vuls: github.com/future-architect/vuls/config Index | Files

package config

import "github.com/future-architect/vuls/config"

Index

Package Files

color.go config.go ips.go jsonloader.go loader.go tomlloader.go

Constants

const (
    // RedHat is
    RedHat = "redhat"

    // Debian is
    Debian = "debian"

    // Ubuntu is
    Ubuntu = "ubuntu"

    // CentOS is
    CentOS = "centos"

    // Fedora is
    Fedora = "fedora"

    // Amazon is
    Amazon = "amazon"

    // Oracle is
    Oracle = "oracle"

    // FreeBSD is
    FreeBSD = "freebsd"

    // Raspbian is
    Raspbian = "raspbian"

    // Windows is
    Windows = "windows"

    // OpenSUSE is
    OpenSUSE = "opensuse"

    // OpenSUSELeap is
    OpenSUSELeap = "opensuse.leap"

    // SUSEEnterpriseServer is
    SUSEEnterpriseServer = "suse.linux.enterprise.server"

    // SUSEEnterpriseDesktop is
    SUSEEnterpriseDesktop = "suse.linux.enterprise.desktop"

    // SUSEOpenstackCloud is
    SUSEOpenstackCloud = "suse.openstack.cloud"

    // Alpine is
    Alpine = "alpine"
)
const (
    // Fast is fast scan mode
    Fast = byte(1 << iota)
    // FastRoot is fast-root scan mode
    FastRoot
    // Deep is deep scan mode
    Deep
    // Offline is offline scan mode
    Offline
)
const (
    // ServerTypePseudo is used for ServerInfo.Type
    ServerTypePseudo = "pseudo"
)

Variables

var (
    // Colors has ansi color list
    Colors = []string{
        "\033[32m",
        "\033[33m",
        "\033[36m",
        "\033[35m",
        "\033[31m",
        "\033[34m",
    }
    // ResetColor is reset color
    ResetColor = "\033[0m"
)
var Revision string

Revision of Git

var Version = "0.9.0"

Version of Vuls

func IsValidImage Uses

func IsValidImage(c Image) error

IsValidImage checks a container configuration

func Load Uses

func Load(path, keyPass string) error

Load loads configuration

type AWS Uses

type AWS struct {
    // AWS profile to use
    Profile string `json:"profile"`

    // AWS region to use
    Region string `json:"region"`

    // S3 bucket name
    S3Bucket string `json:"s3Bucket"`

    // /bucket/path/to/results
    S3ResultsDir string `json:"s3ResultsDir"`

    // The Server-side encryption algorithm used when storing the reports in S3 (e.g., AES256, aws:kms).
    S3ServerSideEncryption string `json:"s3ServerSideEncryption"`
}

AWS is aws config

type Azure Uses

type Azure struct {
    // Azure account name to use. AZURE_STORAGE_ACCOUNT environment variable is used if not specified
    AccountName string `json:"accountName"`

    // Azure account key to use. AZURE_STORAGE_ACCESS_KEY environment variable is used if not specified
    AccountKey string `json:"-"`

    // Azure storage container name
    ContainerName string `json:"containerName"`
}

Azure is azure config

type ChatWorkConf Uses

type ChatWorkConf struct {
    APIToken string `json:"-"`
    Room     string `json:"-"`
}

ChatWorkConf is ChatWork config

func (*ChatWorkConf) Validate Uses

func (c *ChatWorkConf) Validate() (errs []error)

Validate validates configuration

type Config Uses

type Config struct {
    Debug      bool   `json:"debug,omitempty"`
    DebugSQL   bool   `json:"debugSQL,omitempty"`
    Lang       string `json:"lang,omitempty"`
    HTTPProxy  string `valid:"url" json:"httpProxy,omitempty"`
    LogDir     string `json:"logDir,omitempty"`
    ResultsDir string `json:"resultsDir,omitempty"`
    Pipe       bool   `json:"pipe,omitempty"`
    Quiet      bool   `json:"quiet,omitempty"`

    Default       ServerInfo            `json:"default,omitempty"`
    Servers       map[string]ServerInfo `json:"servers,omitempty"`
    CvssScoreOver float64               `json:"cvssScoreOver,omitempty"`

    IgnoreUnscoredCves    bool `json:"ignoreUnscoredCves,omitempty"`
    IgnoreUnfixed         bool `json:"ignoreUnfixed,omitempty"`
    IgnoreGitHubDismissed bool `json:"ignore_git_hub_dismissed,omitempty"`

    SSHNative bool `json:"sshNative,omitempty"`
    SSHConfig bool `json:"sshConfig,omitempty"`

    ContainersOnly bool `json:"containersOnly,omitempty"`
    ImagesOnly     bool `json:"imagesOnly,omitempty"`
    LibsOnly       bool `json:"libsOnly,omitempty"`
    WordPressOnly  bool `json:"wordpressOnly,omitempty"`

    SkipBroken  bool   `json:"skipBroken,omitempty"`
    CacheDBPath string `json:"cacheDBPath,omitempty"`
    Vvv         bool   `json:"vvv,omitempty"`
    UUID        bool   `json:"uuid,omitempty"`
    DetectIPS   bool   `json:"detectIps,omitempty"`

    CveDict  GoCveDictConf `json:"cveDict,omitempty"`
    OvalDict GovalDictConf `json:"ovalDict,omitempty"`
    Gost     GostConf      `json:"gost,omitempty"`
    Exploit  ExploitConf   `json:"exploit,omitempty"`

    Slack    SlackConf    `json:"-"`
    EMail    SMTPConf     `json:"-"`
    HTTP     HTTPConf     `json:"-"`
    Syslog   SyslogConf   `json:"-"`
    AWS      AWS          `json:"-"`
    Azure    Azure        `json:"-"`
    Stride   StrideConf   `json:"-"`
    HipChat  HipChatConf  `json:"-"`
    ChatWork ChatWorkConf `json:"-"`
    Telegram TelegramConf `json:"-"`
    Saas     SaasConf     `json:"-"`

    RefreshCve        bool `json:"refreshCve,omitempty"`
    ToSlack           bool `json:"toSlack,omitempty"`
    ToStride          bool `json:"toStride,omitempty"`
    ToHipChat         bool `json:"toHipChat,omitempty"`
    ToChatWork        bool `json:"toChatWork,omitempty"`
    ToTelegram        bool `json:"ToTelegram,omitempty"`
    ToEmail           bool `json:"toEmail,omitempty"`
    ToSyslog          bool `json:"toSyslog,omitempty"`
    ToLocalFile       bool `json:"toLocalFile,omitempty"`
    ToS3              bool `json:"toS3,omitempty"`
    ToAzureBlob       bool `json:"toAzureBlob,omitempty"`
    ToSaas            bool `json:"toSaas,omitempty"`
    ToHTTP            bool `json:"toHTTP,omitempty"`
    FormatXML         bool `json:"formatXML,omitempty"`
    FormatJSON        bool `json:"formatJSON,omitempty"`
    FormatOneEMail    bool `json:"formatOneEMail,omitempty"`
    FormatOneLineText bool `json:"formatOneLineText,omitempty"`
    FormatList        bool `json:"formatList,omitempty"`
    FormatFullText    bool `json:"formatFullText,omitempty"`
    GZIP              bool `json:"gzip,omitempty"`
    Diff              bool `json:"diff,omitempty"`
}

Config is struct of Configuration

var Conf Config

Conf has Configuration

func (Config) ValidateOnConfigtest Uses

func (c Config) ValidateOnConfigtest() bool

ValidateOnConfigtest validates

func (Config) ValidateOnReport Uses

func (c Config) ValidateOnReport() bool

ValidateOnReport validates configuration

func (Config) ValidateOnReportDB Uses

func (c Config) ValidateOnReportDB() bool

ValidateOnReportDB validates configuration

func (Config) ValidateOnScan Uses

func (c Config) ValidateOnScan() bool

ValidateOnScan validates configuration

func (Config) ValidateOnTui Uses

func (c Config) ValidateOnTui() bool

ValidateOnTui validates configuration

type Container Uses

type Container struct {
    ContainerID string
    Name        string
    Image       string
}

Container has Container information.

type ContainerSetting Uses

type ContainerSetting struct {
    Cpes             []string `json:"cpes,omitempty"`
    OwaspDCXMLPath   string   `json:"owaspDCXMLPath"`
    IgnorePkgsRegexp []string `json:"ignorePkgsRegexp,omitempty"`
    IgnoreCves       []string `json:"ignoreCves,omitempty"`
}

ContainerSetting is used for loading container setting in config.toml

type Distro Uses

type Distro struct {
    Family  string
    Release string
}

Distro has distribution info

func (Distro) MajorVersion Uses

func (l Distro) MajorVersion() (ver int, err error)

MajorVersion returns Major version

func (Distro) String Uses

func (l Distro) String() string

type ExploitConf Uses

type ExploitConf struct {
    // DB type for exploit dictionary (sqlite3, mysql, postgres or redis)
    Type string

    // http://exploit-dictionary.com:1324 or DB connection string
    URL string `json:"-"`

    // /path/to/exploit.sqlite3
    SQLite3Path string `json:"-"`
}

ExploitConf is exploit config

func (*ExploitConf) IsFetchViaHTTP Uses

func (cnf *ExploitConf) IsFetchViaHTTP() bool

IsFetchViaHTTP returns wether fetch via http

func (*ExploitConf) Overwrite Uses

func (cnf *ExploitConf) Overwrite(cmdOpt ExploitConf)

Overwrite set options with the following priority. 1. Command line option 2. Environment variable 3. config.toml

type GitHubConf Uses

type GitHubConf struct {
    Token string `json:"-"`
}

GitHubConf is used for GitHub integration

type GoCveDictConf Uses

type GoCveDictConf struct {
    // DB type of CVE dictionary (sqlite3, mysql, postgres or redis)
    Type string

    // http://cve-dictionary.com:1323 or DB connection string
    URL string `json:"-"`

    // /path/to/cve.sqlite3
    SQLite3Path string `json:"-"`
}

GoCveDictConf is go-cve-dictionary config

func (*GoCveDictConf) IsFetchViaHTTP Uses

func (cnf *GoCveDictConf) IsFetchViaHTTP() bool

IsFetchViaHTTP returns wether fetch via http

func (*GoCveDictConf) Overwrite Uses

func (cnf *GoCveDictConf) Overwrite(cmdOpt GoCveDictConf)

Overwrite set options with the following priority. 1. Command line option 2. Environment variable 3. config.toml

type GostConf Uses

type GostConf struct {
    // DB type for gost dictionary (sqlite3, mysql, postgres or redis)
    Type string

    // http://gost-dictionary.com:1324 or DB connection string
    URL string `json:"-"`

    // /path/to/gost.sqlite3
    SQLite3Path string `json:"-"`
}

GostConf is gost config

func (*GostConf) IsFetchViaHTTP Uses

func (cnf *GostConf) IsFetchViaHTTP() bool

IsFetchViaHTTP returns wether fetch via http

func (*GostConf) Overwrite Uses

func (cnf *GostConf) Overwrite(cmdOpt GostConf)

Overwrite set options with the following priority. 1. Command line option 2. Environment variable 3. config.toml

type GovalDictConf Uses

type GovalDictConf struct {

    // DB type of OVAL dictionary (sqlite3, mysql, postgres or redis)
    Type string

    // http://goval-dictionary.com:1324 or DB connection string
    URL string `json:"-"`

    // /path/to/oval.sqlite3
    SQLite3Path string `json:"-"`
}

GovalDictConf is goval-dictionary config

func (*GovalDictConf) IsFetchViaHTTP Uses

func (cnf *GovalDictConf) IsFetchViaHTTP() bool

IsFetchViaHTTP returns wether fetch via http

func (*GovalDictConf) Overwrite Uses

func (cnf *GovalDictConf) Overwrite(cmdOpt GovalDictConf)

Overwrite set options with the following priority. 1. Command line option 2. Environment variable 3. config.toml

type HTTPConf Uses

type HTTPConf struct {
    URL string `valid:"url" json:"-"`
}

HTTPConf is HTTP config

func (*HTTPConf) Overwrite Uses

func (c *HTTPConf) Overwrite(cmdOpt HTTPConf)

Overwrite set options with the following priority. 1. Command line option 2. Environment variable 3. config.toml

func (*HTTPConf) Validate Uses

func (c *HTTPConf) Validate() (errs []error)

Validate validates configuration

type HipChatConf Uses

type HipChatConf struct {
    AuthToken string `json:"-"`
    Room      string `json:"-"`
}

HipChatConf is HipChat config

func (*HipChatConf) Validate Uses

func (c *HipChatConf) Validate() (errs []error)

Validate validates configuration

type IPS Uses

type IPS string

IPS is

const (
    // DeepSecurity is
    DeepSecurity IPS = "deepsecurity"
)

type Image Uses

type Image struct {
    Name             string             `json:"name"`
    Tag              string             `json:"tag"`
    DockerOption     types.DockerOption `json:"dockerOption,omitempty"`
    Cpes             []string           `json:"cpes,omitempty"`
    OwaspDCXMLPath   string             `json:"owaspDCXMLPath"`
    IgnorePkgsRegexp []string           `json:"ignorePkgsRegexp,omitempty"`
    IgnoreCves       []string           `json:"ignoreCves,omitempty"`
}

Image is a scan container image info

type JSONLoader Uses

type JSONLoader struct {
}

JSONLoader loads configuration

func (JSONLoader) Load Uses

func (c JSONLoader) Load(path, sudoPass, keyPass string) (err error)

Load load the configuration JSON file specified by path arg.

type Loader Uses

type Loader interface {
    Load(string, string) error
}

Loader is interface of concrete loader

type SMTPConf Uses

type SMTPConf struct {
    SMTPAddr      string   `toml:"smtpAddr,omitempty" json:"-"`
    SMTPPort      string   `toml:"smtpPort,omitempty" valid:"port" json:"-"`
    User          string   `toml:"user,omitempty" json:"-"`
    Password      string   `toml:"password,omitempty" json:"-"`
    From          string   `toml:"from,omitempty" json:"-"`
    To            []string `toml:"to,omitempty" json:"-"`
    Cc            []string `toml:"cc,omitempty" json:"-"`
    SubjectPrefix string   `toml:"subjectPrefix,omitempty" json:"-"`
}

SMTPConf is smtp config

func (*SMTPConf) Validate Uses

func (c *SMTPConf) Validate() (errs []error)

Validate SMTP configuration

type SaasConf Uses

type SaasConf struct {
    GroupID int    `json:"-"`
    Token   string `json:"-"`
    URL     string `json:"-"`
}

SaasConf is stride config

func (*SaasConf) Validate Uses

func (c *SaasConf) Validate() (errs []error)

Validate validates configuration

type ScanMode Uses

type ScanMode struct {
    // contains filtered or unexported fields
}

ScanMode has a type of scan mode. fast, fast-root, deep and offline

func (ScanMode) IsDeep Uses

func (s ScanMode) IsDeep() bool

IsDeep return whether scan mode is deep

func (ScanMode) IsFast Uses

func (s ScanMode) IsFast() bool

IsFast return whether scan mode is fast

func (ScanMode) IsFastRoot Uses

func (s ScanMode) IsFastRoot() bool

IsFastRoot return whether scan mode is fastroot

func (ScanMode) IsOffline Uses

func (s ScanMode) IsOffline() bool

IsOffline return whether scan mode is offline

func (*ScanMode) Set Uses

func (s *ScanMode) Set(f byte)

Set mode

func (ScanMode) String Uses

func (s ScanMode) String() string

type ServerInfo Uses

type ServerInfo struct {
    ServerName             string                      `toml:"-" json:"serverName,omitempty"`
    User                   string                      `toml:"user,omitempty" json:"user,omitempty"`
    Host                   string                      `toml:"host,omitempty" json:"host,omitempty"`
    Port                   string                      `toml:"port,omitempty" json:"port,omitempty"`
    KeyPath                string                      `toml:"keyPath,omitempty" json:"keyPath,omitempty"`
    KeyPassword            string                      `json:"-,omitempty" toml:"-"`
    CpeNames               []string                    `toml:"cpeNames,omitempty" json:"cpeNames,omitempty"`
    ScanMode               []string                    `toml:"scanMode,omitempty" json:"scanMode,omitempty"`
    DependencyCheckXMLPath string                      `toml:"dependencyCheckXMLPath,omitempty" json:"-"` // TODO Deprecated remove in near future
    OwaspDCXMLPath         string                      `toml:"owaspDCXMLPath,omitempty" json:"owaspDCXMLPath,omitempty"`
    ContainersIncluded     []string                    `toml:"containersIncluded,omitempty" json:"containersIncluded,omitempty"`
    ContainersExcluded     []string                    `toml:"containersExcluded,omitempty" json:"containersExcluded,omitempty"`
    ContainerType          string                      `toml:"containerType,omitempty" json:"containerType,omitempty"`
    Containers             map[string]ContainerSetting `toml:"containers" json:"containers,omitempty"`
    IgnoreCves             []string                    `toml:"ignoreCves,omitempty" json:"ignoreCves,omitempty"`
    IgnorePkgsRegexp       []string                    `toml:"ignorePkgsRegexp,omitempty" json:"ignorePkgsRegexp,omitempty"`
    GitHubRepos            map[string]GitHubConf       `toml:"githubs" json:"githubs,omitempty"` // key: owner/repo
    Images                 map[string]Image            `toml:"images" json:"images,omitempty"`
    UUIDs                  map[string]string           `toml:"uuids,omitempty" json:"uuids,omitempty"`
    Memo                   string                      `toml:"memo,omitempty" json:"memo,omitempty"`
    Enablerepo             []string                    `toml:"enablerepo,omitempty" json:"enablerepo,omitempty"` // For CentOS, RHEL, Amazon
    Optional               map[string]interface{}      `toml:"optional,omitempty" json:"optional,omitempty"`     // Optional key-value set that will be outputted to JSON
    Lockfiles              []string                    `toml:"lockfiles,omitempty" json:"lockfiles,omitempty"`   // ie) path/to/package-lock.json
    FindLock               bool                        `toml:"findLock,omitempty" json:"findLock,omitempty"`
    Type                   string                      `toml:"type,omitempty" json:"type,omitempty"` // "pseudo" or ""

    WordPress WordPressConf `toml:"wordpress,omitempty" json:"wordpress,omitempty"`

    // used internal
    IPv4Addrs      []string       `toml:"-" json:"ipv4Addrs,omitempty"`
    IPv6Addrs      []string       `toml:"-" json:"ipv6Addrs,omitempty"`
    IPSIdentifiers map[IPS]string `toml:"-" json:"ipsIdentifiers,omitempty"`

    LogMsgAnsiColor string    `toml:"-" json:"-"` // DebugLog Color
    Container       Container `toml:"-" json:"-"`
    Image           Image     `toml:"-" json:"-"`
    Distro          Distro    `toml:"-" json:"-"`
    Mode            ScanMode  `toml:"-" json:"-"`
}

ServerInfo has SSH Info, additional CPE packages to scan.

func (ServerInfo) GetServerName Uses

func (s ServerInfo) GetServerName() string

GetServerName returns ServerName if this serverInfo is about host. If this serverInfo is abount a container, returns containerID@ServerName

func (ServerInfo) IsContainer Uses

func (s ServerInfo) IsContainer() bool

IsContainer returns whether this ServerInfo is about container

func (*ServerInfo) SetContainer Uses

func (s *ServerInfo) SetContainer(d Container)

SetContainer set container

type SlackConf Uses

type SlackConf struct {
    HookURL     string   `valid:"url" json:"-" toml:"hookURL,omitempty"`
    LegacyToken string   `json:"-" toml:"legacyToken,omitempty"`
    Channel     string   `json:"-" toml:"channel,omitempty"`
    IconEmoji   string   `json:"-" toml:"iconEmoji,omitempty"`
    AuthUser    string   `json:"-" toml:"authUser,omitempty"`
    NotifyUsers []string `toml:"notifyUsers,omitempty" json:"-"`
    Text        string   `json:"-"`
}

SlackConf is slack config

func (*SlackConf) Validate Uses

func (c *SlackConf) Validate() (errs []error)

Validate validates configuration

type StrideConf Uses

type StrideConf struct {
    HookURL   string `json:"-"`
    AuthToken string `json:"-"`
}

StrideConf is stride config

func (*StrideConf) Validate Uses

func (c *StrideConf) Validate() (errs []error)

Validate validates configuration

type SyslogConf Uses

type SyslogConf struct {
    Protocol string `json:"-"`
    Host     string `valid:"host" json:"-"`
    Port     string `valid:"port" json:"-"`
    Severity string `json:"-"`
    Facility string `json:"-"`
    Tag      string `json:"-"`
    Verbose  bool   `json:"-"`
}

SyslogConf is syslog config

func (*SyslogConf) GetFacility Uses

func (c *SyslogConf) GetFacility() (syslog.Priority, error)

GetFacility gets facility

func (*SyslogConf) GetSeverity Uses

func (c *SyslogConf) GetSeverity() (syslog.Priority, error)

GetSeverity gets severity

func (*SyslogConf) Validate Uses

func (c *SyslogConf) Validate() (errs []error)

Validate validates configuration

type TOMLLoader Uses

type TOMLLoader struct {
}

TOMLLoader loads config

func (TOMLLoader) Load Uses

func (c TOMLLoader) Load(pathToToml, keyPass string) error

Load load the configuration TOML file specified by path arg.

type TelegramConf Uses

type TelegramConf struct {
    Token  string `json:"-"`
    ChatID string `json:"-"`
}

TelegramConf is Telegram config

func (*TelegramConf) Validate Uses

func (c *TelegramConf) Validate() (errs []error)

Validate validates configuration

type WordPressConf Uses

type WordPressConf struct {
    OSUser         string `toml:"osUser" json:"osUser,omitempty"`
    DocRoot        string `toml:"docRoot" json:"docRoot,omitempty"`
    CmdPath        string `toml:"cmdPath" json:"cmdPath,omitempty"`
    WPVulnDBToken  string `toml:"wpVulnDBToken" json:"-,omitempty"`
    IgnoreInactive bool   `json:"ignoreInactive,omitempty"`
}

WordPressConf used for WordPress Scanning

Package config imports 15 packages (graph) and is imported by 84 packages. Updated 2019-09-19. Refresh now. Tools for package owners.