ContainerFileInfo ¶
type ContainerReport ¶
type ContainerReport struct {
SensorVersion string `json:"system"`
System SystemReport `json:"system"`
Monitors MonitorReports `json:"monitors"`
Image ImageReport `json:"image"`
}
ContainerReport contains container report fields
type ContainerizeCommand ¶
type ContainerizeCommand struct {
Command
}
ContainerizeCommand is the 'containerize' command report data
func NewContainerizeCommand ¶
func NewContainerizeCommand(reportLocation string, containerized bool) *ContainerizeCommand
NewContainerizeCommand creates a new 'containerize' command report
type ConvertCommand ¶
type ConvertCommand struct {
Command
}
ConvertCommand is the 'convert' command report data
func NewConvertCommand ¶
func NewConvertCommand(reportLocation string, containerized bool) *ConvertCommand
NewConvertCommand creates a new 'convert' command report
type DebugCommand ¶
type DebugCommand struct {
Command
}
DebugCommand is the 'debug' command report data
func NewDebugCommand ¶
func NewDebugCommand(reportLocation string, containerized bool) *DebugCommand
NewDebugCommand creates a new 'debug' command report
type DistroInfo ¶
type EditCommand ¶
type EditCommand struct {
Command
}
EditCommand is the 'edit' command report data
func NewEditCommand ¶
func NewEditCommand(reportLocation string, containerized bool) *EditCommand
NewEditCommand creates a new 'edit' command report
type FSActivityInfo ¶
type FanMonitorReport ¶
type FanMonitorReport struct {
MonitorPid int `json:"monitor_pid"`
MonitorParentPid int `json:"monitor_ppid"`
EventCount uint32 `json:"event_count"`
MainProcess *ProcessInfo `json:"main_process"`
Processes map[string]*ProcessInfo `json:"processes"`
ProcessFiles map[string]map[string]*FileInfo `json:"process_files"`
}
FanMonitorReport is a file monitoring report
type FileInfo ¶
type FileInfo struct {
EventCount uint32 `json:"event_count"`
FirstEventID uint32 `json:"first_eid"`
Name string `json:"-"`
ReadCount uint32 `json:"reads,omitempty"`
WriteCount uint32 `json:"writes,omitempty"`
ExeCount uint32 `json:"execs,omitempty"`
}
FileInfo contains various file object and activity metadata
type ImageIdentity ¶
type ImageIdentity struct {
ID string `json:"id"`
Tags []string `json:"tags,omitempty"`
Names []string `json:"names,omitempty"`
Digests []string `json:"digests,omitempty"`
FullDigests []string `json:"full_digests,omitempty"`
}
ImageIdentity includes the container image identity fields
type ImageMetadata ¶
type ImageMetadata struct {
Identity ImageIdentity `json:"identity"`
Size int64 `json:"size"`
SizeHuman string `json:"size_human"`
CreateTime string `json:"create_time"`
Author string `json:"author,omitempty"`
Maintainers []string `json:"maintainers,omitempty"`
DockerVersion string `json:"docker_version"`
Architecture string `json:"architecture"`
User string `json:"user,omitempty"`
ExposedPorts []string `json:"exposed_ports,omitempty"`
OS string `json:"os,omitempty"`
Volumes []string `json:"volumes,omitempty"`
Labels map[string]string `json:"labels,omitempty"`
EnvVars []string `json:"env_vars,omitempty"`
WorkDir string `json:"workdir,omitempty"`
InheritedInstructions []string `json:"inherited_instructions,omitempty"`
//TODO:
//Should be in ImageReport dockerimage.ImageReport
//because it's additional info discovered during analysis
//BUT also need to find a way to make it available
//for the 'build' command (at least, distro)
Distro *DistroInfo `json:"distro,omitempty"`
Buildpack *BuildpackInfo `json:"buildpack,omitempty"`
ContainerEntry ContainerEntryInfo `json:"container_entry"`
//Base image info
BaseImageDigest string `json:"base_image_digest,omitempty"`
BaseImageName string `json:"base_image_name,omitempty"`
}
ImageMetadata provides basic image metadata
type ImageReport ¶
type ImageReport struct {
Files []*ArtifactProps `json:"files"`
}
ImageReport contains image report fields
type LintCommand ¶
type LintCommand struct {
Command
TargetType string `json:"target_type"`
TargetReference string `json:"target_reference"`
BuildContextDir string `json:"build_context_dir,omitempty"`
HitsCount int `json:"hits_count"`
NoHitsCount int `json:"nohits_count"`
ErrorsCount int `json:"errors_count"`
Hits map[string]*check.Result `json:"hits,omitempty"` //map[CHECK_ID]CHECK_RESULT
Errors map[string]error `json:"errors,omitempty"` //map[CHECK_ID]ERROR_INFO
}
LintCommand is the 'lint' command report data
func NewLintCommand ¶
func NewLintCommand(reportLocation string, containerized bool) *LintCommand
NewLintCommand creates a new 'lint' command report
func (*LintCommand) Save ¶
func (p *LintCommand) Save() bool
Save saves the Lint command report data to the configured location
type MergeCommand ¶
type MergeCommand struct {
Command
FirstImage string `json:"first_image"`
LastImage string `json:"last_image"`
UseLastImageMetadata bool `json:"use_last_image_metadata"`
}
MergeCommand is the 'merge' command report data
func NewMergeCommand ¶
func NewMergeCommand(reportLocation string, containerized bool) *MergeCommand
NewMergeCommand creates a new 'edit' command report
type MonitorDataEvent ¶
type MonitorDataEvent struct {
Source string `json:"s"`
Type string `json:"t"`
Pid int32 `json:"p,omitempty"`
ParentPid int32 `json:"pp,omitempty"`
Artifact string `json:"a,omitempty"` //used for exe path for process events
OpType string `json:"o,omitempty"` //operation type
Op string `json:"op,omitempty"` //operation
OpNum uint32 `json:"n,omitempty"`
WorkDir string `json:"w,omitempty"`
Root string `json:"r,omitempty"`
Cmd string `json:"c,omitempty"`
}
type MonitorReports ¶
type MonitorReports struct {
Fan *FanMonitorReport `json:"fan"`
Pt *PtMonitorReport `json:"pt"`
}
MonitorReports contains monitoring report fields
type PeMonitorReport ¶
PeMonitorReport is a processing monitoring report
type ProbeCommand ¶
type ProbeCommand struct {
Command
}
ProbeCommand is the 'probe' command report data
func NewProbeCommand ¶
func NewProbeCommand(reportLocation string, containerized bool) *ProbeCommand
NewProbeCommand creates a new 'probe' command report
type ProcessInfo ¶
type ProcessInfo struct {
Pid int32 `json:"pid"`
Name string `json:"name"`
Path string `json:"path"`
Cmd string `json:"cmd"`
Cwd string `json:"cwd"`
Root string `json:"root"`
ParentPid int32 `json:"ppid"`
}
ProcessInfo contains various process object metadata
type ProfileCommand ¶
type ProfileCommand struct {
Command
OriginalImage string `json:"original_image"`
OriginalImageSize int64 `json:"original_image_size"`
OriginalImageSizeHuman string `json:"original_image_size_human"`
MinifiedImageSize int64 `json:"minified_image_size"`
MinifiedImageSizeHuman string `json:"minified_image_size_human"`
MinifiedImage string `json:"minified_image"`
MinifiedImageHasData bool `json:"minified_image_has_data"`
MinifiedBy float64 `json:"minified_by"`
ArtifactLocation string `json:"artifact_location"`
ContainerReportName string `json:"container_report_name"`
SeccompProfileName string `json:"seccomp_profile_name"`
AppArmorProfileName string `json:"apparmor_profile_name"`
}
ProfileCommand is the 'profile' command report data
func NewProfileCommand ¶
func NewProfileCommand(reportLocation string, containerized bool) *ProfileCommand
NewProfileCommand creates a new 'profile' command report
func (*ProfileCommand) Save ¶
func (p *ProfileCommand) Save() bool
Save saves the Profile command report data to the configured location
type PtMonitorReport ¶
type PtMonitorReport struct {
Enabled bool `json:"enabled"`
ArchName string `json:"arch_name"`
SyscallCount uint64 `json:"syscall_count"`
SyscallNum uint32 `json:"syscall_num"`
SyscallStats map[string]SyscallStatInfo `json:"syscall_stats"`
FSActivity map[string]*FSActivityInfo `json:"fs_activity"`
}
PtMonitorReport contains various process execution metadata
type RegistryCommand ¶
RegistryCommand is the 'registry' command report data
func NewRegistryCommand ¶
func NewRegistryCommand(reportLocation string, containerized bool) *RegistryCommand
NewRegistryCommand creates a new 'registry' command report
type RunCommand ¶
RunCommand is the 'run' command report data
func NewRunCommand ¶
func NewRunCommand(reportLocation string, containerized bool) *RunCommand
NewRunCommand creates a new 'run' command report
type ServerCommand ¶
type ServerCommand struct {
Command
}
ServerCommand is the 'server' command report data
func NewServerCommand ¶
func NewServerCommand(reportLocation string, containerized bool) *ServerCommand
NewServerCommand creates a new 'server' command report
type SyscallStatInfo ¶
type SyscallStatInfo struct {
Number uint32 `json:"num"`
Name string `json:"name"`
Count uint64 `json:"count"`
}
SyscallStatInfo contains various system call activity metadata
type SystemMetadata ¶
type SystemMetadata struct {
Type string `json:"type"`
Release string `json:"release"`
Distro DistroInfo `json:"distro"`
}
SystemMetadata provides basic system metadata
type SystemReport ¶
type SystemReport struct {
Type string `json:"type"`
Release string `json:"release"`
Distro DistroInfo `json:"distro"`
}
SystemReport provides a basic system report for the container environment
type XrayCommand ¶
type XrayCommand struct {
Command
TargetReference string `json:"target_reference"`
SourceImage ImageMetadata `json:"source_image"`
ArtifactLocation string `json:"artifact_location"`
ImageReport *dockerimage.ImageReport `json:"image_report,omitempty"`
ImageStack []*reverse.ImageInfo `json:"image_stack"`
ImageLayers []*dockerimage.LayerReport `json:"image_layers"`
ImageArchiveLocation string `json:"image_archive_location"`
RawImageManifest *dockerimage.ManifestObject `json:"raw_image_manifest,omitempty"`
RawImageConfig *dockerimage.ConfigObject `json:"raw_image_config,omitempty"`
}
XrayCommand is the 'xray' command report data
func NewXrayCommand ¶
func NewXrayCommand(reportLocation string, containerized bool) *XrayCommand
NewXrayCommand creates a new 'xray' command report
func (*XrayCommand) Save ¶
func (p *XrayCommand) Save() bool
Save saves the Xray command report data to the configured location
Source Files