detector

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 23, 2025 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Overview

Package detector provides the interface for security-related detection plugins.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Advisory 

type Advisory struct {
	// A unique ID for the finding.
	ID   *AdvisoryID
	Type TypeEnum
	// Title, short description and recommendation steps for the finding. Users should be able to rely
	// on these fields to understand the vulnerability and remediate it.
	// Title of the finding, e.g. "CVE-2024-1234 - RCE Vulnerability on Foo".
	Title string
	// Description of the finding, e.g. "Foo prior to version 1.2.3 is affected by a Remote Code
	// Execution vulnerability.".
	Description string
	// Recommendation for how to remediate the finding, e.g. "Upgrade Foo to version 1.2.4 or
	// higher.".
	Recommendation string
	Sev            *Severity
}

Advisory describes a security finding and how to remediate it. It should not contain any information specific to the target (e.g. which files were found vulnerable).

type AdvisoryID 

type AdvisoryID struct {
	Publisher string // e.g. "CVE".
	Reference string // e.g. "CVE-2023-1234".
}

AdvisoryID is a unique identifier per advisory.

type CVSS 

type CVSS struct {
	BaseScore          float32
	TemporalScore      float32
	EnvironmentalScore float32
}

CVSS contains the CVSS scores for the finding.

type Detector 

type Detector interface {
	plugin.Plugin
	// RequiredExtractors returns a list of Extractors that need to be enabled for this
	// Detector to run.
	RequiredExtractors() []string
	// Scan performs the security scan, considering scanRoot to be the root directory.
	// Implementations may use PackageIndex to check if a relevant software package is installed and
	// terminate early if it's not.
	Scan(c context.Context, scanRoot *scalibrfs.ScanRoot, px *packageindex.PackageIndex) ([]*Finding, error)
}

Detector is the interface for a security detector plugin, used to scan for security findings such as vulnerabilities.

type Finding 

type Finding struct {
	// Info specific to the finding. Should always be the same for the same type of finding.
	Adv *Advisory
	// Instance-specific info such as location of the vulnerable files.
	Target *TargetDetails
	// Additional free-text info.
	Extra string
	// The name of the Detectors that found this finding. Set by the core library.
	Detectors []string
}

Finding is the security finding found by a detector. It could describe things like a CVE or a CIS non-compliance. TODO(b/400910349): Move from detector into a separate package such as inventory.

func Run 

func Run(ctx context.Context, c stats.Collector, detectors []Detector, scanRoot *scalibrfs.ScanRoot, index *packageindex.PackageIndex) ([]*Finding, []*plugin.Status, error)

Run runs the specified detectors and returns their findings, as well as info about whether the plugin runs completed successfully.

type Severity 

type Severity struct {
	// Required severity enum. Can be used for e.g. prioritizing filed bugs.
	Severity SeverityEnum
	// Optional CVSS scores, only set for vulns with CVEs.
	CVSSV2 *CVSS
	CVSSV3 *CVSS
}

Severity of the vulnerability.

type SeverityEnum 

type SeverityEnum int

SeverityEnum is an enum-based representation of the finding's severity. Some findings don't have a CVE associated so we use this enum instead to signal the urgency of the remediation. 

const (
	SeverityUnspecified SeverityEnum = iota
	SeverityMinimal
	SeverityLow
	SeverityMedium
	SeverityHigh
	SeverityCritical
)

SeverityEnum values.

type TargetDetails 

type TargetDetails struct {
	// The software affected by the finding. Taken from the Package extraction results.
	Package *extractor.Package
	// Location of vulnerable files not related to the package,
	// e.g. config files with misconfigurations.
	Location []string
}

TargetDetails contains instance-specific details about the security finding.

type TypeEnum 

type TypeEnum int

TypeEnum describes what kind of security finding this is. For now the only type is "Vulnerability". 

const (
	TypeUnknown TypeEnum = iota
	TypeVulnerability
	TypeCISFinding
)

TypeEnum values.

Source Files

View all Source files

Directories

Path Synopsis
cis
generic_linux/etcpasswdpermissions
Package etcpasswdpermissions implements a detector for the "Ensure permissions on /etc/passwd- are configured" CIS check.
 Package etcpasswdpermissions implements a detector for the "Ensure permissions on /etc/passwd- are configured" CIS check.
cve
untested/cve202011978
Package cve202011978 implements a detector for CVE-2020-11978.
 Package cve202011978 implements a detector for CVE-2020-11978.
untested/cve202016846
Package cve202016846 implements a detector for CVE-2020-16846.
 Package cve202016846 implements a detector for CVE-2020-16846.
untested/cve202233891
Package cve202233891 implements a detector for CVE-2022-33891.
 Package cve202233891 implements a detector for CVE-2022-33891.
untested/cve202338408
Package cve202338408 implements a detector for CVE-2023-38408.
 Package cve202338408 implements a detector for CVE-2023-38408.
untested/cve20236019
Package cve20236019 implements a SCALIBR Detector for CVE-2023-6019 To test, install a vulnerable Ray version: python3 -m pip install ray==2.6.3 Start the Ray dashboard: python3 -c "import ray; context = ray.init(); print(context)" Run the detector
 Package cve20236019 implements a SCALIBR Detector for CVE-2023-6019 To test, install a vulnerable Ray version: python3 -m pip install ray==2.6.3 Start the Ray dashboard: python3 -c "import ray; context = ray.init(); print(context)" Run the detector
untested/cve20242912
Package cve20242912 implements a detector for CVE-2024-2912.
 Package cve20242912 implements a detector for CVE-2024-2912.
govulncheck
binary
Package binary implements a detector that uses govulncheck to scan for vulns on Go binaries found on the filesystem.
 Package binary implements a detector that uses govulncheck to scan for vulns on Go binaries found on the filesystem.
Package list provides a public list of SCALIBR-internal detection plugins.
 Package list provides a public list of SCALIBR-internal detection plugins.
weakcredentials
codeserver
Package codeserver contains a detector for weak credentials in Code-Server https://github.com/coder/code-server/.
 Package codeserver contains a detector for weak credentials in Code-Server https://github.com/coder/code-server/.
etcshadow
Package etcshadow implements a detector for weak/guessable passwords stored in /etc/shadow.
 Package etcshadow implements a detector for weak/guessable passwords stored in /etc/shadow.
filebrowser
Package filebrowser implements a detector for weak/guessable passwords on a filebrowser instance.
 Package filebrowser implements a detector for weak/guessable passwords on a filebrowser instance.
winlocal
Package winlocal implements a weak passwords detector for local accounts on Windows.
 Package winlocal implements a weak passwords detector for local accounts on Windows.
winlocal/samreg
Package samreg provides a wrapper around the SAM registry.
 Package samreg provides a wrapper around the SAM registry.
winlocal/systemreg
Package systemreg provides a wrapper around the SYSTEM registry.
 Package systemreg provides a wrapper around the SYSTEM registry.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.