model

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 23, 2026 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

* Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. * * This product includes software developed at Datadog (https://www.datadoghq.com) Copyright 2024 Datadog, Inc.

* Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. * * This product includes software developed at Datadog (https://www.datadoghq.com) Copyright 2024 Datadog, Inc.

* Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. * * This product includes software developed at Datadog (https://www.datadoghq.com) Copyright 2024 Datadog, Inc.

* Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. * * This product includes software developed at Datadog (https://www.datadoghq.com) Copyright 2024 Datadog, Inc.

* Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. * * This product includes software developed at Datadog (https://www.datadoghq.com) Copyright 2024 Datadog, Inc.

* Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. * * This product includes software developed at Datadog (https://www.datadoghq.com) Copyright 2024 Datadog, Inc.

Index

Constants

View Source 
const (
	SeverityCritical = "CRITICAL"
	SeverityHigh     = "HIGH"
	SeverityMedium   = "MEDIUM"
	SeverityLow      = "LOW"
	SeverityInfo     = "INFO"
	SeverityTrace    = "TRACE"
)

Constants to describe vulnerability's severity

Variables

View Source 
var (
	AllSeverities = []Severity{
		SeverityCritical,
		SeverityHigh,
		SeverityMedium,
		SeverityLow,
		SeverityInfo,
		SeverityTrace,
	}

	AllIssueTypesAsString = []string{
		string(IssueTypeMissingAttribute),
		string(IssueTypeRedundantAttribute),
		string(IssueTypeIncorrectValue),
	}
)

Arrays to group all constants of one type

View Source 
var (
	// KICSCommentRgxp is the regexp to identify if a comment is a KICS comment
	KICSCommentRgxp = regexp.MustCompile(`(^|\n)((/{2})|#|;)*\s*dd-iac-scan\s*`)
	// KICSGetContentCommentRgxp to gets the kics comment on the hel case
	KICSGetContentCommentRgxp = regexp.MustCompile(`(^|\n)((/{2})|#|;)*\s*dd-iac-scan([^\n]*)\n`)
	// KICSCommentRgxpYaml is the regexp to identify if the comment has KICS comment at the end of the comment in YAML
	KICSCommentRgxpYaml = regexp.MustCompile(`((/{2})|#)*\s*dd-iac-scan\s*(ignore-line|ignore-block)\s*\n*$`)
)

Functions

func Range 

func Range(start, end int) (lines []int)

Range returns a slice of lines between the start and end line numbers.

func RemoveDuplicates 

func RemoveDuplicates(lines []int) []int

RemoveDuplicates removes duplicate lines from a slice of lines.

Types

type AnalyzedPaths 

type AnalyzedPaths struct {
	Types       []string
	Exc         []string
	ExpectedLOC int
}

AnalyzedPaths is a slice of types and excluded files obtained from the Analyzer

type ArtifactChange 

type ArtifactChange struct {
	ArtifactLocation ArtifactLocation `json:"artifactLocation"`
	Replacements     []FixReplacement `json:"replacements"`
}

type ArtifactLocation 

type ArtifactLocation struct {
	URI string `json:"uri"`
}

type CodeLine 

type CodeLine struct {
	Position int
	Line     string
}

CodeLine is the lines containing and adjacent to the vulnerability line with their respective positions

type CommentCommand 

type CommentCommand string

CommentCommand represents a command given from a comment 

const (
	IgnoreLine    CommentCommand = "ignore-line"
	IgnoreBlock   CommentCommand = "ignore-block"
	IgnoreComment CommentCommand = "ignore-comment"
)

Constants to describe commands given from comments

func ProcessCommands 

func ProcessCommands(commands []string) CommentCommand

ProcessCommands processes a slice of commands.

type CommentsCommands 

type CommentsCommands map[string]string

CommentsCommands list of commands on a file that will be parsed

type Counters 

type Counters struct {
	ScannedFiles           int `json:"files_scanned"`
	ScannedFilesLines      int `json:"lines_scanned"`
	ParsedFiles            int `json:"files_parsed"`
	ParsedFilesLines       int `json:"lines_parsed"`
	IgnoredFilesLines      int `json:"lines_ignored"`
	FailedToScanFiles      int `json:"files_failed_to_scan"`
	TotalQueries           int `json:"queries_total"`
	FailedToExecuteQueries int `json:"queries_failed_to_execute"`
	FailedSimilarityID     int `json:"queries_failed_to_compute_similarity_id"`
	FoundResources         int `json:"resources_found"`
}

Counters hold information about how many files were scanned, parsed, failed to be scaned, the total of queries and how many queries failed to execute

type DiffAware 

type DiffAware struct {
	Enabled      bool   `json:"enabled"`
	ConfigDigest string `json:"config_digest"`
	BaseSha      string `json:"base_sha"`
	Files        string `json:"files"`
}

DiffAware contains the necessary information to be able to perform a diff between two reports

type Document 

type Document map[string]interface{}

Document

func (*Document) UnmarshalYAML 

func (m *Document) UnmarshalYAML(ctx context.Context, value *yaml.Node, ignore *Ignore) error

UnmarshalYAML is a custom yaml parser that places line information in the payload

type Documents 

type Documents struct {
	Documents []Document `json:"document"`
}

Documents

type Extensions 

type Extensions map[string]struct{}

Extensions represents a list of supported extensions

func (Extensions) Include 

func (e Extensions) Include(ext string) bool

Include returns true if an extension is included in supported extensions listed otherwise returns false

func (Extensions) MatchedFilesRegex 

func (e Extensions) MatchedFilesRegex() string

MatchedFilesRegex returns the regex rule to identify if an extension is supported or not

type ExtractedPathObject 

type ExtractedPathObject struct {
	Path      string
	LocalPath bool
}

ExtractedPathObject is the struct that contains the path location of extracted source and a boolean to check if it is a local source

type FileKind 

type FileKind string

FileKind is the extension of a file 

const (
	KindTerraform FileKind = "TF"
	KindBICEP     FileKind = "BICEP"
	KindDOCKER    FileKind = "DOCKER"
	KindJSON      FileKind = "JSON"
	KindYAML      FileKind = "YAML"
	KindYML       FileKind = "YML"
	KindPROTO     FileKind = "PROTO"
	KindCOMMON    FileKind = "*"
	KindHELM      FileKind = "HELM"
	KindBUILDAH   FileKind = "SH"
	KindCFG       FileKind = "CFG"
	KindINI       FileKind = "INI"
)

Constants to describe what kind of file refers

type FileMetadata 

type FileMetadata struct {
	ID                string `db:"id"`
	ScanID            string `db:"scan_id"`
	Document          Document
	LineInfoDocument  map[string]interface{}
	OriginalData      string   `db:"orig_data"`
	Kind              FileKind `db:"kind"`
	FilePath          string   `db:"file_path"`
	HelmID            string
	IDInfo            map[int]interface{}
	Commands          CommentsCommands
	LinesIgnore       []int
	ResolvedFiles     map[string]ResolvedFile
	LinesOriginalData *[]string
	IsMinified        bool
}

FileMetadata is a representation of basic information and content of a file

type FileMetadatas 

type FileMetadatas []*FileMetadata

FileMetadatas is a slice of FileMetadata pointers

func (FileMetadatas) Combine 

func (m FileMetadatas) Combine(ctx context.Context, lineInfo bool) Documents

Combine merge documents from FileMetadatas using the ID as reference for Document ID and FileName as reference for file

func (FileMetadatas) ToMap 

func (m FileMetadatas) ToMap() map[string]*FileMetadata

ToMap creates a map of FileMetadatas, which the key is the FileMetadata ID and the value is a pointer to the FileMetadata

type FixContent 

type FixContent struct {
	Text string `json:"text"`
}

type FixMessage 

type FixMessage struct {
	Text string `json:"text"`
}

type FixReplacement 

type FixReplacement struct {
	DeletedRegion   SarifRegion `json:"deletedRegion"`
	InsertedContent FixContent  `json:"insertedContent,omitempty"`
}

type Framework 

type Framework struct {
	Framework        string `json:"framework"`
	FrameworkVersion string `json:"framework_version"`
	Requirement      string `json:"requirement"`
	Control          string `json:"control"`
}

Framework represents a framework mapping for a query

type Ignore 

type Ignore struct {
	// Lines is the lines to ignore
	Lines []int
}

Ignore is a struct that holds the lines to ignore

func (*Ignore) GetLines 

func (i *Ignore) GetLines() []int

GetLines returns the lines to ignore

type IssueType 

type IssueType string

IssueType is the issue's type string representation 

const (
	IssueTypeMissingAttribute   IssueType = "MissingAttribute"
	IssueTypeRedundantAttribute IssueType = "RedundantAttribute"
	IssueTypeIncorrectValue     IssueType = "IncorrectValue"
)

Constants to describe issue's type

type LineObject 

type LineObject struct {
	Line int                      `json:"_kics_line"`
	Arr  []map[string]*LineObject `json:"_kics_arr,omitempty"`
}

LineObject is the struct that will hold line information for each key

type PathParameters 

type PathParameters struct {
	ScannedPaths      []string
	PathExtractionMap map[string]ExtractedPathObject
}

PathParameters - structure wraps the required fields for temporary path translation

type QueryConfig 

type QueryConfig struct {
	FileKind []FileKind
	Platform string
}

QueryConfig is a struct that contains the fileKind and platform of the rego query

type QueryMetadata 

type QueryMetadata struct {
	InputData string
	Query     string
	Content   string
	Metadata  map[string]interface{}
	Platform  string
	CWE       string
	// special field for generic queries
	// represents how many queries are aggregated into a single rego file
	Aggregation  int
	Experimental bool
}

QueryMetadata is a representation of general information about a query

type QueryResult 

type QueryResult struct {
	QueryName                   string           `json:"query_name"`
	QueryID                     string           `json:"query_id"`
	QueryURI                    string           `json:"query_url"`
	Severity                    Severity         `json:"severity"`
	Platform                    string           `json:"platform"`
	CWE                         string           `json:"cwe,omitempty"`
	CloudProvider               string           `json:"cloud_provider,omitempty"`
	Category                    string           `json:"category"`
	Experimental                bool             `json:"experimental"`
	Description                 string           `json:"description"`
	DescriptionID               string           `json:"description_id"`
	CISDescriptionIDFormatted   string           `json:"cis_description_id,omitempty"`
	CISDescriptionTitle         string           `json:"cis_description_title,omitempty"`
	CISDescriptionTextFormatted string           `json:"cis_description_text,omitempty"`
	CISDescriptionID            string           `json:"cis_description_id_raw,omitempty"`
	CISDescriptionText          string           `json:"cis_description_text_raw,omitempty"`
	CISRationaleText            string           `json:"cis_description_rationale,omitempty"`
	CISBenchmarkName            string           `json:"cis_benchmark_name,omitempty"`
	CISBenchmarkVersion         string           `json:"cis_benchmark_version,omitempty"`
	Frameworks                  []Framework      `json:"frameworks,omitempty"`
	Files                       []VulnerableFile `json:"files"`
}

QueryResult contains a query that tested positive ID, name, severity and a list of files that tested vulnerable

type QueryResultSlice 

type QueryResultSlice []QueryResult

QueryResultSlice is a slice of QueryResult

type RepositoryCommitInfo 

type RepositoryCommitInfo struct {
	RepositoryUrl string `json:"repository_url,omitempty"`
	Branch        string `json:"branch,omitempty"`
	CommitSHA     string `json:"sha,omitempty"`
}

type ResolvedFile 

type ResolvedFile struct {
	Path         string
	Content      []byte
	LinesContent *[]string
}

ResolvedFile is a struct that contains the information of a resolved file, the path and the content in bytes of the file

type ResolvedFileSplit 

type ResolvedFileSplit struct {
	Path  string
	Lines []string
}

ResolvedFileSplit is a struct that contains the information of a resolved file, the path and the lines of the file

type ResolvedFiles 

type ResolvedFiles struct {
	File     []ResolvedHelm
	Excluded []string
}

ResolvedFiles keeps the information of all file/template resolved

type ResolvedHelm 

type ResolvedHelm struct {
	FileName     string
	Content      []byte
	OriginalData []byte
	SplitID      string
	IDInfo       map[int]interface{}
}

ResolvedHelm keeps the information of a file/template resolved

type ResourceLine 

type ResourceLine struct {
	Col  int
	Line int
}

ResourceLine is the line information of the resource with their respective positions

type ResourceLocation 

type ResourceLocation struct {
	Start ResourceLine
	End   ResourceLine
}

ResourceLocation is the line information of the resource with their respective start and end positions

type SCIInfo 

type SCIInfo struct {
	DiffAware            DiffAware
	RepositoryDir        string
	RepositoryCommitInfo RepositoryCommitInfo `json:"repository_commit_info"`
	OrgId                int64                `json:"org_id"`
}

type SarifFix 

type SarifFix struct {
	ArtifactChanges []ArtifactChange `json:"artifactChanges"`
	Description     FixMessage       `json:"description"`
}

type SarifRegion 

type SarifRegion struct {
	StartLine   int `json:"startLine"`
	EndLine     int `json:"endLine"`
	StartColumn int `json:"startColumn"`
	EndColumn   int `json:"endColumn"`
}

type SarifResourceLocation 

type SarifResourceLocation struct {
	Line int `json:"line"`
	Col  int `json:"col"`
}

type Severity 

type Severity string

Severity of the vulnerability

type SeveritySummary 

type SeveritySummary struct {
	ScanID            string           `json:"scan_id"`
	SeverityCounters  map[Severity]int `json:"severity_counters"`
	TotalCounter      int              `json:"total_counter"`
	TotalBOMResources int              `json:"total_bom_resources"`
}

SeveritySummary contains scans' result numbers, how many vulnerabilities of each severity was detected

type Summary 

type Summary struct {
	Version string `json:"kics_version,omitempty"`
	Counters
	SeveritySummary
	Times
	ScannedPaths []string          `json:"paths"`
	Queries      QueryResultSlice  `json:"queries"`
	Bom          QueryResultSlice  `json:"bill_of_materials,omitempty"`
	FilePaths    map[string]string `json:"-"`
}

Summary is a report of a single scan

func CreateSummary 

func CreateSummary(ctx context.Context, counters Counters, vulnerabilities []Vulnerability,
	scanID string, pathExtractionMap map[string]ExtractedPathObject, repoDir string) Summary

CreateSummary creates a report for a single scan, based on its scanID

type Times 

type Times struct {
	Start time.Time `json:"start"`
	End   time.Time `json:"end"`
}

Times represents an object that contains the start and end time of the scan

type Vulnerability 

type Vulnerability struct {
	ID                    int              `json:"id"`
	ScanID                string           `db:"scan_id" json:"-"`
	SimilarityID          string           `db:"similarity_id" json:"similarityID"`
	OldSimilarityID       string           `db:"old_similarity_id" json:"oldSimilarityID"`
	FileID                string           `db:"file_id" json:"-"`
	FileName              string           `db:"file_name" json:"fileName"`
	QueryID               string           `db:"query_id" json:"queryID"`
	QueryName             string           `db:"query_name" json:"queryName"`
	QueryURI              string           `json:"-"`
	Category              string           `json:"category"`
	Experimental          bool             `json:"experimental"`
	Description           string           `json:"description"`
	DescriptionID         string           `json:"descriptionID"`
	Platform              string           `db:"platform" json:"platform"`
	CWE                   string           `db:"cwe" json:"cwe"`
	Severity              Severity         `json:"severity"`
	Line                  int              `json:"line"`
	VulnerabilityLocation ResourceLocation `json:"resourceLocation"`
	VulnLines             *[]CodeLine      `json:"vulnLines"`
	ResourceType          string           `db:"resource_type" json:"resourceType"`
	ResourceName          string           `db:"resource_name" json:"resourceName"`
	IssueType             IssueType        `db:"issue_type" json:"issueType"`
	SearchKey             string           `db:"search_key" json:"searchKey"`
	SearchLine            int              `db:"search_line" json:"searchLine"`
	SearchValue           string           `db:"search_value" json:"searchValue"`
	KeyExpectedValue      string           `db:"key_expected_value" json:"expectedValue"`
	KeyActualValue        string           `db:"key_actual_value" json:"actualValue"`
	Value                 *string          `db:"value" json:"value"`
	Output                string           `json:"-"`
	CloudProvider         string           `json:"cloud_provider"`
	Remediation           string           `db:"remediation" json:"remediation"`
	RemediationType       string           `db:"remediation_type" json:"remediation_type"`
	RemediationLocation   ResourceLocation `json:"remediationLocation"`
	QueryDuration         time.Duration    `json:"query_duration"`
	LineWithVulnerability string           `json:"lineWithVulnerability"`
	ResourceSource        string           `json:"resourceSource"`
	FileSource            []string         `json:"fileSource"`
	BlockLocation         ResourceLocation `json:"blockLocation"`
	Frameworks            []Framework      `json:"frameworks,omitempty"`
}

Vulnerability is a representation of a detected vulnerability in scanned files after running a query

type VulnerabilityLines 

type VulnerabilityLines struct {
	Line                   int
	VulnLines              *[]CodeLine
	LineWithVulnerability  string
	ResolvedFile           string
	VulnerablilityLocation ResourceLocation
	RemediationLocation    ResourceLocation
	ResourceSource         string
	FileSource             []string
	BlockLocation          ResourceLocation
}

VulnerabilityLines is the representation of the found line for issue

type VulnerableFile 

type VulnerableFile struct {
	FileName              string           `json:"file_name"`
	SimilarityID          string           `json:"similarity_id"`
	OldSimilarityID       string           `json:"old_similarity_id,omitempty"`
	Line                  int              `json:"line"`
	ResourceLocation      ResourceLocation `json:"resource_location"`
	VulnLines             *[]CodeLine      `json:"-"`
	ResourceType          string           `json:"resource_type,omitempty"`
	ResourceName          string           `json:"resource_name,omitempty"`
	IssueType             IssueType        `json:"issue_type"`
	SearchKey             string           `json:"search_key"`
	SearchLine            int              `json:"search_line"`
	SearchValue           string           `json:"search_value"`
	KeyExpectedValue      string           `json:"expected_value"`
	KeyActualValue        string           `json:"actual_value"`
	Value                 *string          `json:"value,omitempty"`
	Remediation           string           `json:"remediation,omitempty"`
	RemediationType       string           `json:"remediation_type,omitempty"`
	RemediationLocation   ResourceLocation `json:"remediation_location,omitempty"`
	LineWithVulnerability string           `json:"line_content,omitempty"`
	ResourceSource        string           `json:"resource_source,omitempty"`
	FileSource            []string         `json:"file_source,omitempty"`
	BlockLocation         ResourceLocation `json:"block_location,omitempty"`
}

VulnerableFile contains information of a vulnerable file and where the vulnerability was found

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.