GO-2026-4490: NeuVector scanner insecurely handles passwords as command arguments in github.com/neuvector/scanner

cvetools

package

v0.0.0-test Latest Latest Go to latest Published: Dec 11, 2024 License: Apache-2.0 Imports: 31 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/neuvector/scanner

Links

Open Source Insights

Documentation ¶

Index ¶

func DownloadRemoteImage(ctx context.Context, rc *scan.RegClient, name, imgPath string, layers []string, ...) (map[string]*LayerRecord, share.ScanErrorCode)
type CacheVersion
type CacherData
type ImageLayerCacher
- func InitImageLayerCacher(cacheFile, lockFile, cachePath string, maxRecordSize int64) (*ImageLayerCacher, error)
type LayerFiles
type LayerRecord
type ScanTools
- func NewScanTools(rtSock string, sys *system.SystemTools, layerCacher *ImageLayerCacher, ...) *ScanTools
type SecretPermLogs
type SignatureData
type SortBy
- func (by SortBy) Sort(vulnerabilities []vulnerabilityInfo)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DownloadRemoteImage ¶

func DownloadRemoteImage(ctx context.Context, rc *scan.RegClient, name, imgPath string, layers []string, sizes map[string]int64, cacher *ImageLayerCacher) (map[string]*LayerRecord, share.ScanErrorCode)

Types ¶

type CacheVersion ¶

type CacheVersion struct {
	Version     int    `json:"version"`
	Description string `json:"description"`
}

type CacherData ¶

type CacherData struct {
	CacheRecordMap map[string]*cacheData `json:"cache_records,omitempty"`
	MissCnt        int64                 `json:"cache_misses,omitempty"`
	HitCnt         int64                 `json:"cache_hits,omitempty"`
	CurRecordSize  int64                 `json:"current_record_size"`
}

type ImageLayerCacher ¶

type ImageLayerCacher struct {
	// contains filtered or unexported fields
}

func InitImageLayerCacher ¶

func InitImageLayerCacher(cacheFile, lockFile, cachePath string, maxRecordSize int64) (*ImageLayerCacher, error)

//////

func (*ImageLayerCacher) GetIndexFile ¶

func (lc *ImageLayerCacher) GetIndexFile() []byte

func (*ImageLayerCacher) GetStat ¶

func (lc *ImageLayerCacher) GetStat() *share.ScanCacheStatRes

func (*ImageLayerCacher) InvaldateCache ¶

func (lc *ImageLayerCacher) InvaldateCache() bool

func (*ImageLayerCacher) LeaveLayerCacher ¶

func (lc *ImageLayerCacher) LeaveLayerCacher()

func (*ImageLayerCacher) ReadRecordCache ¶

func (lc *ImageLayerCacher) ReadRecordCache(id string, record interface{}) (string, error)

func (*ImageLayerCacher) RecordName ¶

func (lc *ImageLayerCacher) RecordName(id string, record interface{}) string

/////////////// Record caches ////////////////

func (*ImageLayerCacher) WriteRecordCache ¶

func (lc *ImageLayerCacher) WriteRecordCache(id string, record interface{}, keeper utils.Set) error

type LayerFiles ¶

type LayerFiles struct {
	Size int64
	Pkgs map[string][]byte
	Apps map[string][]scan.AppPackage
}

type LayerRecord ¶

type LayerRecord struct {
	Modules *LayerFiles     `json:"modules,omitempty"`
	Secrets *SecretPermLogs `json:"secret_logs,omitempty"`
	Files   []string        `json:"files,omitempty"`
	Removed []string        `json:"removed_file,omitempty"`
}

type ScanTools ¶

type ScanTools struct {
	common.CveDB
	RtSock    string
	SupportOs utils.Set

	LayerCacher *ImageLayerCacher
	// contains filtered or unexported fields
}

func NewScanTools ¶

func NewScanTools(rtSock string, sys *system.SystemTools, layerCacher *ImageLayerCacher, mFile string) *ScanTools

func (*ScanTools) DetectAppVul ¶

func (cv *ScanTools) DetectAppVul(path string, apps []detectors.AppFeatureVersion, namespace string) []vulFullReport

func (*ScanTools) GetLocalImageMeta ¶

func (s *ScanTools) GetLocalImageMeta(ctx context.Context, repository, tag string) (*container.ImageMeta, share.ScanErrorCode)

func (*ScanTools) LoadLocalImage ¶

func (s *ScanTools) LoadLocalImage(ctx context.Context, repository, tag, imgPath string, cacher *ImageLayerCacher) (
	map[string]*LayerRecord, *scan.ImageInfo, []string, share.ScanErrorCode)

func (*ScanTools) ScanAppPackage ¶

func (cv *ScanTools) ScanAppPackage(req *share.ScanAppRequest, namespace string) (*share.ScanResult, error)

ScanAppPackage helps scanning application packages

func (*ScanTools) ScanAwsLambda ¶

func (cv *ScanTools) ScanAwsLambda(req *share.ScanAwsLambdaRequest, imgPath string) (*share.ScanResult, error)

ScanAwsLambda helps the AWS Lambda scanning

func (*ScanTools) ScanImage ¶

func (cv *ScanTools) ScanImage(ctx context.Context, req *share.ScanImageRequest, imgPath string) (*share.ScanResult, error)

ScanImage helps the Image scanning

func (*ScanTools) ScanImageData ¶

func (cv *ScanTools) ScanImageData(data *share.ScanData) (*share.ScanResult, error)

type SecretPermLogs ¶

type SecretPermLogs struct {
	SecretLogs []share.CLUSSecretLog    `json:"secrets,omitempty"`
	SetidPerm  []share.CLUSSetIdPermLog `json:"set_ids,omitempty"`
}

type SignatureData ¶

type SignatureData struct {
	// The raw manifest JSON retrieved from the registry
	Manifest string `json:"Manifest"`

	// A collection of signature payloads referenced by the manifest to be verified.
	Payloads map[string]string `json:"Payloads"`
}

SignatureData represents signature image data retrieved from the registry to be used in verification.

type SortBy ¶

type SortBy func(v1, v2 vulnerabilityInfo) bool

func (SortBy) Sort ¶

func (by SortBy) Sort(vulnerabilities []vulnerabilityInfo)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL