utils

package
v1.19.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 7, 2024 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// HighSeverity high
	HighSeverity = "HIGH"
	// MediumSeverity medium
	MediumSeverity = "MEDIUM"
	// LowSeverity low
	LowSeverity = "LOW"
)
View Source 
const (
	// TerrascanSkip key used to detect rules for skipping violations
	TerrascanSkip = "runterrascan.io/skip"
	// TerrascanSkipRule key used to detect the rule to be skipped
	TerrascanSkipRule = "rule"
	// TerrascanSkipComment key used to detect comment skipping a give rule
	TerrascanSkipComment = "comment"
	// SkipRulesPrefix used to identify and trim the skipping rule patterns
	SkipRulesPrefix = "#ts:skip="
	// MetaDataIDRegex pattern to match Rego Metadata ID
	MetaDataIDRegex = `(AC_)(AWS|AZURE|GCP|K8S|GITHUB|DOCKER)[_]([\d]{4})`
	// MetaDataReferenceIDRegex pattern to match Rego Metadata ReferenceID
	MetaDataReferenceIDRegex = `(([ A-Za-z0-9]+[.-]{1}){2,5})([\d]+)`
	// SkipRuleCommentRegex used to detect comments in skipped rule
	SkipRuleCommentRegex = `([ \t]+.*){0,1}`
)
View Source 
const (
	// JSONDoc type for json files
	JSONDoc = "json"
)
View Source 
const (
	// YAMLDoc type for yaml files
	YAMLDoc = "yaml"
)

Variables

View Source 
var AcceptedCategories []string = []string{
	"LOGGING AND MONITORING",
	"COMPLIANCE VALIDATION",
	"RESILIENCE",
	"SECURITY BEST PRACTICES",
	"INFRASTRUCTURE SECURITY",
	"IDENTITY AND ACCESS MANAGEMENT",
	"CONFIGURATION AND VULNERABILITY ANALYSIS",
	"DATA PROTECTION",
}

AcceptedCategories is the list of all policy categories

View Source 
var CustomTempDir string

CustomTempDir store the global flag --temp-dir value which will be used to download repository,module and template.

View Source 
var (

	// ErrYamlFileEmpty is return when empty yaml file is being read.
	ErrYamlFileEmpty = fmt.Errorf("yaml file is empty")
)

Functions

func AddFileExtension 

func AddFileExtension(file, ext string) string

AddFileExtension returns full file name string after adding the extension to the filename

func AreEqualJSON 

func AreEqualJSON(s1, s2 string) (bool, error)

AreEqualJSON validate if two json strings are equal

func AreEqualJSONBytes 

func AreEqualJSONBytes(b1, b2 []byte) (bool, error)

AreEqualJSONBytes validate if two json byte arrays are equal

func CheckCategory 

func CheckCategory(ruleCategory string, desiredCategories []string) bool

CheckCategory validates if the category of policy rule is present in the list of specified categories

func CheckPolicyType 

func CheckPolicyType(rulePolicyType string, desiredPolicyTypes []string) bool

CheckPolicyType checks if supplied policy type matches desired policy types

func CheckSeverity 

func CheckSeverity(ruleSeverity, desiredSeverity string) bool

CheckSeverity validates if the severity of policy rule is equal or above the desired severity

func CreateTempFile 

func CreateTempFile(content []byte, ext string) (*os.File, error)

CreateTempFile creates a file with provided contents in the temp directory

func EnsureUpperCaseTrimmed 

func EnsureUpperCaseTrimmed(s string) string

EnsureUpperCaseTrimmed make sure the string is in UPPERCASE and TRIMMED

func FilterFileInfoBySuffix 

func FilterFileInfoBySuffix(allFileList *[]os.DirEntry, filter []string) []*string

FilterFileInfoBySuffix Given a list of files, returns a subset of files containing a suffix which matches the input filter

func FilterHiddenDirectories 

func FilterHiddenDirectories(dirList []string, rootDir string) []string

FilterHiddenDirectories filters hidden directories from a list of directories TODO: filtering hidden directories on windows

func FindAllDirectories 

func FindAllDirectories(basePath string) ([]string, error)

FindAllDirectories Walks the file path and returns a list of all directories within

func FindFilesBySuffix 

func FindFilesBySuffix(basePath string, suffixes []string) (map[string][]*string, error)

FindFilesBySuffix finds all files within a given directory that have the specified suffixes Returns a map with keys as directories and values as a list of files

func FindFilesBySuffixInDir 

func FindFilesBySuffixInDir(basePath string, suffixes []string) ([]*string, error)

FindFilesBySuffixInDir finds all the immediate files within a given directory that have the specified suffixes IT DOES NOT LOOK INTO ANY SUBDIRECTORY. JUST A SINGLE LEVEL FILE SEARCH. Returns an array for string pointers as a list of files

func GenRandomString 

func GenRandomString(length int) string

GenRandomString creates and returns a random string of provided length

func GenerateTempDir 

func GenerateTempDir() string

GenerateTempDir generates a temporary directory

func GetAbsPath 

func GetAbsPath(path string) (string, error)

GetAbsPath returns absolute path from passed file path resolving even ~ to user home dir and any other such symbols that are only shell expanded can also be handled here

func GetAbsPolicyConfigPaths 

func GetAbsPolicyConfigPaths(policyBasePath, policyRepoPath string) (string, string, error)

GetAbsPolicyConfigPaths transforms the provided policy base path and repo path into absolute paths

func GetFileMode 

func GetFileMode(path string) *os.FileMode

GetFileMode fetches the filemode from a file path

func GetFileURI 

func GetFileURI(path string) (string, error)

GetFileURI returns the rfc3986 format file uri from a path string https://tools.ietf.org/html/rfc3986 always use / and for windows it starts three ///

func GetHomeDir 

func GetHomeDir() (terrascanDir string)

GetHomeDir returns the home directory path

func GetMinMaxSeverity 

func GetMinMaxSeverity(body string) (minSeverity string, maxSeverity string)

GetMinMaxSeverity returns the min and max severity to be applied to resources. can be set in terraform resource config with the following patterns #ts:minseverity = "High" --> any violation for this resource will be high #ts:maxseverity = "None" --> any violation for this resource will be ignored only one value will be considered

func GetSkipRules 

func GetSkipRules(body string) []output.SkipRule

GetSkipRules returns a list of rules to be skipped. The rules to be skipped can be set in terraform resource config with the following pattern: #ts:skip=AWS.S3Bucket.DS.High.1043 #ts:skip=AWS.S3Bucket.DS.High.1044 reason to skip the rule each rule and its optional comment must be in a new line

func IsDirExists 

func IsDirExists(dir string) bool

IsDirExists checks wether the provided directory exists or not

func IsSliceEqual 

func IsSliceEqual(list1, list2 []string) bool

IsSliceEqual checks if two slices of string are equal or not

func IsWindowsPlatform 

func IsWindowsPlatform() bool

IsWindowsPlatform checks if os is windows

func JQFilterWithQuery 

func JQFilterWithQuery(jqQuery string, jsonInput []byte) ([]byte, error)

JQFilterWithQuery runs jq query on the given input and returns the output

func MaxSeverityApplicable 

func MaxSeverityApplicable(ruleSeverity, maxSeverity string) bool

MaxSeverityApplicable verifies if the severity of policy rule need to be changed to the maximum severity level

func MergeMaps added in v1.18.0 

func MergeMaps(a, b map[interface{}]interface{}) map[interface{}]interface{}

MergeMaps merges two maps, the second map values overriding first map

func MinSeverityApplicable 

func MinSeverityApplicable(ruleSeverity, minSeverity string) bool

MinSeverityApplicable verifies if the severity of policy rule need to be changed to the minimum severity level

func PrintJSON 

func PrintJSON(data interface{}, writer io.Writer)

PrintJSON prints data in JSON format

func ReadSkipRulesFromMap 

func ReadSkipRulesFromMap(skipRulesMap map[string]interface{}, resourceID string) []output.SkipRule

ReadSkipRulesFromMap returns a list of rules to be skipped. The rules to be skipped can be set in annotations for kubernetes manifests and Resource Metadata in AWS cft: k8s: metadata: 

annotations:
  runterrascan.io/skip: |
    [{"rule": "accurics.kubernetes.IAM.109", "comment": "reason to skip the rule"}]

cft: Resource: 

myResource:
  Metadata:
    runterrascan.io/skip: |
      [{"rule": "AC_AWS_047", "comment": "reason to skip the rule"}]

cft json: 

"Resource":{
  "myResource":{
    "Metadata":{
       "runterrascan.io/skip": "[{\"rule\":\"AWS.CloudFormation.Medium.0603\"}]"
    }
  }
}

each rule and its optional comment must be a string containing an json array like [{rule: ruleID, comment: reason for skipping}]

func ReadYamlFile 

func ReadYamlFile(path string) (map[string]interface{}, error)

ReadYamlFile reads a yaml file and load content in a map[string]interface{} type

func ReplaceCarriageReturnBytes 

func ReplaceCarriageReturnBytes(input []byte) []byte

ReplaceCarriageReturnBytes replaces windows new lines characters in a string

func ReplaceWinNewLineBytes 

func ReplaceWinNewLineBytes(input []byte) []byte

ReplaceWinNewLineBytes replaces windows new lines with unix new lines in a byte slice

func ReplaceWinNewLineString 

func ReplaceWinNewLineString(input string) string

ReplaceWinNewLineString replaces windows new lines with unix new lines in a string

func ValidateCategoryInput 

func ValidateCategoryInput(categories []string) (bool, []string)

ValidateCategoryInput validates input for --category flag

func ValidateSeverityInput 

func ValidateSeverityInput(severity string) bool

ValidateSeverityInput validates input for --severity flag

func WrapError 

func WrapError(err, allErrs error) error

WrapError wraps given err with allErrs and returns a unified error

Types

type IacDocument 

type IacDocument struct {
	Type      string
	StartLine int
	EndLine   int
	FilePath  string
	Data      []byte
}

IacDocument contains raw IaC file data and other metadata for a given file

func LoadJSON 

func LoadJSON(filePath string) ([]*IacDocument, error)

LoadJSON loads a JSON file into an IacDocument struct

func LoadYAML 

func LoadYAML(filePath string) ([]*IacDocument, error)

LoadYAML loads a YAML file. Can return one or more IaC Documents. Besides reading in file data, its main purpose is to determine and store line number and filename metadata

func LoadYAMLString 

func LoadYAMLString(data, absFilePath string) ([]*IacDocument, error)

LoadYAMLString loads a YAML String. Can return one or more IaC Documents. Besides reading in file data, its main purpose is to determine and store line number and filename metadata

func ScanIacDocumentsFromYaml 

func ScanIacDocumentsFromYaml(scanner *bufio.Scanner, byteArray []byte, filePath string) ([]*IacDocument, error)

ScanIacDocumentsFromYaml provides one or more IaC Documents. Besides reading in file data, its main purpose is to determine and store line number and filename metadata

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.