utils

package
v1.14.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 1, 2022 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// HighSeverity high
	HighSeverity = "HIGH"
	// MediumSeverity medium
	MediumSeverity = "MEDIUM"
	// LowSeverity low
	LowSeverity = "LOW"
)
View Source 
const (
	// TerrascanSkip key used to detect rules for skipping violations
	TerrascanSkip = "runterrascan.io/skip"
	// TerrascanSkipRule key used to detect the rule to be skipped
	TerrascanSkipRule = "rule"
	// TerrascanSkipComment key used to detect comment skiupping a give rule
	TerrascanSkipComment = "comment"
	// SkipRulesPrefix used to identify and trim the skipping rule patterns
	SkipRulesPrefix = "#ts:skip="
	// MetaDataIDRegex pattern to match Rego Metadata ID
	MetaDataIDRegex = `(AC_)(AWS|AZURE|GCP|K8S|GITHUB|DOCKER)[_]([\d]{4})`
	// MetaDataReferenceIDRegex pattern to match Rego Metadata ReferenceID
	MetaDataReferenceIDRegex = `(([ A-Za-z0-9]+[.-]{1}){2,5})([\d]+)`
	// SkipRuleCommentRegex used to detect comments in skipped rule
	SkipRuleCommentRegex = `([ \t]+.*){0,1}`
)
View Source 
const (
	// JSONDoc type for json files
	JSONDoc = "json"
)
View Source 
const (
	// YAMLDoc type for yaml files
	YAMLDoc = "yaml"
)

Variables

View Source 
var AcceptedCategories []string = []string{
	"LOGGING AND MONITORING",
	"COMPLIANCE VALIDATION",
	"RESILIENCE",
	"SECURITY BEST PRACTICES",
	"INFRASTRUCTURE SECURITY",
	"IDENTITY AND ACCESS MANAGEMENT",
	"CONFIGURATION AND VULNERABILITY ANALYSIS",
	"DATA PROTECTION",
}

AcceptedCategories is the list of all policy categories

View Source 
var (

	// ErrYamlFileEmpty is return when empty yaml file is being read.
	ErrYamlFileEmpty = fmt.Errorf("yaml file is empty")
)

Functions

func AddFileExtension added in v1.2.0 

func AddFileExtension(file, ext string) string

AddFileExtension returns full file name string after adding the extension to the filename

func AreEqualJSON added in v1.7.0 

func AreEqualJSON(s1, s2 string) (bool, error)

AreEqualJSON validate if two json strings are equal

func AreEqualJSONBytes added in v1.8.0 

func AreEqualJSONBytes(b1, b2 []byte) (bool, error)

AreEqualJSONBytes validate if two json byte arrays are equal

func CheckCategory added in v1.5.0 

func CheckCategory(ruleCategory string, desiredCategories []string) bool

CheckCategory validates if the category of policy rule is present in the list of specificed categories

func CheckPolicyType added in v1.7.0 

func CheckPolicyType(rulePolicyType string, desiredPolicyTypes []string) bool

CheckPolicyType checks if supplied policy type matches desired policy types

func CheckSeverity added in v1.4.0 

func CheckSeverity(ruleSeverity, desiredSeverity string) bool

CheckSeverity validates if the severity of policy rule is equal or above the desired severity

func CreateTempFile added in v1.5.0 

func CreateTempFile(content []byte, ext string) (*os.File, error)

CreateTempFile creates a file with provided contents in the temp directory

func EnsureUpperCaseTrimmed added in v1.4.0 

func EnsureUpperCaseTrimmed(s string) string

EnsureUpperCaseTrimmed make sure the string is in UPPERCASE and TRIMMED

func FilterFileInfoBySuffix 

func FilterFileInfoBySuffix(allFileList *[]os.FileInfo, filter []string) []*string

FilterFileInfoBySuffix Given a list of files, returns a subset of files containing a suffix which matches the input filter

func FilterHiddenDirectories added in v1.6.0 

func FilterHiddenDirectories(dirList []string, rootDir string) []string

FilterHiddenDirectories filters hidden directories from a list of directories TODO: filtering hidden directories on windows

func FindAllDirectories 

func FindAllDirectories(basePath string) ([]string, error)

FindAllDirectories Walks the file path and returns a list of all directories within

func FindFilesBySuffix added in v1.1.0 

func FindFilesBySuffix(basePath string, suffixes []string) (map[string][]*string, error)

FindFilesBySuffix finds all files within a given directory that have the specified suffixes Returns a map with keys as directories and values as a list of files

func FindFilesBySuffixInDir added in v1.2.0 

func FindFilesBySuffixInDir(basePath string, suffixes []string) ([]*string, error)

FindFilesBySuffixInDir finds all the immediate files within a given directory that have the specified suffixes IT DOES NOT LOOK INTO ANY SUBDIRECTORY. JUST A SINGLE LEVEL FILE SEARCH. Returns an array for string pointers as a list of files

func GenRandomString added in v1.2.0 

func GenRandomString(length int) string

GenRandomString creates and returns a random string of provided length

func GenerateTempDir added in v1.6.0 

func GenerateTempDir() string

GenerateTempDir generates a temporary directory

func GetAbsPath 

func GetAbsPath(path string) (string, error)

GetAbsPath returns absolute path from passed file path resolving even ~ to user home dir and any other such symbols that are only shell expanded can also be handled here

func GetAbsPolicyConfigPaths added in v1.5.0 

func GetAbsPolicyConfigPaths(policyBasePath, policyRepoPath string) (string, string, error)

GetAbsPolicyConfigPaths tranforms the provided policy base path and repo path into absolute paths

func GetFileMode added in v1.8.0 

func GetFileMode(path string) *os.FileMode

GetFileMode fetches the filemode from a file path

func GetFileURI added in v1.13.0 

func GetFileURI(path string) (string, error)

GetFileURI returns the rfc3986 format file uri from a path string https://tools.ietf.org/html/rfc3986 always use / and for windows it starts three ///

func GetHomeDir added in v1.4.0 

func GetHomeDir() (terrascanDir string)

GetHomeDir returns the home directory path

func GetMinMaxSeverity added in v1.7.0 

func GetMinMaxSeverity(body string) (minSeverity string, maxSeverity string)

GetMinMaxSeverity returns the min and max severity to be applied to resources. can be set in terraform resource config with the following patterns #ts:minseverity = "High" --> any violation for this resource will be high #ts:maxseverity = "None" --> any violation for this resource will be ignored only one value will be considered

func GetSkipRules added in v1.3.0 

func GetSkipRules(body string) []output.SkipRule

GetSkipRules returns a list of rules to be skipped. The rules to be skipped can be set in terraform resource config with the following pattern: #ts:skip=AWS.S3Bucket.DS.High.1043 #ts:skip=AWS.S3Bucket.DS.High.1044 reason to skip the rule each rule and its optional comment must be in a new line

func IsDirExists added in v1.7.0 

func IsDirExists(dir string) bool

IsDirExists checks wether the provided directory exists or not

func IsSliceEqual added in v1.4.0 

func IsSliceEqual(list1, list2 []string) bool

IsSliceEqual checks if two slices of string are equal or not

func IsWindowsPlatform added in v1.5.0 

func IsWindowsPlatform() bool

IsWindowsPlatform checks if os is windows

func JQFilterWithQuery added in v1.4.0 

func JQFilterWithQuery(jqQuery string, jsonInput []byte) ([]byte, error)

JQFilterWithQuery runs jq query on the given input and returns the output

func MaxSeverityApplicable added in v1.7.0 

func MaxSeverityApplicable(ruleSeverity, maxSeverity string) bool

MaxSeverityApplicable verifies if the severity of policy rule need to be changed to the maximum severity level

func MinSeverityApplicable added in v1.7.0 

func MinSeverityApplicable(ruleSeverity, minSeverity string) bool

MinSeverityApplicable verifies if the severity of policy rule need to be changed to the minimum severity level

func PrintJSON 

func PrintJSON(data interface{}, writer io.Writer)

PrintJSON prints data in JSON format

func ReadSkipRulesFromMap added in v1.7.0 

func ReadSkipRulesFromMap(skipRulesMap map[string]interface{}, resourceID string) []output.SkipRule

ReadSkipRulesFromMap returns a list of rules to be skipped. The rules to be skipped can be set in annotations for kubernetes manifests and Resource Metadata in AWS cft: k8s: metadata: 

annotations:
  runterrascan.io/skip: |
    [{"rule": "accurics.kubernetes.IAM.109", "comment": "reason to skip the rule"}]

cft: Resource: 

myResource:
  Metadata:
    runterrascan.io/skip: |
      [{"rule": "AC_AWS_047", "comment": "reason to skip the rule"}]

cft json: 

"Resource":{
  "myResource":{
    "Metadata":{
       "runterrascan.io/skip": "[{\"rule\":\"AWS.CloudFormation.Medium.0603\"}]"
    }
  }
}

each rule and its optional comment must be a string containing an json array like [{rule: ruleID, comment: reason for skipping}]

func ReadYamlFile added in v1.2.0 

func ReadYamlFile(path string) (map[string]interface{}, error)

ReadYamlFile reads a yaml file and load content in a map[string]interface{} type

func ReplaceCarriageReturnBytes added in v1.5.0 

func ReplaceCarriageReturnBytes(input []byte) []byte

ReplaceCarriageReturnBytes replaces windows new lines characters in a string

func ReplaceWinNewLineBytes added in v1.5.0 

func ReplaceWinNewLineBytes(input []byte) []byte

ReplaceWinNewLineBytes replaces windows new lines with unix new lines in a byte slice

func ReplaceWinNewLineString added in v1.5.0 

func ReplaceWinNewLineString(input string) string

ReplaceWinNewLineString replaces windows new lines with unix new lines in a string

func ValidateCategoryInput added in v1.5.0 

func ValidateCategoryInput(categories []string) (bool, []string)

ValidateCategoryInput validates input for --category flag

func ValidateSeverityInput added in v1.4.0 

func ValidateSeverityInput(severity string) bool

ValidateSeverityInput validates input for --severity flag

func WrapError 

func WrapError(err, allErrs error) error

WrapError wraps given err with allErrs and returns a unified error

Types

type IacDocument added in v1.1.0 

type IacDocument struct {
	Type      string
	StartLine int
	EndLine   int
	FilePath  string
	Data      []byte
}

IacDocument contains raw IaC file data and other metadata for a given file

func LoadJSON added in v1.1.0 

func LoadJSON(filePath string) ([]*IacDocument, error)

LoadJSON loads a JSON file into an IacDocument struct

func LoadYAML added in v1.1.0 

func LoadYAML(filePath string) ([]*IacDocument, error)

LoadYAML loads a YAML file. Can return one or more IaC Documents. Besides reading in file data, its main purpose is to determine and store line number and filename metadata

func LoadYAMLString added in v1.2.0 

func LoadYAMLString(data, absFilePath string) ([]*IacDocument, error)

LoadYAMLString loads a YAML String. Can return one or more IaC Documents. Besides reading in file data, its main purpose is to determine and store line number and filename metadata

func ScanIacDocumentsFromYaml added in v1.2.0 

func ScanIacDocumentsFromYaml(scanner *bufio.Scanner, byteArray []byte, filePath string) ([]*IacDocument, error)

ScanIacDocumentsFromYaml provides one or more IaC Documents. Besides reading in file data, its main purpose is to determine and store line number and filename metadata

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.