Documentation
¶
Overview ¶
Package plugin collects the common code used by extractor and detector plugins.
Index ¶
Constants ¶
const OSUnknown = OSAny
OSUnknown is only used when specifying Capabilities. Specifies that the OS is not known and so only plugins that require OSAny should be run.
Variables ¶
This section is empty.
Functions ¶
func ValidateRequirements ¶ added in v0.1.3
func ValidateRequirements(p Plugin, capabs *Capabilities) error
ValidateRequirements checks that the specified scanning capabilities satisfy the requirements of a given plugin.
Types ¶
type Capabilities ¶ added in v0.1.3
type Capabilities struct {
// A specific OS type a Plugin needs to be run on.
OS OS
// Whether network access is provided.
Network Network
// Whether the scanned artifacts can be access through direct filesystem calls.
// True on hosts where the scan target is mounted onto the host's filesystem directly.
// In these cases the plugin can open direct file paths with e.g. os.Open(path).
// False if the artifact is not on the host but accessed through an abstract FS interface
// (e.g. scanning a remote container image). In these cases the plugin must use the FS interface
// to access the filesystem.
DirectFS bool
// Whether the scanner is scanning the real running system it's on. Examples where this is not the case:
// * We're scanning a virtual filesystem unrelated to the host where SCALIBR is running.
// * We're scanning a real filesystem of e.g. a container image that's mounted somewhere on disk.
RunningSystem bool
// Whether the filesystem extractor plugin requires scanning directories in addition to files.
// TODO(b/400910349): This doesn't quite fit into Capabilities so this should be moved into a
// separate Filesystem Extractor specific function.
ExtractFromDirs bool
}
Capabilities lists capabilities that the scanning environment provides for the plugins. A plugin can't be enabled if it has more requirements than what the scanning environment provides.
type Network ¶ added in v0.1.7
type Network int
Network is the network access of the scanner or the network requirements of a plugin.
type OS ¶ added in v0.1.3
type OS int
OS is the OS the scanner is running on, or a specific OS type a Plugin needs to be run on.
const ( // OSAny is used only when specifying Plugin requirements. // Specifies that the plugin expects to be compatible with any OS, // and so should be fine to run even if OS is unknown. OSAny OS = iota OSLinux OS = iota OSWindows OS = iota OSMac OS = iota // OSUnix is used only when specifying Plugin requirements. // Specifies that the plugin needs to be run either on Linux or Mac. OSUnix OS = iota )
OS values
type Plugin ¶
type Plugin interface {
// A unique name used to identify this plugin.
Name() string
// Plugin version, should get bumped whenever major changes are made.
Version() int
// Requirements about the scanning environment, e.g. "needs to have network access".
Requirements() *Capabilities
}
Plugin is the part of the plugin interface that's shared between extractors and detectors.
func FilterByCapabilities ¶ added in v0.3.1
func FilterByCapabilities(pls []Plugin, capabs *Capabilities) []Plugin
FilterByCapabilities returns all plugins from the given list that can run under the specified capabilities (OS, direct filesystem access, network access, etc.) of the scanning environment.
type ScanStatus ¶
type ScanStatus struct {
Status ScanStatusEnum
FailureReason string
}
ScanStatus is the status of a scan run. In case the scan fails, FailureReason contains details.
func (*ScanStatus) String ¶
func (s *ScanStatus) String() string
String returns a string representation of the scan status.
type ScanStatusEnum ¶
type ScanStatusEnum int
ScanStatusEnum is the enum for the scan status.
const ( ScanStatusUnspecified ScanStatusEnum = iota ScanStatusSucceeded ScanStatusPartiallySucceeded ScanStatusFailed )
ScanStatusEnum values.
type Status ¶
type Status struct {
Name string
Version int
Status *ScanStatus
}
Status contains the status and version of the plugins that ran.
Source Files
Directories