Affected by GO-2025-3917 and 2 other vulnerabilities

GO-2025-3917: NeuVector has an insecure password storage vulnerable to rainbow attack in github.com/neuvector/neuvector

GO-2025-3918: NeuVector admin account has insecure default password in github.com/neuvector/neuvector

GO-2025-3919: NeuVector process with sensitive arguments lead to leakage in github.com/neuvector/neuvector

db

package

v0.0.0-test Latest Latest Go to latest Published: Dec 11, 2024 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/neuvector/neuvector

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func CeateSessionVulAssetTable(sessionToken string, memoryDb bool) error
func CreateImageAssetSession(allowed map[string]utils.Set, queryFilter *AssetQueryFilter) (int, []*api.AssetCVECount, error)
func CreateSessionAssetTable(sessionToken string, memoryDb bool) error
func CreateVulAssetDb(useLocal bool) error
func DeleteAssetByID(assetType string, assetid string) error
func DeleteBenchByID(assetID string) error
func DeleteQuerySessionByToken(queryToken string) error
func DupAssetSessionTableToFile(sessionToken string) error
func FillAssets(vul *api.RESTVulnerabilityAssetV2, assetMaps *AssetMaps)
func GetAllTableInMemoryDb() string
func GetExceededSessions(loginName, loginID string, loginType int) ([]string, error)
func GetImageAssetSession(queryFilter *AssetQueryFilter) ([]*api.RESTImageAssetViewV2, int, error)
func GetMatchedAssets(vulMap map[string]*DbVulAsset, assetsMap map[string][]string, ...) (*api.RESTAssetView, error)
func GetSessionMatchedVuls(allowed map[string]utils.Set, sessionToken string, LastModifiedTime int64) (map[string]*DbVulAsset, map[string][]string, error)
func GetTopAssets(allowed map[string]utils.Set, assetType string, topN int) ([]*api.AssetCVECount, error)
func GetVulAssetSessionV2(requesetQuery *VulQueryFilter) (*api.RESTVulnerabilityAssetDataV2, utils.Set, error)
func GetVulnerability(assetid string) ([]*share.ScanVulnerability, error)
func GetVulnerabilityModule(assetid string) ([]*share.ScanVulnerability, []*share.ScanModule, error)
func PopulateAssetVul(assetVul *DbAssetVul) error
func PopulateBenchData(bench *DbBench) error
func PopulateQueryStat(queryStat *QueryStat) (int, error)
func PopulateSessionToFile(sessionToken string, vulAssets []*DbVulAsset) error
func PopulateSessionVulAssets(sessionToken string, vulAssets []*DbVulAsset, memoryDb bool) error
func SetFillVulPackagesFunc(...)
func SetGetCVECountFunc(getImageCVECount func(string, string) (int, int, int, error))
func SetGetCVEListFunc(funcObj func([]byte, string) []string)
func SetGetCVERecordFunc(funcObj func(string, string, string) *DbVulAsset)
func UnzipModules(sb []byte) ([]*share.ScanModule, error)
func UnzipVuls(vulsb []byte) ([]*share.ScanVulnerability, error)
func UpdateAssetVul(assetVul *DbAssetVul) (int, error)
func UpdateBenchData(bench *DbBench) (int, error)
func UpdateHostContainers(id string, containers int) error
type AssetMaps
- func GetAssetsMeta(allAssets utils.Set) (*AssetMaps, error)
type AssetQueryFilter
- func GetAssetQuery(r *http.Request) (*AssetQueryFilter, error)
type BuildWhereClauseAllFunc
type BuildWhereClauseFunc
type DbAssetVul
- func GetAssetVulIDByAssetID(assetID string) (*DbAssetVul, error)
type DbBench
- func GetBenchData(assetID string) (*DbBench, error)
type DbCVESource
type DbVulAsset
- func FilterVulAssetsV2(allowed map[string]utils.Set, queryFilter *VulQueryFilter) ([]*DbVulAsset, int, []string, error)
type QueryStat
- func GetQueryStat(token string) (*QueryStat, error)
type ResourceType
type VulQueryFilter
- func GetVulnerabilityQuery(r *http.Request) (*VulQueryFilter, error)
- func (q *VulQueryFilter) GetAssestBasedFilters() map[string]int

Constants ¶

View Source

const (
	QueryStateType_Vul   = iota
	QueryStateType_Asset = iota
)

View Source

const (
	AssetImage    string = "image"
	AssetWorkload string = "workload"
	AssetPlatform string = "platform"
	AssetNode     string = "host"
)

View Source

const (
	AssetRuleDomain    = "domain"
	AssetRuleService   = "service"
	AssetRuleNode      = "node"
	AssetRuleContainer = "container"
	AssetRuleImage     = "image"
	AssetRulePlatform  = "platform"
)

View Source

const (
	Table_vulassets  = "vulassets"
	Table_assetvuls  = "assetvuls"
	Table_querystats = "querystats"
	Table_bench      = "bench"
)

View Source

const (
	COL_VULS    = 0x01
	COL_MODULES = 0x02
)

Variables ¶

This section is empty.

Functions ¶

func CeateSessionVulAssetTable ¶

func CeateSessionVulAssetTable(sessionToken string, memoryDb bool) error

func CreateImageAssetSession ¶

func CreateImageAssetSession(allowed map[string]utils.Set, queryFilter *AssetQueryFilter) (int, []*api.AssetCVECount, error)

func CreateSessionAssetTable ¶

func CreateSessionAssetTable(sessionToken string, memoryDb bool) error

func CreateVulAssetDb ¶

func CreateVulAssetDb(useLocal bool) error

func DeleteAssetByID ¶

func DeleteAssetByID(assetType string, assetid string) error

func DeleteBenchByID ¶

func DeleteBenchByID(assetID string) error

func DeleteQuerySessionByToken ¶

func DeleteQuerySessionByToken(queryToken string) error

func DupAssetSessionTableToFile ¶

func DupAssetSessionTableToFile(sessionToken string) error

func FillAssets ¶

func FillAssets(vul *api.RESTVulnerabilityAssetV2, assetMaps *AssetMaps)

func GetAllTableInMemoryDb ¶

func GetAllTableInMemoryDb() string

func GetExceededSessions ¶

func GetExceededSessions(loginName, loginID string, loginType int) ([]string, error)

func GetImageAssetSession ¶

func GetImageAssetSession(queryFilter *AssetQueryFilter) ([]*api.RESTImageAssetViewV2, int, error)

func GetMatchedAssets ¶

func GetMatchedAssets(vulMap map[string]*DbVulAsset, assetsMap map[string][]string, queryFilter *VulQueryFilter) (*api.RESTAssetView, error)

for REST[asset]AssetView, used in /v1/assetvul

func GetSessionMatchedVuls ¶

func GetSessionMatchedVuls(allowed map[string]utils.Set, sessionToken string, LastModifiedTime int64) (map[string]*DbVulAsset, map[string][]string, error)

func GetTopAssets ¶

func GetTopAssets(allowed map[string]utils.Set, assetType string, topN int) ([]*api.AssetCVECount, error)

func GetVulAssetSessionV2 ¶

func GetVulAssetSessionV2(requesetQuery *VulQueryFilter) (*api.RESTVulnerabilityAssetDataV2, utils.Set, error)

func GetVulnerability ¶

func GetVulnerability(assetid string) ([]*share.ScanVulnerability, error)

func GetVulnerabilityModule ¶

func GetVulnerabilityModule(assetid string) ([]*share.ScanVulnerability, []*share.ScanModule, error)

func PopulateAssetVul ¶

func PopulateAssetVul(assetVul *DbAssetVul) error

func PopulateBenchData ¶

func PopulateBenchData(bench *DbBench) error

func PopulateQueryStat ¶

func PopulateQueryStat(queryStat *QueryStat) (int, error)

func PopulateSessionToFile ¶

func PopulateSessionToFile(sessionToken string, vulAssets []*DbVulAsset) error

func PopulateSessionVulAssets ¶

func PopulateSessionVulAssets(sessionToken string, vulAssets []*DbVulAsset, memoryDb bool) error

func SetFillVulPackagesFunc ¶

func SetFillVulPackagesFunc(funcObj func(*sync.Mutex, map[string]map[string]utils.Set, []byte, string, *[]string, map[string]*int) error)

func SetGetCVECountFunc ¶

func SetGetCVECountFunc(getImageCVECount func(string, string) (int, int, int, error))

func SetGetCVEListFunc ¶

func SetGetCVEListFunc(funcObj func([]byte, string) []string)

func SetGetCVERecordFunc ¶

func SetGetCVERecordFunc(funcObj func(string, string, string) *DbVulAsset)

func UnzipModules ¶

func UnzipModules(sb []byte) ([]*share.ScanModule, error)

func UnzipVuls ¶

func UnzipVuls(vulsb []byte) ([]*share.ScanVulnerability, error)

func UpdateAssetVul ¶

func UpdateAssetVul(assetVul *DbAssetVul) (int, error)

func UpdateBenchData ¶

func UpdateBenchData(bench *DbBench) (int, error)

func UpdateHostContainers ¶

func UpdateHostContainers(id string, containers int) error

Types ¶

type AssetMaps ¶

type AssetMaps struct {
	// contains filtered or unexported fields
}

func GetAssetsMeta ¶

func GetAssetsMeta(allAssets utils.Set) (*AssetMaps, error)

for REST[asset]Asset, used for /v1/vulasset

type AssetQueryFilter ¶

type AssetQueryFilter struct {
	QueryToken string
	QueryStart int
	QueryCount int
	Debug      int
	Filters    *api.AssetQueryFilterViewModel
}

func GetAssetQuery ¶

func GetAssetQuery(r *http.Request) (*AssetQueryFilter, error)

type BuildWhereClauseAllFunc ¶

type BuildWhereClauseAllFunc func(queryFilter *api.VulQueryFilterViewModel) exp.ExpressionList

type BuildWhereClauseFunc ¶

type BuildWhereClauseFunc func(allowedID []string, queryFilter *api.VulQueryFilterViewModel) exp.ExpressionList

type DbAssetVul ¶

type DbAssetVul struct {
	Db_ID   int
	Type    string
	AssetID string
	Name    string

	W_domain         string
	W_applications   string
	Policy_mode      string
	W_service_group  string
	W_workload_image string

	CVE_critical int
	CVE_high     int
	CVE_medium   int
	CVE_low      int
	Vuls         []*share.ScanVulnerability
	Modules      []*share.ScanModule
	Scanned_at   string

	N_os         string
	N_kernel     string
	N_cpus       int
	N_memory     int64
	N_containers int

	P_version string
	P_base_os string

	I_repository_name string
	I_repository_url  string
	I_base_os         string
	I_size            int64
	I_created_at      string
	I_scanned_at      string
	I_digest          string
	I_images          string
	I_tag             string

	Idns string
}

func GetAssetVulIDByAssetID ¶

func GetAssetVulIDByAssetID(assetID string) (*DbAssetVul, error)

type DbBench ¶

type DbBench struct {
	Db_ID            int
	Type             string
	AssetID          string
	CustomBenchValue []byte
	DockerBenchValue []byte
	MasterBenchValue []byte
	WorkerBenchValue []byte
	SecretBenchValue []byte
	SetidBenchValue  []byte
}

func GetBenchData ¶

func GetBenchData(assetID string) (*DbBench, error)

type DbCVESource ¶

type DbCVESource struct {
	ResourceID string `json:"resource_id"`
	DbKey      string `json:"dbkey"`
	BaseOS     string `json:"baseos"`
}

type DbVulAsset ¶

type DbVulAsset struct {
	Db_ID       int
	Name        string
	Severity    string
	Description string
	Packages    string
	Link        string
	Score       int
	Vectors     string
	ScoreV3     int
	VectorsV3   string
	PublishedTS int64
	LastModTS   int64

	Workloads string
	Nodes     string
	Images    string
	Platforms string

	WorkloadItems []string
	NodeItems     []string
	ImageItems    []string
	PlatformItems []string

	CVESources string

	F_withFix int
	F_profile int

	DebugLog []string

	Skip         bool
	MeetSearch   bool // for static data which needs all data even not within search result
	DBKey        string
	ImpactWeight int
}

func FilterVulAssetsV2 ¶

func FilterVulAssetsV2(allowed map[string]utils.Set, queryFilter *VulQueryFilter) ([]*DbVulAsset, int, []string, error)

type QueryStat ¶

type QueryStat struct {
	Db_ID        int
	Token        string
	CreationTime int64
	LoginID      string // APIKey will be different for each request..
	LoginName    string
	LoginType    int // 0=JWTToken, 1=APIKey
	Data1        string
	Data2        string
	Data3        string
	FileDBReady  int
	Type         int // QueryStateType_Vul(0), QueryStateType_Asset(1)
}

func GetQueryStat ¶

func GetQueryStat(token string) (*QueryStat, error)

type ResourceType ¶

type ResourceType int

const (
	TypeWorkload ResourceType = iota
	TypeNode
	TypeImage
	TypePlatform
)

type VulQueryFilter ¶

type VulQueryFilter struct {
	QueryToken                     string
	QueryStart                     int
	QueryCount                     int
	Debug                          int
	PerfTest                       int
	ThreadCount                    int
	CreateDummyAsset_Enable        int
	CreateDummyAsset_CVE           int
	CreateDummyAsset_Asset         int
	CreateDummyAsset_CVE_per_asset int
	Filters                        *api.VulQueryFilterViewModel
}

func GetVulnerabilityQuery ¶

func GetVulnerabilityQuery(r *http.Request) (*VulQueryFilter, error)

func (*VulQueryFilter) GetAssestBasedFilters ¶

func (q *VulQueryFilter) GetAssestBasedFilters() map[string]int

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL