projects

package
v0.9.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 23, 2023 License: BSD-3-Clause Imports: 23 Imported by: 9

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetCodeContext 

func GetCodeContext(codeBaseDir string, cnt common.CodeContext) (out string)

func LoadHistoricalScores 

func LoadHistoricalScores(projID string, pm ProjectManager) map[string]float32

func MigrateYAMLWorkspace 

func MigrateYAMLWorkspace(spm *simpleProjectManager)

utility to migate YAML format workspace

func RetrieveCommitsToBeScanned 

func RetrieveCommitsToBeScanned(projectID, scanID string, pm ProjectManager, progressMonitor func(diagnostics.Progress)) map[string]ScannedCommit

retrieve the git commits (HEAD) of the repositories about to be scanned. repoLocation -> scannedCommit

func UpdatePolicy 

func UpdatePolicy(exclude diagnostics.ExcludeRequirement, pm ProjectManager) (result diagnostics.PolicyUpdateResult)

func UpdateScanHistoryAtEndOfScan 

func UpdateScanHistoryAtEndOfScan(pSum *ProjectSummary, scannedCommits map[string]ScannedCommit, scanID string, scanSummary *ScanSummary, pm ProjectManager)

Types

type IssueFilter 

type IssueFilter struct {
	Confidence []string //high, med, low, info
	Tags       []string //test, prod
}

func (IssueFilter) Filter added in v0.8.6 

func (filter IssueFilter) Filter(in []*diagnostics.SecurityDiagnostic) (out []*diagnostics.SecurityDiagnostic)

type Model 

type Model struct {
	Grade                            string
	Chart                            string                                       `yaml:"-" json:"-"`
	CriticalCount                    int                                          `json:"criticalCount" yaml:"criticalCount"`
	HighCount                        int                                          `json:"highCount" yaml:"highCount"`
	MediumCount                      int                                          `json:"mediumCount" yaml:"mediumCount"`
	LowCount                         int                                          `json:"lowCount" yaml:"lowCount"`
	InformationalCount               int                                          `json:"informationalCount" yaml:"informationalCount"`
	ProductionConfidentialFilesCount int                                          `json:"productionConfidentialFilesCount" yaml:"productionConfidentialFilesCount"`
	FileCount                        int                                          `json:"fileCount" yaml:"fileCount"`
	SkippedCount                     int                                          `json:"skippedCount" yaml:"skippedCount"`
	IssuesPerType                    int                                          `json:"issuesPerType" yaml:"issuesPerType"`
	AveragePerFile                   float32                                      `json:"averagePerFile" yaml:"averagePerFile"`
	Issues                           []*diagnostics.SecurityDiagnostic            `yaml:"-" json:"-"`
	TimeStamp                        string                                       `json:"timeStamp" yaml:"timeStamp"`
	ShowSource                       bool                                         `json:"showSource" yaml:"showSource"`
	ReusedSecretsCount               int                                          `json:"reusedSecretsCount" yaml:"reusedSecretsCount"`
	NumberOfSecretsReuse             int                                          `json:"numberOfSecretsReuse" yaml:"numberOfSecretsReuse"`
	ReusedSecrets                    map[string][]*diagnostics.SecurityDiagnostic `yaml:"-" json:"-"`
	ProdAndNonProdSecretReuse        []ReusedSecret                               `json:"prodAndNonProdSecretReuse" yaml:"prodAndNonProdSecretReuse"`
	ProductionSecretsCount           int                                          `json:"prodSecretsCount" yaml:"prodSecretsCount"`
	CriticalProdUsedInNonProdCount   int                                          `yaml:"criticalProdUsedInNonProdCount" json:"criticalProdUsedInNonProdCount"`
	HighProdUsedInNonProdCount       int                                          `yaml:"highProdUsedInNonProdCount" json:"highProdUsedInNonProdCount"`
	MediumProdUsedInNonProdCount     int                                          `yaml:"mediumProdUsedInNonProdCount" json:"mediumProdUsedInNonProdCount"`
	LowProdUsedInNonProdCount        int                                          `yaml:"lowProdUsedInNonProdCount" json:"lowProdUsedInNonProdCount"`
	InfoProdUsedInNonProdCount       int                                          `yaml:"infoProdUsedInNonProdCount" json:"infoProdUsedInNonProdCount"`
	CriticalSensitiveFileCount       int                                          `yaml:"criticalSensitiveFileCount" json:"criticalSensitiveFileCount"`
	HighSensitiveFileCount           int                                          `yaml:"highSensitiveFileCount" json:"highSensitiveFileCount"`
	MediumSensitiveFileCount         int                                          `yaml:"mediumSensitiveFileCount" json:"mediumSensitiveFileCount"`
	LowSensitiveFileCount            int                                          `yaml:"lowSensitiveFileCount" json:"lowSensitiveFileCount"`
	InfoSensitiveFileCount           int                                          `yaml:"infoSensitiveFileCount" json:"infoSensitiveFileCount"`
	NonProdSensitiveFileCount        int                                          `yaml:"nonProdSensitiveFileCount" json:"nonProdSensitiveFileCount"`
	SecretReuseCountBuckets          []int                                        `yaml:"secretReuseCountBuckets" json:"secretReuseCountBuckets"`
}

Model models the generated report

func GenerateModel 

func GenerateModel(fileCount int, showSource bool, issues []*diagnostics.SecurityDiagnostic) *Model

func MergeModels added in v0.7.7 

func MergeModels(timestamp string, models ...*Model) *Model

func (*Model) Summarise 

func (m *Model) Summarise() *ScanSummary

Summarise converts model to a ScanSummary, attaching the model to AdditionalInfo

type ModelCounts 

type ModelCounts struct {
	CriticalCount                    int     `json:"criticalCount" yaml:"criticalCount"`
	HighCount                        int     `json:"highCount" yaml:"highCount"`
	MediumCount                      int     `json:"mediumCount" yaml:"mediumCount"`
	LowCount                         int     `json:"lowCount" yaml:"lowCount"`
	InformationalCount               int     `json:"informationalCount" yaml:"informationalCount"`
	ProductionConfidentialFilesCount int     `json:"productionConfidentialFilesCount" yaml:"productionConfidentialFilesCount"`
	FileCount                        int     `json:"fileCount" yaml:"fileCount"`
	SkippedCount                     int     `json:"skippedCount" yaml:"skippedCount"`
	IssuesPerType                    int     `json:"issuesPerType" yaml:"issuesPerType"`
	AveragePerFile                   float32 `json:"averagePerFile" yaml:"averagePerFile"`
	ReusedSecretsCount               int     `json:"reusedSecretsCount" yaml:"reusedSecretsCount"`
	NumberOfSecretsReuse             int     `json:"numberOfSecretsReuse" yaml:"numberOfSecretsReuse"`
	CriticalProdUsedInNonProdCount   int     `yaml:"criticalProdUsedInNonProdCount" json:"criticalProdUsedInNonProdCount"`
	HighProdUsedInNonProdCount       int     `yaml:"highProdUsedInNonProdCount" json:"highProdUsedInNonProdCount"`
	MediumProdUsedInNonProdCount     int     `yaml:"mediumProdUsedInNonProdCount" json:"mediumProdUsedInNonProdCount"`
	LowProdUsedInNonProdCount        int     `yaml:"lowProdUsedInNonProdCount" json:"lowProdUsedInNonProdCount"`
	InfoProdUsedInNonProdCount       int     `yaml:"infoProdUsedInNonProdCount" json:"infoProdUsedInNonProdCount"`
	CriticalSensitiveFileCount       int     `yaml:"criticalSensitiveFileCount" json:"criticalSensitiveFileCount"`
	HighSensitiveFileCount           int     `yaml:"highSensitiveFileCount" json:"highSensitiveFileCount"`
	MediumSensitiveFileCount         int     `yaml:"mediumSensitiveFileCount" json:"mediumSensitiveFileCount"`
	LowSensitiveFileCount            int     `yaml:"lowSensitiveFileCount" json:"lowSensitiveFileCount"`
	InfoSensitiveFileCount           int     `yaml:"infoSensitiveFileCount" json:"infoSensitiveFileCount"`
	ProductionSecretsCount           int     `json:"prodSecretsCount" yaml:"prodSecretsCount"`
	NonProdSensitiveFileCount        int     `yaml:"nonProdSensitiveFileCount" json:"nonProdSensitiveFileCount"`
	SecretReuseCountBuckets          []int   `yaml:"secretReuseCountBuckets" json:"secretReuseCountBuckets"`
}

type PagedResult 

type PagedResult struct {
	Total       int
	Page        int
	Diagnostics []*diagnostics.SecurityDiagnostic
}

func PageIssues 

func PageIssues(paginated PaginatedIssueSearch, results []*diagnostics.SecurityDiagnostic) *PagedResult

type PaginatedIssueSearch 

type PaginatedIssueSearch struct {
	ProjectID string
	ScanID    string
	PageSize  int
	Page      int
	Filter    IssueFilter
}

type Project 

type Project struct {
	ID                   string       `yaml:"ID"`                   //unique
	Name                 string       `yaml:"Name"`                 //human-friendly
	Workspace            string       `yaml:"Workspace"`            //Used to group related projects
	DeleteCheckedOutCode bool         `yaml:"DeleteCheckedOutCode"` //whether to delete code checked out after scan is complete
	Repositories         []Repository `yaml:"Repositories,omitempty"`
	ScanIDs              []string     `yaml:"ScanIDs"`
	ScanPolicy           ScanPolicy   `yaml:"ScanPolicy"`
}

func ProjectFromDescription 

func ProjectFromDescription(projectDescription ProjectDescription) Project

type ProjectDescription 

type ProjectDescription struct {
	Name         string       `yaml:"Name"` //human-friendly
	Repositories []Repository `yaml:"Repositories,omitempty"`
	Workspace    string       `yaml:"Workspace"` //Used to group related projects
	ScanPolicy   ScanPolicy   `yaml:"ScanPolicy"`
}

ProjectDescription used to create new/update projects

type ProjectDescriptionWire 

type ProjectDescriptionWire struct {
	Name         string         `yaml:"Name"` //human-friendly
	Repositories []Repository   `yaml:"Repositories,omitempty"`
	Workspace    string         `yaml:"Workspace"` //Used to group related projects
	ScanPolicy   ScanPolicyWire `yaml:"ScanPolicy"`
}

ProjectDescriptionWire used to create new/update projects (wire representation)

func (ProjectDescriptionWire) ToProjectDescription 

func (desc ProjectDescriptionWire) ToProjectDescription() (ProjectDescription, error)

type ProjectManager 

type ProjectManager interface {
	GetWorkspaces() (*Workspace, error)
	SaveWorkspaces(*Workspace) error
	SaveProjectSummary(*ProjectSummary) error
	ListProjectSummaries() []*ProjectSummary
	GetProjectSummary(projectID string) (*ProjectSummary, error)
	GetProject(id string) (Project, error)
	DeleteProject(id string) error
	GetScanConfig(projectID, scanID string) (*ScanPolicy, error)
	GetScanResults(projectID, scanID string) ([]*diagnostics.SecurityDiagnostic, error)
	GetScanResultSummary(projectID, scanID string) (ScanSummary, error)
	// SummariseScanResults(projectID, scanID string, summariser func(projectID, scanID string, issues []*diagnostics.SecurityDiagnostic) *ScanSummary) error
	RunScan(ctx context.Context, projectID string, scanPolicy ScanPolicy, scanner SecurityScanner,
		scanIDCallback func(string), repoStatusChecker RepositoryStatusChecker,
		progressMonitor func(diagnostics.Progress),
		summariser ScanSummariser, wsSummariser WorkspaceSummariser,
		consumers ...diagnostics.SecurityDiagnosticsConsumer)

	CreateProject(projectDescription ProjectDescription) (*Project, error)
	UpdateProject(projectID string, projectDescription ProjectDescription,
		wsSummariser WorkspaceSummariser) (*Project, error)
	GetIssues(paginated PaginatedIssueSearch) (*PagedResult, error)
	RemediateIssue(exclude diagnostics.ExcludeRequirement) diagnostics.PolicyUpdateResult
	GetCodeContext(cnt common.CodeContext) string
	GetProjectLocation(projID string) string
	GetGitConfigManager() (gitutils.GitConfigManager, error)
	//CheckMate base directory
	GetBaseDir() string
	//Base directory for code checkout
	GetCodeBaseDir() string
	//Release resources if necessary
	Close() error
}

func MakeSimpleProjectManager 

func MakeSimpleProjectManager(checkMateBaseDir string) ProjectManager

type ProjectSummary 

type ProjectSummary struct {
	ID           string       `yaml:"ID" json:"ID"`
	Name         string       `yaml:"Name" json:"Name"`
	Workspace    string       `yaml:"Workspace" json:"Workspace"` //Used to group related projects
	Repositories []Repository `yaml:"Repositories,omitempty" json:"Repositories,omitempty"`
	//From RepoLocation -> branch -> RepoHistory
	ScanAndCommitHistories map[string]map[string]RepositoryHistory `yaml:"ScanAndCommitHistories,omitempty" json:"ScanAndCommitHistories,omitempty"`
	LastScanID             string                                  `yaml:"LastScanID" json:"LastScanID"`
	ScanIDs                []string                                `yaml:"ScanIDs" json:"ScanIDs"`
	ScanPolicy             ScanPolicy                              `yaml:"ScanPolicy" json:"ScanPolicy"`
	ScoreTrend             map[string]float32                      `yaml:"ScoreTrend,omitempty" json:"ScoreTrend,omitempty"` // use this to record arbitrary numeric scores, even time series of trends etc.
	LastScanSummary        ScanSummary                             `yaml:"LastScanSummary" json:"LastScanSummary"`
	LastScore              Score                                   `yaml:"LastScore" json:"LastScore"`
	IsBeingScanned         bool                                    `yaml:"IsBeingScanned" json:"IsBeingScanned"`
	CreationDate           time.Time                               `yaml:"CreationDate" json:"CreationDate"`
	LastModification       time.Time                               `yaml:"LastModification" json:"LastModification"`
	LastScan               time.Time                               `yaml:"LastScan" json:"LastScan"`
}

func (ProjectSummary) CSVHeaders 

func (ps ProjectSummary) CSVHeaders() []string

func (*ProjectSummary) CSVValues 

func (ps *ProjectSummary) CSVValues() []string

func (*ProjectSummary) GetCommitsByBranch 

func (ps *ProjectSummary) GetCommitsByBranch(location string) map[string][]gitutils.Commit

func (ProjectSummary) GetLastCommitByBranch 

func (ps ProjectSummary) GetLastCommitByBranch(location string) map[string][]gitutils.Commit

func (*ProjectSummary) GetScansByBranch 

func (ps *ProjectSummary) GetScansByBranch(location string) map[string][]gitutils.Commit

func (*ProjectSummary) MarshalJSON 

func (ps *ProjectSummary) MarshalJSON() ([]byte, error)

func (ProjectSummary) ToProject 

func (p ProjectSummary) ToProject() Project

type ProjectSummarySlice 

type ProjectSummarySlice []*ProjectSummary

func (ProjectSummarySlice) Len 

func (t ProjectSummarySlice) Len() int

func (ProjectSummarySlice) Less 

func (t ProjectSummarySlice) Less(i, j int) bool

func (ProjectSummarySlice) Swap 

func (t ProjectSummarySlice) Swap(i, j int)

type Repository 

type Repository struct {
	Location     string `yaml:"Location"`
	LocationType string `yaml:"LocationType"` //filesystem, git, svn etc.
	GitServiceID string `yaml:"GitServiceID"` /*if this repository is from a "private" on-prem instance,
	the service ID is used to locate the instance and associated API keys etc*/
	Monitor    bool                    `yaml:"Monitor"`              //If this repository is continuously monitored for changes
	Attributes *map[string]interface{} `yaml:"Attributes,omitempty"` //track any additional metadata about the repo, e.g. "archived"
}

func (Repository) GetCodeLocation 

func (repo Repository) GetCodeLocation(pm ProjectManager, projectID string) string

func (Repository) IsFileSystem 

func (repo Repository) IsFileSystem() bool

func (Repository) IsGit 

func (repo Repository) IsGit() bool

type RepositoryHistory 

type RepositoryHistory struct {
	Repository      Repository
	ScanHistories   []ScanHistory
	CommitHistories []gitutils.Commit
}

Scan and Commit history of a repository branch

type RepositoryStatusChecker added in v0.9.2 

type RepositoryStatusChecker func(context.Context, ProjectManager, *Repository) (*Repository, error)

Intended to be used to check the status of a Git repository, such as "Archived", just before checkout Results are stored in the Attributes map of the returned repository

type ReusedSecret 

type ReusedSecret struct {
	Secret                 string
	ProductionLocations    []SecretLocation `json:"productionLocations"`
	NonProductionLocations []SecretLocation `json:"nonProductionLocations"`
}

type Scan 

type Scan struct {
	ID         string
	Score      Score
	Start, End time.Time
	Issues     []diagnostics.SecurityDiagnostic
	Policy     ScanPolicy
}

type ScanHistory 

type ScanHistory struct {
	Time   time.Time
	ScanID string
	Commit gitutils.Commit
}

type ScanPolicy 

type ScanPolicy struct {
	ID           string                        `yaml:"ID"`
	Policy       diagnostics.ExcludeDefinition `yaml:"Policy,omitempty"`
	PolicyString string                        `yaml:"-"`
	Config       map[string]interface{}        //indexes to scan configurations, use the key "secrets" for secret finder
}

func (ScanPolicy) MarshalJSON 

func (sp ScanPolicy) MarshalJSON() ([]byte, error)

type ScanPolicyWire 

type ScanPolicyWire struct {
	ID           string `yaml:"ID"`
	Policy       string `yaml:"Policy,omitempty"`
	PolicyString string
	Config       map[string]interface{} //indexes to scan configurations, key secrets for secret finder
}

type ScanSummariser 

type ScanSummariser func(projectID, scanID string, issues []*diagnostics.SecurityDiagnostic) *ScanSummary

type ScanSummary 

type ScanSummary struct {
	Score          Score
	CommitHash     string
	AdditionalInfo *Model
}

type ScannedCommit 

type ScannedCommit struct {
	Repository string
	Commit     gitutils.Commit
}

type Score 

type Score struct {
	Grade      string             // A+ -> F
	Metric     float32            //100% -> 0%
	TimeStamp  time.Time          //when the scan was completed
	SubMetrics map[string]float32 // use this to record arbitrary numeric scores, even time series of trends etc.
}

type SecretLocation 

type SecretLocation struct {
	Location       string
	HighlightRange code.Range `json:"highLightRange"`
}

type SecurityScanner 

type SecurityScanner interface {
	//runs a scan over a project, with a specific scanID, project manager provides infrastructure for interrogating
	//the project such as code repositories or locations, a prorgress callback provides indication of how the scan is progressing
	//and consumers receive the results of scan
	Scan(ctx context.Context, projectID string, scanID string, pm ProjectManager, repoStatusChecker RepositoryStatusChecker,
		callback func(diagnostics.Progress), consumers ...diagnostics.SecurityDiagnosticsConsumer)
}

type Workspace 

type Workspace struct {
	Details map[string]*WorkspaceDetail `json:"Details" yaml:"Details"`
}

func SimpleWorkspaceSummariser 

func SimpleWorkspaceSummariser(pm ProjectManager, workspacesToUpdate []string) (*Workspace, error)

func (*Workspace) RemoveProjectSummary 

func (wss *Workspace) RemoveProjectSummary(ps *ProjectSummary, pm ProjectManager) error

func (*Workspace) SetProjectSummary 

func (wss *Workspace) SetProjectSummary(ps *ProjectSummary, pm ProjectManager)

type WorkspaceDetail 

type WorkspaceDetail struct {
	Summary          *ScanSummary      `json:"Summary" yaml:"Summary"`
	ProjectSummaries []*ProjectSummary `json:"ProjectSummaries" yaml:"ProjectSummaries"`
}

type WorkspaceSummariser 

type WorkspaceSummariser func(pm ProjectManager, workspacesToUpdate []string) (*Workspace, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.