From aa9768e7750cc472b8af09863c8b8cb1b1173609 Mon Sep 17 00:00:00 2001 From: Simar Date: Fri, 5 Jan 2024 18:31:46 -0700 Subject: [PATCH 1/8] refactor(pkg): Prune transferred pkgs As part of https://github.com/aquasecurity/defsec/pull/1499 we've moved back some logic into defsec as it is shared. --- cmd/avd_generator/main.go | 6 +- cmd/avd_generator/main_test.go | 2 +- cmd/schema/main.go | 79 - go.mod | 6 +- go.sum | 2 - internal/rules/register.go | 134 - internal/rules/register_test.go | 139 - pkg/rego/build.go | 84 - pkg/rego/custom.go | 109 - pkg/rego/embed.go | 107 - pkg/rego/embed_test.go | 123 - pkg/rego/exceptions.go | 33 - pkg/rego/load.go | 210 - pkg/rego/load_test.go | 46 - pkg/rego/metadata.go | 380 - pkg/rego/metadata_test.go | 188 - pkg/rego/result.go | 166 - pkg/rego/result_test.go | 104 - pkg/rego/runtime.go | 28 - pkg/rego/scanner.go | 413 - pkg/rego/scanner_test.go | 978 --- pkg/rego/schemas/00_schema.go | 22 - pkg/rego/schemas/builder.go | 270 - pkg/rego/schemas/cloud.json | 6818 ----------------- pkg/rego/schemas/dockerfile.json | 70 - pkg/rego/schemas/kubernetes.json | 51 - pkg/rego/schemas/rbac.json | 51 - pkg/rego/schemas/schemas.go | 16 - pkg/rego/store.go | 48 - pkg/rego/testdata/policies/._sysfile.rego | 0 pkg/rego/testdata/policies/invalid.rego | 8 - pkg/rego/testdata/policies/valid.rego | 8 - pkg/rules/providers.go | 169 - pkg/rules/register.go | 25 - pkg/rules/rules.go | 82 - pkg/scanners/azure/arm/scanner.go | 4 +- pkg/scanners/cloudformation/scanner.go | 4 +- pkg/scanners/dockerfile/scanner.go | 2 +- pkg/scanners/dockerfile/scanner_test.go | 4 +- pkg/scanners/helm/scanner.go | 2 +- pkg/scanners/json/scanner.go | 2 +- pkg/scanners/kubernetes/scanner.go | 2 +- pkg/scanners/terraform/executor/executor.go | 6 +- .../terraform/executor/executor_test.go | 2 +- pkg/scanners/terraform/executor/option.go | 2 +- pkg/scanners/terraform/executor/pool.go | 4 +- pkg/scanners/terraform/scanner.go | 2 +- pkg/scanners/terraform/scanner_test.go | 2 +- pkg/scanners/toml/scanner.go | 2 +- pkg/scanners/yaml/scanner.go | 2 +- pkg/types/rule.go | 18 - test/count_test.go | 2 +- test/deterministic_test.go | 2 +- test/ignore_test.go | 2 +- test/json_test.go | 2 +- test/loader_test.go | 2 +- test/module_test.go | 2 +- test/performance_test.go | 2 +- test/rego_test.go | 4 +- test/rules_test.go | 2 +- test/wildcard_test.go | 2 +- 61 files changed, 41 insertions(+), 11016 deletions(-) delete mode 100644 cmd/schema/main.go delete mode 100755 internal/rules/register.go delete mode 100644 internal/rules/register_test.go delete mode 100644 pkg/rego/build.go delete mode 100644 pkg/rego/custom.go delete mode 100644 pkg/rego/embed.go delete mode 100644 pkg/rego/embed_test.go delete mode 100644 pkg/rego/exceptions.go delete mode 100644 pkg/rego/load.go delete mode 100644 pkg/rego/load_test.go delete mode 100644 pkg/rego/metadata.go delete mode 100644 pkg/rego/metadata_test.go delete mode 100644 pkg/rego/result.go delete mode 100644 pkg/rego/result_test.go delete mode 100644 pkg/rego/runtime.go delete mode 100644 pkg/rego/scanner.go delete mode 100644 pkg/rego/scanner_test.go delete mode 100644 pkg/rego/schemas/00_schema.go delete mode 100644 pkg/rego/schemas/builder.go delete mode 100644 pkg/rego/schemas/cloud.json delete mode 100644 pkg/rego/schemas/dockerfile.json delete mode 100644 pkg/rego/schemas/kubernetes.json delete mode 100644 pkg/rego/schemas/rbac.json delete mode 100644 pkg/rego/schemas/schemas.go delete mode 100644 pkg/rego/store.go delete mode 100644 pkg/rego/testdata/policies/._sysfile.rego delete mode 100644 pkg/rego/testdata/policies/invalid.rego delete mode 100644 pkg/rego/testdata/policies/valid.rego delete mode 100644 pkg/rules/providers.go delete mode 100644 pkg/rules/register.go delete mode 100644 pkg/rules/rules.go delete mode 100644 pkg/types/rule.go diff --git a/cmd/avd_generator/main.go b/cmd/avd_generator/main.go index a4d808d7..2e05dee8 100644 --- a/cmd/avd_generator/main.go +++ b/cmd/avd_generator/main.go @@ -14,9 +14,9 @@ import ( "github.com/aquasecurity/defsec/pkg/framework" "github.com/aquasecurity/trivy-policies/rules" - _ "github.com/aquasecurity/trivy-iac/pkg/rego" - registered "github.com/aquasecurity/trivy-iac/pkg/rules" - "github.com/aquasecurity/trivy-iac/pkg/types" + _ "github.com/aquasecurity/defsec/pkg/rego" + registered "github.com/aquasecurity/defsec/pkg/rules" + "github.com/aquasecurity/defsec/pkg/types" ) func main() { diff --git a/cmd/avd_generator/main_test.go b/cmd/avd_generator/main_test.go index 6687c0ba..545bbca6 100644 --- a/cmd/avd_generator/main_test.go +++ b/cmd/avd_generator/main_test.go @@ -12,7 +12,7 @@ import ( "github.com/stretchr/testify/require" "github.com/aquasecurity/defsec/pkg/framework" - registered "github.com/aquasecurity/trivy-iac/pkg/rules" + registered "github.com/aquasecurity/defsec/pkg/rules" ) func init() { // change the pwd for the test to top level defesc dir diff --git a/cmd/schema/main.go b/cmd/schema/main.go deleted file mode 100644 index 08553e3f..00000000 --- a/cmd/schema/main.go +++ /dev/null @@ -1,79 +0,0 @@ -package main - -import ( - "encoding/json" - "fmt" - "os" - - "github.com/spf13/cobra" - - "github.com/aquasecurity/trivy-iac/pkg/rego/schemas" -) - -// generate a json schema document for cloud rego input (state.State) - -const schemaPath = "pkg/rego/schemas/cloud.json" - -func main() { - if err := rootCmd.Execute(); err != nil { - _, _ = fmt.Fprintln(os.Stderr, err) - os.Exit(1) - } -} - -var rootCmd = &cobra.Command{ - Use: "schema", -} - -func init() { - rootCmd.AddCommand(generateCmd) - rootCmd.AddCommand(verifyCmd) -} - -var generateCmd = &cobra.Command{ - Use: "generate", - Short: "generate a json schema document for cloud rego input (state.State)", - RunE: func(cmd *cobra.Command, args []string) error { - cmd.SilenceErrors = true - cmd.SilenceUsage = true - schema, err := schemas.Build() - if err != nil { - return err - } - data, err := json.MarshalIndent(schema, "", " ") - if err != nil { - return err - } - if err := os.WriteFile(schemaPath, data, 0600); err != nil { - return err - } - fmt.Println("done") - return nil - }, -} - -var verifyCmd = &cobra.Command{ - Use: "verify", - Short: "verify that the schema is up to date", - RunE: func(cmd *cobra.Command, args []string) error { - cmd.SilenceErrors = true - cmd.SilenceUsage = true - schema, err := schemas.Build() - if err != nil { - return err - } - data, err := json.MarshalIndent(schema, "", " ") - if err != nil { - return err - } - existing, err := os.ReadFile(schemaPath) - if err != nil { - return err - } - if string(data) != string(existing) { - return fmt.Errorf("schema is out of date:\n\nplease run 'make schema' and commit the changes") - } - fmt.Println("schema is valid") - return nil - }, -} diff --git a/go.mod b/go.mod index e42852a0..faea6429 100644 --- a/go.mod +++ b/go.mod @@ -18,11 +18,9 @@ require ( github.com/liamg/jfather v0.0.7 github.com/liamg/memoryfs v1.6.0 github.com/mitchellh/go-homedir v1.1.0 - github.com/mitchellh/mapstructure v1.5.0 github.com/moby/buildkit v0.11.6 github.com/olekukonko/tablewriter v0.0.5 github.com/open-policy-agent/opa v0.58.0 - github.com/spf13/cobra v1.7.0 github.com/stretchr/testify v1.8.4 github.com/zclconf/go-cty v1.13.0 github.com/zclconf/go-cty-yaml v1.0.3 @@ -135,6 +133,7 @@ require ( github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-testing-interface v1.14.1 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect + github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/moby/locker v1.0.1 // indirect github.com/moby/spdystream v0.2.0 // indirect @@ -164,6 +163,7 @@ require ( github.com/sirupsen/logrus v1.9.3 // indirect github.com/skeema/knownhosts v1.2.1 // indirect github.com/spf13/cast v1.5.0 // indirect + github.com/spf13/cobra v1.7.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/tchap/go-patricia/v2 v2.3.1 // indirect github.com/ulikunitz/xz v0.5.10 // indirect @@ -218,3 +218,5 @@ require ( ) replace oras.land/oras-go => oras.land/oras-go v1.2.4-0.20230801060855-932dd06d38af + +replace github.com/aquasecurity/defsec => /Users/simarpreetsingh/repos/defsec diff --git a/go.sum b/go.sum index ee36a843..09431d6e 100644 --- a/go.sum +++ b/go.sum @@ -236,8 +236,6 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= -github.com/aquasecurity/defsec v0.93.2-0.20231208181342-318642ac6f08 h1:mjQvKTiKYXWGxHU5pw37q1n6deky0KcJq5JJwtuVrF4= -github.com/aquasecurity/defsec v0.93.2-0.20231208181342-318642ac6f08/go.mod h1:NBF6hvbQSc4s/WCHdKV5sNNxLl258M2OiIFoUfgEn/k= github.com/aquasecurity/trivy-policies v0.6.1-0.20231120231532-f6f2330bf842 h1:RnxM3eTcwPlA/WBwnmaEpeEk3WOCDcnz7yTIFxVL7us= github.com/aquasecurity/trivy-policies v0.6.1-0.20231120231532-f6f2330bf842/go.mod h1:BmEeSFgmBjo3avCli71736sy0veGcSUzGATupp1MCgA= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= diff --git a/internal/rules/register.go b/internal/rules/register.go deleted file mode 100755 index 4a60ab29..00000000 --- a/internal/rules/register.go +++ /dev/null @@ -1,134 +0,0 @@ -package rules - -import ( - "sync" - - "gopkg.in/yaml.v3" - - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/scan" - dftypes "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-policies/rules/specs" - - "github.com/aquasecurity/trivy-iac/pkg/types" -) - -type registry struct { - sync.RWMutex - index int - frameworks map[framework.Framework][]types.RegisteredRule -} - -var coreRegistry = registry{ - frameworks: make(map[framework.Framework][]types.RegisteredRule), -} - -func Reset() { - coreRegistry.Reset() -} - -func Register(rule scan.Rule) types.RegisteredRule { - return coreRegistry.register(rule) -} - -func Deregister(rule types.RegisteredRule) { - coreRegistry.deregister(rule) -} - -func (r *registry) register(rule scan.Rule) types.RegisteredRule { - r.Lock() - defer r.Unlock() - if len(rule.Frameworks) == 0 { - rule.Frameworks = map[framework.Framework][]string{framework.Default: nil} - } - registeredRule := types.RegisteredRule{ - Number: r.index, - Rule: rule, - } - r.index++ - for fw := range rule.Frameworks { - r.frameworks[fw] = append(r.frameworks[fw], registeredRule) - } - - r.frameworks[framework.ALL] = append(r.frameworks[framework.ALL], registeredRule) - - return registeredRule -} - -func (r *registry) deregister(rule types.RegisteredRule) { - r.Lock() - defer r.Unlock() - for fw := range r.frameworks { - for i, registered := range r.frameworks[fw] { - if registered.Number == rule.Number { - r.frameworks[fw] = append(r.frameworks[fw][:i], r.frameworks[fw][i+1:]...) - break - } - } - } -} - -func (r *registry) getFrameworkRules(fw ...framework.Framework) []types.RegisteredRule { - r.RLock() - defer r.RUnlock() - var registered []types.RegisteredRule - if len(fw) == 0 { - fw = []framework.Framework{framework.Default} - } - unique := make(map[int]struct{}) - for _, f := range fw { - for _, rule := range r.frameworks[f] { - if _, ok := unique[rule.Number]; ok { - continue - } - registered = append(registered, rule) - unique[rule.Number] = struct{}{} - } - } - return registered -} - -func (r *registry) getSpecRules(spec string) []types.RegisteredRule { - r.RLock() - defer r.RUnlock() - var specRules []types.RegisteredRule - - var complianceSpec dftypes.ComplianceSpec - specContent := specs.GetSpec(spec) - if err := yaml.Unmarshal([]byte(specContent), &complianceSpec); err != nil { - return nil - } - - registered := r.getFrameworkRules(framework.ALL) - for _, rule := range registered { - for _, csRule := range complianceSpec.Spec.Controls { - if len(csRule.Checks) > 0 { - for _, c := range csRule.Checks { - if rule.GetRule().AVDID == c.ID { - specRules = append(specRules, rule) - } - } - } - } - } - - return specRules -} - -func (r *registry) Reset() { - r.Lock() - defer r.Unlock() - r.frameworks = make(map[framework.Framework][]types.RegisteredRule) -} - -func GetFrameworkRules(fw ...framework.Framework) []types.RegisteredRule { - return coreRegistry.getFrameworkRules(fw...) -} - -func GetSpecRules(spec string) []types.RegisteredRule { - if len(spec) > 0 { - return coreRegistry.getSpecRules(spec) - } - - return GetFrameworkRules() -} diff --git a/internal/rules/register_test.go b/internal/rules/register_test.go deleted file mode 100644 index ff9c5033..00000000 --- a/internal/rules/register_test.go +++ /dev/null @@ -1,139 +0,0 @@ -package rules - -import ( - "fmt" - "testing" - - "github.com/stretchr/testify/require" - - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/stretchr/testify/assert" -) - -func Test_Reset(t *testing.T) { - rule := scan.Rule{} - _ = Register(rule) - assert.Equal(t, 1, len(GetFrameworkRules())) - Reset() - assert.Equal(t, 0, len(GetFrameworkRules())) -} - -func Test_Registration(t *testing.T) { - var tests = []struct { - name string - registeredFrameworks map[framework.Framework][]string - inputFrameworks []framework.Framework - expected bool - }{ - { - name: "rule without framework specified should be returned when no frameworks are requested", - expected: true, - }, - { - name: "rule without framework specified should not be returned when a specific framework is requested", - inputFrameworks: []framework.Framework{framework.CIS_AWS_1_2}, - expected: false, - }, - { - name: "rule without framework specified should be returned when the default framework is requested", - inputFrameworks: []framework.Framework{framework.Default}, - expected: true, - }, - { - name: "rule with default framework specified should be returned when the default framework is requested", - registeredFrameworks: map[framework.Framework][]string{framework.Default: {"1.1"}}, - inputFrameworks: []framework.Framework{framework.Default}, - expected: true, - }, - { - name: "rule with default framework specified should not be returned when a specific framework is requested", - registeredFrameworks: map[framework.Framework][]string{framework.Default: {"1.1"}}, - inputFrameworks: []framework.Framework{framework.CIS_AWS_1_2}, - expected: false, - }, - { - name: "rule with specific framework specified should not be returned when a default framework is requested", - registeredFrameworks: map[framework.Framework][]string{framework.CIS_AWS_1_2: {"1.1"}}, - inputFrameworks: []framework.Framework{framework.Default}, - expected: false, - }, - { - name: "rule with specific framework specified should be returned when the specific framework is requested", - registeredFrameworks: map[framework.Framework][]string{framework.CIS_AWS_1_2: {"1.1"}}, - inputFrameworks: []framework.Framework{framework.CIS_AWS_1_2}, - expected: true, - }, - { - name: "rule with multiple frameworks specified should be returned when the specific framework is requested", - registeredFrameworks: map[framework.Framework][]string{framework.CIS_AWS_1_2: {"1.1"}, "blah": {"1.2"}}, - inputFrameworks: []framework.Framework{framework.CIS_AWS_1_2}, - expected: true, - }, - { - name: "rule with multiple frameworks specified should be returned only once when multiple matching frameworks are requested", - registeredFrameworks: map[framework.Framework][]string{framework.CIS_AWS_1_2: {"1.1"}, "blah": {"1.2"}, "something": {"1.3"}}, - inputFrameworks: []framework.Framework{framework.CIS_AWS_1_2, "blah", "other"}, - expected: true, - }, - } - - for i, test := range tests { - t.Run(test.name, func(t *testing.T) { - Reset() - rule := scan.Rule{ - AVDID: fmt.Sprintf("%d-%s", i, test.name), - Frameworks: test.registeredFrameworks, - } - _ = Register(rule) - var found bool - for _, matchedRule := range GetFrameworkRules(test.inputFrameworks...) { - if matchedRule.GetRule().AVDID == rule.AVDID { - assert.False(t, found, "rule should not be returned more than once") - found = true - } - } - assert.Equal(t, test.expected, found, "rule should be returned if it matches any of the input frameworks") - }) - } -} - -func Test_Deregistration(t *testing.T) { - Reset() - registrationA := Register(scan.Rule{ - AVDID: "A", - }) - registrationB := Register(scan.Rule{ - AVDID: "B", - }) - assert.Equal(t, 2, len(GetFrameworkRules())) - Deregister(registrationA) - actual := GetFrameworkRules() - require.Equal(t, 1, len(actual)) - assert.Equal(t, "B", actual[0].GetRule().AVDID) - Deregister(registrationB) - assert.Equal(t, 0, len(GetFrameworkRules())) -} - -func Test_DeregistrationMultipleFrameworks(t *testing.T) { - Reset() - registrationA := Register(scan.Rule{ - AVDID: "A", - }) - registrationB := Register(scan.Rule{ - AVDID: "B", - Frameworks: map[framework.Framework][]string{ - "a": nil, - "b": nil, - "c": nil, - framework.Default: nil, - }, - }) - assert.Equal(t, 2, len(GetFrameworkRules())) - Deregister(registrationA) - actual := GetFrameworkRules() - require.Equal(t, 1, len(actual)) - assert.Equal(t, "B", actual[0].GetRule().AVDID) - Deregister(registrationB) - assert.Equal(t, 0, len(GetFrameworkRules())) -} diff --git a/pkg/rego/build.go b/pkg/rego/build.go deleted file mode 100644 index db20c04c..00000000 --- a/pkg/rego/build.go +++ /dev/null @@ -1,84 +0,0 @@ -package rego - -import ( - "io/fs" - "path/filepath" - "strings" - - "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-iac/pkg/rego/schemas" - "github.com/open-policy-agent/opa/ast" - "github.com/open-policy-agent/opa/util" -) - -func BuildSchemaSetFromPolicies(policies map[string]*ast.Module, paths []string, fsys fs.FS) (*ast.SchemaSet, bool, error) { - schemaSet := ast.NewSchemaSet() - schemaSet.Put(ast.MustParseRef("schema.input"), map[string]interface{}{}) // for backwards compat only - var customFound bool - for _, policy := range policies { - for _, annotation := range policy.Annotations { - for _, ss := range annotation.Schemas { - schemaName, err := ss.Schema.Ptr() - if err != nil { - continue - } - if schemaName != "input" { - if schema, ok := schemas.SchemaMap[types.Source(schemaName)]; ok { - customFound = true - schemaSet.Put(ast.MustParseRef(ss.Schema.String()), util.MustUnmarshalJSON([]byte(schema))) - } else { - b, err := findSchemaInFS(paths, fsys, schemaName) - if err != nil { - return schemaSet, true, err - } - if b != nil { - customFound = true - schemaSet.Put(ast.MustParseRef(ss.Schema.String()), util.MustUnmarshalJSON(b)) - } - } - } - } - } - } - - return schemaSet, customFound, nil -} - -// findSchemaInFS tries to find the schema anywhere in the specified FS -func findSchemaInFS(paths []string, srcFS fs.FS, schemaName string) ([]byte, error) { - var schema []byte - for _, path := range paths { - if err := fs.WalkDir(srcFS, sanitisePath(path), func(path string, info fs.DirEntry, err error) error { - if err != nil { - return err - } - if info.IsDir() { - return nil - } - if !IsJSONFile(info.Name()) { - return nil - } - if info.Name() == schemaName+".json" { - schema, err = fs.ReadFile(srcFS, filepath.ToSlash(path)) - if err != nil { - return err - } - return nil - } - return nil - }); err != nil { - return nil, err - } - } - return schema, nil -} - -func IsJSONFile(name string) bool { - return strings.HasSuffix(name, ".json") -} - -func sanitisePath(path string) string { - vol := filepath.VolumeName(path) - path = strings.TrimPrefix(path, vol) - return strings.TrimPrefix(strings.TrimPrefix(filepath.ToSlash(path), "./"), "/") -} diff --git a/pkg/rego/custom.go b/pkg/rego/custom.go deleted file mode 100644 index c15b05a4..00000000 --- a/pkg/rego/custom.go +++ /dev/null @@ -1,109 +0,0 @@ -package rego - -import ( - "github.com/open-policy-agent/opa/ast" - "github.com/open-policy-agent/opa/rego" - "github.com/open-policy-agent/opa/types" -) - -func init() { - rego.RegisterBuiltin2(®o.Function{ - Name: "result.new", - Decl: types.NewFunction(types.Args(types.S, types.A), types.A), - }, - createResult, - ) - - rego.RegisterBuiltin1(®o.Function{ - Name: "isManaged", - Decl: types.NewFunction(types.Args(types.A), types.B), - }, - func(c rego.BuiltinContext, resource *ast.Term) (*ast.Term, error) { - metadata, err := createResult(c, ast.StringTerm(""), resource) - if err != nil { - return nil, err - } - return metadata.Get(ast.StringTerm("managed")), nil - }, - ) -} - -func createResult(ctx rego.BuiltinContext, msg, cause *ast.Term) (*ast.Term, error) { - - metadata := map[string]*ast.Term{ - "startline": ast.IntNumberTerm(0), - "endline": ast.IntNumberTerm(0), - "sourceprefix": ast.StringTerm(""), - "filepath": ast.StringTerm(""), - "explicit": ast.BooleanTerm(false), - "managed": ast.BooleanTerm(true), - "fskey": ast.StringTerm(""), - "resource": ast.StringTerm(""), - "parent": ast.NullTerm(), - } - if msg != nil { - metadata["msg"] = msg - } - - // universal - input := cause.Get(ast.StringTerm("__defsec_metadata")) - if input == nil { - // docker - input = cause - } - metadata = updateMetadata(metadata, input) - - if term := input.Get(ast.StringTerm("parent")); term != nil { - var err error - metadata["parent"], err = createResult(ctx, nil, term) - if err != nil { - return nil, err - } - } - - var values [][2]*ast.Term - for key, val := range metadata { - values = append(values, [2]*ast.Term{ - ast.StringTerm(key), - val, - }) - } - return ast.ObjectTerm(values...), nil -} - -func updateMetadata(metadata map[string]*ast.Term, input *ast.Term) map[string]*ast.Term { - if term := input.Get(ast.StringTerm("startline")); term != nil { - metadata["startline"] = term - } - if term := input.Get(ast.StringTerm("StartLine")); term != nil { - metadata["startline"] = term - } - if term := input.Get(ast.StringTerm("endline")); term != nil { - metadata["endline"] = term - } - if term := input.Get(ast.StringTerm("EndLine")); term != nil { - metadata["endline"] = term - } - if term := input.Get(ast.StringTerm("filepath")); term != nil { - metadata["filepath"] = term - } - if term := input.Get(ast.StringTerm("sourceprefix")); term != nil { - metadata["sourceprefix"] = term - } - if term := input.Get(ast.StringTerm("Path")); term != nil { - metadata["filepath"] = term - } - if term := input.Get(ast.StringTerm("explicit")); term != nil { - metadata["explicit"] = term - } - if term := input.Get(ast.StringTerm("managed")); term != nil { - metadata["managed"] = term - } - if term := input.Get(ast.StringTerm("fskey")); term != nil { - metadata["fskey"] = term - } - if term := input.Get(ast.StringTerm("resource")); term != nil { - metadata["resource"] = term - } - return metadata -} diff --git a/pkg/rego/embed.go b/pkg/rego/embed.go deleted file mode 100644 index 8de856a3..00000000 --- a/pkg/rego/embed.go +++ /dev/null @@ -1,107 +0,0 @@ -package rego - -import ( - "context" - "io/fs" - "path/filepath" - "strings" - - "github.com/aquasecurity/trivy-iac/pkg/rules" - rules2 "github.com/aquasecurity/trivy-policies/rules" - "github.com/open-policy-agent/opa/ast" -) - -func init() { - - modules, err := LoadEmbeddedPolicies() - if err != nil { - // we should panic as the policies were not embedded properly - panic(err) - } - loadedLibs, err := LoadEmbeddedLibraries() - if err != nil { - panic(err) - } - for name, policy := range loadedLibs { - modules[name] = policy - } - - RegisterRegoRules(modules) -} - -func RegisterRegoRules(modules map[string]*ast.Module) { - ctx := context.TODO() - - schemaSet, _, _ := BuildSchemaSetFromPolicies(modules, nil, nil) - - compiler := ast.NewCompiler(). - WithSchemas(schemaSet). - WithCapabilities(nil). - WithUseTypeCheckAnnotations(true) - - compiler.Compile(modules) - if compiler.Failed() { - // we should panic as the embedded rego policies are syntactically incorrect... - panic(compiler.Errors) - } - - retriever := NewMetadataRetriever(compiler) - for _, module := range modules { - metadata, err := retriever.RetrieveMetadata(ctx, module) - if err != nil { - continue - } - if metadata.AVDID == "" { - continue - } - rules.Register( - metadata.ToRule(), - ) - } -} - -func LoadEmbeddedPolicies() (map[string]*ast.Module, error) { - return LoadPoliciesFromDirs(rules2.EmbeddedPolicyFileSystem, ".") -} - -func LoadEmbeddedLibraries() (map[string]*ast.Module, error) { - return LoadPoliciesFromDirs(rules2.EmbeddedLibraryFileSystem, ".") -} - -func LoadPoliciesFromDirs(target fs.FS, paths ...string) (map[string]*ast.Module, error) { - modules := make(map[string]*ast.Module) - for _, path := range paths { - if err := fs.WalkDir(target, sanitisePath(path), func(path string, info fs.DirEntry, err error) error { - if err != nil { - return err - } - if info.IsDir() { - return nil - } - - if strings.HasSuffix(filepath.Dir(filepath.ToSlash(path)), "policies/advanced/optional") { - return fs.SkipDir - } - - if !IsRegoFile(info.Name()) || IsDotFile(info.Name()) { - return nil - } - data, err := fs.ReadFile(target, filepath.ToSlash(path)) - if err != nil { - return err - } - module, err := ast.ParseModuleWithOpts(path, string(data), ast.ParserOptions{ - ProcessAnnotation: true, - }) - if err != nil { - // s.debug.Log("Failed to load module: %s, err: %s", filepath.ToSlash(path), err.Error()) - return err - } - modules[path] = module - return nil - }); err != nil { - return nil, err - } - } - return modules, nil -} diff --git a/pkg/rego/embed_test.go b/pkg/rego/embed_test.go deleted file mode 100644 index 1465e73f..00000000 --- a/pkg/rego/embed_test.go +++ /dev/null @@ -1,123 +0,0 @@ -package rego - -import ( - "testing" - - "github.com/aquasecurity/trivy-iac/pkg/rules" - rules2 "github.com/aquasecurity/trivy-policies/rules" - "github.com/open-policy-agent/opa/ast" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -func Test_EmbeddedLoading(t *testing.T) { - - frameworkRules := rules.GetRegistered() - var found bool - for _, rule := range frameworkRules { - if rule.GetRule().RegoPackage != "" { - found = true - } - } - assert.True(t, found, "no embedded rego policies were registered as rules") -} - -func Test_RegisterRegoRules(t *testing.T) { - var testCases = []struct { - name string - inputPolicy string - expectedError bool - }{ - { - name: "happy path old single schema", - inputPolicy: `# METADATA -# title: "dummy title" -# description: "some description" -# scope: package -# schemas: -# - input: schema["input"] -# custom: -# input: -# selector: -# - type: dockerfile -package builtin.dockerfile.DS1234 -deny[res]{ - res := true -}`, - }, - { - name: "happy path new builtin single schema", - inputPolicy: `# METADATA -# title: "dummy title" -# description: "some description" -# scope: package -# schemas: -# - input: schema["dockerfile"] -# custom: -# input: -# selector: -# - type: dockerfile -package builtin.dockerfile.DS1234 -deny[res]{ - res := true -}`, - }, - { - name: "happy path new multiple schemas", - inputPolicy: `# METADATA -# title: "dummy title" -# description: "some description" -# scope: package -# schemas: -# - input: schema["dockerfile"] -# - input: schema["kubernetes"] -# custom: -# input: -# selector: -# - type: dockerfile -package builtin.dockerfile.DS1234 -deny[res]{ - res := true -}`, - }, - { - name: "sad path schema does not exist", - inputPolicy: `# METADATA -# title: "dummy title" -# description: "some description" -# scope: package -# schemas: -# - input: schema["invalid schema"] -# custom: -# input: -# selector: -# - type: dockerfile -package builtin.dockerfile.DS1234 -deny[res]{ - res := true -}`, - expectedError: true, - }, - } - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - policies, err := LoadPoliciesFromDirs(rules2.EmbeddedLibraryFileSystem, ".") - require.NoError(t, err) - newRule, err := ast.ParseModuleWithOpts("/rules/newrule.rego", tc.inputPolicy, ast.ParserOptions{ - ProcessAnnotation: true, - }) - require.NoError(t, err) - - policies["/rules/newrule.rego"] = newRule - switch { - case tc.expectedError: - assert.Panics(t, func() { - RegisterRegoRules(policies) - }, tc.name) - default: - RegisterRegoRules(policies) - } - }) - } -} diff --git a/pkg/rego/exceptions.go b/pkg/rego/exceptions.go deleted file mode 100644 index ab202ec0..00000000 --- a/pkg/rego/exceptions.go +++ /dev/null @@ -1,33 +0,0 @@ -package rego - -import ( - "context" - "fmt" -) - -func (s *Scanner) isIgnored(ctx context.Context, namespace string, ruleName string, input interface{}) (bool, error) { - if ignored, err := s.isNamespaceIgnored(ctx, namespace, input); err != nil { - return false, err - } else if ignored { - return true, nil - } - return s.isRuleIgnored(ctx, namespace, ruleName, input) -} - -func (s *Scanner) isNamespaceIgnored(ctx context.Context, namespace string, input interface{}) (bool, error) { - exceptionQuery := fmt.Sprintf("data.namespace.exceptions.exception[_] == %q", namespace) - result, _, err := s.runQuery(ctx, exceptionQuery, input, true) - if err != nil { - return false, fmt.Errorf("query namespace exceptions: %w", err) - } - return result.Allowed(), nil -} - -func (s *Scanner) isRuleIgnored(ctx context.Context, namespace string, ruleName string, input interface{}) (bool, error) { - exceptionQuery := fmt.Sprintf("endswith(%q, data.%s.exception[_][_])", ruleName, namespace) - result, _, err := s.runQuery(ctx, exceptionQuery, input, true) - if err != nil { - return false, err - } - return result.Allowed(), nil -} diff --git a/pkg/rego/load.go b/pkg/rego/load.go deleted file mode 100644 index 909510e8..00000000 --- a/pkg/rego/load.go +++ /dev/null @@ -1,210 +0,0 @@ -package rego - -import ( - "context" - "fmt" - "io" - "io/fs" - "strings" - - "github.com/open-policy-agent/opa/ast" - "github.com/open-policy-agent/opa/bundle" -) - -func IsRegoFile(name string) bool { - return strings.HasSuffix(name, bundle.RegoExt) && !strings.HasSuffix(name, "_test"+bundle.RegoExt) -} - -func IsDotFile(name string) bool { - return strings.HasPrefix(name, ".") -} - -func (s *Scanner) loadPoliciesFromReaders(readers []io.Reader) (map[string]*ast.Module, error) { - modules := make(map[string]*ast.Module) - for i, r := range readers { - moduleName := fmt.Sprintf("reader_%d", i) - data, err := io.ReadAll(r) - if err != nil { - return nil, err - } - module, err := ast.ParseModuleWithOpts(moduleName, string(data), ast.ParserOptions{ - ProcessAnnotation: true, - }) - if err != nil { - return nil, err - } - modules[moduleName] = module - } - return modules, nil -} - -func (s *Scanner) loadEmbedded(enableEmbeddedLibraries, enableEmbeddedPolicies bool) error { - if enableEmbeddedLibraries { - loadedLibs, errLoad := LoadEmbeddedLibraries() - if errLoad != nil { - return fmt.Errorf("failed to load embedded rego libraries: %w", errLoad) - } - for name, policy := range loadedLibs { - s.policies[name] = policy - } - s.debug.Log("Loaded %d embedded libraries.", len(loadedLibs)) - } - - if enableEmbeddedPolicies { - loaded, err := LoadEmbeddedPolicies() - if err != nil { - return fmt.Errorf("failed to load embedded rego policies: %w", err) - } - for name, policy := range loaded { - s.policies[name] = policy - } - s.debug.Log("Loaded %d embedded policies.", len(loaded)) - } - - return nil -} - -func (s *Scanner) LoadPolicies(enableEmbeddedLibraries, enableEmbeddedPolicies bool, srcFS fs.FS, paths []string, readers []io.Reader) error { - - if s.policies == nil { - s.policies = make(map[string]*ast.Module) - } - - if s.policyFS != nil { - s.debug.Log("Overriding filesystem for policies!") - srcFS = s.policyFS - } - - if err := s.loadEmbedded(enableEmbeddedLibraries, enableEmbeddedPolicies); err != nil { - return err - } - - var err error - if len(paths) > 0 { - loaded, err := LoadPoliciesFromDirs(srcFS, paths...) - if err != nil { - return fmt.Errorf("failed to load rego policies from %s: %w", paths, err) - } - for name, policy := range loaded { - s.policies[name] = policy - } - s.debug.Log("Loaded %d policies from disk.", len(loaded)) - } - - if len(readers) > 0 { - loaded, err := s.loadPoliciesFromReaders(readers) - if err != nil { - return fmt.Errorf("failed to load rego policies from reader(s): %w", err) - } - for name, policy := range loaded { - s.policies[name] = policy - } - s.debug.Log("Loaded %d policies from reader(s).", len(loaded)) - } - - // gather namespaces - uniq := make(map[string]struct{}) - for _, module := range s.policies { - namespace := getModuleNamespace(module) - uniq[namespace] = struct{}{} - } - var namespaces []string - for namespace := range uniq { - namespaces = append(namespaces, namespace) - } - - dataFS := srcFS - if s.dataFS != nil { - s.debug.Log("Overriding filesystem for data!") - dataFS = s.dataFS - } - store, err := initStore(dataFS, s.dataDirs, namespaces) - if err != nil { - return fmt.Errorf("unable to load data: %w", err) - } - s.store = store - - return s.compilePolicies(srcFS, paths) -} - -func (s *Scanner) prunePoliciesWithError(compiler *ast.Compiler) error { - if len(compiler.Errors) > s.regoErrorLimit { - s.debug.Log("Error(s) occurred while loading policies") - return compiler.Errors - } - - for _, e := range compiler.Errors { - s.debug.Log("Error occurred while parsing: %s, %s", e.Location.File, e.Error()) - delete(s.policies, e.Location.File) - } - return nil -} - -func (s *Scanner) compilePolicies(srcFS fs.FS, paths []string) error { - - schemaSet, custom, err := BuildSchemaSetFromPolicies(s.policies, paths, srcFS) - if err != nil { - return err - } - if custom { - s.inputSchema = nil // discard auto detected input schema in favour of policy defined schema - } - - compiler := ast.NewCompiler(). - WithUseTypeCheckAnnotations(true). - WithCapabilities(ast.CapabilitiesForThisVersion()). - WithSchemas(schemaSet) - - compiler.Compile(s.policies) - if compiler.Failed() { - if err := s.prunePoliciesWithError(compiler); err != nil { - return err - } - return s.compilePolicies(srcFS, paths) - } - retriever := NewMetadataRetriever(compiler) - - if err := s.filterModules(retriever); err != nil { - return err - } - if s.inputSchema != nil { - schemaSet := ast.NewSchemaSet() - schemaSet.Put(ast.MustParseRef("schema.input"), s.inputSchema) - compiler.WithSchemas(schemaSet) - compiler.Compile(s.policies) - if compiler.Failed() { - if err := s.prunePoliciesWithError(compiler); err != nil { - return err - } - return s.compilePolicies(srcFS, paths) - } - } - s.compiler = compiler - s.retriever = retriever - return nil -} - -func (s *Scanner) filterModules(retriever *MetadataRetriever) error { - - filtered := make(map[string]*ast.Module) - for name, module := range s.policies { - meta, err := retriever.RetrieveMetadata(context.TODO(), module) - if err != nil { - return err - } - if len(meta.InputOptions.Selectors) == 0 { - s.debug.Log("WARNING: Module %s has no input selectors - it will be loaded for all inputs!", name) - filtered[name] = module - continue - } - for _, selector := range meta.InputOptions.Selectors { - if selector.Type == string(s.sourceType) { - filtered[name] = module - break - } - } - } - - s.policies = filtered - return nil -} diff --git a/pkg/rego/load_test.go b/pkg/rego/load_test.go deleted file mode 100644 index 3240bc20..00000000 --- a/pkg/rego/load_test.go +++ /dev/null @@ -1,46 +0,0 @@ -package rego - -import ( - "bytes" - "embed" - "testing" - - "github.com/aquasecurity/defsec/pkg/types" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -//go:embed all:testdata/policies -var testEmbedFS embed.FS - -func Test_RegoScanning_WithSomeInvalidPolicies(t *testing.T) { - t.Run("allow no errors", func(t *testing.T) { - var debugBuf bytes.Buffer - scanner := NewScanner(types.SourceDockerfile) - scanner.SetRegoErrorLimit(0) - scanner.SetDebugWriter(&debugBuf) - p, _ := LoadPoliciesFromDirs(testEmbedFS, ".") - require.NotNil(t, p) - - scanner.policies = p - err := scanner.compilePolicies(testEmbedFS, []string{"policies"}) - require.ErrorContains(t, err, `want (one of): ["Cmd" "EndLine" "Flags" "JSON" "Original" "Path" "Stage" "StartLine" "SubCmd" "Value"]`) - assert.Contains(t, debugBuf.String(), "Error(s) occurred while loading policies") - }) - - t.Run("allow up to max 1 error", func(t *testing.T) { - var debugBuf bytes.Buffer - scanner := NewScanner(types.SourceDockerfile) - scanner.SetRegoErrorLimit(1) - scanner.SetDebugWriter(&debugBuf) - - p, _ := LoadPoliciesFromDirs(testEmbedFS, ".") - scanner.policies = p - - err := scanner.compilePolicies(testEmbedFS, []string{"policies"}) - require.NoError(t, err) - - assert.Contains(t, debugBuf.String(), "Error occurred while parsing: testdata/policies/invalid.rego, testdata/policies/invalid.rego:7") - }) - -} diff --git a/pkg/rego/metadata.go b/pkg/rego/metadata.go deleted file mode 100644 index ee6b5d1d..00000000 --- a/pkg/rego/metadata.go +++ /dev/null @@ -1,380 +0,0 @@ -package rego - -import ( - "context" - "fmt" - "strings" - - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/providers" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/severity" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" - "github.com/mitchellh/mapstructure" - "github.com/open-policy-agent/opa/ast" - "github.com/open-policy-agent/opa/rego" -) - -type StaticMetadata struct { - ID string - AVDID string - Title string - ShortCode string - Description string - Severity string - RecommendedActions string - PrimaryURL string - References []string - InputOptions InputOptions - Package string - Frameworks map[framework.Framework][]string - Provider string - Service string - Library bool - CloudFormation *scan.EngineMetadata - Terraform *scan.EngineMetadata -} - -func NewStaticMetadata(pkgPath string, inputOpt InputOptions) *StaticMetadata { - return &StaticMetadata{ - ID: "N/A", - Title: "N/A", - Severity: "UNKNOWN", - Description: fmt.Sprintf("Rego module: %s", pkgPath), - Package: pkgPath, - InputOptions: inputOpt, - Frameworks: make(map[framework.Framework][]string), - } -} - -func (sm *StaticMetadata) Update(meta map[string]any) error { - - upd := func(field *string, key string) { - if raw, ok := meta[key]; ok { - *field = fmt.Sprintf("%s", raw) - } - } - - upd(&sm.ID, "id") - upd(&sm.AVDID, "avd_id") - upd(&sm.Title, "title") - upd(&sm.ShortCode, "short_code") - upd(&sm.Description, "description") - upd(&sm.Service, "service") - upd(&sm.Provider, "provider") - upd(&sm.RecommendedActions, "recommended_actions") - upd(&sm.RecommendedActions, "recommended_action") - - if raw, ok := meta["severity"]; ok { - sm.Severity = strings.ToUpper(fmt.Sprintf("%s", raw)) - } - - if raw, ok := meta["library"]; ok { - if lib, ok := raw.(bool); ok { - sm.Library = lib - } - } - - if raw, ok := meta["url"]; ok { - sm.References = append(sm.References, fmt.Sprintf("%s", raw)) - } - if raw, ok := meta["frameworks"]; ok { - frameworks, ok := raw.(map[string][]string) - if !ok { - return fmt.Errorf("failed to parse framework metadata: not an object") - } - for fw, sections := range frameworks { - sm.Frameworks[framework.Framework(fw)] = sections - } - } - if raw, ok := meta["related_resources"]; ok { - if relatedResources, ok := raw.([]map[string]any); ok { - for _, relatedResource := range relatedResources { - if raw, ok := relatedResource["ref"]; ok { - sm.References = append(sm.References, fmt.Sprintf("%s", raw)) - } - } - } else if relatedResources, ok := raw.([]string); ok { - sm.References = append(sm.References, relatedResources...) - } - } - - var err error - if sm.CloudFormation, err = NewEngineMetadata("cloud_formation", meta); err != nil { - return err - } - - if sm.Terraform, err = NewEngineMetadata("terraform", meta); err != nil { - return err - } - - return nil -} - -func (sm *StaticMetadata) FromAnnotations(annotations *ast.Annotations) error { - sm.Title = annotations.Title - sm.Description = annotations.Description - for _, resource := range annotations.RelatedResources { - if !resource.Ref.IsAbs() { - continue - } - sm.References = append(sm.References, resource.Ref.String()) - } - if custom := annotations.Custom; custom != nil { - if err := sm.Update(custom); err != nil { - return err - } - } - if len(annotations.RelatedResources) > 0 { - sm.PrimaryURL = annotations.RelatedResources[0].Ref.String() - } - return nil -} - -func NewEngineMetadata(schema string, meta map[string]interface{}) (*scan.EngineMetadata, error) { - var sMap map[string]interface{} - if raw, ok := meta[schema]; ok { - sMap, ok = raw.(map[string]interface{}) - if !ok { - return nil, fmt.Errorf("failed to parse %s metadata: not an object", schema) - } - } - - var em scan.EngineMetadata - if val, ok := sMap["good_examples"].(string); ok { - em.GoodExamples = []string{val} - } - if val, ok := sMap["bad_examples"].(string); ok { - em.BadExamples = []string{val} - } - if val, ok := sMap["links"].(string); ok { - em.Links = []string{val} - } - if val, ok := sMap["remediation_markdown"].(string); ok { - em.RemediationMarkdown = val - } - - return &em, nil -} - -type InputOptions struct { - Combined bool - Selectors []Selector -} - -type Selector struct { - Type string - Subtypes []SubType -} - -type SubType struct { - Group string - Version string - Kind string - Namespace string - Service string // only for cloud - Provider string // only for cloud -} - -func (m StaticMetadata) ToRule() scan.Rule { - - provider := "generic" - if m.Provider != "" { - provider = m.Provider - } else if len(m.InputOptions.Selectors) > 0 { - provider = m.InputOptions.Selectors[0].Type - } - service := "general" - if m.Service != "" { - service = m.Service - } - - return scan.Rule{ - AVDID: m.AVDID, - Aliases: []string{m.ID}, - ShortCode: m.ShortCode, - Summary: m.Title, - Explanation: m.Description, - Impact: "", - Resolution: m.RecommendedActions, - Provider: providers.Provider(provider), - Service: service, - Links: m.References, - Severity: severity.Severity(m.Severity), - RegoPackage: m.Package, - Frameworks: m.Frameworks, - CloudFormation: m.CloudFormation, - Terraform: m.Terraform, - } -} - -type MetadataRetriever struct { - compiler *ast.Compiler -} - -func NewMetadataRetriever(compiler *ast.Compiler) *MetadataRetriever { - return &MetadataRetriever{ - compiler: compiler, - } -} - -func (m *MetadataRetriever) findPackageAnnotations(module *ast.Module) *ast.Annotations { - annotationSet := m.compiler.GetAnnotationSet() - if annotationSet == nil { - return nil - } - for _, annotation := range annotationSet.Flatten() { - if annotation.GetPackage().Path.String() != module.Package.Path.String() || annotation.Annotations.Scope != "package" { - continue - } - return annotation.Annotations - } - return nil -} - -func (m *MetadataRetriever) RetrieveMetadata(ctx context.Context, module *ast.Module, contents ...any) (*StaticMetadata, error) { - - metadata := NewStaticMetadata( - module.Package.Path.String(), - m.queryInputOptions(ctx, module), - ) - - // read metadata from official rego annotations if possible - if annotations := m.findPackageAnnotations(module); annotations != nil { - if err := metadata.FromAnnotations(annotations); err != nil { - return nil, err - } - return metadata, nil - } - - // otherwise, try to read metadata from the rego module itself - we used to do this before annotations were a thing - namespace := getModuleNamespace(module) - metadataQuery := fmt.Sprintf("data.%s.__rego_metadata__", namespace) - - options := []func(*rego.Rego){ - rego.Query(metadataQuery), - rego.Compiler(m.compiler), - rego.Capabilities(nil), - } - // support dynamic metadata fields - for _, in := range contents { - options = append(options, rego.Input(in)) - } - - instance := rego.New(options...) - set, err := instance.Eval(ctx) - if err != nil { - return nil, err - } - - // no metadata supplied - if set == nil { - return metadata, nil - } - - if len(set) != 1 { - return nil, fmt.Errorf("failed to parse metadata: unexpected set length") - } - if len(set[0].Expressions) != 1 { - return nil, fmt.Errorf("failed to parse metadata: unexpected expression length") - } - expression := set[0].Expressions[0] - meta, ok := expression.Value.(map[string]interface{}) - if !ok { - return nil, fmt.Errorf("failed to parse metadata: not an object") - } - - if err := metadata.Update(meta); err != nil { - return nil, err - } - - return metadata, nil -} - -// nolint: cyclop -func (m *MetadataRetriever) queryInputOptions(ctx context.Context, module *ast.Module) InputOptions { - - options := InputOptions{ - Combined: false, - Selectors: nil, - } - - var metadata map[string]interface{} - - // read metadata from official rego annotations if possible - if annotation := m.findPackageAnnotations(module); annotation != nil && annotation.Custom != nil { - if input, ok := annotation.Custom["input"]; ok { - if mapped, ok := input.(map[string]interface{}); ok { - metadata = mapped - } - } - } - - if metadata == nil { - - namespace := getModuleNamespace(module) - inputOptionQuery := fmt.Sprintf("data.%s.__rego_input__", namespace) - instance := rego.New( - rego.Query(inputOptionQuery), - rego.Compiler(m.compiler), - rego.Capabilities(nil), - ) - set, err := instance.Eval(ctx) - if err != nil { - return options - } - - if len(set) != 1 { - return options - } - if len(set[0].Expressions) != 1 { - return options - } - expression := set[0].Expressions[0] - meta, ok := expression.Value.(map[string]interface{}) - if !ok { - return options - } - metadata = meta - } - - if raw, ok := metadata["combine"]; ok { - if combine, ok := raw.(bool); ok { - options.Combined = combine - } - } - - if raw, ok := metadata["selector"]; ok { - if each, ok := raw.([]interface{}); ok { - for _, rawSelector := range each { - var selector Selector - if selectorMap, ok := rawSelector.(map[string]interface{}); ok { - if rawType, ok := selectorMap["type"]; ok { - selector.Type = fmt.Sprintf("%s", rawType) - // handle backward compatibility for "defsec" source type which is now "cloud" - if selector.Type == string(defsecTypes.SourceDefsec) { - selector.Type = string(defsecTypes.SourceCloud) - } - } - if subType, ok := selectorMap["subtypes"].([]interface{}); ok { - for _, subT := range subType { - if st, ok := subT.(map[string]interface{}); ok { - s := SubType{} - _ = mapstructure.Decode(st, &s) - selector.Subtypes = append(selector.Subtypes, s) - } - } - } - } - options.Selectors = append(options.Selectors, selector) - } - } - } - - return options - -} - -func getModuleNamespace(module *ast.Module) string { - return strings.TrimPrefix(module.Package.Path.String(), "data.") -} diff --git a/pkg/rego/metadata_test.go b/pkg/rego/metadata_test.go deleted file mode 100644 index 935c027d..00000000 --- a/pkg/rego/metadata_test.go +++ /dev/null @@ -1,188 +0,0 @@ -package rego - -import ( - "testing" - - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -func Test_UpdateStaticMetadata(t *testing.T) { - t.Run("happy", func(t *testing.T) { - sm := StaticMetadata{ - ID: "i", - AVDID: "a", - Title: "t", - ShortCode: "sc", - Description: "d", - Severity: "s", - RecommendedActions: "ra", - PrimaryURL: "pu", - References: []string{"r"}, - Package: "pkg", - Provider: "pr", - Service: "srvc", - Library: false, - Frameworks: map[framework.Framework][]string{ - framework.Default: {"dd"}, - }, - } - - require.NoError(t, sm.Update( - map[string]any{ - "id": "i_n", - "avd_id": "a_n", - "title": "t_n", - "short_code": "sc_n", - "description": "d_n", - "service": "srvc_n", - "provider": "pr_n", - "recommended_actions": "ra_n", - "severity": "s_n", - "library": true, - "url": "r_n", - "frameworks": map[string][]string{ - "all": {"aa"}, - }, - }, - )) - - expected := StaticMetadata{ - ID: "i_n", - AVDID: "a_n", - Title: "t_n", - ShortCode: "sc_n", - Description: "d_n", - Severity: "S_N", - RecommendedActions: "ra_n", - PrimaryURL: "pu", - References: []string{"r", "r_n"}, - Package: "pkg", - Provider: "pr_n", - Service: "srvc_n", - Library: true, - Frameworks: map[framework.Framework][]string{ - framework.Default: {"dd"}, - framework.ALL: {"aa"}, - }, - CloudFormation: &scan.EngineMetadata{}, - Terraform: &scan.EngineMetadata{}, - } - - assert.Equal(t, expected, sm) - }) - - t.Run("related resources are a map", func(t *testing.T) { - sm := StaticMetadata{ - References: []string{"r"}, - } - require.NoError(t, sm.Update(map[string]any{ - "related_resources": []map[string]any{ - { - "ref": "r1_n", - }, - { - "ref": "r2_n", - }, - }, - })) - - expected := StaticMetadata{ - References: []string{"r", "r1_n", "r2_n"}, - CloudFormation: &scan.EngineMetadata{}, - Terraform: &scan.EngineMetadata{}, - } - - assert.Equal(t, expected, sm) - }) - - t.Run("related resources are a string", func(t *testing.T) { - sm := StaticMetadata{ - References: []string{"r"}, - } - require.NoError(t, sm.Update(map[string]any{ - "related_resources": []string{"r1_n", "r2_n"}, - })) - - expected := StaticMetadata{ - References: []string{"r", "r1_n", "r2_n"}, - CloudFormation: &scan.EngineMetadata{}, - Terraform: &scan.EngineMetadata{}, - } - - assert.Equal(t, expected, sm) - }) -} - -func Test_getEngineMetadata(t *testing.T) { - inputSchema := map[string]interface{}{ - "terraform": map[string]interface{}{ - "good_examples": `resource "aws_cloudtrail" "good_example" { - is_multi_region_trail = true - - event_selector { - read_write_type = "All" - include_management_events = true - - data_resource { - type = "AWS::S3::Object" - values = ["${data.aws_s3_bucket.important-bucket.arn}/"] - } - } - }`, - }, - "cloud_formation": map[string]interface{}{"good_examples": `--- -Resources: - GoodExample: - Type: AWS::CloudTrail::Trail - Properties: - IsLogging: true - IsMultiRegionTrail: true - S3BucketName: "CloudtrailBucket" - S3KeyPrefix: "/trailing" - TrailName: "Cloudtrail"`, - }} - - var testCases = []struct { - schema string - want string - }{ - { - schema: "terraform", - want: `resource "aws_cloudtrail" "good_example" { - is_multi_region_trail = true - - event_selector { - read_write_type = "All" - include_management_events = true - - data_resource { - type = "AWS::S3::Object" - values = ["${data.aws_s3_bucket.important-bucket.arn}/"] - } - } - }`, - }, - {schema: "cloud_formation", - want: `--- -Resources: - GoodExample: - Type: AWS::CloudTrail::Trail - Properties: - IsLogging: true - IsMultiRegionTrail: true - S3BucketName: "CloudtrailBucket" - S3KeyPrefix: "/trailing" - TrailName: "Cloudtrail"`}, - } - - for _, tc := range testCases { - t.Run(tc.schema, func(t *testing.T) { - em, err := NewEngineMetadata(tc.schema, inputSchema) - assert.NoError(t, err) - assert.Equal(t, tc.want, em.GoodExamples[0]) - }) - } -} diff --git a/pkg/rego/result.go b/pkg/rego/result.go deleted file mode 100644 index 94319eee..00000000 --- a/pkg/rego/result.go +++ /dev/null @@ -1,166 +0,0 @@ -package rego - -import ( - "fmt" - "io/fs" - "strconv" - - "github.com/aquasecurity/defsec/pkg/scan" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" - "github.com/open-policy-agent/opa/rego" -) - -type regoResult struct { - Filepath string - Resource string - StartLine int - EndLine int - SourcePrefix string - Message string - Explicit bool - Managed bool - FSKey string - FS fs.FS - Parent *regoResult -} - -func (r regoResult) GetMetadata() defsecTypes.Metadata { - var m defsecTypes.Metadata - if !r.Managed { - m = defsecTypes.NewUnmanagedMetadata() - } else { - rng := defsecTypes.NewRangeWithFSKey(r.Filepath, r.StartLine, r.EndLine, r.SourcePrefix, r.FSKey, r.FS) - if r.Explicit { - m = defsecTypes.NewExplicitMetadata(rng, r.Resource) - } else { - m = defsecTypes.NewMetadata(rng, r.Resource) - } - } - if r.Parent != nil { - return m.WithParent(r.Parent.GetMetadata()) - } - return m -} - -func (r regoResult) GetRawValue() interface{} { - return nil -} - -func parseResult(raw interface{}) *regoResult { - var result regoResult - result.Managed = true - switch val := raw.(type) { - case []interface{}: - var msg string - for _, item := range val { - switch raw := item.(type) { - case map[string]interface{}: - result = parseCause(raw) - case string: - msg = raw - } - } - result.Message = msg - case string: - result.Message = val - case map[string]interface{}: - result = parseCause(val) - default: - result.Message = "Rego policy resulted in DENY" - } - return &result -} - -func parseCause(cause map[string]interface{}) regoResult { - var result regoResult - result.Managed = true - if msg, ok := cause["msg"]; ok { - result.Message = fmt.Sprintf("%s", msg) - } - if filepath, ok := cause["filepath"]; ok { - result.Filepath = fmt.Sprintf("%s", filepath) - } - if msg, ok := cause["fskey"]; ok { - result.FSKey = fmt.Sprintf("%s", msg) - } - if msg, ok := cause["resource"]; ok { - result.Resource = fmt.Sprintf("%s", msg) - } - if start, ok := cause["startline"]; ok { - result.StartLine = parseLineNumber(start) - } - if end, ok := cause["endline"]; ok { - result.EndLine = parseLineNumber(end) - } - if prefix, ok := cause["sourceprefix"]; ok { - result.SourcePrefix = fmt.Sprintf("%s", prefix) - } - if explicit, ok := cause["explicit"]; ok { - if set, ok := explicit.(bool); ok { - result.Explicit = set - } - } - if managed, ok := cause["managed"]; ok { - if set, ok := managed.(bool); ok { - result.Managed = set - } - } - if parent, ok := cause["parent"]; ok { - if m, ok := parent.(map[string]interface{}); ok { - parentResult := parseCause(m) - result.Parent = &parentResult - } - } - return result -} - -func parseLineNumber(raw interface{}) int { - str := fmt.Sprintf("%s", raw) - n, _ := strconv.Atoi(str) - return n -} - -func (s *Scanner) convertResults(set rego.ResultSet, input Input, namespace string, rule string, traces []string) scan.Results { - var results scan.Results - - offset := 0 - if input.Contents != nil { - if xx, ok := input.Contents.(map[string]interface{}); ok { - if md, ok := xx["__defsec_metadata"]; ok { - if md2, ok := md.(map[string]interface{}); ok { - if sl, ok := md2["offset"]; ok { - offset, _ = sl.(int) - } - } - } - } - } - for _, result := range set { - for _, expression := range result.Expressions { - values, ok := expression.Value.([]interface{}) - if !ok { - values = []interface{}{expression.Value} - } - - for _, value := range values { - regoResult := parseResult(value) - regoResult.FS = input.FS - if regoResult.Filepath == "" && input.Path != "" { - regoResult.Filepath = input.Path - } - if regoResult.Message == "" { - regoResult.Message = fmt.Sprintf("Rego policy rule: %s.%s", namespace, rule) - } - regoResult.StartLine += offset - regoResult.EndLine += offset - results.AddRego(regoResult.Message, namespace, rule, traces, regoResult) - } - } - } - return results -} - -func (s *Scanner) embellishResultsWithRuleMetadata(results scan.Results, metadata StaticMetadata) scan.Results { - results.SetRule(metadata.ToRule()) - return results -} diff --git a/pkg/rego/result_test.go b/pkg/rego/result_test.go deleted file mode 100644 index d958f796..00000000 --- a/pkg/rego/result_test.go +++ /dev/null @@ -1,104 +0,0 @@ -package rego - -import ( - "testing" - - "github.com/stretchr/testify/assert" -) - -func Test_parseResult(t *testing.T) { - var testCases = []struct { - name string - input interface{} - want regoResult - }{ - { - name: "unknown", - input: nil, - want: regoResult{ - Managed: true, - Message: "Rego policy resulted in DENY", - }, - }, - { - name: "string", - input: "message", - want: regoResult{ - Managed: true, - Message: "message", - }, - }, - { - name: "strings", - input: []interface{}{"message"}, - want: regoResult{ - Managed: true, - Message: "message", - }, - }, - { - name: "maps", - input: []interface{}{ - "message", - map[string]interface{}{ - "filepath": "a.out", - }, - }, - want: regoResult{ - Managed: true, - Message: "message", - Filepath: "a.out", - }, - }, - { - name: "map", - input: map[string]interface{}{ - "msg": "message", - "filepath": "a.out", - "fskey": "abcd", - "resource": "resource", - "startline": "123", - "endline": "456", - "sourceprefix": "git", - "explicit": true, - "managed": true, - }, - want: regoResult{ - Message: "message", - Filepath: "a.out", - Resource: "resource", - StartLine: 123, - EndLine: 456, - SourcePrefix: "git", - FSKey: "abcd", - Explicit: true, - Managed: true, - }, - }, - { - name: "parent", - input: map[string]interface{}{ - "msg": "child", - "parent": map[string]interface{}{ - "msg": "parent", - }, - }, - want: regoResult{ - Message: "child", - Managed: true, - Parent: ®oResult{ - Message: "parent", - Managed: true, - }, - }, - }, - } - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - have := parseResult(tc.input) - assert.NotNil(t, have) - assert.Equal(t, tc.want, *have) - }) - } -} diff --git a/pkg/rego/runtime.go b/pkg/rego/runtime.go deleted file mode 100644 index 6e28268d..00000000 --- a/pkg/rego/runtime.go +++ /dev/null @@ -1,28 +0,0 @@ -package rego - -import ( - "os" - "strings" - - "github.com/open-policy-agent/opa/ast" - "github.com/open-policy-agent/opa/version" -) - -func addRuntimeValues() *ast.Term { - env := ast.NewObject() - for _, pair := range os.Environ() { - parts := strings.SplitN(pair, "=", 2) - if len(parts) == 1 { - env.Insert(ast.StringTerm(parts[0]), ast.NullTerm()) - } else if len(parts) > 1 { - env.Insert(ast.StringTerm(parts[0]), ast.StringTerm(parts[1])) - } - } - - obj := ast.NewObject() - obj.Insert(ast.StringTerm("env"), ast.NewTerm(env)) - obj.Insert(ast.StringTerm("version"), ast.StringTerm(version.Version)) - obj.Insert(ast.StringTerm("commit"), ast.StringTerm(version.Vcs)) - - return ast.NewTerm(obj) -} diff --git a/pkg/rego/scanner.go b/pkg/rego/scanner.go deleted file mode 100644 index 667c4c04..00000000 --- a/pkg/rego/scanner.go +++ /dev/null @@ -1,413 +0,0 @@ -package rego - -import ( - "bytes" - "context" - "encoding/json" - "fmt" - "io" - "io/fs" - "strings" - - "github.com/aquasecurity/defsec/pkg/debug" - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-iac/pkg/rego/schemas" - "github.com/open-policy-agent/opa/ast" - "github.com/open-policy-agent/opa/rego" - "github.com/open-policy-agent/opa/storage" - - "github.com/aquasecurity/defsec/pkg/scanners/options" -) - -var _ options.ConfigurableScanner = (*Scanner)(nil) - -type Scanner struct { - ruleNamespaces map[string]struct{} - policies map[string]*ast.Module - store storage.Store - dataDirs []string - runtimeValues *ast.Term - compiler *ast.Compiler - regoErrorLimit int - debug debug.Logger - traceWriter io.Writer - tracePerResult bool - retriever *MetadataRetriever - policyFS fs.FS - dataFS fs.FS - frameworks []framework.Framework - spec string - inputSchema interface{} // unmarshalled into this from a json schema document - sourceType types.Source -} - -func (s *Scanner) SetUseEmbeddedLibraries(b bool) { - // handled externally -} - -func (s *Scanner) SetSpec(spec string) { - s.spec = spec -} - -func (s *Scanner) SetRegoOnly(bool) {} - -func (s *Scanner) SetFrameworks(frameworks []framework.Framework) { - s.frameworks = frameworks -} - -func (s *Scanner) SetUseEmbeddedPolicies(b bool) { - // handled externally -} - -func (s *Scanner) trace(heading string, input interface{}) { - if s.traceWriter == nil { - return - } - data, err := json.MarshalIndent(input, "", " ") - if err != nil { - return - } - _, _ = fmt.Fprintf(s.traceWriter, "REGO %[1]s:\n%s\nEND REGO %[1]s\n\n", heading, string(data)) -} - -func (s *Scanner) SetPolicyFilesystem(fs fs.FS) { - s.policyFS = fs -} - -func (s *Scanner) SetDataFilesystem(fs fs.FS) { - s.dataFS = fs -} - -func (s *Scanner) SetPolicyReaders(_ []io.Reader) { - // NOTE: Policy readers option not applicable for rego, policies are loaded on-demand by other scanners. -} - -func (s *Scanner) SetDebugWriter(writer io.Writer) { - s.debug = debug.New(writer, "rego", "scanner") -} - -func (s *Scanner) SetTraceWriter(writer io.Writer) { - s.traceWriter = writer -} - -func (s *Scanner) SetPerResultTracingEnabled(b bool) { - s.tracePerResult = b -} - -func (s *Scanner) SetPolicyDirs(_ ...string) { - // NOTE: Policy dirs option not applicable for rego, policies are loaded on-demand by other scanners. -} - -func (s *Scanner) SetDataDirs(dirs ...string) { - s.dataDirs = dirs -} - -func (s *Scanner) SetPolicyNamespaces(namespaces ...string) { - for _, namespace := range namespaces { - s.ruleNamespaces[namespace] = struct{}{} - } -} - -func (s *Scanner) SetSkipRequiredCheck(_ bool) { - // NOTE: Skip required option not applicable for rego. -} - -func (s *Scanner) SetRegoErrorLimit(limit int) { - s.regoErrorLimit = limit -} - -type DynamicMetadata struct { - Warning bool - Filepath string - Message string - StartLine int - EndLine int -} - -func NewScanner(source types.Source, options ...options.ScannerOption) *Scanner { - schema, ok := schemas.SchemaMap[source] - if !ok { - schema = schemas.Anything - } - - s := &Scanner{ - regoErrorLimit: ast.CompileErrorLimitDefault, - sourceType: source, - ruleNamespaces: map[string]struct{}{ - "builtin": {}, - "appshield": {}, - "defsec": {}, - }, - runtimeValues: addRuntimeValues(), - } - for _, opt := range options { - opt(s) - } - if schema != schemas.None { - err := json.Unmarshal([]byte(schema), &s.inputSchema) - if err != nil { - panic(err) - } - } - return s -} - -func (s *Scanner) SetParentDebugLogger(l debug.Logger) { - s.debug = l.Extend("rego") -} - -func (s *Scanner) runQuery(ctx context.Context, query string, input interface{}, disableTracing bool) (rego.ResultSet, []string, error) { - - trace := (s.traceWriter != nil || s.tracePerResult) && !disableTracing - - regoOptions := []func(*rego.Rego){ - rego.Query(query), - rego.Compiler(s.compiler), - rego.Store(s.store), - rego.Runtime(s.runtimeValues), - rego.Trace(trace), - } - - if s.inputSchema != nil { - schemaSet := ast.NewSchemaSet() - schemaSet.Put(ast.MustParseRef("schema.input"), s.inputSchema) - regoOptions = append(regoOptions, rego.Schemas(schemaSet)) - } - - if input != nil { - regoOptions = append(regoOptions, rego.Input(input)) - } - - instance := rego.New(regoOptions...) - set, err := instance.Eval(ctx) - if err != nil { - return nil, nil, err - } - - // we also build a slice of trace lines for per-result tracing - primarily for fanal/trivy - var traces []string - - if trace { - if s.traceWriter != nil { - rego.PrintTrace(s.traceWriter, instance) - } - if s.tracePerResult { - traceBuffer := bytes.NewBuffer([]byte{}) - rego.PrintTrace(traceBuffer, instance) - traces = strings.Split(traceBuffer.String(), "\n") - } - } - return set, traces, nil -} - -type Input struct { - Path string `json:"path"` - FS fs.FS `json:"-"` - Contents interface{} `json:"contents"` -} - -func GetInputsContents(inputs []Input) []any { - results := make([]any, len(inputs)) - for i, c := range inputs { - results[i] = c.Contents - } - return results -} - -func (s *Scanner) ScanInput(ctx context.Context, inputs ...Input) (scan.Results, error) { - - s.debug.Log("Scanning %d inputs...", len(inputs)) - - var results scan.Results - - for _, module := range s.policies { - - select { - case <-ctx.Done(): - return nil, ctx.Err() - default: - } - - namespace := getModuleNamespace(module) - topLevel := strings.Split(namespace, ".")[0] - if _, ok := s.ruleNamespaces[topLevel]; !ok { - continue - } - - staticMeta, err := s.retriever.RetrieveMetadata(ctx, module, GetInputsContents(inputs)...) - if err != nil { - return nil, err - } - - if isPolicyWithSubtype(s.sourceType) { - // skip if policy isn't relevant to what is being scanned - if !isPolicyApplicable(staticMeta, inputs...) { - continue - } - } - - if len(inputs) == 0 { - continue - } - - usedRules := make(map[string]struct{}) - - // all rules - for _, rule := range module.Rules { - ruleName := rule.Head.Name.String() - if _, ok := usedRules[ruleName]; ok { - continue - } - usedRules[ruleName] = struct{}{} - if isEnforcedRule(ruleName) { - ruleResults, err := s.applyRule(ctx, namespace, ruleName, inputs, staticMeta.InputOptions.Combined) - if err != nil { - return nil, err - } - results = append(results, s.embellishResultsWithRuleMetadata(ruleResults, *staticMeta)...) - } - } - - } - - return results, nil -} - -func isPolicyWithSubtype(sourceType types.Source) bool { - for _, s := range []types.Source{types.SourceCloud, types.SourceDefsec} { // TODO(simar): Add types.Kubernetes once all k8s policy have subtype - if sourceType == s { - return true - } - } - return false -} - -func checkSubtype(ii map[string]interface{}, provider string, subTypes []SubType) bool { - if len(subTypes) == 0 { - return true - } - - for _, st := range subTypes { - switch services := ii[provider].(type) { - case map[string]interface{}: // cloud - for service := range services { - if (service == st.Service) && (st.Provider == provider) { - return true - } - } - case string: // k8s - // TODO(simar): This logic probably needs to be revisited - if services == st.Group || - services == st.Version || - services == st.Kind { - return true - } - } - } - return false -} - -func isPolicyApplicable(staticMetadata *StaticMetadata, inputs ...Input) bool { - for _, input := range inputs { - if ii, ok := input.Contents.(map[string]interface{}); ok { - for provider := range ii { - // TODO(simar): Add other providers - if !strings.Contains(strings.Join([]string{"kind", "aws", "azure"}, ","), provider) { - continue - } - - if len(staticMetadata.InputOptions.Selectors) == 0 { // policy always applies if no selectors - return true - } - - // check metadata for subtype - for _, s := range staticMetadata.InputOptions.Selectors { - if checkSubtype(ii, provider, s.Subtypes) { - return true - } - } - } - } - } - return false -} - -func (s *Scanner) applyRule(ctx context.Context, namespace string, rule string, inputs []Input, combined bool) (scan.Results, error) { - - // handle combined evaluations if possible - if combined { - s.trace("INPUT", inputs) - return s.applyRuleCombined(ctx, namespace, rule, inputs) - } - - var results scan.Results - qualified := fmt.Sprintf("data.%s.%s", namespace, rule) - for _, input := range inputs { - s.trace("INPUT", input) - if ignored, err := s.isIgnored(ctx, namespace, rule, input.Contents); err != nil { - return nil, err - } else if ignored { - var result regoResult - result.FS = input.FS - result.Filepath = input.Path - result.Managed = true - results.AddIgnored(result) - continue - } - set, traces, err := s.runQuery(ctx, qualified, input.Contents, false) - if err != nil { - return nil, err - } - s.trace("RESULTSET", set) - ruleResults := s.convertResults(set, input, namespace, rule, traces) - if len(ruleResults) == 0 { // It passed because we didn't find anything wrong (NOT because it didn't exist) - var result regoResult - result.FS = input.FS - result.Filepath = input.Path - result.Managed = true - results.AddPassedRego(namespace, rule, traces, result) - continue - } - results = append(results, ruleResults...) - } - - return results, nil -} - -func (s *Scanner) applyRuleCombined(ctx context.Context, namespace string, rule string, inputs []Input) (scan.Results, error) { - if len(inputs) == 0 { - return nil, nil - } - var results scan.Results - qualified := fmt.Sprintf("data.%s.%s", namespace, rule) - if ignored, err := s.isIgnored(ctx, namespace, rule, inputs); err != nil { - return nil, err - } else if ignored { - for _, input := range inputs { - var result regoResult - result.FS = input.FS - result.Filepath = input.Path - result.Managed = true - results.AddIgnored(result) - } - return results, nil - } - set, traces, err := s.runQuery(ctx, qualified, inputs, false) - if err != nil { - return nil, err - } - return s.convertResults(set, inputs[0], namespace, rule, traces), nil -} - -// severity is now set with metadata, so deny/warn/violation now behave the same way -func isEnforcedRule(name string) bool { - switch { - case name == "deny", strings.HasPrefix(name, "deny_"), - name == "warn", strings.HasPrefix(name, "warn_"), - name == "violation", strings.HasPrefix(name, "violation_"): - return true - } - return false -} diff --git a/pkg/rego/scanner_test.go b/pkg/rego/scanner_test.go deleted file mode 100644 index d1aca509..00000000 --- a/pkg/rego/scanner_test.go +++ /dev/null @@ -1,978 +0,0 @@ -package rego - -import ( - "bytes" - "context" - "io/fs" - "os" - "path/filepath" - "strings" - "testing" - - "github.com/aquasecurity/defsec/pkg/severity" - "github.com/aquasecurity/defsec/pkg/types" - "github.com/liamg/memoryfs" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - - "github.com/aquasecurity/defsec/pkg/scanners/options" -) - -func CreateFS(t *testing.T, files map[string]string) fs.FS { - memfs := memoryfs.New() - for name, content := range files { - name := strings.TrimPrefix(name, "/") - err := memfs.MkdirAll(filepath.Dir(name), 0o700) - require.NoError(t, err) - err = memfs.WriteFile(name, []byte(content), 0o644) - require.NoError(t, err) - } - return memfs -} - -func Test_RegoScanning_Deny(t *testing.T) { - - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": ` -package defsec.test - -deny { - input.evil -} -`, - }) - - scanner := NewScanner(types.SourceJSON) - require.NoError( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - ) - - results, err := scanner.ScanInput(context.TODO(), Input{ - Path: "/evil.lol", - Contents: map[string]interface{}{ - "evil": true, - }, - FS: srcFS, - }) - require.NoError(t, err) - - require.Equal(t, 1, len(results.GetFailed())) - assert.Equal(t, 0, len(results.GetPassed())) - assert.Equal(t, 0, len(results.GetIgnored())) - - assert.Equal(t, "/evil.lol", results.GetFailed()[0].Metadata().Range().GetFilename()) - assert.False(t, results.GetFailed()[0].IsWarning()) -} - -func Test_RegoScanning_AbsolutePolicyPath_Deny(t *testing.T) { - - tmp := t.TempDir() - require.NoError(t, os.Mkdir(filepath.Join(tmp, "policies"), 0755)) - require.NoError(t, os.WriteFile(filepath.Join(tmp, "policies", "test.rego"), []byte(`package defsec.test - -deny { - input.evil -}`), 0600)) - - srcFS := os.DirFS(tmp) - - scanner := NewScanner(types.SourceJSON) - require.NoError( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"/policies"}, nil), - ) - - results, err := scanner.ScanInput(context.TODO(), Input{ - Path: "/evil.lol", - Contents: map[string]interface{}{ - "evil": true, - }, - FS: srcFS, - }) - require.NoError(t, err) - - require.Equal(t, 1, len(results.GetFailed())) - assert.Equal(t, 0, len(results.GetPassed())) - assert.Equal(t, 0, len(results.GetIgnored())) - - assert.Equal(t, "/evil.lol", results.GetFailed()[0].Metadata().Range().GetFilename()) - assert.False(t, results.GetFailed()[0].IsWarning()) -} - -func Test_RegoScanning_Warn(t *testing.T) { - - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": ` -package defsec.test - -warn { - input.evil -} -`, - }) - - scanner := NewScanner(types.SourceJSON) - require.NoError( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - ) - - results, err := scanner.ScanInput(context.TODO(), Input{ - Path: "/evil.lol", - Contents: map[string]interface{}{ - "evil": true, - }, - }) - require.NoError(t, err) - - require.Equal(t, 1, len(results.GetFailed())) - require.Equal(t, 0, len(results.GetPassed())) - require.Equal(t, 0, len(results.GetIgnored())) - - assert.True(t, results.GetFailed()[0].IsWarning()) -} - -func Test_RegoScanning_Allow(t *testing.T) { - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": ` -package defsec.test - -deny { - input.evil -} -`, - }) - - scanner := NewScanner(types.SourceJSON) - require.NoError( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - ) - - results, err := scanner.ScanInput(context.TODO(), Input{ - Path: "/evil.lol", - Contents: map[string]interface{}{ - "evil": false, - }, - }) - require.NoError(t, err) - - assert.Equal(t, 0, len(results.GetFailed())) - require.Equal(t, 1, len(results.GetPassed())) - assert.Equal(t, 0, len(results.GetIgnored())) - - assert.Equal(t, "/evil.lol", results.GetPassed()[0].Metadata().Range().GetFilename()) -} - -func Test_RegoScanning_Namespace_Exception(t *testing.T) { - - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": ` -package defsec.test - -deny { - input.evil -} -`, - "policies/exceptions.rego": ` -package namespace.exceptions - -import data.namespaces - -exception[ns] { - ns := data.namespaces[_] - startswith(ns, "defsec") -} -`, - }) - - scanner := NewScanner(types.SourceJSON) - require.NoError( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - ) - - results, err := scanner.ScanInput(context.TODO(), Input{ - Path: "/evil.lol", - Contents: map[string]interface{}{ - "evil": true, - }, - }) - require.NoError(t, err) - - assert.Equal(t, 0, len(results.GetFailed())) - assert.Equal(t, 0, len(results.GetPassed())) - assert.Equal(t, 1, len(results.GetIgnored())) - -} - -func Test_RegoScanning_Namespace_Exception_WithoutMatch(t *testing.T) { - - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": ` -package defsec.test - -deny { - input.evil -} -`, "policies/something.rego": ` -package builtin.test - -deny_something { - input.something -} -`, - "policies/exceptions.rego": ` -package namespace.exceptions - -import data.namespaces - -exception[ns] { - ns := data.namespaces[_] - startswith(ns, "builtin") -} -`, - }) - - scanner := NewScanner(types.SourceJSON) - require.NoError( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - ) - - results, err := scanner.ScanInput(context.TODO(), Input{ - Path: "/evil.lol", - Contents: map[string]interface{}{ - "evil": true, - }, - }) - require.NoError(t, err) - - assert.Equal(t, 1, len(results.GetFailed())) - assert.Equal(t, 0, len(results.GetPassed())) - assert.Equal(t, 1, len(results.GetIgnored())) - -} - -func Test_RegoScanning_Rule_Exception(t *testing.T) { - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": ` -package defsec.test -deny_evil { - input.evil -} -`, - "policies/exceptions.rego": ` -package defsec.test - -exception[rules] { - rules := ["evil"] -} -`, - }) - - scanner := NewScanner(types.SourceJSON) - require.NoError( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - ) - - results, err := scanner.ScanInput(context.TODO(), Input{ - Path: "/evil.lol", - Contents: map[string]interface{}{ - "evil": true, - }, - }) - require.NoError(t, err) - - assert.Equal(t, 0, len(results.GetFailed())) - assert.Equal(t, 0, len(results.GetPassed())) - assert.Equal(t, 1, len(results.GetIgnored())) -} - -func Test_RegoScanning_Rule_Exception_WithoutMatch(t *testing.T) { - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": ` -package defsec.test -deny_evil { - input.evil -} -`, - "policies/exceptions.rego": ` -package defsec.test - -exception[rules] { - rules := ["good"] -} -`, - }) - - scanner := NewScanner(types.SourceJSON) - require.NoError( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - ) - - results, err := scanner.ScanInput(context.TODO(), Input{ - Path: "/evil.lol", - Contents: map[string]interface{}{ - "evil": true, - }, - }) - require.NoError(t, err) - - assert.Equal(t, 1, len(results.GetFailed())) - assert.Equal(t, 0, len(results.GetPassed())) - assert.Equal(t, 0, len(results.GetIgnored())) -} - -func Test_RegoScanning_WithRuntimeValues(t *testing.T) { - - _ = os.Setenv("DEFSEC_RUNTIME_VAL", "AOK") - - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": ` -package defsec.test - -deny_evil { - output := opa.runtime() - output.env.DEFSEC_RUNTIME_VAL == "AOK" -} -`, - }) - - scanner := NewScanner(types.SourceJSON) - require.NoError( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - ) - - results, err := scanner.ScanInput(context.TODO(), Input{ - Path: "/evil.lol", - Contents: map[string]interface{}{ - "evil": true, - }, - }) - require.NoError(t, err) - - assert.Equal(t, 1, len(results.GetFailed())) - assert.Equal(t, 0, len(results.GetPassed())) - assert.Equal(t, 0, len(results.GetIgnored())) -} - -func Test_RegoScanning_WithDenyMessage(t *testing.T) { - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": ` -package defsec.test - -deny[msg] { - input.evil - msg := "oh no" -} -`, - }) - - scanner := NewScanner(types.SourceJSON) - require.NoError( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - ) - - results, err := scanner.ScanInput(context.TODO(), Input{ - Path: "/evil.lol", - Contents: map[string]interface{}{ - "evil": true, - }, - }) - require.NoError(t, err) - - require.Equal(t, 1, len(results.GetFailed())) - assert.Equal(t, 0, len(results.GetPassed())) - assert.Equal(t, 0, len(results.GetIgnored())) - - assert.Equal(t, "oh no", results.GetFailed()[0].Description()) - assert.Equal(t, "/evil.lol", results.GetFailed()[0].Metadata().Range().GetFilename()) -} - -func Test_RegoScanning_WithDenyMetadata_ImpliedPath(t *testing.T) { - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": ` -package defsec.test - -deny[res] { - input.evil - res := { - "msg": "oh no", - "startline": 123, - "endline": 456, - } -} -`, - }) - - scanner := NewScanner(types.SourceJSON) - require.NoError( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - ) - - results, err := scanner.ScanInput(context.TODO(), Input{ - Path: "/evil.lol", - Contents: map[string]interface{}{ - "evil": true, - }, - }) - require.NoError(t, err) - - require.Equal(t, 1, len(results.GetFailed())) - assert.Equal(t, 0, len(results.GetPassed())) - assert.Equal(t, 0, len(results.GetIgnored())) - - assert.Equal(t, "oh no", results.GetFailed()[0].Description()) - assert.Equal(t, "/evil.lol", results.GetFailed()[0].Metadata().Range().GetFilename()) - assert.Equal(t, 123, results.GetFailed()[0].Metadata().Range().GetStartLine()) - assert.Equal(t, 456, results.GetFailed()[0].Metadata().Range().GetEndLine()) - -} - -func Test_RegoScanning_WithDenyMetadata_PersistedPath(t *testing.T) { - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": ` -package defsec.test - -deny[res] { - input.evil - res := { - "msg": "oh no", - "startline": 123, - "endline": 456, - "filepath": "/blah.txt", - } -} -`, - }) - - scanner := NewScanner(types.SourceJSON) - require.NoError( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - ) - - results, err := scanner.ScanInput(context.TODO(), Input{ - Path: "/evil.lol", - Contents: map[string]interface{}{ - "evil": true, - }, - }) - require.NoError(t, err) - - require.Equal(t, 1, len(results.GetFailed())) - assert.Equal(t, 0, len(results.GetPassed())) - assert.Equal(t, 0, len(results.GetIgnored())) - - assert.Equal(t, "oh no", results.GetFailed()[0].Description()) - assert.Equal(t, "/blah.txt", results.GetFailed()[0].Metadata().Range().GetFilename()) - assert.Equal(t, 123, results.GetFailed()[0].Metadata().Range().GetStartLine()) - assert.Equal(t, 456, results.GetFailed()[0].Metadata().Range().GetEndLine()) - -} - -func Test_RegoScanning_WithStaticMetadata(t *testing.T) { - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": ` -package defsec.test - -__rego_metadata__ := { - "id": "AA001", - "avd_id": "AVD-XX-9999", - "title": "This is a title", - "short_code": "short-code", - "severity": "LOW", - "type": "Dockerfile Security Check", - "description": "This is a description", - "recommended_actions": "This is a recommendation", - "url": "https://google.com", -} - -deny[res] { - input.evil - res := { - "msg": "oh no", - "startline": 123, - "endline": 456, - "filepath": "/blah.txt", - } -} -`, - }) - - scanner := NewScanner(types.SourceJSON) - require.NoError( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - ) - - results, err := scanner.ScanInput(context.TODO(), Input{ - Path: "/evil.lol", - Contents: map[string]interface{}{ - "evil": true, - }, - }) - require.NoError(t, err) - - require.Equal(t, 1, len(results.GetFailed())) - assert.Equal(t, 0, len(results.GetPassed())) - assert.Equal(t, 0, len(results.GetIgnored())) - - failure := results.GetFailed()[0] - - assert.Equal(t, "oh no", failure.Description()) - assert.Equal(t, "/blah.txt", failure.Metadata().Range().GetFilename()) - assert.Equal(t, 123, failure.Metadata().Range().GetStartLine()) - assert.Equal(t, 456, failure.Metadata().Range().GetEndLine()) - assert.Equal(t, "AVD-XX-9999", failure.Rule().AVDID) - assert.True(t, failure.Rule().HasID("AA001")) - assert.Equal(t, "This is a title", failure.Rule().Summary) - assert.Equal(t, severity.Low, failure.Rule().Severity) - assert.Equal(t, "This is a recommendation", failure.Rule().Resolution) - assert.Equal(t, "https://google.com", failure.Rule().Links[0]) - -} - -func Test_RegoScanning_WithMatchingInputSelector(t *testing.T) { - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": ` -package defsec.test - -__rego_input__ := { - "selector": [{"type": "json"}], -} - -deny { - input.evil -} - -`, - }) - - scanner := NewScanner(types.SourceJSON) - require.NoError( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - ) - - results, err := scanner.ScanInput(context.TODO(), Input{ - Path: "/evil.lol", - Contents: map[string]interface{}{ - "evil": true, - }, - }) - require.NoError(t, err) - - assert.Equal(t, 1, len(results.GetFailed())) - assert.Equal(t, 0, len(results.GetPassed())) - assert.Equal(t, 0, len(results.GetIgnored())) -} - -func Test_RegoScanning_WithNonMatchingInputSelector(t *testing.T) { - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": ` -package defsec.test - -__rego_input__ := { - "selector": [{"type": "testing"}], -} - -deny { - input.evil -} -`, - }) - - scanner := NewScanner(types.SourceJSON) - require.NoError( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - ) - - results, err := scanner.ScanInput(context.TODO(), Input{ - Path: "/evil.lol", - Contents: map[string]interface{}{ - "evil": true, - }, - }) - require.NoError(t, err) - - assert.Equal(t, 0, len(results.GetFailed())) - assert.Equal(t, 0, len(results.GetPassed())) - assert.Equal(t, 0, len(results.GetIgnored())) -} - -func Test_RegoScanning_NoTracingByDefault(t *testing.T) { - - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": ` -package defsec.test - -deny { - input.evil -} -`, - }) - - scanner := NewScanner(types.SourceJSON) - require.NoError( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - ) - - results, err := scanner.ScanInput(context.TODO(), Input{ - Path: "/evil.lol", - Contents: map[string]interface{}{ - "evil": true, - }, - }) - require.NoError(t, err) - - assert.Equal(t, 1, len(results.GetFailed())) - assert.Equal(t, 0, len(results.GetPassed())) - assert.Equal(t, 0, len(results.GetIgnored())) - - assert.Len(t, results.GetFailed()[0].Traces(), 0) -} - -func Test_RegoScanning_GlobalTracingEnabled(t *testing.T) { - - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": ` -package defsec.test - -deny { - input.evil -} -`, - }) - - traceBuffer := bytes.NewBuffer([]byte{}) - - scanner := NewScanner(types.SourceJSON, options.ScannerWithTrace(traceBuffer)) - require.NoError( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - ) - - results, err := scanner.ScanInput(context.TODO(), Input{ - Path: "/evil.lol", - Contents: map[string]interface{}{ - "evil": true, - }, - }) - require.NoError(t, err) - - assert.Equal(t, 1, len(results.GetFailed())) - assert.Equal(t, 0, len(results.GetPassed())) - assert.Equal(t, 0, len(results.GetIgnored())) - - assert.Len(t, results.GetFailed()[0].Traces(), 0) - assert.Greater(t, len(traceBuffer.Bytes()), 0) -} - -func Test_RegoScanning_PerResultTracingEnabled(t *testing.T) { - - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": ` -package defsec.test - -deny { - input.evil -} -`, - }) - - scanner := NewScanner(types.SourceJSON, options.ScannerWithPerResultTracing(true)) - require.NoError( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - ) - - results, err := scanner.ScanInput(context.TODO(), Input{ - Path: "/evil.lol", - Contents: map[string]interface{}{ - "evil": true, - }, - }) - require.NoError(t, err) - - assert.Equal(t, 1, len(results.GetFailed())) - assert.Equal(t, 0, len(results.GetPassed())) - assert.Equal(t, 0, len(results.GetIgnored())) - - assert.Greater(t, len(results.GetFailed()[0].Traces()), 0) -} - -func Test_dynamicMetadata(t *testing.T) { - - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": ` -package defsec.test - -__rego_metadata__ := { - "title" : sprintf("i am %s",[input.text]) -} - -deny { - input.text -} - -`, - }) - - scanner := NewScanner(types.SourceJSON) - require.NoError( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - ) - - results, err := scanner.ScanInput(context.TODO(), Input{ - Path: "/evil.lol", - Contents: map[string]interface{}{ - "text": "dynamic", - }, - }) - require.NoError(t, err) - assert.Equal(t, results[0].Rule().Summary, "i am dynamic") -} - -func Test_staticMetadata(t *testing.T) { - - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": ` -package defsec.test - -__rego_metadata__ := { - "title" : "i am static" -} - -deny { - input.text -} - -`, - }) - - scanner := NewScanner(types.SourceJSON) - require.NoError( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - ) - - results, err := scanner.ScanInput(context.TODO(), Input{ - Path: "/evil.lol", - Contents: map[string]interface{}{ - "text": "test", - }, - }) - require.NoError(t, err) - assert.Equal(t, results[0].Rule().Summary, "i am static") -} - -func Test_annotationMetadata(t *testing.T) { - - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": `# METADATA -# title: i am a title -# description: i am a description -# related_resources: -# - https://google.com -# custom: -# id: EG123 -# avd_id: AVD-EG-0123 -# severity: LOW -# recommended_action: have a cup of tea -package defsec.test - -deny { - input.text -} - -`, - "policies/test2.rego": `# METADATA -# title: i am another title -package defsec.test2 - -deny { - input.blah -} - -`, - }) - - scanner := NewScanner(types.SourceJSON) - require.NoError( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - ) - - results, err := scanner.ScanInput(context.TODO(), Input{ - Path: "/evil.lol", - Contents: map[string]interface{}{ - "text": "test", - }, - }) - require.NoError(t, err) - require.Len(t, results.GetFailed(), 1) - failure := results.GetFailed()[0].Rule() - assert.Equal(t, "i am a title", failure.Summary) - assert.Equal(t, "i am a description", failure.Explanation) - require.Len(t, failure.Links, 1) - assert.Equal(t, "https://google.com", failure.Links[0]) - assert.Equal(t, "AVD-EG-0123", failure.AVDID) - assert.Equal(t, severity.Low, failure.Severity) - assert.Equal(t, "have a cup of tea", failure.Resolution) -} - -func Test_RegoScanning_WithInvalidInputSchema(t *testing.T) { - - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": `# METADATA -# schemas: -# - input: schema["input"] -package defsec.test - -deny { - input.evil == "lol" -} -`, - }) - - scanner := NewScanner(types.SourceDockerfile) - scanner.SetRegoErrorLimit(0) // override to not allow any errors - assert.ErrorContains( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - "undefined ref: input.evil", - ) -} - -func Test_RegoScanning_WithValidInputSchema(t *testing.T) { - - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": `# METADATA -# schemas: -# - input: schema["input"] -package defsec.test - -deny { - input.Stages[0].Commands[0].Cmd == "lol" -} -`, - }) - - scanner := NewScanner(types.SourceDockerfile) - assert.NoError( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - ) -} - -func Test_RegoScanning_WithFilepathToSchema(t *testing.T) { - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": `# METADATA -# schemas: -# - input: schema["dockerfile"] -package defsec.test - -deny { - input.evil == "lol" -} -`, - }) - scanner := NewScanner(types.SourceJSON) - scanner.SetRegoErrorLimit(0) // override to not allow any errors - assert.ErrorContains( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - "undefined ref: input.evil", - ) -} - -func Test_RegoScanning_CustomData(t *testing.T) { - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": ` -package defsec.test -import data.settings.DS123.foo_bar_baz - -deny { - not foo_bar_baz -} -`, - }) - - dataFS := CreateFS(t, map[string]string{ - "data/data.json": `{ - "settings": { - "DS123":{ - "foo_bar_baz":false - } - } -}`, - "data/junk.txt": "this file should be ignored", - }) - - scanner := NewScanner(types.SourceJSON) - scanner.SetDataFilesystem(dataFS) - scanner.SetDataDirs(".") - - require.NoError( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - ) - - results, err := scanner.ScanInput(context.TODO(), Input{}) - require.NoError(t, err) - - assert.Equal(t, 1, len(results.GetFailed())) - assert.Equal(t, 0, len(results.GetPassed())) - assert.Equal(t, 0, len(results.GetIgnored())) -} - -func Test_RegoScanning_InvalidFS(t *testing.T) { - srcFS := CreateFS(t, map[string]string{ - "policies/test.rego": ` -package defsec.test -import data.settings.DS123.foo_bar_baz - -deny { - not foo_bar_baz -} -`, - }) - - dataFS := CreateFS(t, map[string]string{ - "data/data.json": `{ - "settings": { - "DS123":{ - "foo_bar_baz":false - } - } -}`, - "data/junk.txt": "this file should be ignored", - }) - - scanner := NewScanner(types.SourceJSON) - scanner.SetDataFilesystem(dataFS) - scanner.SetDataDirs("X://") - - require.NoError( - t, - scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), - ) - - results, err := scanner.ScanInput(context.TODO(), Input{}) - require.NoError(t, err) - - assert.Equal(t, 1, len(results.GetFailed())) - assert.Equal(t, 0, len(results.GetPassed())) - assert.Equal(t, 0, len(results.GetIgnored())) -} diff --git a/pkg/rego/schemas/00_schema.go b/pkg/rego/schemas/00_schema.go deleted file mode 100644 index e6674912..00000000 --- a/pkg/rego/schemas/00_schema.go +++ /dev/null @@ -1,22 +0,0 @@ -package schemas - -import _ "embed" - -type Schema string - -var ( - None Schema = "" - Anything Schema = `{}` - - //go:embed dockerfile.json - Dockerfile Schema - - //go:embed kubernetes.json - Kubernetes Schema - - //go:embed rbac.json - RBAC Schema - - //go:embed cloud.json - Cloud Schema -) diff --git a/pkg/rego/schemas/builder.go b/pkg/rego/schemas/builder.go deleted file mode 100644 index 11b37d11..00000000 --- a/pkg/rego/schemas/builder.go +++ /dev/null @@ -1,270 +0,0 @@ -package schemas - -import ( - "fmt" - "reflect" - "strings" - - "github.com/aquasecurity/defsec/pkg/rego/convert" - "github.com/aquasecurity/defsec/pkg/state" -) - -type RawSchema struct { - Type string `json:"type"` // object - Properties map[string]Property `json:"properties,omitempty"` - Defs map[string]*Property `json:"definitions,omitempty"` -} - -type Property struct { - Type string `json:"type,omitempty"` - Ref string `json:"$ref,omitempty"` - Properties map[string]Property `json:"properties,omitempty"` - Items *Property `json:"items,omitempty"` -} - -type builder struct { - schema RawSchema -} - -func Build() (*RawSchema, error) { - - b := newBuilder() - - inputValue := reflect.ValueOf(state.State{}) - - err := b.fromInput(inputValue) - if err != nil { - return nil, err - } - - return &b.schema, nil -} - -func newBuilder() *builder { - return &builder{ - schema: RawSchema{ - Properties: nil, - Defs: nil, - }, - } -} - -func (b *builder) fromInput(inputValue reflect.Value) error { - - prop, err := b.readProperty("", nil, inputValue.Type(), 0) - if err != nil { - return err - } - if prop == nil { - return fmt.Errorf("property is nil") - } - b.schema.Properties = prop.Properties - b.schema.Type = prop.Type - return nil -} - -func refName(name string, parent, t reflect.Type) string { - if t.Name() == "" { // inline struct - return sanitise(parent.PkgPath() + "." + parent.Name() + "." + name) - } - return sanitise(t.PkgPath() + "." + t.Name()) -} - -func sanitise(s string) string { - return strings.ReplaceAll(s, "/", ".") -} - -func (b *builder) readProperty(name string, parent, inputType reflect.Type, indent int) (*Property, error) { - - if inputType.Kind() == reflect.Ptr { - inputType = inputType.Elem() - } - - switch inputType.String() { - case "types.Metadata", "types.Range", "types.Reference": - return nil, nil - } - - if b.schema.Defs != nil { - _, ok := b.schema.Defs[refName(name, parent, inputType)] - if ok { - return &Property{ - Type: "object", - Ref: "#/definitions/" + refName(name, parent, inputType), - }, nil - } - } - - fmt.Println(strings.Repeat(" ", indent) + name) - - switch kind := inputType.Kind(); kind { - case reflect.Struct: - return b.readStruct(name, parent, inputType, indent) - case reflect.Slice: - return b.readSlice(name, parent, inputType, indent) - case reflect.String: - return &Property{ - Type: "string", - }, nil - case reflect.Int: - return &Property{ - Type: "integer", - }, nil - case reflect.Bool: - return &Property{ - Type: "boolean", - }, nil - case reflect.Float32, reflect.Float64: - return &Property{ - Type: "number", - }, nil - } - - switch inputType.Name() { - case "BoolValue": - return &Property{ - Type: "object", - Properties: map[string]Property{ - "value": { - Type: "boolean", - }, - }, - }, nil - case "IntValue": - return &Property{ - Type: "object", - Properties: map[string]Property{ - "value": { - Type: "integer", - }, - }, - }, nil - case "StringValue", "TimeValue", "BytesValue": - return &Property{ - Type: "object", - Properties: map[string]Property{ - "value": { - Type: "string", - }, - }, - }, nil - case "MapValue": - return &Property{ - Type: "object", - Properties: map[string]Property{ - "value": { - Type: "object", - }, - }, - }, nil - - } - - fmt.Printf("WARNING: unsupported type: %s (%s)\n", inputType.Name(), inputType) - return nil, nil -} - -var converterInterface = reflect.TypeOf((*convert.Converter)(nil)).Elem() - -func (b *builder) readStruct(name string, parent, inputType reflect.Type, indent int) (*Property, error) { - - if b.schema.Defs == nil { - b.schema.Defs = map[string]*Property{} - } - - def := &Property{ - Type: "object", - Properties: map[string]Property{}, - } - - if parent != nil { - b.schema.Defs[refName(name, parent, inputType)] = def - } - - if inputType.Implements(converterInterface) { - if inputType.Kind() == reflect.Ptr { - inputType = inputType.Elem() - } - returns := reflect.New(inputType).MethodByName("ToRego").Call(nil) - if err := b.readRego(def, name, parent, returns[0].Type(), returns[0].Interface(), indent); err != nil { - return nil, err - } - } else { - - for i := 0; i < inputType.NumField(); i++ { - field := inputType.Field(i) - prop, err := b.readProperty(field.Name, inputType, field.Type, indent+1) - if err != nil { - return nil, err - } - if prop == nil { - continue - } - key := strings.ToLower(field.Name) - if key == "metadata" { - continue - } - def.Properties[key] = *prop - } - } - - if parent == nil { - return def, nil - } - - return &Property{ - Type: "object", - Ref: "#/definitions/" + refName(name, parent, inputType), - }, nil -} - -func (b *builder) readSlice(name string, parent, inputType reflect.Type, indent int) (*Property, error) { - - items, err := b.readProperty(name, parent, inputType.Elem(), indent+1) - if err != nil { - return nil, err - } - - prop := &Property{ - Type: "array", - Items: items, - } - return prop, nil -} - -func (b *builder) readRego(def *Property, name string, parent reflect.Type, typ reflect.Type, raw interface{}, indent int) error { - - switch cast := raw.(type) { - case map[string]interface{}: - def.Type = "object" - for k, v := range cast { - child := &Property{ - Properties: map[string]Property{}, - } - if err := b.readRego(child, k, reflect.TypeOf(raw), reflect.TypeOf(v), v, indent+1); err != nil { - return err - } - def.Properties[k] = *child - } - case map[string]string: - def.Type = "object" - for k, v := range cast { - child := &Property{ - Properties: map[string]Property{}, - } - if err := b.readRego(child, k, reflect.TypeOf(raw), reflect.TypeOf(v), v, indent+1); err != nil { - return err - } - def.Properties[k] = *child - } - default: - prop, err := b.readProperty(name, parent, typ, indent) - if err != nil { - return err - } - *def = *prop - } - - return nil - -} diff --git a/pkg/rego/schemas/cloud.json b/pkg/rego/schemas/cloud.json deleted file mode 100644 index d6ca8b87..00000000 --- a/pkg/rego/schemas/cloud.json +++ /dev/null @@ -1,6818 +0,0 @@ -{ - "type": "object", - "properties": { - "aws": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.AWS" - }, - "azure": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.Azure" - }, - "cloudstack": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.cloudstack.CloudStack" - }, - "digitalocean": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.DigitalOcean" - }, - "github": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.github.GitHub" - }, - "google": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.Google" - }, - "kubernetes": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.Kubernetes" - }, - "nifcloud": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.Nifcloud" - }, - "openstack": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.OpenStack" - }, - "oracle": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.oracle.Oracle" - } - }, - "definitions": { - "github.com.aquasecurity.defsec.pkg.providers.aws.AWS": { - "type": "object", - "properties": { - "accessanalyzer": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.AccessAnalyzer" - }, - "apigateway": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.APIGateway" - }, - "athena": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.athena.Athena" - }, - "cloudfront": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.Cloudfront" - }, - "cloudtrail": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.CloudTrail" - }, - "cloudwatch": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.CloudWatch" - }, - "codebuild": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.CodeBuild" - }, - "config": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.config.Config" - }, - "documentdb": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.documentdb.DocumentDB" - }, - "dynamodb": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.DynamoDB" - }, - "ec2": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.EC2" - }, - "ecr": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecr.ECR" - }, - "ecs": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.ECS" - }, - "efs": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.efs.EFS" - }, - "eks": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.eks.EKS" - }, - "elasticache": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.ElastiCache" - }, - "elasticsearch": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.Elasticsearch" - }, - "elb": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elb.ELB" - }, - "emr": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.emr.EMR" - }, - "iam": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.IAM" - }, - "kinesis": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.kinesis.Kinesis" - }, - "kms": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.kms.KMS" - }, - "lambda": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Lambda" - }, - "meta": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.Meta" - }, - "mq": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.mq.MQ" - }, - "msk": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.MSK" - }, - "neptune": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.neptune.Neptune" - }, - "rds": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.RDS" - }, - "redshift": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.Redshift" - }, - "s3": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.S3" - }, - "sam": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.SAM" - }, - "sns": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sns.SNS" - }, - "sqs": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sqs.SQS" - }, - "ssm": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ssm.SSM" - }, - "workspaces": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.WorkSpaces" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.AssumeRole": { - "type": "object", - "properties": { - "duration": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "externalid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "policy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "policyarns": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "rolearn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "sessionname": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "sourceidentity": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "tags": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.MapValue" - }, - "transitivetagkeys": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.AssumeRoleWithWebIdentity": { - "type": "object", - "properties": { - "duration": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "policy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "policyarns": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "rolearn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "sessionname": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "webidentitytoken": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "webidentitytokenfile": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.DefaultTags": { - "type": "object", - "properties": { - "tags": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.MapValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.IgnoreTags": { - "type": "object", - "properties": { - "keyprefixes": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "keys": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.Meta": { - "type": "object", - "properties": { - "tfproviders": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.TerraformProvider" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.TerraformProvider": { - "type": "object", - "properties": { - "accesskey": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "alias": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "allowedaccountsids": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "assumerole": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.AssumeRole" - }, - "assumerolewithwebidentity": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.AssumeRoleWithWebIdentity" - }, - "customcabundle": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "defaulttags": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.DefaultTags" - }, - "ec2metadataserviceendpoint": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "ec2metadataserviceendpointmode": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "endpoints": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.MapValue" - }, - "forbiddenaccountids": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "httpproxy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "ignoretags": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.IgnoreTags" - }, - "insecure": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "maxretries": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "profile": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "region": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "retrymode": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "s3useast1regionalendpoint": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "s3usepathstyle": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "secretkey": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "sharedconfigfiles": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "sharedcredentialsfiles": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "skipcredentialsvalidation": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "skipmetadataapicheck": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "skipregionvalidation": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "skiprequestingaccountid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "stsregion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "token": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "usedualstackendpoint": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "usefipsendpoint": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "version": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.AccessAnalyzer": { - "type": "object", - "properties": { - "analyzers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.Analyzer" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.Analyzer": { - "type": "object", - "properties": { - "active": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "arn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "findings": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.Findings" - } - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.Findings": { - "type": "object" - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.APIGateway": { - "type": "object", - "properties": { - "v1": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.APIGateway" - }, - "v2": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.APIGateway" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.API": { - "type": "object", - "properties": { - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "resources": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.Resource" - } - }, - "stages": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.Stage" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.APIGateway": { - "type": "object", - "properties": { - "apis": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.API" - } - }, - "domainnames": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.DomainName" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.AccessLogging": { - "type": "object", - "properties": { - "cloudwatchloggrouparn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.DomainName": { - "type": "object", - "properties": { - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "securitypolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.Method": { - "type": "object", - "properties": { - "apikeyrequired": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "authorizationtype": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "httpmethod": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.RESTMethodSettings": { - "type": "object", - "properties": { - "cachedataencrypted": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "cacheenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "method": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.Resource": { - "type": "object", - "properties": { - "methods": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.Method" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.Stage": { - "type": "object", - "properties": { - "accesslogging": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.AccessLogging" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "restmethodsettings": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.RESTMethodSettings" - } - }, - "xraytracingenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.API": { - "type": "object", - "properties": { - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "protocoltype": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "stages": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.Stage" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.APIGateway": { - "type": "object", - "properties": { - "apis": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.API" - } - }, - "domainnames": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.DomainName" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.AccessLogging": { - "type": "object", - "properties": { - "cloudwatchloggrouparn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.DomainName": { - "type": "object", - "properties": { - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "securitypolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.Stage": { - "type": "object", - "properties": { - "accesslogging": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.AccessLogging" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.athena.Athena": { - "type": "object", - "properties": { - "databases": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.athena.Database" - } - }, - "workgroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.athena.Workgroup" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.athena.Database": { - "type": "object", - "properties": { - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.athena.EncryptionConfiguration" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.athena.EncryptionConfiguration": { - "type": "object", - "properties": { - "type": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.athena.Workgroup": { - "type": "object", - "properties": { - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.athena.EncryptionConfiguration" - }, - "enforceconfiguration": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.CacheBehaviour": { - "type": "object", - "properties": { - "viewerprotocolpolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.Cloudfront": { - "type": "object", - "properties": { - "distributions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.Distribution" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.Distribution": { - "type": "object", - "properties": { - "defaultcachebehaviour": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.CacheBehaviour" - }, - "logging": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.Logging" - }, - "orderercachebehaviours": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.CacheBehaviour" - } - }, - "viewercertificate": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.ViewerCertificate" - }, - "wafid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.Logging": { - "type": "object", - "properties": { - "bucket": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.ViewerCertificate": { - "type": "object", - "properties": { - "cloudfrontdefaultcertificate": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "minimumprotocolversion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "sslsupportmethod": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.CloudTrail": { - "type": "object", - "properties": { - "trails": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.Trail" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.DataResource": { - "type": "object", - "properties": { - "type": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "values": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.EventSelector": { - "type": "object", - "properties": { - "dataresources": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.DataResource" - } - }, - "readwritetype": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.Trail": { - "type": "object", - "properties": { - "bucketname": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "cloudwatchlogsloggrouparn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "enablelogfilevalidation": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "eventselectors": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.EventSelector" - } - }, - "islogging": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "ismultiregion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.Alarm": { - "type": "object", - "properties": { - "alarmname": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "dimensions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.AlarmDimension" - } - }, - "metricname": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "metrics": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.MetricDataQuery" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.AlarmDimension": { - "type": "object", - "properties": { - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "value": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.CloudWatch": { - "type": "object", - "properties": { - "alarms": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.Alarm" - } - }, - "loggroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.LogGroup" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.LogGroup": { - "type": "object", - "properties": { - "arn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "metricfilters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.MetricFilter" - } - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "retentionindays": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.MetricDataQuery": { - "type": "object", - "properties": { - "expression": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "id": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.MetricFilter": { - "type": "object", - "properties": { - "filtername": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "filterpattern": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.ArtifactSettings": { - "type": "object", - "properties": { - "encryptionenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.CodeBuild": { - "type": "object", - "properties": { - "projects": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.Project" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.Project": { - "type": "object", - "properties": { - "artifactsettings": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.ArtifactSettings" - }, - "secondaryartifactsettings": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.ArtifactSettings" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.config.Config": { - "type": "object", - "properties": { - "configurationaggregrator": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.config.ConfigurationAggregrator" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.config.ConfigurationAggregrator": { - "type": "object", - "properties": { - "sourceallregions": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.documentdb.Cluster": { - "type": "object", - "properties": { - "backupretentionperiod": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "enabledlogexports": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "identifier": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "instances": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.documentdb.Instance" - } - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "storageencrypted": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.documentdb.DocumentDB": { - "type": "object", - "properties": { - "clusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.documentdb.Cluster" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.documentdb.Instance": { - "type": "object", - "properties": { - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.DAXCluster": { - "type": "object", - "properties": { - "pointintimerecovery": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "serversideencryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.ServerSideEncryption" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.DynamoDB": { - "type": "object", - "properties": { - "daxclusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.DAXCluster" - } - }, - "tables": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.Table" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.ServerSideEncryption": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.Table": { - "type": "object", - "properties": { - "pointintimerecovery": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "serversideencryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.ServerSideEncryption" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.BlockDevice": { - "type": "object", - "properties": { - "encrypted": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.EC2": { - "type": "object", - "properties": { - "instances": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Instance" - } - }, - "launchconfigurations": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.LaunchConfiguration" - } - }, - "launchtemplates": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.LaunchTemplate" - } - }, - "networkacls": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.NetworkACL" - } - }, - "securitygroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroup" - } - }, - "subnets": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Subnet" - } - }, - "volumes": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Volume" - } - }, - "vpcs": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.VPC" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Encryption": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Instance": { - "type": "object", - "properties": { - "ebsblockdevices": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.BlockDevice" - } - }, - "metadataoptions": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.MetadataOptions" - }, - "rootblockdevice": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.BlockDevice" - }, - "securitygroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroup" - } - }, - "userdata": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.LaunchConfiguration": { - "type": "object", - "properties": { - "associatepublicip": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "ebsblockdevices": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.BlockDevice" - } - }, - "metadataoptions": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.MetadataOptions" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "rootblockdevice": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.BlockDevice" - }, - "userdata": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.LaunchTemplate": { - "type": "object", - "properties": { - "instance": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Instance" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.MetadataOptions": { - "type": "object", - "properties": { - "httpendpoint": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "httptokens": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.NetworkACL": { - "type": "object", - "properties": { - "isdefaultrule": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "rules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.NetworkACLRule" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.NetworkACLRule": { - "type": "object", - "properties": { - "action": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "cidrs": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "protocol": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "type": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroup": { - "type": "object", - "properties": { - "description": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "egressrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroupRule" - } - }, - "ingressrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroupRule" - } - }, - "isdefault": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "vpcid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroupRule": { - "type": "object", - "properties": { - "cidrs": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "description": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Subnet": { - "type": "object", - "properties": { - "mappubliciponlaunch": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.VPC": { - "type": "object", - "properties": { - "flowlogsenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "id": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "isdefault": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "securitygroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroup" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Volume": { - "type": "object", - "properties": { - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Encryption" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecr.ECR": { - "type": "object", - "properties": { - "repositories": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecr.Repository" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecr.Encryption": { - "type": "object", - "properties": { - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "type": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecr.ImageScanning": { - "type": "object", - "properties": { - "scanonpush": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecr.Repository": { - "type": "object", - "properties": { - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecr.Encryption" - }, - "imagescanning": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecr.ImageScanning" - }, - "imagetagsimmutable": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "policies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.Cluster": { - "type": "object", - "properties": { - "settings": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.ClusterSettings" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.ClusterSettings": { - "type": "object", - "properties": { - "containerinsightsenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.ContainerDefinition": { - "type": "object", - "properties": { - "cpu": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "environment": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.EnvVar" - } - }, - "essential": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "image": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "memory": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "portmappings": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.PortMapping" - } - }, - "privileged": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.ECS": { - "type": "object", - "properties": { - "clusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.Cluster" - } - }, - "taskdefinitions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.TaskDefinition" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.EFSVolumeConfiguration": { - "type": "object", - "properties": { - "transitencryptionenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.EnvVar": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.PortMapping": { - "type": "object", - "properties": { - "containerport": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "hostport": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.TaskDefinition": { - "type": "object", - "properties": { - "containerdefinitions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.ContainerDefinition" - } - }, - "volumes": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.Volume" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.Volume": { - "type": "object", - "properties": { - "efsvolumeconfiguration": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.EFSVolumeConfiguration" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.efs.EFS": { - "type": "object", - "properties": { - "filesystems": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.efs.FileSystem" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.efs.FileSystem": { - "type": "object", - "properties": { - "encrypted": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.eks.Cluster": { - "type": "object", - "properties": { - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.eks.Encryption" - }, - "logging": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.eks.Logging" - }, - "publicaccesscidrs": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "publicaccessenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.eks.EKS": { - "type": "object", - "properties": { - "clusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.eks.Cluster" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.eks.Encryption": { - "type": "object", - "properties": { - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "secrets": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.eks.Logging": { - "type": "object", - "properties": { - "api": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "audit": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "authenticator": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "controllermanager": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "scheduler": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.Cluster": { - "type": "object", - "properties": { - "engine": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "nodetype": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "snapshotretentionlimit": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.ElastiCache": { - "type": "object", - "properties": { - "clusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.Cluster" - } - }, - "replicationgroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.ReplicationGroup" - } - }, - "securitygroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.SecurityGroup" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.ReplicationGroup": { - "type": "object", - "properties": { - "atrestencryptionenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "transitencryptionenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.SecurityGroup": { - "type": "object", - "properties": { - "description": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.AtRestEncryption": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.Domain": { - "type": "object", - "properties": { - "accesspolicies": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "atrestencryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.AtRestEncryption" - }, - "dedicatedmasterenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "domainname": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "endpoint": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.Endpoint" - }, - "logpublishing": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.LogPublishing" - }, - "servicesoftwareoptions": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.ServiceSoftwareOptions" - }, - "transitencryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.TransitEncryption" - }, - "vpcid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.Elasticsearch": { - "type": "object", - "properties": { - "domains": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.Domain" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.Endpoint": { - "type": "object", - "properties": { - "enforcehttps": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "tlspolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.LogPublishing": { - "type": "object", - "properties": { - "auditenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "cloudwatchloggrouparn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.ServiceSoftwareOptions": { - "type": "object", - "properties": { - "currentversion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "newversion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "updateavailable": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "updatestatus": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.TransitEncryption": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elb.Action": { - "type": "object", - "properties": { - "type": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elb.ELB": { - "type": "object", - "properties": { - "loadbalancers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elb.LoadBalancer" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elb.Listener": { - "type": "object", - "properties": { - "defaultactions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elb.Action" - } - }, - "protocol": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "tlspolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elb.LoadBalancer": { - "type": "object", - "properties": { - "dropinvalidheaderfields": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "internal": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "listeners": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elb.Listener" - } - }, - "type": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.emr.Cluster": { - "type": "object", - "properties": { - "settings": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.emr.ClusterSettings" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.emr.ClusterSettings": { - "type": "object", - "properties": { - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "releaselabel": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "servicerole": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.emr.EMR": { - "type": "object", - "properties": { - "clusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.emr.Cluster" - } - }, - "securityconfiguration": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.emr.SecurityConfiguration" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.emr.SecurityConfiguration": { - "type": "object", - "properties": { - "configuration": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.AccessKey": { - "type": "object", - "properties": { - "accesskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "active": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "creationdate": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" - }, - "lastaccess": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.Document": { - "type": "object", - "properties": { - "endline": { - "type": "integer" - }, - "explicit": { - "type": "boolean" - }, - "filepath": { - "type": "string" - }, - "fskey": { - "type": "string" - }, - "managed": { - "type": "boolean" - }, - "startline": { - "type": "integer" - }, - "value": { - "type": "string" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.Group": { - "type": "object", - "properties": { - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "policies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" - } - }, - "users": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.User" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.IAM": { - "type": "object", - "properties": { - "groups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Group" - } - }, - "passwordpolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.PasswordPolicy" - }, - "policies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" - } - }, - "roles": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Role" - } - }, - "servercertificates": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.ServerCertificate" - } - }, - "users": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.User" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.MFADevice": { - "type": "object", - "properties": { - "isvirtual": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.PasswordPolicy": { - "type": "object", - "properties": { - "maxagedays": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "minimumlength": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "requirelowercase": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "requirenumbers": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "requiresymbols": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "requireuppercase": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "reusepreventioncount": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy": { - "type": "object", - "properties": { - "builtin": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "document": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Document" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.Role": { - "type": "object", - "properties": { - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "policies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.ServerCertificate": { - "type": "object", - "properties": { - "expiration": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.User": { - "type": "object", - "properties": { - "accesskeys": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.AccessKey" - } - }, - "groups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Group" - } - }, - "lastaccess": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" - }, - "mfadevices": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.MFADevice" - } - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "policies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.kinesis.Encryption": { - "type": "object", - "properties": { - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "type": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.kinesis.Kinesis": { - "type": "object", - "properties": { - "streams": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.kinesis.Stream" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.kinesis.Stream": { - "type": "object", - "properties": { - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.kinesis.Encryption" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.kms.KMS": { - "type": "object", - "properties": { - "keys": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.kms.Key" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.kms.Key": { - "type": "object", - "properties": { - "rotationenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "usage": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Function": { - "type": "object", - "properties": { - "permissions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Permission" - } - }, - "tracing": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Tracing" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Lambda": { - "type": "object", - "properties": { - "functions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Function" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Permission": { - "type": "object", - "properties": { - "principal": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "sourcearn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Tracing": { - "type": "object", - "properties": { - "mode": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.mq.Broker": { - "type": "object", - "properties": { - "logging": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.mq.Logging" - }, - "publicaccess": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.mq.Logging": { - "type": "object", - "properties": { - "audit": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "general": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.mq.MQ": { - "type": "object", - "properties": { - "brokers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.mq.Broker" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.BrokerLogging": { - "type": "object", - "properties": { - "cloudwatch": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.CloudwatchLogging" - }, - "firehose": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.FirehoseLogging" - }, - "s3": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.S3Logging" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.CloudwatchLogging": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.Cluster": { - "type": "object", - "properties": { - "encryptionatrest": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.EncryptionAtRest" - }, - "encryptionintransit": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.EncryptionInTransit" - }, - "logging": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.Logging" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.EncryptionAtRest": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "kmskeyarn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.EncryptionInTransit": { - "type": "object", - "properties": { - "clientbroker": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.FirehoseLogging": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.Logging": { - "type": "object", - "properties": { - "broker": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.BrokerLogging" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.MSK": { - "type": "object", - "properties": { - "clusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.Cluster" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.S3Logging": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.neptune.Cluster": { - "type": "object", - "properties": { - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "logging": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.neptune.Logging" - }, - "storageencrypted": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.neptune.Logging": { - "type": "object", - "properties": { - "audit": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.neptune.Neptune": { - "type": "object", - "properties": { - "clusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.neptune.Cluster" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.Classic": { - "type": "object", - "properties": { - "dbsecuritygroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.DBSecurityGroup" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.Cluster": { - "type": "object", - "properties": { - "availabilityzones": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "backupretentionperioddays": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "deletionprotection": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Encryption" - }, - "engine": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "instances": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.ClusterInstance" - } - }, - "latestrestorabletime": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" - }, - "performanceinsights": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.PerformanceInsights" - }, - "publicaccess": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "replicationsourcearn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "skipfinalsnapshot": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.ClusterInstance": { - "type": "object", - "properties": { - "clusteridentifier": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "instance": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Instance" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.DBParameterGroupsList": { - "type": "object", - "properties": { - "dbparametergroupname": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.DBSecurityGroup": { - "type": "object" - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.DBSnapshotAttributes": { - "type": "object", - "properties": { - "attributevalues": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.Encryption": { - "type": "object", - "properties": { - "encryptstorage": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.Instance": { - "type": "object", - "properties": { - "autominorversionupgrade": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "backupretentionperioddays": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "dbinstancearn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "dbinstanceidentifier": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "dbparametergroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.DBParameterGroupsList" - } - }, - "deletionprotection": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "enabledcloudwatchlogsexports": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Encryption" - }, - "engine": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "engineversion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "iamauthenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "latestrestorabletime": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" - }, - "multiaz": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "performanceinsights": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.PerformanceInsights" - }, - "publicaccess": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "publiclyaccessible": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "readreplicadbinstanceidentifiers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "replicationsourcearn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "storageencrypted": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "taglist": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.TagList" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.ParameterGroups": { - "type": "object", - "properties": { - "dbparametergroupfamily": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "dbparametergroupname": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "parameters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Parameters" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.Parameters": { - "type": "object", - "properties": { - "parametername": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "parametervalue": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.PerformanceInsights": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.RDS": { - "type": "object", - "properties": { - "classic": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Classic" - }, - "clusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Cluster" - } - }, - "instances": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Instance" - } - }, - "parametergroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.ParameterGroups" - } - }, - "snapshots": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Snapshots" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.Snapshots": { - "type": "object", - "properties": { - "dbsnapshotarn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "dbsnapshotidentifier": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "encrypted": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "snapshotattributes": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.DBSnapshotAttributes" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.TagList": { - "type": "object" - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.Cluster": { - "type": "object", - "properties": { - "allowversionupgrade": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "automatedsnapshotretentionperiod": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "clusteridentifier": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.Encryption" - }, - "endpoint": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.EndPoint" - }, - "loggingenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "masterusername": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "nodetype": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "numberofnodes": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "publiclyaccessible": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "subnetgroupname": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "vpcid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.ClusterParameter": { - "type": "object", - "properties": { - "parametername": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "parametervalue": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.Encryption": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.EndPoint": { - "type": "object", - "properties": { - "port": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.Redshift": { - "type": "object", - "properties": { - "clusterparameters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.ClusterParameter" - } - }, - "clusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.Cluster" - } - }, - "reservednodes": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.ReservedNode" - } - }, - "securitygroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.SecurityGroup" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.ReservedNode": { - "type": "object", - "properties": { - "nodetype": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.SecurityGroup": { - "type": "object", - "properties": { - "description": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Bucket": { - "type": "object", - "properties": { - "accelerateconfigurationstatus": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "acl": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "bucketlocation": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "bucketpolicies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" - } - }, - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Encryption" - }, - "lifecycleconfiguration": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Rules" - } - }, - "logging": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Logging" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "objects": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Contents" - } - }, - "publicaccessblock": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.PublicAccessBlock" - }, - "versioning": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Versioning" - }, - "website": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Website" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Contents": { - "type": "object" - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Encryption": { - "type": "object", - "properties": { - "algorithm": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Logging": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "targetbucket": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.PublicAccessBlock": { - "type": "object", - "properties": { - "blockpublicacls": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "blockpublicpolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "ignorepublicacls": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "restrictpublicbuckets": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Rules": { - "type": "object", - "properties": { - "status": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.S3": { - "type": "object", - "properties": { - "buckets": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Bucket" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Versioning": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "mfadelete": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Website": { - "type": "object" - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.API": { - "type": "object", - "properties": { - "accesslogging": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.AccessLogging" - }, - "domainconfiguration": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.DomainConfiguration" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "restmethodsettings": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.RESTMethodSettings" - }, - "tracingenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.AccessLogging": { - "type": "object", - "properties": { - "cloudwatchloggrouparn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.Application": { - "type": "object", - "properties": { - "location": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.Location" - }, - "locationpath": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.DomainConfiguration": { - "type": "object", - "properties": { - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "securitypolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.Function": { - "type": "object", - "properties": { - "functionname": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "managedpolicies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "policies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" - } - }, - "tracing": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.HttpAPI": { - "type": "object", - "properties": { - "accesslogging": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.AccessLogging" - }, - "defaultroutesettings": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.RouteSettings" - }, - "domainconfiguration": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.DomainConfiguration" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.Location": { - "type": "object", - "properties": { - "applicationid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "semanticversion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.LoggingConfiguration": { - "type": "object", - "properties": { - "loggingenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.RESTMethodSettings": { - "type": "object", - "properties": { - "cachedataencrypted": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "datatraceenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "loggingenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "metricsenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.RouteSettings": { - "type": "object", - "properties": { - "datatraceenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "detailedmetricsenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "loggingenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.SAM": { - "type": "object", - "properties": { - "apis": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.API" - } - }, - "applications": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.Application" - } - }, - "functions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.Function" - } - }, - "httpapis": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.HttpAPI" - } - }, - "simpletables": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.SimpleTable" - } - }, - "statemachines": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.StateMachine" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.SSESpecification": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "kmsmasterkeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.SimpleTable": { - "type": "object", - "properties": { - "ssespecification": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.SSESpecification" - }, - "tablename": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.StateMachine": { - "type": "object", - "properties": { - "loggingconfiguration": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.LoggingConfiguration" - }, - "managedpolicies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "policies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" - } - }, - "tracing": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.TracingConfiguration" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.TracingConfiguration": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sns.Encryption": { - "type": "object", - "properties": { - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sns.SNS": { - "type": "object", - "properties": { - "topics": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sns.Topic" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sns.Topic": { - "type": "object", - "properties": { - "arn": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sns.Encryption" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sqs.Encryption": { - "type": "object", - "properties": { - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "managedencryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sqs.Queue": { - "type": "object", - "properties": { - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sqs.Encryption" - }, - "policies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" - } - }, - "queueurl": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sqs.SQS": { - "type": "object", - "properties": { - "queues": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sqs.Queue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ssm.SSM": { - "type": "object", - "properties": { - "secrets": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ssm.Secret" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ssm.Secret": { - "type": "object", - "properties": { - "kmskeyid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.Encryption": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.Volume": { - "type": "object", - "properties": { - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.Encryption" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.WorkSpace": { - "type": "object", - "properties": { - "rootvolume": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.Volume" - }, - "uservolume": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.Volume" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.WorkSpaces": { - "type": "object", - "properties": { - "workspaces": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.WorkSpace" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.Azure": { - "type": "object", - "properties": { - "appservice": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.appservice.AppService" - }, - "authorization": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.authorization.Authorization" - }, - "compute": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.Compute" - }, - "container": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.container.Container" - }, - "database": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.Database" - }, - "datafactory": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.datafactory.DataFactory" - }, - "datalake": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.datalake.DataLake" - }, - "keyvault": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.KeyVault" - }, - "monitor": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.monitor.Monitor" - }, - "network": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.Network" - }, - "securitycenter": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.securitycenter.SecurityCenter" - }, - "storage": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.storage.Storage" - }, - "synapse": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.synapse.Synapse" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.appservice.AppService": { - "type": "object", - "properties": { - "functionapps": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.appservice.FunctionApp" - } - }, - "services": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.appservice.FunctionApp": { - "type": "object", - "properties": { - "httpsonly": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service": { - "type": "object", - "properties": { - "authentication": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service.Authentication" - }, - "enableclientcert": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "identity": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service.Identity" - }, - "site": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service.Site" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service.Authentication": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service.Identity": { - "type": "object", - "properties": { - "type": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service.Site": { - "type": "object", - "properties": { - "enablehttp2": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "minimumtlsversion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.authorization.Authorization": { - "type": "object", - "properties": { - "roledefinitions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.authorization.RoleDefinition" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.authorization.Permission": { - "type": "object", - "properties": { - "actions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.authorization.RoleDefinition": { - "type": "object", - "properties": { - "assignablescopes": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "permissions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.authorization.Permission" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.compute.Compute": { - "type": "object", - "properties": { - "linuxvirtualmachines": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.LinuxVirtualMachine" - } - }, - "manageddisks": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.ManagedDisk" - } - }, - "windowsvirtualmachines": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.WindowsVirtualMachine" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.compute.Encryption": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.compute.LinuxVirtualMachine": { - "type": "object", - "properties": { - "osprofilelinuxconfig": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.OSProfileLinuxConfig" - }, - "virtualmachine": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.VirtualMachine" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.compute.ManagedDisk": { - "type": "object", - "properties": { - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.Encryption" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.compute.OSProfileLinuxConfig": { - "type": "object", - "properties": { - "disablepasswordauthentication": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.compute.VirtualMachine": { - "type": "object", - "properties": { - "customdata": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.compute.WindowsVirtualMachine": { - "type": "object", - "properties": { - "virtualmachine": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.VirtualMachine" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.container.AddonProfile": { - "type": "object", - "properties": { - "omsagent": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.container.OMSAgent" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.container.Container": { - "type": "object", - "properties": { - "kubernetesclusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.container.KubernetesCluster" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.container.KubernetesCluster": { - "type": "object", - "properties": { - "addonprofile": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.container.AddonProfile" - }, - "apiserverauthorizedipranges": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "enableprivatecluster": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "networkprofile": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.container.NetworkProfile" - }, - "rolebasedaccesscontrol": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.container.RoleBasedAccessControl" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.container.NetworkProfile": { - "type": "object", - "properties": { - "networkpolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.container.OMSAgent": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.container.RoleBasedAccessControl": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.Database": { - "type": "object", - "properties": { - "mariadbservers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.MariaDBServer" - } - }, - "mssqlservers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.MSSQLServer" - } - }, - "mysqlservers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.MySQLServer" - } - }, - "postgresqlservers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.PostgreSQLServer" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.ExtendedAuditingPolicy": { - "type": "object", - "properties": { - "retentionindays": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.FirewallRule": { - "type": "object", - "properties": { - "endip": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "startip": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.MSSQLServer": { - "type": "object", - "properties": { - "extendedauditingpolicies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.ExtendedAuditingPolicy" - } - }, - "securityalertpolicies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.SecurityAlertPolicy" - } - }, - "server": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.Server" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.MariaDBServer": { - "type": "object", - "properties": { - "server": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.Server" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.MySQLServer": { - "type": "object", - "properties": { - "server": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.Server" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.PostgreSQLServer": { - "type": "object", - "properties": { - "config": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.PostgresSQLConfig" - }, - "server": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.Server" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.PostgresSQLConfig": { - "type": "object", - "properties": { - "connectionthrottling": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "logcheckpoints": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "logconnections": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.SecurityAlertPolicy": { - "type": "object", - "properties": { - "disabledalerts": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "emailaccountadmins": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "emailaddresses": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.Server": { - "type": "object", - "properties": { - "enablepublicnetworkaccess": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "enablesslenforcement": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "firewallrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.FirewallRule" - } - }, - "minimumtlsversion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.datafactory.DataFactory": { - "type": "object", - "properties": { - "datafactories": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.datafactory.Factory" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.datafactory.Factory": { - "type": "object", - "properties": { - "enablepublicnetwork": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.datalake.DataLake": { - "type": "object", - "properties": { - "stores": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.datalake.Store" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.datalake.Store": { - "type": "object", - "properties": { - "enableencryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.Key": { - "type": "object", - "properties": { - "expirydate": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.KeyVault": { - "type": "object", - "properties": { - "vaults": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.Vault" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.NetworkACLs": { - "type": "object", - "properties": { - "defaultaction": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.Secret": { - "type": "object", - "properties": { - "contenttype": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "expirydate": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.Vault": { - "type": "object", - "properties": { - "enablepurgeprotection": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "keys": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.Key" - } - }, - "networkacls": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.NetworkACLs" - }, - "secrets": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.Secret" - } - }, - "softdeleteretentiondays": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.monitor.LogProfile": { - "type": "object", - "properties": { - "categories": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "locations": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "retentionpolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.monitor.RetentionPolicy" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.monitor.Monitor": { - "type": "object", - "properties": { - "logprofiles": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.monitor.LogProfile" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.monitor.RetentionPolicy": { - "type": "object", - "properties": { - "days": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.network.Network": { - "type": "object", - "properties": { - "networkwatcherflowlogs": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.NetworkWatcherFlowLog" - } - }, - "securitygroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.SecurityGroup" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.network.NetworkWatcherFlowLog": { - "type": "object", - "properties": { - "retentionpolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.RetentionPolicy" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.network.PortRange": { - "type": "object", - "properties": { - "end": { - "type": "integer" - }, - "start": { - "type": "integer" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.network.RetentionPolicy": { - "type": "object", - "properties": { - "days": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.network.SecurityGroup": { - "type": "object", - "properties": { - "rules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.SecurityGroupRule" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.network.SecurityGroupRule": { - "type": "object", - "properties": { - "allow": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "destinationaddresses": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "destinationports": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.PortRange" - } - }, - "outbound": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "protocol": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "sourceaddresses": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "sourceports": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.PortRange" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.securitycenter.Contact": { - "type": "object", - "properties": { - "enablealertnotifications": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "phone": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.securitycenter.SecurityCenter": { - "type": "object", - "properties": { - "contacts": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.securitycenter.Contact" - } - }, - "subscriptions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.securitycenter.SubscriptionPricing" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.securitycenter.SubscriptionPricing": { - "type": "object", - "properties": { - "tier": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.storage.Account": { - "type": "object", - "properties": { - "containers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.storage.Container" - } - }, - "enforcehttps": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "minimumtlsversion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "networkrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.storage.NetworkRule" - } - }, - "queueproperties": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.storage.QueueProperties" - }, - "queues": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.storage.Queue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.storage.Container": { - "type": "object", - "properties": { - "publicaccess": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.storage.NetworkRule": { - "type": "object", - "properties": { - "allowbydefault": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "bypass": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.storage.Queue": { - "type": "object", - "properties": { - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.storage.QueueProperties": { - "type": "object", - "properties": { - "enablelogging": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.storage.Storage": { - "type": "object", - "properties": { - "accounts": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.storage.Account" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.synapse.Synapse": { - "type": "object", - "properties": { - "workspaces": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.synapse.Workspace" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.azure.synapse.Workspace": { - "type": "object", - "properties": { - "enablemanagedvirtualnetwork": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.cloudstack.CloudStack": { - "type": "object", - "properties": { - "compute": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.cloudstack.compute.Compute" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.cloudstack.compute.Compute": { - "type": "object", - "properties": { - "instances": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.cloudstack.compute.Instance" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.cloudstack.compute.Instance": { - "type": "object", - "properties": { - "userdata": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.DigitalOcean": { - "type": "object", - "properties": { - "compute": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.Compute" - }, - "spaces": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Spaces" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.Compute": { - "type": "object", - "properties": { - "droplets": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.Droplet" - } - }, - "firewalls": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.Firewall" - } - }, - "kubernetesclusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.KubernetesCluster" - } - }, - "loadbalancers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.LoadBalancer" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.Droplet": { - "type": "object", - "properties": { - "sshkeys": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.Firewall": { - "type": "object", - "properties": { - "inboundrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.InboundFirewallRule" - } - }, - "outboundrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.OutboundFirewallRule" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.ForwardingRule": { - "type": "object", - "properties": { - "entryprotocol": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.InboundFirewallRule": { - "type": "object", - "properties": { - "sourceaddresses": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.KubernetesCluster": { - "type": "object", - "properties": { - "autoupgrade": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "surgeupgrade": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.LoadBalancer": { - "type": "object", - "properties": { - "forwardingrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.ForwardingRule" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.OutboundFirewallRule": { - "type": "object", - "properties": { - "destinationaddresses": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Bucket": { - "type": "object", - "properties": { - "acl": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "forcedestroy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "objects": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Object" - } - }, - "versioning": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Versioning" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Object": { - "type": "object", - "properties": { - "acl": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Spaces": { - "type": "object", - "properties": { - "buckets": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Bucket" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Versioning": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.github.BranchProtection": { - "type": "object", - "properties": { - "requiresignedcommits": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.github.EnvironmentSecret": { - "type": "object", - "properties": { - "encryptedvalue": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "environment": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "plaintextvalue": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "repository": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "secretname": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.github.GitHub": { - "type": "object", - "properties": { - "branchprotections": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.github.BranchProtection" - } - }, - "environmentsecrets": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.github.EnvironmentSecret" - } - }, - "repositories": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.github.Repository" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.github.Repository": { - "type": "object", - "properties": { - "archived": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "public": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "vulnerabilityalerts": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.Google": { - "type": "object", - "properties": { - "bigquery": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.bigquery.BigQuery" - }, - "compute": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Compute" - }, - "dns": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.dns.DNS" - }, - "gke": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.GKE" - }, - "iam": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.IAM" - }, - "kms": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.kms.KMS" - }, - "sql": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.SQL" - }, - "storage": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.storage.Storage" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.bigquery.AccessGrant": { - "type": "object", - "properties": { - "domain": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "role": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "specialgroup": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.bigquery.BigQuery": { - "type": "object", - "properties": { - "datasets": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.bigquery.Dataset" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.bigquery.Dataset": { - "type": "object", - "properties": { - "accessgrants": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.bigquery.AccessGrant" - } - }, - "id": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.Compute": { - "type": "object", - "properties": { - "disks": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Disk" - } - }, - "instances": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Instance" - } - }, - "networks": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Network" - } - }, - "projectmetadata": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.ProjectMetadata" - }, - "sslpolicies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.SSLPolicy" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.Disk": { - "type": "object", - "properties": { - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.DiskEncryption" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.DiskEncryption": { - "type": "object", - "properties": { - "kmskeylink": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "rawkey": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BytesValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.EgressRule": { - "type": "object", - "properties": { - "destinationranges": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "firewallrule": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.FirewallRule" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.Firewall": { - "type": "object", - "properties": { - "egressrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.EgressRule" - } - }, - "ingressrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.IngressRule" - } - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "sourcetags": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "targettags": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.FirewallRule": { - "type": "object", - "properties": { - "enforced": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "isallow": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "ports": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - } - }, - "protocol": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.IngressRule": { - "type": "object", - "properties": { - "firewallrule": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.FirewallRule" - }, - "sourceranges": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.Instance": { - "type": "object", - "properties": { - "attacheddisks": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Disk" - } - }, - "bootdisks": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Disk" - } - }, - "canipforward": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "enableprojectsshkeyblocking": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "enableserialport": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "networkinterfaces": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.NetworkInterface" - } - }, - "osloginenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "serviceaccount": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.ServiceAccount" - }, - "shieldedvm": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.ShieldedVMConfig" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.Network": { - "type": "object", - "properties": { - "firewall": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Firewall" - }, - "subnetworks": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.SubNetwork" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.NetworkInterface": { - "type": "object", - "properties": { - "haspublicip": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "natip": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "network": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Network" - }, - "subnetwork": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.SubNetwork" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.ProjectMetadata": { - "type": "object", - "properties": { - "enableoslogin": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.SSLPolicy": { - "type": "object", - "properties": { - "minimumtlsversion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "profile": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.ServiceAccount": { - "type": "object", - "properties": { - "email": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "isdefault": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "scopes": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.ShieldedVMConfig": { - "type": "object", - "properties": { - "integritymonitoringenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "securebootenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "vtpmenabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.SubNetwork": { - "type": "object", - "properties": { - "enableflowlogs": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "purpose": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.dns.DNS": { - "type": "object", - "properties": { - "managedzones": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.dns.ManagedZone" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.dns.DNSSec": { - "type": "object", - "properties": { - "defaultkeyspecs": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.dns.KeySpecs" - } - }, - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.dns.KeySpecs": { - "type": "object", - "properties": { - "algorithm": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "keytype": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.dns.ManagedZone": { - "type": "object", - "properties": { - "dnssec": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.dns.DNSSec" - }, - "visibility": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.ClientCertificate": { - "type": "object", - "properties": { - "issuecertificate": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.Cluster": { - "type": "object", - "properties": { - "enableautpilot": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "enablelegacyabac": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "enableshieldednodes": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "ipallocationpolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.IPAllocationPolicy" - }, - "loggingservice": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "masterauth": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.MasterAuth" - }, - "masterauthorizednetworks": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.MasterAuthorizedNetworks" - }, - "monitoringservice": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "networkpolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.NetworkPolicy" - }, - "nodeconfig": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.NodeConfig" - }, - "nodepools": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.NodePool" - } - }, - "privatecluster": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.PrivateCluster" - }, - "removedefaultnodepool": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "resourcelabels": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.MapValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.GKE": { - "type": "object", - "properties": { - "clusters": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.Cluster" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.IPAllocationPolicy": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.Management": { - "type": "object", - "properties": { - "enableautorepair": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "enableautoupgrade": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.MasterAuth": { - "type": "object", - "properties": { - "clientcertificate": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.ClientCertificate" - }, - "password": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "username": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.MasterAuthorizedNetworks": { - "type": "object", - "properties": { - "cidrs": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.NetworkPolicy": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.NodeConfig": { - "type": "object", - "properties": { - "enablelegacyendpoints": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "imagetype": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "serviceaccount": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "workloadmetadataconfig": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.WorkloadMetadataConfig" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.NodePool": { - "type": "object", - "properties": { - "management": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.Management" - }, - "nodeconfig": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.NodeConfig" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.PrivateCluster": { - "type": "object", - "properties": { - "enableprivatenodes": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.WorkloadMetadataConfig": { - "type": "object", - "properties": { - "nodemetadata": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.iam.Binding": { - "type": "object", - "properties": { - "includesdefaultserviceaccount": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "members": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "role": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.iam.Folder": { - "type": "object", - "properties": { - "bindings": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Binding" - } - }, - "folders": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Folder" - } - }, - "members": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Member" - } - }, - "projects": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Project" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.iam.IAM": { - "type": "object", - "properties": { - "organizations": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Organization" - } - }, - "workloadidentitypoolproviders": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.WorkloadIdentityPoolProvider" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.iam.Member": { - "type": "object", - "properties": { - "defaultserviceaccount": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "member": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "role": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.iam.Organization": { - "type": "object", - "properties": { - "bindings": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Binding" - } - }, - "folders": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Folder" - } - }, - "members": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Member" - } - }, - "projects": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Project" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.iam.Project": { - "type": "object", - "properties": { - "autocreatenetwork": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "bindings": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Binding" - } - }, - "members": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Member" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.iam.WorkloadIdentityPoolProvider": { - "type": "object", - "properties": { - "attributecondition": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "workloadidentitypoolid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "workloadidentitypoolproviderid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.kms.KMS": { - "type": "object", - "properties": { - "keyrings": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.kms.KeyRing" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.kms.Key": { - "type": "object", - "properties": { - "rotationperiodseconds": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.kms.KeyRing": { - "type": "object", - "properties": { - "keys": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.kms.Key" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.sql.Backups": { - "type": "object", - "properties": { - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.sql.DatabaseInstance": { - "type": "object", - "properties": { - "databaseversion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "isreplica": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "settings": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.Settings" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.sql.Flags": { - "type": "object", - "properties": { - "containeddatabaseauthentication": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "crossdbownershipchaining": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "localinfile": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "logcheckpoints": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "logconnections": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "logdisconnections": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "loglockwaits": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "logmindurationstatement": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "logminmessages": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "logtempfilesize": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.sql.IPConfiguration": { - "type": "object", - "properties": { - "authorizednetworks": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.IPConfiguration.AuthorizedNetworks" - } - }, - "enableipv4": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "requiretls": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.sql.IPConfiguration.AuthorizedNetworks": { - "type": "object", - "properties": { - "cidr": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.sql.SQL": { - "type": "object", - "properties": { - "instances": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.DatabaseInstance" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.sql.Settings": { - "type": "object", - "properties": { - "backups": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.Backups" - }, - "flags": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.Flags" - }, - "ipconfiguration": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.IPConfiguration" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.storage.Bucket": { - "type": "object", - "properties": { - "bindings": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Binding" - } - }, - "enableuniformbucketlevelaccess": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "encryption": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.storage.BucketEncryption" - }, - "location": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "members": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Member" - } - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.storage.BucketEncryption": { - "type": "object", - "properties": { - "defaultkmskeyname": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.google.storage.Storage": { - "type": "object", - "properties": { - "buckets": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.storage.Bucket" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.kubernetes.Egress": { - "type": "object", - "properties": { - "destinationcidrs": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "ports": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.Port" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.kubernetes.Ingress": { - "type": "object", - "properties": { - "ports": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.Port" - } - }, - "sourcecidrs": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.kubernetes.Kubernetes": { - "type": "object", - "properties": { - "networkpolicies": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.NetworkPolicy" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.kubernetes.NetworkPolicy": { - "type": "object", - "properties": { - "spec": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.NetworkPolicySpec" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.kubernetes.NetworkPolicySpec": { - "type": "object", - "properties": { - "egress": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.Egress" - }, - "ingress": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.Ingress" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.kubernetes.Port": { - "type": "object", - "properties": { - "number": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "protocol": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.Nifcloud": { - "type": "object", - "properties": { - "computing": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.Computing" - }, - "dns": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.dns.DNS" - }, - "nas": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.nas.NAS" - }, - "network": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.Network" - }, - "rdb": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.rdb.RDB" - }, - "sslcertificate": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.sslcertificate.SSLCertificate" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.Computing": { - "type": "object", - "properties": { - "instances": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.Instance" - } - }, - "securitygroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.SecurityGroup" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.Instance": { - "type": "object", - "properties": { - "networkinterfaces": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.NetworkInterface" - } - }, - "securitygroup": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.NetworkInterface": { - "type": "object", - "properties": { - "networkid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.SecurityGroup": { - "type": "object", - "properties": { - "description": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "egressrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.SecurityGroupRule" - } - }, - "ingressrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.SecurityGroupRule" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.SecurityGroupRule": { - "type": "object", - "properties": { - "cidr": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "description": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.dns.DNS": { - "type": "object", - "properties": { - "records": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.dns.Record" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.dns.Record": { - "type": "object", - "properties": { - "record": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "type": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.nas.NAS": { - "type": "object", - "properties": { - "nasinstances": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.nas.NASInstance" - } - }, - "nassecuritygroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.nas.NASSecurityGroup" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.nas.NASInstance": { - "type": "object", - "properties": { - "networkid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.nas.NASSecurityGroup": { - "type": "object", - "properties": { - "cidrs": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "description": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.ElasticLoadBalancer": { - "type": "object", - "properties": { - "listeners": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.ElasticLoadBalancerListener" - } - }, - "networkinterfaces": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.NetworkInterface" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.ElasticLoadBalancerListener": { - "type": "object", - "properties": { - "protocol": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.LoadBalancer": { - "type": "object", - "properties": { - "listeners": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.LoadBalancerListener" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.LoadBalancerListener": { - "type": "object", - "properties": { - "protocol": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "tlspolicy": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.Network": { - "type": "object", - "properties": { - "elasticloadbalancers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.ElasticLoadBalancer" - } - }, - "loadbalancers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.LoadBalancer" - } - }, - "routers": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.Router" - } - }, - "vpngateways": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.VpnGateway" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.NetworkInterface": { - "type": "object", - "properties": { - "isvipnetwork": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "networkid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.Router": { - "type": "object", - "properties": { - "networkinterfaces": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.NetworkInterface" - } - }, - "securitygroup": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.VpnGateway": { - "type": "object", - "properties": { - "securitygroup": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.rdb.DBInstance": { - "type": "object", - "properties": { - "backupretentionperioddays": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "engine": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "engineversion": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "networkid": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "publicaccess": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.rdb.DBSecurityGroup": { - "type": "object", - "properties": { - "cidrs": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - }, - "description": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.rdb.RDB": { - "type": "object", - "properties": { - "dbinstances": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.rdb.DBInstance" - } - }, - "dbsecuritygroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.rdb.DBSecurityGroup" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.sslcertificate.SSLCertificate": { - "type": "object", - "properties": { - "servercertificates": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.sslcertificate.ServerCertificate" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.sslcertificate.ServerCertificate": { - "type": "object", - "properties": { - "expiration": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.openstack.Compute": { - "type": "object", - "properties": { - "firewall": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.Firewall" - }, - "instances": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.Instance" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.openstack.Firewall": { - "type": "object", - "properties": { - "allowrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.FirewallRule" - } - }, - "denyrules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.FirewallRule" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.openstack.FirewallRule": { - "type": "object", - "properties": { - "destination": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "destinationport": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "enabled": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "source": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "sourceport": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.openstack.Instance": { - "type": "object", - "properties": { - "adminpassword": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.openstack.Networking": { - "type": "object", - "properties": { - "securitygroups": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.SecurityGroup" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.openstack.OpenStack": { - "type": "object", - "properties": { - "compute": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.Compute" - }, - "networking": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.Networking" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.openstack.SecurityGroup": { - "type": "object", - "properties": { - "description": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "name": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "rules": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.SecurityGroupRule" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.openstack.SecurityGroupRule": { - "type": "object", - "properties": { - "cidr": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - }, - "ethertype": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "isingress": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" - }, - "portmax": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "portmin": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" - }, - "protocol": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.oracle.AddressReservation": { - "type": "object", - "properties": { - "pool": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.oracle.Compute": { - "type": "object", - "properties": { - "addressreservations": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.oracle.AddressReservation" - } - } - } - }, - "github.com.aquasecurity.defsec.pkg.providers.oracle.Oracle": { - "type": "object", - "properties": { - "compute": { - "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.oracle.Compute" - } - } - }, - "github.com.aquasecurity.defsec.pkg.types.BoolValue": { - "type": "object", - "properties": { - "endline": { - "type": "integer" - }, - "explicit": { - "type": "boolean" - }, - "filepath": { - "type": "string" - }, - "fskey": { - "type": "string" - }, - "managed": { - "type": "boolean" - }, - "resource": { - "type": "string" - }, - "sourceprefix": { - "type": "string" - }, - "startline": { - "type": "integer" - }, - "value": { - "type": "boolean" - } - } - }, - "github.com.aquasecurity.defsec.pkg.types.BytesValue": { - "type": "object", - "properties": { - "endline": { - "type": "integer" - }, - "explicit": { - "type": "boolean" - }, - "filepath": { - "type": "string" - }, - "fskey": { - "type": "string" - }, - "managed": { - "type": "boolean" - }, - "resource": { - "type": "string" - }, - "sourceprefix": { - "type": "string" - }, - "startline": { - "type": "integer" - }, - "value": { - "type": "string" - } - } - }, - "github.com.aquasecurity.defsec.pkg.types.IntValue": { - "type": "object", - "properties": { - "endline": { - "type": "integer" - }, - "explicit": { - "type": "boolean" - }, - "filepath": { - "type": "string" - }, - "fskey": { - "type": "string" - }, - "managed": { - "type": "boolean" - }, - "resource": { - "type": "string" - }, - "sourceprefix": { - "type": "string" - }, - "startline": { - "type": "integer" - }, - "value": { - "type": "integer" - } - } - }, - "github.com.aquasecurity.defsec.pkg.types.MapValue": { - "type": "object", - "properties": { - "endline": { - "type": "integer" - }, - "explicit": { - "type": "boolean" - }, - "filepath": { - "type": "string" - }, - "fskey": { - "type": "string" - }, - "managed": { - "type": "boolean" - }, - "resource": { - "type": "string" - }, - "sourceprefix": { - "type": "string" - }, - "startline": { - "type": "integer" - }, - "value": { - "type": "object" - } - } - }, - "github.com.aquasecurity.defsec.pkg.types.StringValue": { - "type": "object", - "properties": { - "endline": { - "type": "integer" - }, - "explicit": { - "type": "boolean" - }, - "filepath": { - "type": "string" - }, - "fskey": { - "type": "string" - }, - "managed": { - "type": "boolean" - }, - "resource": { - "type": "string" - }, - "sourceprefix": { - "type": "string" - }, - "startline": { - "type": "integer" - }, - "value": { - "type": "string" - } - } - }, - "github.com.aquasecurity.defsec.pkg.types.TimeValue": { - "type": "object", - "properties": { - "endline": { - "type": "integer" - }, - "explicit": { - "type": "boolean" - }, - "filepath": { - "type": "string" - }, - "fskey": { - "type": "string" - }, - "managed": { - "type": "boolean" - }, - "resource": { - "type": "string" - }, - "sourceprefix": { - "type": "string" - }, - "startline": { - "type": "integer" - }, - "value": { - "type": "string" - } - } - } - } -} \ No newline at end of file diff --git a/pkg/rego/schemas/dockerfile.json b/pkg/rego/schemas/dockerfile.json deleted file mode 100644 index d769cb19..00000000 --- a/pkg/rego/schemas/dockerfile.json +++ /dev/null @@ -1,70 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2020-12/schema", - "$id": "https://github.com/aquasecurity/trivy-policies/blob/main/pkg/rego/schemas/dockerfile.json", - "type": "object", - "properties": { - "Stages": { - "type": "array", - "items": { - "$ref": "#/$defs/stage" - } - } - }, - "$defs": { - "stage": { - "type": "object", - "properties": { - "Name": { - "type": "string" - }, - "Commands": { - "type": "array", - "items": { - "$ref": "#/$defs/command" - } - } - } - }, - "command": { - "type": "object", - "properties": { - "Flags": { - "type": "array", - "items": { - "type": "string" - } - }, - "Value": { - "type": "array", - "items": { - "type": "string" - } - }, - "Cmd": { - "type": "string" - }, - "SubCmd": { - "type": "string" - }, - "Original": { - "type": "string" - }, - "Path": { - "type": "string" - }, - "JSON": { - "type": "boolean" - }, - "Stage": { - "type": "integer" - }, - "StartLine": { - "type": "integer" - }, - "EndLine": { - "type": "integer" - } - } - } - } -} \ No newline at end of file diff --git a/pkg/rego/schemas/kubernetes.json b/pkg/rego/schemas/kubernetes.json deleted file mode 100644 index 1975944b..00000000 --- a/pkg/rego/schemas/kubernetes.json +++ /dev/null @@ -1,51 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2020-12/schema", - "$id": "https://github.com/aquasecurity/trivy-policies/blob/main/pkg/rego/schemas/kubernetes.json", - "type": "object", - "properties": { - "apiVersion": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "metadata": { - "type": "object" - }, - "spec": { - "type": "object" - }, - "rules": { - "type": "array", - "items": { - "type": "object", - "properties": { - "apiGroups": { - "type": "array", - "items": { - "type": "string" - } - }, - "resources": { - "type": "array", - "items": { - "type": "string" - } - }, - "resourceNames": { - "type": "array", - "items": { - "type": "string" - } - }, - "verbs": { - "type": "array", - "items": { - "type": "string" - } - } - } - } - } - } -} \ No newline at end of file diff --git a/pkg/rego/schemas/rbac.json b/pkg/rego/schemas/rbac.json deleted file mode 100644 index c251890f..00000000 --- a/pkg/rego/schemas/rbac.json +++ /dev/null @@ -1,51 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2020-12/schema", - "$id": "https://github.com/aquasecurity/trivy-policies/blob/main/pkg/rego/schemas/rbac.json", - "type": "object", - "properties": { - "apiVersion": { - "type": "string" - }, - "kind": { - "type": "string" - }, - "metadata": { - "type": "object" - }, - "spec": { - "type": "object" - }, - "rules": { - "type": "array", - "items": { - "type": "object", - "properties": { - "apiGroups": { - "type": "array", - "items": { - "type": "string" - } - }, - "resources": { - "type": "array", - "items": { - "type": "string" - } - }, - "resourceNames": { - "type": "array", - "items": { - "type": "string" - } - }, - "verbs": { - "type": "array", - "items": { - "type": "string" - } - } - } - } - } - } -} \ No newline at end of file diff --git a/pkg/rego/schemas/schemas.go b/pkg/rego/schemas/schemas.go deleted file mode 100644 index 1ece0358..00000000 --- a/pkg/rego/schemas/schemas.go +++ /dev/null @@ -1,16 +0,0 @@ -package schemas - -import ( - "github.com/aquasecurity/defsec/pkg/types" -) - -var SchemaMap = map[types.Source]Schema{ - types.SourceDefsec: Cloud, - types.SourceCloud: Cloud, - types.SourceKubernetes: Kubernetes, - types.SourceRbac: Kubernetes, - types.SourceDockerfile: Dockerfile, - types.SourceTOML: Anything, - types.SourceYAML: Anything, - types.SourceJSON: Anything, -} diff --git a/pkg/rego/store.go b/pkg/rego/store.go deleted file mode 100644 index 127b1d8d..00000000 --- a/pkg/rego/store.go +++ /dev/null @@ -1,48 +0,0 @@ -package rego - -import ( - "fmt" - "io/fs" - "os" - "path/filepath" - "strings" - - "github.com/open-policy-agent/opa/loader" - "github.com/open-policy-agent/opa/storage" -) - -// initialise a store populated with OPA data files found in dataPaths -func initStore(dataFS fs.FS, dataPaths, namespaces []string) (storage.Store, error) { - // FilteredPaths will recursively find all file paths that contain a valid document - // extension from the given list of data paths. - allDocumentPaths, _ := loader.FilteredPathsFS(dataFS, dataPaths, func(abspath string, info os.FileInfo, depth int) bool { - if info.IsDir() { - return false // filter in, include - } - ext := strings.ToLower(filepath.Ext(info.Name())) - for _, filter := range []string{ - ".yaml", - ".yml", - ".json", - } { - if filter == ext { - return false // filter in, include - } - } - return true // filter out, exclude - }) - - documents, err := loader.NewFileLoader().WithFS(dataFS).All(allDocumentPaths) - if err != nil { - return nil, fmt.Errorf("load documents: %w", err) - } - - // pass all namespaces so that rego rule can refer to namespaces as data.namespaces - documents.Documents["namespaces"] = namespaces - - store, err := documents.Store() - if err != nil { - return nil, fmt.Errorf("get documents store: %w", err) - } - return store, nil -} diff --git a/pkg/rego/testdata/policies/._sysfile.rego b/pkg/rego/testdata/policies/._sysfile.rego deleted file mode 100644 index e69de29b..00000000 diff --git a/pkg/rego/testdata/policies/invalid.rego b/pkg/rego/testdata/policies/invalid.rego deleted file mode 100644 index a2ef3607..00000000 --- a/pkg/rego/testdata/policies/invalid.rego +++ /dev/null @@ -1,8 +0,0 @@ -# METADATA -# schemas: -# - input: schema["input"] -package defsec.test_invalid - -deny { - input.Stages[0].Commands[0].FooBarNothingBurger == "lol" -} diff --git a/pkg/rego/testdata/policies/valid.rego b/pkg/rego/testdata/policies/valid.rego deleted file mode 100644 index 74a96afe..00000000 --- a/pkg/rego/testdata/policies/valid.rego +++ /dev/null @@ -1,8 +0,0 @@ -# METADATA -# schemas: -# - input: schema["input"] -package defsec.test_valid - -deny { - input.Stages[0].Commands[0].Cmd == "lol" -} diff --git a/pkg/rules/providers.go b/pkg/rules/providers.go deleted file mode 100644 index 60c976fd..00000000 --- a/pkg/rules/providers.go +++ /dev/null @@ -1,169 +0,0 @@ -package rules - -import ( - "encoding/json" - "strings" -) - -type Provider struct { - Name string `json:"name"` - Services []Service `json:"services"` -} - -type Service struct { - Name string `json:"name"` - Checks []Check `json:"checks"` -} - -type Check struct { - Name string `json:"name"` - Description string `json:"description"` -} - -func GetProvidersHierarchy() (providers map[string]map[string][]string) { - - registeredRules := GetRegistered() - - provs := make(map[string]map[string][]string) - - for _, rule := range registeredRules { - - cNames := make(map[string]bool) - pName := strings.ToLower(rule.GetRule().Provider.DisplayName()) - sName := strings.ToLower(rule.GetRule().Service) - cName := rule.GetRule().AVDID - - if _, ok := provs[pName]; !ok { - provs[pName] = make(map[string][]string) - } - - if _, ok := provs[pName][sName]; !ok { - provs[pName][sName] = make([]string, 0) - } - - if _, ok := cNames[cName]; !ok { - cNames[cName] = true - provs[pName][sName] = append(provs[pName][sName], cName) - } - } - - return provs -} - -func GetProviders() (providers []Provider) { - - registeredRules := GetRegistered() - - provs := make(map[string]map[string][]Check) - - for _, rule := range registeredRules { - - pName := strings.ToLower(rule.GetRule().Provider.DisplayName()) - sName := strings.ToLower(rule.GetRule().Service) - cName := rule.GetRule().AVDID - desc := rule.GetRule().Summary - - if _, ok := provs[pName]; !ok { - provs[pName] = make(map[string][]Check) - } - - if _, ok := provs[pName][sName]; !ok { - provs[pName][sName] = []Check{} - } - - provs[pName][sName] = append(provs[pName][sName], Check{ - Name: cName, - Description: desc, - }) - } - - for providerName, providerServices := range provs { - var services []Service - for serviceName, checks := range providerServices { - services = append(services, Service{ - Name: serviceName, - Checks: checks, - }) - } - - providers = append(providers, Provider{ - Name: providerName, - Services: services, - }) - } - - return providers -} - -func GetProvidersAsJson() ([]byte, error) { - - providers := GetProviders() - - return json.MarshalIndent(providers, "", " ") -} - -func GetProviderNames() []string { - - registeredRules := GetRegistered() - - providers := make(map[string]bool) - - for _, rule := range registeredRules { - - if _, ok := providers[rule.GetRule().Provider.DisplayName()]; !ok { - providers[rule.GetRule().Provider.DisplayName()] = true - } - - } - - var uniqueProviders []string - for p := range providers { - uniqueProviders = append(uniqueProviders, p) - } - - return uniqueProviders - -} - -func GetProviderServiceNames(providerName string) []string { - - registeredRules := GetRegistered() - - services := make(map[string]bool) - - for _, rule := range registeredRules { - - if !strings.EqualFold(providerName, rule.GetRule().Provider.DisplayName()) { - continue - } - - if _, ok := services[rule.GetRule().Service]; !ok { - services[rule.GetRule().Service] = true - } - - } - var uniqueServices []string - for p := range services { - uniqueServices = append(uniqueServices, p) - } - - return uniqueServices -} - -func GetProviderServiceCheckNames(providerName string, serviceName string) []string { - - registeredRules := GetRegistered() - - var checks []string - - for _, rule := range registeredRules { - - if !strings.EqualFold(providerName, rule.GetRule().Provider.DisplayName()) || - !strings.EqualFold(serviceName, rule.GetRule().Service) { - continue - } - - checks = append(checks, rule.GetRule().AVDID) - } - return checks -} diff --git a/pkg/rules/register.go b/pkg/rules/register.go deleted file mode 100644 index b03e1a63..00000000 --- a/pkg/rules/register.go +++ /dev/null @@ -1,25 +0,0 @@ -package rules - -import ( - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/scan" - - "github.com/aquasecurity/trivy-iac/internal/rules" - "github.com/aquasecurity/trivy-iac/pkg/types" -) - -func Register(rule scan.Rule) types.RegisteredRule { - return rules.Register(rule) -} - -func Deregister(rule types.RegisteredRule) { - rules.Deregister(rule) -} - -func GetRegistered(fw ...framework.Framework) []types.RegisteredRule { - return rules.GetFrameworkRules(fw...) -} - -func GetSpecRules(spec string) []types.RegisteredRule { - return rules.GetSpecRules(spec) -} diff --git a/pkg/rules/rules.go b/pkg/rules/rules.go deleted file mode 100644 index 3ea9a161..00000000 --- a/pkg/rules/rules.go +++ /dev/null @@ -1,82 +0,0 @@ -package rules - -import ( - trules "github.com/aquasecurity/trivy-policies/pkg/rules" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/accessanalyzer" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/apigateway" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/athena" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/cloudfront" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/cloudtrail" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/cloudwatch" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/codebuild" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/config" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/documentdb" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/dynamodb" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/ec2" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/ecr" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/ecs" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/efs" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/eks" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/elasticache" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/elasticsearch" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/elb" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/emr" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/iam" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/kinesis" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/kms" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/lambda" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/mq" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/msk" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/neptune" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/rds" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/redshift" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/s3" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/sam" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/sns" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/sqs" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/ssm" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/aws/workspaces" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/appservice" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/authorization" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/compute" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/container" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/database" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/datafactory" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/datalake" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/keyvault" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/monitor" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/network" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/securitycenter" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/storage" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/azure/synapse" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/cloudstack/compute" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/digitalocean/compute" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/digitalocean/spaces" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/github/actions" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/github/branch_protections" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/github/repositories" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/google/bigquery" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/google/compute" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/google/dns" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/google/gke" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/google/iam" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/google/kms" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/google/sql" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/google/storage" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/nifcloud/computing" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/nifcloud/dns" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/nifcloud/nas" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/nifcloud/network" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/nifcloud/rdb" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/nifcloud/sslcertificate" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/openstack/compute" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/openstack/networking" - _ "github.com/aquasecurity/trivy-policies/rules/cloud/policies/oracle/compute" - _ "github.com/aquasecurity/trivy-policies/rules/kubernetes/network" -) - -func init() { - for _, r := range trules.GetRules() { - Register(r) - } -} diff --git a/pkg/scanners/azure/arm/scanner.go b/pkg/scanners/azure/arm/scanner.go index 8703c74c..7abd8430 100644 --- a/pkg/scanners/azure/arm/scanner.go +++ b/pkg/scanners/azure/arm/scanner.go @@ -14,10 +14,10 @@ import ( "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/defsec/pkg/rego" + "github.com/aquasecurity/defsec/pkg/rules" "github.com/aquasecurity/defsec/pkg/scanners/options" "github.com/aquasecurity/trivy-iac/internal/adapters/arm" - "github.com/aquasecurity/trivy-iac/pkg/rego" - "github.com/aquasecurity/trivy-iac/pkg/rules" "github.com/aquasecurity/trivy-iac/pkg/scanners" "github.com/aquasecurity/trivy-iac/pkg/scanners/azure" "github.com/aquasecurity/trivy-iac/pkg/scanners/azure/arm/parser" diff --git a/pkg/scanners/cloudformation/scanner.go b/pkg/scanners/cloudformation/scanner.go index 81bbc0d7..f95a5c02 100644 --- a/pkg/scanners/cloudformation/scanner.go +++ b/pkg/scanners/cloudformation/scanner.go @@ -14,9 +14,9 @@ import ( "github.com/aquasecurity/defsec/pkg/scanners/options" "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/defsec/pkg/rego" + "github.com/aquasecurity/defsec/pkg/rules" adapter "github.com/aquasecurity/trivy-iac/internal/adapters/cloudformation" - "github.com/aquasecurity/trivy-iac/pkg/rego" - "github.com/aquasecurity/trivy-iac/pkg/rules" "github.com/aquasecurity/trivy-iac/pkg/scanners" "github.com/aquasecurity/trivy-iac/pkg/scanners/cloudformation/parser" ) diff --git a/pkg/scanners/dockerfile/scanner.go b/pkg/scanners/dockerfile/scanner.go index ddcbb45c..dca7f127 100644 --- a/pkg/scanners/dockerfile/scanner.go +++ b/pkg/scanners/dockerfile/scanner.go @@ -11,8 +11,8 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/defsec/pkg/rego" "github.com/aquasecurity/defsec/pkg/scanners/options" - "github.com/aquasecurity/trivy-iac/pkg/rego" "github.com/aquasecurity/trivy-iac/pkg/scanners" "github.com/aquasecurity/trivy-iac/pkg/scanners/dockerfile/parser" ) diff --git a/pkg/scanners/dockerfile/scanner_test.go b/pkg/scanners/dockerfile/scanner_test.go index e1fc5334..3ca07c3d 100644 --- a/pkg/scanners/dockerfile/scanner_test.go +++ b/pkg/scanners/dockerfile/scanner_test.go @@ -10,9 +10,9 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/aquasecurity/defsec/pkg/rego" + "github.com/aquasecurity/defsec/pkg/rego/schemas" "github.com/aquasecurity/defsec/pkg/scanners/options" - "github.com/aquasecurity/trivy-iac/pkg/rego" - "github.com/aquasecurity/trivy-iac/pkg/rego/schemas" "github.com/aquasecurity/trivy-iac/test/testutil" ) diff --git a/pkg/scanners/helm/scanner.go b/pkg/scanners/helm/scanner.go index f5552011..cb93714d 100644 --- a/pkg/scanners/helm/scanner.go +++ b/pkg/scanners/helm/scanner.go @@ -14,9 +14,9 @@ import ( "github.com/aquasecurity/defsec/pkg/types" "github.com/liamg/memoryfs" + "github.com/aquasecurity/defsec/pkg/rego" "github.com/aquasecurity/defsec/pkg/scanners/options" "github.com/aquasecurity/trivy-iac/pkg/detection" - "github.com/aquasecurity/trivy-iac/pkg/rego" "github.com/aquasecurity/trivy-iac/pkg/scanners" "github.com/aquasecurity/trivy-iac/pkg/scanners/helm/parser" kparser "github.com/aquasecurity/trivy-iac/pkg/scanners/kubernetes/parser" diff --git a/pkg/scanners/json/scanner.go b/pkg/scanners/json/scanner.go index dac15a03..6cc55b3a 100644 --- a/pkg/scanners/json/scanner.go +++ b/pkg/scanners/json/scanner.go @@ -8,10 +8,10 @@ import ( "github.com/aquasecurity/defsec/pkg/debug" "github.com/aquasecurity/defsec/pkg/framework" + "github.com/aquasecurity/defsec/pkg/rego" "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/scanners/options" "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-iac/pkg/rego" "github.com/aquasecurity/trivy-iac/pkg/scanners" "github.com/aquasecurity/trivy-iac/pkg/scanners/json/parser" ) diff --git a/pkg/scanners/kubernetes/scanner.go b/pkg/scanners/kubernetes/scanner.go index bd1b7355..0f11e3b3 100644 --- a/pkg/scanners/kubernetes/scanner.go +++ b/pkg/scanners/kubernetes/scanner.go @@ -10,10 +10,10 @@ import ( "github.com/aquasecurity/defsec/pkg/debug" "github.com/aquasecurity/defsec/pkg/framework" + "github.com/aquasecurity/defsec/pkg/rego" "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/scanners/options" "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-iac/pkg/rego" "github.com/aquasecurity/trivy-iac/pkg/scanners" "github.com/aquasecurity/trivy-iac/pkg/scanners/kubernetes/parser" "github.com/liamg/memoryfs" diff --git a/pkg/scanners/terraform/executor/executor.go b/pkg/scanners/terraform/executor/executor.go index 59331f8f..130e5dde 100644 --- a/pkg/scanners/terraform/executor/executor.go +++ b/pkg/scanners/terraform/executor/executor.go @@ -1,6 +1,7 @@ package executor import ( + "fmt" "runtime" "sort" "strings" @@ -13,9 +14,9 @@ import ( "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/defsec/pkg/rego" + "github.com/aquasecurity/defsec/pkg/rules" adapter "github.com/aquasecurity/trivy-iac/internal/adapters/terraform" - "github.com/aquasecurity/trivy-iac/pkg/rego" - "github.com/aquasecurity/trivy-iac/pkg/rules" ) // Executor scans HCL blocks by running all registered rules against them @@ -134,6 +135,7 @@ func (e *Executor) Execute(modules terraform.Modules) (scan.Results, Metrics, er strings.ToLower(result.Rule().AVDID), result.Rule().ShortCode, } + fmt.Println(">>> aliases: ", result.Rule().Aliases) allIDs = append(allIDs, result.Rule().Aliases...) if e.alternativeIDProviderFunc != nil { diff --git a/pkg/scanners/terraform/executor/executor_test.go b/pkg/scanners/terraform/executor/executor_test.go index 3d4b791b..805185c4 100644 --- a/pkg/scanners/terraform/executor/executor_test.go +++ b/pkg/scanners/terraform/executor/executor_test.go @@ -5,10 +5,10 @@ import ( "testing" "github.com/aquasecurity/defsec/pkg/providers" + "github.com/aquasecurity/defsec/pkg/rules" "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/trivy-iac/pkg/rules" "github.com/aquasecurity/trivy-iac/pkg/scanners/terraform/parser" "github.com/aquasecurity/trivy-iac/test/testutil" "github.com/stretchr/testify/assert" diff --git a/pkg/scanners/terraform/executor/option.go b/pkg/scanners/terraform/executor/option.go index 99411640..54701463 100644 --- a/pkg/scanners/terraform/executor/option.go +++ b/pkg/scanners/terraform/executor/option.go @@ -5,9 +5,9 @@ import ( "github.com/aquasecurity/defsec/pkg/debug" "github.com/aquasecurity/defsec/pkg/framework" + "github.com/aquasecurity/defsec/pkg/rego" "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/trivy-iac/pkg/rego" ) type Option func(s *Executor) diff --git a/pkg/scanners/terraform/executor/pool.go b/pkg/scanners/terraform/executor/pool.go index b386688f..4ea4d08a 100644 --- a/pkg/scanners/terraform/executor/pool.go +++ b/pkg/scanners/terraform/executor/pool.go @@ -9,11 +9,11 @@ import ( "strings" "sync" + "github.com/aquasecurity/defsec/pkg/rego" "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/trivy-iac/pkg/rego" - "github.com/aquasecurity/trivy-iac/pkg/types" + "github.com/aquasecurity/defsec/pkg/types" ) type Pool struct { diff --git a/pkg/scanners/terraform/scanner.go b/pkg/scanners/terraform/scanner.go index 4f6411b4..f274ec45 100644 --- a/pkg/scanners/terraform/scanner.go +++ b/pkg/scanners/terraform/scanner.go @@ -18,8 +18,8 @@ import ( "github.com/aquasecurity/defsec/pkg/types" "golang.org/x/exp/slices" + "github.com/aquasecurity/defsec/pkg/rego" "github.com/aquasecurity/trivy-iac/pkg/extrafs" - "github.com/aquasecurity/trivy-iac/pkg/rego" "github.com/aquasecurity/trivy-iac/pkg/scanners" "github.com/aquasecurity/trivy-iac/pkg/scanners/terraform/executor" "github.com/aquasecurity/trivy-iac/pkg/scanners/terraform/parser" diff --git a/pkg/scanners/terraform/scanner_test.go b/pkg/scanners/terraform/scanner_test.go index e7f9647e..7d3f2cb6 100644 --- a/pkg/scanners/terraform/scanner_test.go +++ b/pkg/scanners/terraform/scanner_test.go @@ -8,12 +8,12 @@ import ( "testing" "github.com/aquasecurity/defsec/pkg/providers" + "github.com/aquasecurity/defsec/pkg/rules" "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/scanners/options" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/trivy-iac/pkg/rules" "github.com/aquasecurity/trivy-iac/test/testutil" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/scanners/toml/scanner.go b/pkg/scanners/toml/scanner.go index 0bea9556..d3550bc3 100644 --- a/pkg/scanners/toml/scanner.go +++ b/pkg/scanners/toml/scanner.go @@ -8,10 +8,10 @@ import ( "github.com/aquasecurity/defsec/pkg/debug" "github.com/aquasecurity/defsec/pkg/framework" + "github.com/aquasecurity/defsec/pkg/rego" "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/scanners/options" "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-iac/pkg/rego" "github.com/aquasecurity/trivy-iac/pkg/scanners/toml/parser" ) diff --git a/pkg/scanners/yaml/scanner.go b/pkg/scanners/yaml/scanner.go index f211b4be..dba59cf6 100644 --- a/pkg/scanners/yaml/scanner.go +++ b/pkg/scanners/yaml/scanner.go @@ -8,10 +8,10 @@ import ( "github.com/aquasecurity/defsec/pkg/debug" "github.com/aquasecurity/defsec/pkg/framework" + "github.com/aquasecurity/defsec/pkg/rego" "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/scanners/options" "github.com/aquasecurity/defsec/pkg/types" - "github.com/aquasecurity/trivy-iac/pkg/rego" "github.com/aquasecurity/trivy-iac/pkg/scanners/yaml/parser" ) diff --git a/pkg/types/rule.go b/pkg/types/rule.go deleted file mode 100644 index dec3879d..00000000 --- a/pkg/types/rule.go +++ /dev/null @@ -1,18 +0,0 @@ -package types - -import ( - "github.com/aquasecurity/defsec/pkg/scan" -) - -type RegisteredRule struct { - scan.Rule - Number int -} - -func (r *RegisteredRule) GetRule() scan.Rule { - return r.Rule -} - -func (r *RegisteredRule) AddLink(link string) { - r.Rule.Links = append([]string{link}, r.Rule.Links...) -} diff --git a/test/count_test.go b/test/count_test.go index e7ede950..ccdb3e49 100644 --- a/test/count_test.go +++ b/test/count_test.go @@ -4,10 +4,10 @@ import ( "testing" "github.com/aquasecurity/defsec/pkg/providers" + "github.com/aquasecurity/defsec/pkg/rules" "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/trivy-iac/pkg/rules" "github.com/aquasecurity/trivy-iac/test/testutil" "github.com/stretchr/testify/assert" ) diff --git a/test/deterministic_test.go b/test/deterministic_test.go index a197a42a..b8628699 100644 --- a/test/deterministic_test.go +++ b/test/deterministic_test.go @@ -4,7 +4,7 @@ import ( "context" "testing" - "github.com/aquasecurity/trivy-iac/pkg/rules" + "github.com/aquasecurity/defsec/pkg/rules" "github.com/aquasecurity/trivy-iac/pkg/scanners/terraform/executor" "github.com/aquasecurity/trivy-iac/pkg/scanners/terraform/parser" "github.com/aquasecurity/trivy-iac/test/testutil" diff --git a/test/ignore_test.go b/test/ignore_test.go index 017a314a..a9a9c0fc 100644 --- a/test/ignore_test.go +++ b/test/ignore_test.go @@ -6,10 +6,10 @@ import ( "testing" "github.com/aquasecurity/defsec/pkg/providers" + "github.com/aquasecurity/defsec/pkg/rules" "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/trivy-iac/pkg/rules" "github.com/stretchr/testify/assert" ) diff --git a/test/json_test.go b/test/json_test.go index a4d7afef..51c093b2 100644 --- a/test/json_test.go +++ b/test/json_test.go @@ -4,10 +4,10 @@ import ( "testing" "github.com/aquasecurity/defsec/pkg/providers" + "github.com/aquasecurity/defsec/pkg/rules" "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/trivy-iac/pkg/rules" "github.com/aquasecurity/trivy-iac/test/testutil" ) diff --git a/test/loader_test.go b/test/loader_test.go index c0e60c8f..200739aa 100644 --- a/test/loader_test.go +++ b/test/loader_test.go @@ -6,7 +6,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/aquasecurity/trivy-iac/pkg/rules" + "github.com/aquasecurity/defsec/pkg/rules" ) func Test_loader_returns_expected_providers(t *testing.T) { diff --git a/test/module_test.go b/test/module_test.go index ffe4141d..2c14e73b 100644 --- a/test/module_test.go +++ b/test/module_test.go @@ -8,11 +8,11 @@ import ( "testing" "github.com/aquasecurity/defsec/pkg/providers" + "github.com/aquasecurity/defsec/pkg/rules" "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/scanners/options" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/trivy-iac/pkg/rules" "github.com/aquasecurity/trivy-iac/pkg/scanners/terraform/executor" "github.com/aquasecurity/trivy-iac/pkg/scanners/terraform/parser" "github.com/aquasecurity/trivy-iac/test/testutil" diff --git a/test/performance_test.go b/test/performance_test.go index 29f58912..bc0c560c 100644 --- a/test/performance_test.go +++ b/test/performance_test.go @@ -6,7 +6,7 @@ import ( "io/fs" "testing" - "github.com/aquasecurity/trivy-iac/pkg/rules" + "github.com/aquasecurity/defsec/pkg/rules" "github.com/aquasecurity/trivy-iac/pkg/scanners/terraform/executor" "github.com/aquasecurity/trivy-iac/pkg/scanners/terraform/parser" "github.com/aquasecurity/trivy-iac/test/testutil" diff --git a/test/rego_test.go b/test/rego_test.go index 4676d99c..c5f79c36 100644 --- a/test/rego_test.go +++ b/test/rego_test.go @@ -14,8 +14,8 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - trivyRego "github.com/aquasecurity/trivy-iac/pkg/rego" - "github.com/aquasecurity/trivy-iac/pkg/rego/schemas" + trivyRego "github.com/aquasecurity/defsec/pkg/rego" + "github.com/aquasecurity/defsec/pkg/rego/schemas" "github.com/aquasecurity/trivy-policies/rules" ) diff --git a/test/rules_test.go b/test/rules_test.go index 045ff7fc..25da8045 100644 --- a/test/rules_test.go +++ b/test/rules_test.go @@ -10,7 +10,7 @@ import ( "github.com/aquasecurity/defsec/pkg/framework" "github.com/stretchr/testify/require" - "github.com/aquasecurity/trivy-iac/pkg/rules" + "github.com/aquasecurity/defsec/pkg/rules" ) func TestAVDIDs(t *testing.T) { diff --git a/test/wildcard_test.go b/test/wildcard_test.go index f4c12944..07b2b69b 100644 --- a/test/wildcard_test.go +++ b/test/wildcard_test.go @@ -4,10 +4,10 @@ import ( "fmt" "testing" + "github.com/aquasecurity/defsec/pkg/rules" "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/severity" "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/trivy-iac/pkg/rules" "github.com/aquasecurity/trivy-iac/test/testutil" ) From 957f9d250b0238d85c9b1a397334e73c7d98a64b Mon Sep 17 00:00:00 2001 From: Simar Date: Fri, 5 Jan 2024 18:56:01 -0700 Subject: [PATCH 2/8] fix import --- cmd/avd_generator/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/avd_generator/main.go b/cmd/avd_generator/main.go index 2e05dee8..e2bfbffa 100644 --- a/cmd/avd_generator/main.go +++ b/cmd/avd_generator/main.go @@ -16,7 +16,7 @@ import ( _ "github.com/aquasecurity/defsec/pkg/rego" registered "github.com/aquasecurity/defsec/pkg/rules" - "github.com/aquasecurity/defsec/pkg/types" + types "github.com/aquasecurity/defsec/pkg/types/rules" ) func main() { From a1359acc97aaebbf37c9e86eafaba615881f3855 Mon Sep 17 00:00:00 2001 From: Simar Date: Fri, 5 Jan 2024 19:05:53 -0700 Subject: [PATCH 3/8] fix imports --- pkg/scanners/terraform/executor/executor.go | 2 -- pkg/scanners/terraform/executor/pool.go | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/pkg/scanners/terraform/executor/executor.go b/pkg/scanners/terraform/executor/executor.go index 130e5dde..efcb245a 100644 --- a/pkg/scanners/terraform/executor/executor.go +++ b/pkg/scanners/terraform/executor/executor.go @@ -1,7 +1,6 @@ package executor import ( - "fmt" "runtime" "sort" "strings" @@ -135,7 +134,6 @@ func (e *Executor) Execute(modules terraform.Modules) (scan.Results, Metrics, er strings.ToLower(result.Rule().AVDID), result.Rule().ShortCode, } - fmt.Println(">>> aliases: ", result.Rule().Aliases) allIDs = append(allIDs, result.Rule().Aliases...) if e.alternativeIDProviderFunc != nil { diff --git a/pkg/scanners/terraform/executor/pool.go b/pkg/scanners/terraform/executor/pool.go index 4ea4d08a..9ea1f690 100644 --- a/pkg/scanners/terraform/executor/pool.go +++ b/pkg/scanners/terraform/executor/pool.go @@ -13,7 +13,7 @@ import ( "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" + types "github.com/aquasecurity/defsec/pkg/types/rules" ) type Pool struct { From 0e22215d9d86b7436a53f6db365cfb404030c90c Mon Sep 17 00:00:00 2001 From: Simar Date: Mon, 8 Jan 2024 23:08:42 -0700 Subject: [PATCH 4/8] update defsec --- go.mod | 4 +--- go.sum | 2 ++ 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index faea6429..68e1430a 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/BurntSushi/toml v1.3.2 github.com/Masterminds/semver v1.5.0 github.com/apparentlymart/go-cidr v1.1.0 - github.com/aquasecurity/defsec v0.93.2-0.20231208181342-318642ac6f08 + github.com/aquasecurity/defsec v0.93.2-0.20240104002958-968b8f115bc0 github.com/aquasecurity/trivy-policies v0.6.1-0.20231120231532-f6f2330bf842 github.com/aws/smithy-go v1.19.0 github.com/bmatcuk/doublestar/v4 v4.6.0 @@ -218,5 +218,3 @@ require ( ) replace oras.land/oras-go => oras.land/oras-go v1.2.4-0.20230801060855-932dd06d38af - -replace github.com/aquasecurity/defsec => /Users/simarpreetsingh/repos/defsec diff --git a/go.sum b/go.sum index 09431d6e..2af944a0 100644 --- a/go.sum +++ b/go.sum @@ -236,6 +236,8 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= +github.com/aquasecurity/defsec v0.93.2-0.20240104002958-968b8f115bc0 h1:K4XwF6joBVlGFtu78TzbhmsRNVojYTWANJWDeqXs50Y= +github.com/aquasecurity/defsec v0.93.2-0.20240104002958-968b8f115bc0/go.mod h1:NBF6hvbQSc4s/WCHdKV5sNNxLl258M2OiIFoUfgEn/k= github.com/aquasecurity/trivy-policies v0.6.1-0.20231120231532-f6f2330bf842 h1:RnxM3eTcwPlA/WBwnmaEpeEk3WOCDcnz7yTIFxVL7us= github.com/aquasecurity/trivy-policies v0.6.1-0.20231120231532-f6f2330bf842/go.mod h1:BmEeSFgmBjo3avCli71736sy0veGcSUzGATupp1MCgA= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= From 3784f473ff990bf11a5f3b58e4921cf03b003b26 Mon Sep 17 00:00:00 2001 From: Simar Date: Mon, 8 Jan 2024 23:13:51 -0700 Subject: [PATCH 5/8] remove verify schema action --- .github/workflows/verify-schema.yml | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/.github/workflows/verify-schema.yml b/.github/workflows/verify-schema.yml index 8bb1bc74..e69de29b 100644 --- a/.github/workflows/verify-schema.yml +++ b/.github/workflows/verify-schema.yml @@ -1,19 +0,0 @@ -name: verify schema -on: - pull_request: - merge_group: -jobs: - build: - name: verifying schema - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - - - uses: actions/setup-go@v5 - with: - go-version-file: go.mod - cache: true - cache-dependency-path: go.sum - - - run: go run ./cmd/schema verify From bc4fc8f38c0491ddc592222cc556836f6ba4af0a Mon Sep 17 00:00:00 2001 From: Simar Date: Wed, 10 Jan 2024 21:54:01 -0700 Subject: [PATCH 6/8] update defsec dependency --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 68e1430a..48bb368b 100644 --- a/go.mod +++ b/go.mod @@ -6,11 +6,11 @@ require ( github.com/BurntSushi/toml v1.3.2 github.com/Masterminds/semver v1.5.0 github.com/apparentlymart/go-cidr v1.1.0 - github.com/aquasecurity/defsec v0.93.2-0.20240104002958-968b8f115bc0 + github.com/aquasecurity/defsec v0.93.2-0.20240111013720-960ecc7915ab github.com/aquasecurity/trivy-policies v0.6.1-0.20231120231532-f6f2330bf842 github.com/aws/smithy-go v1.19.0 github.com/bmatcuk/doublestar/v4 v4.6.0 - github.com/google/uuid v1.4.0 + github.com/google/uuid v1.5.0 github.com/hashicorp/go-getter v1.7.3 github.com/hashicorp/go-uuid v1.0.3 github.com/hashicorp/hcl/v2 v2.19.1 diff --git a/go.sum b/go.sum index 2af944a0..62691a5b 100644 --- a/go.sum +++ b/go.sum @@ -236,8 +236,8 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= -github.com/aquasecurity/defsec v0.93.2-0.20240104002958-968b8f115bc0 h1:K4XwF6joBVlGFtu78TzbhmsRNVojYTWANJWDeqXs50Y= -github.com/aquasecurity/defsec v0.93.2-0.20240104002958-968b8f115bc0/go.mod h1:NBF6hvbQSc4s/WCHdKV5sNNxLl258M2OiIFoUfgEn/k= +github.com/aquasecurity/defsec v0.93.2-0.20240111013720-960ecc7915ab h1:liTr+olPZWMWTGu15cULIoPTOD985iprG2IRf4V40NA= +github.com/aquasecurity/defsec v0.93.2-0.20240111013720-960ecc7915ab/go.mod h1:f8ccigezzu0GDuE57zKS8GMmpwhtRXLnmhXy1kmtkqc= github.com/aquasecurity/trivy-policies v0.6.1-0.20231120231532-f6f2330bf842 h1:RnxM3eTcwPlA/WBwnmaEpeEk3WOCDcnz7yTIFxVL7us= github.com/aquasecurity/trivy-policies v0.6.1-0.20231120231532-f6f2330bf842/go.mod h1:BmEeSFgmBjo3avCli71736sy0veGcSUzGATupp1MCgA= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= @@ -495,8 +495,8 @@ github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4= -github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU= +github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg= From 92f9a656e683695e35f8ccd544dab882a2a3d14c Mon Sep 17 00:00:00 2001 From: Simar Date: Wed, 10 Jan 2024 21:59:21 -0700 Subject: [PATCH 7/8] update tests --- pkg/scanners/helm/test/scanner_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/scanners/helm/test/scanner_test.go b/pkg/scanners/helm/test/scanner_test.go index ba790f3e..093c6146 100644 --- a/pkg/scanners/helm/test/scanner_test.go +++ b/pkg/scanners/helm/test/scanner_test.go @@ -46,7 +46,7 @@ func Test_helm_scanner_with_archive(t *testing.T) { require.NotNil(t, results) failed := results.GetFailed() - assert.Equal(t, 19, len(failed)) + assert.Equal(t, 14, len(failed)) visited := make(map[string]bool) var errorCodes []string @@ -126,7 +126,7 @@ func Test_helm_scanner_with_dir(t *testing.T) { require.NotNil(t, results) failed := results.GetFailed() - assert.Equal(t, 17, len(failed)) + assert.Equal(t, 15, len(failed)) visited := make(map[string]bool) var errorCodes []string @@ -213,7 +213,7 @@ deny[res] { require.NotNil(t, results) failed := results.GetFailed() - assert.Equal(t, 21, len(failed)) + assert.Equal(t, 16, len(failed)) visited := make(map[string]bool) var errorCodes []string From 68e9df2a902a07cd78ed254a1351265f02ec5f0c Mon Sep 17 00:00:00 2001 From: Simar Date: Sun, 14 Jan 2024 15:16:21 -0700 Subject: [PATCH 8/8] go mod tidy --- go.mod | 60 ++++++++++++++------------- go.sum | 128 +++++++++++++++++++++++++++++---------------------------- 2 files changed, 96 insertions(+), 92 deletions(-) diff --git a/go.mod b/go.mod index 48bb368b..6936462e 100644 --- a/go.mod +++ b/go.mod @@ -6,8 +6,8 @@ require ( github.com/BurntSushi/toml v1.3.2 github.com/Masterminds/semver v1.5.0 github.com/apparentlymart/go-cidr v1.1.0 - github.com/aquasecurity/defsec v0.93.2-0.20240111013720-960ecc7915ab - github.com/aquasecurity/trivy-policies v0.6.1-0.20231120231532-f6f2330bf842 + github.com/aquasecurity/defsec v0.93.2-0.20240114221322-8844aef0df0f + github.com/aquasecurity/trivy-policies v0.7.0 github.com/aws/smithy-go v1.19.0 github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/google/uuid v1.5.0 @@ -20,12 +20,12 @@ require ( github.com/mitchellh/go-homedir v1.1.0 github.com/moby/buildkit v0.11.6 github.com/olekukonko/tablewriter v0.0.5 - github.com/open-policy-agent/opa v0.58.0 + github.com/open-policy-agent/opa v0.60.0 github.com/stretchr/testify v1.8.4 github.com/zclconf/go-cty v1.13.0 github.com/zclconf/go-cty-yaml v1.0.3 golang.org/x/crypto v0.16.0 - golang.org/x/exp v0.0.0-20230510235704-dd950f8aeaea + golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 golang.org/x/text v0.14.0 gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.13.3 @@ -33,10 +33,10 @@ require ( ) require ( - cloud.google.com/go v0.110.7 // indirect + cloud.google.com/go v0.110.8 // indirect cloud.google.com/go/compute v1.23.0 // indirect cloud.google.com/go/compute/metadata v0.2.3 // indirect - cloud.google.com/go/iam v1.1.1 // indirect + cloud.google.com/go/iam v1.1.2 // indirect cloud.google.com/go/storage v1.30.1 // indirect dario.cat/mergo v1.0.0 // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect @@ -47,7 +47,7 @@ require ( github.com/Masterminds/sprig/v3 v3.2.3 // indirect github.com/Masterminds/squirrel v1.5.4 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect - github.com/Microsoft/hcsshim v0.11.1 // indirect + github.com/Microsoft/hcsshim v0.11.4 // indirect github.com/OneOfOne/xxhash v1.2.8 // indirect github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect github.com/agext/levenshtein v1.2.3 // indirect @@ -62,7 +62,7 @@ require ( github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect github.com/cloudflare/circl v1.3.3 // indirect - github.com/containerd/containerd v1.7.7 // indirect + github.com/containerd/containerd v1.7.11 // indirect github.com/containerd/log v0.1.0 // indirect github.com/containerd/typeurl v1.0.2 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect @@ -80,13 +80,14 @@ require ( github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect github.com/fatih/color v1.13.0 // indirect + github.com/felixge/httpsnoop v1.0.4 // indirect github.com/go-errors/errors v1.4.2 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.5.0 // indirect github.com/go-git/go-git/v5 v5.11.0 // indirect github.com/go-gorp/gorp/v3 v3.1.0 // indirect github.com/go-ini/ini v1.67.0 // indirect - github.com/go-logr/logr v1.2.4 // indirect + github.com/go-logr/logr v1.3.0 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect @@ -101,9 +102,9 @@ require ( github.com/google/gofuzz v1.2.0 // indirect github.com/google/s2a-go v0.1.4 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect - github.com/googleapis/gax-go/v2 v2.11.0 // indirect - github.com/gorilla/mux v1.8.0 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.2.4 // indirect + github.com/googleapis/gax-go/v2 v2.12.0 // indirect + github.com/gorilla/mux v1.8.1 // indirect github.com/gosuri/uitable v0.0.4 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect @@ -120,7 +121,7 @@ require ( github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect - github.com/klauspost/compress v1.16.0 // indirect + github.com/klauspost/compress v1.16.6 // indirect github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect github.com/lib/pq v1.10.9 // indirect @@ -154,16 +155,16 @@ require ( github.com/prometheus/client_model v0.4.0 // indirect github.com/prometheus/common v0.44.0 // indirect github.com/prometheus/procfs v0.10.1 // indirect - github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 // indirect + github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect github.com/rivo/uniseg v0.2.0 // indirect github.com/rubenv/sql-migrate v1.5.2 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect - github.com/sergi/go-diff v1.1.0 // indirect + github.com/sergi/go-diff v1.3.1 // indirect github.com/shopspring/decimal v1.3.1 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/skeema/knownhosts v1.2.1 // indirect github.com/spf13/cast v1.5.0 // indirect - github.com/spf13/cobra v1.7.0 // indirect + github.com/spf13/cobra v1.8.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/tchap/go-patricia/v2 v2.3.1 // indirect github.com/ulikunitz/xz v0.5.10 // indirect @@ -174,26 +175,27 @@ require ( github.com/xlab/treeprint v1.2.0 // indirect github.com/yashtewari/glob-intersection v0.2.0 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/otel v1.19.0 // indirect - go.opentelemetry.io/otel/metric v1.19.0 // indirect - go.opentelemetry.io/otel/sdk v1.19.0 // indirect - go.opentelemetry.io/otel/trace v1.19.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect + go.opentelemetry.io/otel v1.21.0 // indirect + go.opentelemetry.io/otel/metric v1.21.0 // indirect + go.opentelemetry.io/otel/sdk v1.21.0 // indirect + go.opentelemetry.io/otel/trace v1.21.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect - golang.org/x/mod v0.12.0 // indirect + golang.org/x/mod v0.13.0 // indirect golang.org/x/net v0.19.0 // indirect - golang.org/x/oauth2 v0.11.0 // indirect + golang.org/x/oauth2 v0.13.0 // indirect golang.org/x/sync v0.4.0 // indirect golang.org/x/sys v0.15.0 // indirect golang.org/x/term v0.15.0 // indirect - golang.org/x/time v0.3.0 // indirect + golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.13.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect - google.golang.org/api v0.126.0 // indirect - google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect - google.golang.org/grpc v1.59.0 // indirect + google.golang.org/api v0.128.0 // indirect + google.golang.org/appengine v1.6.8 // indirect + google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97 // indirect + google.golang.org/grpc v1.60.1 // indirect google.golang.org/protobuf v1.31.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect diff --git a/go.sum b/go.sum index 62691a5b..d984ff86 100644 --- a/go.sum +++ b/go.sum @@ -30,8 +30,8 @@ cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w9 cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc= cloud.google.com/go v0.102.1/go.mod h1:XZ77E9qnTEnrgEOvr4xzfdX5TRo7fB4T2F4O6+34hIU= cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRYtA= -cloud.google.com/go v0.110.7 h1:rJyC7nWRg2jWGZ4wSJ5nY65GTdYJkg0cd/uXb+ACI6o= -cloud.google.com/go v0.110.7/go.mod h1:+EYjdK8e5RME/VY/qLCAtuyALQ9q67dvuum8i+H5xsI= +cloud.google.com/go v0.110.8 h1:tyNdfIxjzaWctIiLYOTalaLKZ17SI44SKFW26QbOhME= +cloud.google.com/go v0.110.8/go.mod h1:Iz8AkXJf1qmxC3Oxoep8R1T36w8B92yU29PcBhHO5fk= cloud.google.com/go/aiplatform v1.22.0/go.mod h1:ig5Nct50bZlzV6NvKaTwmplLLddFx0YReh9WfTO5jKw= cloud.google.com/go/aiplatform v1.24.0/go.mod h1:67UUvRBKG6GTayHKV8DBv2RtR1t93YRu5B1P3x99mYY= cloud.google.com/go/analytics v0.11.0/go.mod h1:DjEWCu41bVbYcKyvlws9Er60YE4a//bK6mnhWvQeFNI= @@ -109,8 +109,8 @@ cloud.google.com/go/gkehub v0.10.0/go.mod h1:UIPwxI0DsrpsVoWpLB0stwKCP+WFVG9+y97 cloud.google.com/go/grafeas v0.2.0/go.mod h1:KhxgtF2hb0P191HlY5besjYm6MqTSTj3LSI+M+ByZHc= cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY= cloud.google.com/go/iam v0.5.0/go.mod h1:wPU9Vt0P4UmCux7mqtRu6jcpPAb74cP1fh50J3QpkUc= -cloud.google.com/go/iam v1.1.1 h1:lW7fzj15aVIXYHREOqjRBV9PsH0Z6u8Y46a1YGvQP4Y= -cloud.google.com/go/iam v1.1.1/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU= +cloud.google.com/go/iam v1.1.2 h1:gacbrBdWcoVmGLozRuStX45YKvJtzIjJdAolzUs1sm4= +cloud.google.com/go/iam v1.1.2/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU= cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= cloud.google.com/go/lifesciences v0.5.0/go.mod h1:3oIKy8ycWGPUyZDR/8RNnTOYevhaMLqh5vLUXs9zvT8= @@ -212,8 +212,8 @@ github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA4 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= -github.com/Microsoft/hcsshim v0.11.1 h1:hJ3s7GbWlGK4YVV92sO88BQSyF4ZLVy7/awqOlPxFbA= -github.com/Microsoft/hcsshim v0.11.1/go.mod h1:nFJmaO4Zr5Y7eADdFOpYswDDlNVbvcIJJNJLECr5JQg= +github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8= +github.com/Microsoft/hcsshim v0.11.4/go.mod h1:smjE4dvqPX9Zldna+t5FG3rnoHhaB7QYxPRqGcpAD9w= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8= github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= @@ -236,10 +236,10 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= -github.com/aquasecurity/defsec v0.93.2-0.20240111013720-960ecc7915ab h1:liTr+olPZWMWTGu15cULIoPTOD985iprG2IRf4V40NA= -github.com/aquasecurity/defsec v0.93.2-0.20240111013720-960ecc7915ab/go.mod h1:f8ccigezzu0GDuE57zKS8GMmpwhtRXLnmhXy1kmtkqc= -github.com/aquasecurity/trivy-policies v0.6.1-0.20231120231532-f6f2330bf842 h1:RnxM3eTcwPlA/WBwnmaEpeEk3WOCDcnz7yTIFxVL7us= -github.com/aquasecurity/trivy-policies v0.6.1-0.20231120231532-f6f2330bf842/go.mod h1:BmEeSFgmBjo3avCli71736sy0veGcSUzGATupp1MCgA= +github.com/aquasecurity/defsec v0.93.2-0.20240114221322-8844aef0df0f h1:Aqwj1gTcjH4A3Z4qrRvDXUQNvxoKsMNFhfOvoSfXiss= +github.com/aquasecurity/defsec v0.93.2-0.20240114221322-8844aef0df0f/go.mod h1:jhKZbpVPRFBoeKo34hbG+Kk3eh7h7rgkqDjg/ccFYog= +github.com/aquasecurity/trivy-policies v0.7.0 h1:a5K3kTQMWQhUWnRxEahosJFcz32dxVq0eLs31vcEwEQ= +github.com/aquasecurity/trivy-policies v0.7.0/go.mod h1:47Eua7lLyrsS3agGxBhgeUV8/a/LN82bqYoHm9oEGm4= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= @@ -290,14 +290,14 @@ github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= -github.com/containerd/containerd v1.7.7 h1:QOC2K4A42RQpcrZyptP6z9EJZnlHfHJUfZrAAHe15q4= -github.com/containerd/containerd v1.7.7/go.mod h1:3c4XZv6VeT9qgf9GMTxNTMFxGJrGpI2vz1yk4ye+YY8= +github.com/containerd/containerd v1.7.11 h1:lfGKw3eU35sjV0aG2eYZTiwFEY1pCzxdzicHP3SZILw= +github.com/containerd/containerd v1.7.11/go.mod h1:5UluHxHTX2rdvYuZ5OJTC5m/KJNs0Zs9wVoJm9zf5ZE= github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containerd/typeurl v1.0.2 h1:Chlt8zIieDbzQFzXzAeBEF92KhExuE4p9p92/QmY7aY= github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s= -github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= @@ -351,7 +351,8 @@ github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZM github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= -github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= +github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= @@ -378,8 +379,8 @@ github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= -github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= +github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= @@ -500,8 +501,8 @@ github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg= -github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9aurXEpJX+U6FLtpYTdC3R06k= -github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= +github.com/googleapis/enterprise-certificate-proxy v0.2.4 h1:uGy6JWR/uMIILU8wbf+OkstIrNiMjGpEIyhx8f6W7s4= +github.com/googleapis/enterprise-certificate-proxy v0.2.4/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= @@ -511,12 +512,12 @@ github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99 github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqEF02fYlzkUCyo= github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY= -github.com/googleapis/gax-go/v2 v2.11.0 h1:9V9PWXEsWnPpQhu/PeQIkS4eGzMlTLGgt80cUUI8Ki4= -github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI= +github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas= +github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4= -github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= -github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= +github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= +github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY= github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo= @@ -578,8 +579,8 @@ github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= -github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4= -github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/compress v1.16.6 h1:91SKEy4K37vkp255cJ8QesJhjyRO0hn9i9G0GoUwLsk= +github.com/klauspost/compress v1.16.6/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -671,8 +672,8 @@ github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= github.com/onsi/ginkgo/v2 v2.9.4 h1:xR7vG4IXt5RWx6FfIjyAtsoMAtnc3C/rFXBBd2AjZwE= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= -github.com/open-policy-agent/opa v0.58.0 h1:S5qvevW8JoFizU7Hp66R/Y1SOXol0aCdFYVkzIqIpUo= -github.com/open-policy-agent/opa v0.58.0/go.mod h1:EGWBwvmyt50YURNvL8X4W5hXdlKeNhAHn3QXsetmYcc= +github.com/open-policy-agent/opa v0.60.0 h1:ZPoPt4yeNs5UXCpd/P/btpSyR8CR0wfhVoh9BOwgJNs= +github.com/open-policy-agent/opa v0.60.0/go.mod h1:aD5IK6AiLNYBjNXn7E02++yC8l4Z+bRDvgM6Ss0bBzA= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI= @@ -709,8 +710,8 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg= github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= -github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 h1:MkV+77GLUNo5oJ0jf870itWm3D0Sjh7+Za9gazKc5LQ= -github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= +github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM= +github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= @@ -720,8 +721,8 @@ github.com/rubenv/sql-migrate v1.5.2 h1:bMDqOnrJVV/6JQgQ/MxOpU+AdO8uzYYA/TxFUBzF github.com/rubenv/sql-migrate v1.5.2/go.mod h1:H38GW8Vqf8F0Su5XignRyaRcbXbJunSWxs+kmzlg0Is= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= -github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= +github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= @@ -735,8 +736,8 @@ github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasO github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU= -github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= -github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= +github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= +github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -794,17 +795,18 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 h1:x8Z78aZx8cOF0+Kkazoc7lwUNMGy0LrzEMxTm4BbTxg= -go.opentelemetry.io/otel v1.19.0 h1:MuS/TNf4/j4IXsZuJegVzI1cwut7Qc00344rgH7p8bs= -go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 h1:Mne5On7VWdx7omSrSSZvM4Kw7cS7NQkOOmLcgscI51U= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0 h1:3d+S281UTjM+AbF31XSOYn1qXn3BgIdWl8HNEpx08Jk= -go.opentelemetry.io/otel/metric v1.19.0 h1:aTzpGtV0ar9wlV4Sna9sdJyII5jTVJEvKETPiOKwvpE= -go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8= -go.opentelemetry.io/otel/sdk v1.19.0 h1:6USY6zH+L8uMH8L3t1enZPR3WFEmSTADlqldyHtJi3o= -go.opentelemetry.io/otel/sdk v1.19.0/go.mod h1:NedEbbS4w3C6zElbLdPJKOpJQOrGUJ+GfzpjUvI0v1A= -go.opentelemetry.io/otel/trace v1.19.0 h1:DFVQmlVbfVeOuBRrwdtaehRrWiL1JoVs9CPIQ1Dzxpg= -go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 h1:aFJWCqJMNjENlcleuuOkGAPH82y0yULBScfXcIEdS24= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo= +go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc= +go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 h1:cl5P5/GIfFh4t6xyruOgJP5QiA1pw4fYYdv6nc6CBWw= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 h1:tIqheXEFWAZ7O8A7m+J0aPTmpJN3YQ7qetUAdkkkKpk= +go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4= +go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM= +go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8= +go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E= +go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc= +go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= @@ -833,8 +835,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20230510235704-dd950f8aeaea h1:vLCWI/yYrdEHyN2JzIzPO3aaQJHQdp89IZBA/+azVC4= -golang.org/x/exp v0.0.0-20230510235704-dd950f8aeaea/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= +golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc= +golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -862,8 +864,8 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= -golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY= +golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -944,8 +946,8 @@ golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A= -golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU= -golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk= +golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY= +golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1067,8 +1069,8 @@ golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -1183,16 +1185,17 @@ google.golang.org/api v0.96.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ google.golang.org/api v0.97.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= google.golang.org/api v0.98.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= google.golang.org/api v0.100.0/go.mod h1:ZE3Z2+ZOr87Rx7dqFsdRQkRBk36kDtp/h+QpHbB7a70= -google.golang.org/api v0.126.0 h1:q4GJq+cAdMAC7XP7njvQ4tvohGLiSlytuL4BQxbIZ+o= -google.golang.org/api v0.126.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw= +google.golang.org/api v0.128.0 h1:RjPESny5CnQRn9V6siglged+DZCgfu9l6mO9dkX9VOg= +google.golang.org/api v0.128.0/go.mod h1:Y611qgqaE92On/7g65MQgxYul3c0rEB894kniWLY750= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= +google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= @@ -1294,12 +1297,12 @@ google.golang.org/genproto v0.0.0-20221010155953-15ba04fc1c0e/go.mod h1:3526vdqw google.golang.org/genproto v0.0.0-20221014173430-6e2ab493f96b/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM= google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM= google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s= -google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d h1:VBu5YqKPv6XiJ199exd8Br+Aetz+o08F+PLMnwJQHAY= -google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4= -google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d h1:DoPTO70H+bcDXcd39vOqb2viZxgqeBeSGtZ55yZU4/Q= -google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1:uvYuEyMHKNt+lT4K3bN6fGswmK8qSvcreM3BwjDh+y4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= +google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 h1:SeZZZx0cP0fqUyA+oRzP9k7cSwJlvDFiROO72uwD6i0= +google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97/go.mod h1:t1VqOqqvce95G3hIDCT5FeO3YUc6Q4Oe24L/+rNMxRk= +google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97 h1:W18sezcAYs+3tDZX4F80yctqa12jcP1PUS2gQu1zTPU= +google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97/go.mod h1:iargEX0SFPm3xcfMI0d1domjg0ZF4Aa0p2awqyxhvF0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97 h1:6GQBEOdGkX6MMTLT9V+TjtIRZCw9VPD5Z+yHY9wMgS0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97/go.mod h1:v7nGkzlmW8P3n/bKmWBn2WpBjpOEx8Q6gMueudAmKfY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1335,8 +1338,8 @@ google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACu google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= -google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk= -google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= +google.golang.org/grpc v1.60.1 h1:26+wFr+cNqSGFcOXcabYC0lUVJVRa2Sb2ortSK7VrEU= +google.golang.org/grpc v1.60.1/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -1370,7 +1373,6 @@ gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRN gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=