From 6a2ed8bdfe765d77ce228a3fecc915906aad0c50 Mon Sep 17 00:00:00 2001 From: Simar Date: Mon, 12 Feb 2024 16:18:18 -0700 Subject: [PATCH 01/13] refactor(deps): Merge defsec into trivy --- cmd/iac/allowed_actions/main.go | 274 + cmd/iac/allowed_actions/main_test.go | 98 + .../testdata/list_amazoncloudwatch.html | 958 +++ ...olicies_actions-resources-contextkeys.html | 26 + cmd/iac/schema/main.go | 78 + go.mod | 17 +- go.sum | 14 +- internal/testutil/util.go | 2 +- pkg/cloud/aws/cache/cache.go | 2 +- pkg/cloud/aws/commands/run_test.go | 5 +- pkg/cloud/aws/scanner/scanner.go | 8 +- pkg/cloud/report/convert.go | 2 +- pkg/cloud/report/convert_test.go | 4 +- pkg/cloud/report/report.go | 2 +- pkg/cloud/report/service_test.go | 7 +- pkg/compliance/report/report.go | 2 +- pkg/compliance/report/report_test.go | 2 +- pkg/compliance/spec/compliance.go | 2 +- pkg/compliance/spec/compliance_test.go | 2 +- .../imgconf/dockerfile/dockerfile_test.go | 22 +- pkg/fanal/secret/builtin-rules.go | 2 +- pkg/flag/report_flags_test.go | 2 +- pkg/iac/adapters/arm/adapt.go | 4 +- pkg/iac/adapters/arm/appservice/adapt.go | 4 +- pkg/iac/adapters/arm/authorization/adapt.go | 2 +- pkg/iac/adapters/arm/compute/adapt.go | 4 +- pkg/iac/adapters/arm/compute/adapt_test.go | 2 +- pkg/iac/adapters/arm/container/adapt.go | 2 +- pkg/iac/adapters/arm/database/adapt.go | 2 +- pkg/iac/adapters/arm/database/firewall.go | 2 +- pkg/iac/adapters/arm/database/maria.go | 2 +- pkg/iac/adapters/arm/database/mssql.go | 4 +- pkg/iac/adapters/arm/database/postgresql.go | 4 +- pkg/iac/adapters/arm/datafactory/adapt.go | 2 +- pkg/iac/adapters/arm/datalake/adapt.go | 2 +- pkg/iac/adapters/arm/keyvault/adapt.go | 2 +- pkg/iac/adapters/arm/monitor/adapt.go | 4 +- pkg/iac/adapters/arm/network/adapt.go | 4 +- pkg/iac/adapters/arm/securitycenter/adapt.go | 2 +- pkg/iac/adapters/arm/storage/adapt.go | 4 +- pkg/iac/adapters/arm/storage/adapt_test.go | 2 +- pkg/iac/adapters/arm/synapse/adapt.go | 4 +- pkg/iac/adapters/cloudformation/adapt.go | 2 +- .../aws/accessanalyzer/accessanalyzer.go | 2 +- .../aws/accessanalyzer/analyzer.go | 4 +- pkg/iac/adapters/cloudformation/aws/adapt.go | 2 +- .../aws/apigateway/apigateway.go | 6 +- .../cloudformation/aws/apigateway/stage.go | 4 +- .../cloudformation/aws/athena/athena.go | 2 +- .../cloudformation/aws/athena/workgroup.go | 2 +- .../aws/cloudfront/cloudfront.go | 2 +- .../aws/cloudfront/distribution.go | 4 +- .../aws/cloudtrail/cloudtrail.go | 2 +- .../cloudformation/aws/cloudtrail/trails.go | 2 +- .../aws/cloudwatch/cloudwatch.go | 2 +- .../aws/cloudwatch/log_group.go | 4 +- .../cloudformation/aws/codebuild/codebuild.go | 2 +- .../cloudformation/aws/codebuild/project.go | 4 +- .../cloudformation/aws/config/adapt_test.go | 4 +- .../cloudformation/aws/config/aggregator.go | 4 +- .../cloudformation/aws/config/config.go | 2 +- .../cloudformation/aws/documentdb/cluster.go | 4 +- .../aws/documentdb/documentdb.go | 2 +- .../cloudformation/aws/dynamodb/cluster.go | 4 +- .../cloudformation/aws/dynamodb/dynamodb.go | 2 +- .../cloudformation/aws/ec2/adapt_test.go | 4 +- .../adapters/cloudformation/aws/ec2/ec2.go | 2 +- .../cloudformation/aws/ec2/instance.go | 4 +- .../aws/ec2/launch_configuration.go | 4 +- .../cloudformation/aws/ec2/launch_template.go | 4 +- .../adapters/cloudformation/aws/ec2/nacl.go | 4 +- .../cloudformation/aws/ec2/security_group.go | 4 +- .../adapters/cloudformation/aws/ec2/subnet.go | 2 +- .../adapters/cloudformation/aws/ec2/volume.go | 2 +- .../adapters/cloudformation/aws/ecr/ecr.go | 2 +- .../cloudformation/aws/ecr/repository.go | 6 +- .../cloudformation/aws/ecs/cluster.go | 4 +- .../adapters/cloudformation/aws/ecs/ecs.go | 2 +- .../cloudformation/aws/ecs/task_definition.go | 4 +- .../adapters/cloudformation/aws/efs/efs.go | 2 +- .../cloudformation/aws/efs/filesystem.go | 2 +- .../cloudformation/aws/eks/cluster.go | 4 +- .../adapters/cloudformation/aws/eks/eks.go | 2 +- .../cloudformation/aws/elasticache/cluster.go | 2 +- .../aws/elasticache/elasticache.go | 2 +- .../aws/elasticache/replication_group.go | 2 +- .../aws/elasticache/security_group.go | 2 +- .../aws/elasticsearch/domain.go | 4 +- .../aws/elasticsearch/elasticsearch.go | 2 +- .../cloudformation/aws/elb/adapt_test.go | 4 +- .../adapters/cloudformation/aws/elb/elb.go | 2 +- .../cloudformation/aws/elb/loadbalancer.go | 4 +- .../adapters/cloudformation/aws/iam/iam.go | 4 +- .../adapters/cloudformation/aws/iam/policy.go | 4 +- .../cloudformation/aws/kinesis/kinesis.go | 2 +- .../cloudformation/aws/kinesis/stream.go | 4 +- .../cloudformation/aws/lambda/function.go | 4 +- .../cloudformation/aws/lambda/lambda.go | 2 +- .../adapters/cloudformation/aws/mq/broker.go | 4 +- pkg/iac/adapters/cloudformation/aws/mq/mq.go | 2 +- .../cloudformation/aws/msk/cluster.go | 4 +- .../adapters/cloudformation/aws/msk/msk.go | 2 +- .../cloudformation/aws/neptune/cluster.go | 4 +- .../cloudformation/aws/neptune/neptune.go | 2 +- .../cloudformation/aws/rds/adapt_test.go | 4 +- .../cloudformation/aws/rds/cluster.go | 4 +- .../cloudformation/aws/rds/instance.go | 4 +- .../aws/rds/parameter_groups.go | 4 +- .../adapters/cloudformation/aws/rds/rds.go | 2 +- .../cloudformation/aws/redshift/cluster.go | 4 +- .../cloudformation/aws/redshift/redshift.go | 2 +- .../aws/redshift/security_group.go | 2 +- .../adapters/cloudformation/aws/s3/bucket.go | 4 +- pkg/iac/adapters/cloudformation/aws/s3/s3.go | 2 +- .../adapters/cloudformation/aws/sam/api.go | 4 +- .../cloudformation/aws/sam/function.go | 6 +- .../cloudformation/aws/sam/http_api.go | 4 +- .../adapters/cloudformation/aws/sam/sam.go | 2 +- .../cloudformation/aws/sam/state_machines.go | 6 +- .../adapters/cloudformation/aws/sam/tables.go | 4 +- .../adapters/cloudformation/aws/sns/sns.go | 2 +- .../adapters/cloudformation/aws/sns/topic.go | 4 +- .../adapters/cloudformation/aws/sqs/queue.go | 6 +- .../adapters/cloudformation/aws/sqs/sqs.go | 2 +- .../adapters/cloudformation/aws/ssm/secret.go | 2 +- .../adapters/cloudformation/aws/ssm/ssm.go | 2 +- .../aws/workspaces/workspace.go | 2 +- .../aws/workspaces/workspaces.go | 2 +- pkg/iac/adapters/terraform/adapt.go | 4 +- .../aws/accessanalyzer/accessanalyzer.go | 6 +- pkg/iac/adapters/terraform/aws/adapt.go | 4 +- .../terraform/aws/apigateway/adapt.go | 8 +- .../terraform/aws/apigateway/adapt_test.go | 8 +- .../terraform/aws/apigateway/apiv1.go | 6 +- .../terraform/aws/apigateway/apiv1_test.go | 2 +- .../terraform/aws/apigateway/apiv2.go | 6 +- .../terraform/aws/apigateway/apiv2_test.go | 2 +- .../terraform/aws/apigateway/namesv1.go | 4 +- .../terraform/aws/apigateway/namesv1_test.go | 2 +- .../terraform/aws/apigateway/namesv2.go | 6 +- .../terraform/aws/apigateway/namesv2_test.go | 2 +- .../adapters/terraform/aws/athena/adapt.go | 6 +- .../terraform/aws/athena/adapt_test.go | 4 +- .../terraform/aws/cloudfront/adapt.go | 6 +- .../terraform/aws/cloudfront/adapt_test.go | 4 +- .../terraform/aws/cloudtrail/adapt.go | 4 +- .../terraform/aws/cloudtrail/adapt_test.go | 4 +- .../terraform/aws/cloudwatch/adapt.go | 6 +- .../terraform/aws/cloudwatch/adapt_test.go | 4 +- .../adapters/terraform/aws/codebuild/adapt.go | 6 +- .../terraform/aws/codebuild/adapt_test.go | 4 +- .../adapters/terraform/aws/config/adapt.go | 6 +- .../terraform/aws/config/adapt_test.go | 4 +- .../terraform/aws/documentdb/adapt.go | 6 +- .../terraform/aws/documentdb/adapt_test.go | 4 +- .../adapters/terraform/aws/dynamodb/adapt.go | 6 +- .../terraform/aws/dynamodb/adapt_test.go | 4 +- pkg/iac/adapters/terraform/aws/ec2/adapt.go | 6 +- .../adapters/terraform/aws/ec2/adapt_test.go | 4 +- .../adapters/terraform/aws/ec2/autoscaling.go | 6 +- .../terraform/aws/ec2/autoscaling_test.go | 4 +- pkg/iac/adapters/terraform/aws/ec2/subnet.go | 4 +- .../adapters/terraform/aws/ec2/subnet_test.go | 4 +- pkg/iac/adapters/terraform/aws/ec2/volume.go | 6 +- .../adapters/terraform/aws/ec2/volume_test.go | 4 +- pkg/iac/adapters/terraform/aws/ec2/vpc.go | 6 +- .../adapters/terraform/aws/ec2/vpc_test.go | 4 +- pkg/iac/adapters/terraform/aws/ecr/adapt.go | 8 +- .../adapters/terraform/aws/ecr/adapt_test.go | 6 +- pkg/iac/adapters/terraform/aws/ecs/adapt.go | 6 +- .../adapters/terraform/aws/ecs/adapt_test.go | 4 +- pkg/iac/adapters/terraform/aws/efs/adapt.go | 4 +- .../adapters/terraform/aws/efs/adapt_test.go | 4 +- pkg/iac/adapters/terraform/aws/eks/adapt.go | 6 +- .../adapters/terraform/aws/eks/adapt_test.go | 4 +- .../terraform/aws/elasticache/adapt.go | 4 +- .../terraform/aws/elasticache/adapt_test.go | 4 +- .../terraform/aws/elasticsearch/adapt.go | 6 +- .../terraform/aws/elasticsearch/adapt_test.go | 4 +- pkg/iac/adapters/terraform/aws/elb/adapt.go | 6 +- .../adapters/terraform/aws/elb/adapt_test.go | 4 +- pkg/iac/adapters/terraform/aws/emr/adapt.go | 4 +- .../adapters/terraform/aws/emr/adapt_test.go | 4 +- pkg/iac/adapters/terraform/aws/iam/adapt.go | 4 +- pkg/iac/adapters/terraform/aws/iam/convert.go | 6 +- pkg/iac/adapters/terraform/aws/iam/groups.go | 4 +- .../adapters/terraform/aws/iam/groups_test.go | 4 +- .../adapters/terraform/aws/iam/passwords.go | 6 +- .../terraform/aws/iam/passwords_test.go | 4 +- .../adapters/terraform/aws/iam/policies.go | 6 +- .../terraform/aws/iam/policies_test.go | 4 +- pkg/iac/adapters/terraform/aws/iam/roles.go | 4 +- .../adapters/terraform/aws/iam/roles_test.go | 4 +- pkg/iac/adapters/terraform/aws/iam/users.go | 6 +- .../adapters/terraform/aws/iam/users_test.go | 4 +- .../adapters/terraform/aws/kinesis/adapt.go | 6 +- .../terraform/aws/kinesis/adapt_test.go | 4 +- pkg/iac/adapters/terraform/aws/kms/adapt.go | 4 +- .../adapters/terraform/aws/kms/adapt_test.go | 4 +- .../adapters/terraform/aws/lambda/adapt.go | 6 +- .../terraform/aws/lambda/adapt_test.go | 4 +- pkg/iac/adapters/terraform/aws/mq/adapt.go | 6 +- .../adapters/terraform/aws/mq/adapt_test.go | 4 +- pkg/iac/adapters/terraform/aws/msk/adapt.go | 6 +- .../adapters/terraform/aws/msk/adapt_test.go | 4 +- .../adapters/terraform/aws/neptune/adapt.go | 6 +- .../terraform/aws/neptune/adapt_test.go | 4 +- .../adapters/terraform/aws/provider/adapt.go | 6 +- .../terraform/aws/provider/adapt_test.go | 4 +- pkg/iac/adapters/terraform/aws/rds/adapt.go | 6 +- .../adapters/terraform/aws/rds/adapt_test.go | 4 +- .../adapters/terraform/aws/redshift/adapt.go | 6 +- .../terraform/aws/redshift/adapt_test.go | 4 +- pkg/iac/adapters/terraform/aws/s3/adapt.go | 4 +- .../adapters/terraform/aws/s3/adapt_test.go | 6 +- pkg/iac/adapters/terraform/aws/s3/bucket.go | 6 +- pkg/iac/adapters/terraform/aws/s3/policies.go | 4 +- .../terraform/aws/s3/public_access_block.go | 2 +- pkg/iac/adapters/terraform/aws/sns/adapt.go | 6 +- .../adapters/terraform/aws/sns/adapt_test.go | 4 +- pkg/iac/adapters/terraform/aws/sqs/adapt.go | 8 +- .../adapters/terraform/aws/sqs/adapt_test.go | 6 +- pkg/iac/adapters/terraform/aws/ssm/adapt.go | 6 +- .../adapters/terraform/aws/ssm/adapt_test.go | 4 +- .../terraform/aws/workspaces/adapt.go | 6 +- .../terraform/aws/workspaces/adapt_test.go | 4 +- pkg/iac/adapters/terraform/azure/adapt.go | 4 +- .../terraform/azure/appservice/adapt.go | 6 +- .../terraform/azure/appservice/adapt_test.go | 4 +- .../terraform/azure/authorization/adapt.go | 4 +- .../azure/authorization/adapt_test.go | 4 +- .../adapters/terraform/azure/compute/adapt.go | 6 +- .../terraform/azure/compute/adapt_test.go | 4 +- .../terraform/azure/container/adapt.go | 6 +- .../terraform/azure/container/adapt_test.go | 4 +- .../terraform/azure/database/adapt.go | 6 +- .../terraform/azure/database/adapt_test.go | 4 +- .../terraform/azure/datafactory/adapt.go | 4 +- .../terraform/azure/datafactory/adapt_test.go | 4 +- .../terraform/azure/datalake/adapt.go | 6 +- .../terraform/azure/datalake/adapt_test.go | 4 +- .../terraform/azure/keyvault/adapt.go | 6 +- .../terraform/azure/keyvault/adapt_test.go | 4 +- .../adapters/terraform/azure/monitor/adapt.go | 6 +- .../terraform/azure/monitor/adapt_test.go | 4 +- .../adapters/terraform/azure/network/adapt.go | 6 +- .../terraform/azure/network/adapt_test.go | 4 +- .../terraform/azure/securitycenter/adapt.go | 4 +- .../azure/securitycenter/adapt_test.go | 4 +- .../adapters/terraform/azure/storage/adapt.go | 6 +- .../terraform/azure/storage/adapt_test.go | 4 +- .../adapters/terraform/azure/synapse/adapt.go | 4 +- .../terraform/azure/synapse/adapt_test.go | 4 +- .../adapters/terraform/cloudstack/adapt.go | 4 +- .../terraform/cloudstack/compute/adapt.go | 6 +- .../cloudstack/compute/adapt_test.go | 4 +- .../adapters/terraform/digitalocean/adapt.go | 4 +- .../terraform/digitalocean/compute/adapt.go | 4 +- .../digitalocean/compute/adapt_test.go | 4 +- .../terraform/digitalocean/spaces/adapt.go | 6 +- .../digitalocean/spaces/adapt_test.go | 4 +- pkg/iac/adapters/terraform/github/adapt.go | 4 +- .../github/branch_protections/adapt.go | 4 +- .../terraform/github/repositories/adapt.go | 6 +- .../terraform/github/secrets/adapt.go | 4 +- .../terraform/github/secrets/adapt_test.go | 4 +- pkg/iac/adapters/terraform/google/adapt.go | 4 +- .../terraform/google/bigquery/adapt.go | 4 +- .../terraform/google/bigquery/adapt_test.go | 4 +- .../terraform/google/compute/adapt.go | 4 +- .../terraform/google/compute/disks.go | 6 +- .../terraform/google/compute/disks_test.go | 4 +- .../terraform/google/compute/instances.go | 6 +- .../google/compute/instances_test.go | 4 +- .../terraform/google/compute/metadata.go | 6 +- .../terraform/google/compute/metadata_test.go | 4 +- .../terraform/google/compute/networks.go | 6 +- .../terraform/google/compute/networks_test.go | 4 +- .../adapters/terraform/google/compute/ssl.go | 4 +- .../terraform/google/compute/ssl_test.go | 4 +- .../adapters/terraform/google/dns/adapt.go | 6 +- .../terraform/google/dns/adapt_test.go | 4 +- .../adapters/terraform/google/gke/adapt.go | 6 +- .../terraform/google/gke/adapt_test.go | 4 +- .../adapters/terraform/google/iam/adapt.go | 6 +- .../terraform/google/iam/adapt_test.go | 4 +- .../adapters/terraform/google/iam/convert.go | 6 +- .../terraform/google/iam/folder_iam.go | 4 +- .../adapters/terraform/google/iam/folders.go | 2 +- .../adapters/terraform/google/iam/org_iam.go | 4 +- .../terraform/google/iam/project_iam.go | 6 +- .../terraform/google/iam/project_iam_test.go | 4 +- .../adapters/terraform/google/iam/projects.go | 2 +- .../iam/workload_identity_pool_providers.go | 2 +- .../adapters/terraform/google/kms/adapt.go | 6 +- .../terraform/google/kms/adapt_test.go | 4 +- .../adapters/terraform/google/sql/adapt.go | 6 +- .../terraform/google/sql/adapt_test.go | 4 +- .../terraform/google/storage/adapt.go | 6 +- .../terraform/google/storage/adapt_test.go | 6 +- .../adapters/terraform/google/storage/iam.go | 2 +- .../adapters/terraform/kubernetes/adapt.go | 4 +- .../terraform/nifcloud/computing/adapt.go | 4 +- .../terraform/nifcloud/computing/instance.go | 4 +- .../nifcloud/computing/instance_test.go | 4 +- .../nifcloud/computing/security_group.go | 6 +- .../nifcloud/computing/security_group_test.go | 4 +- .../adapters/terraform/nifcloud/dns/adapt.go | 4 +- .../adapters/terraform/nifcloud/dns/record.go | 4 +- .../terraform/nifcloud/dns/record_test.go | 4 +- .../adapters/terraform/nifcloud/nas/adapt.go | 4 +- .../terraform/nifcloud/nas/nas_instance.go | 4 +- .../nifcloud/nas/nas_instance_test.go | 4 +- .../nifcloud/nas/nas_security_group.go | 6 +- .../nifcloud/nas/nas_security_group_test.go | 4 +- .../terraform/nifcloud/network/adapt.go | 4 +- .../nifcloud/network/elastic_load_balancer.go | 4 +- .../network/elastic_load_balancer_test.go | 4 +- .../nifcloud/network/load_balancer.go | 6 +- .../nifcloud/network/load_balancer_test.go | 4 +- .../terraform/nifcloud/network/router.go | 6 +- .../terraform/nifcloud/network/router_test.go | 4 +- .../terraform/nifcloud/network/vpn_gateway.go | 4 +- .../nifcloud/network/vpn_gateway_test.go | 4 +- .../adapters/terraform/nifcloud/nifcloud.go | 4 +- .../adapters/terraform/nifcloud/rdb/adapt.go | 4 +- .../terraform/nifcloud/rdb/db_instance.go | 4 +- .../nifcloud/rdb/db_instance_test.go | 4 +- .../nifcloud/rdb/db_security_group.go | 6 +- .../nifcloud/rdb/db_security_group_test.go | 4 +- .../nifcloud/sslcertificate/adapt.go | 4 +- .../sslcertificate/server_certificate.go | 6 +- .../sslcertificate/server_certificate_test.go | 4 +- pkg/iac/adapters/terraform/openstack/adapt.go | 4 +- .../terraform/openstack/adapt_test.go | 4 +- .../terraform/openstack/networking.go | 6 +- pkg/iac/adapters/terraform/oracle/adapt.go | 4 +- .../adapters/terraform/tftestutil/testutil.go | 2 +- pkg/iac/debug/cgo_disabled.go | 5 + pkg/iac/debug/cgo_enabled.go | 5 + pkg/iac/debug/debug.go | 91 + pkg/iac/detection/detect.go | 2 +- pkg/iac/framework/frameworks.go | 11 + pkg/iac/providers/aws/accessanalyzer/aa.go | 19 + pkg/iac/providers/aws/apigateway/ag.go | 11 + .../providers/aws/apigateway/v1/apigateway.go | 62 + .../providers/aws/apigateway/v2/apigateway.go | 41 + pkg/iac/providers/aws/athena/athena.go | 35 + pkg/iac/providers/aws/aws.go | 80 + .../providers/aws/cloudfront/cloudfront.go | 45 + .../providers/aws/cloudtrail/cloudtrail.go | 42 + .../providers/aws/cloudwatch/cloudwatch.go | 63 + pkg/iac/providers/aws/codebuild/codebuild.go | 20 + pkg/iac/providers/aws/config/config.go | 14 + .../providers/aws/documentdb/documentdb.go | 29 + pkg/iac/providers/aws/dynamodb/dynamodb.go | 30 + pkg/iac/providers/aws/ec2/ec2.go | 12 + pkg/iac/providers/aws/ec2/instance.go | 54 + pkg/iac/providers/aws/ec2/launch.go | 29 + pkg/iac/providers/aws/ec2/subnet.go | 10 + pkg/iac/providers/aws/ec2/volume.go | 16 + pkg/iac/providers/aws/ec2/vpc.go | 52 + pkg/iac/providers/aws/ecr/ecr.go | 34 + pkg/iac/providers/aws/ecs/ecs.go | 119 + pkg/iac/providers/aws/efs/efs.go | 14 + pkg/iac/providers/aws/eks/eks.go | 32 + .../providers/aws/elasticache/elasticache.go | 29 + .../aws/elasticsearch/elasticsearch.go | 53 + pkg/iac/providers/aws/elb/elb.go | 36 + pkg/iac/providers/aws/emr/emr.go | 28 + pkg/iac/providers/aws/iam/actions.go | 5135 +++++++++++++ pkg/iac/providers/aws/iam/iam.go | 119 + pkg/iac/providers/aws/iam/passwords.go | 16 + pkg/iac/providers/aws/iam/wildcards.go | 10 + pkg/iac/providers/aws/kinesis/kinesis.go | 24 + pkg/iac/providers/aws/kms/kms.go | 19 + pkg/iac/providers/aws/lambda/lambda.go | 31 + pkg/iac/providers/aws/mq/mq.go | 21 + pkg/iac/providers/aws/msk/msk.go | 60 + pkg/iac/providers/aws/neptune/neptune.go | 21 + pkg/iac/providers/aws/provider.go | 77 + pkg/iac/providers/aws/rds/classic.go | 13 + pkg/iac/providers/aws/rds/rds.go | 127 + pkg/iac/providers/aws/redshift/redshift.go | 55 + pkg/iac/providers/aws/s3/bucket.go | 67 + .../aws/s3/bucket_public_access_block.go | 23 + pkg/iac/providers/aws/s3/s3.go | 5 + pkg/iac/providers/aws/sam/api.go | 38 + pkg/iac/providers/aws/sam/application.go | 17 + pkg/iac/providers/aws/sam/function.go | 25 + pkg/iac/providers/aws/sam/http_api.go | 20 + pkg/iac/providers/aws/sam/sam.go | 10 + pkg/iac/providers/aws/sam/state_machine.go | 25 + pkg/iac/providers/aws/sam/table.go | 18 + pkg/iac/providers/aws/sns/sns.go | 31 + pkg/iac/providers/aws/sqs/sqs.go | 23 + pkg/iac/providers/aws/ssm/ssm.go | 16 + .../providers/aws/workspaces/workspaces.go | 25 + .../providers/azure/appservice/appservice.go | 30 + .../azure/authorization/authorization.go | 20 + pkg/iac/providers/azure/azure.go | 33 + pkg/iac/providers/azure/compute/compute.go | 42 + .../providers/azure/container/container.go | 38 + pkg/iac/providers/azure/database/database.go | 68 + .../azure/datafactory/datafactory.go | 14 + pkg/iac/providers/azure/datalake/datalake.go | 14 + pkg/iac/providers/azure/keyvault/keyvault.go | 34 + pkg/iac/providers/azure/monitor/monitor.go | 22 + pkg/iac/providers/azure/network/network.go | 47 + .../azure/securitycenter/securitycenter.go | 26 + pkg/iac/providers/azure/storage/storage.go | 46 + pkg/iac/providers/azure/synapse/synapse.go | 14 + pkg/iac/providers/cloudstack/cloudstack.go | 9 + .../providers/cloudstack/compute/compute.go | 14 + .../providers/digitalocean/compute/compute.go | 50 + .../providers/digitalocean/digitalocean.go | 11 + .../providers/digitalocean/spaces/spaces.go | 28 + pkg/iac/providers/dockerfile/dockerfile.go | 61 + pkg/iac/providers/github/actions.go | 19 + .../providers/github/branch_protections.go | 14 + pkg/iac/providers/github/github.go | 7 + pkg/iac/providers/github/repositories.go | 16 + pkg/iac/providers/google/bigquery/bigquery.go | 26 + pkg/iac/providers/google/compute/compute.go | 9 + pkg/iac/providers/google/compute/disk.go | 17 + pkg/iac/providers/google/compute/firewall.go | 34 + pkg/iac/providers/google/compute/instance.go | 41 + pkg/iac/providers/google/compute/metadata.go | 10 + pkg/iac/providers/google/compute/network.go | 11 + .../providers/google/compute/ssl_policy.go | 12 + .../providers/google/compute/subnetwork.go | 12 + pkg/iac/providers/google/dns/dns.go | 31 + pkg/iac/providers/google/gke/gke.go | 86 + pkg/iac/providers/google/google.go | 23 + pkg/iac/providers/google/iam/iam.go | 88 + pkg/iac/providers/google/kms/kms.go | 19 + pkg/iac/providers/google/sql/sql.go | 78 + pkg/iac/providers/google/storage/storage.go | 25 + pkg/iac/providers/kubernetes/kubernetes.go | 38 + .../providers/nifcloud/computing/computing.go | 6 + .../providers/nifcloud/computing/instance.go | 16 + .../nifcloud/computing/security_group.go | 18 + pkg/iac/providers/nifcloud/dns/dns.go | 5 + pkg/iac/providers/nifcloud/dns/record.go | 13 + pkg/iac/providers/nifcloud/nas/nas.go | 6 + .../providers/nifcloud/nas/nas_instance.go | 10 + .../nifcloud/nas/nas_security_group.go | 11 + .../nifcloud/network/elastic_load_balancer.go | 16 + .../nifcloud/network/load_balancer.go | 16 + pkg/iac/providers/nifcloud/network/network.go | 16 + pkg/iac/providers/nifcloud/network/router.go | 11 + .../providers/nifcloud/network/vpn_gateway.go | 10 + pkg/iac/providers/nifcloud/nifcloud.go | 19 + pkg/iac/providers/nifcloud/rdb/db_instance.go | 14 + .../nifcloud/rdb/db_security_group.go | 11 + pkg/iac/providers/nifcloud/rdb/rdb.go | 6 + .../sslcertificate/server_certificate.go | 10 + .../sslcertificate/ssl_certificate.go | 5 + pkg/iac/providers/openstack/networking.go | 27 + pkg/iac/providers/openstack/openstack.go | 34 + pkg/iac/providers/oracle/oracle.go | 18 + pkg/iac/providers/provider.go | 51 + pkg/iac/rego/build.go | 84 + pkg/iac/rego/convert/anonymous.go | 47 + pkg/iac/rego/convert/converter.go | 5 + pkg/iac/rego/convert/slice.go | 32 + pkg/iac/rego/convert/slice_test.go | 57 + pkg/iac/rego/convert/struct.go | 68 + pkg/iac/rego/convert/struct_test.go | 21 + pkg/iac/rego/custom.go | 109 + pkg/iac/rego/embed.go | 107 + pkg/iac/rego/embed_test.go | 123 + pkg/iac/rego/exceptions.go | 33 + pkg/iac/rego/load.go | 210 + pkg/iac/rego/load_test.go | 46 + pkg/iac/rego/metadata.go | 393 + pkg/iac/rego/metadata_test.go | 191 + pkg/iac/rego/result.go | 166 + pkg/iac/rego/result_test.go | 104 + pkg/iac/rego/runtime.go | 28 + pkg/iac/rego/scanner.go | 411 + pkg/iac/rego/scanner_test.go | 978 +++ pkg/iac/rego/schemas/00_schema.go | 22 + pkg/iac/rego/schemas/builder.go | 270 + pkg/iac/rego/schemas/cloud.json | 6836 +++++++++++++++++ pkg/iac/rego/schemas/dockerfile.json | 70 + pkg/iac/rego/schemas/kubernetes.json | 51 + pkg/iac/rego/schemas/rbac.json | 51 + pkg/iac/rego/schemas/schemas.go | 16 + pkg/iac/rego/store.go | 48 + pkg/iac/rego/testdata/policies/._sysfile.rego | 0 pkg/iac/rego/testdata/policies/invalid.rego | 8 + pkg/iac/rego/testdata/policies/valid.rego | 8 + pkg/iac/rules/providers.go | 169 + pkg/iac/rules/register.go | 25 + pkg/iac/rules/register_internal.go | 137 + pkg/iac/rules/register_test.go | 139 + pkg/iac/rules/rules.go | 82 + pkg/iac/scan/code.go | 285 + pkg/iac/scan/code_test.go | 266 + pkg/iac/scan/flat.go | 72 + pkg/iac/scan/highlighting.go | 124 + pkg/iac/scan/result.go | 366 + pkg/iac/scan/result_test.go | 56 + pkg/iac/scan/rule.go | 168 + .../azure/arm/parser/armjson/bench_test.go | 2 +- .../azure/arm/parser/armjson/decode.go | 2 +- .../arm/parser/armjson/decode_meta_test.go | 2 +- .../scanners/azure/arm/parser/armjson/node.go | 2 +- .../azure/arm/parser/armjson/parse.go | 2 +- .../azure/arm/parser/armjson/parse_array.go | 2 +- .../arm/parser/armjson/parse_array_test.go | 2 +- .../azure/arm/parser/armjson/parse_boolean.go | 2 +- .../arm/parser/armjson/parse_boolean_test.go | 2 +- .../azure/arm/parser/armjson/parse_comment.go | 2 +- .../arm/parser/armjson/parse_complex_test.go | 2 +- .../azure/arm/parser/armjson/parse_null.go | 2 +- .../arm/parser/armjson/parse_null_test.go | 2 +- .../azure/arm/parser/armjson/parse_number.go | 2 +- .../arm/parser/armjson/parse_number_test.go | 2 +- .../azure/arm/parser/armjson/parse_object.go | 2 +- .../arm/parser/armjson/parse_object_test.go | 2 +- .../azure/arm/parser/armjson/parse_string.go | 2 +- .../arm/parser/armjson/parse_string_test.go | 2 +- .../azure/arm/parser/armjson/unmarshal.go | 2 +- pkg/iac/scanners/azure/arm/parser/parser.go | 6 +- .../scanners/azure/arm/parser/parser_test.go | 4 +- pkg/iac/scanners/azure/arm/parser/template.go | 2 +- .../azure/arm/parser/template_test.go | 2 +- pkg/iac/scanners/azure/arm/scanner.go | 16 +- pkg/iac/scanners/azure/deployment.go | 2 +- pkg/iac/scanners/azure/resolver/resolver.go | 2 +- .../scanners/azure/resolver/resolver_test.go | 2 +- pkg/iac/scanners/azure/value.go | 2 +- pkg/iac/scanners/azure/value_test.go | 2 +- .../cloudformation/parser/file_context.go | 2 +- .../cloudformation/parser/fn_and_test.go | 2 +- .../cloudformation/parser/fn_base64_test.go | 2 +- .../cloudformation/parser/fn_equals_test.go | 2 +- .../cloudformation/parser/fn_if_test.go | 2 +- .../cloudformation/parser/fn_join_test.go | 2 +- .../cloudformation/parser/fn_not_test.go | 2 +- .../cloudformation/parser/fn_or_test.go | 2 +- .../cloudformation/parser/fn_ref_test.go | 2 +- .../cloudformation/parser/fn_split_test.go | 2 +- .../scanners/cloudformation/parser/parser.go | 4 +- .../cloudformation/parser/property.go | 2 +- .../cloudformation/parser/property_helpers.go | 2 +- .../parser/property_helpers_test.go | 2 +- .../cloudformation/parser/reference.go | 2 +- .../cloudformation/parser/resource.go | 2 +- pkg/iac/scanners/cloudformation/scanner.go | 14 +- .../scanners/cloudformation/scanner_test.go | 6 +- .../cloudformation/test/cf_scanning_test.go | 2 +- pkg/iac/scanners/dockerfile/parser/parser.go | 6 +- pkg/iac/scanners/dockerfile/scanner.go | 12 +- pkg/iac/scanners/dockerfile/scanner_test.go | 10 +- pkg/iac/scanners/helm/options.go | 2 +- pkg/iac/scanners/helm/parser/option.go | 2 +- pkg/iac/scanners/helm/parser/parser.go | 4 +- pkg/iac/scanners/helm/scanner.go | 12 +- pkg/iac/scanners/helm/test/option_test.go | 2 +- pkg/iac/scanners/helm/test/scanner_test.go | 2 +- pkg/iac/scanners/json/parser/parser.go | 4 +- pkg/iac/scanners/json/scanner.go | 12 +- pkg/iac/scanners/json/scanner_test.go | 6 +- pkg/iac/scanners/kubernetes/parser/parser.go | 4 +- pkg/iac/scanners/kubernetes/scanner.go | 12 +- pkg/iac/scanners/kubernetes/scanner_test.go | 6 +- pkg/iac/scanners/options/parser.go | 23 + pkg/iac/scanners/options/scanner.go | 128 + pkg/iac/scanners/scanner.go | 2 +- pkg/iac/scanners/terraform/attribute_test.go | 2 +- pkg/iac/scanners/terraform/count_test.go | 10 +- .../scanners/terraform/deterministic_test.go | 2 +- .../scanners/terraform/executor/executor.go | 16 +- .../terraform/executor/executor_test.go | 10 +- pkg/iac/scanners/terraform/executor/option.go | 10 +- pkg/iac/scanners/terraform/executor/pool.go | 10 +- .../scanners/terraform/executor/statistics.go | 2 +- pkg/iac/scanners/terraform/fs_test.go | 2 +- pkg/iac/scanners/terraform/ignore_test.go | 10 +- pkg/iac/scanners/terraform/json_test.go | 10 +- pkg/iac/scanners/terraform/module_test.go | 12 +- pkg/iac/scanners/terraform/options.go | 8 +- .../scanners/terraform/parser/evaluator.go | 8 +- .../scanners/terraform/parser/load_blocks.go | 4 +- .../scanners/terraform/parser/load_module.go | 2 +- pkg/iac/scanners/terraform/parser/option.go | 2 +- pkg/iac/scanners/terraform/parser/parser.go | 8 +- .../scanners/terraform/parser/parser_test.go | 4 +- .../terraform/parser/resolvers/options.go | 2 +- pkg/iac/scanners/terraform/parser/sort.go | 2 +- .../scanners/terraform/performance_test.go | 2 +- pkg/iac/scanners/terraform/scanner.go | 14 +- .../terraform/scanner_integration_test.go | 2 +- pkg/iac/scanners/terraform/scanner_test.go | 14 +- pkg/iac/scanners/terraform/setup_test.go | 6 +- pkg/iac/scanners/terraform/wildcard_test.go | 8 +- .../scanners/terraformplan/parser/parser.go | 2 +- pkg/iac/scanners/terraformplan/scanner.go | 8 +- .../scanners/terraformplan/scanner_test.go | 2 +- .../terraformplan/test/scanner_test.go | 4 +- pkg/iac/scanners/toml/parser/parser.go | 4 +- pkg/iac/scanners/toml/scanner.go | 12 +- pkg/iac/scanners/toml/scanner_test.go | 6 +- pkg/iac/scanners/universal/scanner.go | 4 +- pkg/iac/scanners/yaml/parser/parser.go | 4 +- pkg/iac/scanners/yaml/scanner.go | 12 +- pkg/iac/scanners/yaml/scanner_test.go | 6 +- pkg/iac/severity/severity.go | 48 + pkg/iac/state/merge.go | 43 + pkg/iac/state/merge_test.go | 342 + pkg/iac/state/state.go | 34 + pkg/iac/state/state_test.go | 96 + pkg/iac/terraform/attribute.go | 1100 +++ pkg/iac/terraform/block.go | 459 ++ pkg/iac/terraform/blocks.go | 22 + pkg/iac/terraform/context/context.go | 134 + pkg/iac/terraform/context/context_test.go | 238 + pkg/iac/terraform/ignore.go | 100 + pkg/iac/terraform/module.go | 188 + pkg/iac/terraform/modules.go | 118 + pkg/iac/terraform/presets.go | 56 + pkg/iac/terraform/reference.go | 177 + pkg/iac/terraform/reference_test.go | 171 + pkg/iac/terraform/resource_block.go | 160 + pkg/iac/terraform/schema.go | 52 + pkg/iac/terraform/type.go | 108 + pkg/iac/terraform/value_functions.go | 87 + pkg/iac/types/bool.go | 92 + pkg/iac/types/bool_test.go | 46 + pkg/iac/types/bytes.go | 94 + pkg/iac/types/bytes_test.go | 21 + pkg/iac/types/compliance.go | 33 + pkg/iac/types/fskey.go | 14 + pkg/iac/types/fskey_test.go | 40 + pkg/iac/types/int.go | 114 + pkg/iac/types/int_test.go | 21 + pkg/iac/types/map.go | 92 + pkg/iac/types/map_test.go | 25 + pkg/iac/types/metadata.go | 222 + pkg/iac/types/metadata_test.go | 35 + pkg/iac/types/range.go | 148 + pkg/iac/types/rules/rule.go | 18 + pkg/iac/types/sources.go | 14 + pkg/iac/types/string.go | 189 + pkg/iac/types/string_test.go | 94 + pkg/iac/types/time.go | 102 + pkg/iac/types/time_test.go | 23 + pkg/misconf/scanner.go | 4 +- 651 files changed, 28973 insertions(+), 927 deletions(-) create mode 100644 cmd/iac/allowed_actions/main.go create mode 100644 cmd/iac/allowed_actions/main_test.go create mode 100644 cmd/iac/allowed_actions/testdata/list_amazoncloudwatch.html create mode 100644 cmd/iac/allowed_actions/testdata/reference_policies_actions-resources-contextkeys.html create mode 100644 cmd/iac/schema/main.go create mode 100644 pkg/iac/debug/cgo_disabled.go create mode 100644 pkg/iac/debug/cgo_enabled.go create mode 100644 pkg/iac/debug/debug.go create mode 100644 pkg/iac/framework/frameworks.go create mode 100644 pkg/iac/providers/aws/accessanalyzer/aa.go create mode 100644 pkg/iac/providers/aws/apigateway/ag.go create mode 100755 pkg/iac/providers/aws/apigateway/v1/apigateway.go create mode 100755 pkg/iac/providers/aws/apigateway/v2/apigateway.go create mode 100755 pkg/iac/providers/aws/athena/athena.go create mode 100755 pkg/iac/providers/aws/aws.go create mode 100755 pkg/iac/providers/aws/cloudfront/cloudfront.go create mode 100755 pkg/iac/providers/aws/cloudtrail/cloudtrail.go create mode 100755 pkg/iac/providers/aws/cloudwatch/cloudwatch.go create mode 100755 pkg/iac/providers/aws/codebuild/codebuild.go create mode 100755 pkg/iac/providers/aws/config/config.go create mode 100755 pkg/iac/providers/aws/documentdb/documentdb.go create mode 100755 pkg/iac/providers/aws/dynamodb/dynamodb.go create mode 100755 pkg/iac/providers/aws/ec2/ec2.go create mode 100755 pkg/iac/providers/aws/ec2/instance.go create mode 100644 pkg/iac/providers/aws/ec2/launch.go create mode 100644 pkg/iac/providers/aws/ec2/subnet.go create mode 100644 pkg/iac/providers/aws/ec2/volume.go create mode 100644 pkg/iac/providers/aws/ec2/vpc.go create mode 100755 pkg/iac/providers/aws/ecr/ecr.go create mode 100755 pkg/iac/providers/aws/ecs/ecs.go create mode 100755 pkg/iac/providers/aws/efs/efs.go create mode 100755 pkg/iac/providers/aws/eks/eks.go create mode 100755 pkg/iac/providers/aws/elasticache/elasticache.go create mode 100755 pkg/iac/providers/aws/elasticsearch/elasticsearch.go create mode 100755 pkg/iac/providers/aws/elb/elb.go create mode 100644 pkg/iac/providers/aws/emr/emr.go create mode 100644 pkg/iac/providers/aws/iam/actions.go create mode 100755 pkg/iac/providers/aws/iam/iam.go create mode 100755 pkg/iac/providers/aws/iam/passwords.go create mode 100755 pkg/iac/providers/aws/iam/wildcards.go create mode 100755 pkg/iac/providers/aws/kinesis/kinesis.go create mode 100755 pkg/iac/providers/aws/kms/kms.go create mode 100755 pkg/iac/providers/aws/lambda/lambda.go create mode 100755 pkg/iac/providers/aws/mq/mq.go create mode 100755 pkg/iac/providers/aws/msk/msk.go create mode 100755 pkg/iac/providers/aws/neptune/neptune.go create mode 100644 pkg/iac/providers/aws/provider.go create mode 100755 pkg/iac/providers/aws/rds/classic.go create mode 100755 pkg/iac/providers/aws/rds/rds.go create mode 100755 pkg/iac/providers/aws/redshift/redshift.go create mode 100755 pkg/iac/providers/aws/s3/bucket.go create mode 100755 pkg/iac/providers/aws/s3/bucket_public_access_block.go create mode 100755 pkg/iac/providers/aws/s3/s3.go create mode 100644 pkg/iac/providers/aws/sam/api.go create mode 100644 pkg/iac/providers/aws/sam/application.go create mode 100644 pkg/iac/providers/aws/sam/function.go create mode 100644 pkg/iac/providers/aws/sam/http_api.go create mode 100644 pkg/iac/providers/aws/sam/sam.go create mode 100644 pkg/iac/providers/aws/sam/state_machine.go create mode 100644 pkg/iac/providers/aws/sam/table.go create mode 100755 pkg/iac/providers/aws/sns/sns.go create mode 100755 pkg/iac/providers/aws/sqs/sqs.go create mode 100755 pkg/iac/providers/aws/ssm/ssm.go create mode 100755 pkg/iac/providers/aws/workspaces/workspaces.go create mode 100755 pkg/iac/providers/azure/appservice/appservice.go create mode 100755 pkg/iac/providers/azure/authorization/authorization.go create mode 100755 pkg/iac/providers/azure/azure.go create mode 100755 pkg/iac/providers/azure/compute/compute.go create mode 100755 pkg/iac/providers/azure/container/container.go create mode 100755 pkg/iac/providers/azure/database/database.go create mode 100755 pkg/iac/providers/azure/datafactory/datafactory.go create mode 100755 pkg/iac/providers/azure/datalake/datalake.go create mode 100755 pkg/iac/providers/azure/keyvault/keyvault.go create mode 100755 pkg/iac/providers/azure/monitor/monitor.go create mode 100755 pkg/iac/providers/azure/network/network.go create mode 100755 pkg/iac/providers/azure/securitycenter/securitycenter.go create mode 100755 pkg/iac/providers/azure/storage/storage.go create mode 100755 pkg/iac/providers/azure/synapse/synapse.go create mode 100755 pkg/iac/providers/cloudstack/cloudstack.go create mode 100755 pkg/iac/providers/cloudstack/compute/compute.go create mode 100755 pkg/iac/providers/digitalocean/compute/compute.go create mode 100755 pkg/iac/providers/digitalocean/digitalocean.go create mode 100755 pkg/iac/providers/digitalocean/spaces/spaces.go create mode 100644 pkg/iac/providers/dockerfile/dockerfile.go create mode 100644 pkg/iac/providers/github/actions.go create mode 100755 pkg/iac/providers/github/branch_protections.go create mode 100755 pkg/iac/providers/github/github.go create mode 100755 pkg/iac/providers/github/repositories.go create mode 100755 pkg/iac/providers/google/bigquery/bigquery.go create mode 100755 pkg/iac/providers/google/compute/compute.go create mode 100755 pkg/iac/providers/google/compute/disk.go create mode 100755 pkg/iac/providers/google/compute/firewall.go create mode 100755 pkg/iac/providers/google/compute/instance.go create mode 100755 pkg/iac/providers/google/compute/metadata.go create mode 100755 pkg/iac/providers/google/compute/network.go create mode 100755 pkg/iac/providers/google/compute/ssl_policy.go create mode 100755 pkg/iac/providers/google/compute/subnetwork.go create mode 100755 pkg/iac/providers/google/dns/dns.go create mode 100755 pkg/iac/providers/google/gke/gke.go create mode 100755 pkg/iac/providers/google/google.go create mode 100755 pkg/iac/providers/google/iam/iam.go create mode 100755 pkg/iac/providers/google/kms/kms.go create mode 100755 pkg/iac/providers/google/sql/sql.go create mode 100755 pkg/iac/providers/google/storage/storage.go create mode 100755 pkg/iac/providers/kubernetes/kubernetes.go create mode 100755 pkg/iac/providers/nifcloud/computing/computing.go create mode 100644 pkg/iac/providers/nifcloud/computing/instance.go create mode 100644 pkg/iac/providers/nifcloud/computing/security_group.go create mode 100755 pkg/iac/providers/nifcloud/dns/dns.go create mode 100644 pkg/iac/providers/nifcloud/dns/record.go create mode 100755 pkg/iac/providers/nifcloud/nas/nas.go create mode 100644 pkg/iac/providers/nifcloud/nas/nas_instance.go create mode 100644 pkg/iac/providers/nifcloud/nas/nas_security_group.go create mode 100644 pkg/iac/providers/nifcloud/network/elastic_load_balancer.go create mode 100644 pkg/iac/providers/nifcloud/network/load_balancer.go create mode 100755 pkg/iac/providers/nifcloud/network/network.go create mode 100644 pkg/iac/providers/nifcloud/network/router.go create mode 100644 pkg/iac/providers/nifcloud/network/vpn_gateway.go create mode 100755 pkg/iac/providers/nifcloud/nifcloud.go create mode 100644 pkg/iac/providers/nifcloud/rdb/db_instance.go create mode 100644 pkg/iac/providers/nifcloud/rdb/db_security_group.go create mode 100755 pkg/iac/providers/nifcloud/rdb/rdb.go create mode 100644 pkg/iac/providers/nifcloud/sslcertificate/server_certificate.go create mode 100755 pkg/iac/providers/nifcloud/sslcertificate/ssl_certificate.go create mode 100644 pkg/iac/providers/openstack/networking.go create mode 100755 pkg/iac/providers/openstack/openstack.go create mode 100755 pkg/iac/providers/oracle/oracle.go create mode 100755 pkg/iac/providers/provider.go create mode 100644 pkg/iac/rego/build.go create mode 100644 pkg/iac/rego/convert/anonymous.go create mode 100644 pkg/iac/rego/convert/converter.go create mode 100644 pkg/iac/rego/convert/slice.go create mode 100644 pkg/iac/rego/convert/slice_test.go create mode 100644 pkg/iac/rego/convert/struct.go create mode 100644 pkg/iac/rego/convert/struct_test.go create mode 100644 pkg/iac/rego/custom.go create mode 100644 pkg/iac/rego/embed.go create mode 100644 pkg/iac/rego/embed_test.go create mode 100644 pkg/iac/rego/exceptions.go create mode 100644 pkg/iac/rego/load.go create mode 100644 pkg/iac/rego/load_test.go create mode 100644 pkg/iac/rego/metadata.go create mode 100644 pkg/iac/rego/metadata_test.go create mode 100644 pkg/iac/rego/result.go create mode 100644 pkg/iac/rego/result_test.go create mode 100644 pkg/iac/rego/runtime.go create mode 100644 pkg/iac/rego/scanner.go create mode 100644 pkg/iac/rego/scanner_test.go create mode 100644 pkg/iac/rego/schemas/00_schema.go create mode 100644 pkg/iac/rego/schemas/builder.go create mode 100644 pkg/iac/rego/schemas/cloud.json create mode 100644 pkg/iac/rego/schemas/dockerfile.json create mode 100644 pkg/iac/rego/schemas/kubernetes.json create mode 100644 pkg/iac/rego/schemas/rbac.json create mode 100644 pkg/iac/rego/schemas/schemas.go create mode 100644 pkg/iac/rego/store.go create mode 100644 pkg/iac/rego/testdata/policies/._sysfile.rego create mode 100644 pkg/iac/rego/testdata/policies/invalid.rego create mode 100644 pkg/iac/rego/testdata/policies/valid.rego create mode 100644 pkg/iac/rules/providers.go create mode 100644 pkg/iac/rules/register.go create mode 100755 pkg/iac/rules/register_internal.go create mode 100644 pkg/iac/rules/register_test.go create mode 100644 pkg/iac/rules/rules.go create mode 100644 pkg/iac/scan/code.go create mode 100644 pkg/iac/scan/code_test.go create mode 100755 pkg/iac/scan/flat.go create mode 100644 pkg/iac/scan/highlighting.go create mode 100755 pkg/iac/scan/result.go create mode 100644 pkg/iac/scan/result_test.go create mode 100755 pkg/iac/scan/rule.go create mode 100644 pkg/iac/scanners/options/parser.go create mode 100644 pkg/iac/scanners/options/scanner.go create mode 100755 pkg/iac/severity/severity.go create mode 100644 pkg/iac/state/merge.go create mode 100644 pkg/iac/state/merge_test.go create mode 100755 pkg/iac/state/state.go create mode 100644 pkg/iac/state/state_test.go create mode 100644 pkg/iac/terraform/attribute.go create mode 100644 pkg/iac/terraform/block.go create mode 100644 pkg/iac/terraform/blocks.go create mode 100644 pkg/iac/terraform/context/context.go create mode 100644 pkg/iac/terraform/context/context_test.go create mode 100644 pkg/iac/terraform/ignore.go create mode 100644 pkg/iac/terraform/module.go create mode 100644 pkg/iac/terraform/modules.go create mode 100644 pkg/iac/terraform/presets.go create mode 100644 pkg/iac/terraform/reference.go create mode 100644 pkg/iac/terraform/reference_test.go create mode 100644 pkg/iac/terraform/resource_block.go create mode 100644 pkg/iac/terraform/schema.go create mode 100644 pkg/iac/terraform/type.go create mode 100644 pkg/iac/terraform/value_functions.go create mode 100755 pkg/iac/types/bool.go create mode 100755 pkg/iac/types/bool_test.go create mode 100755 pkg/iac/types/bytes.go create mode 100644 pkg/iac/types/bytes_test.go create mode 100644 pkg/iac/types/compliance.go create mode 100644 pkg/iac/types/fskey.go create mode 100644 pkg/iac/types/fskey_test.go create mode 100755 pkg/iac/types/int.go create mode 100644 pkg/iac/types/int_test.go create mode 100755 pkg/iac/types/map.go create mode 100644 pkg/iac/types/map_test.go create mode 100755 pkg/iac/types/metadata.go create mode 100644 pkg/iac/types/metadata_test.go create mode 100755 pkg/iac/types/range.go create mode 100644 pkg/iac/types/rules/rule.go create mode 100644 pkg/iac/types/sources.go create mode 100755 pkg/iac/types/string.go create mode 100755 pkg/iac/types/string_test.go create mode 100755 pkg/iac/types/time.go create mode 100644 pkg/iac/types/time_test.go diff --git a/cmd/iac/allowed_actions/main.go b/cmd/iac/allowed_actions/main.go new file mode 100644 index 000000000000..ffa60167c890 --- /dev/null +++ b/cmd/iac/allowed_actions/main.go @@ -0,0 +1,274 @@ +package main + +import ( + "bufio" + "context" + "errors" + "flag" + "fmt" + "log" + "os" + "path/filepath" + "sort" + "strings" + "sync" + "time" + + "github.com/antchfx/htmlquery" + "golang.org/x/net/html" + "golang.org/x/sync/errgroup" +) + +const ( + serviceAuthURL = "https://docs.aws.amazon.com/service-authorization/latest/reference/" + serviceActionReferencesURL = "https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html" +) + +const targetFile = "./pkg/providers/aws/iam/actions.go" + +func main() { + if err := run(); err != nil { + log.Fatal(err) + } +} + +const defaultParallel = 10 + +func run() error { + log.Println("Start parsing actions") + startTime := time.Now() + defer func() { + log.Printf("Parsing is completed. Duration %fs", time.Since(startTime).Seconds()) + }() + + limit := flag.Int("limit", defaultParallel, fmt.Sprintf("number of goroutines for scraping pages (default %d)", defaultParallel)) + flag.Parse() + + doc, err := htmlquery.LoadURL(serviceActionReferencesURL) + if err != nil { + return fmt.Errorf("failed to retrieve action references: %w", err) + } + urls, err := parseServiceURLs(doc) + if err != nil { + return err + } + + g, ctx := errgroup.WithContext(context.TODO()) + g.SetLimit(*limit) + + // actions may be the same for services of different versions, + // e.g. Elastic Load Balancing and Elastic Load Balancing V2 + actionsSet := make(map[string]struct{}) + + var mu sync.Mutex + + for _, url := range urls { + url := url + if ctx.Err() != nil { + break + } + g.Go(func() error { + serviceActions, err := parseActions(url) + if err != nil { + return fmt.Errorf("failed to parse actions from %q: %w", url, err) + } + + mu.Lock() + for _, act := range serviceActions { + actionsSet[act] = struct{}{} + } + mu.Unlock() + + return nil + }) + } + + if err := g.Wait(); err != nil { + return err + } + + actions := make([]string, 0, len(actionsSet)) + + for act := range actionsSet { + actions = append(actions, act) + } + + sort.Strings(actions) + + path := filepath.FromSlash(targetFile) + if err := generateFile(path, actions); err != nil { + return fmt.Errorf("failed to generate file: %w", err) + } + return nil +} + +func parseServiceURLs(doc *html.Node) ([]string, error) { + nodes, err := htmlquery.QueryAll(doc, `//div[@class="highlights"]/ul/li/a/@href`) + if err != nil { + return nil, fmt.Errorf("failed to search nodes: %w", err) + } + + res := make([]string, 0, len(nodes)) + + for _, node := range nodes { + // AWS Account Management + if node.FirstChild != nil { + res = append(res, serviceAuthURL+node.FirstChild.Data[2:]) + } + } + + return res, nil +} + +func parseActions(url string) ([]string, error) { + + doc, err := htmlquery.LoadURL(url) + if err != nil { + return nil, err + } + + servicePrefix, err := parseServicePrefix(doc) + if err != nil { + return nil, err + } + + actions, err := parseServiceActions(doc) + if err != nil { + return nil, err + } + + res := make([]string, 0, len(actions)) + + for _, act := range actions { + res = append(res, servicePrefix+":"+act) + } + + log.Printf("Parsing of %q actions is completed", servicePrefix) + + return res, nil +} + +func parseServiceActions(doc *html.Node) ([]string, error) { + table, err := htmlquery.Query(doc, `//div[@class="table-container"]/div/table/tbody`) + if table == nil { + return nil, errors.New("actions table not found") + } + if err != nil { + return nil, fmt.Errorf("failed to query tables: %w", err) + } + + var actions []string + + var f func(*html.Node) + f = func(n *html.Node) { + for _, tr := range findSubtags(n, "tr") { + var action string + for k, td := range findSubtags(tr, "td") { + // first column - action + if k == 0 { + if a := findSubtag(td, "a"); a != nil && a.FirstChild != nil { + action = a.FirstChild.Data + } + + // fourth column - resource type + // If the column is empty, then the action does not support resource-level permissions + // and you must specify all resources ("*") in your policy + } else if action != "" && k == 3 && td.FirstChild == nil { + actions = append(actions, action) + } + } + } + for c := n.FirstChild; c != nil; c = c.NextSibling { + f(c) + } + } + f(table) + + return actions, err +} + +func findSubtag(n *html.Node, tagName string) *html.Node { + for c := n.FirstChild; c != nil; c = c.NextSibling { + if c.Type == html.ElementNode && c.Data == tagName { + return c + } + } + + return nil +} + +func findSubtags(n *html.Node, tagName string) []*html.Node { + result := make([]*html.Node, 0) + for c := n.FirstChild; c != nil; c = c.NextSibling { + if c.Type == html.ElementNode && c.Data == tagName { + result = append(result, c) + } + } + return result +} + +func parseServicePrefix(doc *html.Node) (string, error) { + nodes, err := htmlquery.QueryAll(doc, `//div[@id="main-col-body"]/p/descendant-or-self::*/text()`) + if err != nil { + return "", fmt.Errorf("failed to query paragraph: %w", err) + } + + var sb strings.Builder + for _, node := range nodes { + sb.WriteString(node.Data) + } + + p := sb.String() + sb.Reset() + + idx := strings.Index(p, "service prefix: ") + if idx == -1 { + return "", fmt.Errorf("failed extract service prefix from text: %s", p) + } + idx += len("service prefix: ") + + if len(p)-1 <= idx { + return "", fmt.Errorf("failed to parse service prefix from text: %s", p) + } + + var parsed bool + for _, r := range p[idx:] { + if r == ')' { + parsed = true + break + } + sb.WriteRune(r) + } + + if !parsed { + return "", fmt.Errorf("failed to parse service prefix from text: %s", p) + } + + return sb.String(), nil +} + +func generateFile(path string, actions []string) error { + + f, err := os.Create(path) + if err != nil { + return fmt.Errorf("failed to create file: %w", err) + } + defer f.Close() + + w := bufio.NewWriter(f) + _, _ = w.WriteString( + `// Code generated by cmd/allowed_actions DO NOT EDIT. + +package iam + +var allowedActionsForResourceWildcardsMap = map[string]struct{}{ +`, + ) + + for _, action := range actions { + _, _ = w.WriteString("\t\"" + action + "\": {},\n") + } + _, _ = w.WriteString("}") + + return w.Flush() +} diff --git a/cmd/iac/allowed_actions/main_test.go b/cmd/iac/allowed_actions/main_test.go new file mode 100644 index 000000000000..c4d2b81f4183 --- /dev/null +++ b/cmd/iac/allowed_actions/main_test.go @@ -0,0 +1,98 @@ +package main + +import ( + "os" + "path/filepath" + "testing" + + "github.com/antchfx/htmlquery" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestParseActionTableURLs(t *testing.T) { + + doc, err := htmlquery.LoadDoc(filepath.Join("testdata", "reference_policies_actions-resources-contextkeys.html")) + require.NoError(t, err) + + urls, err := parseServiceURLs(doc) + require.NoError(t, err) + + expected := []string{ + "https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsaccountmanagement.html", + "https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsactivate.html", + "https://docs.aws.amazon.com/service-authorization/latest/reference/list_alexaforbusiness.html", + "https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonmediaimport.html", + "https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsamplify.html", + "https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsamplifyadmin.html", + "https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsamplifyuibuilder.html", + } + assert.Equal(t, expected, urls) +} + +func TestParseServicePrefix(t *testing.T) { + + doc, err := htmlquery.LoadDoc(filepath.Join("testdata", "list_amazoncloudwatch.html")) + require.NoError(t, err) + + servicePrefix, err := parseServicePrefix(doc) + require.NoError(t, err) + + assert.Equal(t, "cloudwatch", servicePrefix) +} + +func TestParseActionsFromTable(t *testing.T) { + + doc, err := htmlquery.LoadDoc(filepath.Join("testdata", "list_amazoncloudwatch.html")) + require.NoError(t, err) + + actions, err := parseServiceActions(doc) + require.NoError(t, err) + + expected := []string{ + "DeleteAnomalyDetector", + "DescribeAlarmsForMetric", + "DescribeAnomalyDetectors", + "DescribeInsightRules", + "GetMetricData", + "GetMetricStatistics", + "GetMetricWidgetImage", + "Link", + "ListDashboards", + "ListManagedInsightRules", + "ListMetricStreams", + "ListMetrics", + "PutAnomalyDetector", + "PutManagedInsightRules", + "PutMetricData", + } + + assert.Equal(t, expected, actions) +} + +func TestGenerateFile(t *testing.T) { + tmpDir := t.TempDir() + + actions := []string{ + "account:DisableRegion", + "account:EnableRegion", + "account:ListRegions", + } + path := filepath.Join(tmpDir, "test.go") + require.NoError(t, generateFile(path, actions)) + + expected := `// Code generated by cmd/allowed_actions DO NOT EDIT. + +package iam + +var allowedActionsForResourceWildcardsMap = map[string]struct{}{ + "account:DisableRegion": {}, + "account:EnableRegion": {}, + "account:ListRegions": {}, +}` + + b, err := os.ReadFile(path) + require.NoError(t, err) + + assert.Equal(t, expected, string(b)) +} diff --git a/cmd/iac/allowed_actions/testdata/list_amazoncloudwatch.html b/cmd/iac/allowed_actions/testdata/list_amazoncloudwatch.html new file mode 100644 index 000000000000..10c20f2f8159 --- /dev/null +++ b/cmd/iac/allowed_actions/testdata/list_amazoncloudwatch.html @@ -0,0 +1,958 @@ + + Actions, resources, and condition keys for Amazon CloudWatch - Service Authorization Reference
Actions, resources, and condition keys for Amazon CloudWatch - Service Authorization Reference
ActionsResource typesCondition keys

Actions, resources, and condition keys for Amazon CloudWatch

Amazon CloudWatch (service prefix: cloudwatch) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

+ + + +
+

Actions defined by Amazon CloudWatch

+

You can specify the following actions in the Action element of an IAM policy statement. Use policies to grant permissions to perform an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions.

+

The Resource types column of the Actions table indicates whether each action supports resource-level permissions. If there is no value for this column, you must specify all resources ("*") to which the policy applies in the Resource element of your policy statement. If the column includes a resource type, then you can specify an ARN of that type in a statement with that action. If the action has one or more required resources, the caller must have permission to use the action with those resources. Required resources are indicated in the table with an asterisk (*). If you limit resource access with the Resource element in an IAM policy, you must include an ARN or pattern for each required resource type. Some actions support multiple resource types. If the resource type is optional (not indicated as required), then you can choose to use one of the optional resource types.

+

The Condition keys column of the Actions table includes keys that you can specify in a policy statement's Condition element. For more information on the condition keys that are associated with resources for the service, see the Condition keys column of the Resource types table.

+
Note

Resource condition keys are listed in the Resource types table. You can find a link to the resource type that applies to an action in the Resource types (*required) column of the Actions table. The resource type in the Resource types table includes the Condition keys column, which are the resource condition keys that apply to an action in the Actions table.

+ +

For details about the columns in the following table, see Actions table.

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ActionsDescriptionAccess levelResource types (*required)Condition keysDependent actions
+ + DeleteAlarms + Grants permission to delete a collection of alarmsWrite +

+ alarm* +

+
+ + DeleteAnomalyDetector + Grants permission to delete the specified anomaly detection model from your accountWrite
+ + DeleteDashboards + Grants permission to delete all CloudWatch dashboards that you specifyWrite +

+ dashboard* +

+
+ + DeleteInsightRules + Grants permission to delete a collection of insight rulesWrite +

+ insight-rule* +

+
+ + DeleteMetricStream + Grants permission to delete the CloudWatch metric stream that you specifyWrite +

+ metric-stream* +

+
+ + DescribeAlarmHistory + Grants permission to retrieve the history for the specified alarmRead +

+ alarm* +

+
+ + DescribeAlarms + Grants permission to describe all alarms, currently owned by the user's accountRead +

+ alarm* +

+
+ + DescribeAlarmsForMetric + Grants permission to describe all alarms configured on the specified metric, currently owned by the user's accountRead
+ + DescribeAnomalyDetectors + Grants permission to list the anomaly detection models that you have created in your accountRead
+ + DescribeInsightRules + Grants permission to describe all insight rules, currently owned by the user's accountRead
+ + DisableAlarmActions + Grants permission to disable actions for a collection of alarmsWrite +

+ alarm* +

+
+ + DisableInsightRules + Grants permission to disable a collection of insight rulesWrite +

+ insight-rule* +

+
+ + EnableAlarmActions + Grants permission to enable actions for a collection of alarmsWrite +

+ alarm* +

+
+ + EnableInsightRules + Grants permission to enable a collection of insight rulesWrite +

+ insight-rule* +

+
+ + GetDashboard + Grants permission to display the details of the CloudWatch dashboard you specifyRead +

+ dashboard* +

+
+ + GetInsightRuleReport + Grants permission to return the top-N report of unique contributors over a time range for a given insight ruleRead +

+ insight-rule* +

+
+ + GetMetricData + Grants permission to retrieve batch amounts of CloudWatch metric data and perform metric math on retrieved dataRead
+ + GetMetricStatistics + Grants permission to retrieve statistics for the specified metricRead
+ + GetMetricStream + Grants permission to return the details of a CloudWatch metric streamRead +

+ metric-stream* +

+
+ + GetMetricWidgetImage + Grants permission to retrieve snapshots of metric widgetsRead
Grants permission to share CloudWatch resources with a monitoring accountWrite
+ + ListDashboards + Grants permission to return a list of all CloudWatch dashboards in your accountList
+ + ListManagedInsightRules + Grants permission to list available managed Insight Rules for a given Resource ARNRead +

+ aws:RequestTag/${TagKey} +

+

+ aws:TagKeys +

+

+ cloudwatch:requestManagedResourceARNs +

+
+ + ListMetricStreams + Grants permission to return a list of all CloudWatch metric streams in your accountList
+ + ListMetrics + Grants permission to retrieve a list of valid metrics stored for the AWS account ownerList
+ + ListTagsForResource + Grants permission to list tags for an Amazon CloudWatch resourceList +

+ alarm +

+
+

+ insight-rule +

+
+

+ SCENARIO: + CloudWatch-Alarm +

+ 		+

+ alarm* +

+
+

+ SCENARIO: + CloudWatch-InsightRule +

+ 		+

+ insight-rule* +

+
+ + PutAnomalyDetector + Grants permission to create or update an anomaly detection model for a CloudWatch metricWrite
+ + PutCompositeAlarm + Grants permission to create or update a composite alarmWrite +

+ alarm* +

+
+

+ aws:RequestTag/${TagKey} +

+

+ aws:TagKeys +

+

+ cloudwatch:AlarmActions +

+
+ + PutDashboard + Grants permission to create a CloudWatch dashboard, or update an existing dashboard if it already existsWrite +

+ dashboard* +

+
+ + PutInsightRule + Grants permission to create a new insight rule or replace an existing insight ruleWrite +

+ insight-rule* +

+
+

+ aws:RequestTag/${TagKey} +

+

+ aws:TagKeys +

+

+ cloudwatch:requestInsightRuleLogGroups +

+
+ + PutManagedInsightRules + Grants permission to create managed Insight RulesWrite +

+ aws:RequestTag/${TagKey} +

+

+ aws:TagKeys +

+

+ cloudwatch:requestManagedResourceARNs +

+
+ + PutMetricAlarm + Grants permission to create or update an alarm and associates it with the specified Amazon CloudWatch metricWrite +

+ alarm* +

+
+

+ aws:RequestTag/${TagKey} +

+

+ aws:TagKeys +

+

+ cloudwatch:AlarmActions +

+
+ + PutMetricData + Grants permission to publish metric data points to Amazon CloudWatchWrite +

+ cloudwatch:namespace +

+
+ + PutMetricStream + Grants permission to create a CloudWatch metric stream, or update an existing metric stream if it already existsWrite +

+ metric-stream* +

+
+

+ aws:RequestTag/${TagKey} +

+

+ aws:TagKeys +

+
+ + SetAlarmState + Grants permission to temporarily set the state of an alarm for testing purposesWrite +

+ alarm* +

+
+ + StartMetricStreams + Grants permission to start all CloudWatch metric streams that you specifyWrite +

+ metric-stream* +

+
+ + StopMetricStreams + Grants permission to stop all CloudWatch metric streams that you specifyWrite +

+ metric-stream* +

+
+ + TagResource + Grants permission to add tags to an Amazon CloudWatch resourceTagging +

+ alarm +

+
+

+ insight-rule +

+
+

+ aws:TagKeys +

+

+ aws:RequestTag/${TagKey} +

+
+

+ SCENARIO: + CloudWatch-Alarm +

+ 		+

+ alarm* +

+
+

+ SCENARIO: + CloudWatch-InsightRule +

+ 		+

+ insight-rule* +

+
+ + UntagResource + Grants permission to remove a tag from an Amazon CloudWatch resourceTagging +

+ alarm +

+
+

+ insight-rule +

+
+

+ aws:TagKeys +

+
+

+ SCENARIO: + CloudWatch-Alarm +

+ 		+

+ alarm* +

+
+

+ SCENARIO: + CloudWatch-InsightRule +

+ 		+

+ insight-rule* +

+
+ +

Resource types defined by Amazon CloudWatch

+ +

The following resource types are defined by this service and can be used in the Resource element of IAM permission policy statements. Each action in the Actions table identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the Resource types table. For details about the columns in the following table, see Resource types table.

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + +
Resource typesARNCondition keys
+ + alarm + + arn:${Partition}:cloudwatch:${Region}:${Account}:alarm:${AlarmName} + +

+ aws:ResourceTag/${TagKey} +

+
+ + dashboard + + arn:${Partition}:cloudwatch::${Account}:dashboard/${DashboardName} +
+ + insight-rule + + arn:${Partition}:cloudwatch:${Region}:${Account}:insight-rule/${InsightRuleName} + +

+ aws:ResourceTag/${TagKey} +

+
+ + metric-stream + + arn:${Partition}:cloudwatch:${Region}:${Account}:metric-stream/${MetricStreamName} + +

+ aws:ResourceTag/${TagKey} +

+
+ +

Condition keys for Amazon CloudWatch

+ +

Amazon CloudWatch defines the following condition keys that can be used in the Condition element of an IAM policy. You can use these keys to further refine the conditions under which the policy statement applies. For details about the columns in the following table, see Condition keys table.

+ +

To view the global condition keys that are available to all services, see Available global condition keys.

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Condition keysDescriptionType
+ + aws:RequestTag/${TagKey} + Filters actions based on the allowed set of values for each of the tagsString
+ + aws:ResourceTag/${TagKey} + Filters actions based on tag-value associated with the resourceString
+ + aws:TagKeys + Filters actions based on the presence of mandatory tags in the requestArrayOfString
+ + cloudwatch:AlarmActions + Filters actions based on defined alarm actionsArrayOfString
+ + cloudwatch:namespace + Filters actions based on the presence of optional namespace valuesString
+ + cloudwatch:requestInsightRuleLogGroups + Filters actions based on the Log Groups specified in an Insight RuleArrayOfString
+ + cloudwatch:requestManagedResourceARNs + Filters access by the Resource ARNs specified in a managed Insight RuleArrayOfARN
+
\ No newline at end of file diff --git a/cmd/iac/allowed_actions/testdata/reference_policies_actions-resources-contextkeys.html b/cmd/iac/allowed_actions/testdata/reference_policies_actions-resources-contextkeys.html new file mode 100644 index 000000000000..053322c7f6bc --- /dev/null +++ b/cmd/iac/allowed_actions/testdata/reference_policies_actions-resources-contextkeys.html @@ -0,0 +1,26 @@ +
+
+
Topics
+ +
+
diff --git a/cmd/iac/schema/main.go b/cmd/iac/schema/main.go new file mode 100644 index 000000000000..8c60e5d0fe0a --- /dev/null +++ b/cmd/iac/schema/main.go @@ -0,0 +1,78 @@ +package main + +import ( + "encoding/json" + "fmt" + "os" + + "github.com/aquasecurity/trivy/pkg/iac/rego/schemas" + "github.com/spf13/cobra" +) + +// generate a json schema document for cloud rego input (state.State) + +const schemaPath = "pkg/iac/rego/schemas/cloud.json" + +func main() { + if err := rootCmd.Execute(); err != nil { + _, _ = fmt.Fprintln(os.Stderr, err) + os.Exit(1) + } +} + +var rootCmd = &cobra.Command{ + Use: "schema", +} + +func init() { + rootCmd.AddCommand(generateCmd) + rootCmd.AddCommand(verifyCmd) +} + +var generateCmd = &cobra.Command{ + Use: "generate", + Short: "generate a json schema document for cloud rego input (state.State)", + RunE: func(cmd *cobra.Command, args []string) error { + cmd.SilenceErrors = true + cmd.SilenceUsage = true + schema, err := schemas.Build() + if err != nil { + return err + } + data, err := json.MarshalIndent(schema, "", " ") + if err != nil { + return err + } + if err := os.WriteFile(schemaPath, data, 0600); err != nil { + return err + } + fmt.Println("done") + return nil + }, +} + +var verifyCmd = &cobra.Command{ + Use: "verify", + Short: "verify that the schema is up to date", + RunE: func(cmd *cobra.Command, args []string) error { + cmd.SilenceErrors = true + cmd.SilenceUsage = true + schema, err := schemas.Build() + if err != nil { + return err + } + data, err := json.MarshalIndent(schema, "", " ") + if err != nil { + return err + } + existing, err := os.ReadFile(schemaPath) + if err != nil { + return err + } + if string(data) != string(existing) { + return fmt.Errorf("schema is out of date:\n\nplease run 'make schema' and commit the changes") + } + fmt.Println("schema is valid") + return nil + }, +} diff --git a/go.mod b/go.mod index d08e0100d209..704a885ac413 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/NYTimes/gziphandler v1.1.1 github.com/alicebob/miniredis/v2 v2.31.1 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 - github.com/aquasecurity/defsec v0.94.2-0.20240119001230-c2d65f49dfeb + github.com/aquasecurity/defsec v0.94.2-0.20240119001230-c2d65f49dfeb // indirect github.com/aquasecurity/go-dep-parser v0.0.0-20240208080026-8cc7d408bce4 github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 @@ -27,7 +27,7 @@ require ( github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 github.com/aquasecurity/trivy-kubernetes v0.6.3-0.20240118072219-c433b06f98e1 - github.com/aquasecurity/trivy-policies v0.8.0 + github.com/aquasecurity/trivy-policies v0.9.0 github.com/aws/aws-sdk-go-v2 v1.24.1 github.com/aws/aws-sdk-go-v2/config v1.26.6 github.com/aws/aws-sdk-go-v2/credentials v1.16.16 @@ -41,7 +41,7 @@ require ( github.com/cheggaaa/pb/v3 v3.1.4 github.com/containerd/containerd v1.7.12 github.com/csaf-poc/csaf_distribution/v3 v3.0.0 - github.com/docker/docker v25.0.1+incompatible + github.com/docker/docker v25.0.2+incompatible github.com/docker/go-connections v0.5.0 github.com/fatih/color v1.15.0 github.com/go-git/go-git/v5 v5.11.0 @@ -117,6 +117,8 @@ require ( ) require ( + github.com/alecthomas/chroma v0.10.0 + github.com/antchfx/htmlquery v1.3.0 github.com/apparentlymart/go-cidr v1.1.0 github.com/aws/smithy-go v1.19.0 github.com/bitnami/go-version v0.0.0-20231130084017-bb00604d650c @@ -127,9 +129,11 @@ require ( github.com/liamg/memoryfs v1.6.0 github.com/mitchellh/go-homedir v1.1.0 github.com/olekukonko/tablewriter v0.0.5 + github.com/owenrumney/squealer v1.2.1 github.com/zclconf/go-cty v1.13.0 github.com/zclconf/go-cty-yaml v1.0.3 golang.org/x/crypto v0.18.0 + golang.org/x/net v0.20.0 helm.sh/helm/v3 v3.14.0 ) @@ -164,9 +168,9 @@ require ( github.com/VividCortex/ewma v1.2.0 // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/agnivade/levenshtein v1.1.1 // indirect - github.com/alecthomas/chroma v0.10.0 // indirect github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a // indirect github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect + github.com/antchfx/xpath v1.2.3 // indirect github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect @@ -276,7 +280,6 @@ require ( github.com/golang-jwt/jwt/v5 v5.0.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/google/btree v1.1.2 // indirect - github.com/google/flatbuffers v2.0.8+incompatible // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect @@ -340,7 +343,6 @@ require ( github.com/opencontainers/runtime-spec v1.1.0 // indirect github.com/opencontainers/selinux v1.11.0 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect - github.com/owenrumney/squealer v1.2.1 // indirect github.com/pelletier/go-toml/v2 v2.1.0 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect @@ -385,7 +387,6 @@ require ( go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/goleak v1.3.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/net v0.20.0 // indirect golang.org/x/oauth2 v0.15.0 // indirect golang.org/x/sys v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect @@ -430,3 +431,5 @@ require ( // testcontainers-go has a bug with versions v0.25.0 and v0.26.0 // ref: https://github.com/testcontainers/testcontainers-go/issues/1782 replace github.com/testcontainers/testcontainers-go => github.com/testcontainers/testcontainers-go v0.23.0 + +replace github.com/aquasecurity/trivy-policies => /Users/simarpreetsingh/repos/trivy-policies diff --git a/go.sum b/go.sum index 19b3fa3f5ef7..9b71d6264f65 100644 --- a/go.sum +++ b/go.sum @@ -312,6 +312,10 @@ github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 h1:aM1 github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092/go.mod h1:rYqSE9HbjzpHTI74vwPvae4ZVYZd1lue2ta6xHPdblA= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= +github.com/antchfx/htmlquery v1.3.0 h1:5I5yNFOVI+egyia5F2s/5Do2nFWxJz41Tr3DyfKD25E= +github.com/antchfx/htmlquery v1.3.0/go.mod h1:zKPDVTMhfOmcwxheXUsx4rKJy8KEY/PU6eXr/2SebQ8= +github.com/antchfx/xpath v1.2.3 h1:CCZWOzv5bAqjVv0offZ2LVgVYFbeldKQVuLNbViZdes= +github.com/antchfx/xpath v1.2.3/go.mod h1:i54GszH55fYfBmoZXapTHN8T8tkcHfRgLyVwwqzXNcs= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/apparentlymart/go-cidr v1.1.0 h1:2mAhrMoF+nhXqxTzSZMUzDHkLjmIHC+Zzn4tdgBZjnU= github.com/apparentlymart/go-cidr v1.1.0/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc= @@ -352,8 +356,6 @@ github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 h1:JVgB github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8= github.com/aquasecurity/trivy-kubernetes v0.6.3-0.20240118072219-c433b06f98e1 h1:/LsIHMQJ4SOxZeib/bvLP7S3YDTXJVIsQyS4kIIP0GQ= github.com/aquasecurity/trivy-kubernetes v0.6.3-0.20240118072219-c433b06f98e1/go.mod h1:v6B8SO2ep718ccGbbjhpzMn6p27IijS+dMb+MeYz3jQ= -github.com/aquasecurity/trivy-policies v0.8.0 h1:LvmIdw/DfTF72Lc8L+CKLYzfb5BFYzLBGFFR95PKC74= -github.com/aquasecurity/trivy-policies v0.8.0/go.mod h1:qF/t59pgK/0JTV6tXaeA3Iw3opzoMgzGCDcTDBmqb30= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= @@ -718,8 +720,8 @@ github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBi github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v20.10.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v23.0.0-rc.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v25.0.1+incompatible h1:k5TYd5rIVQRSqcTwCID+cyVA0yRg86+Pcrz1ls0/frA= -github.com/docker/docker v25.0.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v25.0.2+incompatible h1:/OaKeauroa10K4Nqavw4zlhcDq/WBcPMc5DbjOGgozY= +github.com/docker/docker v25.0.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= @@ -1873,6 +1875,7 @@ golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfS golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= +golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= @@ -2038,6 +2041,7 @@ golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= @@ -2047,6 +2051,7 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= +golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE= @@ -2062,6 +2067,7 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= diff --git a/internal/testutil/util.go b/internal/testutil/util.go index 706c99c40b14..f16b95acaae3 100644 --- a/internal/testutil/util.go +++ b/internal/testutil/util.go @@ -11,7 +11,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/aquasecurity/defsec/pkg/scan" + "github.com/aquasecurity/trivy/pkg/iac/scan" ) func AssertRuleFound(t *testing.T, ruleID string, results scan.Results, message string, args ...interface{}) { diff --git a/pkg/cloud/aws/cache/cache.go b/pkg/cloud/aws/cache/cache.go index ce3f9776f02a..660cb24b443b 100644 --- a/pkg/cloud/aws/cache/cache.go +++ b/pkg/cloud/aws/cache/cache.go @@ -9,7 +9,7 @@ import ( "strings" "time" - "github.com/aquasecurity/defsec/pkg/state" + "github.com/aquasecurity/trivy/pkg/iac/state" ) type Cache struct { diff --git a/pkg/cloud/aws/commands/run_test.go b/pkg/cloud/aws/commands/run_test.go index 3d9d01f17292..d96985e393c4 100644 --- a/pkg/cloud/aws/commands/run_test.go +++ b/pkg/cloud/aws/commands/run_test.go @@ -3,19 +3,20 @@ package commands import ( "bytes" "context" - "github.com/aquasecurity/trivy/pkg/clock" "os" "path/filepath" "testing" "time" + "github.com/aquasecurity/trivy/pkg/clock" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/compliance/spec" "github.com/aquasecurity/trivy/pkg/flag" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) const expectedS3ScanResult = `{ diff --git a/pkg/cloud/aws/scanner/scanner.go b/pkg/cloud/aws/scanner/scanner.go index 9c0514691c7c..d91721512505 100644 --- a/pkg/cloud/aws/scanner/scanner.go +++ b/pkg/cloud/aws/scanner/scanner.go @@ -7,14 +7,14 @@ import ( "golang.org/x/xerrors" - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/scanners/options" - "github.com/aquasecurity/defsec/pkg/state" aws "github.com/aquasecurity/trivy-aws/pkg/scanner" "github.com/aquasecurity/trivy/pkg/cloud/aws/cache" "github.com/aquasecurity/trivy/pkg/commands/operation" "github.com/aquasecurity/trivy/pkg/flag" + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/state" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/misconf" ) diff --git a/pkg/cloud/report/convert.go b/pkg/cloud/report/convert.go index d1e41bcb2fe9..96956bbcbb94 100644 --- a/pkg/cloud/report/convert.go +++ b/pkg/cloud/report/convert.go @@ -7,8 +7,8 @@ import ( "github.com/aws/aws-sdk-go-v2/aws/arn" - "github.com/aquasecurity/defsec/pkg/scan" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" + "github.com/aquasecurity/trivy/pkg/iac/scan" "github.com/aquasecurity/trivy/pkg/types" ) diff --git a/pkg/cloud/report/convert_test.go b/pkg/cloud/report/convert_test.go index 6b2025209394..c1a3027d0ff5 100644 --- a/pkg/cloud/report/convert_test.go +++ b/pkg/cloud/report/convert_test.go @@ -7,9 +7,9 @@ import ( "github.com/aws/aws-sdk-go-v2/aws/arn" "github.com/stretchr/testify/assert" - "github.com/aquasecurity/defsec/pkg/scan" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" fanaltypes "github.com/aquasecurity/trivy/pkg/fanal/types" + "github.com/aquasecurity/trivy/pkg/iac/scan" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/types" ) diff --git a/pkg/cloud/report/report.go b/pkg/cloud/report/report.go index c60e00b45360..b2a9d50cf507 100644 --- a/pkg/cloud/report/report.go +++ b/pkg/cloud/report/report.go @@ -9,12 +9,12 @@ import ( "golang.org/x/xerrors" - "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/tml" "github.com/aquasecurity/trivy/pkg/clock" cr "github.com/aquasecurity/trivy/pkg/compliance/report" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/flag" + "github.com/aquasecurity/trivy/pkg/iac/scan" pkgReport "github.com/aquasecurity/trivy/pkg/report" "github.com/aquasecurity/trivy/pkg/result" "github.com/aquasecurity/trivy/pkg/types" diff --git a/pkg/cloud/report/service_test.go b/pkg/cloud/report/service_test.go index 55dd6cf5f77d..521a0c97b2fd 100644 --- a/pkg/cloud/report/service_test.go +++ b/pkg/cloud/report/service_test.go @@ -3,18 +3,19 @@ package report import ( "bytes" "context" - "github.com/aquasecurity/trivy/pkg/clock" "testing" "time" + "github.com/aquasecurity/trivy/pkg/clock" + "github.com/aws/aws-sdk-go-v2/aws/arn" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/aquasecurity/defsec/pkg/scan" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/flag" + "github.com/aquasecurity/trivy/pkg/iac/scan" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Test_ServiceReport(t *testing.T) { diff --git a/pkg/compliance/report/report.go b/pkg/compliance/report/report.go index 61a4973b2b0a..fb82b940952c 100644 --- a/pkg/compliance/report/report.go +++ b/pkg/compliance/report/report.go @@ -6,9 +6,9 @@ import ( "golang.org/x/xerrors" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/compliance/spec" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/types" ) diff --git a/pkg/compliance/report/report_test.go b/pkg/compliance/report/report_test.go index b6a1dcc6bcc5..30a659d0e5c2 100644 --- a/pkg/compliance/report/report_test.go +++ b/pkg/compliance/report/report_test.go @@ -6,12 +6,12 @@ import ( "github.com/stretchr/testify/assert" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability" "github.com/aquasecurity/trivy/pkg/compliance/report" "github.com/aquasecurity/trivy/pkg/compliance/spec" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/types" ) diff --git a/pkg/compliance/spec/compliance.go b/pkg/compliance/spec/compliance.go index 73b7dfe635c1..7c4bae65d363 100644 --- a/pkg/compliance/spec/compliance.go +++ b/pkg/compliance/spec/compliance.go @@ -9,8 +9,8 @@ import ( "golang.org/x/xerrors" "gopkg.in/yaml.v3" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" sp "github.com/aquasecurity/trivy-policies/pkg/spec" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/types" ) diff --git a/pkg/compliance/spec/compliance_test.go b/pkg/compliance/spec/compliance_test.go index f34722525e1f..3ec700a2f45e 100644 --- a/pkg/compliance/spec/compliance_test.go +++ b/pkg/compliance/spec/compliance_test.go @@ -6,8 +6,8 @@ import ( "github.com/stretchr/testify/assert" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/pkg/compliance/spec" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/types" ) diff --git a/pkg/fanal/analyzer/imgconf/dockerfile/dockerfile_test.go b/pkg/fanal/analyzer/imgconf/dockerfile/dockerfile_test.go index 61ba06f00142..681d886d97d5 100644 --- a/pkg/fanal/analyzer/imgconf/dockerfile/dockerfile_test.go +++ b/pkg/fanal/analyzer/imgconf/dockerfile/dockerfile_test.go @@ -5,6 +5,7 @@ import ( "testing" "time" + "github.com/aquasecurity/trivy/pkg/misconf" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -248,7 +249,26 @@ func Test_historyAnalyzer_Analyze(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - a, err := newHistoryAnalyzer(analyzer.ConfigAnalyzerOptions{}) + a, err := newHistoryAnalyzer(analyzer.ConfigAnalyzerOptions{ + MisconfScannerOption: misconf.ScannerOption{ + Debug: false, + Trace: false, + RegoOnly: false, + Namespaces: nil, + PolicyPaths: nil, + DataPaths: nil, + DisableEmbeddedPolicies: false, + DisableEmbeddedLibraries: false, + HelmValues: nil, + HelmValueFiles: nil, + HelmFileValues: nil, + HelmStringValues: nil, + TerraformTFVars: nil, + CloudFormationParamVars: nil, + TfExcludeDownloaded: false, + K8sVersion: "", + }, + }) require.NoError(t, err) got, err := a.Analyze(context.Background(), tt.input) if tt.wantErr { diff --git a/pkg/fanal/secret/builtin-rules.go b/pkg/fanal/secret/builtin-rules.go index 47eaa716f34d..6b102fbbed92 100644 --- a/pkg/fanal/secret/builtin-rules.go +++ b/pkg/fanal/secret/builtin-rules.go @@ -5,8 +5,8 @@ import ( "github.com/samber/lo" - defsecRules "github.com/aquasecurity/defsec/pkg/rules" "github.com/aquasecurity/trivy/pkg/fanal/types" + defsecRules "github.com/aquasecurity/trivy/pkg/iac/rules" ) var ( diff --git a/pkg/flag/report_flags_test.go b/pkg/flag/report_flags_test.go index 4207aa2747d1..4c0489d72774 100644 --- a/pkg/flag/report_flags_test.go +++ b/pkg/flag/report_flags_test.go @@ -8,10 +8,10 @@ import ( "go.uber.org/zap" "go.uber.org/zap/zaptest/observer" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/compliance/spec" "github.com/aquasecurity/trivy/pkg/flag" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/types" ) diff --git a/pkg/iac/adapters/arm/adapt.go b/pkg/iac/adapters/arm/adapt.go index f8985a51d61f..a6bcbec2a42e 100644 --- a/pkg/iac/adapters/arm/adapt.go +++ b/pkg/iac/adapters/arm/adapt.go @@ -3,8 +3,6 @@ package arm import ( "context" - "github.com/aquasecurity/defsec/pkg/providers/azure" - "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy/pkg/iac/adapters/arm/appservice" "github.com/aquasecurity/trivy/pkg/iac/adapters/arm/authorization" "github.com/aquasecurity/trivy/pkg/iac/adapters/arm/compute" @@ -18,7 +16,9 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/adapters/arm/securitycenter" "github.com/aquasecurity/trivy/pkg/iac/adapters/arm/storage" "github.com/aquasecurity/trivy/pkg/iac/adapters/arm/synapse" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure" scanner "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" + "github.com/aquasecurity/trivy/pkg/iac/state" ) // Adapt adapts an azure arm instance diff --git a/pkg/iac/adapters/arm/appservice/adapt.go b/pkg/iac/adapters/arm/appservice/adapt.go index 78922d30f281..3858d78c2ee9 100644 --- a/pkg/iac/adapters/arm/appservice/adapt.go +++ b/pkg/iac/adapters/arm/appservice/adapt.go @@ -1,9 +1,9 @@ package appservice import ( - "github.com/aquasecurity/defsec/pkg/providers/azure/appservice" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/appservice" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(deployment azure.Deployment) appservice.AppService { diff --git a/pkg/iac/adapters/arm/authorization/adapt.go b/pkg/iac/adapters/arm/authorization/adapt.go index aa5a2e80d642..08798665eaab 100644 --- a/pkg/iac/adapters/arm/authorization/adapt.go +++ b/pkg/iac/adapters/arm/authorization/adapt.go @@ -1,7 +1,7 @@ package authorization import ( - "github.com/aquasecurity/defsec/pkg/providers/azure/authorization" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/authorization" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" ) diff --git a/pkg/iac/adapters/arm/compute/adapt.go b/pkg/iac/adapters/arm/compute/adapt.go index bc072571c7f3..aa85aa52eddf 100644 --- a/pkg/iac/adapters/arm/compute/adapt.go +++ b/pkg/iac/adapters/arm/compute/adapt.go @@ -1,9 +1,9 @@ package compute import ( - "github.com/aquasecurity/defsec/pkg/providers/azure/compute" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/compute" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(deployment azure.Deployment) compute.Compute { diff --git a/pkg/iac/adapters/arm/compute/adapt_test.go b/pkg/iac/adapters/arm/compute/adapt_test.go index 03cd1a52d504..2021e08b95a8 100644 --- a/pkg/iac/adapters/arm/compute/adapt_test.go +++ b/pkg/iac/adapters/arm/compute/adapt_test.go @@ -3,8 +3,8 @@ package compute import ( "testing" - "github.com/aquasecurity/defsec/pkg/types" azure2 "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/arm/container/adapt.go b/pkg/iac/adapters/arm/container/adapt.go index 0748411ad282..2172553e4cfb 100644 --- a/pkg/iac/adapters/arm/container/adapt.go +++ b/pkg/iac/adapters/arm/container/adapt.go @@ -1,7 +1,7 @@ package container import ( - "github.com/aquasecurity/defsec/pkg/providers/azure/container" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/container" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" ) diff --git a/pkg/iac/adapters/arm/database/adapt.go b/pkg/iac/adapters/arm/database/adapt.go index 7c32428847a6..834865fc22d0 100644 --- a/pkg/iac/adapters/arm/database/adapt.go +++ b/pkg/iac/adapters/arm/database/adapt.go @@ -1,7 +1,7 @@ package database import ( - "github.com/aquasecurity/defsec/pkg/providers/azure/database" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/database" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" ) diff --git a/pkg/iac/adapters/arm/database/firewall.go b/pkg/iac/adapters/arm/database/firewall.go index c25412871a30..ff6ff5a56cd3 100644 --- a/pkg/iac/adapters/arm/database/firewall.go +++ b/pkg/iac/adapters/arm/database/firewall.go @@ -1,7 +1,7 @@ package database import ( - "github.com/aquasecurity/defsec/pkg/providers/azure/database" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/database" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" ) diff --git a/pkg/iac/adapters/arm/database/maria.go b/pkg/iac/adapters/arm/database/maria.go index 853426ad84bd..083c3b0540e5 100644 --- a/pkg/iac/adapters/arm/database/maria.go +++ b/pkg/iac/adapters/arm/database/maria.go @@ -1,7 +1,7 @@ package database import ( - "github.com/aquasecurity/defsec/pkg/providers/azure/database" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/database" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" ) diff --git a/pkg/iac/adapters/arm/database/mssql.go b/pkg/iac/adapters/arm/database/mssql.go index 08b2ccdc2bec..25d69a73c6e2 100644 --- a/pkg/iac/adapters/arm/database/mssql.go +++ b/pkg/iac/adapters/arm/database/mssql.go @@ -1,9 +1,9 @@ package database import ( - "github.com/aquasecurity/defsec/pkg/providers/azure/database" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/database" azure2 "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptMSSQLServers(deployment azure2.Deployment) (msSQlServers []database.MSSQLServer) { diff --git a/pkg/iac/adapters/arm/database/postgresql.go b/pkg/iac/adapters/arm/database/postgresql.go index b4e37e7c43c2..6314bf494c7d 100644 --- a/pkg/iac/adapters/arm/database/postgresql.go +++ b/pkg/iac/adapters/arm/database/postgresql.go @@ -4,9 +4,9 @@ import ( "fmt" "strings" - "github.com/aquasecurity/defsec/pkg/providers/azure/database" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/database" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptPostgreSQLServers(deployment azure.Deployment) (databases []database.PostgreSQLServer) { diff --git a/pkg/iac/adapters/arm/datafactory/adapt.go b/pkg/iac/adapters/arm/datafactory/adapt.go index dfc94b537311..3dbb44ecd0b0 100644 --- a/pkg/iac/adapters/arm/datafactory/adapt.go +++ b/pkg/iac/adapters/arm/datafactory/adapt.go @@ -1,7 +1,7 @@ package datafactory import ( - "github.com/aquasecurity/defsec/pkg/providers/azure/datafactory" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/datafactory" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" ) diff --git a/pkg/iac/adapters/arm/datalake/adapt.go b/pkg/iac/adapters/arm/datalake/adapt.go index b11d43618f25..301650d50114 100644 --- a/pkg/iac/adapters/arm/datalake/adapt.go +++ b/pkg/iac/adapters/arm/datalake/adapt.go @@ -1,7 +1,7 @@ package datalake import ( - "github.com/aquasecurity/defsec/pkg/providers/azure/datalake" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/datalake" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" ) diff --git a/pkg/iac/adapters/arm/keyvault/adapt.go b/pkg/iac/adapters/arm/keyvault/adapt.go index b1eef216cf85..71a1fbd54f33 100644 --- a/pkg/iac/adapters/arm/keyvault/adapt.go +++ b/pkg/iac/adapters/arm/keyvault/adapt.go @@ -1,7 +1,7 @@ package keyvault import ( - "github.com/aquasecurity/defsec/pkg/providers/azure/keyvault" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/keyvault" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" ) diff --git a/pkg/iac/adapters/arm/monitor/adapt.go b/pkg/iac/adapters/arm/monitor/adapt.go index 271bc2ea58d8..e821ec256c92 100644 --- a/pkg/iac/adapters/arm/monitor/adapt.go +++ b/pkg/iac/adapters/arm/monitor/adapt.go @@ -1,9 +1,9 @@ package monitor import ( - "github.com/aquasecurity/defsec/pkg/providers/azure/monitor" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/monitor" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(deployment azure.Deployment) monitor.Monitor { diff --git a/pkg/iac/adapters/arm/network/adapt.go b/pkg/iac/adapters/arm/network/adapt.go index 2ed036c193d2..6145ad5215d3 100644 --- a/pkg/iac/adapters/arm/network/adapt.go +++ b/pkg/iac/adapters/arm/network/adapt.go @@ -4,9 +4,9 @@ import ( "strconv" "strings" - "github.com/aquasecurity/defsec/pkg/providers/azure/network" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/network" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(deployment azure.Deployment) network.Network { diff --git a/pkg/iac/adapters/arm/securitycenter/adapt.go b/pkg/iac/adapters/arm/securitycenter/adapt.go index dfa44e943cf8..69a5de5b8d79 100644 --- a/pkg/iac/adapters/arm/securitycenter/adapt.go +++ b/pkg/iac/adapters/arm/securitycenter/adapt.go @@ -1,7 +1,7 @@ package securitycenter import ( - "github.com/aquasecurity/defsec/pkg/providers/azure/securitycenter" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/securitycenter" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" ) diff --git a/pkg/iac/adapters/arm/storage/adapt.go b/pkg/iac/adapters/arm/storage/adapt.go index 10d60b1f3cd0..1b10ebbe9ad8 100644 --- a/pkg/iac/adapters/arm/storage/adapt.go +++ b/pkg/iac/adapters/arm/storage/adapt.go @@ -3,9 +3,9 @@ package storage import ( "strings" - "github.com/aquasecurity/defsec/pkg/providers/azure/storage" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/storage" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(deployment azure.Deployment) storage.Storage { diff --git a/pkg/iac/adapters/arm/storage/adapt_test.go b/pkg/iac/adapters/arm/storage/adapt_test.go index 4735af9cdf47..31d95e814d6e 100644 --- a/pkg/iac/adapters/arm/storage/adapt_test.go +++ b/pkg/iac/adapters/arm/storage/adapt_test.go @@ -6,7 +6,7 @@ import ( azure2 "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" "github.com/stretchr/testify/assert" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/adapters/arm/synapse/adapt.go b/pkg/iac/adapters/arm/synapse/adapt.go index e295772091bc..649831e16a9a 100644 --- a/pkg/iac/adapters/arm/synapse/adapt.go +++ b/pkg/iac/adapters/arm/synapse/adapt.go @@ -1,9 +1,9 @@ package synapse import ( - "github.com/aquasecurity/defsec/pkg/providers/azure/synapse" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/synapse" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(deployment azure.Deployment) synapse.Synapse { diff --git a/pkg/iac/adapters/cloudformation/adapt.go b/pkg/iac/adapters/cloudformation/adapt.go index 8b7eb58e4933..da2d2595892d 100644 --- a/pkg/iac/adapters/cloudformation/adapt.go +++ b/pkg/iac/adapters/cloudformation/adapt.go @@ -1,9 +1,9 @@ package cloudformation import ( - "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy/pkg/iac/adapters/cloudformation/aws" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/state" ) // Adapt adapts the Cloudformation instance diff --git a/pkg/iac/adapters/cloudformation/aws/accessanalyzer/accessanalyzer.go b/pkg/iac/adapters/cloudformation/aws/accessanalyzer/accessanalyzer.go index 3afc0b146756..e6f7031a58d5 100644 --- a/pkg/iac/adapters/cloudformation/aws/accessanalyzer/accessanalyzer.go +++ b/pkg/iac/adapters/cloudformation/aws/accessanalyzer/accessanalyzer.go @@ -1,7 +1,7 @@ package accessanalyzer import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/accessanalyzer" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/accessanalyzer" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/accessanalyzer/analyzer.go b/pkg/iac/adapters/cloudformation/aws/accessanalyzer/analyzer.go index c592f1348ad7..c81802d60e0e 100644 --- a/pkg/iac/adapters/cloudformation/aws/accessanalyzer/analyzer.go +++ b/pkg/iac/adapters/cloudformation/aws/accessanalyzer/analyzer.go @@ -1,9 +1,9 @@ package accessanalyzer import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/accessanalyzer" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/accessanalyzer" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func getAccessAnalyzer(ctx parser.FileContext) (analyzers []accessanalyzer.Analyzer) { diff --git a/pkg/iac/adapters/cloudformation/aws/adapt.go b/pkg/iac/adapters/cloudformation/aws/adapt.go index 18f36e2fa9ed..e8c10edf0855 100644 --- a/pkg/iac/adapters/cloudformation/aws/adapt.go +++ b/pkg/iac/adapters/cloudformation/aws/adapt.go @@ -1,7 +1,6 @@ package aws import ( - "github.com/aquasecurity/defsec/pkg/providers/aws" "github.com/aquasecurity/trivy/pkg/iac/adapters/cloudformation/aws/apigateway" "github.com/aquasecurity/trivy/pkg/iac/adapters/cloudformation/aws/athena" "github.com/aquasecurity/trivy/pkg/iac/adapters/cloudformation/aws/cloudfront" @@ -33,6 +32,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/adapters/cloudformation/aws/sqs" "github.com/aquasecurity/trivy/pkg/iac/adapters/cloudformation/aws/ssm" "github.com/aquasecurity/trivy/pkg/iac/adapters/cloudformation/aws/workspaces" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/apigateway/apigateway.go b/pkg/iac/adapters/cloudformation/aws/apigateway/apigateway.go index fbe540024123..bbc79623a6c4 100644 --- a/pkg/iac/adapters/cloudformation/aws/apigateway/apigateway.go +++ b/pkg/iac/adapters/cloudformation/aws/apigateway/apigateway.go @@ -1,9 +1,9 @@ package apigateway import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway" - v1 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v1" - v2 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v2" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway" + v1 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v1" + v2 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v2" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/apigateway/stage.go b/pkg/iac/adapters/cloudformation/aws/apigateway/stage.go index 7c8360899a4b..c79f89fda5ea 100644 --- a/pkg/iac/adapters/cloudformation/aws/apigateway/stage.go +++ b/pkg/iac/adapters/cloudformation/aws/apigateway/stage.go @@ -1,9 +1,9 @@ package apigateway import ( - v2 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v2" - "github.com/aquasecurity/defsec/pkg/types" + v2 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v2" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func getApis(cfFile parser2.FileContext) (apis []v2.API) { diff --git a/pkg/iac/adapters/cloudformation/aws/athena/athena.go b/pkg/iac/adapters/cloudformation/aws/athena/athena.go index 14c8254e01a9..b23a1936c179 100644 --- a/pkg/iac/adapters/cloudformation/aws/athena/athena.go +++ b/pkg/iac/adapters/cloudformation/aws/athena/athena.go @@ -1,7 +1,7 @@ package athena import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/athena" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/athena" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/athena/workgroup.go b/pkg/iac/adapters/cloudformation/aws/athena/workgroup.go index b62eef37566a..916e2ac4b6f8 100644 --- a/pkg/iac/adapters/cloudformation/aws/athena/workgroup.go +++ b/pkg/iac/adapters/cloudformation/aws/athena/workgroup.go @@ -1,7 +1,7 @@ package athena import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/athena" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/athena" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/cloudfront/cloudfront.go b/pkg/iac/adapters/cloudformation/aws/cloudfront/cloudfront.go index dad0b1b6ed3b..0cfe00145907 100644 --- a/pkg/iac/adapters/cloudformation/aws/cloudfront/cloudfront.go +++ b/pkg/iac/adapters/cloudformation/aws/cloudfront/cloudfront.go @@ -1,7 +1,7 @@ package cloudfront import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/cloudfront" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudfront" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/cloudfront/distribution.go b/pkg/iac/adapters/cloudformation/aws/cloudfront/distribution.go index c0687d4cffb0..0364dc82d052 100644 --- a/pkg/iac/adapters/cloudformation/aws/cloudfront/distribution.go +++ b/pkg/iac/adapters/cloudformation/aws/cloudfront/distribution.go @@ -1,9 +1,9 @@ package cloudfront import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/cloudfront" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudfront" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func getDistributions(ctx parser2.FileContext) (distributions []cloudfront.Distribution) { diff --git a/pkg/iac/adapters/cloudformation/aws/cloudtrail/cloudtrail.go b/pkg/iac/adapters/cloudformation/aws/cloudtrail/cloudtrail.go index 982c68ca5ed4..04270579dbcd 100644 --- a/pkg/iac/adapters/cloudformation/aws/cloudtrail/cloudtrail.go +++ b/pkg/iac/adapters/cloudformation/aws/cloudtrail/cloudtrail.go @@ -1,7 +1,7 @@ package cloudtrail import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/cloudtrail" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudtrail" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/cloudtrail/trails.go b/pkg/iac/adapters/cloudformation/aws/cloudtrail/trails.go index 60c8f4417187..fc9c3871cbba 100644 --- a/pkg/iac/adapters/cloudformation/aws/cloudtrail/trails.go +++ b/pkg/iac/adapters/cloudformation/aws/cloudtrail/trails.go @@ -1,7 +1,7 @@ package cloudtrail import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/cloudtrail" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudtrail" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/cloudwatch/cloudwatch.go b/pkg/iac/adapters/cloudformation/aws/cloudwatch/cloudwatch.go index dcc7074008fd..1c6efa85a891 100644 --- a/pkg/iac/adapters/cloudformation/aws/cloudwatch/cloudwatch.go +++ b/pkg/iac/adapters/cloudformation/aws/cloudwatch/cloudwatch.go @@ -1,7 +1,7 @@ package cloudwatch import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/cloudwatch" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudwatch" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/cloudwatch/log_group.go b/pkg/iac/adapters/cloudformation/aws/cloudwatch/log_group.go index 0f513a314006..81730f050ecf 100644 --- a/pkg/iac/adapters/cloudformation/aws/cloudwatch/log_group.go +++ b/pkg/iac/adapters/cloudformation/aws/cloudwatch/log_group.go @@ -1,9 +1,9 @@ package cloudwatch import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/cloudwatch" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudwatch" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func getLogGroups(ctx parser.FileContext) (logGroups []cloudwatch.LogGroup) { diff --git a/pkg/iac/adapters/cloudformation/aws/codebuild/codebuild.go b/pkg/iac/adapters/cloudformation/aws/codebuild/codebuild.go index 1a36b5d1406f..8951f230ee98 100644 --- a/pkg/iac/adapters/cloudformation/aws/codebuild/codebuild.go +++ b/pkg/iac/adapters/cloudformation/aws/codebuild/codebuild.go @@ -1,7 +1,7 @@ package codebuild import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/codebuild" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/codebuild" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/codebuild/project.go b/pkg/iac/adapters/cloudformation/aws/codebuild/project.go index 431a369218b1..9c0541831223 100644 --- a/pkg/iac/adapters/cloudformation/aws/codebuild/project.go +++ b/pkg/iac/adapters/cloudformation/aws/codebuild/project.go @@ -1,9 +1,9 @@ package codebuild import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/codebuild" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/codebuild" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func getProjects(ctx parser2.FileContext) (projects []codebuild.Project) { diff --git a/pkg/iac/adapters/cloudformation/aws/config/adapt_test.go b/pkg/iac/adapters/cloudformation/aws/config/adapt_test.go index 1c9fbb0860ef..1a8f30e018f6 100644 --- a/pkg/iac/adapters/cloudformation/aws/config/adapt_test.go +++ b/pkg/iac/adapters/cloudformation/aws/config/adapt_test.go @@ -4,10 +4,10 @@ import ( "context" "testing" - "github.com/aquasecurity/defsec/pkg/providers/aws/config" - "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/config" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/adapters/cloudformation/aws/config/aggregator.go b/pkg/iac/adapters/cloudformation/aws/config/aggregator.go index ee29524c22dc..4acd00b31d61 100644 --- a/pkg/iac/adapters/cloudformation/aws/config/aggregator.go +++ b/pkg/iac/adapters/cloudformation/aws/config/aggregator.go @@ -1,9 +1,9 @@ package config import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/config" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/config" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getConfigurationAggregator(ctx parser2.FileContext) config.ConfigurationAggregrator { diff --git a/pkg/iac/adapters/cloudformation/aws/config/config.go b/pkg/iac/adapters/cloudformation/aws/config/config.go index 164b6ed22f87..a9634252694e 100644 --- a/pkg/iac/adapters/cloudformation/aws/config/config.go +++ b/pkg/iac/adapters/cloudformation/aws/config/config.go @@ -1,7 +1,7 @@ package config import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/config" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/config" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/documentdb/cluster.go b/pkg/iac/adapters/cloudformation/aws/documentdb/cluster.go index 762e90e54e47..568fcfb44f72 100644 --- a/pkg/iac/adapters/cloudformation/aws/documentdb/cluster.go +++ b/pkg/iac/adapters/cloudformation/aws/documentdb/cluster.go @@ -1,9 +1,9 @@ package documentdb import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/documentdb" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/documentdb" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func getClusters(ctx parser2.FileContext) (clusters []documentdb.Cluster) { diff --git a/pkg/iac/adapters/cloudformation/aws/documentdb/documentdb.go b/pkg/iac/adapters/cloudformation/aws/documentdb/documentdb.go index 23e5c7087d9a..40b0c6ffae44 100644 --- a/pkg/iac/adapters/cloudformation/aws/documentdb/documentdb.go +++ b/pkg/iac/adapters/cloudformation/aws/documentdb/documentdb.go @@ -1,7 +1,7 @@ package documentdb import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/documentdb" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/documentdb" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/dynamodb/cluster.go b/pkg/iac/adapters/cloudformation/aws/dynamodb/cluster.go index 76e28c971939..8432f40005c1 100644 --- a/pkg/iac/adapters/cloudformation/aws/dynamodb/cluster.go +++ b/pkg/iac/adapters/cloudformation/aws/dynamodb/cluster.go @@ -1,9 +1,9 @@ package dynamodb import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/dynamodb" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/dynamodb" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getClusters(file parser.FileContext) (clusters []dynamodb.DAXCluster) { diff --git a/pkg/iac/adapters/cloudformation/aws/dynamodb/dynamodb.go b/pkg/iac/adapters/cloudformation/aws/dynamodb/dynamodb.go index 6129be5b0cb6..c841e0671520 100644 --- a/pkg/iac/adapters/cloudformation/aws/dynamodb/dynamodb.go +++ b/pkg/iac/adapters/cloudformation/aws/dynamodb/dynamodb.go @@ -1,7 +1,7 @@ package dynamodb import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/dynamodb" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/dynamodb" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/ec2/adapt_test.go b/pkg/iac/adapters/cloudformation/aws/ec2/adapt_test.go index f4fb8e843f72..7e7ece3df765 100644 --- a/pkg/iac/adapters/cloudformation/aws/ec2/adapt_test.go +++ b/pkg/iac/adapters/cloudformation/aws/ec2/adapt_test.go @@ -4,10 +4,10 @@ import ( "context" "testing" - "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" - "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/adapters/cloudformation/aws/ec2/ec2.go b/pkg/iac/adapters/cloudformation/aws/ec2/ec2.go index 38157fbd3ea4..93056580c9b4 100644 --- a/pkg/iac/adapters/cloudformation/aws/ec2/ec2.go +++ b/pkg/iac/adapters/cloudformation/aws/ec2/ec2.go @@ -1,7 +1,7 @@ package ec2 import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/ec2/instance.go b/pkg/iac/adapters/cloudformation/aws/ec2/instance.go index 93d9e2eb3783..d3c1f7a43bb5 100644 --- a/pkg/iac/adapters/cloudformation/aws/ec2/instance.go +++ b/pkg/iac/adapters/cloudformation/aws/ec2/instance.go @@ -1,9 +1,9 @@ package ec2 import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getInstances(ctx parser2.FileContext) (instances []ec2.Instance) { diff --git a/pkg/iac/adapters/cloudformation/aws/ec2/launch_configuration.go b/pkg/iac/adapters/cloudformation/aws/ec2/launch_configuration.go index 21051ad1e7e2..9dcd80f5d47f 100644 --- a/pkg/iac/adapters/cloudformation/aws/ec2/launch_configuration.go +++ b/pkg/iac/adapters/cloudformation/aws/ec2/launch_configuration.go @@ -1,9 +1,9 @@ package ec2 import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func getLaunchConfigurations(file parser.FileContext) (launchConfigurations []ec2.LaunchConfiguration) { diff --git a/pkg/iac/adapters/cloudformation/aws/ec2/launch_template.go b/pkg/iac/adapters/cloudformation/aws/ec2/launch_template.go index 5069107c17a3..e22ac9abed3d 100644 --- a/pkg/iac/adapters/cloudformation/aws/ec2/launch_template.go +++ b/pkg/iac/adapters/cloudformation/aws/ec2/launch_template.go @@ -1,9 +1,9 @@ package ec2 import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func getLaunchTemplates(file parser2.FileContext) (templates []ec2.LaunchTemplate) { diff --git a/pkg/iac/adapters/cloudformation/aws/ec2/nacl.go b/pkg/iac/adapters/cloudformation/aws/ec2/nacl.go index 6c6de06e9559..21d5546ffadf 100644 --- a/pkg/iac/adapters/cloudformation/aws/ec2/nacl.go +++ b/pkg/iac/adapters/cloudformation/aws/ec2/nacl.go @@ -3,9 +3,9 @@ package ec2 import ( "strconv" - "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getNetworkACLs(ctx parser.FileContext) (acls []ec2.NetworkACL) { diff --git a/pkg/iac/adapters/cloudformation/aws/ec2/security_group.go b/pkg/iac/adapters/cloudformation/aws/ec2/security_group.go index c6447f38a3fa..687fd12d4366 100644 --- a/pkg/iac/adapters/cloudformation/aws/ec2/security_group.go +++ b/pkg/iac/adapters/cloudformation/aws/ec2/security_group.go @@ -1,9 +1,9 @@ package ec2 import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func getSecurityGroups(ctx parser2.FileContext) (groups []ec2.SecurityGroup) { diff --git a/pkg/iac/adapters/cloudformation/aws/ec2/subnet.go b/pkg/iac/adapters/cloudformation/aws/ec2/subnet.go index be75af836593..725a441429e1 100644 --- a/pkg/iac/adapters/cloudformation/aws/ec2/subnet.go +++ b/pkg/iac/adapters/cloudformation/aws/ec2/subnet.go @@ -1,7 +1,7 @@ package ec2 import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/ec2/volume.go b/pkg/iac/adapters/cloudformation/aws/ec2/volume.go index b1e48835a0a6..35c22e053cfc 100644 --- a/pkg/iac/adapters/cloudformation/aws/ec2/volume.go +++ b/pkg/iac/adapters/cloudformation/aws/ec2/volume.go @@ -1,7 +1,7 @@ package ec2 import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/ecr/ecr.go b/pkg/iac/adapters/cloudformation/aws/ecr/ecr.go index 80119315af78..c7552132d862 100644 --- a/pkg/iac/adapters/cloudformation/aws/ecr/ecr.go +++ b/pkg/iac/adapters/cloudformation/aws/ecr/ecr.go @@ -1,7 +1,7 @@ package ecr import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ecr" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ecr" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/ecr/repository.go b/pkg/iac/adapters/cloudformation/aws/ecr/repository.go index 298d18ec0500..83a319a200dd 100644 --- a/pkg/iac/adapters/cloudformation/aws/ecr/repository.go +++ b/pkg/iac/adapters/cloudformation/aws/ecr/repository.go @@ -5,10 +5,10 @@ import ( "github.com/liamg/iamgo" - "github.com/aquasecurity/defsec/pkg/providers/aws/ecr" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ecr" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getRepositories(ctx parser2.FileContext) (repositories []ecr.Repository) { diff --git a/pkg/iac/adapters/cloudformation/aws/ecs/cluster.go b/pkg/iac/adapters/cloudformation/aws/ecs/cluster.go index c2c584ddb92f..6359dbc4cc93 100644 --- a/pkg/iac/adapters/cloudformation/aws/ecs/cluster.go +++ b/pkg/iac/adapters/cloudformation/aws/ecs/cluster.go @@ -1,9 +1,9 @@ package ecs import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ecs" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ecs" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func getClusters(ctx parser2.FileContext) (clusters []ecs.Cluster) { diff --git a/pkg/iac/adapters/cloudformation/aws/ecs/ecs.go b/pkg/iac/adapters/cloudformation/aws/ecs/ecs.go index a41930f9e439..5707cdddcd8e 100644 --- a/pkg/iac/adapters/cloudformation/aws/ecs/ecs.go +++ b/pkg/iac/adapters/cloudformation/aws/ecs/ecs.go @@ -1,7 +1,7 @@ package ecs import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ecs" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ecs" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/ecs/task_definition.go b/pkg/iac/adapters/cloudformation/aws/ecs/task_definition.go index fbee3e51c284..cdb9ae08ab45 100644 --- a/pkg/iac/adapters/cloudformation/aws/ecs/task_definition.go +++ b/pkg/iac/adapters/cloudformation/aws/ecs/task_definition.go @@ -1,9 +1,9 @@ package ecs import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ecs" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ecs" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func getTaskDefinitions(ctx parser2.FileContext) (taskDefinitions []ecs.TaskDefinition) { diff --git a/pkg/iac/adapters/cloudformation/aws/efs/efs.go b/pkg/iac/adapters/cloudformation/aws/efs/efs.go index 78026eacdf6f..bda1f15ffbfb 100644 --- a/pkg/iac/adapters/cloudformation/aws/efs/efs.go +++ b/pkg/iac/adapters/cloudformation/aws/efs/efs.go @@ -1,7 +1,7 @@ package efs import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/efs" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/efs" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/efs/filesystem.go b/pkg/iac/adapters/cloudformation/aws/efs/filesystem.go index 9ef3c6d13fb1..728b09079f2a 100644 --- a/pkg/iac/adapters/cloudformation/aws/efs/filesystem.go +++ b/pkg/iac/adapters/cloudformation/aws/efs/filesystem.go @@ -1,7 +1,7 @@ package efs import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/efs" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/efs" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/eks/cluster.go b/pkg/iac/adapters/cloudformation/aws/eks/cluster.go index 56cbba5f04a0..290961933aa7 100644 --- a/pkg/iac/adapters/cloudformation/aws/eks/cluster.go +++ b/pkg/iac/adapters/cloudformation/aws/eks/cluster.go @@ -1,9 +1,9 @@ package eks import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/eks" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/eks" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getClusters(ctx parser2.FileContext) (clusters []eks.Cluster) { diff --git a/pkg/iac/adapters/cloudformation/aws/eks/eks.go b/pkg/iac/adapters/cloudformation/aws/eks/eks.go index 5f6e4a987a91..fe6933c19a8e 100644 --- a/pkg/iac/adapters/cloudformation/aws/eks/eks.go +++ b/pkg/iac/adapters/cloudformation/aws/eks/eks.go @@ -1,7 +1,7 @@ package eks import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/eks" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/eks" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/elasticache/cluster.go b/pkg/iac/adapters/cloudformation/aws/elasticache/cluster.go index 28414a62348a..bdbefbbbb6c2 100644 --- a/pkg/iac/adapters/cloudformation/aws/elasticache/cluster.go +++ b/pkg/iac/adapters/cloudformation/aws/elasticache/cluster.go @@ -1,7 +1,7 @@ package elasticache import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/elasticache" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elasticache" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/elasticache/elasticache.go b/pkg/iac/adapters/cloudformation/aws/elasticache/elasticache.go index a84322e221e8..1d69000ff9ea 100644 --- a/pkg/iac/adapters/cloudformation/aws/elasticache/elasticache.go +++ b/pkg/iac/adapters/cloudformation/aws/elasticache/elasticache.go @@ -1,7 +1,7 @@ package elasticache import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/elasticache" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elasticache" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/elasticache/replication_group.go b/pkg/iac/adapters/cloudformation/aws/elasticache/replication_group.go index 3910a377ebf4..95b6a7916370 100644 --- a/pkg/iac/adapters/cloudformation/aws/elasticache/replication_group.go +++ b/pkg/iac/adapters/cloudformation/aws/elasticache/replication_group.go @@ -1,7 +1,7 @@ package elasticache import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/elasticache" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elasticache" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/elasticache/security_group.go b/pkg/iac/adapters/cloudformation/aws/elasticache/security_group.go index 6e51796ff935..8be6e68f6903 100644 --- a/pkg/iac/adapters/cloudformation/aws/elasticache/security_group.go +++ b/pkg/iac/adapters/cloudformation/aws/elasticache/security_group.go @@ -1,7 +1,7 @@ package elasticache import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/elasticache" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elasticache" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/elasticsearch/domain.go b/pkg/iac/adapters/cloudformation/aws/elasticsearch/domain.go index 93b0300744c0..3c8b4dd2d428 100644 --- a/pkg/iac/adapters/cloudformation/aws/elasticsearch/domain.go +++ b/pkg/iac/adapters/cloudformation/aws/elasticsearch/domain.go @@ -1,9 +1,9 @@ package elasticsearch import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/elasticsearch" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elasticsearch" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getDomains(ctx parser.FileContext) (domains []elasticsearch.Domain) { diff --git a/pkg/iac/adapters/cloudformation/aws/elasticsearch/elasticsearch.go b/pkg/iac/adapters/cloudformation/aws/elasticsearch/elasticsearch.go index b54b7fa1b33f..b3e230b0435b 100644 --- a/pkg/iac/adapters/cloudformation/aws/elasticsearch/elasticsearch.go +++ b/pkg/iac/adapters/cloudformation/aws/elasticsearch/elasticsearch.go @@ -1,7 +1,7 @@ package elasticsearch import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/elasticsearch" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elasticsearch" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/elb/adapt_test.go b/pkg/iac/adapters/cloudformation/aws/elb/adapt_test.go index 92b79c8256ea..ca8fd631fa39 100644 --- a/pkg/iac/adapters/cloudformation/aws/elb/adapt_test.go +++ b/pkg/iac/adapters/cloudformation/aws/elb/adapt_test.go @@ -4,10 +4,10 @@ import ( "context" "testing" - "github.com/aquasecurity/defsec/pkg/providers/aws/elb" - "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elb" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/adapters/cloudformation/aws/elb/elb.go b/pkg/iac/adapters/cloudformation/aws/elb/elb.go index e9df99b919c9..2ff1d2c74777 100644 --- a/pkg/iac/adapters/cloudformation/aws/elb/elb.go +++ b/pkg/iac/adapters/cloudformation/aws/elb/elb.go @@ -1,7 +1,7 @@ package elb import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/elb" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elb" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/elb/loadbalancer.go b/pkg/iac/adapters/cloudformation/aws/elb/loadbalancer.go index 007a0c90a422..50b8f26275d5 100644 --- a/pkg/iac/adapters/cloudformation/aws/elb/loadbalancer.go +++ b/pkg/iac/adapters/cloudformation/aws/elb/loadbalancer.go @@ -1,9 +1,9 @@ package elb import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/elb" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elb" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func getLoadBalancers(ctx parser2.FileContext) (loadbalancers []elb.LoadBalancer) { diff --git a/pkg/iac/adapters/cloudformation/aws/iam/iam.go b/pkg/iac/adapters/cloudformation/aws/iam/iam.go index 27a257b736e0..06a5ed65795b 100644 --- a/pkg/iac/adapters/cloudformation/aws/iam/iam.go +++ b/pkg/iac/adapters/cloudformation/aws/iam/iam.go @@ -1,9 +1,9 @@ package iam import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) // Adapt adapts an IAM instance diff --git a/pkg/iac/adapters/cloudformation/aws/iam/policy.go b/pkg/iac/adapters/cloudformation/aws/iam/policy.go index 0f4569d291bf..91088de981c6 100644 --- a/pkg/iac/adapters/cloudformation/aws/iam/policy.go +++ b/pkg/iac/adapters/cloudformation/aws/iam/policy.go @@ -3,9 +3,9 @@ package iam import ( "github.com/liamg/iamgo" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getPolicies(ctx parser2.FileContext) (policies []iam.Policy) { diff --git a/pkg/iac/adapters/cloudformation/aws/kinesis/kinesis.go b/pkg/iac/adapters/cloudformation/aws/kinesis/kinesis.go index cae954a39731..c48ad26046bf 100644 --- a/pkg/iac/adapters/cloudformation/aws/kinesis/kinesis.go +++ b/pkg/iac/adapters/cloudformation/aws/kinesis/kinesis.go @@ -1,7 +1,7 @@ package kinesis import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/kinesis" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/kinesis" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/kinesis/stream.go b/pkg/iac/adapters/cloudformation/aws/kinesis/stream.go index 57c16dec985c..b2bc8bac3411 100644 --- a/pkg/iac/adapters/cloudformation/aws/kinesis/stream.go +++ b/pkg/iac/adapters/cloudformation/aws/kinesis/stream.go @@ -1,9 +1,9 @@ package kinesis import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/kinesis" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/kinesis" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func getStreams(ctx parser.FileContext) (streams []kinesis.Stream) { diff --git a/pkg/iac/adapters/cloudformation/aws/lambda/function.go b/pkg/iac/adapters/cloudformation/aws/lambda/function.go index 3d76c5d1c488..02bde4b903ff 100644 --- a/pkg/iac/adapters/cloudformation/aws/lambda/function.go +++ b/pkg/iac/adapters/cloudformation/aws/lambda/function.go @@ -1,9 +1,9 @@ package lambda import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/lambda" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/lambda" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func getFunctions(ctx parser2.FileContext) (functions []lambda.Function) { diff --git a/pkg/iac/adapters/cloudformation/aws/lambda/lambda.go b/pkg/iac/adapters/cloudformation/aws/lambda/lambda.go index 54d7f6dab3e7..f89710d47e1e 100644 --- a/pkg/iac/adapters/cloudformation/aws/lambda/lambda.go +++ b/pkg/iac/adapters/cloudformation/aws/lambda/lambda.go @@ -1,7 +1,7 @@ package lambda import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/lambda" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/lambda" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/mq/broker.go b/pkg/iac/adapters/cloudformation/aws/mq/broker.go index a25944780572..9e52023c11da 100644 --- a/pkg/iac/adapters/cloudformation/aws/mq/broker.go +++ b/pkg/iac/adapters/cloudformation/aws/mq/broker.go @@ -1,9 +1,9 @@ package mq import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/mq" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/mq" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func getBrokers(ctx parser.FileContext) (brokers []mq.Broker) { diff --git a/pkg/iac/adapters/cloudformation/aws/mq/mq.go b/pkg/iac/adapters/cloudformation/aws/mq/mq.go index 34d879d22d07..744e86f69a11 100644 --- a/pkg/iac/adapters/cloudformation/aws/mq/mq.go +++ b/pkg/iac/adapters/cloudformation/aws/mq/mq.go @@ -1,7 +1,7 @@ package mq import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/mq" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/mq" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/msk/cluster.go b/pkg/iac/adapters/cloudformation/aws/msk/cluster.go index d2b7a192d478..a530ac37dc03 100644 --- a/pkg/iac/adapters/cloudformation/aws/msk/cluster.go +++ b/pkg/iac/adapters/cloudformation/aws/msk/cluster.go @@ -1,9 +1,9 @@ package msk import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/msk" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/msk" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getClusters(ctx parser.FileContext) (clusters []msk.Cluster) { diff --git a/pkg/iac/adapters/cloudformation/aws/msk/msk.go b/pkg/iac/adapters/cloudformation/aws/msk/msk.go index 3a53fca389e3..76d7964e17a7 100644 --- a/pkg/iac/adapters/cloudformation/aws/msk/msk.go +++ b/pkg/iac/adapters/cloudformation/aws/msk/msk.go @@ -1,7 +1,7 @@ package msk import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/msk" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/msk" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/neptune/cluster.go b/pkg/iac/adapters/cloudformation/aws/neptune/cluster.go index f4aefefbfdc6..3685a655aee2 100644 --- a/pkg/iac/adapters/cloudformation/aws/neptune/cluster.go +++ b/pkg/iac/adapters/cloudformation/aws/neptune/cluster.go @@ -1,9 +1,9 @@ package neptune import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/neptune" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/neptune" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func getClusters(ctx parser2.FileContext) (clusters []neptune.Cluster) { diff --git a/pkg/iac/adapters/cloudformation/aws/neptune/neptune.go b/pkg/iac/adapters/cloudformation/aws/neptune/neptune.go index 8956e48ba196..2d63e6f45f69 100644 --- a/pkg/iac/adapters/cloudformation/aws/neptune/neptune.go +++ b/pkg/iac/adapters/cloudformation/aws/neptune/neptune.go @@ -1,7 +1,7 @@ package neptune import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/neptune" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/neptune" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/rds/adapt_test.go b/pkg/iac/adapters/cloudformation/aws/rds/adapt_test.go index eb1d298a2644..7685c3118a0e 100644 --- a/pkg/iac/adapters/cloudformation/aws/rds/adapt_test.go +++ b/pkg/iac/adapters/cloudformation/aws/rds/adapt_test.go @@ -4,10 +4,10 @@ import ( "context" "testing" - "github.com/aquasecurity/defsec/pkg/providers/aws/rds" - "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/rds" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/adapters/cloudformation/aws/rds/cluster.go b/pkg/iac/adapters/cloudformation/aws/rds/cluster.go index 83f614b67e53..e36eb8e39ac0 100644 --- a/pkg/iac/adapters/cloudformation/aws/rds/cluster.go +++ b/pkg/iac/adapters/cloudformation/aws/rds/cluster.go @@ -1,9 +1,9 @@ package rds import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/rds" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/rds" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getClusters(ctx parser.FileContext) (clusters map[string]rds.Cluster) { diff --git a/pkg/iac/adapters/cloudformation/aws/rds/instance.go b/pkg/iac/adapters/cloudformation/aws/rds/instance.go index e3d1b444be7b..6b4a39e7acf7 100644 --- a/pkg/iac/adapters/cloudformation/aws/rds/instance.go +++ b/pkg/iac/adapters/cloudformation/aws/rds/instance.go @@ -1,9 +1,9 @@ package rds import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/rds" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/rds" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func getClustersAndInstances(ctx parser2.FileContext) ([]rds.Cluster, []rds.Instance) { diff --git a/pkg/iac/adapters/cloudformation/aws/rds/parameter_groups.go b/pkg/iac/adapters/cloudformation/aws/rds/parameter_groups.go index f8bc488a5fd1..98df5187401b 100644 --- a/pkg/iac/adapters/cloudformation/aws/rds/parameter_groups.go +++ b/pkg/iac/adapters/cloudformation/aws/rds/parameter_groups.go @@ -1,9 +1,9 @@ package rds import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/rds" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/rds" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func getParameterGroups(ctx parser2.FileContext) (parametergroups []rds.ParameterGroups) { diff --git a/pkg/iac/adapters/cloudformation/aws/rds/rds.go b/pkg/iac/adapters/cloudformation/aws/rds/rds.go index 05f4babc7d59..25118c20bbba 100644 --- a/pkg/iac/adapters/cloudformation/aws/rds/rds.go +++ b/pkg/iac/adapters/cloudformation/aws/rds/rds.go @@ -1,7 +1,7 @@ package rds import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/rds" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/rds" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/redshift/cluster.go b/pkg/iac/adapters/cloudformation/aws/redshift/cluster.go index ebdee435b262..6aac98978b94 100644 --- a/pkg/iac/adapters/cloudformation/aws/redshift/cluster.go +++ b/pkg/iac/adapters/cloudformation/aws/redshift/cluster.go @@ -1,9 +1,9 @@ package redshift import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/redshift" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/redshift" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func getClusters(ctx parser.FileContext) (clusters []redshift.Cluster) { diff --git a/pkg/iac/adapters/cloudformation/aws/redshift/redshift.go b/pkg/iac/adapters/cloudformation/aws/redshift/redshift.go index a4358393199d..899b6c50e147 100644 --- a/pkg/iac/adapters/cloudformation/aws/redshift/redshift.go +++ b/pkg/iac/adapters/cloudformation/aws/redshift/redshift.go @@ -1,7 +1,7 @@ package redshift import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/redshift" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/redshift" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/redshift/security_group.go b/pkg/iac/adapters/cloudformation/aws/redshift/security_group.go index bdd069044e78..0223306783ae 100644 --- a/pkg/iac/adapters/cloudformation/aws/redshift/security_group.go +++ b/pkg/iac/adapters/cloudformation/aws/redshift/security_group.go @@ -1,7 +1,7 @@ package redshift import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/redshift" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/redshift" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/s3/bucket.go b/pkg/iac/adapters/cloudformation/aws/s3/bucket.go index e33a8e01db2d..b1a86d8f6f50 100644 --- a/pkg/iac/adapters/cloudformation/aws/s3/bucket.go +++ b/pkg/iac/adapters/cloudformation/aws/s3/bucket.go @@ -4,9 +4,9 @@ import ( "regexp" "strings" - "github.com/aquasecurity/defsec/pkg/providers/aws/s3" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/s3" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) var aclConvertRegex = regexp.MustCompile(`[A-Z][^A-Z]*`) diff --git a/pkg/iac/adapters/cloudformation/aws/s3/s3.go b/pkg/iac/adapters/cloudformation/aws/s3/s3.go index 783116246ef3..988b51adc378 100644 --- a/pkg/iac/adapters/cloudformation/aws/s3/s3.go +++ b/pkg/iac/adapters/cloudformation/aws/s3/s3.go @@ -1,7 +1,7 @@ package s3 import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/s3" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/s3" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/sam/api.go b/pkg/iac/adapters/cloudformation/aws/sam/api.go index 84ec41ee7f7e..11fd0a86184b 100644 --- a/pkg/iac/adapters/cloudformation/aws/sam/api.go +++ b/pkg/iac/adapters/cloudformation/aws/sam/api.go @@ -1,9 +1,9 @@ package sam import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/sam" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sam" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getApis(cfFile parser2.FileContext) (apis []sam.API) { diff --git a/pkg/iac/adapters/cloudformation/aws/sam/function.go b/pkg/iac/adapters/cloudformation/aws/sam/function.go index 71ef168c696d..9ffaa7446c90 100644 --- a/pkg/iac/adapters/cloudformation/aws/sam/function.go +++ b/pkg/iac/adapters/cloudformation/aws/sam/function.go @@ -3,10 +3,10 @@ package sam import ( "github.com/liamg/iamgo" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/providers/aws/sam" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sam" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getFunctions(cfFile parser2.FileContext) (functions []sam.Function) { diff --git a/pkg/iac/adapters/cloudformation/aws/sam/http_api.go b/pkg/iac/adapters/cloudformation/aws/sam/http_api.go index b1412010df6f..c51c3efb8913 100644 --- a/pkg/iac/adapters/cloudformation/aws/sam/http_api.go +++ b/pkg/iac/adapters/cloudformation/aws/sam/http_api.go @@ -1,9 +1,9 @@ package sam import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/sam" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sam" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func getHttpApis(cfFile parser2.FileContext) (apis []sam.HttpAPI) { diff --git a/pkg/iac/adapters/cloudformation/aws/sam/sam.go b/pkg/iac/adapters/cloudformation/aws/sam/sam.go index c928e901f308..0f08854aa697 100644 --- a/pkg/iac/adapters/cloudformation/aws/sam/sam.go +++ b/pkg/iac/adapters/cloudformation/aws/sam/sam.go @@ -1,7 +1,7 @@ package sam import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/sam" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sam" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/sam/state_machines.go b/pkg/iac/adapters/cloudformation/aws/sam/state_machines.go index e61c960814db..98d58284106a 100644 --- a/pkg/iac/adapters/cloudformation/aws/sam/state_machines.go +++ b/pkg/iac/adapters/cloudformation/aws/sam/state_machines.go @@ -3,10 +3,10 @@ package sam import ( "github.com/liamg/iamgo" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/providers/aws/sam" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sam" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getStateMachines(cfFile parser2.FileContext) (stateMachines []sam.StateMachine) { diff --git a/pkg/iac/adapters/cloudformation/aws/sam/tables.go b/pkg/iac/adapters/cloudformation/aws/sam/tables.go index de6284966d9f..8065e3710b5e 100644 --- a/pkg/iac/adapters/cloudformation/aws/sam/tables.go +++ b/pkg/iac/adapters/cloudformation/aws/sam/tables.go @@ -1,9 +1,9 @@ package sam import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/sam" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sam" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getSimpleTables(cfFile parser2.FileContext) (tables []sam.SimpleTable) { diff --git a/pkg/iac/adapters/cloudformation/aws/sns/sns.go b/pkg/iac/adapters/cloudformation/aws/sns/sns.go index 8e691b98d8e5..4264077bca57 100644 --- a/pkg/iac/adapters/cloudformation/aws/sns/sns.go +++ b/pkg/iac/adapters/cloudformation/aws/sns/sns.go @@ -1,7 +1,7 @@ package sns import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/sns" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sns" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/sns/topic.go b/pkg/iac/adapters/cloudformation/aws/sns/topic.go index 738248ccfd88..59c5672bea82 100644 --- a/pkg/iac/adapters/cloudformation/aws/sns/topic.go +++ b/pkg/iac/adapters/cloudformation/aws/sns/topic.go @@ -1,9 +1,9 @@ package sns import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/sns" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sns" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func getTopics(ctx parser.FileContext) (topics []sns.Topic) { diff --git a/pkg/iac/adapters/cloudformation/aws/sqs/queue.go b/pkg/iac/adapters/cloudformation/aws/sqs/queue.go index bbfeb02a08b2..744fcb35acd2 100644 --- a/pkg/iac/adapters/cloudformation/aws/sqs/queue.go +++ b/pkg/iac/adapters/cloudformation/aws/sqs/queue.go @@ -5,10 +5,10 @@ import ( "github.com/liamg/iamgo" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/providers/aws/sqs" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sqs" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getQueues(ctx parser.FileContext) (queues []sqs.Queue) { diff --git a/pkg/iac/adapters/cloudformation/aws/sqs/sqs.go b/pkg/iac/adapters/cloudformation/aws/sqs/sqs.go index e51ab59334ba..4f01ba6861b0 100644 --- a/pkg/iac/adapters/cloudformation/aws/sqs/sqs.go +++ b/pkg/iac/adapters/cloudformation/aws/sqs/sqs.go @@ -1,7 +1,7 @@ package sqs import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/sqs" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sqs" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/ssm/secret.go b/pkg/iac/adapters/cloudformation/aws/ssm/secret.go index 181799c68f8e..ae3a43ee28f7 100644 --- a/pkg/iac/adapters/cloudformation/aws/ssm/secret.go +++ b/pkg/iac/adapters/cloudformation/aws/ssm/secret.go @@ -1,7 +1,7 @@ package ssm import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ssm" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ssm" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/ssm/ssm.go b/pkg/iac/adapters/cloudformation/aws/ssm/ssm.go index 705ad63c3391..88bc5485fe33 100644 --- a/pkg/iac/adapters/cloudformation/aws/ssm/ssm.go +++ b/pkg/iac/adapters/cloudformation/aws/ssm/ssm.go @@ -1,7 +1,7 @@ package ssm import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ssm" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ssm" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/workspaces/workspace.go b/pkg/iac/adapters/cloudformation/aws/workspaces/workspace.go index 8a896513a740..3966468849cc 100644 --- a/pkg/iac/adapters/cloudformation/aws/workspaces/workspace.go +++ b/pkg/iac/adapters/cloudformation/aws/workspaces/workspace.go @@ -1,7 +1,7 @@ package workspaces import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/workspaces" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/workspaces" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/cloudformation/aws/workspaces/workspaces.go b/pkg/iac/adapters/cloudformation/aws/workspaces/workspaces.go index a7702a821466..578fa0d507c3 100644 --- a/pkg/iac/adapters/cloudformation/aws/workspaces/workspaces.go +++ b/pkg/iac/adapters/cloudformation/aws/workspaces/workspaces.go @@ -1,7 +1,7 @@ package workspaces import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/workspaces" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/workspaces" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" ) diff --git a/pkg/iac/adapters/terraform/adapt.go b/pkg/iac/adapters/terraform/adapt.go index 108122d84b59..9028e7cc15f2 100644 --- a/pkg/iac/adapters/terraform/adapt.go +++ b/pkg/iac/adapters/terraform/adapt.go @@ -1,8 +1,6 @@ package terraform import ( - "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/defsec/pkg/terraform" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/aws" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/azure" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/cloudstack" @@ -13,6 +11,8 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/nifcloud" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/openstack" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/oracle" + "github.com/aquasecurity/trivy/pkg/iac/state" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) *state.State { diff --git a/pkg/iac/adapters/terraform/aws/accessanalyzer/accessanalyzer.go b/pkg/iac/adapters/terraform/aws/accessanalyzer/accessanalyzer.go index 97fcf38713c6..93c76f979d55 100644 --- a/pkg/iac/adapters/terraform/aws/accessanalyzer/accessanalyzer.go +++ b/pkg/iac/adapters/terraform/aws/accessanalyzer/accessanalyzer.go @@ -1,9 +1,9 @@ package accessanalyzer import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/accessanalyzer" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/accessanalyzer" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) accessanalyzer.AccessAnalyzer { diff --git a/pkg/iac/adapters/terraform/aws/adapt.go b/pkg/iac/adapters/terraform/aws/adapt.go index 3e6366d698f1..c9d9d94ecea6 100644 --- a/pkg/iac/adapters/terraform/aws/adapt.go +++ b/pkg/iac/adapters/terraform/aws/adapt.go @@ -1,8 +1,6 @@ package aws import ( - "github.com/aquasecurity/defsec/pkg/providers/aws" - "github.com/aquasecurity/defsec/pkg/terraform" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/aws/apigateway" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/aws/athena" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/aws/cloudfront" @@ -36,6 +34,8 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/aws/sqs" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/aws/ssm" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/aws/workspaces" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) aws.AWS { diff --git a/pkg/iac/adapters/terraform/aws/apigateway/adapt.go b/pkg/iac/adapters/terraform/aws/apigateway/adapt.go index 2c6b2cb8d6a6..bf0e4ca86379 100644 --- a/pkg/iac/adapters/terraform/aws/apigateway/adapt.go +++ b/pkg/iac/adapters/terraform/aws/apigateway/adapt.go @@ -1,10 +1,10 @@ package apigateway import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway" - v1 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v1" - v2 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v2" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway" + v1 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v1" + v2 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v2" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) apigateway.APIGateway { diff --git a/pkg/iac/adapters/terraform/aws/apigateway/adapt_test.go b/pkg/iac/adapters/terraform/aws/apigateway/adapt_test.go index 7c7b52df40d0..dfc076d3a59b 100644 --- a/pkg/iac/adapters/terraform/aws/apigateway/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/apigateway/adapt_test.go @@ -3,12 +3,12 @@ package apigateway import ( "testing" - "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway" - v1 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v1" - v2 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v2" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway" + v1 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v1" + v2 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v2" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/adapters/terraform/aws/apigateway/apiv1.go b/pkg/iac/adapters/terraform/aws/apigateway/apiv1.go index e01c9cbdbc94..493cb4500a67 100644 --- a/pkg/iac/adapters/terraform/aws/apigateway/apiv1.go +++ b/pkg/iac/adapters/terraform/aws/apigateway/apiv1.go @@ -1,9 +1,9 @@ package apigateway import ( - v1 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v1" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + v1 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v1" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptAPIResourcesV1(modules terraform.Modules, apiBlock *terraform.Block) []v1.Resource { diff --git a/pkg/iac/adapters/terraform/aws/apigateway/apiv1_test.go b/pkg/iac/adapters/terraform/aws/apigateway/apiv1_test.go index 179813faf5d6..cf69e8d0ee23 100644 --- a/pkg/iac/adapters/terraform/aws/apigateway/apiv1_test.go +++ b/pkg/iac/adapters/terraform/aws/apigateway/apiv1_test.go @@ -3,9 +3,9 @@ package apigateway import ( "testing" - v1 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v1" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + v1 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v1" ) func Test_adaptAPIMethodsV1(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/aws/apigateway/apiv2.go b/pkg/iac/adapters/terraform/aws/apigateway/apiv2.go index 811abbc1b81c..52b8e4401541 100644 --- a/pkg/iac/adapters/terraform/aws/apigateway/apiv2.go +++ b/pkg/iac/adapters/terraform/aws/apigateway/apiv2.go @@ -1,9 +1,9 @@ package apigateway import ( - v2 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v2" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + v2 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v2" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptAPIsV2(modules terraform.Modules) []v2.API { diff --git a/pkg/iac/adapters/terraform/aws/apigateway/apiv2_test.go b/pkg/iac/adapters/terraform/aws/apigateway/apiv2_test.go index b52c0188e4c8..fa73981c80e3 100644 --- a/pkg/iac/adapters/terraform/aws/apigateway/apiv2_test.go +++ b/pkg/iac/adapters/terraform/aws/apigateway/apiv2_test.go @@ -3,9 +3,9 @@ package apigateway import ( "testing" - v2 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v2" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + v2 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v2" ) func Test_adaptAPIsV2(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/aws/apigateway/namesv1.go b/pkg/iac/adapters/terraform/aws/apigateway/namesv1.go index bec491d6e8a2..7bc6af3edd4c 100644 --- a/pkg/iac/adapters/terraform/aws/apigateway/namesv1.go +++ b/pkg/iac/adapters/terraform/aws/apigateway/namesv1.go @@ -1,8 +1,8 @@ package apigateway import ( - v1 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v1" - "github.com/aquasecurity/defsec/pkg/terraform" + v1 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v1" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func adaptDomainNamesV1(modules terraform.Modules) []v1.DomainName { diff --git a/pkg/iac/adapters/terraform/aws/apigateway/namesv1_test.go b/pkg/iac/adapters/terraform/aws/apigateway/namesv1_test.go index 4cb790cf8791..bff0ac47848e 100644 --- a/pkg/iac/adapters/terraform/aws/apigateway/namesv1_test.go +++ b/pkg/iac/adapters/terraform/aws/apigateway/namesv1_test.go @@ -3,9 +3,9 @@ package apigateway import ( "testing" - v1 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v1" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + v1 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v1" ) func Test_adaptDomainNamesV1(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/aws/apigateway/namesv2.go b/pkg/iac/adapters/terraform/aws/apigateway/namesv2.go index f526ba793850..e7beb2d6ed2f 100644 --- a/pkg/iac/adapters/terraform/aws/apigateway/namesv2.go +++ b/pkg/iac/adapters/terraform/aws/apigateway/namesv2.go @@ -1,9 +1,9 @@ package apigateway import ( - v2 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v2" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" + v2 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v2" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptDomainNamesV2(modules terraform.Modules) []v2.DomainName { diff --git a/pkg/iac/adapters/terraform/aws/apigateway/namesv2_test.go b/pkg/iac/adapters/terraform/aws/apigateway/namesv2_test.go index 39125e7ee320..25c40ebcc231 100644 --- a/pkg/iac/adapters/terraform/aws/apigateway/namesv2_test.go +++ b/pkg/iac/adapters/terraform/aws/apigateway/namesv2_test.go @@ -3,9 +3,9 @@ package apigateway import ( "testing" - v2 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v2" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + v2 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v2" ) func Test_adaptDomainNamesV2(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/aws/athena/adapt.go b/pkg/iac/adapters/terraform/aws/athena/adapt.go index 0f72c457551b..04019aeaf7c1 100644 --- a/pkg/iac/adapters/terraform/aws/athena/adapt.go +++ b/pkg/iac/adapters/terraform/aws/athena/adapt.go @@ -1,9 +1,9 @@ package athena import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/athena" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/athena" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) athena.Athena { diff --git a/pkg/iac/adapters/terraform/aws/athena/adapt_test.go b/pkg/iac/adapters/terraform/aws/athena/adapt_test.go index a0ff95718e73..77bd11dba6c6 100644 --- a/pkg/iac/adapters/terraform/aws/athena/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/athena/adapt_test.go @@ -3,11 +3,11 @@ package athena import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/athena" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/athena" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/cloudfront/adapt.go b/pkg/iac/adapters/terraform/aws/cloudfront/adapt.go index dba2662f9b9c..a981241a83a4 100644 --- a/pkg/iac/adapters/terraform/aws/cloudfront/adapt.go +++ b/pkg/iac/adapters/terraform/aws/cloudfront/adapt.go @@ -1,9 +1,9 @@ package cloudfront import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/cloudfront" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudfront" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) cloudfront.Cloudfront { diff --git a/pkg/iac/adapters/terraform/aws/cloudfront/adapt_test.go b/pkg/iac/adapters/terraform/aws/cloudfront/adapt_test.go index 1b28e07394df..26600ebedc6f 100644 --- a/pkg/iac/adapters/terraform/aws/cloudfront/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/cloudfront/adapt_test.go @@ -3,11 +3,11 @@ package cloudfront import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/cloudfront" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudfront" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/cloudtrail/adapt.go b/pkg/iac/adapters/terraform/aws/cloudtrail/adapt.go index 0a9e8b0d5828..22464d85f80c 100644 --- a/pkg/iac/adapters/terraform/aws/cloudtrail/adapt.go +++ b/pkg/iac/adapters/terraform/aws/cloudtrail/adapt.go @@ -1,8 +1,8 @@ package cloudtrail import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/cloudtrail" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudtrail" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) cloudtrail.CloudTrail { diff --git a/pkg/iac/adapters/terraform/aws/cloudtrail/adapt_test.go b/pkg/iac/adapters/terraform/aws/cloudtrail/adapt_test.go index cbd593bf8897..38e5e705db12 100644 --- a/pkg/iac/adapters/terraform/aws/cloudtrail/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/cloudtrail/adapt_test.go @@ -3,11 +3,11 @@ package cloudtrail import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/cloudtrail" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudtrail" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/cloudwatch/adapt.go b/pkg/iac/adapters/terraform/aws/cloudwatch/adapt.go index 3e3a378e0b8d..c0b47b7f8d3e 100644 --- a/pkg/iac/adapters/terraform/aws/cloudwatch/adapt.go +++ b/pkg/iac/adapters/terraform/aws/cloudwatch/adapt.go @@ -1,9 +1,9 @@ package cloudwatch import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/cloudwatch" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudwatch" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) cloudwatch.CloudWatch { diff --git a/pkg/iac/adapters/terraform/aws/cloudwatch/adapt_test.go b/pkg/iac/adapters/terraform/aws/cloudwatch/adapt_test.go index 0c73810fa9b3..35034f37cd3e 100644 --- a/pkg/iac/adapters/terraform/aws/cloudwatch/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/cloudwatch/adapt_test.go @@ -3,11 +3,11 @@ package cloudwatch import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/cloudwatch" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudwatch" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/codebuild/adapt.go b/pkg/iac/adapters/terraform/aws/codebuild/adapt.go index 7870ff26eae0..f7fa4b4f35b5 100644 --- a/pkg/iac/adapters/terraform/aws/codebuild/adapt.go +++ b/pkg/iac/adapters/terraform/aws/codebuild/adapt.go @@ -1,9 +1,9 @@ package codebuild import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/codebuild" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/codebuild" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) codebuild.CodeBuild { diff --git a/pkg/iac/adapters/terraform/aws/codebuild/adapt_test.go b/pkg/iac/adapters/terraform/aws/codebuild/adapt_test.go index 59d259134cf3..402b86ccfe7b 100644 --- a/pkg/iac/adapters/terraform/aws/codebuild/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/codebuild/adapt_test.go @@ -3,11 +3,11 @@ package codebuild import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/codebuild" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/codebuild" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/config/adapt.go b/pkg/iac/adapters/terraform/aws/config/adapt.go index 608f6f741f81..c1b1a4c56afe 100644 --- a/pkg/iac/adapters/terraform/aws/config/adapt.go +++ b/pkg/iac/adapters/terraform/aws/config/adapt.go @@ -1,9 +1,9 @@ package config import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/config" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/config" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) config.Config { diff --git a/pkg/iac/adapters/terraform/aws/config/adapt_test.go b/pkg/iac/adapters/terraform/aws/config/adapt_test.go index f4a0c3d0467e..809608d94d86 100644 --- a/pkg/iac/adapters/terraform/aws/config/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/config/adapt_test.go @@ -3,11 +3,11 @@ package config import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/config" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/config" "github.com/stretchr/testify/assert" ) diff --git a/pkg/iac/adapters/terraform/aws/documentdb/adapt.go b/pkg/iac/adapters/terraform/aws/documentdb/adapt.go index 104ef836d498..5c10b5195c97 100644 --- a/pkg/iac/adapters/terraform/aws/documentdb/adapt.go +++ b/pkg/iac/adapters/terraform/aws/documentdb/adapt.go @@ -1,9 +1,9 @@ package documentdb import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/documentdb" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/documentdb" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) documentdb.DocumentDB { diff --git a/pkg/iac/adapters/terraform/aws/documentdb/adapt_test.go b/pkg/iac/adapters/terraform/aws/documentdb/adapt_test.go index 3ba1018b2315..4d8900401090 100644 --- a/pkg/iac/adapters/terraform/aws/documentdb/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/documentdb/adapt_test.go @@ -3,11 +3,11 @@ package documentdb import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/documentdb" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/documentdb" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/dynamodb/adapt.go b/pkg/iac/adapters/terraform/aws/dynamodb/adapt.go index a09ffcfb742d..8ab8c43eba73 100644 --- a/pkg/iac/adapters/terraform/aws/dynamodb/adapt.go +++ b/pkg/iac/adapters/terraform/aws/dynamodb/adapt.go @@ -1,9 +1,9 @@ package dynamodb import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/dynamodb" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/dynamodb" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) dynamodb.DynamoDB { diff --git a/pkg/iac/adapters/terraform/aws/dynamodb/adapt_test.go b/pkg/iac/adapters/terraform/aws/dynamodb/adapt_test.go index 574f18c86f59..c75fd3421fc5 100644 --- a/pkg/iac/adapters/terraform/aws/dynamodb/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/dynamodb/adapt_test.go @@ -3,11 +3,11 @@ package dynamodb import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/dynamodb" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/dynamodb" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/ec2/adapt.go b/pkg/iac/adapters/terraform/aws/ec2/adapt.go index 3a339f1f93b6..6b02431f3772 100644 --- a/pkg/iac/adapters/terraform/aws/ec2/adapt.go +++ b/pkg/iac/adapters/terraform/aws/ec2/adapt.go @@ -1,9 +1,9 @@ package ec2 import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) ec2.EC2 { diff --git a/pkg/iac/adapters/terraform/aws/ec2/adapt_test.go b/pkg/iac/adapters/terraform/aws/ec2/adapt_test.go index 3957183c2afb..5808e9dbf3fc 100644 --- a/pkg/iac/adapters/terraform/aws/ec2/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/ec2/adapt_test.go @@ -3,11 +3,11 @@ package ec2 import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/ec2/autoscaling.go b/pkg/iac/adapters/terraform/aws/ec2/autoscaling.go index 3d6a958b80f2..88bff3e066b8 100644 --- a/pkg/iac/adapters/terraform/aws/ec2/autoscaling.go +++ b/pkg/iac/adapters/terraform/aws/ec2/autoscaling.go @@ -3,9 +3,9 @@ package ec2 import ( "encoding/base64" - "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptLaunchTemplates(modules terraform.Modules) (templates []ec2.LaunchTemplate) { diff --git a/pkg/iac/adapters/terraform/aws/ec2/autoscaling_test.go b/pkg/iac/adapters/terraform/aws/ec2/autoscaling_test.go index 00e510fa540b..218dede5c9ef 100644 --- a/pkg/iac/adapters/terraform/aws/ec2/autoscaling_test.go +++ b/pkg/iac/adapters/terraform/aws/ec2/autoscaling_test.go @@ -3,11 +3,11 @@ package ec2 import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/ec2/subnet.go b/pkg/iac/adapters/terraform/aws/ec2/subnet.go index 56179f4e42b2..4e4e49c4f59e 100644 --- a/pkg/iac/adapters/terraform/aws/ec2/subnet.go +++ b/pkg/iac/adapters/terraform/aws/ec2/subnet.go @@ -1,8 +1,8 @@ package ec2 import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func adaptSubnets(modules terraform.Modules) []ec2.Subnet { diff --git a/pkg/iac/adapters/terraform/aws/ec2/subnet_test.go b/pkg/iac/adapters/terraform/aws/ec2/subnet_test.go index 0f74b979a73d..b25b5b99ccf9 100644 --- a/pkg/iac/adapters/terraform/aws/ec2/subnet_test.go +++ b/pkg/iac/adapters/terraform/aws/ec2/subnet_test.go @@ -3,11 +3,11 @@ package ec2 import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/ec2/volume.go b/pkg/iac/adapters/terraform/aws/ec2/volume.go index aa24a7dc26d7..4695cf7e800f 100644 --- a/pkg/iac/adapters/terraform/aws/ec2/volume.go +++ b/pkg/iac/adapters/terraform/aws/ec2/volume.go @@ -1,9 +1,9 @@ package ec2 import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptVolumes(modules terraform.Modules) []ec2.Volume { diff --git a/pkg/iac/adapters/terraform/aws/ec2/volume_test.go b/pkg/iac/adapters/terraform/aws/ec2/volume_test.go index 246975264f21..173885696935 100644 --- a/pkg/iac/adapters/terraform/aws/ec2/volume_test.go +++ b/pkg/iac/adapters/terraform/aws/ec2/volume_test.go @@ -3,11 +3,11 @@ package ec2 import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/ec2/vpc.go b/pkg/iac/adapters/terraform/aws/ec2/vpc.go index a95491418a48..39792b0cbc61 100644 --- a/pkg/iac/adapters/terraform/aws/ec2/vpc.go +++ b/pkg/iac/adapters/terraform/aws/ec2/vpc.go @@ -1,9 +1,9 @@ package ec2 import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type naclAdapter struct { diff --git a/pkg/iac/adapters/terraform/aws/ec2/vpc_test.go b/pkg/iac/adapters/terraform/aws/ec2/vpc_test.go index 7adb1262f183..122c20a937ab 100644 --- a/pkg/iac/adapters/terraform/aws/ec2/vpc_test.go +++ b/pkg/iac/adapters/terraform/aws/ec2/vpc_test.go @@ -3,11 +3,11 @@ package ec2 import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/ecr/adapt.go b/pkg/iac/adapters/terraform/aws/ecr/adapt.go index 64ef4346c584..6459d4335633 100644 --- a/pkg/iac/adapters/terraform/aws/ecr/adapt.go +++ b/pkg/iac/adapters/terraform/aws/ecr/adapt.go @@ -3,11 +3,11 @@ package ecr import ( "github.com/liamg/iamgo" - "github.com/aquasecurity/defsec/pkg/providers/aws/ecr" - iamp "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ecr" + iamp "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) ecr.ECR { diff --git a/pkg/iac/adapters/terraform/aws/ecr/adapt_test.go b/pkg/iac/adapters/terraform/aws/ecr/adapt_test.go index 234fec7d4baf..4270e406bea7 100644 --- a/pkg/iac/adapters/terraform/aws/ecr/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/ecr/adapt_test.go @@ -3,12 +3,12 @@ package ecr import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/ecr" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ecr" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" "github.com/liamg/iamgo" "github.com/stretchr/testify/assert" diff --git a/pkg/iac/adapters/terraform/aws/ecs/adapt.go b/pkg/iac/adapters/terraform/aws/ecs/adapt.go index de2b629bd473..8bf280a857a1 100644 --- a/pkg/iac/adapters/terraform/aws/ecs/adapt.go +++ b/pkg/iac/adapters/terraform/aws/ecs/adapt.go @@ -1,9 +1,9 @@ package ecs import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ecs" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ecs" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) ecs.ECS { diff --git a/pkg/iac/adapters/terraform/aws/ecs/adapt_test.go b/pkg/iac/adapters/terraform/aws/ecs/adapt_test.go index 82e82558deb4..b3b6358f0361 100644 --- a/pkg/iac/adapters/terraform/aws/ecs/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/ecs/adapt_test.go @@ -3,11 +3,11 @@ package ecs import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/ecs" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ecs" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/efs/adapt.go b/pkg/iac/adapters/terraform/aws/efs/adapt.go index bd87d6955490..e3b17a2d7d47 100644 --- a/pkg/iac/adapters/terraform/aws/efs/adapt.go +++ b/pkg/iac/adapters/terraform/aws/efs/adapt.go @@ -1,8 +1,8 @@ package efs import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/efs" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/efs" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) efs.EFS { diff --git a/pkg/iac/adapters/terraform/aws/efs/adapt_test.go b/pkg/iac/adapters/terraform/aws/efs/adapt_test.go index e1456a8bcf68..bf80b7f448d6 100644 --- a/pkg/iac/adapters/terraform/aws/efs/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/efs/adapt_test.go @@ -3,11 +3,11 @@ package efs import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/efs" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/efs" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/eks/adapt.go b/pkg/iac/adapters/terraform/aws/eks/adapt.go index 2ed35ac9c4bd..4eb84b5b64ca 100644 --- a/pkg/iac/adapters/terraform/aws/eks/adapt.go +++ b/pkg/iac/adapters/terraform/aws/eks/adapt.go @@ -1,9 +1,9 @@ package eks import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/eks" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/eks" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) eks.EKS { diff --git a/pkg/iac/adapters/terraform/aws/eks/adapt_test.go b/pkg/iac/adapters/terraform/aws/eks/adapt_test.go index 2996aa900869..90093fb001f6 100644 --- a/pkg/iac/adapters/terraform/aws/eks/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/eks/adapt_test.go @@ -3,11 +3,11 @@ package eks import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/eks" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/eks" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/elasticache/adapt.go b/pkg/iac/adapters/terraform/aws/elasticache/adapt.go index 515343a4deba..f1599eaacbee 100644 --- a/pkg/iac/adapters/terraform/aws/elasticache/adapt.go +++ b/pkg/iac/adapters/terraform/aws/elasticache/adapt.go @@ -1,8 +1,8 @@ package elasticache import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/elasticache" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elasticache" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) elasticache.ElastiCache { diff --git a/pkg/iac/adapters/terraform/aws/elasticache/adapt_test.go b/pkg/iac/adapters/terraform/aws/elasticache/adapt_test.go index 062ab287e7d4..f7e9cf9351f9 100644 --- a/pkg/iac/adapters/terraform/aws/elasticache/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/elasticache/adapt_test.go @@ -3,11 +3,11 @@ package elasticache import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/elasticache" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elasticache" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/elasticsearch/adapt.go b/pkg/iac/adapters/terraform/aws/elasticsearch/adapt.go index f78e90096863..27885e1b58cc 100644 --- a/pkg/iac/adapters/terraform/aws/elasticsearch/adapt.go +++ b/pkg/iac/adapters/terraform/aws/elasticsearch/adapt.go @@ -1,9 +1,9 @@ package elasticsearch import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/elasticsearch" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elasticsearch" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) elasticsearch.Elasticsearch { diff --git a/pkg/iac/adapters/terraform/aws/elasticsearch/adapt_test.go b/pkg/iac/adapters/terraform/aws/elasticsearch/adapt_test.go index 15a4ae035c8a..c4212454742d 100644 --- a/pkg/iac/adapters/terraform/aws/elasticsearch/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/elasticsearch/adapt_test.go @@ -3,11 +3,11 @@ package elasticsearch import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/elasticsearch" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elasticsearch" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/elb/adapt.go b/pkg/iac/adapters/terraform/aws/elb/adapt.go index 831a65ea410d..c41c1bfc6a7a 100644 --- a/pkg/iac/adapters/terraform/aws/elb/adapt.go +++ b/pkg/iac/adapters/terraform/aws/elb/adapt.go @@ -1,9 +1,9 @@ package elb import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/elb" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elb" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) elb.ELB { diff --git a/pkg/iac/adapters/terraform/aws/elb/adapt_test.go b/pkg/iac/adapters/terraform/aws/elb/adapt_test.go index 40d6433646eb..601201fb8abd 100644 --- a/pkg/iac/adapters/terraform/aws/elb/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/elb/adapt_test.go @@ -3,11 +3,11 @@ package elb import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/elb" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elb" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/emr/adapt.go b/pkg/iac/adapters/terraform/aws/emr/adapt.go index 0e85a1023ab5..74bbc08516f4 100644 --- a/pkg/iac/adapters/terraform/aws/emr/adapt.go +++ b/pkg/iac/adapters/terraform/aws/emr/adapt.go @@ -1,8 +1,8 @@ package emr import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/emr" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/emr" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) emr.EMR { diff --git a/pkg/iac/adapters/terraform/aws/emr/adapt_test.go b/pkg/iac/adapters/terraform/aws/emr/adapt_test.go index 5d52477ddf17..fb57edb67daf 100644 --- a/pkg/iac/adapters/terraform/aws/emr/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/emr/adapt_test.go @@ -3,11 +3,11 @@ package emr import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/emr" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/emr" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/adapters/terraform/aws/iam/adapt.go b/pkg/iac/adapters/terraform/aws/iam/adapt.go index 226b23aad928..f4ad95180b90 100644 --- a/pkg/iac/adapters/terraform/aws/iam/adapt.go +++ b/pkg/iac/adapters/terraform/aws/iam/adapt.go @@ -1,8 +1,8 @@ package iam import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) iam.IAM { diff --git a/pkg/iac/adapters/terraform/aws/iam/convert.go b/pkg/iac/adapters/terraform/aws/iam/convert.go index 6acff0a521e4..56992b77bcb2 100644 --- a/pkg/iac/adapters/terraform/aws/iam/convert.go +++ b/pkg/iac/adapters/terraform/aws/iam/convert.go @@ -5,9 +5,9 @@ import ( "github.com/liamg/iamgo" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) type wrappedDocument struct { diff --git a/pkg/iac/adapters/terraform/aws/iam/groups.go b/pkg/iac/adapters/terraform/aws/iam/groups.go index d2b2ec8430e3..9053bf83be78 100644 --- a/pkg/iac/adapters/terraform/aws/iam/groups.go +++ b/pkg/iac/adapters/terraform/aws/iam/groups.go @@ -1,8 +1,8 @@ package iam import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func adaptGroups(modules terraform.Modules) []iam.Group { diff --git a/pkg/iac/adapters/terraform/aws/iam/groups_test.go b/pkg/iac/adapters/terraform/aws/iam/groups_test.go index 3f9fcc496ecb..759eec4df4d7 100644 --- a/pkg/iac/adapters/terraform/aws/iam/groups_test.go +++ b/pkg/iac/adapters/terraform/aws/iam/groups_test.go @@ -3,11 +3,11 @@ package iam import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" ) func Test_adaptGroups(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/aws/iam/passwords.go b/pkg/iac/adapters/terraform/aws/iam/passwords.go index 10db50f1e94b..d3f4783dc105 100644 --- a/pkg/iac/adapters/terraform/aws/iam/passwords.go +++ b/pkg/iac/adapters/terraform/aws/iam/passwords.go @@ -3,9 +3,9 @@ package iam import ( "math" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptPasswordPolicy(modules terraform.Modules) iam.PasswordPolicy { diff --git a/pkg/iac/adapters/terraform/aws/iam/passwords_test.go b/pkg/iac/adapters/terraform/aws/iam/passwords_test.go index b44b1bfc9aaf..263bdaad75f5 100644 --- a/pkg/iac/adapters/terraform/aws/iam/passwords_test.go +++ b/pkg/iac/adapters/terraform/aws/iam/passwords_test.go @@ -3,11 +3,11 @@ package iam import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" ) func Test_adaptPasswordPolicy(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/aws/iam/policies.go b/pkg/iac/adapters/terraform/aws/iam/policies.go index de852ef6e81c..a68bb7126ad8 100644 --- a/pkg/iac/adapters/terraform/aws/iam/policies.go +++ b/pkg/iac/adapters/terraform/aws/iam/policies.go @@ -3,9 +3,9 @@ package iam import ( "github.com/liamg/iamgo" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func parsePolicy(policyBlock *terraform.Block, modules terraform.Modules) (iam.Policy, error) { diff --git a/pkg/iac/adapters/terraform/aws/iam/policies_test.go b/pkg/iac/adapters/terraform/aws/iam/policies_test.go index aed1f6d2a1cd..0d0411bc7a6d 100644 --- a/pkg/iac/adapters/terraform/aws/iam/policies_test.go +++ b/pkg/iac/adapters/terraform/aws/iam/policies_test.go @@ -3,11 +3,11 @@ package iam import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" "github.com/liamg/iamgo" ) diff --git a/pkg/iac/adapters/terraform/aws/iam/roles.go b/pkg/iac/adapters/terraform/aws/iam/roles.go index 9d9783fb89c4..096521c0d43a 100644 --- a/pkg/iac/adapters/terraform/aws/iam/roles.go +++ b/pkg/iac/adapters/terraform/aws/iam/roles.go @@ -1,8 +1,8 @@ package iam import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func adaptRoles(modules terraform.Modules) []iam.Role { diff --git a/pkg/iac/adapters/terraform/aws/iam/roles_test.go b/pkg/iac/adapters/terraform/aws/iam/roles_test.go index 7231c15687ec..733501f1f931 100644 --- a/pkg/iac/adapters/terraform/aws/iam/roles_test.go +++ b/pkg/iac/adapters/terraform/aws/iam/roles_test.go @@ -4,10 +4,10 @@ import ( "sort" "testing" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Test_adaptRoles(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/aws/iam/users.go b/pkg/iac/adapters/terraform/aws/iam/users.go index 6a292a83128e..81b8f8350e82 100644 --- a/pkg/iac/adapters/terraform/aws/iam/users.go +++ b/pkg/iac/adapters/terraform/aws/iam/users.go @@ -1,9 +1,9 @@ package iam import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptUsers(modules terraform.Modules) []iam.User { diff --git a/pkg/iac/adapters/terraform/aws/iam/users_test.go b/pkg/iac/adapters/terraform/aws/iam/users_test.go index a1243b6045c6..8e7cd4fa93fe 100644 --- a/pkg/iac/adapters/terraform/aws/iam/users_test.go +++ b/pkg/iac/adapters/terraform/aws/iam/users_test.go @@ -3,10 +3,10 @@ package iam import ( "testing" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Test_adaptUsers(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/aws/kinesis/adapt.go b/pkg/iac/adapters/terraform/aws/kinesis/adapt.go index 1f918ccb35b1..f66f77505c07 100644 --- a/pkg/iac/adapters/terraform/aws/kinesis/adapt.go +++ b/pkg/iac/adapters/terraform/aws/kinesis/adapt.go @@ -1,9 +1,9 @@ package kinesis import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/kinesis" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/kinesis" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) kinesis.Kinesis { diff --git a/pkg/iac/adapters/terraform/aws/kinesis/adapt_test.go b/pkg/iac/adapters/terraform/aws/kinesis/adapt_test.go index 0387056474c5..ee13327de543 100644 --- a/pkg/iac/adapters/terraform/aws/kinesis/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/kinesis/adapt_test.go @@ -3,11 +3,11 @@ package kinesis import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/kinesis" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/kinesis" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/kms/adapt.go b/pkg/iac/adapters/terraform/aws/kms/adapt.go index c91c860ff9c6..95bc730ef2b1 100644 --- a/pkg/iac/adapters/terraform/aws/kms/adapt.go +++ b/pkg/iac/adapters/terraform/aws/kms/adapt.go @@ -1,8 +1,8 @@ package kms import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/kms" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/kms" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) kms.KMS { diff --git a/pkg/iac/adapters/terraform/aws/kms/adapt_test.go b/pkg/iac/adapters/terraform/aws/kms/adapt_test.go index 9ecb45ca05e3..4b466e8310ef 100644 --- a/pkg/iac/adapters/terraform/aws/kms/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/kms/adapt_test.go @@ -3,11 +3,11 @@ package kms import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/kms" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/kms" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/lambda/adapt.go b/pkg/iac/adapters/terraform/aws/lambda/adapt.go index 2861906994e4..b6766f67f2c4 100644 --- a/pkg/iac/adapters/terraform/aws/lambda/adapt.go +++ b/pkg/iac/adapters/terraform/aws/lambda/adapt.go @@ -1,9 +1,9 @@ package lambda import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/lambda" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/lambda" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) lambda.Lambda { diff --git a/pkg/iac/adapters/terraform/aws/lambda/adapt_test.go b/pkg/iac/adapters/terraform/aws/lambda/adapt_test.go index b1d8fe43a5c9..c38b1209ff70 100644 --- a/pkg/iac/adapters/terraform/aws/lambda/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/lambda/adapt_test.go @@ -3,11 +3,11 @@ package lambda import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/lambda" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/lambda" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/adapters/terraform/aws/mq/adapt.go b/pkg/iac/adapters/terraform/aws/mq/adapt.go index c5da698dca8d..d0fed28d5b83 100644 --- a/pkg/iac/adapters/terraform/aws/mq/adapt.go +++ b/pkg/iac/adapters/terraform/aws/mq/adapt.go @@ -1,9 +1,9 @@ package mq import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/mq" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/mq" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) mq.MQ { diff --git a/pkg/iac/adapters/terraform/aws/mq/adapt_test.go b/pkg/iac/adapters/terraform/aws/mq/adapt_test.go index ff994785095a..5eefdf03dcd4 100644 --- a/pkg/iac/adapters/terraform/aws/mq/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/mq/adapt_test.go @@ -3,11 +3,11 @@ package mq import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/mq" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/mq" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/msk/adapt.go b/pkg/iac/adapters/terraform/aws/msk/adapt.go index faf43df2197b..72a720362860 100644 --- a/pkg/iac/adapters/terraform/aws/msk/adapt.go +++ b/pkg/iac/adapters/terraform/aws/msk/adapt.go @@ -1,9 +1,9 @@ package msk import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/msk" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/msk" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) msk.MSK { diff --git a/pkg/iac/adapters/terraform/aws/msk/adapt_test.go b/pkg/iac/adapters/terraform/aws/msk/adapt_test.go index 764b51671553..f6a323ed79a7 100644 --- a/pkg/iac/adapters/terraform/aws/msk/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/msk/adapt_test.go @@ -3,11 +3,11 @@ package msk import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/msk" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/msk" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/neptune/adapt.go b/pkg/iac/adapters/terraform/aws/neptune/adapt.go index 7283624c33d2..7f619a89028c 100644 --- a/pkg/iac/adapters/terraform/aws/neptune/adapt.go +++ b/pkg/iac/adapters/terraform/aws/neptune/adapt.go @@ -1,9 +1,9 @@ package neptune import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/neptune" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/neptune" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) neptune.Neptune { diff --git a/pkg/iac/adapters/terraform/aws/neptune/adapt_test.go b/pkg/iac/adapters/terraform/aws/neptune/adapt_test.go index b502bd6fa9d9..28c0ef6c46fc 100644 --- a/pkg/iac/adapters/terraform/aws/neptune/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/neptune/adapt_test.go @@ -3,11 +3,11 @@ package neptune import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/neptune" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/neptune" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/provider/adapt.go b/pkg/iac/adapters/terraform/aws/provider/adapt.go index b34fc8e730c5..2641a8299840 100644 --- a/pkg/iac/adapters/terraform/aws/provider/adapt.go +++ b/pkg/iac/adapters/terraform/aws/provider/adapt.go @@ -1,9 +1,9 @@ package provider import ( - "github.com/aquasecurity/defsec/pkg/providers/aws" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + "github.com/aquasecurity/trivy/pkg/iac/types" ) const ( diff --git a/pkg/iac/adapters/terraform/aws/provider/adapt_test.go b/pkg/iac/adapters/terraform/aws/provider/adapt_test.go index 0c158071c4a8..9cbcc767e3b3 100644 --- a/pkg/iac/adapters/terraform/aws/provider/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/provider/adapt_test.go @@ -3,10 +3,10 @@ package provider import ( "testing" - "github.com/aquasecurity/defsec/pkg/providers/aws" - "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func TestAdapt(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/aws/rds/adapt.go b/pkg/iac/adapters/terraform/aws/rds/adapt.go index a03b3d124058..cfbd86516d0e 100644 --- a/pkg/iac/adapters/terraform/aws/rds/adapt.go +++ b/pkg/iac/adapters/terraform/aws/rds/adapt.go @@ -1,9 +1,9 @@ package rds import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/rds" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/rds" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) rds.RDS { diff --git a/pkg/iac/adapters/terraform/aws/rds/adapt_test.go b/pkg/iac/adapters/terraform/aws/rds/adapt_test.go index 4fb8a0f44fe5..dbe2a5a52527 100644 --- a/pkg/iac/adapters/terraform/aws/rds/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/rds/adapt_test.go @@ -3,11 +3,11 @@ package rds import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/rds" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/rds" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/adapters/terraform/aws/redshift/adapt.go b/pkg/iac/adapters/terraform/aws/redshift/adapt.go index 2875b6649c46..33d124abad9b 100644 --- a/pkg/iac/adapters/terraform/aws/redshift/adapt.go +++ b/pkg/iac/adapters/terraform/aws/redshift/adapt.go @@ -1,9 +1,9 @@ package redshift import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/redshift" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/redshift" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) redshift.Redshift { diff --git a/pkg/iac/adapters/terraform/aws/redshift/adapt_test.go b/pkg/iac/adapters/terraform/aws/redshift/adapt_test.go index f4290e567bd4..c3e966ac5c12 100644 --- a/pkg/iac/adapters/terraform/aws/redshift/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/redshift/adapt_test.go @@ -4,11 +4,11 @@ import ( "fmt" "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/redshift" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/redshift" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/adapters/terraform/aws/s3/adapt.go b/pkg/iac/adapters/terraform/aws/s3/adapt.go index 56e61a8763f9..ef9c3052eec5 100644 --- a/pkg/iac/adapters/terraform/aws/s3/adapt.go +++ b/pkg/iac/adapters/terraform/aws/s3/adapt.go @@ -1,8 +1,8 @@ package s3 import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/s3" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/s3" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) s3.S3 { diff --git a/pkg/iac/adapters/terraform/aws/s3/adapt_test.go b/pkg/iac/adapters/terraform/aws/s3/adapt_test.go index a9d95c78e418..3f92767bd855 100644 --- a/pkg/iac/adapters/terraform/aws/s3/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/s3/adapt_test.go @@ -3,12 +3,12 @@ package s3 import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/providers/aws/s3" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/s3" "github.com/liamg/iamgo" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/s3/bucket.go b/pkg/iac/adapters/terraform/aws/s3/bucket.go index e26d7c67fe19..e89f8b567597 100644 --- a/pkg/iac/adapters/terraform/aws/s3/bucket.go +++ b/pkg/iac/adapters/terraform/aws/s3/bucket.go @@ -1,9 +1,9 @@ package s3 import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/s3" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/s3" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type adapter struct { diff --git a/pkg/iac/adapters/terraform/aws/s3/policies.go b/pkg/iac/adapters/terraform/aws/s3/policies.go index 0f4423189849..42385cabd5ae 100644 --- a/pkg/iac/adapters/terraform/aws/s3/policies.go +++ b/pkg/iac/adapters/terraform/aws/s3/policies.go @@ -1,9 +1,9 @@ package s3 import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" iamAdapter "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func (a *adapter) adaptBucketPolicies() { diff --git a/pkg/iac/adapters/terraform/aws/s3/public_access_block.go b/pkg/iac/adapters/terraform/aws/s3/public_access_block.go index 0c9455485dda..eff4a71b4005 100644 --- a/pkg/iac/adapters/terraform/aws/s3/public_access_block.go +++ b/pkg/iac/adapters/terraform/aws/s3/public_access_block.go @@ -1,7 +1,7 @@ package s3 import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/s3" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/s3" ) func (a *adapter) adaptPublicAccessBlocks() { diff --git a/pkg/iac/adapters/terraform/aws/sns/adapt.go b/pkg/iac/adapters/terraform/aws/sns/adapt.go index c746dc9520f3..761bb281a804 100644 --- a/pkg/iac/adapters/terraform/aws/sns/adapt.go +++ b/pkg/iac/adapters/terraform/aws/sns/adapt.go @@ -1,9 +1,9 @@ package sns import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/sns" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sns" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) sns.SNS { diff --git a/pkg/iac/adapters/terraform/aws/sns/adapt_test.go b/pkg/iac/adapters/terraform/aws/sns/adapt_test.go index fbf18b33186b..b541dfb2452c 100644 --- a/pkg/iac/adapters/terraform/aws/sns/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/sns/adapt_test.go @@ -3,11 +3,11 @@ package sns import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/sns" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sns" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/sqs/adapt.go b/pkg/iac/adapters/terraform/aws/sqs/adapt.go index bb5cd5047ce3..251c8ec4db00 100644 --- a/pkg/iac/adapters/terraform/aws/sqs/adapt.go +++ b/pkg/iac/adapters/terraform/aws/sqs/adapt.go @@ -4,11 +4,11 @@ import ( "github.com/google/uuid" "github.com/liamg/iamgo" - iamp "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/providers/aws/sqs" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/aws/iam" + iamp "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sqs" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) sqs.SQS { diff --git a/pkg/iac/adapters/terraform/aws/sqs/adapt_test.go b/pkg/iac/adapters/terraform/aws/sqs/adapt_test.go index 2d0fda56b51a..84042f890159 100644 --- a/pkg/iac/adapters/terraform/aws/sqs/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/sqs/adapt_test.go @@ -3,12 +3,12 @@ package sqs import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/providers/aws/sqs" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sqs" "github.com/liamg/iamgo" "github.com/stretchr/testify/assert" diff --git a/pkg/iac/adapters/terraform/aws/ssm/adapt.go b/pkg/iac/adapters/terraform/aws/ssm/adapt.go index b5756fef05c6..95833322f8bb 100644 --- a/pkg/iac/adapters/terraform/aws/ssm/adapt.go +++ b/pkg/iac/adapters/terraform/aws/ssm/adapt.go @@ -1,9 +1,9 @@ package ssm import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ssm" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ssm" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) ssm.SSM { diff --git a/pkg/iac/adapters/terraform/aws/ssm/adapt_test.go b/pkg/iac/adapters/terraform/aws/ssm/adapt_test.go index 43a0e86e6d83..a5437c6a2e12 100644 --- a/pkg/iac/adapters/terraform/aws/ssm/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/ssm/adapt_test.go @@ -3,11 +3,11 @@ package ssm import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/ssm" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ssm" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/aws/workspaces/adapt.go b/pkg/iac/adapters/terraform/aws/workspaces/adapt.go index 1707ccae1709..3b67475ba3d5 100644 --- a/pkg/iac/adapters/terraform/aws/workspaces/adapt.go +++ b/pkg/iac/adapters/terraform/aws/workspaces/adapt.go @@ -1,9 +1,9 @@ package workspaces import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/workspaces" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/workspaces" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) workspaces.WorkSpaces { diff --git a/pkg/iac/adapters/terraform/aws/workspaces/adapt_test.go b/pkg/iac/adapters/terraform/aws/workspaces/adapt_test.go index e28b9aff5d56..a8a31d692c2e 100644 --- a/pkg/iac/adapters/terraform/aws/workspaces/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/workspaces/adapt_test.go @@ -3,11 +3,11 @@ package workspaces import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/workspaces" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/workspaces" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/azure/adapt.go b/pkg/iac/adapters/terraform/azure/adapt.go index 783092082f72..bf2fc06317f0 100644 --- a/pkg/iac/adapters/terraform/azure/adapt.go +++ b/pkg/iac/adapters/terraform/azure/adapt.go @@ -1,8 +1,6 @@ package azure import ( - "github.com/aquasecurity/defsec/pkg/providers/azure" - "github.com/aquasecurity/defsec/pkg/terraform" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/azure/appservice" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/azure/authorization" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/azure/compute" @@ -16,6 +14,8 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/azure/securitycenter" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/azure/storage" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/azure/synapse" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) azure.Azure { diff --git a/pkg/iac/adapters/terraform/azure/appservice/adapt.go b/pkg/iac/adapters/terraform/azure/appservice/adapt.go index ab1058dc9903..d8bd59b81a70 100644 --- a/pkg/iac/adapters/terraform/azure/appservice/adapt.go +++ b/pkg/iac/adapters/terraform/azure/appservice/adapt.go @@ -1,9 +1,9 @@ package appservice import ( - "github.com/aquasecurity/defsec/pkg/providers/azure/appservice" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/appservice" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) appservice.AppService { diff --git a/pkg/iac/adapters/terraform/azure/appservice/adapt_test.go b/pkg/iac/adapters/terraform/azure/appservice/adapt_test.go index 6ae128d4872f..b04bfc95f73a 100644 --- a/pkg/iac/adapters/terraform/azure/appservice/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/appservice/adapt_test.go @@ -3,11 +3,11 @@ package appservice import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/azure/appservice" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/appservice" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/azure/authorization/adapt.go b/pkg/iac/adapters/terraform/azure/authorization/adapt.go index 10baba9b0d73..3b41dbc142c1 100644 --- a/pkg/iac/adapters/terraform/azure/authorization/adapt.go +++ b/pkg/iac/adapters/terraform/azure/authorization/adapt.go @@ -1,8 +1,8 @@ package authorization import ( - "github.com/aquasecurity/defsec/pkg/providers/azure/authorization" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/authorization" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) authorization.Authorization { diff --git a/pkg/iac/adapters/terraform/azure/authorization/adapt_test.go b/pkg/iac/adapters/terraform/azure/authorization/adapt_test.go index af9421c8e1f7..926159374a86 100644 --- a/pkg/iac/adapters/terraform/azure/authorization/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/authorization/adapt_test.go @@ -3,11 +3,11 @@ package authorization import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/azure/authorization" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/authorization" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/azure/compute/adapt.go b/pkg/iac/adapters/terraform/azure/compute/adapt.go index b5eb379147ac..2fc39665d5ea 100644 --- a/pkg/iac/adapters/terraform/azure/compute/adapt.go +++ b/pkg/iac/adapters/terraform/azure/compute/adapt.go @@ -3,9 +3,9 @@ package compute import ( "encoding/base64" - "github.com/aquasecurity/defsec/pkg/providers/azure/compute" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/compute" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) const AzureVirtualMachine = "azurerm_virtual_machine" diff --git a/pkg/iac/adapters/terraform/azure/compute/adapt_test.go b/pkg/iac/adapters/terraform/azure/compute/adapt_test.go index 96fdf35119a2..358e8862aad6 100644 --- a/pkg/iac/adapters/terraform/azure/compute/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/compute/adapt_test.go @@ -3,11 +3,11 @@ package compute import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/azure/compute" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/compute" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/azure/container/adapt.go b/pkg/iac/adapters/terraform/azure/container/adapt.go index 357630df2e9e..53d82a347b86 100644 --- a/pkg/iac/adapters/terraform/azure/container/adapt.go +++ b/pkg/iac/adapters/terraform/azure/container/adapt.go @@ -1,9 +1,9 @@ package container import ( - "github.com/aquasecurity/defsec/pkg/providers/azure/container" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/container" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) container.Container { diff --git a/pkg/iac/adapters/terraform/azure/container/adapt_test.go b/pkg/iac/adapters/terraform/azure/container/adapt_test.go index 44ee591d6f74..9b4e647c3353 100644 --- a/pkg/iac/adapters/terraform/azure/container/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/container/adapt_test.go @@ -3,11 +3,11 @@ package container import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/azure/container" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/container" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/azure/database/adapt.go b/pkg/iac/adapters/terraform/azure/database/adapt.go index 4ec4027ab718..024e59fd7f82 100644 --- a/pkg/iac/adapters/terraform/azure/database/adapt.go +++ b/pkg/iac/adapters/terraform/azure/database/adapt.go @@ -1,9 +1,9 @@ package database import ( - "github.com/aquasecurity/defsec/pkg/providers/azure/database" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/database" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) database.Database { diff --git a/pkg/iac/adapters/terraform/azure/database/adapt_test.go b/pkg/iac/adapters/terraform/azure/database/adapt_test.go index 7cf811912edc..cf617e2c249a 100644 --- a/pkg/iac/adapters/terraform/azure/database/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/database/adapt_test.go @@ -3,11 +3,11 @@ package database import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/azure/database" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/database" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/adapters/terraform/azure/datafactory/adapt.go b/pkg/iac/adapters/terraform/azure/datafactory/adapt.go index 7fd12d1e4218..2dfc108ee3e9 100644 --- a/pkg/iac/adapters/terraform/azure/datafactory/adapt.go +++ b/pkg/iac/adapters/terraform/azure/datafactory/adapt.go @@ -1,8 +1,8 @@ package datafactory import ( - "github.com/aquasecurity/defsec/pkg/providers/azure/datafactory" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/datafactory" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) datafactory.DataFactory { diff --git a/pkg/iac/adapters/terraform/azure/datafactory/adapt_test.go b/pkg/iac/adapters/terraform/azure/datafactory/adapt_test.go index 4bba76e18659..019de8339d30 100644 --- a/pkg/iac/adapters/terraform/azure/datafactory/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/datafactory/adapt_test.go @@ -3,11 +3,11 @@ package datafactory import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/azure/datafactory" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/datafactory" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/azure/datalake/adapt.go b/pkg/iac/adapters/terraform/azure/datalake/adapt.go index b55bf7a2e581..3f81d8925fd8 100644 --- a/pkg/iac/adapters/terraform/azure/datalake/adapt.go +++ b/pkg/iac/adapters/terraform/azure/datalake/adapt.go @@ -1,9 +1,9 @@ package datalake import ( - "github.com/aquasecurity/defsec/pkg/providers/azure/datalake" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/datalake" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) datalake.DataLake { diff --git a/pkg/iac/adapters/terraform/azure/datalake/adapt_test.go b/pkg/iac/adapters/terraform/azure/datalake/adapt_test.go index e028f885da48..b9c5eece050d 100644 --- a/pkg/iac/adapters/terraform/azure/datalake/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/datalake/adapt_test.go @@ -3,11 +3,11 @@ package datalake import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/azure/datalake" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/datalake" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/azure/keyvault/adapt.go b/pkg/iac/adapters/terraform/azure/keyvault/adapt.go index 2e7a0f18a63a..7c9b1f49631d 100644 --- a/pkg/iac/adapters/terraform/azure/keyvault/adapt.go +++ b/pkg/iac/adapters/terraform/azure/keyvault/adapt.go @@ -3,9 +3,9 @@ package keyvault import ( "time" - "github.com/aquasecurity/defsec/pkg/providers/azure/keyvault" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/keyvault" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) keyvault.KeyVault { diff --git a/pkg/iac/adapters/terraform/azure/keyvault/adapt_test.go b/pkg/iac/adapters/terraform/azure/keyvault/adapt_test.go index 8c8f6917627b..26045e573e6c 100644 --- a/pkg/iac/adapters/terraform/azure/keyvault/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/keyvault/adapt_test.go @@ -4,11 +4,11 @@ import ( "testing" "time" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/azure/keyvault" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/keyvault" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/azure/monitor/adapt.go b/pkg/iac/adapters/terraform/azure/monitor/adapt.go index f70648d92038..52371de59af1 100644 --- a/pkg/iac/adapters/terraform/azure/monitor/adapt.go +++ b/pkg/iac/adapters/terraform/azure/monitor/adapt.go @@ -1,9 +1,9 @@ package monitor import ( - "github.com/aquasecurity/defsec/pkg/providers/azure/monitor" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/monitor" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) monitor.Monitor { diff --git a/pkg/iac/adapters/terraform/azure/monitor/adapt_test.go b/pkg/iac/adapters/terraform/azure/monitor/adapt_test.go index 8d5b219e1ed8..3b5d52e6b329 100644 --- a/pkg/iac/adapters/terraform/azure/monitor/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/monitor/adapt_test.go @@ -3,11 +3,11 @@ package monitor import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/azure/monitor" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/monitor" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/azure/network/adapt.go b/pkg/iac/adapters/terraform/azure/network/adapt.go index 60d117fde8aa..e49bbeeca5a0 100644 --- a/pkg/iac/adapters/terraform/azure/network/adapt.go +++ b/pkg/iac/adapters/terraform/azure/network/adapt.go @@ -6,9 +6,9 @@ import ( "github.com/google/uuid" - "github.com/aquasecurity/defsec/pkg/providers/azure/network" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/network" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) network.Network { diff --git a/pkg/iac/adapters/terraform/azure/network/adapt_test.go b/pkg/iac/adapters/terraform/azure/network/adapt_test.go index 808827c29604..531ae0dafbac 100644 --- a/pkg/iac/adapters/terraform/azure/network/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/network/adapt_test.go @@ -3,11 +3,11 @@ package network import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/azure/network" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/network" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/adapters/terraform/azure/securitycenter/adapt.go b/pkg/iac/adapters/terraform/azure/securitycenter/adapt.go index 90e02d933a3a..2053e8e9e587 100644 --- a/pkg/iac/adapters/terraform/azure/securitycenter/adapt.go +++ b/pkg/iac/adapters/terraform/azure/securitycenter/adapt.go @@ -1,8 +1,8 @@ package securitycenter import ( - "github.com/aquasecurity/defsec/pkg/providers/azure/securitycenter" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/securitycenter" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) securitycenter.SecurityCenter { diff --git a/pkg/iac/adapters/terraform/azure/securitycenter/adapt_test.go b/pkg/iac/adapters/terraform/azure/securitycenter/adapt_test.go index 90a43fd43427..cfe5af3411c9 100644 --- a/pkg/iac/adapters/terraform/azure/securitycenter/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/securitycenter/adapt_test.go @@ -3,11 +3,11 @@ package securitycenter import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/azure/securitycenter" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/securitycenter" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/azure/storage/adapt.go b/pkg/iac/adapters/terraform/azure/storage/adapt.go index ce150103bdb8..78eff47b72fc 100644 --- a/pkg/iac/adapters/terraform/azure/storage/adapt.go +++ b/pkg/iac/adapters/terraform/azure/storage/adapt.go @@ -1,9 +1,9 @@ package storage import ( - "github.com/aquasecurity/defsec/pkg/providers/azure/storage" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/storage" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) storage.Storage { diff --git a/pkg/iac/adapters/terraform/azure/storage/adapt_test.go b/pkg/iac/adapters/terraform/azure/storage/adapt_test.go index 0bf3d6d42a5e..6f1c080e6e98 100644 --- a/pkg/iac/adapters/terraform/azure/storage/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/storage/adapt_test.go @@ -3,11 +3,11 @@ package storage import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/azure/storage" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/storage" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/adapters/terraform/azure/synapse/adapt.go b/pkg/iac/adapters/terraform/azure/synapse/adapt.go index 6e5743dccc80..37efcb596a9d 100644 --- a/pkg/iac/adapters/terraform/azure/synapse/adapt.go +++ b/pkg/iac/adapters/terraform/azure/synapse/adapt.go @@ -1,8 +1,8 @@ package synapse import ( - "github.com/aquasecurity/defsec/pkg/providers/azure/synapse" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/synapse" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) synapse.Synapse { diff --git a/pkg/iac/adapters/terraform/azure/synapse/adapt_test.go b/pkg/iac/adapters/terraform/azure/synapse/adapt_test.go index 22c76f304606..e466f32dd443 100644 --- a/pkg/iac/adapters/terraform/azure/synapse/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/synapse/adapt_test.go @@ -3,11 +3,11 @@ package synapse import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/azure/synapse" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/synapse" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/cloudstack/adapt.go b/pkg/iac/adapters/terraform/cloudstack/adapt.go index 095931d405d4..d19a05bdf3a4 100644 --- a/pkg/iac/adapters/terraform/cloudstack/adapt.go +++ b/pkg/iac/adapters/terraform/cloudstack/adapt.go @@ -1,9 +1,9 @@ package cloudstack import ( - "github.com/aquasecurity/defsec/pkg/providers/cloudstack" - "github.com/aquasecurity/defsec/pkg/terraform" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/cloudstack/compute" + "github.com/aquasecurity/trivy/pkg/iac/providers/cloudstack" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) cloudstack.CloudStack { diff --git a/pkg/iac/adapters/terraform/cloudstack/compute/adapt.go b/pkg/iac/adapters/terraform/cloudstack/compute/adapt.go index 06ce13be5195..4908f0325158 100644 --- a/pkg/iac/adapters/terraform/cloudstack/compute/adapt.go +++ b/pkg/iac/adapters/terraform/cloudstack/compute/adapt.go @@ -3,9 +3,9 @@ package compute import ( "encoding/base64" - "github.com/aquasecurity/defsec/pkg/providers/cloudstack/compute" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/cloudstack/compute" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) compute.Compute { diff --git a/pkg/iac/adapters/terraform/cloudstack/compute/adapt_test.go b/pkg/iac/adapters/terraform/cloudstack/compute/adapt_test.go index 059c478f734b..f8d1a097bfcd 100644 --- a/pkg/iac/adapters/terraform/cloudstack/compute/adapt_test.go +++ b/pkg/iac/adapters/terraform/cloudstack/compute/adapt_test.go @@ -3,11 +3,11 @@ package compute import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/cloudstack/compute" + "github.com/aquasecurity/trivy/pkg/iac/providers/cloudstack/compute" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/digitalocean/adapt.go b/pkg/iac/adapters/terraform/digitalocean/adapt.go index bef8e6ce8137..c9eaf447c93f 100644 --- a/pkg/iac/adapters/terraform/digitalocean/adapt.go +++ b/pkg/iac/adapters/terraform/digitalocean/adapt.go @@ -1,10 +1,10 @@ package digitalocean import ( - "github.com/aquasecurity/defsec/pkg/providers/digitalocean" - "github.com/aquasecurity/defsec/pkg/terraform" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/digitalocean/compute" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/digitalocean/spaces" + "github.com/aquasecurity/trivy/pkg/iac/providers/digitalocean" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) digitalocean.DigitalOcean { diff --git a/pkg/iac/adapters/terraform/digitalocean/compute/adapt.go b/pkg/iac/adapters/terraform/digitalocean/compute/adapt.go index e871dc8a4dc7..75f5af9fcf53 100644 --- a/pkg/iac/adapters/terraform/digitalocean/compute/adapt.go +++ b/pkg/iac/adapters/terraform/digitalocean/compute/adapt.go @@ -1,8 +1,8 @@ package compute import ( - "github.com/aquasecurity/defsec/pkg/providers/digitalocean/compute" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/digitalocean/compute" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) compute.Compute { diff --git a/pkg/iac/adapters/terraform/digitalocean/compute/adapt_test.go b/pkg/iac/adapters/terraform/digitalocean/compute/adapt_test.go index 2660842547ed..b1d5db57bfad 100644 --- a/pkg/iac/adapters/terraform/digitalocean/compute/adapt_test.go +++ b/pkg/iac/adapters/terraform/digitalocean/compute/adapt_test.go @@ -3,11 +3,11 @@ package compute import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/digitalocean/compute" + "github.com/aquasecurity/trivy/pkg/iac/providers/digitalocean/compute" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/adapters/terraform/digitalocean/spaces/adapt.go b/pkg/iac/adapters/terraform/digitalocean/spaces/adapt.go index 93214777a41a..adb7dd7c931f 100644 --- a/pkg/iac/adapters/terraform/digitalocean/spaces/adapt.go +++ b/pkg/iac/adapters/terraform/digitalocean/spaces/adapt.go @@ -3,9 +3,9 @@ package spaces import ( "github.com/google/uuid" - "github.com/aquasecurity/defsec/pkg/providers/digitalocean/spaces" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/digitalocean/spaces" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) spaces.Spaces { diff --git a/pkg/iac/adapters/terraform/digitalocean/spaces/adapt_test.go b/pkg/iac/adapters/terraform/digitalocean/spaces/adapt_test.go index 963ae2284be5..623117c51661 100644 --- a/pkg/iac/adapters/terraform/digitalocean/spaces/adapt_test.go +++ b/pkg/iac/adapters/terraform/digitalocean/spaces/adapt_test.go @@ -3,11 +3,11 @@ package spaces import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/digitalocean/spaces" + "github.com/aquasecurity/trivy/pkg/iac/providers/digitalocean/spaces" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/github/adapt.go b/pkg/iac/adapters/terraform/github/adapt.go index 7ef290e1768d..389599d445b9 100644 --- a/pkg/iac/adapters/terraform/github/adapt.go +++ b/pkg/iac/adapters/terraform/github/adapt.go @@ -1,11 +1,11 @@ package github import ( - "github.com/aquasecurity/defsec/pkg/providers/github" - "github.com/aquasecurity/defsec/pkg/terraform" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/github/branch_protections" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/github/repositories" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/github/secrets" + "github.com/aquasecurity/trivy/pkg/iac/providers/github" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) github.GitHub { diff --git a/pkg/iac/adapters/terraform/github/branch_protections/adapt.go b/pkg/iac/adapters/terraform/github/branch_protections/adapt.go index 57af17a1475e..eb925fd54101 100644 --- a/pkg/iac/adapters/terraform/github/branch_protections/adapt.go +++ b/pkg/iac/adapters/terraform/github/branch_protections/adapt.go @@ -1,8 +1,8 @@ package branch_protections import ( - "github.com/aquasecurity/defsec/pkg/providers/github" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/github" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) []github.BranchProtection { diff --git a/pkg/iac/adapters/terraform/github/repositories/adapt.go b/pkg/iac/adapters/terraform/github/repositories/adapt.go index c523a9849133..27425653ef83 100644 --- a/pkg/iac/adapters/terraform/github/repositories/adapt.go +++ b/pkg/iac/adapters/terraform/github/repositories/adapt.go @@ -1,9 +1,9 @@ package repositories import ( - "github.com/aquasecurity/defsec/pkg/providers/github" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/github" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) []github.Repository { diff --git a/pkg/iac/adapters/terraform/github/secrets/adapt.go b/pkg/iac/adapters/terraform/github/secrets/adapt.go index c42c872b3c4d..1da1b879d6cc 100644 --- a/pkg/iac/adapters/terraform/github/secrets/adapt.go +++ b/pkg/iac/adapters/terraform/github/secrets/adapt.go @@ -1,8 +1,8 @@ package secrets import ( - "github.com/aquasecurity/defsec/pkg/providers/github" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/github" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) []github.EnvironmentSecret { diff --git a/pkg/iac/adapters/terraform/github/secrets/adapt_test.go b/pkg/iac/adapters/terraform/github/secrets/adapt_test.go index d574a51fec59..30693158277a 100644 --- a/pkg/iac/adapters/terraform/github/secrets/adapt_test.go +++ b/pkg/iac/adapters/terraform/github/secrets/adapt_test.go @@ -3,11 +3,11 @@ package secrets import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/github" + "github.com/aquasecurity/trivy/pkg/iac/providers/github" ) func Test_Adapt(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/google/adapt.go b/pkg/iac/adapters/terraform/google/adapt.go index f1289a0c2fc3..8c5fc3ef22d1 100644 --- a/pkg/iac/adapters/terraform/google/adapt.go +++ b/pkg/iac/adapters/terraform/google/adapt.go @@ -1,8 +1,6 @@ package google import ( - "github.com/aquasecurity/defsec/pkg/providers/google" - "github.com/aquasecurity/defsec/pkg/terraform" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/google/bigquery" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/google/compute" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/google/dns" @@ -11,6 +9,8 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/google/kms" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/google/sql" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/google/storage" + "github.com/aquasecurity/trivy/pkg/iac/providers/google" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) google.Google { diff --git a/pkg/iac/adapters/terraform/google/bigquery/adapt.go b/pkg/iac/adapters/terraform/google/bigquery/adapt.go index cc4a868a58e5..ab9fc2a13647 100644 --- a/pkg/iac/adapters/terraform/google/bigquery/adapt.go +++ b/pkg/iac/adapters/terraform/google/bigquery/adapt.go @@ -1,8 +1,8 @@ package bigquery import ( - "github.com/aquasecurity/defsec/pkg/providers/google/bigquery" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/bigquery" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) bigquery.BigQuery { diff --git a/pkg/iac/adapters/terraform/google/bigquery/adapt_test.go b/pkg/iac/adapters/terraform/google/bigquery/adapt_test.go index cefbcaac55b8..bba83013088f 100644 --- a/pkg/iac/adapters/terraform/google/bigquery/adapt_test.go +++ b/pkg/iac/adapters/terraform/google/bigquery/adapt_test.go @@ -3,11 +3,11 @@ package bigquery import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/google/bigquery" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/bigquery" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/google/compute/adapt.go b/pkg/iac/adapters/terraform/google/compute/adapt.go index 50e94b95bcb1..084fbfab944b 100644 --- a/pkg/iac/adapters/terraform/google/compute/adapt.go +++ b/pkg/iac/adapters/terraform/google/compute/adapt.go @@ -1,8 +1,8 @@ package compute import ( - "github.com/aquasecurity/defsec/pkg/providers/google/compute" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/compute" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) compute.Compute { diff --git a/pkg/iac/adapters/terraform/google/compute/disks.go b/pkg/iac/adapters/terraform/google/compute/disks.go index 26c6d8f39c8f..ada59876de6b 100644 --- a/pkg/iac/adapters/terraform/google/compute/disks.go +++ b/pkg/iac/adapters/terraform/google/compute/disks.go @@ -1,9 +1,9 @@ package compute import ( - "github.com/aquasecurity/defsec/pkg/providers/google/compute" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/compute" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptDisks(modules terraform.Modules) (disks []compute.Disk) { diff --git a/pkg/iac/adapters/terraform/google/compute/disks_test.go b/pkg/iac/adapters/terraform/google/compute/disks_test.go index 53577d481641..e454536227a6 100644 --- a/pkg/iac/adapters/terraform/google/compute/disks_test.go +++ b/pkg/iac/adapters/terraform/google/compute/disks_test.go @@ -3,11 +3,11 @@ package compute import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/google/compute" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/compute" ) func Test_adaptDisks(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/google/compute/instances.go b/pkg/iac/adapters/terraform/google/compute/instances.go index 2fb8177b6a1c..4794071e5bdd 100644 --- a/pkg/iac/adapters/terraform/google/compute/instances.go +++ b/pkg/iac/adapters/terraform/google/compute/instances.go @@ -3,9 +3,9 @@ package compute import ( "github.com/zclconf/go-cty/cty" - "github.com/aquasecurity/defsec/pkg/providers/google/compute" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/compute" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptInstances(modules terraform.Modules) (instances []compute.Instance) { diff --git a/pkg/iac/adapters/terraform/google/compute/instances_test.go b/pkg/iac/adapters/terraform/google/compute/instances_test.go index 4ccb18e18140..e004eff3cc1c 100644 --- a/pkg/iac/adapters/terraform/google/compute/instances_test.go +++ b/pkg/iac/adapters/terraform/google/compute/instances_test.go @@ -3,11 +3,11 @@ package compute import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/google/compute" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/compute" ) func Test_adaptInstances(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/google/compute/metadata.go b/pkg/iac/adapters/terraform/google/compute/metadata.go index 2cc58839a367..a38c6b04beb0 100644 --- a/pkg/iac/adapters/terraform/google/compute/metadata.go +++ b/pkg/iac/adapters/terraform/google/compute/metadata.go @@ -3,9 +3,9 @@ package compute import ( "github.com/zclconf/go-cty/cty" - "github.com/aquasecurity/defsec/pkg/providers/google/compute" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/compute" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptProjectMetadata(modules terraform.Modules) compute.ProjectMetadata { diff --git a/pkg/iac/adapters/terraform/google/compute/metadata_test.go b/pkg/iac/adapters/terraform/google/compute/metadata_test.go index 064290cf2712..02ee526f2712 100644 --- a/pkg/iac/adapters/terraform/google/compute/metadata_test.go +++ b/pkg/iac/adapters/terraform/google/compute/metadata_test.go @@ -3,11 +3,11 @@ package compute import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/google/compute" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/compute" ) func Test_adaptProjectMetadata(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/google/compute/networks.go b/pkg/iac/adapters/terraform/google/compute/networks.go index 978b2f49a0bf..6f7ac6f124a3 100644 --- a/pkg/iac/adapters/terraform/google/compute/networks.go +++ b/pkg/iac/adapters/terraform/google/compute/networks.go @@ -4,9 +4,9 @@ import ( "strconv" "strings" - "github.com/aquasecurity/defsec/pkg/providers/google/compute" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/compute" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) const ( diff --git a/pkg/iac/adapters/terraform/google/compute/networks_test.go b/pkg/iac/adapters/terraform/google/compute/networks_test.go index d2bf227bc86e..522e52eb2206 100644 --- a/pkg/iac/adapters/terraform/google/compute/networks_test.go +++ b/pkg/iac/adapters/terraform/google/compute/networks_test.go @@ -3,11 +3,11 @@ package compute import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/google/compute" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/compute" ) func Test_adaptNetworks(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/google/compute/ssl.go b/pkg/iac/adapters/terraform/google/compute/ssl.go index e0e989bed4c2..c616b0f6274f 100644 --- a/pkg/iac/adapters/terraform/google/compute/ssl.go +++ b/pkg/iac/adapters/terraform/google/compute/ssl.go @@ -1,8 +1,8 @@ package compute import ( - "github.com/aquasecurity/defsec/pkg/providers/google/compute" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/compute" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func adaptSSLPolicies(modules terraform.Modules) (policies []compute.SSLPolicy) { diff --git a/pkg/iac/adapters/terraform/google/compute/ssl_test.go b/pkg/iac/adapters/terraform/google/compute/ssl_test.go index fd1516ca6b1c..aaa687136e4c 100644 --- a/pkg/iac/adapters/terraform/google/compute/ssl_test.go +++ b/pkg/iac/adapters/terraform/google/compute/ssl_test.go @@ -3,11 +3,11 @@ package compute import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/google/compute" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/compute" ) func Test_adaptSSLPolicies(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/google/dns/adapt.go b/pkg/iac/adapters/terraform/google/dns/adapt.go index a139d76497f7..fcc485f765b0 100644 --- a/pkg/iac/adapters/terraform/google/dns/adapt.go +++ b/pkg/iac/adapters/terraform/google/dns/adapt.go @@ -1,9 +1,9 @@ package dns import ( - "github.com/aquasecurity/defsec/pkg/providers/google/dns" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/dns" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) dns.DNS { diff --git a/pkg/iac/adapters/terraform/google/dns/adapt_test.go b/pkg/iac/adapters/terraform/google/dns/adapt_test.go index aacc68b255bb..d1712b1cfbe8 100644 --- a/pkg/iac/adapters/terraform/google/dns/adapt_test.go +++ b/pkg/iac/adapters/terraform/google/dns/adapt_test.go @@ -3,11 +3,11 @@ package dns import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/google/dns" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/dns" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/google/gke/adapt.go b/pkg/iac/adapters/terraform/google/gke/adapt.go index 1b41988d0bda..95ad22064911 100644 --- a/pkg/iac/adapters/terraform/google/gke/adapt.go +++ b/pkg/iac/adapters/terraform/google/gke/adapt.go @@ -4,9 +4,9 @@ import ( "github.com/google/uuid" "github.com/zclconf/go-cty/cty" - "github.com/aquasecurity/defsec/pkg/providers/google/gke" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/gke" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) gke.GKE { diff --git a/pkg/iac/adapters/terraform/google/gke/adapt_test.go b/pkg/iac/adapters/terraform/google/gke/adapt_test.go index 327bbfda74d6..870616d67610 100644 --- a/pkg/iac/adapters/terraform/google/gke/adapt_test.go +++ b/pkg/iac/adapters/terraform/google/gke/adapt_test.go @@ -3,11 +3,11 @@ package gke import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/google/gke" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/gke" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/adapters/terraform/google/iam/adapt.go b/pkg/iac/adapters/terraform/google/iam/adapt.go index 5c532879348c..4bc8014e14e8 100644 --- a/pkg/iac/adapters/terraform/google/iam/adapt.go +++ b/pkg/iac/adapters/terraform/google/iam/adapt.go @@ -3,9 +3,9 @@ package iam import ( "github.com/google/uuid" - "github.com/aquasecurity/defsec/pkg/providers/google/iam" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/iam" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) iam.IAM { diff --git a/pkg/iac/adapters/terraform/google/iam/adapt_test.go b/pkg/iac/adapters/terraform/google/iam/adapt_test.go index 7ee4fdcfc81c..f1e5a193ebf7 100644 --- a/pkg/iac/adapters/terraform/google/iam/adapt_test.go +++ b/pkg/iac/adapters/terraform/google/iam/adapt_test.go @@ -3,11 +3,11 @@ package iam import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/google/iam" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/iam" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/adapters/terraform/google/iam/convert.go b/pkg/iac/adapters/terraform/google/iam/convert.go index f364f02a8f9c..380ebaa3c177 100644 --- a/pkg/iac/adapters/terraform/google/iam/convert.go +++ b/pkg/iac/adapters/terraform/google/iam/convert.go @@ -1,9 +1,9 @@ package iam import ( - "github.com/aquasecurity/defsec/pkg/providers/google/iam" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/iam" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func ParsePolicyBlock(block *terraform.Block) []iam.Binding { diff --git a/pkg/iac/adapters/terraform/google/iam/folder_iam.go b/pkg/iac/adapters/terraform/google/iam/folder_iam.go index 0681166ac7c1..eccdef2c638c 100644 --- a/pkg/iac/adapters/terraform/google/iam/folder_iam.go +++ b/pkg/iac/adapters/terraform/google/iam/folder_iam.go @@ -1,8 +1,8 @@ package iam import ( - "github.com/aquasecurity/defsec/pkg/providers/google/iam" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/iam" + "github.com/aquasecurity/trivy/pkg/iac/types" ) // see https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_folder_iam diff --git a/pkg/iac/adapters/terraform/google/iam/folders.go b/pkg/iac/adapters/terraform/google/iam/folders.go index af574310a4c3..1091f625dc0a 100644 --- a/pkg/iac/adapters/terraform/google/iam/folders.go +++ b/pkg/iac/adapters/terraform/google/iam/folders.go @@ -1,7 +1,7 @@ package iam import ( - "github.com/aquasecurity/defsec/pkg/providers/google/iam" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/iam" ) const GoogleOrganization = "google_organization" diff --git a/pkg/iac/adapters/terraform/google/iam/org_iam.go b/pkg/iac/adapters/terraform/google/iam/org_iam.go index c2f97a01905e..8ce88053a2f1 100644 --- a/pkg/iac/adapters/terraform/google/iam/org_iam.go +++ b/pkg/iac/adapters/terraform/google/iam/org_iam.go @@ -3,8 +3,8 @@ package iam import ( "github.com/google/uuid" - "github.com/aquasecurity/defsec/pkg/providers/google/iam" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/iam" + "github.com/aquasecurity/trivy/pkg/iac/types" ) // see https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_organization_iam diff --git a/pkg/iac/adapters/terraform/google/iam/project_iam.go b/pkg/iac/adapters/terraform/google/iam/project_iam.go index bc2941904aa2..14a3765bc5b9 100644 --- a/pkg/iac/adapters/terraform/google/iam/project_iam.go +++ b/pkg/iac/adapters/terraform/google/iam/project_iam.go @@ -3,9 +3,9 @@ package iam import ( "strings" - "github.com/aquasecurity/defsec/pkg/providers/google/iam" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/iam" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) // see https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_project_iam diff --git a/pkg/iac/adapters/terraform/google/iam/project_iam_test.go b/pkg/iac/adapters/terraform/google/iam/project_iam_test.go index c7f0247285e2..9ed880c3bc09 100644 --- a/pkg/iac/adapters/terraform/google/iam/project_iam_test.go +++ b/pkg/iac/adapters/terraform/google/iam/project_iam_test.go @@ -3,11 +3,11 @@ package iam import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/google/iam" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/iam" ) func Test_AdaptBinding(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/google/iam/projects.go b/pkg/iac/adapters/terraform/google/iam/projects.go index 86e2fdbc2287..f77ded00f3cc 100644 --- a/pkg/iac/adapters/terraform/google/iam/projects.go +++ b/pkg/iac/adapters/terraform/google/iam/projects.go @@ -1,7 +1,7 @@ package iam import ( - "github.com/aquasecurity/defsec/pkg/providers/google/iam" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/iam" ) type parentedProject struct { diff --git a/pkg/iac/adapters/terraform/google/iam/workload_identity_pool_providers.go b/pkg/iac/adapters/terraform/google/iam/workload_identity_pool_providers.go index 70d68511ad70..242c3a09b907 100644 --- a/pkg/iac/adapters/terraform/google/iam/workload_identity_pool_providers.go +++ b/pkg/iac/adapters/terraform/google/iam/workload_identity_pool_providers.go @@ -1,7 +1,7 @@ package iam import ( - "github.com/aquasecurity/defsec/pkg/providers/google/iam" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/iam" ) // See https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/iam_workload_identity_pool_provider diff --git a/pkg/iac/adapters/terraform/google/kms/adapt.go b/pkg/iac/adapters/terraform/google/kms/adapt.go index 10d46ecf1a48..564fcd6cb365 100644 --- a/pkg/iac/adapters/terraform/google/kms/adapt.go +++ b/pkg/iac/adapters/terraform/google/kms/adapt.go @@ -3,9 +3,9 @@ package kms import ( "strconv" - "github.com/aquasecurity/defsec/pkg/providers/google/kms" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/kms" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) kms.KMS { diff --git a/pkg/iac/adapters/terraform/google/kms/adapt_test.go b/pkg/iac/adapters/terraform/google/kms/adapt_test.go index fc50af2c6fc1..bc1fcc9d82f6 100644 --- a/pkg/iac/adapters/terraform/google/kms/adapt_test.go +++ b/pkg/iac/adapters/terraform/google/kms/adapt_test.go @@ -3,11 +3,11 @@ package kms import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/google/kms" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/kms" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/google/sql/adapt.go b/pkg/iac/adapters/terraform/google/sql/adapt.go index 7f00b717c266..6f16bcb38dd8 100644 --- a/pkg/iac/adapters/terraform/google/sql/adapt.go +++ b/pkg/iac/adapters/terraform/google/sql/adapt.go @@ -3,9 +3,9 @@ package sql import ( "strconv" - "github.com/aquasecurity/defsec/pkg/providers/google/sql" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/sql" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) sql.SQL { diff --git a/pkg/iac/adapters/terraform/google/sql/adapt_test.go b/pkg/iac/adapters/terraform/google/sql/adapt_test.go index fa12a3e70a29..ad5d0347f049 100644 --- a/pkg/iac/adapters/terraform/google/sql/adapt_test.go +++ b/pkg/iac/adapters/terraform/google/sql/adapt_test.go @@ -3,11 +3,11 @@ package sql import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/google/sql" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/sql" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/google/storage/adapt.go b/pkg/iac/adapters/terraform/google/storage/adapt.go index a927a0f6cd78..6e987718ff81 100644 --- a/pkg/iac/adapters/terraform/google/storage/adapt.go +++ b/pkg/iac/adapters/terraform/google/storage/adapt.go @@ -1,9 +1,9 @@ package storage import ( - "github.com/aquasecurity/defsec/pkg/providers/google/storage" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/storage" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) storage.Storage { diff --git a/pkg/iac/adapters/terraform/google/storage/adapt_test.go b/pkg/iac/adapters/terraform/google/storage/adapt_test.go index 2d486b0a44a6..c5f914fd2851 100644 --- a/pkg/iac/adapters/terraform/google/storage/adapt_test.go +++ b/pkg/iac/adapters/terraform/google/storage/adapt_test.go @@ -3,12 +3,12 @@ package storage import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/google/iam" - "github.com/aquasecurity/defsec/pkg/providers/google/storage" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/iam" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/storage" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/adapters/terraform/google/storage/iam.go b/pkg/iac/adapters/terraform/google/storage/iam.go index 55d1e928e6d4..be399304b168 100644 --- a/pkg/iac/adapters/terraform/google/storage/iam.go +++ b/pkg/iac/adapters/terraform/google/storage/iam.go @@ -1,8 +1,8 @@ package storage import ( - iamTypes "github.com/aquasecurity/defsec/pkg/providers/google/iam" iam2 "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/google/iam" + iamTypes "github.com/aquasecurity/trivy/pkg/iac/providers/google/iam" ) type parentedBinding struct { diff --git a/pkg/iac/adapters/terraform/kubernetes/adapt.go b/pkg/iac/adapters/terraform/kubernetes/adapt.go index ffe03ee5656c..52eed9db4052 100644 --- a/pkg/iac/adapters/terraform/kubernetes/adapt.go +++ b/pkg/iac/adapters/terraform/kubernetes/adapt.go @@ -4,8 +4,8 @@ import ( "regexp" "strings" - "github.com/aquasecurity/defsec/pkg/providers/kubernetes" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/kubernetes" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) var versionRegex = regexp.MustCompile(`^v\d+(beta\d+)?$`) diff --git a/pkg/iac/adapters/terraform/nifcloud/computing/adapt.go b/pkg/iac/adapters/terraform/nifcloud/computing/adapt.go index e58f4e2bb59e..399f492ba4e7 100644 --- a/pkg/iac/adapters/terraform/nifcloud/computing/adapt.go +++ b/pkg/iac/adapters/terraform/nifcloud/computing/adapt.go @@ -1,8 +1,8 @@ package computing import ( - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/computing" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/computing" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) computing.Computing { diff --git a/pkg/iac/adapters/terraform/nifcloud/computing/instance.go b/pkg/iac/adapters/terraform/nifcloud/computing/instance.go index afb91e58f1fb..ebbce94439dd 100644 --- a/pkg/iac/adapters/terraform/nifcloud/computing/instance.go +++ b/pkg/iac/adapters/terraform/nifcloud/computing/instance.go @@ -1,8 +1,8 @@ package computing import ( - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/computing" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/computing" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func adaptInstances(modules terraform.Modules) []computing.Instance { diff --git a/pkg/iac/adapters/terraform/nifcloud/computing/instance_test.go b/pkg/iac/adapters/terraform/nifcloud/computing/instance_test.go index c017649e3904..477eb6f72923 100644 --- a/pkg/iac/adapters/terraform/nifcloud/computing/instance_test.go +++ b/pkg/iac/adapters/terraform/nifcloud/computing/instance_test.go @@ -3,11 +3,11 @@ package computing import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/computing" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/computing" ) func Test_adaptInstances(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/nifcloud/computing/security_group.go b/pkg/iac/adapters/terraform/nifcloud/computing/security_group.go index 575a02dd5723..21fb8cb6c37f 100644 --- a/pkg/iac/adapters/terraform/nifcloud/computing/security_group.go +++ b/pkg/iac/adapters/terraform/nifcloud/computing/security_group.go @@ -1,9 +1,9 @@ package computing import ( - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/computing" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/computing" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type sgAdapter struct { diff --git a/pkg/iac/adapters/terraform/nifcloud/computing/security_group_test.go b/pkg/iac/adapters/terraform/nifcloud/computing/security_group_test.go index cd8767b0d606..bf5f705e423c 100644 --- a/pkg/iac/adapters/terraform/nifcloud/computing/security_group_test.go +++ b/pkg/iac/adapters/terraform/nifcloud/computing/security_group_test.go @@ -3,11 +3,11 @@ package computing import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/computing" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/computing" ) func Test_adaptSecurityGroups(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/nifcloud/dns/adapt.go b/pkg/iac/adapters/terraform/nifcloud/dns/adapt.go index 5abe9697a8a7..c1118e98ef23 100644 --- a/pkg/iac/adapters/terraform/nifcloud/dns/adapt.go +++ b/pkg/iac/adapters/terraform/nifcloud/dns/adapt.go @@ -1,8 +1,8 @@ package dns import ( - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/dns" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/dns" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) dns.DNS { diff --git a/pkg/iac/adapters/terraform/nifcloud/dns/record.go b/pkg/iac/adapters/terraform/nifcloud/dns/record.go index c0fdcc010a78..84e61889cac0 100644 --- a/pkg/iac/adapters/terraform/nifcloud/dns/record.go +++ b/pkg/iac/adapters/terraform/nifcloud/dns/record.go @@ -1,8 +1,8 @@ package dns import ( - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/dns" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/dns" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func adaptRecords(modules terraform.Modules) []dns.Record { diff --git a/pkg/iac/adapters/terraform/nifcloud/dns/record_test.go b/pkg/iac/adapters/terraform/nifcloud/dns/record_test.go index 16a5513c8c3b..ef4b172b0f19 100644 --- a/pkg/iac/adapters/terraform/nifcloud/dns/record_test.go +++ b/pkg/iac/adapters/terraform/nifcloud/dns/record_test.go @@ -3,10 +3,10 @@ package dns import ( "testing" - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/dns" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/dns" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Test_adaptRecords(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/nifcloud/nas/adapt.go b/pkg/iac/adapters/terraform/nifcloud/nas/adapt.go index 615eac7a8df6..c1b60fc551e2 100644 --- a/pkg/iac/adapters/terraform/nifcloud/nas/adapt.go +++ b/pkg/iac/adapters/terraform/nifcloud/nas/adapt.go @@ -1,8 +1,8 @@ package nas import ( - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/nas" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/nas" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) nas.NAS { diff --git a/pkg/iac/adapters/terraform/nifcloud/nas/nas_instance.go b/pkg/iac/adapters/terraform/nifcloud/nas/nas_instance.go index e8558c5f42b5..e04024f0c4dd 100644 --- a/pkg/iac/adapters/terraform/nifcloud/nas/nas_instance.go +++ b/pkg/iac/adapters/terraform/nifcloud/nas/nas_instance.go @@ -1,8 +1,8 @@ package nas import ( - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/nas" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/nas" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func adaptNASInstances(modules terraform.Modules) []nas.NASInstance { diff --git a/pkg/iac/adapters/terraform/nifcloud/nas/nas_instance_test.go b/pkg/iac/adapters/terraform/nifcloud/nas/nas_instance_test.go index ab0ab4cbd52f..abbd7918ee41 100644 --- a/pkg/iac/adapters/terraform/nifcloud/nas/nas_instance_test.go +++ b/pkg/iac/adapters/terraform/nifcloud/nas/nas_instance_test.go @@ -3,11 +3,11 @@ package nas import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/nas" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/nas" ) func Test_adaptNASInstances(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/nifcloud/nas/nas_security_group.go b/pkg/iac/adapters/terraform/nifcloud/nas/nas_security_group.go index e7dfd593d8dd..0e97e1109304 100644 --- a/pkg/iac/adapters/terraform/nifcloud/nas/nas_security_group.go +++ b/pkg/iac/adapters/terraform/nifcloud/nas/nas_security_group.go @@ -1,9 +1,9 @@ package nas import ( - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/nas" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/nas" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptNASSecurityGroups(modules terraform.Modules) []nas.NASSecurityGroup { diff --git a/pkg/iac/adapters/terraform/nifcloud/nas/nas_security_group_test.go b/pkg/iac/adapters/terraform/nifcloud/nas/nas_security_group_test.go index 7d83c2d0b156..91510fb6b872 100644 --- a/pkg/iac/adapters/terraform/nifcloud/nas/nas_security_group_test.go +++ b/pkg/iac/adapters/terraform/nifcloud/nas/nas_security_group_test.go @@ -3,11 +3,11 @@ package nas import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/nas" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/nas" ) func Test_adaptNASSecurityGroups(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/nifcloud/network/adapt.go b/pkg/iac/adapters/terraform/nifcloud/network/adapt.go index 4c1c10acd1b9..b3006abcd1d8 100644 --- a/pkg/iac/adapters/terraform/nifcloud/network/adapt.go +++ b/pkg/iac/adapters/terraform/nifcloud/network/adapt.go @@ -1,8 +1,8 @@ package network import ( - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/network" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/network" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) network.Network { diff --git a/pkg/iac/adapters/terraform/nifcloud/network/elastic_load_balancer.go b/pkg/iac/adapters/terraform/nifcloud/network/elastic_load_balancer.go index efe3c510fbc3..89478aadea6e 100644 --- a/pkg/iac/adapters/terraform/nifcloud/network/elastic_load_balancer.go +++ b/pkg/iac/adapters/terraform/nifcloud/network/elastic_load_balancer.go @@ -1,8 +1,8 @@ package network import ( - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/network" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/network" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func adaptElasticLoadBalancers(modules terraform.Modules) []network.ElasticLoadBalancer { diff --git a/pkg/iac/adapters/terraform/nifcloud/network/elastic_load_balancer_test.go b/pkg/iac/adapters/terraform/nifcloud/network/elastic_load_balancer_test.go index 0ea5c6aaa57a..b5a4496f38cf 100644 --- a/pkg/iac/adapters/terraform/nifcloud/network/elastic_load_balancer_test.go +++ b/pkg/iac/adapters/terraform/nifcloud/network/elastic_load_balancer_test.go @@ -3,10 +3,10 @@ package network import ( "testing" - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/network" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/network" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Test_adaptElasticLoadBalancers(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/nifcloud/network/load_balancer.go b/pkg/iac/adapters/terraform/nifcloud/network/load_balancer.go index 0e27c58d377b..3113e2cc56eb 100644 --- a/pkg/iac/adapters/terraform/nifcloud/network/load_balancer.go +++ b/pkg/iac/adapters/terraform/nifcloud/network/load_balancer.go @@ -1,9 +1,9 @@ package network import ( - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/network" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/network" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptLoadBalancers(modules terraform.Modules) []network.LoadBalancer { diff --git a/pkg/iac/adapters/terraform/nifcloud/network/load_balancer_test.go b/pkg/iac/adapters/terraform/nifcloud/network/load_balancer_test.go index 0a60d1bb2400..623528e4724f 100644 --- a/pkg/iac/adapters/terraform/nifcloud/network/load_balancer_test.go +++ b/pkg/iac/adapters/terraform/nifcloud/network/load_balancer_test.go @@ -3,10 +3,10 @@ package network import ( "testing" - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/network" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/network" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Test_adaptLoadBalancers(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/nifcloud/network/router.go b/pkg/iac/adapters/terraform/nifcloud/network/router.go index 6804820381d0..d75595279d7d 100644 --- a/pkg/iac/adapters/terraform/nifcloud/network/router.go +++ b/pkg/iac/adapters/terraform/nifcloud/network/router.go @@ -1,9 +1,9 @@ package network import ( - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/network" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/network" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptRouters(modules terraform.Modules) []network.Router { diff --git a/pkg/iac/adapters/terraform/nifcloud/network/router_test.go b/pkg/iac/adapters/terraform/nifcloud/network/router_test.go index eb994802b63f..bdfa52200588 100644 --- a/pkg/iac/adapters/terraform/nifcloud/network/router_test.go +++ b/pkg/iac/adapters/terraform/nifcloud/network/router_test.go @@ -3,10 +3,10 @@ package network import ( "testing" - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/network" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/network" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Test_adaptRouters(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/nifcloud/network/vpn_gateway.go b/pkg/iac/adapters/terraform/nifcloud/network/vpn_gateway.go index ca607a646ea0..dcb6812a1ef7 100644 --- a/pkg/iac/adapters/terraform/nifcloud/network/vpn_gateway.go +++ b/pkg/iac/adapters/terraform/nifcloud/network/vpn_gateway.go @@ -1,8 +1,8 @@ package network import ( - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/network" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/network" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func adaptVpnGateways(modules terraform.Modules) []network.VpnGateway { diff --git a/pkg/iac/adapters/terraform/nifcloud/network/vpn_gateway_test.go b/pkg/iac/adapters/terraform/nifcloud/network/vpn_gateway_test.go index 51bfa246df35..f949da00eaa0 100644 --- a/pkg/iac/adapters/terraform/nifcloud/network/vpn_gateway_test.go +++ b/pkg/iac/adapters/terraform/nifcloud/network/vpn_gateway_test.go @@ -3,10 +3,10 @@ package network import ( "testing" - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/network" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/network" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Test_adaptVpnGateways(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/nifcloud/nifcloud.go b/pkg/iac/adapters/terraform/nifcloud/nifcloud.go index e456188805f5..5f17fe6b235c 100644 --- a/pkg/iac/adapters/terraform/nifcloud/nifcloud.go +++ b/pkg/iac/adapters/terraform/nifcloud/nifcloud.go @@ -1,14 +1,14 @@ package nifcloud import ( - "github.com/aquasecurity/defsec/pkg/providers/nifcloud" - "github.com/aquasecurity/defsec/pkg/terraform" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/nifcloud/computing" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/nifcloud/dns" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/nifcloud/nas" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/nifcloud/network" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/nifcloud/rdb" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/nifcloud/sslcertificate" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) nifcloud.Nifcloud { diff --git a/pkg/iac/adapters/terraform/nifcloud/rdb/adapt.go b/pkg/iac/adapters/terraform/nifcloud/rdb/adapt.go index 8c249b09b212..fd35b2236187 100644 --- a/pkg/iac/adapters/terraform/nifcloud/rdb/adapt.go +++ b/pkg/iac/adapters/terraform/nifcloud/rdb/adapt.go @@ -1,8 +1,8 @@ package rdb import ( - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/rdb" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/rdb" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) rdb.RDB { diff --git a/pkg/iac/adapters/terraform/nifcloud/rdb/db_instance.go b/pkg/iac/adapters/terraform/nifcloud/rdb/db_instance.go index 90662cb8a4ed..69757e41e9a2 100644 --- a/pkg/iac/adapters/terraform/nifcloud/rdb/db_instance.go +++ b/pkg/iac/adapters/terraform/nifcloud/rdb/db_instance.go @@ -1,8 +1,8 @@ package rdb import ( - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/rdb" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/rdb" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func adaptDBInstances(modules terraform.Modules) []rdb.DBInstance { diff --git a/pkg/iac/adapters/terraform/nifcloud/rdb/db_instance_test.go b/pkg/iac/adapters/terraform/nifcloud/rdb/db_instance_test.go index 4d19c9ffb4fa..aec5edea71d8 100644 --- a/pkg/iac/adapters/terraform/nifcloud/rdb/db_instance_test.go +++ b/pkg/iac/adapters/terraform/nifcloud/rdb/db_instance_test.go @@ -3,11 +3,11 @@ package rdb import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/rdb" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/rdb" ) func Test_adaptDBInstances(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/nifcloud/rdb/db_security_group.go b/pkg/iac/adapters/terraform/nifcloud/rdb/db_security_group.go index 4e476c31176d..74992a52cde0 100644 --- a/pkg/iac/adapters/terraform/nifcloud/rdb/db_security_group.go +++ b/pkg/iac/adapters/terraform/nifcloud/rdb/db_security_group.go @@ -1,9 +1,9 @@ package rdb import ( - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/rdb" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/rdb" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptDBSecurityGroups(modules terraform.Modules) []rdb.DBSecurityGroup { diff --git a/pkg/iac/adapters/terraform/nifcloud/rdb/db_security_group_test.go b/pkg/iac/adapters/terraform/nifcloud/rdb/db_security_group_test.go index 236372faed42..5f4d2291f63f 100644 --- a/pkg/iac/adapters/terraform/nifcloud/rdb/db_security_group_test.go +++ b/pkg/iac/adapters/terraform/nifcloud/rdb/db_security_group_test.go @@ -3,11 +3,11 @@ package rdb import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/rdb" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/rdb" ) func Test_adaptDBSecurityGroups(t *testing.T) { diff --git a/pkg/iac/adapters/terraform/nifcloud/sslcertificate/adapt.go b/pkg/iac/adapters/terraform/nifcloud/sslcertificate/adapt.go index 31673c121493..1f1391397a12 100644 --- a/pkg/iac/adapters/terraform/nifcloud/sslcertificate/adapt.go +++ b/pkg/iac/adapters/terraform/nifcloud/sslcertificate/adapt.go @@ -1,8 +1,8 @@ package sslcertificate import ( - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/sslcertificate" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/sslcertificate" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) sslcertificate.SSLCertificate { diff --git a/pkg/iac/adapters/terraform/nifcloud/sslcertificate/server_certificate.go b/pkg/iac/adapters/terraform/nifcloud/sslcertificate/server_certificate.go index c90570cee9ea..372815cf9648 100644 --- a/pkg/iac/adapters/terraform/nifcloud/sslcertificate/server_certificate.go +++ b/pkg/iac/adapters/terraform/nifcloud/sslcertificate/server_certificate.go @@ -4,9 +4,9 @@ import ( "crypto/x509" "encoding/pem" - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/sslcertificate" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/sslcertificate" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptServerCertificates(modules terraform.Modules) []sslcertificate.ServerCertificate { diff --git a/pkg/iac/adapters/terraform/nifcloud/sslcertificate/server_certificate_test.go b/pkg/iac/adapters/terraform/nifcloud/sslcertificate/server_certificate_test.go index 6535f9058cad..53987d3a3149 100644 --- a/pkg/iac/adapters/terraform/nifcloud/sslcertificate/server_certificate_test.go +++ b/pkg/iac/adapters/terraform/nifcloud/sslcertificate/server_certificate_test.go @@ -4,10 +4,10 @@ import ( "testing" "time" - "github.com/aquasecurity/defsec/pkg/providers/nifcloud/sslcertificate" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/sslcertificate" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) const certificate = ` diff --git a/pkg/iac/adapters/terraform/openstack/adapt.go b/pkg/iac/adapters/terraform/openstack/adapt.go index a821196a02ad..86da3787178f 100644 --- a/pkg/iac/adapters/terraform/openstack/adapt.go +++ b/pkg/iac/adapters/terraform/openstack/adapt.go @@ -1,8 +1,8 @@ package openstack import ( - "github.com/aquasecurity/defsec/pkg/providers/openstack" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/openstack" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) openstack.OpenStack { diff --git a/pkg/iac/adapters/terraform/openstack/adapt_test.go b/pkg/iac/adapters/terraform/openstack/adapt_test.go index 34334c2a27af..10616df1bfe3 100644 --- a/pkg/iac/adapters/terraform/openstack/adapt_test.go +++ b/pkg/iac/adapters/terraform/openstack/adapt_test.go @@ -3,11 +3,11 @@ package openstack import ( "testing" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/openstack" + "github.com/aquasecurity/trivy/pkg/iac/providers/openstack" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/adapters/terraform/openstack/networking.go b/pkg/iac/adapters/terraform/openstack/networking.go index dd56a82b2d1d..e99ff4c5bd14 100644 --- a/pkg/iac/adapters/terraform/openstack/networking.go +++ b/pkg/iac/adapters/terraform/openstack/networking.go @@ -3,9 +3,9 @@ package openstack import ( "github.com/google/uuid" - "github.com/aquasecurity/defsec/pkg/providers/openstack" - "github.com/aquasecurity/defsec/pkg/terraform" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/openstack" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptNetworking(modules terraform.Modules) openstack.Networking { diff --git a/pkg/iac/adapters/terraform/oracle/adapt.go b/pkg/iac/adapters/terraform/oracle/adapt.go index 97284dccf23a..7ec8c91fcdc3 100644 --- a/pkg/iac/adapters/terraform/oracle/adapt.go +++ b/pkg/iac/adapters/terraform/oracle/adapt.go @@ -1,8 +1,8 @@ package oracle import ( - "github.com/aquasecurity/defsec/pkg/providers/oracle" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers/oracle" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Adapt(modules terraform.Modules) oracle.Oracle { diff --git a/pkg/iac/adapters/terraform/tftestutil/testutil.go b/pkg/iac/adapters/terraform/tftestutil/testutil.go index 1e5ff0f03caf..5503bfac5b99 100644 --- a/pkg/iac/adapters/terraform/tftestutil/testutil.go +++ b/pkg/iac/adapters/terraform/tftestutil/testutil.go @@ -4,9 +4,9 @@ import ( "context" "testing" - "github.com/aquasecurity/defsec/pkg/terraform" "github.com/aquasecurity/trivy/internal/testutil" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/parser" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func CreateModulesFromSource(t *testing.T, source, ext string) terraform.Modules { diff --git a/pkg/iac/debug/cgo_disabled.go b/pkg/iac/debug/cgo_disabled.go new file mode 100644 index 000000000000..e994a4dc79fa --- /dev/null +++ b/pkg/iac/debug/cgo_disabled.go @@ -0,0 +1,5 @@ +//go:build !cgo + +package debug + +const cgoEnabled = false diff --git a/pkg/iac/debug/cgo_enabled.go b/pkg/iac/debug/cgo_enabled.go new file mode 100644 index 000000000000..afa840a615b4 --- /dev/null +++ b/pkg/iac/debug/cgo_enabled.go @@ -0,0 +1,5 @@ +//go:build cgo + +package debug + +const cgoEnabled = true diff --git a/pkg/iac/debug/debug.go b/pkg/iac/debug/debug.go new file mode 100644 index 000000000000..bd96be1656b5 --- /dev/null +++ b/pkg/iac/debug/debug.go @@ -0,0 +1,91 @@ +package debug + +import ( + "fmt" + "io" + "os" + "path/filepath" + "runtime" + "strings" + "time" +) + +const timeFormat = "04:05.000000000" + +type Logger struct { + writer io.Writer + prefix string +} + +func New(w io.Writer, parts ...string) Logger { + return Logger{ + writer: w, + prefix: strings.Join(parts, "."), + } +} + +func (l *Logger) Extend(parts ...string) Logger { + return Logger{ + writer: l.writer, + prefix: strings.Join(append([]string{l.prefix}, parts...), "."), + } +} + +func (l *Logger) Log(format string, args ...interface{}) { + if l.writer == nil { + return + } + message := fmt.Sprintf(format, args...) + line := fmt.Sprintf("%s %-32s %s\n", time.Now().Format(timeFormat), l.prefix, message) + _, _ = l.writer.Write([]byte(line)) +} + +func LogSystemInfo(w io.Writer, appVersion string) { + if w == nil { + return + } + sys := New(w, "system", "info") + var appName string + if path, err := os.Executable(); err != nil { + if len(os.Args) > 0 { + appName = os.Args[0] + } + } else { + appName = filepath.Base(path) + } + + wd, _ := os.Getwd() + hostname, _ := os.Hostname() + + var inDocker bool + if _, err := os.Stat("/.dockerenv"); err == nil || !os.IsNotExist(err) { + inDocker = true + } + + var kernelInfo string + if data, err := os.ReadFile("/proc/version"); err == nil { + kernelInfo = strings.TrimSpace(string(data)) + } + + sys.Log("APP %s", appName) + sys.Log("VERSION %s", appVersion) + sys.Log("OS %s", runtime.GOOS) + sys.Log("ARCH %s", runtime.GOARCH) + sys.Log("KERNEL %s", kernelInfo) + sys.Log("TERM %s", os.Getenv("TERM")) + sys.Log("SHELL %s", os.Getenv("SHELL")) + sys.Log("GOVERSION %s", runtime.Version()) + sys.Log("GOROOT %s", runtime.GOROOT()) + sys.Log("CGO %t", cgoEnabled) + sys.Log("CPUCOUNT %d", runtime.NumCPU()) + sys.Log("MAXPROCS %d", runtime.GOMAXPROCS(0)) + sys.Log("WORKDIR %s", wd) + sys.Log("UID %d", os.Getuid()) + sys.Log("EUID %d", os.Geteuid()) + sys.Log("DOCKER %t", inDocker) + sys.Log("CI %t", os.Getenv("CI") != "") + sys.Log("HOSTNAME %s", hostname) + sys.Log("TEMP %s", os.TempDir()) + sys.Log("PATHSEP %c", filepath.Separator) + sys.Log("CMD %s", strings.Join(os.Args, " ")) +} diff --git a/pkg/iac/detection/detect.go b/pkg/iac/detection/detect.go index 9050a735172a..40cd4ce98ee2 100644 --- a/pkg/iac/detection/detect.go +++ b/pkg/iac/detection/detect.go @@ -9,8 +9,8 @@ import ( "gopkg.in/yaml.v3" - "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure/arm/parser/armjson" + "github.com/aquasecurity/trivy/pkg/iac/types" ) type FileType string diff --git a/pkg/iac/framework/frameworks.go b/pkg/iac/framework/frameworks.go new file mode 100644 index 000000000000..82f43947d568 --- /dev/null +++ b/pkg/iac/framework/frameworks.go @@ -0,0 +1,11 @@ +package framework + +type Framework string + +const ( + Default Framework = "default" + Experimental Framework = "experimental" + CIS_AWS_1_2 Framework = "cis-aws-1.2" + CIS_AWS_1_4 Framework = "cis-aws-1.4" + ALL Framework = "all" +) diff --git a/pkg/iac/providers/aws/accessanalyzer/aa.go b/pkg/iac/providers/aws/accessanalyzer/aa.go new file mode 100644 index 000000000000..66be31561d04 --- /dev/null +++ b/pkg/iac/providers/aws/accessanalyzer/aa.go @@ -0,0 +1,19 @@ +package accessanalyzer + +import "github.com/aquasecurity/trivy/pkg/iac/types" + +type AccessAnalyzer struct { + Analyzers []Analyzer +} + +type Analyzer struct { + Metadata types.Metadata + ARN types.StringValue + Name types.StringValue + Active types.BoolValue + Findings []Findings +} + +type Findings struct { + Metadata types.Metadata +} diff --git a/pkg/iac/providers/aws/apigateway/ag.go b/pkg/iac/providers/aws/apigateway/ag.go new file mode 100644 index 000000000000..d87a9b364ee8 --- /dev/null +++ b/pkg/iac/providers/aws/apigateway/ag.go @@ -0,0 +1,11 @@ +package apigateway + +import ( + v1 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v1" + v2 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v2" +) + +type APIGateway struct { + V1 v1.APIGateway + V2 v2.APIGateway +} diff --git a/pkg/iac/providers/aws/apigateway/v1/apigateway.go b/pkg/iac/providers/aws/apigateway/v1/apigateway.go new file mode 100755 index 000000000000..50687e6ae4ff --- /dev/null +++ b/pkg/iac/providers/aws/apigateway/v1/apigateway.go @@ -0,0 +1,62 @@ +package v1 + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type APIGateway struct { + APIs []API + DomainNames []DomainName +} + +type API struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + Stages []Stage + Resources []Resource +} + +type Stage struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + AccessLogging AccessLogging + XRayTracingEnabled defsecTypes.BoolValue + RESTMethodSettings []RESTMethodSettings +} + +type Resource struct { + Metadata defsecTypes.Metadata + Methods []Method +} + +type AccessLogging struct { + Metadata defsecTypes.Metadata + CloudwatchLogGroupARN defsecTypes.StringValue +} + +type RESTMethodSettings struct { + Metadata defsecTypes.Metadata + Method defsecTypes.StringValue + CacheDataEncrypted defsecTypes.BoolValue + CacheEnabled defsecTypes.BoolValue +} + +const ( + AuthorizationNone = "NONE" + AuthorizationCustom = "CUSTOM" + AuthorizationIAM = "AWS_IAM" + AuthorizationCognitoUserPools = "COGNITO_USER_POOLS" +) + +type Method struct { + Metadata defsecTypes.Metadata + HTTPMethod defsecTypes.StringValue + AuthorizationType defsecTypes.StringValue + APIKeyRequired defsecTypes.BoolValue +} + +type DomainName struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + SecurityPolicy defsecTypes.StringValue +} diff --git a/pkg/iac/providers/aws/apigateway/v2/apigateway.go b/pkg/iac/providers/aws/apigateway/v2/apigateway.go new file mode 100755 index 000000000000..44a6ab8d45af --- /dev/null +++ b/pkg/iac/providers/aws/apigateway/v2/apigateway.go @@ -0,0 +1,41 @@ +package v2 + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type APIGateway struct { + APIs []API + DomainNames []DomainName +} + +const ( + ProtocolTypeUnknown string = "" + ProtocolTypeREST string = "REST" + ProtocolTypeHTTP string = "HTTP" + ProtocolTypeWebsocket string = "WEBSOCKET" +) + +type API struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + ProtocolType defsecTypes.StringValue + Stages []Stage +} + +type Stage struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + AccessLogging AccessLogging +} + +type AccessLogging struct { + Metadata defsecTypes.Metadata + CloudwatchLogGroupARN defsecTypes.StringValue +} + +type DomainName struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + SecurityPolicy defsecTypes.StringValue +} diff --git a/pkg/iac/providers/aws/athena/athena.go b/pkg/iac/providers/aws/athena/athena.go new file mode 100755 index 000000000000..80eb56332e54 --- /dev/null +++ b/pkg/iac/providers/aws/athena/athena.go @@ -0,0 +1,35 @@ +package athena + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Athena struct { + Databases []Database + Workgroups []Workgroup +} + +type Database struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + Encryption EncryptionConfiguration +} + +type Workgroup struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + Encryption EncryptionConfiguration + EnforceConfiguration defsecTypes.BoolValue +} + +const ( + EncryptionTypeNone = "" + EncryptionTypeSSES3 = "SSE_S3" + EncryptionTypeSSEKMS = "SSE_KMS" + EncryptionTypeCSEKMS = "CSE_KMS" +) + +type EncryptionConfiguration struct { + Metadata defsecTypes.Metadata + Type defsecTypes.StringValue +} diff --git a/pkg/iac/providers/aws/aws.go b/pkg/iac/providers/aws/aws.go new file mode 100755 index 000000000000..15c80a84afa7 --- /dev/null +++ b/pkg/iac/providers/aws/aws.go @@ -0,0 +1,80 @@ +package aws + +import ( + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/accessanalyzer" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/athena" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudfront" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudtrail" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudwatch" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/codebuild" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/config" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/documentdb" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/dynamodb" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ecr" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ecs" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/efs" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/eks" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elasticache" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elasticsearch" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elb" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/emr" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/kinesis" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/kms" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/lambda" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/mq" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/msk" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/neptune" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/rds" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/redshift" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/s3" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sam" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sns" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sqs" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ssm" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/workspaces" +) + +type AWS struct { + Meta Meta + AccessAnalyzer accessanalyzer.AccessAnalyzer + APIGateway apigateway.APIGateway + Athena athena.Athena + Cloudfront cloudfront.Cloudfront + CloudTrail cloudtrail.CloudTrail + CloudWatch cloudwatch.CloudWatch + CodeBuild codebuild.CodeBuild + Config config.Config + DocumentDB documentdb.DocumentDB + DynamoDB dynamodb.DynamoDB + EC2 ec2.EC2 + ECR ecr.ECR + ECS ecs.ECS + EFS efs.EFS + EKS eks.EKS + ElastiCache elasticache.ElastiCache + Elasticsearch elasticsearch.Elasticsearch + ELB elb.ELB + EMR emr.EMR + IAM iam.IAM + Kinesis kinesis.Kinesis + KMS kms.KMS + Lambda lambda.Lambda + MQ mq.MQ + MSK msk.MSK + Neptune neptune.Neptune + RDS rds.RDS + Redshift redshift.Redshift + SAM sam.SAM + S3 s3.S3 + SNS sns.SNS + SQS sqs.SQS + SSM ssm.SSM + WorkSpaces workspaces.WorkSpaces +} + +type Meta struct { + TFProviders []TerraformProvider +} diff --git a/pkg/iac/providers/aws/cloudfront/cloudfront.go b/pkg/iac/providers/aws/cloudfront/cloudfront.go new file mode 100755 index 000000000000..806ec20cc5be --- /dev/null +++ b/pkg/iac/providers/aws/cloudfront/cloudfront.go @@ -0,0 +1,45 @@ +package cloudfront + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Cloudfront struct { + Distributions []Distribution +} + +type Distribution struct { + Metadata defsecTypes.Metadata + WAFID defsecTypes.StringValue + Logging Logging + DefaultCacheBehaviour CacheBehaviour + OrdererCacheBehaviours []CacheBehaviour + ViewerCertificate ViewerCertificate +} + +type Logging struct { + Metadata defsecTypes.Metadata + Bucket defsecTypes.StringValue +} + +type CacheBehaviour struct { + Metadata defsecTypes.Metadata + ViewerProtocolPolicy defsecTypes.StringValue +} + +const ( + ViewerPolicyProtocolAllowAll = "allow-all" + ViewerPolicyProtocolHTTPSOnly = "https-only" + ViewerPolicyProtocolRedirectToHTTPS = "redirect-to-https" +) + +const ( + ProtocolVersionTLS1_2 = "TLSv1.2_2021" +) + +type ViewerCertificate struct { + Metadata defsecTypes.Metadata + CloudfrontDefaultCertificate defsecTypes.BoolValue + SSLSupportMethod defsecTypes.StringValue + MinimumProtocolVersion defsecTypes.StringValue +} diff --git a/pkg/iac/providers/aws/cloudtrail/cloudtrail.go b/pkg/iac/providers/aws/cloudtrail/cloudtrail.go new file mode 100755 index 000000000000..defb29605955 --- /dev/null +++ b/pkg/iac/providers/aws/cloudtrail/cloudtrail.go @@ -0,0 +1,42 @@ +package cloudtrail + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type CloudTrail struct { + Trails []Trail +} + +func (c CloudTrail) MultiRegionTrails() (multiRegionTrails []Trail) { + for _, trail := range c.Trails { + if trail.IsMultiRegion.IsTrue() { + multiRegionTrails = append(multiRegionTrails, trail) + } + } + return multiRegionTrails +} + +type Trail struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + EnableLogFileValidation defsecTypes.BoolValue + IsMultiRegion defsecTypes.BoolValue + KMSKeyID defsecTypes.StringValue + CloudWatchLogsLogGroupArn defsecTypes.StringValue + IsLogging defsecTypes.BoolValue + BucketName defsecTypes.StringValue + EventSelectors []EventSelector +} + +type EventSelector struct { + Metadata defsecTypes.Metadata + DataResources []DataResource + ReadWriteType defsecTypes.StringValue // ReadOnly, WriteOnly, All. Default value is All for TF. +} + +type DataResource struct { + Metadata defsecTypes.Metadata + Type defsecTypes.StringValue // You can specify only the following value: "AWS::S3::Object", "AWS::Lambda::Function" and "AWS::DynamoDB::Table". + Values []defsecTypes.StringValue // List of ARNs/partial ARNs - e.g. arn:aws:s3:::/ for all objects in a bucket, arn:aws:s3:::/key for specific objects +} diff --git a/pkg/iac/providers/aws/cloudwatch/cloudwatch.go b/pkg/iac/providers/aws/cloudwatch/cloudwatch.go new file mode 100755 index 000000000000..664c031dccb7 --- /dev/null +++ b/pkg/iac/providers/aws/cloudwatch/cloudwatch.go @@ -0,0 +1,63 @@ +package cloudwatch + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type CloudWatch struct { + LogGroups []LogGroup + Alarms []Alarm +} + +func (w CloudWatch) GetLogGroupByArn(arn string) (logGroup *LogGroup) { + for _, logGroup := range w.LogGroups { + if logGroup.Arn.EqualTo(arn) { + return &logGroup + } + } + return nil +} + +func (w CloudWatch) GetAlarmByMetricName(metricName string) (alarm *Alarm) { + for _, alarm := range w.Alarms { + if alarm.MetricName.EqualTo(metricName) { + return &alarm + } + } + return nil +} + +type Alarm struct { + Metadata defsecTypes.Metadata + AlarmName defsecTypes.StringValue + MetricName defsecTypes.StringValue + Dimensions []AlarmDimension + Metrics []MetricDataQuery +} + +type AlarmDimension struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + Value defsecTypes.StringValue +} + +type MetricFilter struct { + Metadata defsecTypes.Metadata + FilterName defsecTypes.StringValue + FilterPattern defsecTypes.StringValue +} + +type MetricDataQuery struct { + Metadata defsecTypes.Metadata + Expression defsecTypes.StringValue + ID defsecTypes.StringValue +} + +type LogGroup struct { + Metadata defsecTypes.Metadata + Arn defsecTypes.StringValue + Name defsecTypes.StringValue + KMSKeyID defsecTypes.StringValue + RetentionInDays defsecTypes.IntValue + MetricFilters []MetricFilter +} diff --git a/pkg/iac/providers/aws/codebuild/codebuild.go b/pkg/iac/providers/aws/codebuild/codebuild.go new file mode 100755 index 000000000000..000dc644beaf --- /dev/null +++ b/pkg/iac/providers/aws/codebuild/codebuild.go @@ -0,0 +1,20 @@ +package codebuild + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type CodeBuild struct { + Projects []Project +} + +type Project struct { + Metadata defsecTypes.Metadata + ArtifactSettings ArtifactSettings + SecondaryArtifactSettings []ArtifactSettings +} + +type ArtifactSettings struct { + Metadata defsecTypes.Metadata + EncryptionEnabled defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/aws/config/config.go b/pkg/iac/providers/aws/config/config.go new file mode 100755 index 000000000000..cd35213477b5 --- /dev/null +++ b/pkg/iac/providers/aws/config/config.go @@ -0,0 +1,14 @@ +package config + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Config struct { + ConfigurationAggregrator ConfigurationAggregrator +} + +type ConfigurationAggregrator struct { + Metadata defsecTypes.Metadata + SourceAllRegions defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/aws/documentdb/documentdb.go b/pkg/iac/providers/aws/documentdb/documentdb.go new file mode 100755 index 000000000000..1c2aeacc1e4f --- /dev/null +++ b/pkg/iac/providers/aws/documentdb/documentdb.go @@ -0,0 +1,29 @@ +package documentdb + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type DocumentDB struct { + Clusters []Cluster +} + +const ( + LogExportAudit = "audit" + LogExportProfiler = "profiler" +) + +type Cluster struct { + Metadata defsecTypes.Metadata + Identifier defsecTypes.StringValue + EnabledLogExports []defsecTypes.StringValue + BackupRetentionPeriod defsecTypes.IntValue + Instances []Instance + StorageEncrypted defsecTypes.BoolValue + KMSKeyID defsecTypes.StringValue +} + +type Instance struct { + Metadata defsecTypes.Metadata + KMSKeyID defsecTypes.StringValue +} diff --git a/pkg/iac/providers/aws/dynamodb/dynamodb.go b/pkg/iac/providers/aws/dynamodb/dynamodb.go new file mode 100755 index 000000000000..ef25f205d79a --- /dev/null +++ b/pkg/iac/providers/aws/dynamodb/dynamodb.go @@ -0,0 +1,30 @@ +package dynamodb + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type DynamoDB struct { + DAXClusters []DAXCluster + Tables []Table +} + +type DAXCluster struct { + Metadata defsecTypes.Metadata + ServerSideEncryption ServerSideEncryption + PointInTimeRecovery defsecTypes.BoolValue +} + +type Table struct { + Metadata defsecTypes.Metadata + ServerSideEncryption ServerSideEncryption + PointInTimeRecovery defsecTypes.BoolValue +} + +type ServerSideEncryption struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue + KMSKeyID defsecTypes.StringValue +} + +const DefaultKMSKeyID = "alias/aws/dynamodb" diff --git a/pkg/iac/providers/aws/ec2/ec2.go b/pkg/iac/providers/aws/ec2/ec2.go new file mode 100755 index 000000000000..726e312f65aa --- /dev/null +++ b/pkg/iac/providers/aws/ec2/ec2.go @@ -0,0 +1,12 @@ +package ec2 + +type EC2 struct { + Instances []Instance + LaunchConfigurations []LaunchConfiguration + LaunchTemplates []LaunchTemplate + VPCs []VPC + SecurityGroups []SecurityGroup + NetworkACLs []NetworkACL + Subnets []Subnet + Volumes []Volume +} diff --git a/pkg/iac/providers/aws/ec2/instance.go b/pkg/iac/providers/aws/ec2/instance.go new file mode 100755 index 000000000000..c145f7f294ca --- /dev/null +++ b/pkg/iac/providers/aws/ec2/instance.go @@ -0,0 +1,54 @@ +package ec2 + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + "github.com/owenrumney/squealer/pkg/squealer" +) + +type Instance struct { + Metadata defsecTypes.Metadata + MetadataOptions MetadataOptions + UserData defsecTypes.StringValue + SecurityGroups []SecurityGroup + RootBlockDevice *BlockDevice + EBSBlockDevices []*BlockDevice +} + +type BlockDevice struct { + Metadata defsecTypes.Metadata + Encrypted defsecTypes.BoolValue +} + +type MetadataOptions struct { + Metadata defsecTypes.Metadata + HttpTokens defsecTypes.StringValue + HttpEndpoint defsecTypes.StringValue +} + +func NewInstance(metadata defsecTypes.Metadata) *Instance { + return &Instance{ + Metadata: metadata, + MetadataOptions: MetadataOptions{ + Metadata: metadata, + HttpTokens: defsecTypes.StringDefault("optional", metadata), + HttpEndpoint: defsecTypes.StringDefault("enabled", metadata), + }, + UserData: defsecTypes.StringDefault("", metadata), + SecurityGroups: []SecurityGroup{}, + RootBlockDevice: nil, + EBSBlockDevices: nil, + } +} + +func (i *Instance) RequiresIMDSToken() bool { + return i.MetadataOptions.HttpTokens.EqualTo("required") +} + +func (i *Instance) HasHTTPEndpointDisabled() bool { + return i.MetadataOptions.HttpEndpoint.EqualTo("disabled") +} + +func (i *Instance) HasSensitiveInformationInUserData() bool { + scanner := squealer.NewStringScanner() + return scanner.Scan(i.UserData.Value()).TransgressionFound +} diff --git a/pkg/iac/providers/aws/ec2/launch.go b/pkg/iac/providers/aws/ec2/launch.go new file mode 100644 index 000000000000..d4d724cbb082 --- /dev/null +++ b/pkg/iac/providers/aws/ec2/launch.go @@ -0,0 +1,29 @@ +package ec2 + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type LaunchConfiguration struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + AssociatePublicIP defsecTypes.BoolValue + RootBlockDevice *BlockDevice + EBSBlockDevices []*BlockDevice + MetadataOptions MetadataOptions + UserData defsecTypes.StringValue +} + +type LaunchTemplate struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + Instance +} + +func (i *LaunchConfiguration) RequiresIMDSToken() bool { + return i.MetadataOptions.HttpTokens.EqualTo("required") +} + +func (i *LaunchConfiguration) HasHTTPEndpointDisabled() bool { + return i.MetadataOptions.HttpEndpoint.EqualTo("disabled") +} diff --git a/pkg/iac/providers/aws/ec2/subnet.go b/pkg/iac/providers/aws/ec2/subnet.go new file mode 100644 index 000000000000..0def21e96152 --- /dev/null +++ b/pkg/iac/providers/aws/ec2/subnet.go @@ -0,0 +1,10 @@ +package ec2 + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Subnet struct { + Metadata defsecTypes.Metadata + MapPublicIpOnLaunch defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/aws/ec2/volume.go b/pkg/iac/providers/aws/ec2/volume.go new file mode 100644 index 000000000000..adaaff89e340 --- /dev/null +++ b/pkg/iac/providers/aws/ec2/volume.go @@ -0,0 +1,16 @@ +package ec2 + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Volume struct { + Metadata defsecTypes.Metadata + Encryption Encryption +} + +type Encryption struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue + KMSKeyID defsecTypes.StringValue +} diff --git a/pkg/iac/providers/aws/ec2/vpc.go b/pkg/iac/providers/aws/ec2/vpc.go new file mode 100644 index 000000000000..0d78e9774fde --- /dev/null +++ b/pkg/iac/providers/aws/ec2/vpc.go @@ -0,0 +1,52 @@ +package ec2 + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type NetworkACL struct { + Metadata defsecTypes.Metadata + Rules []NetworkACLRule + IsDefaultRule defsecTypes.BoolValue +} + +type SecurityGroup struct { + Metadata defsecTypes.Metadata + IsDefault defsecTypes.BoolValue + Description defsecTypes.StringValue + IngressRules []SecurityGroupRule + EgressRules []SecurityGroupRule + VPCID defsecTypes.StringValue +} + +type SecurityGroupRule struct { + Metadata defsecTypes.Metadata + Description defsecTypes.StringValue + CIDRs []defsecTypes.StringValue +} + +type VPC struct { + Metadata defsecTypes.Metadata + ID defsecTypes.StringValue + IsDefault defsecTypes.BoolValue + SecurityGroups []SecurityGroup + FlowLogsEnabled defsecTypes.BoolValue +} + +const ( + TypeIngress = "ingress" + TypeEgress = "egress" +) + +const ( + ActionAllow = "allow" + ActionDeny = "deny" +) + +type NetworkACLRule struct { + Metadata defsecTypes.Metadata + Type defsecTypes.StringValue + Action defsecTypes.StringValue + Protocol defsecTypes.StringValue + CIDRs []defsecTypes.StringValue +} diff --git a/pkg/iac/providers/aws/ecr/ecr.go b/pkg/iac/providers/aws/ecr/ecr.go new file mode 100755 index 000000000000..f1416794b20a --- /dev/null +++ b/pkg/iac/providers/aws/ecr/ecr.go @@ -0,0 +1,34 @@ +package ecr + +import ( + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type ECR struct { + Repositories []Repository +} + +type Repository struct { + Metadata defsecTypes.Metadata + ImageScanning ImageScanning + ImageTagsImmutable defsecTypes.BoolValue + Policies []iam.Policy + Encryption Encryption +} + +type ImageScanning struct { + Metadata defsecTypes.Metadata + ScanOnPush defsecTypes.BoolValue +} + +const ( + EncryptionTypeKMS = "KMS" + EncryptionTypeAES256 = "AES256" +) + +type Encryption struct { + Metadata defsecTypes.Metadata + Type defsecTypes.StringValue + KMSKeyID defsecTypes.StringValue +} diff --git a/pkg/iac/providers/aws/ecs/ecs.go b/pkg/iac/providers/aws/ecs/ecs.go new file mode 100755 index 000000000000..b52c8de16956 --- /dev/null +++ b/pkg/iac/providers/aws/ecs/ecs.go @@ -0,0 +1,119 @@ +package ecs + +import ( + "encoding/json" + + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type ECS struct { + Clusters []Cluster + TaskDefinitions []TaskDefinition +} + +type Cluster struct { + Metadata defsecTypes.Metadata + Settings ClusterSettings +} + +type ClusterSettings struct { + Metadata defsecTypes.Metadata + ContainerInsightsEnabled defsecTypes.BoolValue +} + +type TaskDefinition struct { + Metadata defsecTypes.Metadata + Volumes []Volume + ContainerDefinitions []ContainerDefinition +} + +func CreateDefinitionsFromString(metadata defsecTypes.Metadata, str string) ([]ContainerDefinition, error) { + var containerDefinitionsJSON []containerDefinitionJSON + if err := json.Unmarshal([]byte(str), &containerDefinitionsJSON); err != nil { + return nil, err + } + var definitions []ContainerDefinition + for _, j := range containerDefinitionsJSON { + definitions = append(definitions, j.convert(metadata)) + } + return definitions, nil +} + +// see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html +type containerDefinitionJSON struct { + Name string `json:"name"` + Image string `json:"image"` + CPU int `json:"cpu"` + Memory int `json:"memory"` + Essential bool `json:"essential"` + PortMappings []portMappingJSON `json:"portMappings"` + EnvVars []envVarJSON `json:"environment"` + Privileged bool `json:"privileged"` +} + +type envVarJSON struct { + Name string `json:"name"` + Value string `json:"value"` +} + +type portMappingJSON struct { + ContainerPort int `json:"containerPort"` + HostPort int `json:"hostPort"` +} + +func (j containerDefinitionJSON) convert(metadata defsecTypes.Metadata) ContainerDefinition { + var mappings []PortMapping + for _, jMapping := range j.PortMappings { + mappings = append(mappings, PortMapping{ + ContainerPort: defsecTypes.Int(jMapping.ContainerPort, metadata), + HostPort: defsecTypes.Int(jMapping.HostPort, metadata), + }) + } + var envVars []EnvVar + for _, env := range j.EnvVars { + envVars = append(envVars, EnvVar(env)) + } + return ContainerDefinition{ + Metadata: metadata, + Name: defsecTypes.String(j.Name, metadata), + Image: defsecTypes.String(j.Image, metadata), + CPU: defsecTypes.Int(j.CPU, metadata), + Memory: defsecTypes.Int(j.Memory, metadata), + Essential: defsecTypes.Bool(j.Essential, metadata), + PortMappings: mappings, + Environment: envVars, + Privileged: defsecTypes.Bool(j.Privileged, metadata), + } +} + +type ContainerDefinition struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + Image defsecTypes.StringValue + CPU defsecTypes.IntValue + Memory defsecTypes.IntValue + Essential defsecTypes.BoolValue + PortMappings []PortMapping + Environment []EnvVar + Privileged defsecTypes.BoolValue +} + +type EnvVar struct { + Name string + Value string +} + +type PortMapping struct { + ContainerPort defsecTypes.IntValue + HostPort defsecTypes.IntValue +} + +type Volume struct { + Metadata defsecTypes.Metadata + EFSVolumeConfiguration EFSVolumeConfiguration +} + +type EFSVolumeConfiguration struct { + Metadata defsecTypes.Metadata + TransitEncryptionEnabled defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/aws/efs/efs.go b/pkg/iac/providers/aws/efs/efs.go new file mode 100755 index 000000000000..70821fc1572a --- /dev/null +++ b/pkg/iac/providers/aws/efs/efs.go @@ -0,0 +1,14 @@ +package efs + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type EFS struct { + FileSystems []FileSystem +} + +type FileSystem struct { + Metadata defsecTypes.Metadata + Encrypted defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/aws/eks/eks.go b/pkg/iac/providers/aws/eks/eks.go new file mode 100755 index 000000000000..db4156058459 --- /dev/null +++ b/pkg/iac/providers/aws/eks/eks.go @@ -0,0 +1,32 @@ +package eks + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type EKS struct { + Clusters []Cluster +} + +type Cluster struct { + Metadata defsecTypes.Metadata + Logging Logging + Encryption Encryption + PublicAccessEnabled defsecTypes.BoolValue + PublicAccessCIDRs []defsecTypes.StringValue +} + +type Logging struct { + Metadata defsecTypes.Metadata + API defsecTypes.BoolValue + Audit defsecTypes.BoolValue + Authenticator defsecTypes.BoolValue + ControllerManager defsecTypes.BoolValue + Scheduler defsecTypes.BoolValue +} + +type Encryption struct { + Metadata defsecTypes.Metadata + Secrets defsecTypes.BoolValue + KMSKeyID defsecTypes.StringValue +} diff --git a/pkg/iac/providers/aws/elasticache/elasticache.go b/pkg/iac/providers/aws/elasticache/elasticache.go new file mode 100755 index 000000000000..37220fbf1e00 --- /dev/null +++ b/pkg/iac/providers/aws/elasticache/elasticache.go @@ -0,0 +1,29 @@ +package elasticache + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type ElastiCache struct { + Clusters []Cluster + ReplicationGroups []ReplicationGroup + SecurityGroups []SecurityGroup +} + +type Cluster struct { + Metadata defsecTypes.Metadata + Engine defsecTypes.StringValue + NodeType defsecTypes.StringValue + SnapshotRetentionLimit defsecTypes.IntValue // days +} + +type ReplicationGroup struct { + Metadata defsecTypes.Metadata + TransitEncryptionEnabled defsecTypes.BoolValue + AtRestEncryptionEnabled defsecTypes.BoolValue +} + +type SecurityGroup struct { + Metadata defsecTypes.Metadata + Description defsecTypes.StringValue +} diff --git a/pkg/iac/providers/aws/elasticsearch/elasticsearch.go b/pkg/iac/providers/aws/elasticsearch/elasticsearch.go new file mode 100755 index 000000000000..d31c30894d03 --- /dev/null +++ b/pkg/iac/providers/aws/elasticsearch/elasticsearch.go @@ -0,0 +1,53 @@ +package elasticsearch + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Elasticsearch struct { + Domains []Domain +} + +type Domain struct { + Metadata defsecTypes.Metadata + DomainName defsecTypes.StringValue + AccessPolicies defsecTypes.StringValue + DedicatedMasterEnabled defsecTypes.BoolValue + VpcId defsecTypes.StringValue + LogPublishing LogPublishing + TransitEncryption TransitEncryption + AtRestEncryption AtRestEncryption + ServiceSoftwareOptions ServiceSoftwareOptions + Endpoint Endpoint +} + +type ServiceSoftwareOptions struct { + Metadata defsecTypes.Metadata + CurrentVersion defsecTypes.StringValue + NewVersion defsecTypes.StringValue + UpdateAvailable defsecTypes.BoolValue + UpdateStatus defsecTypes.StringValue +} + +type Endpoint struct { + Metadata defsecTypes.Metadata + EnforceHTTPS defsecTypes.BoolValue + TLSPolicy defsecTypes.StringValue +} + +type LogPublishing struct { + Metadata defsecTypes.Metadata + AuditEnabled defsecTypes.BoolValue + CloudWatchLogGroupArn defsecTypes.StringValue +} + +type TransitEncryption struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue +} + +type AtRestEncryption struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue + KmsKeyId defsecTypes.StringValue +} diff --git a/pkg/iac/providers/aws/elb/elb.go b/pkg/iac/providers/aws/elb/elb.go new file mode 100755 index 000000000000..c1c7e5ae85cc --- /dev/null +++ b/pkg/iac/providers/aws/elb/elb.go @@ -0,0 +1,36 @@ +package elb + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type ELB struct { + LoadBalancers []LoadBalancer +} + +const ( + TypeApplication = "application" + TypeGateway = "gateway" + TypeNetwork = "network" + TypeClassic = "classic" +) + +type LoadBalancer struct { + Metadata defsecTypes.Metadata + Type defsecTypes.StringValue + DropInvalidHeaderFields defsecTypes.BoolValue + Internal defsecTypes.BoolValue + Listeners []Listener +} + +type Listener struct { + Metadata defsecTypes.Metadata + Protocol defsecTypes.StringValue + TLSPolicy defsecTypes.StringValue + DefaultActions []Action +} + +type Action struct { + Metadata defsecTypes.Metadata + Type defsecTypes.StringValue +} diff --git a/pkg/iac/providers/aws/emr/emr.go b/pkg/iac/providers/aws/emr/emr.go new file mode 100644 index 000000000000..bb8c88eaebcc --- /dev/null +++ b/pkg/iac/providers/aws/emr/emr.go @@ -0,0 +1,28 @@ +package emr + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type EMR struct { + Clusters []Cluster + SecurityConfiguration []SecurityConfiguration +} + +type Cluster struct { + Metadata defsecTypes.Metadata + Settings ClusterSettings +} + +type ClusterSettings struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + ReleaseLabel defsecTypes.StringValue + ServiceRole defsecTypes.StringValue +} + +type SecurityConfiguration struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + Configuration defsecTypes.StringValue +} diff --git a/pkg/iac/providers/aws/iam/actions.go b/pkg/iac/providers/aws/iam/actions.go new file mode 100644 index 000000000000..564b4a38f917 --- /dev/null +++ b/pkg/iac/providers/aws/iam/actions.go @@ -0,0 +1,5135 @@ +// Code generated by cmd/allowed_actions DO NOT EDIT. + +package iam + +var allowedActionsForResourceWildcardsMap = map[string]struct{}{ + "a2c:GetContainerizationJobDetails": {}, + "a2c:GetDeploymentJobDetails": {}, + "a2c:StartContainerizationJob": {}, + "a2c:StartDeploymentJob": {}, + "a4b:ApproveSkill": {}, + "a4b:AssociateSkillWithUsers": {}, + "a4b:CompleteRegistration": {}, + "a4b:CreateAddressBook": {}, + "a4b:CreateBusinessReportSchedule": {}, + "a4b:CreateConferenceProvider": {}, + "a4b:CreateContact": {}, + "a4b:CreateGatewayGroup": {}, + "a4b:CreateNetworkProfile": {}, + "a4b:CreateProfile": {}, + "a4b:CreateSkillGroup": {}, + "a4b:GetConferencePreference": {}, + "a4b:GetInvitationConfiguration": {}, + "a4b:ListBusinessReportSchedules": {}, + "a4b:ListConferenceProviders": {}, + "a4b:ListGatewayGroups": {}, + "a4b:ListSkills": {}, + "a4b:ListSkillsStoreCategories": {}, + "a4b:ListSkillsStoreSkillsByCategory": {}, + "a4b:PutConferencePreference": {}, + "a4b:PutDeviceSetupEvents": {}, + "a4b:PutInvitationConfiguration": {}, + "a4b:RegisterAVSDevice": {}, + "a4b:RegisterDevice": {}, + "a4b:RejectSkill": {}, + "a4b:ResolveRoom": {}, + "a4b:SearchAddressBooks": {}, + "a4b:SearchContacts": {}, + "a4b:SearchDevices": {}, + "a4b:SearchNetworkProfiles": {}, + "a4b:SearchProfiles": {}, + "a4b:SearchRooms": {}, + "a4b:SearchSkillGroups": {}, + "a4b:SearchUsers": {}, + "a4b:SendAnnouncement": {}, + "a4b:StartDeviceSync": {}, + "access-analyzer:CancelPolicyGeneration": {}, + "access-analyzer:CheckAccessNotGranted": {}, + "access-analyzer:CheckNoNewAccess": {}, + "access-analyzer:GetGeneratedPolicy": {}, + "access-analyzer:ListAnalyzers": {}, + "access-analyzer:ListPolicyGenerations": {}, + "access-analyzer:StartPolicyGeneration": {}, + "access-analyzer:ValidatePolicy": {}, + "acm-pca:CreateCertificateAuthority": {}, + "acm-pca:ListCertificateAuthorities": {}, + "acm:GetAccountConfiguration": {}, + "acm:ListCertificates": {}, + "acm:PutAccountConfiguration": {}, + "acm:RequestCertificate": {}, + "activate:CreateForm": {}, + "activate:GetAccountContact": {}, + "activate:GetContentInfo": {}, + "activate:GetCosts": {}, + "activate:GetCredits": {}, + "activate:GetMemberInfo": {}, + "activate:GetProgram": {}, + "activate:PutMemberInfo": {}, + "airflow:ListEnvironments": {}, + "amplify:ListApps": {}, + "amplifybackend:ListS3Buckets": {}, + "amplifyuibuilder:CreateComponent": {}, + "amplifyuibuilder:CreateForm": {}, + "amplifyuibuilder:CreateTheme": {}, + "amplifyuibuilder:ExchangeCodeForToken": {}, + "amplifyuibuilder:ExportComponents": {}, + "amplifyuibuilder:ExportForms": {}, + "amplifyuibuilder:ExportThemes": {}, + "amplifyuibuilder:GetMetadata": {}, + "amplifyuibuilder:ListCodegenJobs": {}, + "amplifyuibuilder:ListComponents": {}, + "amplifyuibuilder:ListForms": {}, + "amplifyuibuilder:ListThemes": {}, + "amplifyuibuilder:PutMetadataFlag": {}, + "amplifyuibuilder:RefreshToken": {}, + "amplifyuibuilder:ResetMetadataFlag": {}, + "amplifyuibuilder:StartCodegenJob": {}, + "aoss:BatchGetCollection": {}, + "aoss:BatchGetEffectiveLifecyclePolicy": {}, + "aoss:BatchGetLifecyclePolicy": {}, + "aoss:BatchGetVpcEndpoint": {}, + "aoss:CreateAccessPolicy": {}, + "aoss:CreateCollection": {}, + "aoss:CreateLifecyclePolicy": {}, + "aoss:CreateSecurityConfig": {}, + "aoss:CreateSecurityPolicy": {}, + "aoss:CreateVpcEndpoint": {}, + "aoss:DeleteAccessPolicy": {}, + "aoss:DeleteLifecyclePolicy": {}, + "aoss:DeleteSecurityConfig": {}, + "aoss:DeleteSecurityPolicy": {}, + "aoss:DeleteVpcEndpoint": {}, + "aoss:GetAccessPolicy": {}, + "aoss:GetAccountSettings": {}, + "aoss:GetPoliciesStats": {}, + "aoss:GetSecurityConfig": {}, + "aoss:GetSecurityPolicy": {}, + "aoss:ListAccessPolicies": {}, + "aoss:ListCollections": {}, + "aoss:ListLifecyclePolicies": {}, + "aoss:ListSecurityConfigs": {}, + "aoss:ListSecurityPolicies": {}, + "aoss:ListTagsForResource": {}, + "aoss:ListVpcEndpoints": {}, + "aoss:TagResource": {}, + "aoss:UntagResource": {}, + "aoss:UpdateAccessPolicy": {}, + "aoss:UpdateAccountSettings": {}, + "aoss:UpdateLifecyclePolicy": {}, + "aoss:UpdateSecurityConfig": {}, + "aoss:UpdateSecurityPolicy": {}, + "aoss:UpdateVpcEndpoint": {}, + "app-integrations:ListApplications": {}, + "app-integrations:ListDataIntegrationAssociations": {}, + "app-integrations:ListDataIntegrations": {}, + "app-integrations:ListEventIntegrationAssociations": {}, + "app-integrations:ListEventIntegrations": {}, + "appconfig:CreateApplication": {}, + "appconfig:CreateDeploymentStrategy": {}, + "appconfig:CreateExtension": {}, + "appconfig:CreateExtensionAssociation": {}, + "appconfig:ListApplications": {}, + "appconfig:ListDeploymentStrategies": {}, + "appconfig:ListExtensionAssociations": {}, + "appconfig:ListExtensions": {}, + "appfabric:ListAppBundles": {}, + "appflow:CreateConnectorProfile": {}, + "appflow:CreateFlow": {}, + "appflow:DescribeConnectorProfiles": {}, + "appflow:DescribeConnectors": {}, + "appflow:DescribeFlows": {}, + "appflow:RegisterConnector": {}, + "application-autoscaling:DescribeScalableTargets": {}, + "application-autoscaling:DescribeScalingActivities": {}, + "application-autoscaling:DescribeScalingPolicies": {}, + "application-autoscaling:DescribeScheduledActions": {}, + "application-cost-profiler:DeleteReportDefinition": {}, + "application-cost-profiler:GetReportDefinition": {}, + "application-cost-profiler:ImportApplicationUsage": {}, + "application-cost-profiler:ListReportDefinitions": {}, + "application-cost-profiler:PutReportDefinition": {}, + "application-cost-profiler:UpdateReportDefinition": {}, + "application-transformation:GetContainerization": {}, + "application-transformation:GetDeployment": {}, + "application-transformation:GetGroupingAssessment": {}, + "application-transformation:GetPortingCompatibilityAssessment": {}, + "application-transformation:GetPortingRecommendationAssessment": {}, + "application-transformation:GetRuntimeAssessment": {}, + "application-transformation:PutLogData": {}, + "application-transformation:PutMetricData": {}, + "application-transformation:StartContainerization": {}, + "application-transformation:StartDeployment": {}, + "application-transformation:StartGroupingAssessment": {}, + "application-transformation:StartPortingCompatibilityAssessment": {}, + "application-transformation:StartPortingRecommendationAssessment": {}, + "application-transformation:StartRuntimeAssessment": {}, + "applicationinsights:AddWorkload": {}, + "applicationinsights:CreateApplication": {}, + "applicationinsights:CreateComponent": {}, + "applicationinsights:CreateLogPattern": {}, + "applicationinsights:DeleteApplication": {}, + "applicationinsights:DeleteComponent": {}, + "applicationinsights:DeleteLogPattern": {}, + "applicationinsights:DescribeApplication": {}, + "applicationinsights:DescribeComponent": {}, + "applicationinsights:DescribeComponentConfiguration": {}, + "applicationinsights:DescribeComponentConfigurationRecommendation": {}, + "applicationinsights:DescribeLogPattern": {}, + "applicationinsights:DescribeObservation": {}, + "applicationinsights:DescribeProblem": {}, + "applicationinsights:DescribeProblemObservations": {}, + "applicationinsights:DescribeWorkload": {}, + "applicationinsights:Link": {}, + "applicationinsights:ListApplications": {}, + "applicationinsights:ListComponents": {}, + "applicationinsights:ListConfigurationHistory": {}, + "applicationinsights:ListLogPatternSets": {}, + "applicationinsights:ListLogPatterns": {}, + "applicationinsights:ListProblems": {}, + "applicationinsights:ListTagsForResource": {}, + "applicationinsights:ListWorkloads": {}, + "applicationinsights:RemoveWorkload": {}, + "applicationinsights:TagResource": {}, + "applicationinsights:UntagResource": {}, + "applicationinsights:UpdateApplication": {}, + "applicationinsights:UpdateComponent": {}, + "applicationinsights:UpdateComponentConfiguration": {}, + "applicationinsights:UpdateLogPattern": {}, + "applicationinsights:UpdateProblem": {}, + "applicationinsights:UpdateWorkload": {}, + "appmesh-preview:ListMeshes": {}, + "appmesh:ListMeshes": {}, + "apprunner:ListAutoScalingConfigurations": {}, + "apprunner:ListConnections": {}, + "apprunner:ListObservabilityConfigurations": {}, + "apprunner:ListServices": {}, + "apprunner:ListVpcConnectors": {}, + "apprunner:ListVpcIngressConnections": {}, + "appstream:CreateAppBlock": {}, + "appstream:CreateDirectoryConfig": {}, + "appstream:CreateUsageReportSubscription": {}, + "appstream:CreateUser": {}, + "appstream:DeleteDirectoryConfig": {}, + "appstream:DeleteUsageReportSubscription": {}, + "appstream:DeleteUser": {}, + "appstream:DescribeDirectoryConfigs": {}, + "appstream:DescribeUsageReportSubscriptions": {}, + "appstream:DescribeUsers": {}, + "appstream:DisableUser": {}, + "appstream:EnableUser": {}, + "appstream:ExpireSession": {}, + "appstream:ListTagsForResource": {}, + "appstream:UpdateDirectoryConfig": {}, + "appsync:CreateApiCache": {}, + "appsync:CreateApiKey": {}, + "appsync:CreateDataSource": {}, + "appsync:CreateDomainName": {}, + "appsync:CreateFunction": {}, + "appsync:CreateGraphqlApi": {}, + "appsync:CreateResolver": {}, + "appsync:CreateType": {}, + "appsync:DeleteApiCache": {}, + "appsync:DeleteApiKey": {}, + "appsync:DeleteDataSource": {}, + "appsync:DeleteFunction": {}, + "appsync:DeleteResolver": {}, + "appsync:DeleteResourcePolicy": {}, + "appsync:DeleteType": {}, + "appsync:EvaluateCode": {}, + "appsync:EvaluateMappingTemplate": {}, + "appsync:FlushApiCache": {}, + "appsync:GetApiCache": {}, + "appsync:GetDataSource": {}, + "appsync:GetDataSourceIntrospection": {}, + "appsync:GetFunction": {}, + "appsync:GetIntrospectionSchema": {}, + "appsync:GetResolver": {}, + "appsync:GetResourcePolicy": {}, + "appsync:GetSchemaCreationStatus": {}, + "appsync:GetType": {}, + "appsync:ListApiKeys": {}, + "appsync:ListDataSources": {}, + "appsync:ListDomainNames": {}, + "appsync:ListFunctions": {}, + "appsync:ListGraphqlApis": {}, + "appsync:ListResolvers": {}, + "appsync:ListResolversByFunction": {}, + "appsync:ListSourceApiAssociations": {}, + "appsync:ListTypes": {}, + "appsync:ListTypesByAssociation": {}, + "appsync:PutResourcePolicy": {}, + "appsync:SetWebACL": {}, + "appsync:StartDataSourceIntrospection": {}, + "appsync:StartSchemaCreation": {}, + "appsync:UpdateApiCache": {}, + "appsync:UpdateApiKey": {}, + "appsync:UpdateDataSource": {}, + "appsync:UpdateFunction": {}, + "appsync:UpdateResolver": {}, + "appsync:UpdateType": {}, + "aps:CreateWorkspace": {}, + "aps:GetDefaultScraperConfiguration": {}, + "aps:ListScrapers": {}, + "aps:ListWorkspaces": {}, + "arc-zonal-shift:ListAutoshifts": {}, + "arc-zonal-shift:ListManagedResources": {}, + "arc-zonal-shift:ListZonalShifts": {}, + "arsenal:RegisterOnPremisesAgent": {}, + "artifact:GetAccountSettings": {}, + "artifact:ListReports": {}, + "artifact:PutAccountSettings": {}, + "athena:GetCatalogs": {}, + "athena:GetExecutionEngine": {}, + "athena:GetExecutionEngines": {}, + "athena:GetNamespace": {}, + "athena:GetNamespaces": {}, + "athena:GetQueryExecutions": {}, + "athena:GetTable": {}, + "athena:GetTables": {}, + "athena:ListApplicationDPUSizes": {}, + "athena:ListCapacityReservations": {}, + "athena:ListDataCatalogs": {}, + "athena:ListEngineVersions": {}, + "athena:ListExecutors": {}, + "athena:ListWorkGroups": {}, + "athena:RunQuery": {}, + "auditmanager:CreateAssessment": {}, + "auditmanager:CreateAssessmentFramework": {}, + "auditmanager:CreateControl": {}, + "auditmanager:DeleteAssessmentFrameworkShare": {}, + "auditmanager:DeregisterAccount": {}, + "auditmanager:DeregisterOrganizationAdminAccount": {}, + "auditmanager:GetAccountStatus": {}, + "auditmanager:GetDelegations": {}, + "auditmanager:GetEvidenceFileUploadUrl": {}, + "auditmanager:GetInsights": {}, + "auditmanager:GetInsightsByAssessment": {}, + "auditmanager:GetOrganizationAdminAccount": {}, + "auditmanager:GetServicesInScope": {}, + "auditmanager:GetSettings": {}, + "auditmanager:ListAssessmentControlInsightsByControlDomain": {}, + "auditmanager:ListAssessmentFrameworkShareRequests": {}, + "auditmanager:ListAssessmentFrameworks": {}, + "auditmanager:ListAssessmentReports": {}, + "auditmanager:ListAssessments": {}, + "auditmanager:ListControlDomainInsights": {}, + "auditmanager:ListControlDomainInsightsByAssessment": {}, + "auditmanager:ListControlInsightsByControlDomain": {}, + "auditmanager:ListControls": {}, + "auditmanager:ListKeywordsForDataSource": {}, + "auditmanager:ListNotifications": {}, + "auditmanager:RegisterAccount": {}, + "auditmanager:RegisterOrganizationAdminAccount": {}, + "auditmanager:UpdateAssessmentFrameworkShare": {}, + "auditmanager:UpdateSettings": {}, + "auditmanager:ValidateAssessmentReportIntegrity": {}, + "autoscaling-plans:CreateScalingPlan": {}, + "autoscaling-plans:DeleteScalingPlan": {}, + "autoscaling-plans:DescribeScalingPlanResources": {}, + "autoscaling-plans:DescribeScalingPlans": {}, + "autoscaling-plans:GetScalingPlanResourceForecastData": {}, + "autoscaling-plans:UpdateScalingPlan": {}, + "autoscaling:DescribeAccountLimits": {}, + "autoscaling:DescribeAdjustmentTypes": {}, + "autoscaling:DescribeAutoScalingGroups": {}, + "autoscaling:DescribeAutoScalingInstances": {}, + "autoscaling:DescribeAutoScalingNotificationTypes": {}, + "autoscaling:DescribeInstanceRefreshes": {}, + "autoscaling:DescribeLaunchConfigurations": {}, + "autoscaling:DescribeLifecycleHookTypes": {}, + "autoscaling:DescribeLifecycleHooks": {}, + "autoscaling:DescribeLoadBalancerTargetGroups": {}, + "autoscaling:DescribeLoadBalancers": {}, + "autoscaling:DescribeMetricCollectionTypes": {}, + "autoscaling:DescribeNotificationConfigurations": {}, + "autoscaling:DescribePolicies": {}, + "autoscaling:DescribeScalingActivities": {}, + "autoscaling:DescribeScalingProcessTypes": {}, + "autoscaling:DescribeScheduledActions": {}, + "autoscaling:DescribeTags": {}, + "autoscaling:DescribeTerminationPolicyTypes": {}, + "autoscaling:DescribeTrafficSources": {}, + "autoscaling:DescribeWarmPool": {}, + "autoscaling:GetPredictiveScalingForecast": {}, + "aws-marketplace-management:GetAdditionalSellerNotificationRecipients": {}, + "aws-marketplace-management:GetBankAccountVerificationDetails": {}, + "aws-marketplace-management:GetSecondaryUserVerificationDetails": {}, + "aws-marketplace-management:GetSellerVerificationDetails": {}, + "aws-marketplace-management:PutAdditionalSellerNotificationRecipients": {}, + "aws-marketplace-management:PutBankAccountVerificationDetails": {}, + "aws-marketplace-management:PutSecondaryUserVerificationDetails": {}, + "aws-marketplace-management:PutSellerVerificationDetails": {}, + "aws-marketplace-management:uploadFiles": {}, + "aws-marketplace-management:viewMarketing": {}, + "aws-marketplace-management:viewReports": {}, + "aws-marketplace-management:viewSettings": {}, + "aws-marketplace-management:viewSupport": {}, + "aws-marketplace:AcceptAgreementApprovalRequest": {}, + "aws-marketplace:AcceptAgreementRequest": {}, + "aws-marketplace:AssociateProductsWithPrivateMarketplace": {}, + "aws-marketplace:BatchMeterUsage": {}, + "aws-marketplace:CancelAgreement": {}, + "aws-marketplace:CancelAgreementRequest": {}, + "aws-marketplace:CompleteTask": {}, + "aws-marketplace:CreateAgreementRequest": {}, + "aws-marketplace:CreatePrivateMarketplaceRequests": {}, + "aws-marketplace:DescribeAgreement": {}, + "aws-marketplace:DescribeBuilds": {}, + "aws-marketplace:DescribePrivateMarketplaceRequests": {}, + "aws-marketplace:DescribeProcurementSystemConfiguration": {}, + "aws-marketplace:DescribeTask": {}, + "aws-marketplace:DisassociateProductsFromPrivateMarketplace": {}, + "aws-marketplace:GetAgreementApprovalRequest": {}, + "aws-marketplace:GetAgreementRequest": {}, + "aws-marketplace:GetAgreementTerms": {}, + "aws-marketplace:ListAgreementApprovalRequests": {}, + "aws-marketplace:ListAgreementRequests": {}, + "aws-marketplace:ListBuilds": {}, + "aws-marketplace:ListChangeSets": {}, + "aws-marketplace:ListEntities": {}, + "aws-marketplace:ListEntitlementDetails": {}, + "aws-marketplace:ListPrivateListings": {}, + "aws-marketplace:ListPrivateMarketplaceRequests": {}, + "aws-marketplace:ListTasks": {}, + "aws-marketplace:MeterUsage": {}, + "aws-marketplace:PutProcurementSystemConfiguration": {}, + "aws-marketplace:RegisterUsage": {}, + "aws-marketplace:RejectAgreementApprovalRequest": {}, + "aws-marketplace:ResolveCustomer": {}, + "aws-marketplace:SearchAgreements": {}, + "aws-marketplace:StartBuild": {}, + "aws-marketplace:Subscribe": {}, + "aws-marketplace:Unsubscribe": {}, + "aws-marketplace:UpdateAgreementApprovalRequest": {}, + "aws-marketplace:UpdateTask": {}, + "aws-marketplace:ViewSubscriptions": {}, + "aws-portal:GetConsoleActionSetEnforced": {}, + "aws-portal:ModifyAccount": {}, + "aws-portal:ModifyBilling": {}, + "aws-portal:ModifyPaymentMethods": {}, + "aws-portal:UpdateConsoleActionSetEnforced": {}, + "aws-portal:ViewAccount": {}, + "aws-portal:ViewBilling": {}, + "aws-portal:ViewPaymentMethods": {}, + "aws-portal:ViewUsage": {}, + "awsconnector:GetConnectorHealth": {}, + "awsconnector:RegisterConnector": {}, + "awsconnector:ValidateConnectorId": {}, + "b2bi:CreateProfile": {}, + "b2bi:CreateTransformer": {}, + "b2bi:ListCapabilities": {}, + "b2bi:ListPartnerships": {}, + "b2bi:ListProfiles": {}, + "b2bi:ListTransformers": {}, + "backup-gateway:CreateGateway": {}, + "backup-gateway:ImportHypervisorConfiguration": {}, + "backup-gateway:ListGateways": {}, + "backup-gateway:ListHypervisors": {}, + "backup-gateway:ListVirtualMachines": {}, + "backup-storage:CommitBackupJob": {}, + "backup-storage:DeleteObjects": {}, + "backup-storage:DescribeBackupJob": {}, + "backup-storage:GetBaseBackup": {}, + "backup-storage:GetChunk": {}, + "backup-storage:GetIncrementalBaseBackup": {}, + "backup-storage:GetObjectMetadata": {}, + "backup-storage:ListChunks": {}, + "backup-storage:ListObjects": {}, + "backup-storage:MountCapsule": {}, + "backup-storage:NotifyObjectComplete": {}, + "backup-storage:PutChunk": {}, + "backup-storage:PutObject": {}, + "backup-storage:StartObject": {}, + "backup-storage:UpdateObjectComplete": {}, + "backup:DescribeBackupJob": {}, + "backup:DescribeCopyJob": {}, + "backup:DescribeGlobalSettings": {}, + "backup:DescribeProtectedResource": {}, + "backup:DescribeRegionSettings": {}, + "backup:DescribeReportJob": {}, + "backup:DescribeRestoreJob": {}, + "backup:ExportBackupPlanTemplate": {}, + "backup:GetBackupPlanFromJSON": {}, + "backup:GetBackupPlanFromTemplate": {}, + "backup:GetRestoreJobMetadata": {}, + "backup:GetRestoreTestingInferredMetadata": {}, + "backup:GetSupportedResourceTypes": {}, + "backup:ListBackupJobSummaries": {}, + "backup:ListBackupJobs": {}, + "backup:ListBackupPlanTemplates": {}, + "backup:ListBackupPlans": {}, + "backup:ListBackupVaults": {}, + "backup:ListCopyJobSummaries": {}, + "backup:ListCopyJobs": {}, + "backup:ListFrameworks": {}, + "backup:ListLegalHolds": {}, + "backup:ListProtectedResources": {}, + "backup:ListRecoveryPointsByResource": {}, + "backup:ListReportJobs": {}, + "backup:ListReportPlans": {}, + "backup:ListRestoreJobSummaries": {}, + "backup:ListRestoreJobs": {}, + "backup:ListRestoreJobsByProtectedResource": {}, + "backup:ListRestoreTestingPlans": {}, + "backup:PutRestoreValidationResult": {}, + "backup:StopBackupJob": {}, + "backup:UpdateGlobalSettings": {}, + "backup:UpdateRegionSettings": {}, + "batch:DescribeComputeEnvironments": {}, + "batch:DescribeJobDefinitions": {}, + "batch:DescribeJobQueues": {}, + "batch:DescribeJobs": {}, + "batch:DescribeSchedulingPolicies": {}, + "batch:ListJobs": {}, + "batch:ListSchedulingPolicies": {}, + "bcm-data-exports:ListExports": {}, + "bcm-data-exports:ListTables": {}, + "bedrock:AssociateThirdPartyKnowledgeBase": {}, + "bedrock:CreateAgent": {}, + "bedrock:CreateFoundationModelAgreement": {}, + "bedrock:CreateGuardrail": {}, + "bedrock:CreateKnowledgeBase": {}, + "bedrock:DeleteFoundationModelAgreement": {}, + "bedrock:DeleteModelInvocationLoggingConfiguration": {}, + "bedrock:GetFoundationModelAvailability": {}, + "bedrock:GetModelInvocationLoggingConfiguration": {}, + "bedrock:GetUseCaseForModelAccess": {}, + "bedrock:ListAgents": {}, + "bedrock:ListCustomModels": {}, + "bedrock:ListFoundationModelAgreementOffers": {}, + "bedrock:ListFoundationModels": {}, + "bedrock:ListKnowledgeBases": {}, + "bedrock:ListModelCustomizationJobs": {}, + "bedrock:ListModelEvaluationJobs": {}, + "bedrock:ListModelInvocationJobs": {}, + "bedrock:ListProvisionedModelThroughputs": {}, + "bedrock:PutFoundationModelEntitlement": {}, + "bedrock:PutModelInvocationLoggingConfiguration": {}, + "bedrock:PutUseCaseForModelAccess": {}, + "bedrock:RetrieveAndGenerate": {}, + "billing:GetBillingData": {}, + "billing:GetBillingDetails": {}, + "billing:GetBillingNotifications": {}, + "billing:GetBillingPreferences": {}, + "billing:GetContractInformation": {}, + "billing:GetCredits": {}, + "billing:GetIAMAccessPreference": {}, + "billing:GetSellerOfRecord": {}, + "billing:ListBillingViews": {}, + "billing:PutContractInformation": {}, + "billing:RedeemCredits": {}, + "billing:UpdateBillingPreferences": {}, + "billing:UpdateIAMAccessPreference": {}, + "billingconductor:CreatePricingRule": {}, + "billingconductor:ListAccountAssociations": {}, + "billingconductor:ListBillingGroupCostReports": {}, + "billingconductor:ListBillingGroups": {}, + "billingconductor:ListCustomLineItems": {}, + "billingconductor:ListPricingPlans": {}, + "billingconductor:ListPricingRules": {}, + "braket:AcceptUserAgreement": {}, + "braket:AccessBraketFeature": {}, + "braket:CreateJob": {}, + "braket:CreateQuantumTask": {}, + "braket:GetDevice": {}, + "braket:GetServiceLinkedRoleStatus": {}, + "braket:GetUserAgreementStatus": {}, + "braket:SearchDevices": {}, + "braket:SearchJobs": {}, + "braket:SearchQuantumTasks": {}, + "budgets:DescribeBudgetActionsForAccount": {}, + "bugbust:CreateEvent": {}, + "bugbust:ListEvents": {}, + "cases:CreateDomain": {}, + "cases:ListDomains": {}, + "cases:ListTagsForResource": {}, + "ce:CreateAnomalyMonitor": {}, + "ce:CreateAnomalySubscription": {}, + "ce:CreateCostCategoryDefinition": {}, + "ce:CreateNotificationSubscription": {}, + "ce:CreateReport": {}, + "ce:DeleteNotificationSubscription": {}, + "ce:DeleteReport": {}, + "ce:DescribeNotificationSubscription": {}, + "ce:DescribeReport": {}, + "ce:GetApproximateUsageRecords": {}, + "ce:GetConsoleActionSetEnforced": {}, + "ce:GetCostAndUsage": {}, + "ce:GetCostAndUsageWithResources": {}, + "ce:GetCostCategories": {}, + "ce:GetCostForecast": {}, + "ce:GetDimensionValues": {}, + "ce:GetPreferences": {}, + "ce:GetReservationCoverage": {}, + "ce:GetReservationPurchaseRecommendation": {}, + "ce:GetReservationUtilization": {}, + "ce:GetRightsizingRecommendation": {}, + "ce:GetSavingsPlanPurchaseRecommendationDetails": {}, + "ce:GetSavingsPlansCoverage": {}, + "ce:GetSavingsPlansPurchaseRecommendation": {}, + "ce:GetSavingsPlansUtilization": {}, + "ce:GetSavingsPlansUtilizationDetails": {}, + "ce:GetTags": {}, + "ce:GetUsageForecast": {}, + "ce:ListCostAllocationTags": {}, + "ce:ListCostCategoryDefinitions": {}, + "ce:ListSavingsPlansPurchaseRecommendationGeneration": {}, + "ce:ProvideAnomalyFeedback": {}, + "ce:StartSavingsPlansPurchaseRecommendationGeneration": {}, + "ce:UpdateConsoleActionSetEnforced": {}, + "ce:UpdateCostAllocationTagsStatus": {}, + "ce:UpdateNotificationSubscription": {}, + "ce:UpdatePreferences": {}, + "ce:UpdateReport": {}, + "chatbot:CreateChimeWebhookConfiguration": {}, + "chatbot:CreateMicrosoftTeamsChannelConfiguration": {}, + "chatbot:CreateSlackChannelConfiguration": {}, + "chatbot:DeleteMicrosoftTeamsChannelConfiguration": {}, + "chatbot:DeleteMicrosoftTeamsConfiguredTeam": {}, + "chatbot:DeleteMicrosoftTeamsUserIdentity": {}, + "chatbot:DeleteSlackUserIdentity": {}, + "chatbot:DeleteSlackWorkspaceAuthorization": {}, + "chatbot:DescribeChimeWebhookConfigurations": {}, + "chatbot:DescribeSlackChannelConfigurations": {}, + "chatbot:DescribeSlackChannels": {}, + "chatbot:DescribeSlackUserIdentities": {}, + "chatbot:DescribeSlackWorkspaces": {}, + "chatbot:GetAccountPreferences": {}, + "chatbot:GetMicrosoftTeamsChannelConfiguration": {}, + "chatbot:GetMicrosoftTeamsOauthParameters": {}, + "chatbot:GetSlackOauthParameters": {}, + "chatbot:ListMicrosoftTeamsChannelConfigurations": {}, + "chatbot:ListMicrosoftTeamsConfiguredTeams": {}, + "chatbot:ListMicrosoftTeamsUserIdentities": {}, + "chatbot:RedeemMicrosoftTeamsOauthCode": {}, + "chatbot:RedeemSlackOauthCode": {}, + "chatbot:UpdateAccountPreferences": {}, + "chatbot:UpdateMicrosoftTeamsChannelConfiguration": {}, + "chime:AcceptDelegate": {}, + "chime:ActivateUsers": {}, + "chime:AddDomain": {}, + "chime:AddOrUpdateGroups": {}, + "chime:AssociatePhoneNumberWithUser": {}, + "chime:AssociatePhoneNumbersWithVoiceConnectorGroup": {}, + "chime:AssociateSigninDelegateGroupsWithAccount": {}, + "chime:AuthorizeDirectory": {}, + "chime:BatchCreateRoomMembership": {}, + "chime:BatchDeletePhoneNumber": {}, + "chime:BatchSuspendUser": {}, + "chime:BatchUnsuspendUser": {}, + "chime:BatchUpdatePhoneNumber": {}, + "chime:BatchUpdateUser": {}, + "chime:ConnectDirectory": {}, + "chime:CreateAccount": {}, + "chime:CreateApiKey": {}, + "chime:CreateAppInstance": {}, + "chime:CreateAppInstanceBot": {}, + "chime:CreateAppInstanceUser": {}, + "chime:CreateBot": {}, + "chime:CreateCDRBucket": {}, + "chime:CreateMediaCapturePipeline": {}, + "chime:CreateMediaConcatenationPipeline": {}, + "chime:CreateMediaInsightsPipelineConfiguration": {}, + "chime:CreateMediaLiveConnectorPipeline": {}, + "chime:CreateMediaPipelineKinesisVideoStreamPool": {}, + "chime:CreateMeeting": {}, + "chime:CreateMeetingWithAttendees": {}, + "chime:CreatePhoneNumberOrder": {}, + "chime:CreateRoom": {}, + "chime:CreateRoomMembership": {}, + "chime:CreateSipMediaApplication": {}, + "chime:CreateUser": {}, + "chime:CreateVoiceConnector": {}, + "chime:CreateVoiceProfile": {}, + "chime:CreateVoiceProfileDomain": {}, + "chime:DeleteAccount": {}, + "chime:DeleteAccountOpenIdConfig": {}, + "chime:DeleteApiKey": {}, + "chime:DeleteCDRBucket": {}, + "chime:DeleteDelegate": {}, + "chime:DeleteDomain": {}, + "chime:DeleteEventsConfiguration": {}, + "chime:DeleteGroups": {}, + "chime:DeletePhoneNumber": {}, + "chime:DeleteRoom": {}, + "chime:DeleteRoomMembership": {}, + "chime:DeleteSipRule": {}, + "chime:DeleteVoiceConnectorGroup": {}, + "chime:DisassociatePhoneNumberFromUser": {}, + "chime:DisassociatePhoneNumbersFromVoiceConnectorGroup": {}, + "chime:DisassociateSigninDelegateGroupsFromAccount": {}, + "chime:DisconnectDirectory": {}, + "chime:GetAccount": {}, + "chime:GetAccountResource": {}, + "chime:GetAccountSettings": {}, + "chime:GetAccountWithOpenIdConfig": {}, + "chime:GetBot": {}, + "chime:GetCDRBucket": {}, + "chime:GetDomain": {}, + "chime:GetEventsConfiguration": {}, + "chime:GetGlobalSettings": {}, + "chime:GetMeetingDetail": {}, + "chime:GetMessagingSessionEndpoint": {}, + "chime:GetPhoneNumber": {}, + "chime:GetPhoneNumberOrder": {}, + "chime:GetPhoneNumberSettings": {}, + "chime:GetRetentionSettings": {}, + "chime:GetRoom": {}, + "chime:GetSipRule": {}, + "chime:GetTelephonyLimits": {}, + "chime:GetUser": {}, + "chime:GetUserActivityReportData": {}, + "chime:GetUserByEmail": {}, + "chime:GetUserSettings": {}, + "chime:GetVoiceConnectorGroup": {}, + "chime:InviteDelegate": {}, + "chime:InviteUsers": {}, + "chime:InviteUsersFromProvider": {}, + "chime:ListAccountUsageReportData": {}, + "chime:ListAccounts": {}, + "chime:ListApiKeys": {}, + "chime:ListAvailableVoiceConnectorRegions": {}, + "chime:ListBots": {}, + "chime:ListCDRBucket": {}, + "chime:ListCallingRegions": {}, + "chime:ListDelegates": {}, + "chime:ListDirectories": {}, + "chime:ListDomains": {}, + "chime:ListGroups": {}, + "chime:ListMediaCapturePipelines": {}, + "chime:ListMediaInsightsPipelineConfigurations": {}, + "chime:ListMediaPipelineKinesisVideoStreamPools": {}, + "chime:ListMediaPipelines": {}, + "chime:ListMeetingEvents": {}, + "chime:ListMeetings": {}, + "chime:ListMeetingsReportData": {}, + "chime:ListPhoneNumberOrders": {}, + "chime:ListPhoneNumbers": {}, + "chime:ListRoomMemberships": {}, + "chime:ListRooms": {}, + "chime:ListSipMediaApplications": {}, + "chime:ListSupportedPhoneNumberCountries": {}, + "chime:ListUsers": {}, + "chime:ListVoiceConnectorGroups": {}, + "chime:ListVoiceConnectors": {}, + "chime:ListVoiceProfileDomains": {}, + "chime:LogoutUser": {}, + "chime:PutEventsConfiguration": {}, + "chime:PutRetentionSettings": {}, + "chime:RedactConversationMessage": {}, + "chime:RedactRoomMessage": {}, + "chime:RegenerateSecurityToken": {}, + "chime:RenameAccount": {}, + "chime:RenewDelegate": {}, + "chime:ResetAccountResource": {}, + "chime:ResetPersonalPIN": {}, + "chime:RestorePhoneNumber": {}, + "chime:RetrieveDataExports": {}, + "chime:SearchAvailablePhoneNumbers": {}, + "chime:StartDataExport": {}, + "chime:StartMeetingTranscription": {}, + "chime:StopMeetingTranscription": {}, + "chime:SubmitSupportRequest": {}, + "chime:SuspendUsers": {}, + "chime:UnauthorizeDirectory": {}, + "chime:UpdateAccount": {}, + "chime:UpdateAccountOpenIdConfig": {}, + "chime:UpdateAccountResource": {}, + "chime:UpdateAccountSettings": {}, + "chime:UpdateBot": {}, + "chime:UpdateCDRSettings": {}, + "chime:UpdateGlobalSettings": {}, + "chime:UpdatePhoneNumber": {}, + "chime:UpdatePhoneNumberSettings": {}, + "chime:UpdateRoom": {}, + "chime:UpdateRoomMembership": {}, + "chime:UpdateSupportedLicenses": {}, + "chime:UpdateUser": {}, + "chime:UpdateUserLicenses": {}, + "chime:UpdateUserSettings": {}, + "chime:ValidateAccountResource": {}, + "chime:ValidateE911Address": {}, + "cleanrooms-ml:CreateTrainingDataset": {}, + "cleanrooms-ml:ListAudienceModels": {}, + "cleanrooms-ml:ListConfiguredAudienceModels": {}, + "cleanrooms-ml:ListTrainingDatasets": {}, + "cleanrooms:ListCollaborations": {}, + "cleanrooms:ListConfiguredTables": {}, + "cleanrooms:ListMemberships": {}, + "cloud9:CreateEnvironmentEC2": {}, + "cloud9:CreateEnvironmentSSH": {}, + "cloud9:GetMigrationExperiences": {}, + "cloud9:GetUserPublicKey": {}, + "cloud9:GetUserSettings": {}, + "cloud9:ListEnvironments": {}, + "cloud9:UpdateUserSettings": {}, + "cloud9:ValidateEnvironmentName": {}, + "clouddirectory:CreateSchema": {}, + "clouddirectory:ListDevelopmentSchemaArns": {}, + "clouddirectory:ListDirectories": {}, + "clouddirectory:ListManagedSchemaArns": {}, + "clouddirectory:ListPublishedSchemaArns": {}, + "clouddirectory:PutSchemaFromJson": {}, + "cloudformation:ActivateOrganizationsAccess": {}, + "cloudformation:ActivateType": {}, + "cloudformation:BatchDescribeTypeConfigurations": {}, + "cloudformation:CancelResourceRequest": {}, + "cloudformation:CreateResource": {}, + "cloudformation:CreateStackSet": {}, + "cloudformation:CreateUploadBucket": {}, + "cloudformation:DeactivateOrganizationsAccess": {}, + "cloudformation:DeactivateType": {}, + "cloudformation:DeleteResource": {}, + "cloudformation:DeregisterType": {}, + "cloudformation:DescribeAccountLimits": {}, + "cloudformation:DescribeOrganizationsAccess": {}, + "cloudformation:DescribePublisher": {}, + "cloudformation:DescribeStackDriftDetectionStatus": {}, + "cloudformation:DescribeType": {}, + "cloudformation:DescribeTypeRegistration": {}, + "cloudformation:EstimateTemplateCost": {}, + "cloudformation:GetResource": {}, + "cloudformation:GetResourceRequestStatus": {}, + "cloudformation:ListExports": {}, + "cloudformation:ListImports": {}, + "cloudformation:ListResourceRequests": {}, + "cloudformation:ListResources": {}, + "cloudformation:ListStackSets": {}, + "cloudformation:ListStacks": {}, + "cloudformation:ListTypeRegistrations": {}, + "cloudformation:ListTypeVersions": {}, + "cloudformation:ListTypes": {}, + "cloudformation:PublishType": {}, + "cloudformation:RegisterPublisher": {}, + "cloudformation:RegisterType": {}, + "cloudformation:SetTypeConfiguration": {}, + "cloudformation:SetTypeDefaultVersion": {}, + "cloudformation:TestType": {}, + "cloudformation:UpdateResource": {}, + "cloudformation:ValidateTemplate": {}, + "cloudfront:CreateFieldLevelEncryptionConfig": {}, + "cloudfront:CreateFieldLevelEncryptionProfile": {}, + "cloudfront:CreateKeyGroup": {}, + "cloudfront:CreateMonitoringSubscription": {}, + "cloudfront:CreateOriginAccessControl": {}, + "cloudfront:CreatePublicKey": {}, + "cloudfront:CreateSavingsPlan": {}, + "cloudfront:DeleteKeyGroup": {}, + "cloudfront:DeleteMonitoringSubscription": {}, + "cloudfront:DeletePublicKey": {}, + "cloudfront:GetKeyGroup": {}, + "cloudfront:GetKeyGroupConfig": {}, + "cloudfront:GetMonitoringSubscription": {}, + "cloudfront:GetPublicKey": {}, + "cloudfront:GetPublicKeyConfig": {}, + "cloudfront:GetSavingsPlan": {}, + "cloudfront:ListCachePolicies": {}, + "cloudfront:ListCloudFrontOriginAccessIdentities": {}, + "cloudfront:ListContinuousDeploymentPolicies": {}, + "cloudfront:ListDistributions": {}, + "cloudfront:ListDistributionsByCachePolicyId": {}, + "cloudfront:ListDistributionsByKeyGroup": {}, + "cloudfront:ListDistributionsByLambdaFunction": {}, + "cloudfront:ListDistributionsByOriginRequestPolicyId": {}, + "cloudfront:ListDistributionsByRealtimeLogConfig": {}, + "cloudfront:ListDistributionsByResponseHeadersPolicyId": {}, + "cloudfront:ListDistributionsByWebACLId": {}, + "cloudfront:ListFieldLevelEncryptionConfigs": {}, + "cloudfront:ListFieldLevelEncryptionProfiles": {}, + "cloudfront:ListFunctions": {}, + "cloudfront:ListKeyGroups": {}, + "cloudfront:ListKeyValueStores": {}, + "cloudfront:ListOriginAccessControls": {}, + "cloudfront:ListOriginRequestPolicies": {}, + "cloudfront:ListPublicKeys": {}, + "cloudfront:ListRateCards": {}, + "cloudfront:ListRealtimeLogConfigs": {}, + "cloudfront:ListResponseHeadersPolicies": {}, + "cloudfront:ListSavingsPlans": {}, + "cloudfront:ListStreamingDistributions": {}, + "cloudfront:ListUsages": {}, + "cloudfront:UpdateFieldLevelEncryptionConfig": {}, + "cloudfront:UpdateKeyGroup": {}, + "cloudfront:UpdatePublicKey": {}, + "cloudfront:UpdateSavingsPlan": {}, + "cloudhsm:AddTagsToResource": {}, + "cloudhsm:CreateHapg": {}, + "cloudhsm:CreateLunaClient": {}, + "cloudhsm:DeleteHapg": {}, + "cloudhsm:DeleteHsm": {}, + "cloudhsm:DeleteLunaClient": {}, + "cloudhsm:DescribeBackups": {}, + "cloudhsm:DescribeClusters": {}, + "cloudhsm:DescribeHapg": {}, + "cloudhsm:DescribeHsm": {}, + "cloudhsm:DescribeLunaClient": {}, + "cloudhsm:GetConfig": {}, + "cloudhsm:ListAvailableZones": {}, + "cloudhsm:ListHapgs": {}, + "cloudhsm:ListHsms": {}, + "cloudhsm:ListLunaClients": {}, + "cloudhsm:ListTagsForResource": {}, + "cloudhsm:ModifyHapg": {}, + "cloudhsm:ModifyHsm": {}, + "cloudhsm:ModifyLunaClient": {}, + "cloudhsm:RemoveTagsFromResource": {}, + "cloudshell:CreateEnvironment": {}, + "cloudtrail:DeregisterOrganizationDelegatedAdmin": {}, + "cloudtrail:DescribeTrails": {}, + "cloudtrail:GetImport": {}, + "cloudtrail:ListChannels": {}, + "cloudtrail:ListEventDataStores": {}, + "cloudtrail:ListImportFailures": {}, + "cloudtrail:ListImports": {}, + "cloudtrail:ListPublicKeys": {}, + "cloudtrail:ListServiceLinkedChannels": {}, + "cloudtrail:ListTrails": {}, + "cloudtrail:LookupEvents": {}, + "cloudtrail:RegisterOrganizationDelegatedAdmin": {}, + "cloudtrail:StartImport": {}, + "cloudtrail:StopImport": {}, + "cloudwatch:BatchGetServiceLevelIndicatorReport": {}, + "cloudwatch:CreateServiceLevelObjective": {}, + "cloudwatch:DeleteAnomalyDetector": {}, + "cloudwatch:DescribeAlarmsForMetric": {}, + "cloudwatch:DescribeAnomalyDetectors": {}, + "cloudwatch:DescribeInsightRules": {}, + "cloudwatch:EnableTopologyDiscovery": {}, + "cloudwatch:GenerateQuery": {}, + "cloudwatch:GetMetricData": {}, + "cloudwatch:GetMetricStatistics": {}, + "cloudwatch:GetMetricWidgetImage": {}, + "cloudwatch:GetTopologyDiscoveryStatus": {}, + "cloudwatch:GetTopologyMap": {}, + "cloudwatch:Link": {}, + "cloudwatch:ListDashboards": {}, + "cloudwatch:ListManagedInsightRules": {}, + "cloudwatch:ListMetricStreams": {}, + "cloudwatch:ListMetrics": {}, + "cloudwatch:ListServiceLevelObjectives": {}, + "cloudwatch:ListServices": {}, + "cloudwatch:PutAnomalyDetector": {}, + "cloudwatch:PutManagedInsightRules": {}, + "cloudwatch:PutMetricData": {}, + "codeartifact:CreateDomain": {}, + "codeartifact:CreateRepository": {}, + "codeartifact:ListDomains": {}, + "codeartifact:ListRepositories": {}, + "codebuild:DeleteOAuthToken": {}, + "codebuild:DeleteSourceCredentials": {}, + "codebuild:ImportSourceCredentials": {}, + "codebuild:ListBuildBatches": {}, + "codebuild:ListBuilds": {}, + "codebuild:ListConnectedOAuthAccounts": {}, + "codebuild:ListCuratedEnvironmentImages": {}, + "codebuild:ListProjects": {}, + "codebuild:ListReportGroups": {}, + "codebuild:ListReports": {}, + "codebuild:ListRepositories": {}, + "codebuild:ListSharedProjects": {}, + "codebuild:ListSharedReportGroups": {}, + "codebuild:ListSourceCredentials": {}, + "codebuild:PersistOAuthToken": {}, + "codecatalyst:AcceptConnection": {}, + "codecatalyst:CreateIdentityCenterApplication": {}, + "codecatalyst:CreateSpace": {}, + "codecatalyst:GetPendingConnection": {}, + "codecatalyst:ListConnections": {}, + "codecatalyst:ListIdentityCenterApplications": {}, + "codecatalyst:ListIdentityCenterApplicationsForSpace": {}, + "codecatalyst:RejectConnection": {}, + "codecommit:CreateApprovalRuleTemplate": {}, + "codecommit:DeleteApprovalRuleTemplate": {}, + "codecommit:GetApprovalRuleTemplate": {}, + "codecommit:ListApprovalRuleTemplates": {}, + "codecommit:ListRepositories": {}, + "codecommit:ListRepositoriesForApprovalRuleTemplate": {}, + "codecommit:UpdateApprovalRuleTemplateContent": {}, + "codecommit:UpdateApprovalRuleTemplateDescription": {}, + "codecommit:UpdateApprovalRuleTemplateName": {}, + "codedeploy-commands-secure:GetDeploymentSpecification": {}, + "codedeploy-commands-secure:PollHostCommand": {}, + "codedeploy-commands-secure:PutHostCommandAcknowledgement": {}, + "codedeploy-commands-secure:PutHostCommandComplete": {}, + "codedeploy:BatchGetDeploymentTargets": {}, + "codedeploy:ContinueDeployment": {}, + "codedeploy:DeleteGitHubAccountToken": {}, + "codedeploy:DeleteResourcesByExternalId": {}, + "codedeploy:GetDeploymentTarget": {}, + "codedeploy:ListApplications": {}, + "codedeploy:ListDeploymentConfigs": {}, + "codedeploy:ListDeploymentTargets": {}, + "codedeploy:ListGitHubAccountTokenNames": {}, + "codedeploy:ListOnPremisesInstances": {}, + "codedeploy:PutLifecycleEventHookExecutionStatus": {}, + "codedeploy:SkipWaitTimeForInstanceTermination": {}, + "codedeploy:StopDeployment": {}, + "codeguru-profiler:CreateProfilingGroup": {}, + "codeguru-profiler:GetFindingsReportAccountSummary": {}, + "codeguru-profiler:ListProfilingGroups": {}, + "codeguru-reviewer:AssociateRepository": {}, + "codeguru-reviewer:CreateConnectionToken": {}, + "codeguru-reviewer:GetMetricsData": {}, + "codeguru-reviewer:ListCodeReviews": {}, + "codeguru-reviewer:ListRepositoryAssociations": {}, + "codeguru-reviewer:ListThirdPartyRepositories": {}, + "codeguru-security:DeleteScansByCategory": {}, + "codeguru-security:GetAccountConfiguration": {}, + "codeguru-security:GetMetricsSummary": {}, + "codeguru-security:ListFindings": {}, + "codeguru-security:ListFindingsMetrics": {}, + "codeguru-security:ListScans": {}, + "codeguru-security:UpdateAccountConfiguration": {}, + "codeguru:GetCodeGuruFreeTrialSummary": {}, + "codepipeline:AcknowledgeJob": {}, + "codepipeline:AcknowledgeThirdPartyJob": {}, + "codepipeline:GetActionType": {}, + "codepipeline:GetJobDetails": {}, + "codepipeline:GetThirdPartyJobDetails": {}, + "codepipeline:ListActionTypes": {}, + "codepipeline:ListPipelines": {}, + "codepipeline:PollForThirdPartyJobs": {}, + "codepipeline:PutJobFailureResult": {}, + "codepipeline:PutJobSuccessResult": {}, + "codepipeline:PutThirdPartyJobFailureResult": {}, + "codepipeline:PutThirdPartyJobSuccessResult": {}, + "codestar-connections:CreateConnection": {}, + "codestar-connections:CreateHost": {}, + "codestar-connections:DeleteSyncConfiguration": {}, + "codestar-connections:GetIndividualAccessToken": {}, + "codestar-connections:GetInstallationUrl": {}, + "codestar-connections:GetResourceSyncStatus": {}, + "codestar-connections:GetSyncBlockerSummary": {}, + "codestar-connections:GetSyncConfiguration": {}, + "codestar-connections:ListHosts": {}, + "codestar-connections:ListInstallationTargets": {}, + "codestar-connections:ListRepositoryLinks": {}, + "codestar-connections:ListRepositorySyncDefinitions": {}, + "codestar-connections:ListSyncConfigurations": {}, + "codestar-connections:RegisterAppCode": {}, + "codestar-connections:StartAppRegistrationHandshake": {}, + "codestar-connections:StartOAuthHandshake": {}, + "codestar-connections:UpdateSyncBlocker": {}, + "codestar-connections:UpdateSyncConfiguration": {}, + "codestar-notifications:DeleteTarget": {}, + "codestar-notifications:ListEventTypes": {}, + "codestar-notifications:ListNotificationRules": {}, + "codestar-notifications:ListTargets": {}, + "codestar:CreateProject": {}, + "codestar:DescribeUserProfile": {}, + "codestar:ListProjects": {}, + "codestar:ListUserProfiles": {}, + "codewhisperer:GenerateRecommendations": {}, + "codewhisperer:ListProfiles": {}, + "cognito-identity:CreateIdentityPool": {}, + "cognito-identity:DeleteIdentities": {}, + "cognito-identity:DescribeIdentity": {}, + "cognito-identity:GetCredentialsForIdentity": {}, + "cognito-identity:GetId": {}, + "cognito-identity:GetOpenIdToken": {}, + "cognito-identity:ListIdentityPools": {}, + "cognito-identity:SetIdentityPoolRoles": {}, + "cognito-identity:SetPrincipalTagAttributeMap": {}, + "cognito-identity:UnlinkIdentity": {}, + "cognito-idp:AssociateSoftwareToken": {}, + "cognito-idp:ChangePassword": {}, + "cognito-idp:ConfirmDevice": {}, + "cognito-idp:ConfirmForgotPassword": {}, + "cognito-idp:ConfirmSignUp": {}, + "cognito-idp:CreateUserPool": {}, + "cognito-idp:DeleteUser": {}, + "cognito-idp:DeleteUserAttributes": {}, + "cognito-idp:DescribeUserPoolDomain": {}, + "cognito-idp:ForgetDevice": {}, + "cognito-idp:ForgotPassword": {}, + "cognito-idp:GetDevice": {}, + "cognito-idp:GetUser": {}, + "cognito-idp:GetUserAttributeVerificationCode": {}, + "cognito-idp:GlobalSignOut": {}, + "cognito-idp:InitiateAuth": {}, + "cognito-idp:ListDevices": {}, + "cognito-idp:ListUserPools": {}, + "cognito-idp:ResendConfirmationCode": {}, + "cognito-idp:RespondToAuthChallenge": {}, + "cognito-idp:RevokeToken": {}, + "cognito-idp:SetUserMFAPreference": {}, + "cognito-idp:SetUserSettings": {}, + "cognito-idp:SignUp": {}, + "cognito-idp:UpdateDeviceStatus": {}, + "cognito-idp:UpdateUserAttributes": {}, + "cognito-idp:VerifySoftwareToken": {}, + "cognito-idp:VerifyUserAttribute": {}, + "comprehend:BatchDetectDominantLanguage": {}, + "comprehend:BatchDetectEntities": {}, + "comprehend:BatchDetectKeyPhrases": {}, + "comprehend:BatchDetectSentiment": {}, + "comprehend:BatchDetectSyntax": {}, + "comprehend:BatchDetectTargetedSentiment": {}, + "comprehend:ContainsPiiEntities": {}, + "comprehend:DetectDominantLanguage": {}, + "comprehend:DetectKeyPhrases": {}, + "comprehend:DetectPiiEntities": {}, + "comprehend:DetectSentiment": {}, + "comprehend:DetectSyntax": {}, + "comprehend:DetectTargetedSentiment": {}, + "comprehend:DetectToxicContent": {}, + "comprehend:ListDocumentClassificationJobs": {}, + "comprehend:ListDocumentClassifierSummaries": {}, + "comprehend:ListDocumentClassifiers": {}, + "comprehend:ListDominantLanguageDetectionJobs": {}, + "comprehend:ListEndpoints": {}, + "comprehend:ListEntitiesDetectionJobs": {}, + "comprehend:ListEntityRecognizerSummaries": {}, + "comprehend:ListEntityRecognizers": {}, + "comprehend:ListEventsDetectionJobs": {}, + "comprehend:ListFlywheels": {}, + "comprehend:ListKeyPhrasesDetectionJobs": {}, + "comprehend:ListPiiEntitiesDetectionJobs": {}, + "comprehend:ListSentimentDetectionJobs": {}, + "comprehend:ListTargetedSentimentDetectionJobs": {}, + "comprehend:ListTopicsDetectionJobs": {}, + "comprehendmedical:DescribeEntitiesDetectionV2Job": {}, + "comprehendmedical:DescribeICD10CMInferenceJob": {}, + "comprehendmedical:DescribePHIDetectionJob": {}, + "comprehendmedical:DescribeRxNormInferenceJob": {}, + "comprehendmedical:DescribeSNOMEDCTInferenceJob": {}, + "comprehendmedical:DetectEntitiesV2": {}, + "comprehendmedical:DetectPHI": {}, + "comprehendmedical:InferICD10CM": {}, + "comprehendmedical:InferRxNorm": {}, + "comprehendmedical:InferSNOMEDCT": {}, + "comprehendmedical:ListEntitiesDetectionV2Jobs": {}, + "comprehendmedical:ListICD10CMInferenceJobs": {}, + "comprehendmedical:ListPHIDetectionJobs": {}, + "comprehendmedical:ListRxNormInferenceJobs": {}, + "comprehendmedical:ListSNOMEDCTInferenceJobs": {}, + "comprehendmedical:StartEntitiesDetectionV2Job": {}, + "comprehendmedical:StartICD10CMInferenceJob": {}, + "comprehendmedical:StartPHIDetectionJob": {}, + "comprehendmedical:StartRxNormInferenceJob": {}, + "comprehendmedical:StartSNOMEDCTInferenceJob": {}, + "comprehendmedical:StopEntitiesDetectionV2Job": {}, + "comprehendmedical:StopICD10CMInferenceJob": {}, + "comprehendmedical:StopPHIDetectionJob": {}, + "comprehendmedical:StopRxNormInferenceJob": {}, + "comprehendmedical:StopSNOMEDCTInferenceJob": {}, + "compute-optimizer:DeleteRecommendationPreferences": {}, + "compute-optimizer:DescribeRecommendationExportJobs": {}, + "compute-optimizer:ExportAutoScalingGroupRecommendations": {}, + "compute-optimizer:ExportEBSVolumeRecommendations": {}, + "compute-optimizer:ExportEC2InstanceRecommendations": {}, + "compute-optimizer:ExportECSServiceRecommendations": {}, + "compute-optimizer:ExportLambdaFunctionRecommendations": {}, + "compute-optimizer:ExportLicenseRecommendations": {}, + "compute-optimizer:GetAutoScalingGroupRecommendations": {}, + "compute-optimizer:GetEBSVolumeRecommendations": {}, + "compute-optimizer:GetEC2InstanceRecommendations": {}, + "compute-optimizer:GetEC2RecommendationProjectedMetrics": {}, + "compute-optimizer:GetECSServiceRecommendationProjectedMetrics": {}, + "compute-optimizer:GetECSServiceRecommendations": {}, + "compute-optimizer:GetEffectiveRecommendationPreferences": {}, + "compute-optimizer:GetEnrollmentStatus": {}, + "compute-optimizer:GetEnrollmentStatusesForOrganization": {}, + "compute-optimizer:GetLambdaFunctionRecommendations": {}, + "compute-optimizer:GetLicenseRecommendations": {}, + "compute-optimizer:GetRecommendationPreferences": {}, + "compute-optimizer:GetRecommendationSummaries": {}, + "compute-optimizer:PutRecommendationPreferences": {}, + "compute-optimizer:UpdateEnrollmentStatus": {}, + "config:BatchGetResourceConfig": {}, + "config:DeleteConfigurationRecorder": {}, + "config:DeleteDeliveryChannel": {}, + "config:DeletePendingAggregationRequest": {}, + "config:DeleteRemediationExceptions": {}, + "config:DeleteResourceConfig": {}, + "config:DeleteRetentionConfiguration": {}, + "config:DeliverConfigSnapshot": {}, + "config:DescribeAggregationAuthorizations": {}, + "config:DescribeComplianceByConfigRule": {}, + "config:DescribeComplianceByResource": {}, + "config:DescribeConfigRuleEvaluationStatus": {}, + "config:DescribeConfigRules": {}, + "config:DescribeConfigurationAggregators": {}, + "config:DescribeConfigurationRecorderStatus": {}, + "config:DescribeConfigurationRecorders": {}, + "config:DescribeConformancePackStatus": {}, + "config:DescribeConformancePacks": {}, + "config:DescribeDeliveryChannelStatus": {}, + "config:DescribeDeliveryChannels": {}, + "config:DescribeOrganizationConfigRuleStatuses": {}, + "config:DescribeOrganizationConfigRules": {}, + "config:DescribeOrganizationConformancePackStatuses": {}, + "config:DescribeOrganizationConformancePacks": {}, + "config:DescribePendingAggregationRequests": {}, + "config:DescribeRemediationExceptions": {}, + "config:DescribeRetentionConfigurations": {}, + "config:GetComplianceDetailsByResource": {}, + "config:GetComplianceSummaryByConfigRule": {}, + "config:GetComplianceSummaryByResourceType": {}, + "config:GetDiscoveredResourceCounts": {}, + "config:GetResourceConfigHistory": {}, + "config:GetResourceEvaluationSummary": {}, + "config:ListConformancePackComplianceScores": {}, + "config:ListDiscoveredResources": {}, + "config:ListResourceEvaluations": {}, + "config:ListStoredQueries": {}, + "config:PutConfigurationRecorder": {}, + "config:PutDeliveryChannel": {}, + "config:PutEvaluations": {}, + "config:PutRemediationExceptions": {}, + "config:PutResourceConfig": {}, + "config:PutRetentionConfiguration": {}, + "config:SelectResourceConfig": {}, + "config:StartConfigurationRecorder": {}, + "config:StartRemediationExecution": {}, + "config:StartResourceEvaluation": {}, + "config:StopConfigurationRecorder": {}, + "connect-campaigns:DeleteConnectInstanceConfig": {}, + "connect-campaigns:DeleteInstanceOnboardingJob": {}, + "connect-campaigns:GetConnectInstanceConfig": {}, + "connect-campaigns:GetInstanceOnboardingJobStatus": {}, + "connect-campaigns:ListCampaigns": {}, + "connect-campaigns:StartInstanceOnboardingJob": {}, + "connect:CreateInstance": {}, + "connect:ListInstances": {}, + "connect:SendChatIntegrationEvent": {}, + "consoleapp:ListDeviceIdentities": {}, + "consolidatedbilling:GetAccountBillingRole": {}, + "consolidatedbilling:ListLinkedAccounts": {}, + "controltower:CreateLandingZone": {}, + "controltower:CreateManagedAccount": {}, + "controltower:DeregisterManagedAccount": {}, + "controltower:DeregisterOrganizationalUnit": {}, + "controltower:DescribeAccountFactoryConfig": {}, + "controltower:DescribeCoreService": {}, + "controltower:DescribeGuardrail": {}, + "controltower:DescribeGuardrailForTarget": {}, + "controltower:DescribeLandingZoneConfiguration": {}, + "controltower:DescribeManagedAccount": {}, + "controltower:DescribeManagedOrganizationalUnit": {}, + "controltower:DescribeRegisterOrganizationalUnitOperation": {}, + "controltower:DescribeSingleSignOn": {}, + "controltower:DisableGuardrail": {}, + "controltower:EnableGuardrail": {}, + "controltower:GetAccountInfo": {}, + "controltower:GetAvailableUpdates": {}, + "controltower:GetControlOperation": {}, + "controltower:GetGuardrailComplianceStatus": {}, + "controltower:GetHomeRegion": {}, + "controltower:GetLandingZoneDriftStatus": {}, + "controltower:GetLandingZoneOperation": {}, + "controltower:GetLandingZoneStatus": {}, + "controltower:ListDirectoryGroups": {}, + "controltower:ListDriftDetails": {}, + "controltower:ListEnabledControls": {}, + "controltower:ListEnabledGuardrails": {}, + "controltower:ListExtendGovernancePrecheckDetails": {}, + "controltower:ListExternalConfigRuleCompliance": {}, + "controltower:ListGuardrailViolations": {}, + "controltower:ListGuardrails": {}, + "controltower:ListGuardrailsForTarget": {}, + "controltower:ListLandingZones": {}, + "controltower:ListManagedAccounts": {}, + "controltower:ListManagedAccountsForGuardrail": {}, + "controltower:ListManagedAccountsForParent": {}, + "controltower:ListManagedOrganizationalUnits": {}, + "controltower:ListManagedOrganizationalUnitsForGuardrail": {}, + "controltower:ManageOrganizationalUnit": {}, + "controltower:PerformPreLaunchChecks": {}, + "controltower:SetupLandingZone": {}, + "controltower:UpdateAccountFactoryConfig": {}, + "cost-optimization-hub:GetPreferences": {}, + "cost-optimization-hub:GetRecommendation": {}, + "cost-optimization-hub:ListEnrollmentStatuses": {}, + "cost-optimization-hub:ListRecommendationSummaries": {}, + "cost-optimization-hub:ListRecommendations": {}, + "cost-optimization-hub:UpdateEnrollmentStatus": {}, + "cost-optimization-hub:UpdatePreferences": {}, + "cur:DescribeReportDefinitions": {}, + "cur:GetClassicReport": {}, + "cur:GetClassicReportPreferences": {}, + "cur:GetUsageReport": {}, + "cur:PutClassicReportPreferences": {}, + "cur:ValidateReportDestination": {}, + "customer-verification:CreateCustomerVerificationDetails": {}, + "customer-verification:GetCustomerVerificationDetails": {}, + "customer-verification:GetCustomerVerificationEligibility": {}, + "customer-verification:UpdateCustomerVerificationDetails": {}, + "databrew:CreateDataset": {}, + "databrew:CreateProfileJob": {}, + "databrew:CreateProject": {}, + "databrew:CreateRecipe": {}, + "databrew:CreateRecipeJob": {}, + "databrew:CreateRuleset": {}, + "databrew:CreateSchedule": {}, + "databrew:ListDatasets": {}, + "databrew:ListJobs": {}, + "databrew:ListProjects": {}, + "databrew:ListRecipes": {}, + "databrew:ListRulesets": {}, + "databrew:ListSchedules": {}, + "dataexchange:CreateDataSet": {}, + "dataexchange:CreateEventAction": {}, + "dataexchange:CreateJob": {}, + "dataexchange:ListDataSets": {}, + "dataexchange:ListEventActions": {}, + "dataexchange:ListJobs": {}, + "datapipeline:CreatePipeline": {}, + "datapipeline:GetAccountLimits": {}, + "datapipeline:ListPipelines": {}, + "datapipeline:PollForTask": {}, + "datapipeline:PutAccountLimits": {}, + "datapipeline:ReportTaskRunnerHeartbeat": {}, + "datasync:CreateAgent": {}, + "datasync:CreateLocationAzureBlob": {}, + "datasync:CreateLocationEfs": {}, + "datasync:CreateLocationFsxLustre": {}, + "datasync:CreateLocationFsxOntap": {}, + "datasync:CreateLocationFsxOpenZfs": {}, + "datasync:CreateLocationFsxWindows": {}, + "datasync:CreateLocationHdfs": {}, + "datasync:CreateLocationNfs": {}, + "datasync:CreateLocationObjectStorage": {}, + "datasync:CreateLocationS3": {}, + "datasync:CreateLocationSmb": {}, + "datasync:ListAgents": {}, + "datasync:ListDiscoveryJobs": {}, + "datasync:ListLocations": {}, + "datasync:ListStorageSystems": {}, + "datasync:ListTaskExecutions": {}, + "datasync:ListTasks": {}, + "datazone:AcceptPredictions": {}, + "datazone:AcceptSubscriptionRequest": {}, + "datazone:CancelSubscription": {}, + "datazone:CreateAsset": {}, + "datazone:CreateAssetRevision": {}, + "datazone:CreateAssetType": {}, + "datazone:CreateDataSource": {}, + "datazone:CreateDomain": {}, + "datazone:CreateEnvironment": {}, + "datazone:CreateEnvironmentBlueprint": {}, + "datazone:CreateEnvironmentProfile": {}, + "datazone:CreateFormType": {}, + "datazone:CreateGlossary": {}, + "datazone:CreateGlossaryTerm": {}, + "datazone:CreateGroupProfile": {}, + "datazone:CreateListingChangeSet": {}, + "datazone:CreateProject": {}, + "datazone:CreateProjectMembership": {}, + "datazone:CreateSubscriptionGrant": {}, + "datazone:CreateSubscriptionRequest": {}, + "datazone:CreateSubscriptionTarget": {}, + "datazone:CreateUserProfile": {}, + "datazone:DeleteAsset": {}, + "datazone:DeleteAssetType": {}, + "datazone:DeleteDataSource": {}, + "datazone:DeleteDomainSharingPolicy": {}, + "datazone:DeleteEnvironment": {}, + "datazone:DeleteEnvironmentBlueprint": {}, + "datazone:DeleteEnvironmentBlueprintConfiguration": {}, + "datazone:DeleteEnvironmentProfile": {}, + "datazone:DeleteFormType": {}, + "datazone:DeleteGlossary": {}, + "datazone:DeleteGlossaryTerm": {}, + "datazone:DeleteListing": {}, + "datazone:DeleteProject": {}, + "datazone:DeleteProjectMembership": {}, + "datazone:DeleteSubscriptionGrant": {}, + "datazone:DeleteSubscriptionRequest": {}, + "datazone:DeleteSubscriptionTarget": {}, + "datazone:GetAsset": {}, + "datazone:GetAssetType": {}, + "datazone:GetDataSource": {}, + "datazone:GetDataSourceRun": {}, + "datazone:GetDomainSharingPolicy": {}, + "datazone:GetEnvironment": {}, + "datazone:GetEnvironmentActionLink": {}, + "datazone:GetEnvironmentBlueprint": {}, + "datazone:GetEnvironmentBlueprintConfiguration": {}, + "datazone:GetEnvironmentCredentials": {}, + "datazone:GetEnvironmentProfile": {}, + "datazone:GetFormType": {}, + "datazone:GetGlossary": {}, + "datazone:GetGlossaryTerm": {}, + "datazone:GetGroupProfile": {}, + "datazone:GetIamPortalLoginUrl": {}, + "datazone:GetListing": {}, + "datazone:GetMetadataGenerationRun": {}, + "datazone:GetProject": {}, + "datazone:GetSubscription": {}, + "datazone:GetSubscriptionEligibility": {}, + "datazone:GetSubscriptionGrant": {}, + "datazone:GetSubscriptionRequestDetails": {}, + "datazone:GetSubscriptionTarget": {}, + "datazone:GetUserProfile": {}, + "datazone:ListAccountEnvironments": {}, + "datazone:ListAssetRevisions": {}, + "datazone:ListDataSourceRunActivities": {}, + "datazone:ListDataSourceRuns": {}, + "datazone:ListDataSources": {}, + "datazone:ListDomains": {}, + "datazone:ListEnvironmentBlueprintConfigurations": {}, + "datazone:ListEnvironmentBlueprints": {}, + "datazone:ListEnvironmentProfiles": {}, + "datazone:ListEnvironments": {}, + "datazone:ListGroupsForUser": {}, + "datazone:ListMetadataGenerationRuns": {}, + "datazone:ListNotifications": {}, + "datazone:ListProjectMemberships": {}, + "datazone:ListProjects": {}, + "datazone:ListSubscriptionGrants": {}, + "datazone:ListSubscriptionRequests": {}, + "datazone:ListSubscriptionTargets": {}, + "datazone:ListSubscriptions": {}, + "datazone:ListWarehouseMetadata": {}, + "datazone:ProvisionDomain": {}, + "datazone:PutDomainSharingPolicy": {}, + "datazone:PutEnvironmentBlueprintConfiguration": {}, + "datazone:RefreshToken": {}, + "datazone:RejectPredictions": {}, + "datazone:RejectSubscriptionRequest": {}, + "datazone:RevokeSubscription": {}, + "datazone:Search": {}, + "datazone:SearchGroupProfiles": {}, + "datazone:SearchListings": {}, + "datazone:SearchTypes": {}, + "datazone:SearchUserProfiles": {}, + "datazone:SsoLogin": {}, + "datazone:SsoLogout": {}, + "datazone:StartDataSourceRun": {}, + "datazone:StartMetadataGenerationRun": {}, + "datazone:StopMetadataGenerationRun": {}, + "datazone:UpdateDataSource": {}, + "datazone:UpdateEnvironment": {}, + "datazone:UpdateEnvironmentBlueprint": {}, + "datazone:UpdateEnvironmentConfiguration": {}, + "datazone:UpdateEnvironmentDeploymentStatus": {}, + "datazone:UpdateEnvironmentProfile": {}, + "datazone:UpdateGlossary": {}, + "datazone:UpdateGlossaryTerm": {}, + "datazone:UpdateGroupProfile": {}, + "datazone:UpdateProject": {}, + "datazone:UpdateSubscriptionGrantStatus": {}, + "datazone:UpdateSubscriptionRequest": {}, + "datazone:UpdateSubscriptionTarget": {}, + "datazone:UpdateUserProfile": {}, + "datazone:ValidatePassRole": {}, + "dax:CreateParameterGroup": {}, + "dax:CreateSubnetGroup": {}, + "dax:DeleteParameterGroup": {}, + "dax:DeleteSubnetGroup": {}, + "dax:DescribeDefaultParameters": {}, + "dax:DescribeEvents": {}, + "dax:DescribeParameterGroups": {}, + "dax:DescribeParameters": {}, + "dax:DescribeSubnetGroups": {}, + "dax:UpdateParameterGroup": {}, + "dax:UpdateSubnetGroup": {}, + "dbqms:CreateFavoriteQuery": {}, + "dbqms:CreateTab": {}, + "dbqms:DeleteFavoriteQueries": {}, + "dbqms:DeleteQueryHistory": {}, + "dbqms:DeleteTab": {}, + "dbqms:DescribeFavoriteQueries": {}, + "dbqms:DescribeQueryHistory": {}, + "dbqms:DescribeTabs": {}, + "dbqms:GetQueryString": {}, + "dbqms:UpdateFavoriteQuery": {}, + "dbqms:UpdateQueryHistory": {}, + "dbqms:UpdateTab": {}, + "deepcomposer:AssociateCoupon": {}, + "deepracer:AdminGetAccountConfig": {}, + "deepracer:AdminListAssociatedResources": {}, + "deepracer:AdminListAssociatedUsers": {}, + "deepracer:AdminManageUser": {}, + "deepracer:AdminSetAccountConfig": {}, + "deepracer:CreateCar": {}, + "deepracer:CreateLeaderboard": {}, + "deepracer:GetAccountConfig": {}, + "deepracer:GetAlias": {}, + "deepracer:GetCars": {}, + "deepracer:ImportModel": {}, + "deepracer:ListLeaderboards": {}, + "deepracer:ListModels": {}, + "deepracer:ListPrivateLeaderboards": {}, + "deepracer:ListSubscribedPrivateLeaderboards": {}, + "deepracer:ListTracks": {}, + "deepracer:MigrateModels": {}, + "deepracer:SetAlias": {}, + "deepracer:TestRewardFunction": {}, + "detective:AcceptInvitation": {}, + "detective:BatchGetMembershipDatasources": {}, + "detective:CreateGraph": {}, + "detective:DisableOrganizationAdminAccount": {}, + "detective:DisassociateMembership": {}, + "detective:EnableOrganizationAdminAccount": {}, + "detective:GetPricingInformation": {}, + "detective:ListGraphs": {}, + "detective:ListInvitations": {}, + "detective:ListOrganizationAdminAccount": {}, + "detective:RejectInvitation": {}, + "devicefarm:CreateInstanceProfile": {}, + "devicefarm:CreateProject": {}, + "devicefarm:CreateTestGridProject": {}, + "devicefarm:CreateVPCEConfiguration": {}, + "devicefarm:GetAccountSettings": {}, + "devicefarm:GetOfferingStatus": {}, + "devicefarm:ListDeviceInstances": {}, + "devicefarm:ListDevices": {}, + "devicefarm:ListInstanceProfiles": {}, + "devicefarm:ListOfferingPromotions": {}, + "devicefarm:ListOfferingTransactions": {}, + "devicefarm:ListOfferings": {}, + "devicefarm:ListProjects": {}, + "devicefarm:ListTestGridProjects": {}, + "devicefarm:ListVPCEConfigurations": {}, + "devicefarm:PurchaseOffering": {}, + "devicefarm:RenewOffering": {}, + "devops-guru:DeleteInsight": {}, + "devops-guru:DescribeAccountHealth": {}, + "devops-guru:DescribeAccountOverview": {}, + "devops-guru:DescribeAnomaly": {}, + "devops-guru:DescribeEventSourcesConfig": {}, + "devops-guru:DescribeFeedback": {}, + "devops-guru:DescribeInsight": {}, + "devops-guru:DescribeOrganizationHealth": {}, + "devops-guru:DescribeOrganizationOverview": {}, + "devops-guru:DescribeOrganizationResourceCollectionHealth": {}, + "devops-guru:DescribeResourceCollectionHealth": {}, + "devops-guru:DescribeServiceIntegration": {}, + "devops-guru:GetCostEstimation": {}, + "devops-guru:GetResourceCollection": {}, + "devops-guru:ListAnomaliesForInsight": {}, + "devops-guru:ListAnomalousLogGroups": {}, + "devops-guru:ListEvents": {}, + "devops-guru:ListInsights": {}, + "devops-guru:ListMonitoredResources": {}, + "devops-guru:ListNotificationChannels": {}, + "devops-guru:ListOrganizationInsights": {}, + "devops-guru:ListRecommendations": {}, + "devops-guru:PutFeedback": {}, + "devops-guru:SearchInsights": {}, + "devops-guru:SearchOrganizationInsights": {}, + "devops-guru:StartCostEstimation": {}, + "devops-guru:UpdateEventSourcesConfig": {}, + "devops-guru:UpdateResourceCollection": {}, + "devops-guru:UpdateServiceIntegration": {}, + "directconnect:ConfirmCustomerAgreement": {}, + "directconnect:CreateDirectConnectGateway": {}, + "directconnect:DeleteDirectConnectGatewayAssociationProposal": {}, + "directconnect:DescribeCustomerMetadata": {}, + "directconnect:DescribeLocations": {}, + "directconnect:DescribeVirtualGateways": {}, + "directconnect:UpdateDirectConnectGatewayAssociation": {}, + "discovery:AssociateConfigurationItemsToApplication": {}, + "discovery:BatchDeleteAgents": {}, + "discovery:BatchDeleteImportData": {}, + "discovery:CreateApplication": {}, + "discovery:CreateTags": {}, + "discovery:DeleteApplications": {}, + "discovery:DeleteTags": {}, + "discovery:DescribeAgents": {}, + "discovery:DescribeBatchDeleteConfigurationTask": {}, + "discovery:DescribeConfigurations": {}, + "discovery:DescribeContinuousExports": {}, + "discovery:DescribeExportConfigurations": {}, + "discovery:DescribeExportTasks": {}, + "discovery:DescribeImportTasks": {}, + "discovery:DescribeTags": {}, + "discovery:DisassociateConfigurationItemsFromApplication": {}, + "discovery:ExportConfigurations": {}, + "discovery:GetDiscoverySummary": {}, + "discovery:GetNetworkConnectionGraph": {}, + "discovery:ListConfigurations": {}, + "discovery:ListServerNeighbors": {}, + "discovery:StartBatchDeleteConfigurationTask": {}, + "discovery:StartContinuousExport": {}, + "discovery:StartDataCollectionByAgentIds": {}, + "discovery:StartExportTask": {}, + "discovery:StartImportTask": {}, + "discovery:StopContinuousExport": {}, + "discovery:StopDataCollectionByAgentIds": {}, + "discovery:UpdateApplication": {}, + "dlm:CreateLifecyclePolicy": {}, + "dlm:GetLifecyclePolicies": {}, + "dms:BatchStartRecommendations": {}, + "dms:CreateDataProvider": {}, + "dms:CreateEndpoint": {}, + "dms:CreateEventSubscription": {}, + "dms:CreateFleetAdvisorCollector": {}, + "dms:CreateInstanceProfile": {}, + "dms:CreateReplicationInstance": {}, + "dms:CreateReplicationSubnetGroup": {}, + "dms:DeleteFleetAdvisorCollector": {}, + "dms:DeleteFleetAdvisorDatabases": {}, + "dms:DescribeAccountAttributes": {}, + "dms:DescribeCertificates": {}, + "dms:DescribeConnections": {}, + "dms:DescribeDataMigrations": {}, + "dms:DescribeEndpointSettings": {}, + "dms:DescribeEndpointTypes": {}, + "dms:DescribeEndpoints": {}, + "dms:DescribeEngineVersions": {}, + "dms:DescribeEventCategories": {}, + "dms:DescribeEventSubscriptions": {}, + "dms:DescribeEvents": {}, + "dms:DescribeFleetAdvisorCollectors": {}, + "dms:DescribeFleetAdvisorDatabases": {}, + "dms:DescribeFleetAdvisorLsaAnalysis": {}, + "dms:DescribeFleetAdvisorSchemaObjectSummary": {}, + "dms:DescribeFleetAdvisorSchemas": {}, + "dms:DescribeOrderableReplicationInstances": {}, + "dms:DescribePendingMaintenanceActions": {}, + "dms:DescribeRecommendationLimitations": {}, + "dms:DescribeRecommendations": {}, + "dms:DescribeReplicationConfigs": {}, + "dms:DescribeReplicationInstances": {}, + "dms:DescribeReplicationSubnetGroups": {}, + "dms:DescribeReplicationTasks": {}, + "dms:DescribeReplications": {}, + "dms:ImportCertificate": {}, + "dms:ModifyEventSubscription": {}, + "dms:ModifyFleetAdvisorCollector": {}, + "dms:ModifyFleetAdvisorCollectorStatuses": {}, + "dms:ModifyReplicationSubnetGroup": {}, + "dms:RunFleetAdvisorLsaAnalysis": {}, + "dms:StartRecommendations": {}, + "dms:UpdateSubscriptionsToEventBridge": {}, + "dms:UploadFileMetadataList": {}, + "docdb-elastic:CreateCluster": {}, + "docdb-elastic:ListClusterSnapshots": {}, + "docdb-elastic:ListClusters": {}, + "drs:BatchDeleteSnapshotRequestForDrs": {}, + "drs:CreateExtendedSourceServer": {}, + "drs:CreateLaunchConfigurationTemplate": {}, + "drs:CreateReplicationConfigurationTemplate": {}, + "drs:CreateSourceNetwork": {}, + "drs:CreateSourceServerForDrs": {}, + "drs:DescribeJobs": {}, + "drs:DescribeLaunchConfigurationTemplates": {}, + "drs:DescribeRecoveryInstances": {}, + "drs:DescribeReplicationConfigurationTemplates": {}, + "drs:DescribeReplicationServerAssociationsForDrs": {}, + "drs:DescribeSnapshotRequestsForDrs": {}, + "drs:DescribeSourceNetworks": {}, + "drs:DescribeSourceServers": {}, + "drs:GetAgentInstallationAssetsForDrs": {}, + "drs:GetChannelCommandsForDrs": {}, + "drs:InitializeService": {}, + "drs:ListExtensibleSourceServers": {}, + "drs:ListStagingAccounts": {}, + "drs:ListTagsForResource": {}, + "drs:SendChannelCommandResultForDrs": {}, + "drs:SendClientLogsForDrs": {}, + "drs:SendClientMetricsForDrs": {}, + "ds:CheckAlias": {}, + "ds:ConnectDirectory": {}, + "ds:CreateDirectory": {}, + "ds:CreateIdentityPoolDirectory": {}, + "ds:CreateMicrosoftAD": {}, + "ds:DescribeDirectories": {}, + "ds:DescribeSnapshots": {}, + "ds:DescribeTrusts": {}, + "ds:GetDirectoryLimits": {}, + "ds:ListLogSubscriptions": {}, + "dynamodb:DescribeEndpoints": {}, + "dynamodb:DescribeLimits": {}, + "dynamodb:DescribeReservedCapacity": {}, + "dynamodb:DescribeReservedCapacityOfferings": {}, + "dynamodb:ListBackups": {}, + "dynamodb:ListContributorInsights": {}, + "dynamodb:ListExports": {}, + "dynamodb:ListGlobalTables": {}, + "dynamodb:ListImports": {}, + "dynamodb:ListStreams": {}, + "dynamodb:ListTables": {}, + "dynamodb:PurchaseReservedCapacityOfferings": {}, + "ec2:AcceptReservedInstancesExchangeQuote": {}, + "ec2:AdvertiseByoipCidr": {}, + "ec2:AssociateIpamByoasn": {}, + "ec2:AssociateTrunkInterface": {}, + "ec2:BundleInstance": {}, + "ec2:CancelBundleTask": {}, + "ec2:CancelConversionTask": {}, + "ec2:CancelReservedInstancesListing": {}, + "ec2:ConfirmProductInstance": {}, + "ec2:CreateDefaultSubnet": {}, + "ec2:CreateDefaultVpc": {}, + "ec2:CreateReservedInstancesListing": {}, + "ec2:CreateSpotDatafeedSubscription": {}, + "ec2:CreateSubnetCidrReservation": {}, + "ec2:DeleteQueuedReservedInstances": {}, + "ec2:DeleteSpotDatafeedSubscription": {}, + "ec2:DeleteSubnetCidrReservation": {}, + "ec2:DeprovisionByoipCidr": {}, + "ec2:DeregisterInstanceEventNotificationAttributes": {}, + "ec2:DescribeAccountAttributes": {}, + "ec2:DescribeAddressTransfers": {}, + "ec2:DescribeAddresses": {}, + "ec2:DescribeAggregateIdFormat": {}, + "ec2:DescribeAvailabilityZones": {}, + "ec2:DescribeAwsNetworkPerformanceMetricSubscriptions": {}, + "ec2:DescribeBundleTasks": {}, + "ec2:DescribeByoipCidrs": {}, + "ec2:DescribeCapacityBlockOfferings": {}, + "ec2:DescribeCapacityReservationFleets": {}, + "ec2:DescribeCapacityReservations": {}, + "ec2:DescribeCarrierGateways": {}, + "ec2:DescribeClassicLinkInstances": {}, + "ec2:DescribeCoipPools": {}, + "ec2:DescribeConversionTasks": {}, + "ec2:DescribeCustomerGateways": {}, + "ec2:DescribeDhcpOptions": {}, + "ec2:DescribeEgressOnlyInternetGateways": {}, + "ec2:DescribeElasticGpus": {}, + "ec2:DescribeExportImageTasks": {}, + "ec2:DescribeExportTasks": {}, + "ec2:DescribeFastLaunchImages": {}, + "ec2:DescribeFastSnapshotRestores": {}, + "ec2:DescribeFleets": {}, + "ec2:DescribeFlowLogs": {}, + "ec2:DescribeFpgaImages": {}, + "ec2:DescribeHostReservationOfferings": {}, + "ec2:DescribeHostReservations": {}, + "ec2:DescribeHosts": {}, + "ec2:DescribeIamInstanceProfileAssociations": {}, + "ec2:DescribeIdFormat": {}, + "ec2:DescribeIdentityIdFormat": {}, + "ec2:DescribeImages": {}, + "ec2:DescribeImportImageTasks": {}, + "ec2:DescribeImportSnapshotTasks": {}, + "ec2:DescribeInstanceConnectEndpoints": {}, + "ec2:DescribeInstanceCreditSpecifications": {}, + "ec2:DescribeInstanceEventNotificationAttributes": {}, + "ec2:DescribeInstanceEventWindows": {}, + "ec2:DescribeInstanceStatus": {}, + "ec2:DescribeInstanceTopology": {}, + "ec2:DescribeInstanceTypeOfferings": {}, + "ec2:DescribeInstanceTypes": {}, + "ec2:DescribeInstances": {}, + "ec2:DescribeInternetGateways": {}, + "ec2:DescribeIpamByoasn": {}, + "ec2:DescribeIpamPools": {}, + "ec2:DescribeIpamResourceDiscoveries": {}, + "ec2:DescribeIpamResourceDiscoveryAssociations": {}, + "ec2:DescribeIpamScopes": {}, + "ec2:DescribeIpams": {}, + "ec2:DescribeIpv6Pools": {}, + "ec2:DescribeKeyPairs": {}, + "ec2:DescribeLaunchTemplateVersions": {}, + "ec2:DescribeLaunchTemplates": {}, + "ec2:DescribeLocalGatewayRouteTablePermissions": {}, + "ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations": {}, + "ec2:DescribeLocalGatewayRouteTableVpcAssociations": {}, + "ec2:DescribeLocalGatewayRouteTables": {}, + "ec2:DescribeLocalGatewayVirtualInterfaceGroups": {}, + "ec2:DescribeLocalGatewayVirtualInterfaces": {}, + "ec2:DescribeLocalGateways": {}, + "ec2:DescribeLockedSnapshots": {}, + "ec2:DescribeManagedPrefixLists": {}, + "ec2:DescribeMovingAddresses": {}, + "ec2:DescribeNatGateways": {}, + "ec2:DescribeNetworkAcls": {}, + "ec2:DescribeNetworkInsightsAccessScopeAnalyses": {}, + "ec2:DescribeNetworkInsightsAccessScopes": {}, + "ec2:DescribeNetworkInsightsAnalyses": {}, + "ec2:DescribeNetworkInsightsPaths": {}, + "ec2:DescribeNetworkInterfaceAttribute": {}, + "ec2:DescribeNetworkInterfacePermissions": {}, + "ec2:DescribeNetworkInterfaces": {}, + "ec2:DescribePlacementGroups": {}, + "ec2:DescribePrefixLists": {}, + "ec2:DescribePrincipalIdFormat": {}, + "ec2:DescribePublicIpv4Pools": {}, + "ec2:DescribeRegions": {}, + "ec2:DescribeReplaceRootVolumeTasks": {}, + "ec2:DescribeReservedInstances": {}, + "ec2:DescribeReservedInstancesListings": {}, + "ec2:DescribeReservedInstancesModifications": {}, + "ec2:DescribeReservedInstancesOfferings": {}, + "ec2:DescribeRouteTables": {}, + "ec2:DescribeScheduledInstanceAvailability": {}, + "ec2:DescribeScheduledInstances": {}, + "ec2:DescribeSecurityGroupReferences": {}, + "ec2:DescribeSecurityGroupRules": {}, + "ec2:DescribeSecurityGroups": {}, + "ec2:DescribeSnapshotTierStatus": {}, + "ec2:DescribeSnapshots": {}, + "ec2:DescribeSpotDatafeedSubscription": {}, + "ec2:DescribeSpotFleetRequests": {}, + "ec2:DescribeSpotInstanceRequests": {}, + "ec2:DescribeSpotPriceHistory": {}, + "ec2:DescribeStaleSecurityGroups": {}, + "ec2:DescribeStoreImageTasks": {}, + "ec2:DescribeSubnets": {}, + "ec2:DescribeTags": {}, + "ec2:DescribeTrafficMirrorFilters": {}, + "ec2:DescribeTrafficMirrorSessions": {}, + "ec2:DescribeTrafficMirrorTargets": {}, + "ec2:DescribeTransitGatewayAttachments": {}, + "ec2:DescribeTransitGatewayConnectPeers": {}, + "ec2:DescribeTransitGatewayConnects": {}, + "ec2:DescribeTransitGatewayMulticastDomains": {}, + "ec2:DescribeTransitGatewayPeeringAttachments": {}, + "ec2:DescribeTransitGatewayPolicyTables": {}, + "ec2:DescribeTransitGatewayRouteTableAnnouncements": {}, + "ec2:DescribeTransitGatewayRouteTables": {}, + "ec2:DescribeTransitGatewayVpcAttachments": {}, + "ec2:DescribeTransitGateways": {}, + "ec2:DescribeTrunkInterfaceAssociations": {}, + "ec2:DescribeVerifiedAccessEndpoints": {}, + "ec2:DescribeVerifiedAccessGroups": {}, + "ec2:DescribeVerifiedAccessInstanceLoggingConfigurations": {}, + "ec2:DescribeVerifiedAccessInstanceWebAclAssociations": {}, + "ec2:DescribeVerifiedAccessInstances": {}, + "ec2:DescribeVerifiedAccessTrustProviders": {}, + "ec2:DescribeVolumeStatus": {}, + "ec2:DescribeVolumes": {}, + "ec2:DescribeVolumesModifications": {}, + "ec2:DescribeVpcClassicLink": {}, + "ec2:DescribeVpcClassicLinkDnsSupport": {}, + "ec2:DescribeVpcEndpointConnectionNotifications": {}, + "ec2:DescribeVpcEndpointConnections": {}, + "ec2:DescribeVpcEndpointServiceConfigurations": {}, + "ec2:DescribeVpcEndpointServices": {}, + "ec2:DescribeVpcEndpoints": {}, + "ec2:DescribeVpcPeeringConnections": {}, + "ec2:DescribeVpcs": {}, + "ec2:DescribeVpnConnections": {}, + "ec2:DescribeVpnGateways": {}, + "ec2:DisableAwsNetworkPerformanceMetricSubscription": {}, + "ec2:DisableEbsEncryptionByDefault": {}, + "ec2:DisableImageBlockPublicAccess": {}, + "ec2:DisableIpamOrganizationAdminAccount": {}, + "ec2:DisableSerialConsoleAccess": {}, + "ec2:DisableSnapshotBlockPublicAccess": {}, + "ec2:DisassociateIpamByoasn": {}, + "ec2:DisassociateTrunkInterface": {}, + "ec2:EnableAwsNetworkPerformanceMetricSubscription": {}, + "ec2:EnableEbsEncryptionByDefault": {}, + "ec2:EnableImageBlockPublicAccess": {}, + "ec2:EnableIpamOrganizationAdminAccount": {}, + "ec2:EnableReachabilityAnalyzerOrganizationSharing": {}, + "ec2:EnableSerialConsoleAccess": {}, + "ec2:EnableSnapshotBlockPublicAccess": {}, + "ec2:ExportTransitGatewayRoutes": {}, + "ec2:GetAssociatedIpv6PoolCidrs": {}, + "ec2:GetAwsNetworkPerformanceData": {}, + "ec2:GetDefaultCreditSpecification": {}, + "ec2:GetEbsDefaultKmsKeyId": {}, + "ec2:GetEbsEncryptionByDefault": {}, + "ec2:GetHostReservationPurchasePreview": {}, + "ec2:GetImageBlockPublicAccessState": {}, + "ec2:GetInstanceTypesFromInstanceRequirements": {}, + "ec2:GetReservedInstancesExchangeQuote": {}, + "ec2:GetSerialConsoleAccessStatus": {}, + "ec2:GetSnapshotBlockPublicAccessState": {}, + "ec2:GetSpotPlacementScores": {}, + "ec2:GetSubnetCidrReservations": {}, + "ec2:GetTransitGatewayAttachmentPropagations": {}, + "ec2:GetTransitGatewayPrefixListReferences": {}, + "ec2:GetTransitGatewayRouteTableAssociations": {}, + "ec2:GetTransitGatewayRouteTablePropagations": {}, + "ec2:GetVpnConnectionDeviceTypes": {}, + "ec2:InjectApiError": {}, + "ec2:ListImagesInRecycleBin": {}, + "ec2:ListSnapshotsInRecycleBin": {}, + "ec2:ModifyAvailabilityZoneGroup": {}, + "ec2:ModifyDefaultCreditSpecification": {}, + "ec2:ModifyEbsDefaultKmsKeyId": {}, + "ec2:ModifyIdFormat": {}, + "ec2:ModifyIdentityIdFormat": {}, + "ec2:MoveAddressToVpc": {}, + "ec2:ProvisionByoipCidr": {}, + "ec2:PurchaseReservedInstancesOffering": {}, + "ec2:PurchaseScheduledInstances": {}, + "ec2:RegisterInstanceEventNotificationAttributes": {}, + "ec2:ReportInstanceStatus": {}, + "ec2:ResetEbsDefaultKmsKeyId": {}, + "ec2:RestoreAddressToClassic": {}, + "ec2:RunScheduledInstances": {}, + "ec2:WithdrawByoipCidr": {}, + "ec2messages:AcknowledgeMessage": {}, + "ec2messages:DeleteMessage": {}, + "ec2messages:FailMessage": {}, + "ec2messages:GetEndpoint": {}, + "ec2messages:GetMessages": {}, + "ec2messages:SendReply": {}, + "ecr-public:GetAuthorizationToken": {}, + "ecr:BatchImportUpstreamImage": {}, + "ecr:CreatePullThroughCacheRule": {}, + "ecr:CreateRepository": {}, + "ecr:CreateRepositoryCreationTemplate": {}, + "ecr:DeletePullThroughCacheRule": {}, + "ecr:DeleteRegistryPolicy": {}, + "ecr:DeleteRepositoryCreationTemplate": {}, + "ecr:DescribePullThroughCacheRules": {}, + "ecr:DescribeRegistry": {}, + "ecr:DescribeRepositoryCreationTemplate": {}, + "ecr:GetAuthorizationToken": {}, + "ecr:GetRegistryPolicy": {}, + "ecr:GetRegistryScanningConfiguration": {}, + "ecr:PutRegistryPolicy": {}, + "ecr:PutRegistryScanningConfiguration": {}, + "ecr:PutReplicationConfiguration": {}, + "ecr:UpdatePullThroughCacheRule": {}, + "ecr:ValidatePullThroughCacheRule": {}, + "ecs:CreateCapacityProvider": {}, + "ecs:CreateCluster": {}, + "ecs:CreateTaskSet": {}, + "ecs:DeleteAccountSetting": {}, + "ecs:DeregisterTaskDefinition": {}, + "ecs:DescribeTaskDefinition": {}, + "ecs:DiscoverPollEndpoint": {}, + "ecs:ListAccountSettings": {}, + "ecs:ListClusters": {}, + "ecs:ListServices": {}, + "ecs:ListServicesByNamespace": {}, + "ecs:ListTaskDefinitionFamilies": {}, + "ecs:ListTaskDefinitions": {}, + "ecs:PutAccountSetting": {}, + "ecs:PutAccountSettingDefault": {}, + "ecs:RegisterTaskDefinition": {}, + "eks:CreateCluster": {}, + "eks:CreateEksAnywhereSubscription": {}, + "eks:DescribeAddonConfiguration": {}, + "eks:DescribeAddonVersions": {}, + "eks:ListClusters": {}, + "eks:ListEksAnywhereSubscriptions": {}, + "eks:RegisterCluster": {}, + "elasticache:DescribeCacheEngineVersions": {}, + "elasticache:DescribeEngineDefaultParameters": {}, + "elasticache:DescribeEvents": {}, + "elasticache:DescribeReservedCacheNodesOfferings": {}, + "elasticache:DescribeServiceUpdates": {}, + "elasticbeanstalk:CheckDNSAvailability": {}, + "elasticbeanstalk:CreateStorageLocation": {}, + "elasticbeanstalk:DescribeAccountAttributes": {}, + "elasticbeanstalk:ListPlatformBranches": {}, + "elasticfilesystem:CreateFileSystem": {}, + "elasticfilesystem:DescribeAccountPreferences": {}, + "elasticfilesystem:PutAccountPreferences": {}, + "elasticloadbalancing:DescribeAccountLimits": {}, + "elasticloadbalancing:DescribeInstanceHealth": {}, + "elasticloadbalancing:DescribeListenerCertificates": {}, + "elasticloadbalancing:DescribeListeners": {}, + "elasticloadbalancing:DescribeLoadBalancerAttributes": {}, + "elasticloadbalancing:DescribeLoadBalancerPolicies": {}, + "elasticloadbalancing:DescribeLoadBalancerPolicyTypes": {}, + "elasticloadbalancing:DescribeLoadBalancers": {}, + "elasticloadbalancing:DescribeRules": {}, + "elasticloadbalancing:DescribeSSLPolicies": {}, + "elasticloadbalancing:DescribeTags": {}, + "elasticloadbalancing:DescribeTargetGroupAttributes": {}, + "elasticloadbalancing:DescribeTargetGroups": {}, + "elasticloadbalancing:DescribeTargetHealth": {}, + "elasticloadbalancing:DescribeTrustStoreAssociations": {}, + "elasticloadbalancing:DescribeTrustStoreRevocations": {}, + "elasticloadbalancing:DescribeTrustStores": {}, + "elasticloadbalancing:SetWebAcl": {}, + "elasticmapreduce:CreateRepository": {}, + "elasticmapreduce:CreateSecurityConfiguration": {}, + "elasticmapreduce:CreateStudio": {}, + "elasticmapreduce:DeleteRepository": {}, + "elasticmapreduce:DeleteSecurityConfiguration": {}, + "elasticmapreduce:DescribeReleaseLabel": {}, + "elasticmapreduce:DescribeRepository": {}, + "elasticmapreduce:DescribeSecurityConfiguration": {}, + "elasticmapreduce:GetBlockPublicAccessConfiguration": {}, + "elasticmapreduce:LinkRepository": {}, + "elasticmapreduce:ListClusters": {}, + "elasticmapreduce:ListEditors": {}, + "elasticmapreduce:ListNotebookExecutions": {}, + "elasticmapreduce:ListReleaseLabels": {}, + "elasticmapreduce:ListRepositories": {}, + "elasticmapreduce:ListSecurityConfigurations": {}, + "elasticmapreduce:ListStudioSessionMappings": {}, + "elasticmapreduce:ListStudios": {}, + "elasticmapreduce:ListSupportedInstanceTypes": {}, + "elasticmapreduce:PutBlockPublicAccessConfiguration": {}, + "elasticmapreduce:RunJobFlow": {}, + "elasticmapreduce:UnlinkRepository": {}, + "elasticmapreduce:UpdateRepository": {}, + "elasticmapreduce:ViewEventsFromAllClustersInConsole": {}, + "elastictranscoder:CreatePipeline": {}, + "elastictranscoder:CreatePreset": {}, + "elastictranscoder:ListJobsByStatus": {}, + "elastictranscoder:ListPipelines": {}, + "elastictranscoder:ListPresets": {}, + "elastictranscoder:TestRole": {}, + "elemental-activations:CompleteAccountRegistration": {}, + "elemental-activations:CompleteFileUpload": {}, + "elemental-activations:DownloadSoftware": {}, + "elemental-activations:GenerateLicenses": {}, + "elemental-activations:StartAccountRegistration": {}, + "elemental-activations:StartFileUpload": {}, + "elemental-appliances-software:CompleteUpload": {}, + "elemental-appliances-software:CreateOrderV1": {}, + "elemental-appliances-software:GetAvsCorrectAddress": {}, + "elemental-appliances-software:GetBillingAddresses": {}, + "elemental-appliances-software:GetDeliveryAddressesV2": {}, + "elemental-appliances-software:GetOrder": {}, + "elemental-appliances-software:GetOrdersV2": {}, + "elemental-appliances-software:GetTaxes": {}, + "elemental-appliances-software:ListQuotes": {}, + "elemental-appliances-software:StartUpload": {}, + "elemental-appliances-software:SubmitOrderV1": {}, + "elemental-support-cases:CheckCasePermission": {}, + "elemental-support-cases:CreateCase": {}, + "elemental-support-cases:GetCase": {}, + "elemental-support-cases:GetCases": {}, + "elemental-support-cases:UpdateCase": {}, + "elemental-support-content:Query": {}, + "emr-containers:CreateJobTemplate": {}, + "emr-containers:CreateVirtualCluster": {}, + "emr-containers:ListJobTemplates": {}, + "emr-containers:ListVirtualClusters": {}, + "emr-serverless:CreateApplication": {}, + "emr-serverless:ListApplications": {}, + "entityresolution:CreateIdMappingWorkflow": {}, + "entityresolution:CreateMatchingWorkflow": {}, + "entityresolution:CreateSchemaMapping": {}, + "entityresolution:ListIdMappingWorkflows": {}, + "entityresolution:ListMatchingWorkflows": {}, + "entityresolution:ListSchemaMappings": {}, + "entityresolution:ListTagsForResource": {}, + "entityresolution:TagResource": {}, + "entityresolution:UntagResource": {}, + "es:AcceptInboundConnection": {}, + "es:AcceptInboundCrossClusterSearchConnection": {}, + "es:AuthorizeVpcEndpointAccess": {}, + "es:CreateElasticsearchServiceRole": {}, + "es:CreatePackage": {}, + "es:CreateServiceRole": {}, + "es:CreateVpcEndpoint": {}, + "es:DeleteElasticsearchServiceRole": {}, + "es:DeleteInboundConnection": {}, + "es:DeleteInboundCrossClusterSearchConnection": {}, + "es:DeleteOutboundConnection": {}, + "es:DeleteOutboundCrossClusterSearchConnection": {}, + "es:DeletePackage": {}, + "es:DeleteVpcEndpoint": {}, + "es:DescribeElasticsearchInstanceTypeLimits": {}, + "es:DescribeInboundConnections": {}, + "es:DescribeInboundCrossClusterSearchConnections": {}, + "es:DescribeInstanceTypeLimits": {}, + "es:DescribeOutboundConnections": {}, + "es:DescribeOutboundCrossClusterSearchConnections": {}, + "es:DescribePackages": {}, + "es:DescribeReservedElasticsearchInstanceOfferings": {}, + "es:DescribeReservedElasticsearchInstances": {}, + "es:DescribeReservedInstanceOfferings": {}, + "es:DescribeReservedInstances": {}, + "es:DescribeVpcEndpoints": {}, + "es:GetPackageVersionHistory": {}, + "es:ListDomainNames": {}, + "es:ListDomainsForPackage": {}, + "es:ListElasticsearchInstanceTypeDetails": {}, + "es:ListElasticsearchInstanceTypes": {}, + "es:ListElasticsearchVersions": {}, + "es:ListInstanceTypeDetails": {}, + "es:ListVersions": {}, + "es:ListVpcEndpointAccess": {}, + "es:ListVpcEndpoints": {}, + "es:ListVpcEndpointsForDomain": {}, + "es:PurchaseReservedElasticsearchInstanceOffering": {}, + "es:PurchaseReservedInstanceOffering": {}, + "es:RejectInboundConnection": {}, + "es:RejectInboundCrossClusterSearchConnection": {}, + "es:RevokeVpcEndpointAccess": {}, + "es:UpdatePackage": {}, + "es:UpdateVpcEndpoint": {}, + "events:ListApiDestinations": {}, + "events:ListArchives": {}, + "events:ListConnections": {}, + "events:ListEndpoints": {}, + "events:ListEventBuses": {}, + "events:ListEventSources": {}, + "events:ListPartnerEventSources": {}, + "events:ListReplays": {}, + "events:ListRuleNamesByTarget": {}, + "events:ListRules": {}, + "events:PutPartnerEvents": {}, + "events:PutPermission": {}, + "events:RemovePermission": {}, + "events:TestEventPattern": {}, + "evidently:CreateExperiment": {}, + "evidently:CreateFeature": {}, + "evidently:CreateLaunch": {}, + "evidently:CreateProject": {}, + "evidently:CreateSegment": {}, + "evidently:ListExperiments": {}, + "evidently:ListFeatures": {}, + "evidently:ListLaunches": {}, + "evidently:ListProjects": {}, + "evidently:ListSegmentReferences": {}, + "evidently:ListSegments": {}, + "evidently:ListTagsForResource": {}, + "evidently:TestSegmentPattern": {}, + "finspace:CreateKxEnvironment": {}, + "finspace:ListKxEnvironments": {}, + "firehose:ListDeliveryStreams": {}, + "fis:GetTargetResourceType": {}, + "fis:ListActions": {}, + "fis:ListExperimentTemplates": {}, + "fis:ListExperiments": {}, + "fis:ListTargetResourceTypes": {}, + "fms:AssociateAdminAccount": {}, + "fms:AssociateThirdPartyFirewall": {}, + "fms:DeleteNotificationChannel": {}, + "fms:DisassociateAdminAccount": {}, + "fms:DisassociateThirdPartyFirewall": {}, + "fms:GetAdminAccount": {}, + "fms:GetAdminScope": {}, + "fms:GetNotificationChannel": {}, + "fms:GetThirdPartyFirewallAssociationStatus": {}, + "fms:ListAdminAccountsForOrganization": {}, + "fms:ListAdminsManagingAccount": {}, + "fms:ListAppsLists": {}, + "fms:ListDiscoveredResources": {}, + "fms:ListMemberAccounts": {}, + "fms:ListPolicies": {}, + "fms:ListProtocolsLists": {}, + "fms:ListResourceSets": {}, + "fms:ListThirdPartyFirewallFirewallPolicies": {}, + "fms:PutAdminAccount": {}, + "fms:PutNotificationChannel": {}, + "forecast:CreateAutoPredictor": {}, + "forecast:ListDatasetGroups": {}, + "forecast:ListDatasetImportJobs": {}, + "forecast:ListDatasets": {}, + "forecast:ListExplainabilities": {}, + "forecast:ListExplainabilityExports": {}, + "forecast:ListForecastExportJobs": {}, + "forecast:ListForecasts": {}, + "forecast:ListMonitors": {}, + "forecast:ListPredictorBacktestExportJobs": {}, + "forecast:ListPredictors": {}, + "forecast:ListWhatIfAnalyses": {}, + "forecast:ListWhatIfForecastExports": {}, + "forecast:ListWhatIfForecasts": {}, + "frauddetector:BatchCreateVariable": {}, + "frauddetector:CreateList": {}, + "frauddetector:CreateVariable": {}, + "frauddetector:GetKMSEncryptionKey": {}, + "frauddetector:PutKMSEncryptionKey": {}, + "freertos:CreateSubscription": {}, + "freertos:DescribeHardwarePlatform": {}, + "freertos:GetEmpPatchUrl": {}, + "freertos:GetSoftwareURL": {}, + "freertos:GetSoftwareURLForConfiguration": {}, + "freertos:GetSubscriptionBillingAmount": {}, + "freertos:ListFreeRTOSVersions": {}, + "freertos:ListHardwarePlatforms": {}, + "freertos:ListHardwareVendors": {}, + "freertos:ListSoftwareConfigurations": {}, + "freertos:ListSoftwarePatches": {}, + "freertos:ListSubscriptionEmails": {}, + "freertos:ListSubscriptions": {}, + "freertos:UpdateEmailRecipients": {}, + "freertos:VerifyEmail": {}, + "freetier:GetFreeTierAlertPreference": {}, + "freetier:GetFreeTierUsage": {}, + "freetier:PutFreeTierAlertPreference": {}, + "fsx:DescribeBackups": {}, + "fsx:DescribeDataRepositoryAssociations": {}, + "fsx:DescribeDataRepositoryTasks": {}, + "fsx:DescribeFileCaches": {}, + "fsx:DescribeFileSystems": {}, + "fsx:DescribeSharedVpcConfiguration": {}, + "fsx:DescribeSnapshots": {}, + "fsx:DescribeStorageVirtualMachines": {}, + "fsx:DescribeVolumes": {}, + "fsx:UpdateSharedVpcConfiguration": {}, + "gamelift:AcceptMatch": {}, + "gamelift:CreateAlias": {}, + "gamelift:CreateBuild": {}, + "gamelift:CreateFleet": {}, + "gamelift:CreateGameServerGroup": {}, + "gamelift:CreateGameSession": {}, + "gamelift:CreateGameSessionQueue": {}, + "gamelift:CreateLocation": {}, + "gamelift:CreateMatchmakingConfiguration": {}, + "gamelift:CreateMatchmakingRuleSet": {}, + "gamelift:CreatePlayerSession": {}, + "gamelift:CreatePlayerSessions": {}, + "gamelift:CreateScript": {}, + "gamelift:CreateVpcPeeringAuthorization": {}, + "gamelift:CreateVpcPeeringConnection": {}, + "gamelift:DeleteVpcPeeringAuthorization": {}, + "gamelift:DeleteVpcPeeringConnection": {}, + "gamelift:DescribeEC2InstanceLimits": {}, + "gamelift:DescribeFleetAttributes": {}, + "gamelift:DescribeFleetCapacity": {}, + "gamelift:DescribeFleetUtilization": {}, + "gamelift:DescribeGameSessionDetails": {}, + "gamelift:DescribeGameSessionPlacement": {}, + "gamelift:DescribeGameSessionQueues": {}, + "gamelift:DescribeGameSessions": {}, + "gamelift:DescribeMatchmaking": {}, + "gamelift:DescribeMatchmakingConfigurations": {}, + "gamelift:DescribeMatchmakingRuleSets": {}, + "gamelift:DescribePlayerSessions": {}, + "gamelift:DescribeVpcPeeringAuthorizations": {}, + "gamelift:DescribeVpcPeeringConnections": {}, + "gamelift:GetGameSessionLogUrl": {}, + "gamelift:ListAliases": {}, + "gamelift:ListBuilds": {}, + "gamelift:ListFleets": {}, + "gamelift:ListGameServerGroups": {}, + "gamelift:ListLocations": {}, + "gamelift:ListScripts": {}, + "gamelift:SearchGameSessions": {}, + "gamelift:StartMatchBackfill": {}, + "gamelift:StartMatchmaking": {}, + "gamelift:StopGameSessionPlacement": {}, + "gamelift:StopMatchmaking": {}, + "gamelift:UpdateGameSession": {}, + "gamelift:ValidateMatchmakingRuleSet": {}, + "glacier:GetDataRetrievalPolicy": {}, + "glacier:ListProvisionedCapacity": {}, + "glacier:ListVaults": {}, + "glacier:PurchaseProvisionedCapacity": {}, + "glacier:SetDataRetrievalPolicy": {}, + "globalaccelerator:AdvertiseByoipCidr": {}, + "globalaccelerator:CreateAccelerator": {}, + "globalaccelerator:CreateCrossAccountAttachment": {}, + "globalaccelerator:CreateCustomRoutingAccelerator": {}, + "globalaccelerator:DeprovisionByoipCidr": {}, + "globalaccelerator:ListAccelerators": {}, + "globalaccelerator:ListByoipCidrs": {}, + "globalaccelerator:ListCrossAccountAttachments": {}, + "globalaccelerator:ListCrossAccountResourceAccounts": {}, + "globalaccelerator:ListCrossAccountResources": {}, + "globalaccelerator:ListCustomRoutingAccelerators": {}, + "globalaccelerator:ListCustomRoutingPortMappingsByDestination": {}, + "globalaccelerator:ProvisionByoipCidr": {}, + "globalaccelerator:WithdrawByoipCidr": {}, + "glue:CheckSchemaVersionValidity": {}, + "glue:CreateClassifier": {}, + "glue:CreateCrawler": {}, + "glue:CreateCustomEntityType": {}, + "glue:CreateDataQualityRuleset": {}, + "glue:CreateDevEndpoint": {}, + "glue:CreateMLTransform": {}, + "glue:CreateScript": {}, + "glue:CreateSecurityConfiguration": {}, + "glue:CreateSession": {}, + "glue:DeleteClassifier": {}, + "glue:DeleteSecurityConfiguration": {}, + "glue:DeregisterDataPreview": {}, + "glue:GetClassifier": {}, + "glue:GetClassifiers": {}, + "glue:GetColumnStatisticsTaskRun": {}, + "glue:GetColumnStatisticsTaskRuns": {}, + "glue:GetCrawlerMetrics": {}, + "glue:GetCrawlers": {}, + "glue:GetDataPreviewStatement": {}, + "glue:GetDataflowGraph": {}, + "glue:GetDevEndpoints": {}, + "glue:GetJobBookmark": {}, + "glue:GetJobs": {}, + "glue:GetMapping": {}, + "glue:GetNotebookInstanceStatus": {}, + "glue:GetPlan": {}, + "glue:GetSecurityConfiguration": {}, + "glue:GetSecurityConfigurations": {}, + "glue:GetTriggers": {}, + "glue:GlueNotebookAuthorize": {}, + "glue:GlueNotebookRefreshCredentials": {}, + "glue:ListBlueprints": {}, + "glue:ListColumnStatisticsTaskRuns": {}, + "glue:ListCrawlers": {}, + "glue:ListCrawls": {}, + "glue:ListCustomEntityTypes": {}, + "glue:ListDevEndpoints": {}, + "glue:ListJobs": {}, + "glue:ListRegistries": {}, + "glue:ListSessions": {}, + "glue:ListTriggers": {}, + "glue:ListWorkflows": {}, + "glue:ResetJobBookmark": {}, + "glue:RunDataPreviewStatement": {}, + "glue:SendFeedback": {}, + "glue:StartCompletion": {}, + "glue:StartCrawlerSchedule": {}, + "glue:StartNotebook": {}, + "glue:StopCrawlerSchedule": {}, + "glue:TerminateNotebook": {}, + "glue:TestConnection": {}, + "glue:UpdateClassifier": {}, + "glue:UpdateCrawlerSchedule": {}, + "glue:UseGlueStudio": {}, + "grafana:CreateWorkspace": {}, + "grafana:ListWorkspaces": {}, + "greengrass:AssociateServiceRoleToAccount": {}, + "greengrass:CreateConnectorDefinition": {}, + "greengrass:CreateCoreDefinition": {}, + "greengrass:CreateDeployment": {}, + "greengrass:CreateDeviceDefinition": {}, + "greengrass:CreateFunctionDefinition": {}, + "greengrass:CreateGroup": {}, + "greengrass:CreateLoggerDefinition": {}, + "greengrass:CreateResourceDefinition": {}, + "greengrass:CreateSoftwareUpdateJob": {}, + "greengrass:CreateSubscriptionDefinition": {}, + "greengrass:DisassociateServiceRoleFromAccount": {}, + "greengrass:GetServiceRoleForAccount": {}, + "greengrass:ListBulkDeployments": {}, + "greengrass:ListComponents": {}, + "greengrass:ListConnectorDefinitions": {}, + "greengrass:ListCoreDefinitions": {}, + "greengrass:ListCoreDevices": {}, + "greengrass:ListDeployments": {}, + "greengrass:ListDeviceDefinitions": {}, + "greengrass:ListFunctionDefinitions": {}, + "greengrass:ListGroups": {}, + "greengrass:ListLoggerDefinitions": {}, + "greengrass:ListResourceDefinitions": {}, + "greengrass:ListSubscriptionDefinitions": {}, + "greengrass:StartBulkDeployment": {}, + "groundstation:CreateConfig": {}, + "groundstation:CreateDataflowEndpointGroup": {}, + "groundstation:CreateEphemeris": {}, + "groundstation:CreateMissionProfile": {}, + "groundstation:GetMinuteUsage": {}, + "groundstation:ListConfigs": {}, + "groundstation:ListContacts": {}, + "groundstation:ListDataflowEndpointGroups": {}, + "groundstation:ListEphemerides": {}, + "groundstation:ListGroundStations": {}, + "groundstation:ListMissionProfiles": {}, + "groundstation:ListSatellites": {}, + "groundstation:RegisterAgent": {}, + "groundstation:ReserveContact": {}, + "groundtruthlabeling:AssociatePatchToManifestJob": {}, + "groundtruthlabeling:DescribeConsoleJob": {}, + "groundtruthlabeling:ListDatasetObjects": {}, + "groundtruthlabeling:RunFilterOrSampleDatasetJob": {}, + "groundtruthlabeling:RunGenerateManifestByCrawlingJob": {}, + "guardduty:AcceptAdministratorInvitation": {}, + "guardduty:AcceptInvitation": {}, + "guardduty:ArchiveFindings": {}, + "guardduty:CreateDetector": {}, + "guardduty:CreateIPSet": {}, + "guardduty:CreateMembers": {}, + "guardduty:CreatePublishingDestination": {}, + "guardduty:CreateSampleFindings": {}, + "guardduty:CreateThreatIntelSet": {}, + "guardduty:DeclineInvitations": {}, + "guardduty:DeleteInvitations": {}, + "guardduty:DeleteMembers": {}, + "guardduty:DescribeMalwareScans": {}, + "guardduty:DescribeOrganizationConfiguration": {}, + "guardduty:DisableOrganizationAdminAccount": {}, + "guardduty:DisassociateFromAdministratorAccount": {}, + "guardduty:DisassociateFromMasterAccount": {}, + "guardduty:DisassociateMembers": {}, + "guardduty:EnableOrganizationAdminAccount": {}, + "guardduty:GetAdministratorAccount": {}, + "guardduty:GetFindings": {}, + "guardduty:GetFindingsStatistics": {}, + "guardduty:GetInvitationsCount": {}, + "guardduty:GetMalwareScanSettings": {}, + "guardduty:GetMasterAccount": {}, + "guardduty:GetMemberDetectors": {}, + "guardduty:GetMembers": {}, + "guardduty:GetRemainingFreeTrialDays": {}, + "guardduty:GetUsageStatistics": {}, + "guardduty:InviteMembers": {}, + "guardduty:ListDetectors": {}, + "guardduty:ListFilters": {}, + "guardduty:ListFindings": {}, + "guardduty:ListIPSets": {}, + "guardduty:ListInvitations": {}, + "guardduty:ListMembers": {}, + "guardduty:ListOrganizationAdminAccounts": {}, + "guardduty:ListPublishingDestinations": {}, + "guardduty:ListThreatIntelSets": {}, + "guardduty:SendSecurityTelemetry": {}, + "guardduty:StartMalwareScan": {}, + "guardduty:StartMonitoringMembers": {}, + "guardduty:StopMonitoringMembers": {}, + "guardduty:UnarchiveFindings": {}, + "guardduty:UpdateFindingsFeedback": {}, + "guardduty:UpdateMalwareScanSettings": {}, + "guardduty:UpdateMemberDetectors": {}, + "guardduty:UpdateOrganizationConfiguration": {}, + "health:DescribeAffectedAccountsForOrganization": {}, + "health:DescribeAffectedEntitiesForOrganization": {}, + "health:DescribeEntityAggregates": {}, + "health:DescribeEntityAggregatesForOrganization": {}, + "health:DescribeEventAggregates": {}, + "health:DescribeEventDetailsForOrganization": {}, + "health:DescribeEventTypes": {}, + "health:DescribeEvents": {}, + "health:DescribeEventsForOrganization": {}, + "health:DescribeHealthServiceStatusForOrganization": {}, + "health:DisableHealthServiceAccessForOrganization": {}, + "health:EnableHealthServiceAccessForOrganization": {}, + "healthlake:CreateFHIRDatastore": {}, + "healthlake:ListFHIRDatastores": {}, + "honeycode:ApproveTeamAssociation": {}, + "honeycode:CreateTeam": {}, + "honeycode:CreateTenant": {}, + "honeycode:DeleteDomains": {}, + "honeycode:DeregisterGroups": {}, + "honeycode:DescribeTeam": {}, + "honeycode:ListDomains": {}, + "honeycode:ListGroups": {}, + "honeycode:ListTagsForResource": {}, + "honeycode:ListTeamAssociations": {}, + "honeycode:ListTenants": {}, + "honeycode:RegisterDomainForVerification": {}, + "honeycode:RegisterGroups": {}, + "honeycode:RejectTeamAssociation": {}, + "honeycode:RestartDomainVerification": {}, + "honeycode:TagResource": {}, + "honeycode:UntagResource": {}, + "honeycode:UpdateTeam": {}, + "iam:CreateAccountAlias": {}, + "iam:DeleteAccountAlias": {}, + "iam:DeleteAccountPasswordPolicy": {}, + "iam:DeleteCloudFrontPublicKey": {}, + "iam:GenerateCredentialReport": {}, + "iam:GetAccountAuthorizationDetails": {}, + "iam:GetAccountEmailAddress": {}, + "iam:GetAccountName": {}, + "iam:GetAccountPasswordPolicy": {}, + "iam:GetAccountSummary": {}, + "iam:GetCloudFrontPublicKey": {}, + "iam:GetContextKeysForCustomPolicy": {}, + "iam:GetCredentialReport": {}, + "iam:GetOrganizationsAccessReport": {}, + "iam:GetServiceLastAccessedDetails": {}, + "iam:GetServiceLastAccessedDetailsWithEntities": {}, + "iam:ListAccountAliases": {}, + "iam:ListCloudFrontPublicKeys": {}, + "iam:ListGroups": {}, + "iam:ListInstanceProfiles": {}, + "iam:ListOpenIDConnectProviders": {}, + "iam:ListPolicies": {}, + "iam:ListRoles": {}, + "iam:ListSAMLProviders": {}, + "iam:ListSTSRegionalEndpointsStatus": {}, + "iam:ListServerCertificates": {}, + "iam:ListUsers": {}, + "iam:ListVirtualMFADevices": {}, + "iam:SetSTSRegionalEndpointStatus": {}, + "iam:SetSecurityTokenServicePreferences": {}, + "iam:SimulateCustomPolicy": {}, + "iam:UpdateAccountEmailAddress": {}, + "iam:UpdateAccountName": {}, + "iam:UpdateAccountPasswordPolicy": {}, + "iam:UpdateCloudFrontPublicKey": {}, + "iam:UploadCloudFrontPublicKey": {}, + "identity-sync:CreateSyncProfile": {}, + "identitystore-auth:BatchDeleteSession": {}, + "identitystore-auth:BatchGetSession": {}, + "identitystore-auth:ListSessions": {}, + "imagebuilder:ListComponents": {}, + "imagebuilder:ListContainerRecipes": {}, + "imagebuilder:ListDistributionConfigurations": {}, + "imagebuilder:ListImagePipelines": {}, + "imagebuilder:ListImageRecipes": {}, + "imagebuilder:ListImages": {}, + "imagebuilder:ListInfrastructureConfigurations": {}, + "imagebuilder:ListLifecyclePolicies": {}, + "importexport:CancelJob": {}, + "importexport:CreateJob": {}, + "importexport:GetShippingLabel": {}, + "importexport:GetStatus": {}, + "importexport:ListJobs": {}, + "importexport:UpdateJob": {}, + "inspector-scan:ScanSbom": {}, + "inspector2:AssociateMember": {}, + "inspector2:BatchGetAccountStatus": {}, + "inspector2:BatchGetCodeSnippet": {}, + "inspector2:BatchGetFindingDetails": {}, + "inspector2:BatchGetFreeTrialInfo": {}, + "inspector2:BatchGetMemberEc2DeepInspectionStatus": {}, + "inspector2:BatchUpdateMemberEc2DeepInspectionStatus": {}, + "inspector2:CancelFindingsReport": {}, + "inspector2:CancelSbomExport": {}, + "inspector2:CreateFindingsReport": {}, + "inspector2:CreateSbomExport": {}, + "inspector2:DescribeOrganizationConfiguration": {}, + "inspector2:Disable": {}, + "inspector2:DisableDelegatedAdminAccount": {}, + "inspector2:DisassociateMember": {}, + "inspector2:Enable": {}, + "inspector2:EnableDelegatedAdminAccount": {}, + "inspector2:GetConfiguration": {}, + "inspector2:GetDelegatedAdminAccount": {}, + "inspector2:GetEc2DeepInspectionConfiguration": {}, + "inspector2:GetEncryptionKey": {}, + "inspector2:GetFindingsReportStatus": {}, + "inspector2:GetMember": {}, + "inspector2:GetSbomExport": {}, + "inspector2:ListAccountPermissions": {}, + "inspector2:ListCoverage": {}, + "inspector2:ListCoverageStatistics": {}, + "inspector2:ListDelegatedAdminAccounts": {}, + "inspector2:ListFilters": {}, + "inspector2:ListFindingAggregations": {}, + "inspector2:ListFindings": {}, + "inspector2:ListMembers": {}, + "inspector2:ListTagsForResource": {}, + "inspector2:ListUsageTotals": {}, + "inspector2:ResetEncryptionKey": {}, + "inspector2:SearchVulnerabilities": {}, + "inspector2:TagResource": {}, + "inspector2:UntagResource": {}, + "inspector2:UpdateConfiguration": {}, + "inspector2:UpdateEc2DeepInspectionConfiguration": {}, + "inspector2:UpdateEncryptionKey": {}, + "inspector2:UpdateOrgEc2DeepInspectionConfiguration": {}, + "inspector2:UpdateOrganizationConfiguration": {}, + "inspector:AddAttributesToFindings": {}, + "inspector:CreateAssessmentTarget": {}, + "inspector:CreateAssessmentTemplate": {}, + "inspector:CreateExclusionsPreview": {}, + "inspector:CreateResourceGroup": {}, + "inspector:DeleteAssessmentRun": {}, + "inspector:DeleteAssessmentTarget": {}, + "inspector:DeleteAssessmentTemplate": {}, + "inspector:DescribeAssessmentRuns": {}, + "inspector:DescribeAssessmentTargets": {}, + "inspector:DescribeAssessmentTemplates": {}, + "inspector:DescribeCrossAccountAccessRole": {}, + "inspector:DescribeExclusions": {}, + "inspector:DescribeFindings": {}, + "inspector:DescribeResourceGroups": {}, + "inspector:DescribeRulesPackages": {}, + "inspector:GetAssessmentReport": {}, + "inspector:GetExclusionsPreview": {}, + "inspector:GetTelemetryMetadata": {}, + "inspector:ListAssessmentRunAgents": {}, + "inspector:ListAssessmentRuns": {}, + "inspector:ListAssessmentTargets": {}, + "inspector:ListAssessmentTemplates": {}, + "inspector:ListEventSubscriptions": {}, + "inspector:ListExclusions": {}, + "inspector:ListFindings": {}, + "inspector:ListRulesPackages": {}, + "inspector:ListTagsForResource": {}, + "inspector:PreviewAgents": {}, + "inspector:RegisterCrossAccountAccessRole": {}, + "inspector:RemoveAttributesFromFindings": {}, + "inspector:SetTagsForResource": {}, + "inspector:StartAssessmentRun": {}, + "inspector:StopAssessmentRun": {}, + "inspector:SubscribeToEvent": {}, + "inspector:UnsubscribeFromEvent": {}, + "inspector:UpdateAssessmentTarget": {}, + "internetmonitor:ListMonitors": {}, + "invoicing:GetInvoiceEmailDeliveryPreferences": {}, + "invoicing:GetInvoicePDF": {}, + "invoicing:ListInvoiceSummaries": {}, + "invoicing:PutInvoiceEmailDeliveryPreferences": {}, + "iot-device-tester:CheckVersion": {}, + "iot-device-tester:DownloadTestSuite": {}, + "iot-device-tester:LatestIdt": {}, + "iot-device-tester:SendMetrics": {}, + "iot-device-tester:SupportedVersion": {}, + "iot1click:ClaimDevicesByClaimCode": {}, + "iot1click:ListDevices": {}, + "iot1click:ListProjects": {}, + "iot:AttachThingPrincipal": {}, + "iot:CancelAuditMitigationActionsTask": {}, + "iot:CancelAuditTask": {}, + "iot:CancelDetectMitigationActionsTask": {}, + "iot:ClearDefaultAuthorizer": {}, + "iot:CreateAuditSuppression": {}, + "iot:CreateCertificateFromCsr": {}, + "iot:CreateKeysAndCertificate": {}, + "iot:DeleteAccountAuditConfiguration": {}, + "iot:DeleteAuditSuppression": {}, + "iot:DeleteRegistrationCode": {}, + "iot:DeleteV2LoggingLevel": {}, + "iot:DescribeAccountAuditConfiguration": {}, + "iot:DescribeAuditFinding": {}, + "iot:DescribeAuditMitigationActionsTask": {}, + "iot:DescribeAuditSuppression": {}, + "iot:DescribeAuditTask": {}, + "iot:DescribeDefaultAuthorizer": {}, + "iot:DescribeDetectMitigationActionsTask": {}, + "iot:DescribeEndpoint": {}, + "iot:DescribeEventConfigurations": {}, + "iot:DescribeThingRegistrationTask": {}, + "iot:DetachThingPrincipal": {}, + "iot:GetIndexingConfiguration": {}, + "iot:GetLoggingOptions": {}, + "iot:GetPackageConfiguration": {}, + "iot:GetRegistrationCode": {}, + "iot:GetV2LoggingOptions": {}, + "iot:ListAttachedPolicies": {}, + "iot:ListAuditFindings": {}, + "iot:ListAuditMitigationActionsExecutions": {}, + "iot:ListAuditMitigationActionsTasks": {}, + "iot:ListAuditSuppressions": {}, + "iot:ListAuditTasks": {}, + "iot:ListAuthorizers": {}, + "iot:ListBillingGroups": {}, + "iot:ListCACertificates": {}, + "iot:ListCertificates": {}, + "iot:ListCertificatesByCA": {}, + "iot:ListCustomMetrics": {}, + "iot:ListDetectMitigationActionsTasks": {}, + "iot:ListDimensions": {}, + "iot:ListDomainConfigurations": {}, + "iot:ListFleetMetrics": {}, + "iot:ListIndices": {}, + "iot:ListJobTemplates": {}, + "iot:ListJobs": {}, + "iot:ListManagedJobTemplates": {}, + "iot:ListMitigationActions": {}, + "iot:ListOTAUpdates": {}, + "iot:ListOutgoingCertificates": {}, + "iot:ListPackageVersions": {}, + "iot:ListPackages": {}, + "iot:ListPolicies": {}, + "iot:ListPolicyPrincipals": {}, + "iot:ListPrincipalPolicies": {}, + "iot:ListPrincipalThings": {}, + "iot:ListProvisioningTemplates": {}, + "iot:ListRelatedResourcesForAuditFinding": {}, + "iot:ListRetainedMessages": {}, + "iot:ListRoleAliases": {}, + "iot:ListScheduledAudits": {}, + "iot:ListStreams": {}, + "iot:ListThingGroups": {}, + "iot:ListThingPrincipals": {}, + "iot:ListThingRegistrationTaskReports": {}, + "iot:ListThingRegistrationTasks": {}, + "iot:ListThingTypes": {}, + "iot:ListThings": {}, + "iot:ListTopicRuleDestinations": {}, + "iot:ListTopicRules": {}, + "iot:ListTunnels": {}, + "iot:ListV2LoggingLevels": {}, + "iot:OpenTunnel": {}, + "iot:PutVerificationStateOnViolation": {}, + "iot:RegisterCACertificate": {}, + "iot:RegisterCertificate": {}, + "iot:RegisterCertificateWithoutCA": {}, + "iot:RegisterThing": {}, + "iot:SetLoggingOptions": {}, + "iot:SetV2LoggingLevel": {}, + "iot:SetV2LoggingOptions": {}, + "iot:StartAuditMitigationActionsTask": {}, + "iot:StartOnDemandAuditTask": {}, + "iot:StartThingRegistrationTask": {}, + "iot:StopThingRegistrationTask": {}, + "iot:UpdateAccountAuditConfiguration": {}, + "iot:UpdateAuditSuppression": {}, + "iot:UpdateEventConfigurations": {}, + "iot:UpdateIndexingConfiguration": {}, + "iot:UpdatePackageConfiguration": {}, + "iot:ValidateSecurityProfileBehaviors": {}, + "iotanalytics:DescribeLoggingOptions": {}, + "iotanalytics:ListChannels": {}, + "iotanalytics:ListDatasets": {}, + "iotanalytics:ListDatastores": {}, + "iotanalytics:ListPipelines": {}, + "iotanalytics:PutLoggingOptions": {}, + "iotanalytics:RunPipelineActivity": {}, + "iotdeviceadvisor:CreateSuiteDefinition": {}, + "iotdeviceadvisor:GetEndpoint": {}, + "iotdeviceadvisor:ListSuiteDefinitions": {}, + "iotdeviceadvisor:StartSuiteRun": {}, + "iotevents:DescribeDetectorModelAnalysis": {}, + "iotevents:DescribeLoggingOptions": {}, + "iotevents:GetDetectorModelAnalysisResults": {}, + "iotevents:ListAlarmModels": {}, + "iotevents:ListDetectorModels": {}, + "iotevents:ListInputRoutings": {}, + "iotevents:ListInputs": {}, + "iotevents:PutLoggingOptions": {}, + "iotevents:StartDetectorModelAnalysis": {}, + "iotfleethub:CreateApplication": {}, + "iotfleethub:ListApplications": {}, + "iotfleetwise:GetEncryptionConfiguration": {}, + "iotfleetwise:GetLoggingOptions": {}, + "iotfleetwise:GetRegisterAccountStatus": {}, + "iotfleetwise:ListCampaigns": {}, + "iotfleetwise:ListDecoderManifests": {}, + "iotfleetwise:ListFleets": {}, + "iotfleetwise:ListModelManifests": {}, + "iotfleetwise:ListSignalCatalogs": {}, + "iotfleetwise:ListVehicles": {}, + "iotfleetwise:PutEncryptionConfiguration": {}, + "iotfleetwise:PutLoggingOptions": {}, + "iotfleetwise:RegisterAccount": {}, + "iotroborunner:CreateSite": {}, + "iotroborunner:ListSites": {}, + "iotsitewise:CreateAssetModel": {}, + "iotsitewise:CreateBulkImportJob": {}, + "iotsitewise:CreateGateway": {}, + "iotsitewise:CreatePortal": {}, + "iotsitewise:DescribeBulkImportJob": {}, + "iotsitewise:DescribeDefaultEncryptionConfiguration": {}, + "iotsitewise:DescribeLoggingOptions": {}, + "iotsitewise:DescribeStorageConfiguration": {}, + "iotsitewise:EnableSiteWiseIntegration": {}, + "iotsitewise:ExecuteQuery": {}, + "iotsitewise:ListAssetModels": {}, + "iotsitewise:ListBulkImportJobs": {}, + "iotsitewise:ListGateways": {}, + "iotsitewise:ListPortals": {}, + "iotsitewise:PutDefaultEncryptionConfiguration": {}, + "iotsitewise:PutLoggingOptions": {}, + "iotsitewise:PutStorageConfiguration": {}, + "iottwinmaker:CreateMetadataTransferJob": {}, + "iottwinmaker:CreateWorkspace": {}, + "iottwinmaker:GetPricingPlan": {}, + "iottwinmaker:ListMetadataTransferJobs": {}, + "iottwinmaker:ListWorkspaces": {}, + "iottwinmaker:UpdatePricingPlan": {}, + "iotwireless:AssociateAwsAccountWithPartnerAccount": {}, + "iotwireless:CreateDestination": {}, + "iotwireless:CreateDeviceProfile": {}, + "iotwireless:CreateFuotaTask": {}, + "iotwireless:CreateMulticastGroup": {}, + "iotwireless:CreateServiceProfile": {}, + "iotwireless:CreateWirelessDevice": {}, + "iotwireless:CreateWirelessGateway": {}, + "iotwireless:CreateWirelessGatewayTaskDefinition": {}, + "iotwireless:DeleteQueuedMessages": {}, + "iotwireless:GetEventConfigurationByResourceTypes": {}, + "iotwireless:GetLogLevelsByResourceTypes": {}, + "iotwireless:GetPositionEstimate": {}, + "iotwireless:GetServiceEndpoint": {}, + "iotwireless:ListDestinations": {}, + "iotwireless:ListDeviceProfiles": {}, + "iotwireless:ListEventConfigurations": {}, + "iotwireless:ListFuotaTasks": {}, + "iotwireless:ListMulticastGroups": {}, + "iotwireless:ListNetworkAnalyzerConfigurations": {}, + "iotwireless:ListPartnerAccounts": {}, + "iotwireless:ListPositionConfigurations": {}, + "iotwireless:ListQueuedMessages": {}, + "iotwireless:ListServiceProfiles": {}, + "iotwireless:ListWirelessDeviceImportTasks": {}, + "iotwireless:ListWirelessDevices": {}, + "iotwireless:ListWirelessGatewayTaskDefinitions": {}, + "iotwireless:ListWirelessGateways": {}, + "iotwireless:ResetAllResourceLogLevels": {}, + "iotwireless:StartSingleWirelessDeviceImportTask": {}, + "iotwireless:UpdateEventConfigurationByResourceTypes": {}, + "iotwireless:UpdateLogLevelsByResourceTypes": {}, + "iq:span": {}, + "ivs:ListEncoderConfigurations": {}, + "ivs:ListStorageConfigurations": {}, + "kafka:DescribeClusterOperation": {}, + "kafka:DescribeClusterOperationV2": {}, + "kafka:GetBootstrapBrokers": {}, + "kafka:GetCompatibleKafkaVersions": {}, + "kafka:ListClusters": {}, + "kafka:ListClustersV2": {}, + "kafka:ListConfigurations": {}, + "kafka:ListKafkaVersions": {}, + "kafka:ListReplicators": {}, + "kafka:ListVpcConnections": {}, + "kafkaconnect:CreateConnector": {}, + "kafkaconnect:CreateCustomPlugin": {}, + "kafkaconnect:CreateWorkerConfiguration": {}, + "kafkaconnect:DeleteConnector": {}, + "kafkaconnect:DeleteCustomPlugin": {}, + "kafkaconnect:ListConnectors": {}, + "kafkaconnect:ListCustomPlugins": {}, + "kafkaconnect:ListWorkerConfigurations": {}, + "kafkaconnect:UpdateConnector": {}, + "kendra-ranking:CreateRescoreExecutionPlan": {}, + "kendra-ranking:ListRescoreExecutionPlans": {}, + "kendra:CreateIndex": {}, + "kendra:ListIndices": {}, + "kinesis:DescribeLimits": {}, + "kinesis:DisableEnhancedMonitoring": {}, + "kinesis:EnableEnhancedMonitoring": {}, + "kinesis:ListStreams": {}, + "kinesis:UpdateShardCount": {}, + "kinesis:UpdateStreamMode": {}, + "kinesisanalytics:CreateApplication": {}, + "kinesisanalytics:DiscoverInputSchema": {}, + "kinesisanalytics:ListApplications": {}, + "kinesisvideo:ListEdgeAgentConfigurations": {}, + "kinesisvideo:ListSignalingChannels": {}, + "kinesisvideo:ListStreams": {}, + "kms:ConnectCustomKeyStore": {}, + "kms:CreateCustomKeyStore": {}, + "kms:CreateKey": {}, + "kms:DeleteCustomKeyStore": {}, + "kms:DescribeCustomKeyStores": {}, + "kms:DisconnectCustomKeyStore": {}, + "kms:GenerateRandom": {}, + "kms:ListAliases": {}, + "kms:ListKeys": {}, + "kms:ListRetirableGrants": {}, + "kms:UpdateCustomKeyStore": {}, + "lakeformation:AddLFTagsToResource": {}, + "lakeformation:BatchGrantPermissions": {}, + "lakeformation:BatchRevokePermissions": {}, + "lakeformation:CancelTransaction": {}, + "lakeformation:CommitTransaction": {}, + "lakeformation:CreateDataCellsFilter": {}, + "lakeformation:CreateLFTag": {}, + "lakeformation:CreateLakeFormationOptIn": {}, + "lakeformation:DeleteDataCellsFilter": {}, + "lakeformation:DeleteLFTag": {}, + "lakeformation:DeleteLakeFormationOptIn": {}, + "lakeformation:DeleteObjectsOnCancel": {}, + "lakeformation:DeregisterResource": {}, + "lakeformation:DescribeResource": {}, + "lakeformation:DescribeTransaction": {}, + "lakeformation:ExtendTransaction": {}, + "lakeformation:GetDataAccess": {}, + "lakeformation:GetDataCellsFilter": {}, + "lakeformation:GetDataLakeSettings": {}, + "lakeformation:GetEffectivePermissionsForPath": {}, + "lakeformation:GetLFTag": {}, + "lakeformation:GetQueryState": {}, + "lakeformation:GetQueryStatistics": {}, + "lakeformation:GetResourceLFTags": {}, + "lakeformation:GetTableObjects": {}, + "lakeformation:GetWorkUnitResults": {}, + "lakeformation:GetWorkUnits": {}, + "lakeformation:GrantPermissions": {}, + "lakeformation:ListDataCellsFilter": {}, + "lakeformation:ListLFTags": {}, + "lakeformation:ListLakeFormationOptIns": {}, + "lakeformation:ListPermissions": {}, + "lakeformation:ListResources": {}, + "lakeformation:ListTableStorageOptimizers": {}, + "lakeformation:ListTransactions": {}, + "lakeformation:PutDataLakeSettings": {}, + "lakeformation:RegisterResource": {}, + "lakeformation:RemoveLFTagsFromResource": {}, + "lakeformation:RevokePermissions": {}, + "lakeformation:SearchDatabasesByLFTags": {}, + "lakeformation:SearchTablesByLFTags": {}, + "lakeformation:StartQueryPlanning": {}, + "lakeformation:StartTransaction": {}, + "lakeformation:UpdateDataCellsFilter": {}, + "lakeformation:UpdateLFTag": {}, + "lakeformation:UpdateResource": {}, + "lakeformation:UpdateTableObjects": {}, + "lakeformation:UpdateTableStorageOptimizer": {}, + "lambda:CreateCodeSigningConfig": {}, + "lambda:CreateEventSourceMapping": {}, + "lambda:GetAccountSettings": {}, + "lambda:ListCodeSigningConfigs": {}, + "lambda:ListEventSourceMappings": {}, + "lambda:ListFunctions": {}, + "lambda:ListLayerVersions": {}, + "lambda:ListLayers": {}, + "launchwizard:CreateAdditionalNode": {}, + "launchwizard:CreateDeployment": {}, + "launchwizard:CreateSettingsSet": {}, + "launchwizard:DeleteAdditionalNode": {}, + "launchwizard:DeleteApp": {}, + "launchwizard:DeleteDeployment": {}, + "launchwizard:DeleteSettingsSet": {}, + "launchwizard:DescribeAdditionalNode": {}, + "launchwizard:DescribeProvisionedApp": {}, + "launchwizard:DescribeProvisioningEvents": {}, + "launchwizard:DescribeSettingsSet": {}, + "launchwizard:GetDeployment": {}, + "launchwizard:GetInfrastructureSuggestion": {}, + "launchwizard:GetIpAddress": {}, + "launchwizard:GetResourceCostEstimate": {}, + "launchwizard:GetResourceRecommendation": {}, + "launchwizard:GetSettingsSet": {}, + "launchwizard:GetWorkload": {}, + "launchwizard:GetWorkloadAsset": {}, + "launchwizard:GetWorkloadAssets": {}, + "launchwizard:ListAdditionalNodes": {}, + "launchwizard:ListAllowedResources": {}, + "launchwizard:ListDeploymentEvents": {}, + "launchwizard:ListDeployments": {}, + "launchwizard:ListProvisionedApps": {}, + "launchwizard:ListResourceCostEstimates": {}, + "launchwizard:ListSettingsSets": {}, + "launchwizard:ListWorkloadDeploymentOptions": {}, + "launchwizard:ListWorkloadDeploymentPatterns": {}, + "launchwizard:ListWorkloads": {}, + "launchwizard:PutSettingsSet": {}, + "launchwizard:StartProvisioning": {}, + "launchwizard:UpdateSettingsSet": {}, + "lex:CreateTestSet": {}, + "lex:CreateUploadUrl": {}, + "lex:GetBotAliases": {}, + "lex:GetBots": {}, + "lex:GetBuiltinIntent": {}, + "lex:GetBuiltinIntents": {}, + "lex:GetBuiltinSlotTypes": {}, + "lex:GetImport": {}, + "lex:GetIntents": {}, + "lex:GetMigration": {}, + "lex:GetMigrations": {}, + "lex:GetSlotTypes": {}, + "lex:ListBots": {}, + "lex:ListBuiltInIntents": {}, + "lex:ListBuiltInSlotTypes": {}, + "lex:ListExports": {}, + "lex:ListImports": {}, + "lex:ListTestExecutions": {}, + "lex:ListTestSets": {}, + "lex:StartImport": {}, + "license-manager-linux-subscriptions:GetServiceSettings": {}, + "license-manager-linux-subscriptions:ListLinuxSubscriptionInstances": {}, + "license-manager-linux-subscriptions:ListLinuxSubscriptions": {}, + "license-manager-linux-subscriptions:UpdateServiceSettings": {}, + "license-manager-user-subscriptions:AssociateUser": {}, + "license-manager-user-subscriptions:DeregisterIdentityProvider": {}, + "license-manager-user-subscriptions:DisassociateUser": {}, + "license-manager-user-subscriptions:ListIdentityProviders": {}, + "license-manager-user-subscriptions:ListInstances": {}, + "license-manager-user-subscriptions:ListProductSubscriptions": {}, + "license-manager-user-subscriptions:ListUserAssociations": {}, + "license-manager-user-subscriptions:RegisterIdentityProvider": {}, + "license-manager-user-subscriptions:StartProductSubscription": {}, + "license-manager-user-subscriptions:StopProductSubscription": {}, + "license-manager-user-subscriptions:UpdateIdentityProviderSettings": {}, + "license-manager:CheckInLicense": {}, + "license-manager:CheckoutLicense": {}, + "license-manager:CreateLicense": {}, + "license-manager:CreateLicenseConfiguration": {}, + "license-manager:CreateLicenseConversionTaskForResource": {}, + "license-manager:CreateLicenseManagerReportGenerator": {}, + "license-manager:DeleteToken": {}, + "license-manager:ExtendLicenseConsumption": {}, + "license-manager:GetAccessToken": {}, + "license-manager:GetLicenseConversionTask": {}, + "license-manager:GetServiceSettings": {}, + "license-manager:ListDistributedGrants": {}, + "license-manager:ListLicenseConfigurations": {}, + "license-manager:ListLicenseConversionTasks": {}, + "license-manager:ListLicenseSpecificationsForResource": {}, + "license-manager:ListLicenses": {}, + "license-manager:ListReceivedGrants": {}, + "license-manager:ListReceivedGrantsForOrganization": {}, + "license-manager:ListReceivedLicenses": {}, + "license-manager:ListReceivedLicensesForOrganization": {}, + "license-manager:ListResourceInventory": {}, + "license-manager:ListTokens": {}, + "license-manager:UpdateServiceSettings": {}, + "lightsail:AllocateStaticIp": {}, + "lightsail:CopySnapshot": {}, + "lightsail:CreateBucket": {}, + "lightsail:CreateCertificate": {}, + "lightsail:CreateCloudFormationStack": {}, + "lightsail:CreateContactMethod": {}, + "lightsail:CreateContainerService": {}, + "lightsail:CreateContainerServiceRegistryLogin": {}, + "lightsail:CreateDisk": {}, + "lightsail:CreateDistribution": {}, + "lightsail:CreateDomain": {}, + "lightsail:CreateInstances": {}, + "lightsail:CreateKeyPair": {}, + "lightsail:CreateLoadBalancer": {}, + "lightsail:CreateRelationalDatabase": {}, + "lightsail:CreateRelationalDatabaseSnapshot": {}, + "lightsail:DeleteAutoSnapshot": {}, + "lightsail:DeleteContactMethod": {}, + "lightsail:DisableAddOn": {}, + "lightsail:DownloadDefaultKeyPair": {}, + "lightsail:EnableAddOn": {}, + "lightsail:GetActiveNames": {}, + "lightsail:GetAlarms": {}, + "lightsail:GetAutoSnapshots": {}, + "lightsail:GetBlueprints": {}, + "lightsail:GetBucketAccessKeys": {}, + "lightsail:GetBucketBundles": {}, + "lightsail:GetBucketMetricData": {}, + "lightsail:GetBuckets": {}, + "lightsail:GetBundles": {}, + "lightsail:GetCertificates": {}, + "lightsail:GetCloudFormationStackRecords": {}, + "lightsail:GetContactMethods": {}, + "lightsail:GetContainerAPIMetadata": {}, + "lightsail:GetContainerImages": {}, + "lightsail:GetContainerLog": {}, + "lightsail:GetContainerServiceDeployments": {}, + "lightsail:GetContainerServiceMetricData": {}, + "lightsail:GetContainerServicePowers": {}, + "lightsail:GetContainerServices": {}, + "lightsail:GetDisk": {}, + "lightsail:GetDiskSnapshot": {}, + "lightsail:GetDiskSnapshots": {}, + "lightsail:GetDisks": {}, + "lightsail:GetDistributionBundles": {}, + "lightsail:GetDistributionLatestCacheReset": {}, + "lightsail:GetDistributionMetricData": {}, + "lightsail:GetDistributions": {}, + "lightsail:GetDomain": {}, + "lightsail:GetDomains": {}, + "lightsail:GetExportSnapshotRecords": {}, + "lightsail:GetInstance": {}, + "lightsail:GetInstanceMetricData": {}, + "lightsail:GetInstancePortStates": {}, + "lightsail:GetInstanceSnapshot": {}, + "lightsail:GetInstanceSnapshots": {}, + "lightsail:GetInstanceState": {}, + "lightsail:GetInstances": {}, + "lightsail:GetKeyPair": {}, + "lightsail:GetKeyPairs": {}, + "lightsail:GetLoadBalancer": {}, + "lightsail:GetLoadBalancerMetricData": {}, + "lightsail:GetLoadBalancerTlsCertificates": {}, + "lightsail:GetLoadBalancerTlsPolicies": {}, + "lightsail:GetLoadBalancers": {}, + "lightsail:GetOperation": {}, + "lightsail:GetOperations": {}, + "lightsail:GetOperationsForResource": {}, + "lightsail:GetRegions": {}, + "lightsail:GetRelationalDatabase": {}, + "lightsail:GetRelationalDatabaseBlueprints": {}, + "lightsail:GetRelationalDatabaseBundles": {}, + "lightsail:GetRelationalDatabaseEvents": {}, + "lightsail:GetRelationalDatabaseLogEvents": {}, + "lightsail:GetRelationalDatabaseLogStreams": {}, + "lightsail:GetRelationalDatabaseMetricData": {}, + "lightsail:GetRelationalDatabaseParameters": {}, + "lightsail:GetRelationalDatabaseSnapshot": {}, + "lightsail:GetRelationalDatabaseSnapshots": {}, + "lightsail:GetRelationalDatabases": {}, + "lightsail:GetStaticIp": {}, + "lightsail:GetStaticIps": {}, + "lightsail:ImportKeyPair": {}, + "lightsail:IsVpcPeered": {}, + "lightsail:PeerVpc": {}, + "lightsail:SendContactMethodVerification": {}, + "lightsail:UnpeerVpc": {}, + "logs:CancelExportTask": {}, + "logs:CreateLogDelivery": {}, + "logs:DeleteAccountPolicy": {}, + "logs:DeleteLogDelivery": {}, + "logs:DeleteQueryDefinition": {}, + "logs:DeleteResourcePolicy": {}, + "logs:DescribeAccountPolicies": {}, + "logs:DescribeDeliveries": {}, + "logs:DescribeDeliveryDestinations": {}, + "logs:DescribeDeliverySources": {}, + "logs:DescribeDestinations": {}, + "logs:DescribeExportTasks": {}, + "logs:DescribeLogGroups": {}, + "logs:DescribeQueries": {}, + "logs:DescribeQueryDefinitions": {}, + "logs:DescribeResourcePolicies": {}, + "logs:GetLogDelivery": {}, + "logs:Link": {}, + "logs:ListLogDeliveries": {}, + "logs:PutAccountPolicy": {}, + "logs:PutQueryDefinition": {}, + "logs:PutResourcePolicy": {}, + "logs:StartLiveTail": {}, + "logs:StopLiveTail": {}, + "logs:StopQuery": {}, + "logs:TestMetricFilter": {}, + "logs:UpdateLogDelivery": {}, + "lookoutequipment:DescribeDataIngestionJob": {}, + "lookoutequipment:ListDatasets": {}, + "lookoutequipment:ListInferenceSchedulers": {}, + "lookoutequipment:ListModels": {}, + "lookoutequipment:ListRetrainingSchedulers": {}, + "lookoutmetrics:GetSampleData": {}, + "lookoutmetrics:ListAnomalyDetectors": {}, + "lookoutvision:CreateDataset": {}, + "lookoutvision:DeleteDataset": {}, + "lookoutvision:DescribeDataset": {}, + "lookoutvision:DescribeModelPackagingJob": {}, + "lookoutvision:DescribeTrialDetection": {}, + "lookoutvision:ListDatasetEntries": {}, + "lookoutvision:ListModelPackagingJobs": {}, + "lookoutvision:ListModels": {}, + "lookoutvision:ListProjects": {}, + "lookoutvision:ListTrialDetections": {}, + "lookoutvision:StartTrialDetection": {}, + "lookoutvision:UpdateDatasetEntries": {}, + "m2:CreateApplication": {}, + "m2:CreateEnvironment": {}, + "m2:GetSignedBluinsightsUrl": {}, + "m2:ListApplications": {}, + "m2:ListEngineVersions": {}, + "m2:ListEnvironments": {}, + "m2:ListTagsForResource": {}, + "machinelearning:DescribeBatchPredictions": {}, + "machinelearning:DescribeDataSources": {}, + "machinelearning:DescribeEvaluations": {}, + "machinelearning:DescribeMLModels": {}, + "macie2:AcceptInvitation": {}, + "macie2:CreateAllowList": {}, + "macie2:CreateInvitations": {}, + "macie2:CreateSampleFindings": {}, + "macie2:DeclineInvitations": {}, + "macie2:DeleteInvitations": {}, + "macie2:DescribeBuckets": {}, + "macie2:DescribeOrganizationConfiguration": {}, + "macie2:DisableMacie": {}, + "macie2:DisableOrganizationAdminAccount": {}, + "macie2:DisassociateFromAdministratorAccount": {}, + "macie2:DisassociateFromMasterAccount": {}, + "macie2:EnableMacie": {}, + "macie2:EnableOrganizationAdminAccount": {}, + "macie2:GetAdministratorAccount": {}, + "macie2:GetAutomatedDiscoveryConfiguration": {}, + "macie2:GetBucketStatistics": {}, + "macie2:GetClassificationExportConfiguration": {}, + "macie2:GetClassificationScope": {}, + "macie2:GetFindingStatistics": {}, + "macie2:GetFindings": {}, + "macie2:GetFindingsPublicationConfiguration": {}, + "macie2:GetInvitationsCount": {}, + "macie2:GetMacieSession": {}, + "macie2:GetMasterAccount": {}, + "macie2:GetResourceProfile": {}, + "macie2:GetRevealConfiguration": {}, + "macie2:GetSensitiveDataOccurrences": {}, + "macie2:GetSensitiveDataOccurrencesAvailability": {}, + "macie2:GetSensitivityInspectionTemplate": {}, + "macie2:GetUsageStatistics": {}, + "macie2:GetUsageTotals": {}, + "macie2:ListAllowLists": {}, + "macie2:ListClassificationJobs": {}, + "macie2:ListClassificationScopes": {}, + "macie2:ListCustomDataIdentifiers": {}, + "macie2:ListFindings": {}, + "macie2:ListFindingsFilters": {}, + "macie2:ListInvitations": {}, + "macie2:ListManagedDataIdentifiers": {}, + "macie2:ListMembers": {}, + "macie2:ListOrganizationAdminAccounts": {}, + "macie2:ListResourceProfileArtifacts": {}, + "macie2:ListResourceProfileDetections": {}, + "macie2:ListSensitivityInspectionTemplates": {}, + "macie2:PutClassificationExportConfiguration": {}, + "macie2:PutFindingsPublicationConfiguration": {}, + "macie2:SearchResources": {}, + "macie2:TestCustomDataIdentifier": {}, + "macie2:UpdateAutomatedDiscoveryConfiguration": {}, + "macie2:UpdateClassificationScope": {}, + "macie2:UpdateMacieSession": {}, + "macie2:UpdateMemberSession": {}, + "macie2:UpdateOrganizationConfiguration": {}, + "macie2:UpdateResourceProfile": {}, + "macie2:UpdateResourceProfileDetections": {}, + "macie2:UpdateRevealConfiguration": {}, + "macie2:UpdateSensitivityInspectionTemplate": {}, + "managedblockchain-query:BatchGetTokenBalance": {}, + "managedblockchain-query:GetAssetContract": {}, + "managedblockchain-query:GetTokenBalance": {}, + "managedblockchain-query:GetTransaction": {}, + "managedblockchain-query:ListAssetContracts": {}, + "managedblockchain-query:ListTokenBalances": {}, + "managedblockchain-query:ListTransactionEvents": {}, + "managedblockchain-query:ListTransactions": {}, + "managedblockchain:CreateAccessor": {}, + "managedblockchain:CreateNetwork": {}, + "managedblockchain:GET": {}, + "managedblockchain:Invoke": {}, + "managedblockchain:InvokeRpcBitcoinMainnet": {}, + "managedblockchain:InvokeRpcBitcoinTestnet": {}, + "managedblockchain:InvokeRpcPolygonMainnet": {}, + "managedblockchain:InvokeRpcPolygonMumbaiTestnet": {}, + "managedblockchain:ListAccessors": {}, + "managedblockchain:ListInvitations": {}, + "managedblockchain:ListNetworks": {}, + "managedblockchain:POST": {}, + "mechanicalturk:AcceptQualificationRequest": {}, + "mechanicalturk:ApproveAssignment": {}, + "mechanicalturk:AssociateQualificationWithWorker": {}, + "mechanicalturk:CreateAdditionalAssignmentsForHIT": {}, + "mechanicalturk:CreateHIT": {}, + "mechanicalturk:CreateHITType": {}, + "mechanicalturk:CreateHITWithHITType": {}, + "mechanicalturk:CreateQualificationType": {}, + "mechanicalturk:CreateWorkerBlock": {}, + "mechanicalturk:DeleteHIT": {}, + "mechanicalturk:DeleteQualificationType": {}, + "mechanicalturk:DeleteWorkerBlock": {}, + "mechanicalturk:DisassociateQualificationFromWorker": {}, + "mechanicalturk:GetAccountBalance": {}, + "mechanicalturk:GetAssignment": {}, + "mechanicalturk:GetFileUploadURL": {}, + "mechanicalturk:GetHIT": {}, + "mechanicalturk:GetQualificationScore": {}, + "mechanicalturk:GetQualificationType": {}, + "mechanicalturk:ListAssignmentsForHIT": {}, + "mechanicalturk:ListBonusPayments": {}, + "mechanicalturk:ListHITs": {}, + "mechanicalturk:ListHITsForQualificationType": {}, + "mechanicalturk:ListQualificationRequests": {}, + "mechanicalturk:ListQualificationTypes": {}, + "mechanicalturk:ListReviewPolicyResultsForHIT": {}, + "mechanicalturk:ListReviewableHITs": {}, + "mechanicalturk:ListWorkerBlocks": {}, + "mechanicalturk:ListWorkersWithQualificationType": {}, + "mechanicalturk:NotifyWorkers": {}, + "mechanicalturk:RejectAssignment": {}, + "mechanicalturk:RejectQualificationRequest": {}, + "mechanicalturk:SendBonus": {}, + "mechanicalturk:SendTestEventNotification": {}, + "mechanicalturk:UpdateExpirationForHIT": {}, + "mechanicalturk:UpdateHITReviewStatus": {}, + "mechanicalturk:UpdateHITTypeOfHIT": {}, + "mechanicalturk:UpdateNotificationSettings": {}, + "mechanicalturk:UpdateQualificationType": {}, + "mediaconnect:AddFlowMediaStreams": {}, + "mediaconnect:AddFlowOutputs": {}, + "mediaconnect:AddFlowSources": {}, + "mediaconnect:AddFlowVpcInterfaces": {}, + "mediaconnect:CreateFlow": {}, + "mediaconnect:DeleteFlow": {}, + "mediaconnect:DescribeFlow": {}, + "mediaconnect:DescribeOffering": {}, + "mediaconnect:DescribeReservation": {}, + "mediaconnect:DiscoverGatewayPollEndpoint": {}, + "mediaconnect:GrantFlowEntitlements": {}, + "mediaconnect:ListEntitlements": {}, + "mediaconnect:ListFlows": {}, + "mediaconnect:ListGateways": {}, + "mediaconnect:ListOfferings": {}, + "mediaconnect:ListReservations": {}, + "mediaconnect:ListTagsForResource": {}, + "mediaconnect:PollGateway": {}, + "mediaconnect:PurchaseOffering": {}, + "mediaconnect:RemoveFlowMediaStream": {}, + "mediaconnect:RemoveFlowOutput": {}, + "mediaconnect:RemoveFlowSource": {}, + "mediaconnect:RemoveFlowVpcInterface": {}, + "mediaconnect:RevokeFlowEntitlement": {}, + "mediaconnect:StartFlow": {}, + "mediaconnect:StopFlow": {}, + "mediaconnect:SubmitGatewayStateChange": {}, + "mediaconnect:TagResource": {}, + "mediaconnect:UntagResource": {}, + "mediaconnect:UpdateFlow": {}, + "mediaconnect:UpdateFlowEntitlement": {}, + "mediaconnect:UpdateFlowMediaStream": {}, + "mediaconnect:UpdateFlowOutput": {}, + "mediaconnect:UpdateFlowSource": {}, + "mediaconvert:AssociateCertificate": {}, + "mediaconvert:CreatePreset": {}, + "mediaconvert:CreateQueue": {}, + "mediaconvert:DeletePolicy": {}, + "mediaconvert:DescribeEndpoints": {}, + "mediaconvert:DisassociateCertificate": {}, + "mediaconvert:GetPolicy": {}, + "mediaconvert:ListJobTemplates": {}, + "mediaconvert:ListPresets": {}, + "mediaconvert:ListQueues": {}, + "mediaconvert:PutPolicy": {}, + "mediaimport:CreateDatabaseBinarySnapshot": {}, + "medialive:BatchDelete": {}, + "medialive:BatchStart": {}, + "medialive:BatchStop": {}, + "medialive:DescribeAccountConfiguration": {}, + "medialive:ListChannels": {}, + "medialive:ListInputDeviceTransfers": {}, + "medialive:ListInputDevices": {}, + "medialive:ListInputSecurityGroups": {}, + "medialive:ListInputs": {}, + "medialive:ListMultiplexPrograms": {}, + "medialive:ListMultiplexes": {}, + "medialive:ListOfferings": {}, + "medialive:ListReservations": {}, + "medialive:UpdateAccountConfiguration": {}, + "mediapackage-vod:CreateAsset": {}, + "mediapackage-vod:CreatePackagingConfiguration": {}, + "mediapackage-vod:CreatePackagingGroup": {}, + "mediapackage-vod:ListAssets": {}, + "mediapackage-vod:ListPackagingConfigurations": {}, + "mediapackage-vod:ListPackagingGroups": {}, + "mediapackage:CreateChannel": {}, + "mediapackage:CreateHarvestJob": {}, + "mediapackage:CreateOriginEndpoint": {}, + "mediapackage:ListChannels": {}, + "mediapackage:ListHarvestJobs": {}, + "mediapackage:ListOriginEndpoints": {}, + "mediapackagev2:ListChannelGroups": {}, + "mediastore:CreateContainer": {}, + "mediastore:ListContainers": {}, + "mediatailor:CreateChannel": {}, + "mediatailor:CreateLiveSource": {}, + "mediatailor:CreateProgram": {}, + "mediatailor:CreateSourceLocation": {}, + "mediatailor:CreateVodSource": {}, + "mediatailor:ListAlerts": {}, + "mediatailor:ListChannels": {}, + "mediatailor:ListLiveSources": {}, + "mediatailor:ListPlaybackConfigurations": {}, + "mediatailor:ListSourceLocations": {}, + "mediatailor:ListVodSources": {}, + "mediatailor:PutPlaybackConfiguration": {}, + "medical-imaging:CreateDatastore": {}, + "medical-imaging:ListDatastores": {}, + "memorydb:CreateParameterGroup": {}, + "memorydb:CreateSubnetGroup": {}, + "memorydb:CreateUser": {}, + "memorydb:DescribeEngineVersions": {}, + "memorydb:DescribeEvents": {}, + "memorydb:DescribeReservedNodesOfferings": {}, + "memorydb:DescribeServiceUpdates": {}, + "mgh:CreateHomeRegionControl": {}, + "mgh:DeleteHomeRegionControl": {}, + "mgh:DescribeApplicationState": {}, + "mgh:DescribeHomeRegionControls": {}, + "mgh:GetHomeRegion": {}, + "mgh:ListApplicationStates": {}, + "mgh:ListMigrationTasks": {}, + "mgh:ListProgressUpdateStreams": {}, + "mgh:NotifyApplicationState": {}, + "mgn:BatchDeleteSnapshotRequestForMgn": {}, + "mgn:CreateApplication": {}, + "mgn:CreateConnector": {}, + "mgn:CreateLaunchConfigurationTemplate": {}, + "mgn:CreateReplicationConfigurationTemplate": {}, + "mgn:CreateVcenterClientForMgn": {}, + "mgn:CreateWave": {}, + "mgn:DescribeJobs": {}, + "mgn:DescribeLaunchConfigurationTemplates": {}, + "mgn:DescribeReplicationConfigurationTemplates": {}, + "mgn:DescribeReplicationServerAssociationsForMgn": {}, + "mgn:DescribeSnapshotRequestsForMgn": {}, + "mgn:DescribeSourceServers": {}, + "mgn:DescribeVcenterClients": {}, + "mgn:GetAgentInstallationAssetsForMgn": {}, + "mgn:GetChannelCommandsForMgn": {}, + "mgn:InitializeService": {}, + "mgn:ListApplications": {}, + "mgn:ListConnectors": {}, + "mgn:ListExports": {}, + "mgn:ListImports": {}, + "mgn:ListManagedAccounts": {}, + "mgn:ListTagsForResource": {}, + "mgn:ListWaves": {}, + "mgn:RegisterAgentForMgn": {}, + "mgn:SendChannelCommandResultForMgn": {}, + "mgn:SendClientLogsForMgn": {}, + "mgn:SendClientMetricsForMgn": {}, + "mgn:StartExport": {}, + "mgn:StartImport": {}, + "mgn:VerifyClientRoleForMgn": {}, + "migrationhub-orchestrator:CreateWorkflow": {}, + "migrationhub-orchestrator:GetMessage": {}, + "migrationhub-orchestrator:GetTemplate": {}, + "migrationhub-orchestrator:GetTemplateStep": {}, + "migrationhub-orchestrator:GetTemplateStepGroup": {}, + "migrationhub-orchestrator:ListPlugins": {}, + "migrationhub-orchestrator:ListTemplateStepGroups": {}, + "migrationhub-orchestrator:ListTemplateSteps": {}, + "migrationhub-orchestrator:ListTemplates": {}, + "migrationhub-orchestrator:ListWorkflows": {}, + "migrationhub-orchestrator:RegisterPlugin": {}, + "migrationhub-orchestrator:SendMessage": {}, + "migrationhub-strategy:GetAntiPattern": {}, + "migrationhub-strategy:GetApplicationComponentDetails": {}, + "migrationhub-strategy:GetApplicationComponentStrategies": {}, + "migrationhub-strategy:GetAssessment": {}, + "migrationhub-strategy:GetImportFileTask": {}, + "migrationhub-strategy:GetLatestAssessmentId": {}, + "migrationhub-strategy:GetMessage": {}, + "migrationhub-strategy:GetPortfolioPreferences": {}, + "migrationhub-strategy:GetPortfolioSummary": {}, + "migrationhub-strategy:GetRecommendationReportDetails": {}, + "migrationhub-strategy:GetServerDetails": {}, + "migrationhub-strategy:GetServerStrategies": {}, + "migrationhub-strategy:ListAnalyzableServers": {}, + "migrationhub-strategy:ListAntiPatterns": {}, + "migrationhub-strategy:ListApplicationComponents": {}, + "migrationhub-strategy:ListCollectors": {}, + "migrationhub-strategy:ListImportFileTask": {}, + "migrationhub-strategy:ListJarArtifacts": {}, + "migrationhub-strategy:ListServers": {}, + "migrationhub-strategy:PutPortfolioPreferences": {}, + "migrationhub-strategy:RegisterCollector": {}, + "migrationhub-strategy:SendMessage": {}, + "migrationhub-strategy:StartAssessment": {}, + "migrationhub-strategy:StartImportFileTask": {}, + "migrationhub-strategy:StartRecommendationReportGeneration": {}, + "migrationhub-strategy:StopAssessment": {}, + "migrationhub-strategy:UpdateApplicationComponentConfig": {}, + "migrationhub-strategy:UpdateCollectorConfiguration": {}, + "migrationhub-strategy:UpdateServerConfig": {}, + "mobileanalytics:PutEvents": {}, + "monitron:CreateProject": {}, + "monitron:ListProjects": {}, + "mq:CreateBroker": {}, + "mq:CreateConfiguration": {}, + "mq:DescribeBrokerEngineTypes": {}, + "mq:DescribeBrokerInstanceOptions": {}, + "mq:ListBrokers": {}, + "mq:ListConfigurations": {}, + "network-firewall:ListRuleGroups": {}, + "networkmanager-chat:CancelMessageResponse": {}, + "networkmanager-chat:CreateConversation": {}, + "networkmanager-chat:DeleteConversation": {}, + "networkmanager-chat:ListConversationMessages": {}, + "networkmanager-chat:ListConversations": {}, + "networkmanager-chat:NotifyConversationIsActive": {}, + "networkmanager-chat:SendConversationMessage": {}, + "networkmanager:CreateGlobalNetwork": {}, + "networkmanager:ListCoreNetworks": {}, + "networkmanager:ListOrganizationServiceAccessStatus": {}, + "networkmanager:ListPeerings": {}, + "networkmanager:StartOrganizationServiceAccessUpdate": {}, + "nimble:GetFeatureMap": {}, + "nimble:ListStudios": {}, + "notifications-contacts:CreateEmailContact": {}, + "notifications-contacts:ListEmailContacts": {}, + "notifications-contacts:ListTagsForResource": {}, + "notifications:CreateEventRule": {}, + "notifications:CreateNotificationConfiguration": {}, + "notifications:DeregisterNotificationHub": {}, + "notifications:ListChannels": {}, + "notifications:ListEventRules": {}, + "notifications:ListNotificationConfigurations": {}, + "notifications:ListNotificationEvents": {}, + "notifications:ListNotificationHubs": {}, + "notifications:ListTagsForResource": {}, + "notifications:RegisterNotificationHub": {}, + "oam:CreateSink": {}, + "oam:ListLinks": {}, + "oam:ListSinks": {}, + "omics:AcceptShare": {}, + "omics:CreateAnnotationStore": {}, + "omics:CreateReferenceStore": {}, + "omics:CreateRunGroup": {}, + "omics:CreateSequenceStore": {}, + "omics:CreateShare": {}, + "omics:CreateVariantStore": {}, + "omics:CreateWorkflow": {}, + "omics:DeleteShare": {}, + "omics:GetShare": {}, + "omics:ListAnnotationImportJobs": {}, + "omics:ListAnnotationStores": {}, + "omics:ListReferenceStores": {}, + "omics:ListRunGroups": {}, + "omics:ListRuns": {}, + "omics:ListSequenceStores": {}, + "omics:ListShares": {}, + "omics:ListTagsForResource": {}, + "omics:ListVariantImportJobs": {}, + "omics:ListVariantStores": {}, + "omics:ListWorkflows": {}, + "omics:StartAnnotationImportJob": {}, + "omics:StartRun": {}, + "omics:StartVariantImportJob": {}, + "one:CreateDeviceConfigurationTemplate": {}, + "one:CreateDeviceInstance": {}, + "one:CreateSite": {}, + "one:ListDeviceConfigurationTemplates": {}, + "one:ListDeviceInstances": {}, + "one:ListSites": {}, + "one:ListUsers": {}, + "opsworks-cm:AssociateNode": {}, + "opsworks-cm:CreateBackup": {}, + "opsworks-cm:CreateServer": {}, + "opsworks-cm:DeleteBackup": {}, + "opsworks-cm:DeleteServer": {}, + "opsworks-cm:DescribeAccountAttributes": {}, + "opsworks-cm:DescribeBackups": {}, + "opsworks-cm:DescribeEvents": {}, + "opsworks-cm:DescribeNodeAssociationStatus": {}, + "opsworks-cm:DescribeServers": {}, + "opsworks-cm:DisassociateNode": {}, + "opsworks-cm:ExportServerEngineAttribute": {}, + "opsworks-cm:ListTagsForResource": {}, + "opsworks-cm:RestoreServer": {}, + "opsworks-cm:StartMaintenance": {}, + "opsworks-cm:TagResource": {}, + "opsworks-cm:UntagResource": {}, + "opsworks-cm:UpdateServer": {}, + "opsworks-cm:UpdateServerEngineAttributes": {}, + "opsworks:CreateStack": {}, + "opsworks:CreateUserProfile": {}, + "opsworks:DeleteUserProfile": {}, + "opsworks:DescribeMyUserProfile": {}, + "opsworks:DescribeOperatingSystems": {}, + "opsworks:DescribeUserProfiles": {}, + "opsworks:UpdateMyUserProfile": {}, + "opsworks:UpdateUserProfile": {}, + "organizations:CreateAccount": {}, + "organizations:CreateGovCloudAccount": {}, + "organizations:CreateOrganization": {}, + "organizations:CreatePolicy": {}, + "organizations:DeleteOrganization": {}, + "organizations:DeleteResourcePolicy": {}, + "organizations:DescribeCreateAccountStatus": {}, + "organizations:DescribeOrganization": {}, + "organizations:DescribeResourcePolicy": {}, + "organizations:DisableAWSServiceAccess": {}, + "organizations:EnableAWSServiceAccess": {}, + "organizations:EnableAllFeatures": {}, + "organizations:LeaveOrganization": {}, + "organizations:ListAWSServiceAccessForOrganization": {}, + "organizations:ListAccounts": {}, + "organizations:ListCreateAccountStatus": {}, + "organizations:ListDelegatedAdministrators": {}, + "organizations:ListHandshakesForAccount": {}, + "organizations:ListHandshakesForOrganization": {}, + "organizations:ListPolicies": {}, + "organizations:ListRoots": {}, + "osis:CreatePipeline": {}, + "osis:ListPipelineBlueprints": {}, + "osis:ListPipelines": {}, + "osis:ValidatePipeline": {}, + "outposts:CancelOrder": {}, + "outposts:CreatePrivateConnectivityConfig": {}, + "outposts:CreateSite": {}, + "outposts:GetCatalogItem": {}, + "outposts:GetConnection": {}, + "outposts:GetOrder": {}, + "outposts:GetPrivateConnectivityConfig": {}, + "outposts:ListAssets": {}, + "outposts:ListCatalogItems": {}, + "outposts:ListOrders": {}, + "outposts:ListOutposts": {}, + "outposts:ListSites": {}, + "outposts:ListTagsForResource": {}, + "outposts:StartConnection": {}, + "panorama:CreateApplicationInstance": {}, + "panorama:CreateJobForDevices": {}, + "panorama:CreateNodeFromTemplateJob": {}, + "panorama:CreatePackage": {}, + "panorama:CreatePackageImportJob": {}, + "panorama:DescribeDeviceJob": {}, + "panorama:DescribeNode": {}, + "panorama:DescribeNodeFromTemplateJob": {}, + "panorama:DescribePackageImportJob": {}, + "panorama:DescribeSoftware": {}, + "panorama:GetWebSocketURL": {}, + "panorama:ListDevices": {}, + "panorama:ListNodeFromTemplateJobs": {}, + "panorama:ListNodes": {}, + "panorama:ListPackageImportJobs": {}, + "panorama:ListPackages": {}, + "panorama:ProvisionDevice": {}, + "partnercentral-account-management:AssociatePartnerAccount": {}, + "partnercentral-account-management:AssociatePartnerUser": {}, + "partnercentral-account-management:DisassociatePartnerUser": {}, + "payment-cryptography:CreateKey": {}, + "payment-cryptography:DecryptData": {}, + "payment-cryptography:EncryptData": {}, + "payment-cryptography:GenerateCardValidationData": {}, + "payment-cryptography:GenerateMac": {}, + "payment-cryptography:GeneratePinData": {}, + "payment-cryptography:GetParametersForExport": {}, + "payment-cryptography:GetParametersForImport": {}, + "payment-cryptography:ImportKey": {}, + "payment-cryptography:ReEncryptData": {}, + "payment-cryptography:TranslatePinData": {}, + "payment-cryptography:VerifyAuthRequestCryptogram": {}, + "payment-cryptography:VerifyCardValidationData": {}, + "payment-cryptography:VerifyMac": {}, + "payment-cryptography:VerifyPinData": {}, + "payments:CreatePaymentInstrument": {}, + "payments:DeletePaymentInstrument": {}, + "payments:GetPaymentInstrument": {}, + "payments:GetPaymentStatus": {}, + "payments:ListPaymentPreferences": {}, + "payments:MakePayment": {}, + "payments:UpdatePaymentPreferences": {}, + "pca-connector-ad:CreateConnector": {}, + "pca-connector-ad:CreateDirectoryRegistration": {}, + "pca-connector-ad:ListConnectors": {}, + "pca-connector-ad:ListDirectoryRegistrations": {}, + "pca-connector-ad:ListTagsForResource": {}, + "personalize:ListBatchInferenceJobs": {}, + "personalize:ListBatchSegmentJobs": {}, + "personalize:ListCampaigns": {}, + "personalize:ListDataInsightsJobs": {}, + "personalize:ListDatasetExportJobs": {}, + "personalize:ListDatasetGroups": {}, + "personalize:ListDatasetImportJobs": {}, + "personalize:ListDatasets": {}, + "personalize:ListEventTrackers": {}, + "personalize:ListFilters": {}, + "personalize:ListMetricAttributionMetrics": {}, + "personalize:ListMetricAttributions": {}, + "personalize:ListRecipes": {}, + "personalize:ListRecommenders": {}, + "personalize:ListSchemas": {}, + "personalize:ListSolutionVersions": {}, + "personalize:ListSolutions": {}, + "personalize:ListTagsForResource": {}, + "personalize:PutActionInteractions": {}, + "personalize:PutEvents": {}, + "personalize:TagResource": {}, + "personalize:UntagResource": {}, + "pipes:ListPipes": {}, + "polly:DescribeVoices": {}, + "polly:GetSpeechSynthesisTask": {}, + "polly:ListLexicons": {}, + "polly:ListSpeechSynthesisTasks": {}, + "pricing:DescribeServices": {}, + "pricing:GetAttributeValues": {}, + "pricing:GetPriceListFileUrl": {}, + "pricing:GetProducts": {}, + "pricing:ListPriceLists": {}, + "private-networks:ListNetworks": {}, + "private-networks:ListTagsForResource": {}, + "private-networks:Ping": {}, + "profile:GetProfileObjectTypeTemplate": {}, + "profile:ListAccountIntegrations": {}, + "profile:ListDomains": {}, + "profile:ListProfileObjectTypeTemplates": {}, + "proton:CreateEnvironmentAccountConnection": {}, + "proton:CreateServiceSyncConfig": {}, + "proton:CreateTemplateSyncConfig": {}, + "proton:DeleteAccountRoles": {}, + "proton:DeleteServiceSyncConfig": {}, + "proton:DeleteTemplateSyncConfig": {}, + "proton:GetAccountRoles": {}, + "proton:GetAccountSettings": {}, + "proton:GetRepositorySyncStatus": {}, + "proton:GetResourceTemplateVersionStatusCounts": {}, + "proton:GetResourcesSummary": {}, + "proton:GetServiceInstanceSyncStatus": {}, + "proton:GetServiceSyncBlockerSummary": {}, + "proton:GetServiceSyncConfig": {}, + "proton:GetTemplateSyncConfig": {}, + "proton:GetTemplateSyncStatus": {}, + "proton:ListDeployments": {}, + "proton:ListEnvironmentAccountConnections": {}, + "proton:ListEnvironmentTemplates": {}, + "proton:ListEnvironments": {}, + "proton:ListRepositories": {}, + "proton:ListRepositorySyncDefinitions": {}, + "proton:ListServiceInstances": {}, + "proton:ListServiceTemplates": {}, + "proton:ListServices": {}, + "proton:UpdateAccountRoles": {}, + "proton:UpdateAccountSettings": {}, + "proton:UpdateServiceSyncBlocker": {}, + "proton:UpdateServiceSyncConfig": {}, + "proton:UpdateTemplateSyncConfig": {}, + "purchase-orders:GetConsoleActionSetEnforced": {}, + "purchase-orders:ListPurchaseOrders": {}, + "purchase-orders:UpdateConsoleActionSetEnforced": {}, + "q:GetConversation": {}, + "q:GetTroubleshootingResults": {}, + "q:SendMessage": {}, + "q:StartConversation": {}, + "q:StartTroubleshootingAnalysis": {}, + "q:StartTroubleshootingResolutionExplanation": {}, + "qbusiness:AddUserLicenses": {}, + "qbusiness:CreateApplication": {}, + "qbusiness:CreateLicense": {}, + "qbusiness:ListApplications": {}, + "qbusiness:ListUserLicenses": {}, + "qbusiness:RemoveUserLicenses": {}, + "qldb:ListJournalS3Exports": {}, + "qldb:ListLedgers": {}, + "quicksight:AccountConfigurations": {}, + "quicksight:CreateAccountCustomization": {}, + "quicksight:CreateAccountSubscription": {}, + "quicksight:CreateCustomPermissions": {}, + "quicksight:CreateDataSource": {}, + "quicksight:CreateRoleMembership": {}, + "quicksight:CreateVPCConnection": {}, + "quicksight:DeleteCustomPermissions": {}, + "quicksight:DeleteIdentityPropagationConfig": {}, + "quicksight:DeleteRoleCustomPermission": {}, + "quicksight:DeleteRoleMembership": {}, + "quicksight:DescribeAccountSettings": {}, + "quicksight:DescribeCustomPermissions": {}, + "quicksight:DescribeIpRestriction": {}, + "quicksight:DescribeRoleCustomPermission": {}, + "quicksight:GetAnonymousUserEmbedUrl": {}, + "quicksight:GetGroupMapping": {}, + "quicksight:GetSessionEmbedUrl": {}, + "quicksight:ListCustomPermissions": {}, + "quicksight:ListCustomerManagedKeys": {}, + "quicksight:ListDataSets": {}, + "quicksight:ListDataSources": {}, + "quicksight:ListIdentityPropagationConfigs": {}, + "quicksight:ListIngestions": {}, + "quicksight:ListKMSKeysForUser": {}, + "quicksight:ListNamespaces": {}, + "quicksight:ListRefreshSchedules": {}, + "quicksight:ListRoleMemberships": {}, + "quicksight:ListTopicRefreshSchedules": {}, + "quicksight:ListTopics": {}, + "quicksight:ListVPCConnections": {}, + "quicksight:RegisterCustomerManagedKey": {}, + "quicksight:RemoveCustomerManagedKey": {}, + "quicksight:ScopeDownPolicy": {}, + "quicksight:SearchDirectoryGroups": {}, + "quicksight:SetGroupMapping": {}, + "quicksight:Subscribe": {}, + "quicksight:Unsubscribe": {}, + "quicksight:UpdateAccountSettings": {}, + "quicksight:UpdateCustomPermissions": {}, + "quicksight:UpdateIdentityPropagationConfig": {}, + "quicksight:UpdateIpRestriction": {}, + "quicksight:UpdatePublicSharingSettings": {}, + "quicksight:UpdateResourcePermissions": {}, + "quicksight:UpdateRoleCustomPermission": {}, + "ram:CreatePermission": {}, + "ram:CreateResourceShare": {}, + "ram:EnableSharingWithAwsOrganization": {}, + "ram:GetResourcePolicies": {}, + "ram:GetResourceShareAssociations": {}, + "ram:GetResourceShareInvitations": {}, + "ram:GetResourceShares": {}, + "ram:ListPermissionVersions": {}, + "ram:ListPermissions": {}, + "ram:ListPrincipals": {}, + "ram:ListReplacePermissionAssociationsWork": {}, + "ram:ListResourceTypes": {}, + "ram:ListResources": {}, + "rbin:ListRules": {}, + "rds:CancelExportTask": {}, + "rds:CreateDBProxy": {}, + "rds:CrossRegionCommunication": {}, + "rds:DescribeAccountAttributes": {}, + "rds:DescribeCertificates": {}, + "rds:DescribeDBEngineVersions": {}, + "rds:DescribeEngineDefaultClusterParameters": {}, + "rds:DescribeEngineDefaultParameters": {}, + "rds:DescribeEventCategories": {}, + "rds:DescribeEvents": {}, + "rds:DescribeExportTasks": {}, + "rds:DescribeOrderableDBInstanceOptions": {}, + "rds:DescribeRecommendationGroups": {}, + "rds:DescribeRecommendations": {}, + "rds:DescribeReservedDBInstancesOfferings": {}, + "rds:DescribeSourceRegions": {}, + "rds:ModifyCertificates": {}, + "rds:ModifyRecommendation": {}, + "rds:StartExportTask": {}, + "redshift-data:CancelStatement": {}, + "redshift-data:DescribeStatement": {}, + "redshift-data:GetStatementResult": {}, + "redshift-data:ListStatements": {}, + "redshift-serverless:CreateUsageLimit": {}, + "redshift-serverless:DeleteResourcePolicy": {}, + "redshift-serverless:DeleteScheduledAction": {}, + "redshift-serverless:DeleteSnapshotCopyConfiguration": {}, + "redshift-serverless:DeleteUsageLimit": {}, + "redshift-serverless:GetResourcePolicy": {}, + "redshift-serverless:GetScheduledAction": {}, + "redshift-serverless:GetTableRestoreStatus": {}, + "redshift-serverless:GetUsageLimit": {}, + "redshift-serverless:ListCustomDomainAssociations": {}, + "redshift-serverless:ListNamespaces": {}, + "redshift-serverless:ListScheduledActions": {}, + "redshift-serverless:ListTableRestoreStatus": {}, + "redshift-serverless:ListUsageLimits": {}, + "redshift-serverless:ListWorkgroups": {}, + "redshift-serverless:PutResourcePolicy": {}, + "redshift-serverless:UpdateScheduledAction": {}, + "redshift-serverless:UpdateSnapshotCopyConfiguration": {}, + "redshift-serverless:UpdateUsageLimit": {}, + "redshift-serverless:span": {}, + "redshift:AcceptReservedNodeExchange": {}, + "redshift:AddPartner": {}, + "redshift:AuthorizeEndpointAccess": {}, + "redshift:CancelQuery": {}, + "redshift:CancelQuerySession": {}, + "redshift:CreateAuthenticationProfile": {}, + "redshift:CreateEndpointAccess": {}, + "redshift:CreateRedshiftIdcApplication": {}, + "redshift:CreateSavedQuery": {}, + "redshift:CreateScheduledAction": {}, + "redshift:DeleteAuthenticationProfile": {}, + "redshift:DeleteEndpointAccess": {}, + "redshift:DeletePartner": {}, + "redshift:DeleteSavedQueries": {}, + "redshift:DeleteScheduledAction": {}, + "redshift:DescribeAccountAttributes": {}, + "redshift:DescribeAuthenticationProfiles": {}, + "redshift:DescribeClusterDbRevisions": {}, + "redshift:DescribeClusterParameterGroups": {}, + "redshift:DescribeClusterSecurityGroups": {}, + "redshift:DescribeClusterSnapshots": {}, + "redshift:DescribeClusterSubnetGroups": {}, + "redshift:DescribeClusterTracks": {}, + "redshift:DescribeClusterVersions": {}, + "redshift:DescribeClusters": {}, + "redshift:DescribeCustomDomainAssociations": {}, + "redshift:DescribeDataShares": {}, + "redshift:DescribeDataSharesForConsumer": {}, + "redshift:DescribeDataSharesForProducer": {}, + "redshift:DescribeDefaultClusterParameters": {}, + "redshift:DescribeEndpointAccess": {}, + "redshift:DescribeEndpointAuthorization": {}, + "redshift:DescribeEventCategories": {}, + "redshift:DescribeEventSubscriptions": {}, + "redshift:DescribeEvents": {}, + "redshift:DescribeHsmClientCertificates": {}, + "redshift:DescribeHsmConfigurations": {}, + "redshift:DescribeInboundIntegrations": {}, + "redshift:DescribeNodeConfigurationOptions": {}, + "redshift:DescribeOrderableClusterOptions": {}, + "redshift:DescribePartners": {}, + "redshift:DescribeQuery": {}, + "redshift:DescribeReservedNodeExchangeStatus": {}, + "redshift:DescribeReservedNodeOfferings": {}, + "redshift:DescribeReservedNodes": {}, + "redshift:DescribeSavedQueries": {}, + "redshift:DescribeScheduledActions": {}, + "redshift:DescribeSnapshotCopyGrants": {}, + "redshift:DescribeStorage": {}, + "redshift:DescribeTable": {}, + "redshift:DescribeTableRestoreStatus": {}, + "redshift:ExecuteQuery": {}, + "redshift:FetchResults": {}, + "redshift:GetReservedNodeExchangeConfigurationOptions": {}, + "redshift:GetReservedNodeExchangeOfferings": {}, + "redshift:ListDatabases": {}, + "redshift:ListSavedQueries": {}, + "redshift:ListSchemas": {}, + "redshift:ListTables": {}, + "redshift:ModifyAuthenticationProfile": {}, + "redshift:ModifyClusterMaintenance": {}, + "redshift:ModifyEndpointAccess": {}, + "redshift:ModifySavedQuery": {}, + "redshift:ModifyScheduledAction": {}, + "redshift:PurchaseReservedNodeOffering": {}, + "redshift:RevokeEndpointAccess": {}, + "redshift:UpdatePartnerStatus": {}, + "redshift:ViewQueriesFromConsole": {}, + "redshift:ViewQueriesInConsole": {}, + "refactor-spaces:CreateApplication": {}, + "refactor-spaces:CreateEnvironment": {}, + "refactor-spaces:CreateRoute": {}, + "refactor-spaces:CreateService": {}, + "refactor-spaces:DeleteResourcePolicy": {}, + "refactor-spaces:GetResourcePolicy": {}, + "refactor-spaces:ListEnvironments": {}, + "refactor-spaces:ListTagsForResource": {}, + "refactor-spaces:PutResourcePolicy": {}, + "rekognition:CompareFaces": {}, + "rekognition:CreateFaceLivenessSession": {}, + "rekognition:DescribeProjects": {}, + "rekognition:DetectFaces": {}, + "rekognition:DetectLabels": {}, + "rekognition:DetectProtectiveEquipment": {}, + "rekognition:DetectText": {}, + "rekognition:GetCelebrityInfo": {}, + "rekognition:GetCelebrityRecognition": {}, + "rekognition:GetContentModeration": {}, + "rekognition:GetFaceDetection": {}, + "rekognition:GetFaceLivenessSessionResults": {}, + "rekognition:GetFaceSearch": {}, + "rekognition:GetLabelDetection": {}, + "rekognition:GetMediaAnalysisJob": {}, + "rekognition:GetPersonTracking": {}, + "rekognition:GetSegmentDetection": {}, + "rekognition:GetTextDetection": {}, + "rekognition:ListCollections": {}, + "rekognition:ListMediaAnalysisJobs": {}, + "rekognition:RecognizeCelebrities": {}, + "rekognition:StartCelebrityRecognition": {}, + "rekognition:StartContentModeration": {}, + "rekognition:StartFaceDetection": {}, + "rekognition:StartFaceLivenessSession": {}, + "rekognition:StartLabelDetection": {}, + "rekognition:StartPersonTracking": {}, + "rekognition:StartSegmentDetection": {}, + "rekognition:StartTextDetection": {}, + "repostspace:CreateSpace": {}, + "repostspace:ListSpaces": {}, + "resiliencehub:CreateApp": {}, + "resiliencehub:CreateResiliencyPolicy": {}, + "resiliencehub:ListAppAssessments": {}, + "resiliencehub:ListApps": {}, + "resiliencehub:ListResiliencyPolicies": {}, + "resiliencehub:ListSuggestedResiliencyPolicies": {}, + "resiliencehub:ListTagsForResource": {}, + "resource-explorer-2:BatchGetView": {}, + "resource-explorer-2:CreateIndex": {}, + "resource-explorer-2:CreateView": {}, + "resource-explorer-2:DisassociateDefaultView": {}, + "resource-explorer-2:GetAccountLevelServiceConfiguration": {}, + "resource-explorer-2:GetDefaultView": {}, + "resource-explorer-2:GetIndex": {}, + "resource-explorer-2:ListIndexes": {}, + "resource-explorer-2:ListIndexesForMembers": {}, + "resource-explorer-2:ListSupportedResourceTypes": {}, + "resource-explorer-2:ListViews": {}, + "resource-groups:CreateGroup": {}, + "resource-groups:GetAccountSettings": {}, + "resource-groups:ListGroups": {}, + "resource-groups:SearchResources": {}, + "resource-groups:UpdateAccountSettings": {}, + "rhelkb:GetRhelURL": {}, + "robomaker:BatchDeleteWorlds": {}, + "robomaker:BatchDescribeSimulationJob": {}, + "robomaker:CreateDeploymentJob": {}, + "robomaker:CreateFleet": {}, + "robomaker:CreateRobot": {}, + "robomaker:CreateRobotApplication": {}, + "robomaker:CreateSimulationApplication": {}, + "robomaker:CreateSimulationJob": {}, + "robomaker:CreateWorldTemplate": {}, + "robomaker:ListDeploymentJobs": {}, + "robomaker:ListFleets": {}, + "robomaker:ListRobotApplications": {}, + "robomaker:ListRobots": {}, + "robomaker:ListSimulationApplications": {}, + "robomaker:ListSimulationJobBatches": {}, + "robomaker:ListSimulationJobs": {}, + "robomaker:ListWorldExportJobs": {}, + "robomaker:ListWorldGenerationJobs": {}, + "robomaker:ListWorldTemplates": {}, + "robomaker:ListWorlds": {}, + "robomaker:StartSimulationJobBatch": {}, + "rolesanywhere:CreateProfile": {}, + "rolesanywhere:CreateTrustAnchor": {}, + "rolesanywhere:ImportCrl": {}, + "rolesanywhere:ListCrls": {}, + "rolesanywhere:ListProfiles": {}, + "rolesanywhere:ListSubjects": {}, + "rolesanywhere:ListTagsForResource": {}, + "rolesanywhere:ListTrustAnchors": {}, + "route53-recovery-cluster:ListRoutingControls": {}, + "route53-recovery-control-config:ListAssociatedRoute53HealthChecks": {}, + "route53-recovery-control-config:ListClusters": {}, + "route53-recovery-control-config:ListControlPanels": {}, + "route53-recovery-control-config:ListRoutingControls": {}, + "route53-recovery-control-config:ListTagsForResource": {}, + "route53-recovery-readiness:CreateCrossAccountAuthorization": {}, + "route53-recovery-readiness:DeleteCrossAccountAuthorization": {}, + "route53-recovery-readiness:ListCells": {}, + "route53-recovery-readiness:ListCrossAccountAuthorizations": {}, + "route53-recovery-readiness:ListReadinessChecks": {}, + "route53-recovery-readiness:ListRecoveryGroups": {}, + "route53-recovery-readiness:ListResourceSets": {}, + "route53-recovery-readiness:ListRules": {}, + "route53-recovery-readiness:ListTagsForResources": {}, + "route53:CreateCidrCollection": {}, + "route53:CreateHealthCheck": {}, + "route53:CreateHostedZone": {}, + "route53:CreateReusableDelegationSet": {}, + "route53:CreateTrafficPolicy": {}, + "route53:GetAccountLimit": {}, + "route53:GetCheckerIpRanges": {}, + "route53:GetGeoLocation": {}, + "route53:GetHealthCheckCount": {}, + "route53:GetHostedZoneCount": {}, + "route53:GetTrafficPolicyInstanceCount": {}, + "route53:ListCidrCollections": {}, + "route53:ListGeoLocations": {}, + "route53:ListHealthChecks": {}, + "route53:ListHostedZones": {}, + "route53:ListHostedZonesByName": {}, + "route53:ListHostedZonesByVPC": {}, + "route53:ListReusableDelegationSets": {}, + "route53:ListTrafficPolicies": {}, + "route53:ListTrafficPolicyInstances": {}, + "route53:TestDNSAnswer": {}, + "route53domains:AcceptDomainTransferFromAnotherAwsAccount": {}, + "route53domains:AssociateDelegationSignerToDomain": {}, + "route53domains:CancelDomainTransferToAnotherAwsAccount": {}, + "route53domains:CheckDomainAvailability": {}, + "route53domains:CheckDomainTransferability": {}, + "route53domains:DeleteDomain": {}, + "route53domains:DeleteTagsForDomain": {}, + "route53domains:DisableDomainAutoRenew": {}, + "route53domains:DisableDomainTransferLock": {}, + "route53domains:DisassociateDelegationSignerFromDomain": {}, + "route53domains:EnableDomainAutoRenew": {}, + "route53domains:EnableDomainTransferLock": {}, + "route53domains:GetContactReachabilityStatus": {}, + "route53domains:GetDomainDetail": {}, + "route53domains:GetDomainSuggestions": {}, + "route53domains:GetOperationDetail": {}, + "route53domains:ListDomains": {}, + "route53domains:ListOperations": {}, + "route53domains:ListPrices": {}, + "route53domains:ListTagsForDomain": {}, + "route53domains:PushDomain": {}, + "route53domains:RegisterDomain": {}, + "route53domains:RejectDomainTransferFromAnotherAwsAccount": {}, + "route53domains:RenewDomain": {}, + "route53domains:ResendContactReachabilityEmail": {}, + "route53domains:ResendOperationAuthorization": {}, + "route53domains:RetrieveDomainAuthCode": {}, + "route53domains:TransferDomain": {}, + "route53domains:TransferDomainToAnotherAwsAccount": {}, + "route53domains:UpdateDomainContact": {}, + "route53domains:UpdateDomainContactPrivacy": {}, + "route53domains:UpdateDomainNameservers": {}, + "route53domains:UpdateTagsForDomain": {}, + "route53domains:ViewBilling": {}, + "route53resolver:CreateResolverQueryLogConfig": {}, + "route53resolver:GetResolverQueryLogConfigAssociation": {}, + "route53resolver:ListFirewallConfigs": {}, + "route53resolver:ListFirewallDomainLists": {}, + "route53resolver:ListFirewallRuleGroupAssociations": {}, + "route53resolver:ListFirewallRuleGroups": {}, + "route53resolver:ListOutpostResolvers": {}, + "route53resolver:ListResolverEndpoints": {}, + "route53resolver:ListResolverQueryLogConfigAssociations": {}, + "route53resolver:ListResolverQueryLogConfigs": {}, + "route53resolver:ListResolverRuleAssociations": {}, + "route53resolver:ListResolverRules": {}, + "rum:ListAppMonitors": {}, + "rum:ListTagsForResource": {}, + "s3-outposts:GetAccessPoint": {}, + "s3-outposts:ListAccessPoints": {}, + "s3-outposts:ListEndpoints": {}, + "s3-outposts:ListOutpostsWithS3": {}, + "s3-outposts:ListRegionalBuckets": {}, + "s3-outposts:ListSharedEndpoints": {}, + "s3:CreateJob": {}, + "s3:CreateStorageLensGroup": {}, + "s3:GetAccessPoint": {}, + "s3:GetAccountPublicAccessBlock": {}, + "s3:ListAccessGrantsInstances": {}, + "s3:ListAccessPoints": {}, + "s3:ListAccessPointsForObjectLambda": {}, + "s3:ListAllMyBuckets": {}, + "s3:ListJobs": {}, + "s3:ListMultiRegionAccessPoints": {}, + "s3:ListStorageLensConfigurations": {}, + "s3:ListStorageLensGroups": {}, + "s3:PutAccessPointPublicAccessBlock": {}, + "s3:PutAccountPublicAccessBlock": {}, + "s3:PutStorageLensConfiguration": {}, + "s3express:ListAllMyDirectoryBuckets": {}, + "sagemaker-geospatial:ListEarthObservationJobs": {}, + "sagemaker-geospatial:ListRasterDataCollections": {}, + "sagemaker-geospatial:ListVectorEnrichmentJobs": {}, + "sagemaker-geospatial:SearchRasterDataCollection": {}, + "sagemaker-groundtruth-synthetic:CreateProject": {}, + "sagemaker-groundtruth-synthetic:DeleteProject": {}, + "sagemaker-groundtruth-synthetic:GetAccountDetails": {}, + "sagemaker-groundtruth-synthetic:GetBatch": {}, + "sagemaker-groundtruth-synthetic:GetProject": {}, + "sagemaker-groundtruth-synthetic:ListBatchDataTransfers": {}, + "sagemaker-groundtruth-synthetic:ListBatchSummaries": {}, + "sagemaker-groundtruth-synthetic:ListProjectDataTransfers": {}, + "sagemaker-groundtruth-synthetic:ListProjectSummaries": {}, + "sagemaker-groundtruth-synthetic:StartBatchDataTransfer": {}, + "sagemaker-groundtruth-synthetic:StartProjectDataTransfer": {}, + "sagemaker-groundtruth-synthetic:UpdateBatch": {}, + "sagemaker:CreateLineageGroupPolicy": {}, + "sagemaker:DeleteLineageGroupPolicy": {}, + "sagemaker:DescribeLineageGroup": {}, + "sagemaker:DisableSagemakerServicecatalogPortfolio": {}, + "sagemaker:EnableSagemakerServicecatalogPortfolio": {}, + "sagemaker:GetLineageGroupPolicy": {}, + "sagemaker:GetSagemakerServicecatalogPortfolioStatus": {}, + "sagemaker:GetSearchSuggestions": {}, + "sagemaker:ListActions": {}, + "sagemaker:ListAlgorithms": {}, + "sagemaker:ListAppImageConfigs": {}, + "sagemaker:ListApps": {}, + "sagemaker:ListArtifacts": {}, + "sagemaker:ListAssociations": {}, + "sagemaker:ListAutoMLJobs": {}, + "sagemaker:ListCandidatesForAutoMLJob": {}, + "sagemaker:ListClusters": {}, + "sagemaker:ListCodeRepositories": {}, + "sagemaker:ListCompilationJobs": {}, + "sagemaker:ListContexts": {}, + "sagemaker:ListDataQualityJobDefinitions": {}, + "sagemaker:ListDeviceFleets": {}, + "sagemaker:ListDevices": {}, + "sagemaker:ListDomains": {}, + "sagemaker:ListEdgeDeploymentPlans": {}, + "sagemaker:ListEdgePackagingJobs": {}, + "sagemaker:ListEndpointConfigs": {}, + "sagemaker:ListEndpoints": {}, + "sagemaker:ListExperiments": {}, + "sagemaker:ListFeatureGroups": {}, + "sagemaker:ListFlowDefinitions": {}, + "sagemaker:ListHubs": {}, + "sagemaker:ListHumanLoops": {}, + "sagemaker:ListHumanTaskUis": {}, + "sagemaker:ListHyperParameterTuningJobs": {}, + "sagemaker:ListImages": {}, + "sagemaker:ListInferenceComponents": {}, + "sagemaker:ListInferenceExperiments": {}, + "sagemaker:ListInferenceRecommendationsJobSteps": {}, + "sagemaker:ListInferenceRecommendationsJobs": {}, + "sagemaker:ListLabelingJobs": {}, + "sagemaker:ListLineageGroups": {}, + "sagemaker:ListModelBiasJobDefinitions": {}, + "sagemaker:ListModelCards": {}, + "sagemaker:ListModelExplainabilityJobDefinitions": {}, + "sagemaker:ListModelMetadata": {}, + "sagemaker:ListModelPackageGroups": {}, + "sagemaker:ListModelQualityJobDefinitions": {}, + "sagemaker:ListModels": {}, + "sagemaker:ListMonitoringAlertHistory": {}, + "sagemaker:ListMonitoringAlerts": {}, + "sagemaker:ListMonitoringExecutions": {}, + "sagemaker:ListMonitoringSchedules": {}, + "sagemaker:ListNotebookInstanceLifecycleConfigs": {}, + "sagemaker:ListNotebookInstances": {}, + "sagemaker:ListPipelines": {}, + "sagemaker:ListProcessingJobs": {}, + "sagemaker:ListProjects": {}, + "sagemaker:ListResourceCatalogs": {}, + "sagemaker:ListSharedModelEvents": {}, + "sagemaker:ListSharedModels": {}, + "sagemaker:ListSpaces": {}, + "sagemaker:ListStageDevices": {}, + "sagemaker:ListStudioLifecycleConfigs": {}, + "sagemaker:ListSubscribedWorkteams": {}, + "sagemaker:ListTrainingJobs": {}, + "sagemaker:ListTransformJobs": {}, + "sagemaker:ListTrialComponents": {}, + "sagemaker:ListTrials": {}, + "sagemaker:ListUserProfiles": {}, + "sagemaker:ListWorkforces": {}, + "sagemaker:ListWorkteams": {}, + "sagemaker:PutLineageGroupPolicy": {}, + "sagemaker:QueryLineage": {}, + "sagemaker:RenderUiTemplate": {}, + "sagemaker:Search": {}, + "savingsplans:CreateSavingsPlan": {}, + "savingsplans:DescribeSavingsPlansOfferingRates": {}, + "savingsplans:DescribeSavingsPlansOfferings": {}, + "scheduler:ListScheduleGroups": {}, + "scheduler:ListSchedules": {}, + "schemas:CreateDiscoverer": {}, + "schemas:GetDiscoveredSchema": {}, + "sdb:ListDomains": {}, + "secretsmanager:BatchGetSecretValue": {}, + "secretsmanager:GetRandomPassword": {}, + "secretsmanager:ListSecrets": {}, + "securityhub:BatchGetConfigurationPolicyAssociations": {}, + "securityhub:BatchGetSecurityControls": {}, + "securityhub:BatchGetStandardsControlAssociations": {}, + "securityhub:BatchUpdateStandardsControlAssociations": {}, + "securityhub:CreateAutomationRule": {}, + "securityhub:CreateConfigurationPolicy": {}, + "securityhub:CreateFindingAggregator": {}, + "securityhub:GetConfigurationPolicyAssociation": {}, + "securityhub:GetSecurityControlDefinition": {}, + "securityhub:ListAutomationRules": {}, + "securityhub:ListConfigurationPolicies": {}, + "securityhub:ListConfigurationPolicyAssociations": {}, + "securityhub:ListFindingAggregators": {}, + "securityhub:ListSecurityControlDefinitions": {}, + "securityhub:ListStandardsControlAssociations": {}, + "securityhub:UpdateSecurityControl": {}, + "securitylake:CreateDataLakeExceptionSubscription": {}, + "securitylake:CreateSubscriber": {}, + "securitylake:DeleteDataLakeExceptionSubscription": {}, + "securitylake:DeregisterDataLakeDelegatedAdministrator": {}, + "securitylake:GetDataLakeExceptionSubscription": {}, + "securitylake:ListDataLakeExceptions": {}, + "securitylake:ListDataLakes": {}, + "securitylake:ListLogSources": {}, + "securitylake:ListSubscribers": {}, + "securitylake:RegisterDataLakeDelegatedAdministrator": {}, + "securitylake:UpdateDataLakeExceptionSubscription": {}, + "serverlessrepo:CreateApplication": {}, + "serverlessrepo:ListApplications": {}, + "serverlessrepo:SearchApplications": {}, + "servicecatalog:AssociateBudgetWithResource": {}, + "servicecatalog:AssociateProductWithPortfolio": {}, + "servicecatalog:BatchAssociateServiceActionWithProvisioningArtifact": {}, + "servicecatalog:BatchDisassociateServiceActionFromProvisioningArtifact": {}, + "servicecatalog:CopyProduct": {}, + "servicecatalog:CreateProvisionedProductPlan": {}, + "servicecatalog:CreateServiceAction": {}, + "servicecatalog:CreateTagOption": {}, + "servicecatalog:DeleteConstraint": {}, + "servicecatalog:DeleteProvisionedProductPlan": {}, + "servicecatalog:DeleteServiceAction": {}, + "servicecatalog:DeleteTagOption": {}, + "servicecatalog:DescribeConstraint": {}, + "servicecatalog:DescribeCopyProductStatus": {}, + "servicecatalog:DescribePortfolioShareStatus": {}, + "servicecatalog:DescribeProductView": {}, + "servicecatalog:DescribeProvisionedProduct": {}, + "servicecatalog:DescribeProvisionedProductPlan": {}, + "servicecatalog:DescribeRecord": {}, + "servicecatalog:DescribeServiceAction": {}, + "servicecatalog:DescribeServiceActionExecutionParameters": {}, + "servicecatalog:DescribeTagOption": {}, + "servicecatalog:DisableAWSOrganizationsAccess": {}, + "servicecatalog:DisassociateBudgetFromResource": {}, + "servicecatalog:DisassociateProductFromPortfolio": {}, + "servicecatalog:EnableAWSOrganizationsAccess": {}, + "servicecatalog:ExecuteProvisionedProductPlan": {}, + "servicecatalog:ExecuteProvisionedProductServiceAction": {}, + "servicecatalog:GetAWSOrganizationsAccessStatus": {}, + "servicecatalog:GetConfiguration": {}, + "servicecatalog:GetProvisionedProductOutputs": {}, + "servicecatalog:ListAcceptedPortfolioShares": {}, + "servicecatalog:ListApplications": {}, + "servicecatalog:ListAttributeGroups": {}, + "servicecatalog:ListBudgetsForResource": {}, + "servicecatalog:ListConstraintsForPortfolio": {}, + "servicecatalog:ListOrganizationPortfolioAccess": {}, + "servicecatalog:ListPortfolios": {}, + "servicecatalog:ListProvisionedProductPlans": {}, + "servicecatalog:ListProvisioningArtifactsForServiceAction": {}, + "servicecatalog:ListRecordHistory": {}, + "servicecatalog:ListResourcesForTagOption": {}, + "servicecatalog:ListServiceActions": {}, + "servicecatalog:ListStackInstancesForProvisionedProduct": {}, + "servicecatalog:ListTagOptions": {}, + "servicecatalog:NotifyProvisionProductEngineWorkflowResult": {}, + "servicecatalog:NotifyTerminateProvisionedProductEngineWorkflowResult": {}, + "servicecatalog:NotifyUpdateProvisionedProductEngineWorkflowResult": {}, + "servicecatalog:PutConfiguration": {}, + "servicecatalog:ScanProvisionedProducts": {}, + "servicecatalog:SearchProducts": {}, + "servicecatalog:SearchProductsAsAdmin": {}, + "servicecatalog:SearchProvisionedProducts": {}, + "servicecatalog:SyncResource": {}, + "servicecatalog:TerminateProvisionedProduct": {}, + "servicecatalog:UpdateConstraint": {}, + "servicecatalog:UpdateProvisionedProduct": {}, + "servicecatalog:UpdateProvisionedProductProperties": {}, + "servicecatalog:UpdateServiceAction": {}, + "servicecatalog:UpdateTagOption": {}, + "servicediscovery:CreateHttpNamespace": {}, + "servicediscovery:CreatePrivateDnsNamespace": {}, + "servicediscovery:CreatePublicDnsNamespace": {}, + "servicediscovery:DiscoverInstances": {}, + "servicediscovery:DiscoverInstancesRevision": {}, + "servicediscovery:GetInstance": {}, + "servicediscovery:GetInstancesHealthStatus": {}, + "servicediscovery:GetOperation": {}, + "servicediscovery:ListInstances": {}, + "servicediscovery:ListNamespaces": {}, + "servicediscovery:ListOperations": {}, + "servicediscovery:ListServices": {}, + "servicediscovery:ListTagsForResource": {}, + "servicediscovery:TagResource": {}, + "servicediscovery:UntagResource": {}, + "servicediscovery:UpdateInstanceCustomHealthStatus": {}, + "serviceextract:GetConfig": {}, + "servicequotas:AssociateServiceQuotaTemplate": {}, + "servicequotas:DeleteServiceQuotaIncreaseRequestFromTemplate": {}, + "servicequotas:DisassociateServiceQuotaTemplate": {}, + "servicequotas:GetAWSDefaultServiceQuota": {}, + "servicequotas:GetAssociationForServiceQuotaTemplate": {}, + "servicequotas:GetRequestedServiceQuotaChange": {}, + "servicequotas:GetServiceQuota": {}, + "servicequotas:GetServiceQuotaIncreaseRequestFromTemplate": {}, + "servicequotas:ListAWSDefaultServiceQuotas": {}, + "servicequotas:ListRequestedServiceQuotaChangeHistory": {}, + "servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota": {}, + "servicequotas:ListServiceQuotaIncreaseRequestsInTemplate": {}, + "servicequotas:ListServiceQuotas": {}, + "servicequotas:ListServices": {}, + "servicequotas:ListTagsForResource": {}, + "servicequotas:TagResource": {}, + "servicequotas:UntagResource": {}, + "ses:CloneReceiptRuleSet": {}, + "ses:CreateConfigurationSet": {}, + "ses:CreateConfigurationSetEventDestination": {}, + "ses:CreateConfigurationSetTrackingOptions": {}, + "ses:CreateCustomVerificationEmailTemplate": {}, + "ses:CreateDedicatedIpPool": {}, + "ses:CreateEmailIdentity": {}, + "ses:CreateExportJob": {}, + "ses:CreateImportJob": {}, + "ses:CreateReceiptFilter": {}, + "ses:CreateReceiptRule": {}, + "ses:CreateReceiptRuleSet": {}, + "ses:CreateTemplate": {}, + "ses:DeleteConfigurationSet": {}, + "ses:DeleteConfigurationSetEventDestination": {}, + "ses:DeleteConfigurationSetTrackingOptions": {}, + "ses:DeleteCustomVerificationEmailTemplate": {}, + "ses:DeleteIdentity": {}, + "ses:DeleteIdentityPolicy": {}, + "ses:DeleteReceiptFilter": {}, + "ses:DeleteReceiptRule": {}, + "ses:DeleteReceiptRuleSet": {}, + "ses:DeleteSuppressedDestination": {}, + "ses:DeleteTemplate": {}, + "ses:DeleteVerifiedEmailAddress": {}, + "ses:DescribeActiveReceiptRuleSet": {}, + "ses:DescribeConfigurationSet": {}, + "ses:DescribeReceiptRule": {}, + "ses:DescribeReceiptRuleSet": {}, + "ses:GetAccount": {}, + "ses:GetAccountSendingEnabled": {}, + "ses:GetBlacklistReports": {}, + "ses:GetCustomVerificationEmailTemplate": {}, + "ses:GetDedicatedIp": {}, + "ses:GetDeliverabilityDashboardOptions": {}, + "ses:GetDomainDeliverabilityCampaign": {}, + "ses:GetIdentityDkimAttributes": {}, + "ses:GetIdentityMailFromDomainAttributes": {}, + "ses:GetIdentityNotificationAttributes": {}, + "ses:GetIdentityPolicies": {}, + "ses:GetIdentityVerificationAttributes": {}, + "ses:GetMessageInsights": {}, + "ses:GetSendQuota": {}, + "ses:GetSendStatistics": {}, + "ses:GetSuppressedDestination": {}, + "ses:GetTemplate": {}, + "ses:ListConfigurationSets": {}, + "ses:ListContactLists": {}, + "ses:ListCustomVerificationEmailTemplates": {}, + "ses:ListDedicatedIpPools": {}, + "ses:ListDeliverabilityTestReports": {}, + "ses:ListDomainDeliverabilityCampaigns": {}, + "ses:ListEmailIdentities": {}, + "ses:ListEmailTemplates": {}, + "ses:ListExportJobs": {}, + "ses:ListIdentities": {}, + "ses:ListIdentityPolicies": {}, + "ses:ListImportJobs": {}, + "ses:ListReceiptFilters": {}, + "ses:ListReceiptRuleSets": {}, + "ses:ListSuppressedDestinations": {}, + "ses:ListTemplates": {}, + "ses:ListVerifiedEmailAddresses": {}, + "ses:PutAccountDedicatedIpWarmupAttributes": {}, + "ses:PutAccountDetails": {}, + "ses:PutAccountSendingAttributes": {}, + "ses:PutAccountSuppressionAttributes": {}, + "ses:PutAccountVdmAttributes": {}, + "ses:PutConfigurationSetDeliveryOptions": {}, + "ses:PutDedicatedIpWarmupAttributes": {}, + "ses:PutDeliverabilityDashboardOption": {}, + "ses:PutIdentityPolicy": {}, + "ses:PutSuppressedDestination": {}, + "ses:ReorderReceiptRuleSet": {}, + "ses:SetActiveReceiptRuleSet": {}, + "ses:SetIdentityDkimEnabled": {}, + "ses:SetIdentityFeedbackForwardingEnabled": {}, + "ses:SetIdentityHeadersInNotificationsEnabled": {}, + "ses:SetIdentityMailFromDomain": {}, + "ses:SetIdentityNotificationTopic": {}, + "ses:SetReceiptRulePosition": {}, + "ses:TestRenderTemplate": {}, + "ses:UpdateAccountSendingEnabled": {}, + "ses:UpdateConfigurationSetEventDestination": {}, + "ses:UpdateConfigurationSetReputationMetricsEnabled": {}, + "ses:UpdateConfigurationSetSendingEnabled": {}, + "ses:UpdateConfigurationSetTrackingOptions": {}, + "ses:UpdateCustomVerificationEmailTemplate": {}, + "ses:UpdateReceiptRule": {}, + "ses:UpdateTemplate": {}, + "ses:VerifyDomainDkim": {}, + "ses:VerifyDomainIdentity": {}, + "ses:VerifyEmailAddress": {}, + "ses:VerifyEmailIdentity": {}, + "shield:AssociateDRTLogBucket": {}, + "shield:AssociateDRTRole": {}, + "shield:AssociateProactiveEngagementDetails": {}, + "shield:CreateProtection": {}, + "shield:CreateProtectionGroup": {}, + "shield:CreateSubscription": {}, + "shield:DeleteSubscription": {}, + "shield:DescribeAttackStatistics": {}, + "shield:DescribeDRTAccess": {}, + "shield:DescribeEmergencyContactSettings": {}, + "shield:DescribeSubscription": {}, + "shield:DisableApplicationLayerAutomaticResponse": {}, + "shield:DisableProactiveEngagement": {}, + "shield:DisassociateDRTLogBucket": {}, + "shield:DisassociateDRTRole": {}, + "shield:EnableApplicationLayerAutomaticResponse": {}, + "shield:EnableProactiveEngagement": {}, + "shield:GetSubscriptionState": {}, + "shield:ListAttacks": {}, + "shield:ListProtectionGroups": {}, + "shield:ListProtections": {}, + "shield:UpdateApplicationLayerAutomaticResponse": {}, + "shield:UpdateEmergencyContactSettings": {}, + "shield:UpdateSubscription": {}, + "signer:GetSigningPlatform": {}, + "signer:ListSigningJobs": {}, + "signer:ListSigningPlatforms": {}, + "signer:ListSigningProfiles": {}, + "signer:PutSigningProfile": {}, + "simspaceweaver:ListSimulations": {}, + "simspaceweaver:ListTagsForResource": {}, + "simspaceweaver:StartSimulation": {}, + "sms-voice:CreateConfigurationSet": {}, + "sms-voice:CreateConfigurationSetEventDestination": {}, + "sms-voice:CreateOptOutList": {}, + "sms-voice:CreateRegistration": {}, + "sms-voice:CreateRegistrationAttachment": {}, + "sms-voice:CreateVerifiedDestinationNumber": {}, + "sms-voice:DeleteConfigurationSet": {}, + "sms-voice:DeleteConfigurationSetEventDestination": {}, + "sms-voice:DeleteTextMessageSpendLimitOverride": {}, + "sms-voice:DeleteVoiceMessageSpendLimitOverride": {}, + "sms-voice:DescribeAccountAttributes": {}, + "sms-voice:DescribeAccountLimits": {}, + "sms-voice:DescribeRegistrationFieldDefinitions": {}, + "sms-voice:DescribeRegistrationSectionDefinitions": {}, + "sms-voice:DescribeRegistrationTypeDefinitions": {}, + "sms-voice:DescribeSpendLimits": {}, + "sms-voice:GetConfigurationSetEventDestinations": {}, + "sms-voice:ListConfigurationSets": {}, + "sms-voice:RequestSenderId": {}, + "sms-voice:SendVoiceMessage": {}, + "sms-voice:SetTextMessageSpendLimitOverride": {}, + "sms-voice:SetVoiceMessageSpendLimitOverride": {}, + "sms-voice:UpdateConfigurationSetEventDestination": {}, + "sms:CreateApp": {}, + "sms:CreateReplicationJob": {}, + "sms:DeleteApp": {}, + "sms:DeleteAppLaunchConfiguration": {}, + "sms:DeleteAppReplicationConfiguration": {}, + "sms:DeleteAppValidationConfiguration": {}, + "sms:DeleteReplicationJob": {}, + "sms:DeleteServerCatalog": {}, + "sms:DisassociateConnector": {}, + "sms:GenerateChangeSet": {}, + "sms:GenerateTemplate": {}, + "sms:GetApp": {}, + "sms:GetAppLaunchConfiguration": {}, + "sms:GetAppReplicationConfiguration": {}, + "sms:GetAppValidationConfiguration": {}, + "sms:GetAppValidationOutput": {}, + "sms:GetConnectors": {}, + "sms:GetReplicationJobs": {}, + "sms:GetReplicationRuns": {}, + "sms:GetServers": {}, + "sms:ImportAppCatalog": {}, + "sms:ImportServerCatalog": {}, + "sms:LaunchApp": {}, + "sms:ListApps": {}, + "sms:NotifyAppValidationOutput": {}, + "sms:PutAppLaunchConfiguration": {}, + "sms:PutAppReplicationConfiguration": {}, + "sms:PutAppValidationConfiguration": {}, + "sms:StartAppReplication": {}, + "sms:StartOnDemandAppReplication": {}, + "sms:StartOnDemandReplicationRun": {}, + "sms:StopAppReplication": {}, + "sms:TerminateApp": {}, + "sms:UpdateApp": {}, + "sms:UpdateReplicationJob": {}, + "snow-device-management:CreateTask": {}, + "snow-device-management:DescribeExecution": {}, + "snow-device-management:ListDevices": {}, + "snow-device-management:ListExecutions": {}, + "snow-device-management:ListTagsForResource": {}, + "snow-device-management:ListTasks": {}, + "snowball:CancelCluster": {}, + "snowball:CancelJob": {}, + "snowball:CreateAddress": {}, + "snowball:CreateCluster": {}, + "snowball:CreateJob": {}, + "snowball:CreateLongTermPricing": {}, + "snowball:CreateReturnShippingLabel": {}, + "snowball:DescribeAddress": {}, + "snowball:DescribeAddresses": {}, + "snowball:DescribeCluster": {}, + "snowball:DescribeJob": {}, + "snowball:DescribeReturnShippingLabel": {}, + "snowball:GetJobManifest": {}, + "snowball:GetJobUnlockCode": {}, + "snowball:GetSnowballUsage": {}, + "snowball:GetSoftwareUpdates": {}, + "snowball:ListClusterJobs": {}, + "snowball:ListClusters": {}, + "snowball:ListCompatibleImages": {}, + "snowball:ListJobs": {}, + "snowball:ListLongTermPricing": {}, + "snowball:ListPickupLocations": {}, + "snowball:ListServiceVersions": {}, + "snowball:UpdateCluster": {}, + "snowball:UpdateJob": {}, + "snowball:UpdateJobShipmentState": {}, + "snowball:UpdateLongTermPricing": {}, + "sns:CheckIfPhoneNumberIsOptedOut": {}, + "sns:CreatePlatformApplication": {}, + "sns:CreatePlatformEndpoint": {}, + "sns:CreateSMSSandboxPhoneNumber": {}, + "sns:DeleteEndpoint": {}, + "sns:DeletePlatformApplication": {}, + "sns:DeleteSMSSandboxPhoneNumber": {}, + "sns:GetEndpointAttributes": {}, + "sns:GetPlatformApplicationAttributes": {}, + "sns:GetSMSAttributes": {}, + "sns:GetSMSSandboxAccountStatus": {}, + "sns:GetSubscriptionAttributes": {}, + "sns:ListEndpointsByPlatformApplication": {}, + "sns:ListOriginationNumbers": {}, + "sns:ListPhoneNumbersOptedOut": {}, + "sns:ListPlatformApplications": {}, + "sns:ListSMSSandboxPhoneNumbers": {}, + "sns:ListSubscriptions": {}, + "sns:ListTopics": {}, + "sns:OptInPhoneNumber": {}, + "sns:SetEndpointAttributes": {}, + "sns:SetPlatformApplicationAttributes": {}, + "sns:SetSMSAttributes": {}, + "sns:SetSubscriptionAttributes": {}, + "sns:Unsubscribe": {}, + "sns:VerifySMSSandboxPhoneNumber": {}, + "sqlworkbench:BatchDeleteFolder": {}, + "sqlworkbench:CreateAccount": {}, + "sqlworkbench:CreateFolder": {}, + "sqlworkbench:DeleteTab": {}, + "sqlworkbench:GenerateSession": {}, + "sqlworkbench:GetAccountInfo": {}, + "sqlworkbench:GetAccountSettings": {}, + "sqlworkbench:GetAutocompletionMetadata": {}, + "sqlworkbench:GetAutocompletionResource": {}, + "sqlworkbench:GetQSqlRecommendations": {}, + "sqlworkbench:GetQueryExecutionHistory": {}, + "sqlworkbench:GetSchemaInference": {}, + "sqlworkbench:GetUserInfo": {}, + "sqlworkbench:GetUserWorkspaceSettings": {}, + "sqlworkbench:ListConnections": {}, + "sqlworkbench:ListDatabases": {}, + "sqlworkbench:ListFiles": {}, + "sqlworkbench:ListNotebooks": {}, + "sqlworkbench:ListQueryExecutionHistory": {}, + "sqlworkbench:ListRedshiftClusters": {}, + "sqlworkbench:ListSampleDatabases": {}, + "sqlworkbench:ListTabs": {}, + "sqlworkbench:ListTaggedResources": {}, + "sqlworkbench:PutTab": {}, + "sqlworkbench:PutUserWorkspaceSettings": {}, + "sqlworkbench:UpdateAccountConnectionSettings": {}, + "sqlworkbench:UpdateAccountExportSettings": {}, + "sqlworkbench:UpdateAccountGeneralSettings": {}, + "sqlworkbench:UpdateAccountQSqlSettings": {}, + "sqlworkbench:UpdateFolder": {}, + "sqs:ListQueues": {}, + "ssm-contacts:ListContacts": {}, + "ssm-contacts:ListEngagements": {}, + "ssm-contacts:ListRotations": {}, + "ssm-guiconnect:CancelConnection": {}, + "ssm-guiconnect:GetConnection": {}, + "ssm-guiconnect:StartConnection": {}, + "ssm-incidents:CreateReplicationSet": {}, + "ssm-incidents:CreateResponsePlan": {}, + "ssm-incidents:ListIncidentRecords": {}, + "ssm-incidents:ListReplicationSets": {}, + "ssm-incidents:ListResponsePlans": {}, + "ssm-sap:BackupDatabase": {}, + "ssm-sap:DeleteResourcePermission": {}, + "ssm-sap:GetApplication": {}, + "ssm-sap:GetDatabase": {}, + "ssm-sap:GetOperation": {}, + "ssm-sap:GetResourcePermission": {}, + "ssm-sap:ListApplications": {}, + "ssm-sap:ListDatabases": {}, + "ssm-sap:ListOperations": {}, + "ssm-sap:ListTagsForResource": {}, + "ssm-sap:PutResourcePermission": {}, + "ssm-sap:RegisterApplication": {}, + "ssm-sap:RestoreDatabase": {}, + "ssm-sap:UpdateHANABackupSettings": {}, + "ssm:CancelCommand": {}, + "ssm:CreateActivation": {}, + "ssm:CreateMaintenanceWindow": {}, + "ssm:CreateOpsItem": {}, + "ssm:CreateOpsMetadata": {}, + "ssm:CreatePatchBaseline": {}, + "ssm:DeleteActivation": {}, + "ssm:DeleteInventory": {}, + "ssm:DescribeActivations": {}, + "ssm:DescribeAutomationExecutions": {}, + "ssm:DescribeAvailablePatches": {}, + "ssm:DescribeInstanceInformation": {}, + "ssm:DescribeInstancePatchStates": {}, + "ssm:DescribeInstancePatchStatesForPatchGroup": {}, + "ssm:DescribeInstancePatches": {}, + "ssm:DescribeInstanceProperties": {}, + "ssm:DescribeInventoryDeletions": {}, + "ssm:DescribeMaintenanceWindowExecutionTaskInvocations": {}, + "ssm:DescribeMaintenanceWindowSchedule": {}, + "ssm:DescribeMaintenanceWindows": {}, + "ssm:DescribeMaintenanceWindowsForTarget": {}, + "ssm:DescribeOpsItems": {}, + "ssm:DescribeParameters": {}, + "ssm:DescribePatchBaselines": {}, + "ssm:DescribePatchGroupState": {}, + "ssm:DescribePatchGroups": {}, + "ssm:DescribePatchProperties": {}, + "ssm:DescribeSessions": {}, + "ssm:GetCommandInvocation": {}, + "ssm:GetDeployablePatchSnapshotForInstance": {}, + "ssm:GetInventory": {}, + "ssm:GetInventorySchema": {}, + "ssm:GetMaintenanceWindowExecution": {}, + "ssm:GetMaintenanceWindowExecutionTask": {}, + "ssm:GetMaintenanceWindowExecutionTaskInvocation": {}, + "ssm:GetManifest": {}, + "ssm:ListAssociations": {}, + "ssm:ListCommandInvocations": {}, + "ssm:ListCommands": {}, + "ssm:ListComplianceItems": {}, + "ssm:ListComplianceSummaries": {}, + "ssm:ListDocuments": {}, + "ssm:ListInventoryEntries": {}, + "ssm:ListOpsItemEvents": {}, + "ssm:ListOpsItemRelatedItems": {}, + "ssm:ListOpsMetadata": {}, + "ssm:ListResourceComplianceSummaries": {}, + "ssm:ListResourceDataSync": {}, + "ssm:PutConfigurePackageResult": {}, + "ssm:PutInventory": {}, + "ssm:RegisterManagedInstance": {}, + "ssmmessages:CreateControlChannel": {}, + "ssmmessages:CreateDataChannel": {}, + "ssmmessages:OpenControlChannel": {}, + "ssmmessages:OpenDataChannel": {}, + "sso-directory:AddMemberToGroup": {}, + "sso-directory:CompleteVirtualMfaDeviceRegistration": {}, + "sso-directory:CompleteWebAuthnDeviceRegistration": {}, + "sso-directory:CreateAlias": {}, + "sso-directory:CreateBearerToken": {}, + "sso-directory:CreateExternalIdPConfigurationForDirectory": {}, + "sso-directory:CreateGroup": {}, + "sso-directory:CreateProvisioningTenant": {}, + "sso-directory:CreateUser": {}, + "sso-directory:DeleteBearerToken": {}, + "sso-directory:DeleteExternalIdPCertificate": {}, + "sso-directory:DeleteExternalIdPConfigurationForDirectory": {}, + "sso-directory:DeleteGroup": {}, + "sso-directory:DeleteMfaDeviceForUser": {}, + "sso-directory:DeleteProvisioningTenant": {}, + "sso-directory:DeleteUser": {}, + "sso-directory:DescribeDirectory": {}, + "sso-directory:DescribeGroup": {}, + "sso-directory:DescribeGroups": {}, + "sso-directory:DescribeProvisioningTenant": {}, + "sso-directory:DescribeUser": {}, + "sso-directory:DescribeUserByUniqueAttribute": {}, + "sso-directory:DescribeUsers": {}, + "sso-directory:DisableExternalIdPConfigurationForDirectory": {}, + "sso-directory:DisableUser": {}, + "sso-directory:EnableExternalIdPConfigurationForDirectory": {}, + "sso-directory:EnableUser": {}, + "sso-directory:GetAWSSPConfigurationForDirectory": {}, + "sso-directory:GetUserPoolInfo": {}, + "sso-directory:ImportExternalIdPCertificate": {}, + "sso-directory:IsMemberInGroup": {}, + "sso-directory:ListBearerTokens": {}, + "sso-directory:ListExternalIdPCertificates": {}, + "sso-directory:ListExternalIdPConfigurationsForDirectory": {}, + "sso-directory:ListGroupsForMember": {}, + "sso-directory:ListGroupsForUser": {}, + "sso-directory:ListMembersInGroup": {}, + "sso-directory:ListMfaDevicesForUser": {}, + "sso-directory:ListProvisioningTenants": {}, + "sso-directory:RemoveMemberFromGroup": {}, + "sso-directory:SearchGroups": {}, + "sso-directory:SearchUsers": {}, + "sso-directory:StartVirtualMfaDeviceRegistration": {}, + "sso-directory:StartWebAuthnDeviceRegistration": {}, + "sso-directory:UpdateExternalIdPConfigurationForDirectory": {}, + "sso-directory:UpdateGroup": {}, + "sso-directory:UpdateGroupDisplayName": {}, + "sso-directory:UpdateMfaDeviceForUser": {}, + "sso-directory:UpdatePassword": {}, + "sso-directory:UpdateUser": {}, + "sso-directory:UpdateUserName": {}, + "sso-directory:VerifyEmail": {}, + "sso:AssociateDirectory": {}, + "sso:AssociateProfile": {}, + "sso:CreateApplicationInstance": {}, + "sso:CreateApplicationInstanceCertificate": {}, + "sso:CreateManagedApplicationInstance": {}, + "sso:CreateProfile": {}, + "sso:CreateTrust": {}, + "sso:DeleteApplicationInstance": {}, + "sso:DeleteApplicationInstanceCertificate": {}, + "sso:DeleteManagedApplicationInstance": {}, + "sso:DeletePermissionsPolicy": {}, + "sso:DeleteProfile": {}, + "sso:DescribeDirectories": {}, + "sso:DescribePermissionsPolicies": {}, + "sso:DescribeRegisteredRegions": {}, + "sso:DescribeTrusts": {}, + "sso:DisassociateDirectory": {}, + "sso:DisassociateProfile": {}, + "sso:GetApplicationInstance": {}, + "sso:GetApplicationTemplate": {}, + "sso:GetManagedApplicationInstance": {}, + "sso:GetMfaDeviceManagementForDirectory": {}, + "sso:GetPermissionSet": {}, + "sso:GetPermissionsPolicy": {}, + "sso:GetProfile": {}, + "sso:GetSSOStatus": {}, + "sso:GetSharedSsoConfiguration": {}, + "sso:GetSsoConfiguration": {}, + "sso:GetTrust": {}, + "sso:ImportApplicationInstanceServiceProviderMetadata": {}, + "sso:ListApplicationInstanceCertificates": {}, + "sso:ListApplicationInstances": {}, + "sso:ListApplicationTemplates": {}, + "sso:ListApplications": {}, + "sso:ListDirectoryAssociations": {}, + "sso:ListInstances": {}, + "sso:ListProfileAssociations": {}, + "sso:ListProfiles": {}, + "sso:PutMfaDeviceManagementForDirectory": {}, + "sso:PutPermissionsPolicy": {}, + "sso:SearchGroups": {}, + "sso:SearchUsers": {}, + "sso:StartSSO": {}, + "sso:UpdateApplicationInstanceActiveCertificate": {}, + "sso:UpdateApplicationInstanceDisplayData": {}, + "sso:UpdateApplicationInstanceResponseConfiguration": {}, + "sso:UpdateApplicationInstanceResponseSchemaConfiguration": {}, + "sso:UpdateApplicationInstanceSecurityConfiguration": {}, + "sso:UpdateApplicationInstanceServiceProviderConfiguration": {}, + "sso:UpdateApplicationInstanceStatus": {}, + "sso:UpdateDirectoryAssociation": {}, + "sso:UpdateManagedApplicationInstanceStatus": {}, + "sso:UpdateProfile": {}, + "sso:UpdateSSOConfiguration": {}, + "sso:UpdateTrust": {}, + "states:InvokeHTTPEndpoint": {}, + "states:ListActivities": {}, + "states:ListStateMachines": {}, + "states:RevealSecrets": {}, + "states:SendTaskFailure": {}, + "states:SendTaskHeartbeat": {}, + "states:SendTaskSuccess": {}, + "states:TestState": {}, + "storagegateway:ActivateGateway": {}, + "storagegateway:CreateTapePool": {}, + "storagegateway:DeleteTapeArchive": {}, + "storagegateway:DescribeTapeArchives": {}, + "storagegateway:ListAutomaticTapeCreationPolicies": {}, + "storagegateway:ListFileShares": {}, + "storagegateway:ListFileSystemAssociations": {}, + "storagegateway:ListGateways": {}, + "storagegateway:ListTapePools": {}, + "storagegateway:ListTapes": {}, + "storagegateway:ListVolumes": {}, + "sts:DecodeAuthorizationMessage": {}, + "sts:GetAccessKeyInfo": {}, + "sts:GetCallerIdentity": {}, + "sts:GetServiceBearerToken": {}, + "sts:GetSessionToken": {}, + "support:AddAttachmentsToSet": {}, + "support:AddCommunicationToCase": {}, + "support:CreateCase": {}, + "support:DescribeAttachment": {}, + "support:DescribeCaseAttributes": {}, + "support:DescribeCases": {}, + "support:DescribeCommunication": {}, + "support:DescribeCommunications": {}, + "support:DescribeCreateCaseOptions": {}, + "support:DescribeIssueTypes": {}, + "support:DescribeServices": {}, + "support:DescribeSeverityLevels": {}, + "support:DescribeSupportLevel": {}, + "support:DescribeSupportedLanguages": {}, + "support:DescribeTrustedAdvisorCheckRefreshStatuses": {}, + "support:DescribeTrustedAdvisorCheckResult": {}, + "support:DescribeTrustedAdvisorCheckSummaries": {}, + "support:DescribeTrustedAdvisorChecks": {}, + "support:InitiateCallForCase": {}, + "support:InitiateChatForCase": {}, + "support:PutCaseAttributes": {}, + "support:RateCaseCommunication": {}, + "support:RefreshTrustedAdvisorCheck": {}, + "support:ResolveCase": {}, + "support:SearchForCases": {}, + "supportapp:CreateSlackChannelConfiguration": {}, + "supportapp:DeleteAccountAlias": {}, + "supportapp:DeleteSlackChannelConfiguration": {}, + "supportapp:DeleteSlackWorkspaceConfiguration": {}, + "supportapp:DescribeSlackChannels": {}, + "supportapp:GetAccountAlias": {}, + "supportapp:GetSlackOauthParameters": {}, + "supportapp:ListSlackChannelConfigurations": {}, + "supportapp:ListSlackWorkspaceConfigurations": {}, + "supportapp:PutAccountAlias": {}, + "supportapp:RedeemSlackOauthCode": {}, + "supportapp:RegisterSlackWorkspaceForOrganization": {}, + "supportapp:UpdateSlackChannelConfiguration": {}, + "supportplans:CreateSupportPlanSchedule": {}, + "supportplans:GetSupportPlan": {}, + "supportplans:GetSupportPlanUpdateStatus": {}, + "supportplans:StartSupportPlanUpdate": {}, + "sustainability:GetCarbonFootprintSummary": {}, + "swf:ListDomains": {}, + "swf:RegisterDomain": {}, + "synthetics:CreateCanary": {}, + "synthetics:CreateGroup": {}, + "synthetics:DescribeCanaries": {}, + "synthetics:DescribeCanariesLastRun": {}, + "synthetics:DescribeRuntimeVersions": {}, + "synthetics:ListGroups": {}, + "tag:DescribeReportCreation": {}, + "tag:GetComplianceSummary": {}, + "tag:GetResources": {}, + "tag:GetTagKeys": {}, + "tag:GetTagValues": {}, + "tag:StartReportCreation": {}, + "tag:TagResources": {}, + "tag:UntagResources": {}, + "tax:BatchPutTaxRegistration": {}, + "tax:DeleteTaxRegistration": {}, + "tax:GetExemptions": {}, + "tax:GetTaxInheritance": {}, + "tax:GetTaxInterview": {}, + "tax:GetTaxRegistration": {}, + "tax:GetTaxRegistrationDocument": {}, + "tax:ListTaxRegistrations": {}, + "tax:PutTaxInheritance": {}, + "tax:PutTaxInterview": {}, + "tax:PutTaxRegistration": {}, + "tax:UpdateExemptions": {}, + "textract:AnalyzeDocument": {}, + "textract:AnalyzeExpense": {}, + "textract:AnalyzeID": {}, + "textract:CreateAdapter": {}, + "textract:DetectDocumentText": {}, + "textract:GetDocumentAnalysis": {}, + "textract:GetDocumentTextDetection": {}, + "textract:GetExpenseAnalysis": {}, + "textract:GetLendingAnalysis": {}, + "textract:GetLendingAnalysisSummary": {}, + "textract:ListAdapterVersions": {}, + "textract:ListAdapters": {}, + "textract:StartDocumentAnalysis": {}, + "textract:StartDocumentTextDetection": {}, + "textract:StartExpenseAnalysis": {}, + "textract:StartLendingAnalysis": {}, + "thinclient:CreateEnvironment": {}, + "thinclient:ListDeviceSessions": {}, + "thinclient:ListDevices": {}, + "thinclient:ListEnvironments": {}, + "thinclient:ListSoftwareSets": {}, + "thinclient:ListTagsForResource": {}, + "timestream:CancelQuery": {}, + "timestream:CreateScheduledQuery": {}, + "timestream:DescribeBatchLoadTask": {}, + "timestream:DescribeEndpoints": {}, + "timestream:GetAwsBackupStatus": {}, + "timestream:GetAwsRestoreStatus": {}, + "timestream:ListBatchLoadTasks": {}, + "timestream:ListDatabases": {}, + "timestream:ListScheduledQueries": {}, + "timestream:ResumeBatchLoadTask": {}, + "timestream:SelectValues": {}, + "tiros:CreateQuery": {}, + "tiros:ExtendQuery": {}, + "tiros:GetQueryAnswer": {}, + "tiros:GetQueryExplanation": {}, + "tiros:GetQueryExtensionAccounts": {}, + "tnb:ListTagsForResource": {}, + "transcribe:CreateCallAnalyticsCategory": {}, + "transcribe:CreateLanguageModel": {}, + "transcribe:CreateMedicalVocabulary": {}, + "transcribe:CreateVocabulary": {}, + "transcribe:CreateVocabularyFilter": {}, + "transcribe:DeleteCallAnalyticsCategory": {}, + "transcribe:DeleteCallAnalyticsJob": {}, + "transcribe:GetCallAnalyticsCategory": {}, + "transcribe:GetCallAnalyticsJob": {}, + "transcribe:ListCallAnalyticsCategories": {}, + "transcribe:ListCallAnalyticsJobs": {}, + "transcribe:ListLanguageModels": {}, + "transcribe:ListMedicalScribeJobs": {}, + "transcribe:ListMedicalTranscriptionJobs": {}, + "transcribe:ListMedicalVocabularies": {}, + "transcribe:ListTagsForResource": {}, + "transcribe:ListTranscriptionJobs": {}, + "transcribe:ListVocabularies": {}, + "transcribe:ListVocabularyFilters": {}, + "transcribe:StartCallAnalyticsJob": {}, + "transcribe:StartCallAnalyticsStreamTranscription": {}, + "transcribe:StartCallAnalyticsStreamTranscriptionWebSocket": {}, + "transcribe:StartMedicalScribeJob": {}, + "transcribe:StartMedicalStreamTranscription": {}, + "transcribe:StartMedicalStreamTranscriptionWebSocket": {}, + "transcribe:StartMedicalTranscriptionJob": {}, + "transcribe:StartStreamTranscription": {}, + "transcribe:StartStreamTranscriptionWebSocket": {}, + "transcribe:StartTranscriptionJob": {}, + "transcribe:TagResource": {}, + "transcribe:UntagResource": {}, + "transcribe:UpdateCallAnalyticsCategory": {}, + "transfer:CreateConnector": {}, + "transfer:CreateProfile": {}, + "transfer:CreateServer": {}, + "transfer:CreateWorkflow": {}, + "transfer:DescribeSecurityPolicy": {}, + "transfer:ImportCertificate": {}, + "transfer:ListCertificates": {}, + "transfer:ListConnectors": {}, + "transfer:ListProfiles": {}, + "transfer:ListSecurityPolicies": {}, + "transfer:ListServers": {}, + "transfer:ListWorkflows": {}, + "transfer:UpdateAccess": {}, + "translate:DescribeTextTranslationJob": {}, + "translate:ListLanguages": {}, + "translate:ListParallelData": {}, + "translate:ListTerminologies": {}, + "translate:ListTextTranslationJobs": {}, + "translate:StopTextTranslationJob": {}, + "trustedadvisor:CreateEngagement": {}, + "trustedadvisor:CreateEngagementAttachment": {}, + "trustedadvisor:CreateEngagementCommunication": {}, + "trustedadvisor:DeleteNotificationConfigurationForDelegatedAdmin": {}, + "trustedadvisor:DescribeAccount": {}, + "trustedadvisor:DescribeAccountAccess": {}, + "trustedadvisor:DescribeChecks": {}, + "trustedadvisor:DescribeNotificationConfigurations": {}, + "trustedadvisor:DescribeNotificationPreferences": {}, + "trustedadvisor:DescribeOrganization": {}, + "trustedadvisor:DescribeOrganizationAccounts": {}, + "trustedadvisor:DescribeReports": {}, + "trustedadvisor:DescribeRisk": {}, + "trustedadvisor:DescribeRiskResources": {}, + "trustedadvisor:DescribeRisks": {}, + "trustedadvisor:DescribeServiceMetadata": {}, + "trustedadvisor:DownloadRisk": {}, + "trustedadvisor:GenerateReport": {}, + "trustedadvisor:GetEngagement": {}, + "trustedadvisor:GetEngagementAttachment": {}, + "trustedadvisor:GetEngagementType": {}, + "trustedadvisor:GetOrganizationRecommendation": {}, + "trustedadvisor:GetRecommendation": {}, + "trustedadvisor:ListAccountsForParent": {}, + "trustedadvisor:ListChecks": {}, + "trustedadvisor:ListEngagementCommunications": {}, + "trustedadvisor:ListEngagementTypes": {}, + "trustedadvisor:ListEngagements": {}, + "trustedadvisor:ListOrganizationRecommendationAccounts": {}, + "trustedadvisor:ListOrganizationRecommendationResources": {}, + "trustedadvisor:ListOrganizationRecommendations": {}, + "trustedadvisor:ListOrganizationalUnitsForParent": {}, + "trustedadvisor:ListRecommendationResources": {}, + "trustedadvisor:ListRecommendations": {}, + "trustedadvisor:ListRoots": {}, + "trustedadvisor:SetAccountAccess": {}, + "trustedadvisor:SetOrganizationAccess": {}, + "trustedadvisor:UpdateEngagement": {}, + "trustedadvisor:UpdateEngagementStatus": {}, + "trustedadvisor:UpdateNotificationConfigurations": {}, + "trustedadvisor:UpdateNotificationPreferences": {}, + "trustedadvisor:UpdateOrganizationRecommendationLifecycle": {}, + "trustedadvisor:UpdateRecommendationLifecycle": {}, + "trustedadvisor:UpdateRiskStatus": {}, + "ts:ListExecutions": {}, + "ts:ListTools": {}, + "ts:StartExecution": {}, + "vendor-insights:CreateDataSource": {}, + "vendor-insights:CreateSecurityProfile": {}, + "vendor-insights:GetProfileAccessTerms": {}, + "vendor-insights:ListDataSources": {}, + "vendor-insights:ListEntitledSecurityProfiles": {}, + "vendor-insights:ListSecurityProfiles": {}, + "verified-access:AllowVerifiedAccess": {}, + "verifiedpermissions:CreatePolicyStore": {}, + "verifiedpermissions:ListPolicyStores": {}, + "voiceid:CreateDomain": {}, + "voiceid:DescribeComplianceConsent": {}, + "voiceid:ListDomains": {}, + "voiceid:RegisterComplianceConsent": {}, + "vpc-lattice:ListAccessLogSubscriptions": {}, + "vpc-lattice:ListListeners": {}, + "vpc-lattice:ListRules": {}, + "vpc-lattice:ListServiceNetworkServiceAssociations": {}, + "vpc-lattice:ListServiceNetworkVpcAssociations": {}, + "vpc-lattice:ListServiceNetworks": {}, + "vpc-lattice:ListServices": {}, + "vpc-lattice:ListTagsForResource": {}, + "vpc-lattice:ListTargetGroups": {}, + "waf-regional:GetChangeToken": {}, + "waf-regional:GetChangeTokenStatus": {}, + "waf-regional:ListActivatedRulesInRuleGroup": {}, + "waf-regional:ListByteMatchSets": {}, + "waf-regional:ListGeoMatchSets": {}, + "waf-regional:ListIPSets": {}, + "waf-regional:ListLoggingConfigurations": {}, + "waf-regional:ListRateBasedRules": {}, + "waf-regional:ListRegexMatchSets": {}, + "waf-regional:ListRegexPatternSets": {}, + "waf-regional:ListRuleGroups": {}, + "waf-regional:ListRules": {}, + "waf-regional:ListSizeConstraintSets": {}, + "waf-regional:ListSqlInjectionMatchSets": {}, + "waf-regional:ListSubscribedRuleGroups": {}, + "waf-regional:ListWebACLs": {}, + "waf-regional:ListXssMatchSets": {}, + "waf:GetChangeToken": {}, + "waf:GetChangeTokenStatus": {}, + "waf:ListActivatedRulesInRuleGroup": {}, + "waf:ListByteMatchSets": {}, + "waf:ListGeoMatchSets": {}, + "waf:ListIPSets": {}, + "waf:ListLoggingConfigurations": {}, + "waf:ListRateBasedRules": {}, + "waf:ListRegexMatchSets": {}, + "waf:ListRegexPatternSets": {}, + "waf:ListRuleGroups": {}, + "waf:ListRules": {}, + "waf:ListSizeConstraintSets": {}, + "waf:ListSqlInjectionMatchSets": {}, + "waf:ListSubscribedRuleGroups": {}, + "waf:ListWebACLs": {}, + "waf:ListXssMatchSets": {}, + "wafv2:CheckCapacity": {}, + "wafv2:CreateAPIKey": {}, + "wafv2:DescribeAllManagedProducts": {}, + "wafv2:DescribeManagedProductsByVendor": {}, + "wafv2:DescribeManagedRuleGroup": {}, + "wafv2:GenerateMobileSdkReleaseUrl": {}, + "wafv2:GetDecryptedAPIKey": {}, + "wafv2:GetMobileSdkRelease": {}, + "wafv2:ListAPIKeys": {}, + "wafv2:ListAvailableManagedRuleGroupVersions": {}, + "wafv2:ListAvailableManagedRuleGroups": {}, + "wafv2:ListIPSets": {}, + "wafv2:ListLoggingConfigurations": {}, + "wafv2:ListManagedRuleSets": {}, + "wafv2:ListMobileSdkReleases": {}, + "wafv2:ListRegexPatternSets": {}, + "wafv2:ListRuleGroups": {}, + "wafv2:ListWebACLs": {}, + "wam:AuthenticatePackager": {}, + "wellarchitected:CreateProfile": {}, + "wellarchitected:CreateReviewTemplate": {}, + "wellarchitected:CreateWorkload": {}, + "wellarchitected:GetConsolidatedReport": {}, + "wellarchitected:GetProfileTemplate": {}, + "wellarchitected:ImportLens": {}, + "wellarchitected:ListLenses": {}, + "wellarchitected:ListNotifications": {}, + "wellarchitected:ListProfileNotifications": {}, + "wellarchitected:ListProfiles": {}, + "wellarchitected:ListReviewTemplates": {}, + "wellarchitected:ListShareInvitations": {}, + "wellarchitected:ListWorkloads": {}, + "wellarchitected:UpdateGlobalSettings": {}, + "wellarchitected:UpdateShareInvitation": {}, + "wickr:CreateNetwork": {}, + "wickr:ListNetworks": {}, + "wickr:ListTagsForResource": {}, + "wisdom:CreateAssistant": {}, + "wisdom:CreateKnowledgeBase": {}, + "wisdom:ListAssistants": {}, + "wisdom:ListKnowledgeBases": {}, + "wisdom:ListTagsForResource": {}, + "workdocs:AbortDocumentVersionUpload": {}, + "workdocs:ActivateUser": {}, + "workdocs:AddNotificationPermissions": {}, + "workdocs:AddResourcePermissions": {}, + "workdocs:AddUserToGroup": {}, + "workdocs:CheckAlias": {}, + "workdocs:CreateComment": {}, + "workdocs:CreateCustomMetadata": {}, + "workdocs:CreateFolder": {}, + "workdocs:CreateInstance": {}, + "workdocs:CreateLabels": {}, + "workdocs:CreateNotificationSubscription": {}, + "workdocs:CreateUser": {}, + "workdocs:DeactivateUser": {}, + "workdocs:DeleteComment": {}, + "workdocs:DeleteCustomMetadata": {}, + "workdocs:DeleteDocument": {}, + "workdocs:DeleteDocumentVersion": {}, + "workdocs:DeleteFolder": {}, + "workdocs:DeleteFolderContents": {}, + "workdocs:DeleteInstance": {}, + "workdocs:DeleteLabels": {}, + "workdocs:DeleteNotificationPermissions": {}, + "workdocs:DeleteNotificationSubscription": {}, + "workdocs:DeleteUser": {}, + "workdocs:DeregisterDirectory": {}, + "workdocs:DescribeActivities": {}, + "workdocs:DescribeAvailableDirectories": {}, + "workdocs:DescribeComments": {}, + "workdocs:DescribeDocumentVersions": {}, + "workdocs:DescribeFolderContents": {}, + "workdocs:DescribeGroups": {}, + "workdocs:DescribeInstances": {}, + "workdocs:DescribeNotificationPermissions": {}, + "workdocs:DescribeNotificationSubscriptions": {}, + "workdocs:DescribeResourcePermissions": {}, + "workdocs:DescribeRootFolders": {}, + "workdocs:DescribeUsers": {}, + "workdocs:DownloadDocumentVersion": {}, + "workdocs:GetCurrentUser": {}, + "workdocs:GetDocument": {}, + "workdocs:GetDocumentPath": {}, + "workdocs:GetDocumentVersion": {}, + "workdocs:GetFolder": {}, + "workdocs:GetFolderPath": {}, + "workdocs:GetGroup": {}, + "workdocs:GetResources": {}, + "workdocs:InitiateDocumentVersionUpload": {}, + "workdocs:RegisterDirectory": {}, + "workdocs:RemoveAllResourcePermissions": {}, + "workdocs:RemoveResourcePermission": {}, + "workdocs:RestoreDocumentVersions": {}, + "workdocs:SearchResources": {}, + "workdocs:UpdateDocument": {}, + "workdocs:UpdateDocumentVersion": {}, + "workdocs:UpdateFolder": {}, + "workdocs:UpdateInstanceAlias": {}, + "workdocs:UpdateUser": {}, + "workdocs:UpdateUserAdministrativeSettings": {}, + "worklink:CreateFleet": {}, + "worklink:ListFleets": {}, + "workmail:CreateOrganization": {}, + "workmail:DescribeDirectories": {}, + "workmail:DescribeKmsKeys": {}, + "workmail:DescribeOrganizations": {}, + "workmail:ListOrganizations": {}, + "workspaces-web:CreateBrowserSettings": {}, + "workspaces-web:CreateIpAccessSettings": {}, + "workspaces-web:CreateNetworkSettings": {}, + "workspaces-web:CreatePortal": {}, + "workspaces-web:CreateTrustStore": {}, + "workspaces-web:CreateUserAccessLoggingSettings": {}, + "workspaces-web:CreateUserSettings": {}, + "workspaces-web:ListBrowserSettings": {}, + "workspaces-web:ListIpAccessSettings": {}, + "workspaces-web:ListNetworkSettings": {}, + "workspaces-web:ListPortals": {}, + "workspaces-web:ListTagsForResource": {}, + "workspaces-web:ListTrustStoreCertificates": {}, + "workspaces-web:ListTrustStores": {}, + "workspaces-web:ListUserAccessLoggingSettings": {}, + "workspaces-web:ListUserSettings": {}, + "workspaces:CreateConnectionAlias": {}, + "workspaces:CreateIpGroup": {}, + "workspaces:CreateTags": {}, + "workspaces:DeleteTags": {}, + "workspaces:DescribeAccount": {}, + "workspaces:DescribeAccountModifications": {}, + "workspaces:DescribeApplications": {}, + "workspaces:DescribeConnectionAliases": {}, + "workspaces:DescribeTags": {}, + "workspaces:DescribeWorkspaceBundles": {}, + "workspaces:DescribeWorkspaceDirectories": {}, + "workspaces:DescribeWorkspaceImages": {}, + "workspaces:DescribeWorkspaces": {}, + "workspaces:DescribeWorkspacesConnectionStatus": {}, + "workspaces:ImportWorkspaceImage": {}, + "workspaces:ListAvailableManagementCidrRanges": {}, + "workspaces:ModifyAccount": {}, + "xray:BatchGetTraceSummaryById": {}, + "xray:BatchGetTraces": {}, + "xray:DeleteResourcePolicy": {}, + "xray:GetDistinctTraceGraphs": {}, + "xray:GetEncryptionConfig": {}, + "xray:GetGroups": {}, + "xray:GetInsight": {}, + "xray:GetInsightEvents": {}, + "xray:GetInsightImpactGraph": {}, + "xray:GetInsightSummaries": {}, + "xray:GetSamplingRules": {}, + "xray:GetSamplingStatisticSummaries": {}, + "xray:GetSamplingTargets": {}, + "xray:GetServiceGraph": {}, + "xray:GetTimeSeriesServiceStatistics": {}, + "xray:GetTraceGraph": {}, + "xray:GetTraceSummaries": {}, + "xray:Link": {}, + "xray:ListResourcePolicies": {}, + "xray:PutEncryptionConfig": {}, + "xray:PutResourcePolicy": {}, + "xray:PutTelemetryRecords": {}, + "xray:PutTraceSegments": {}, +} \ No newline at end of file diff --git a/pkg/iac/providers/aws/iam/iam.go b/pkg/iac/providers/aws/iam/iam.go new file mode 100755 index 000000000000..6215a085613c --- /dev/null +++ b/pkg/iac/providers/aws/iam/iam.go @@ -0,0 +1,119 @@ +package iam + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + "github.com/liamg/iamgo" +) + +type IAM struct { + PasswordPolicy PasswordPolicy + Policies []Policy + Groups []Group + Users []User + Roles []Role + ServerCertificates []ServerCertificate +} + +type ServerCertificate struct { + Metadata defsecTypes.Metadata + Expiration defsecTypes.TimeValue +} + +type Policy struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + Document Document + Builtin defsecTypes.BoolValue +} + +type Document struct { + Metadata defsecTypes.Metadata + Parsed iamgo.Document + IsOffset bool + HasRefs bool +} + +func (d Document) ToRego() interface{} { + m := d.Metadata + doc, _ := d.Parsed.MarshalJSON() + input := map[string]interface{}{ + "filepath": m.Range().GetFilename(), + "startline": m.Range().GetStartLine(), + "endline": m.Range().GetEndLine(), + "managed": m.IsManaged(), + "explicit": m.IsExplicit(), + "value": string(doc), + "sourceprefix": m.Range().GetSourcePrefix(), + "fskey": defsecTypes.CreateFSKey(m.Range().GetFS()), + "resource": m.Reference(), + } + + if m.Parent() != nil { + input["parent"] = m.Parent().ToRego() + } + + return input +} + +type Group struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + Users []User + Policies []Policy +} + +type User struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + Groups []Group + Policies []Policy + AccessKeys []AccessKey + MFADevices []MFADevice + LastAccess defsecTypes.TimeValue +} + +func (u *User) HasLoggedIn() bool { + return u.LastAccess.GetMetadata().IsResolvable() && !u.LastAccess.IsNever() +} + +type MFADevice struct { + Metadata defsecTypes.Metadata + IsVirtual defsecTypes.BoolValue +} + +type AccessKey struct { + Metadata defsecTypes.Metadata + AccessKeyId defsecTypes.StringValue + Active defsecTypes.BoolValue + CreationDate defsecTypes.TimeValue + LastAccess defsecTypes.TimeValue +} + +type Role struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + Policies []Policy +} + +func (d Document) MetadataFromIamGo(r ...iamgo.Range) defsecTypes.Metadata { + m := d.Metadata + if d.HasRefs { + return m + } + newRange := m.Range() + var start int + if !d.IsOffset { + start = newRange.GetStartLine() + } + for _, rng := range r { + newRange := defsecTypes.NewRange( + newRange.GetLocalFilename(), + start+rng.StartLine, + start+rng.EndLine, + newRange.GetSourcePrefix(), + newRange.GetFS(), + ) + m = defsecTypes.NewMetadata(newRange, m.Reference()).WithParent(m) + } + return m +} diff --git a/pkg/iac/providers/aws/iam/passwords.go b/pkg/iac/providers/aws/iam/passwords.go new file mode 100755 index 000000000000..f18cbb826b4c --- /dev/null +++ b/pkg/iac/providers/aws/iam/passwords.go @@ -0,0 +1,16 @@ +package iam + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type PasswordPolicy struct { + Metadata defsecTypes.Metadata + ReusePreventionCount defsecTypes.IntValue + RequireLowercase defsecTypes.BoolValue + RequireUppercase defsecTypes.BoolValue + RequireNumbers defsecTypes.BoolValue + RequireSymbols defsecTypes.BoolValue + MaxAgeDays defsecTypes.IntValue + MinimumLength defsecTypes.IntValue +} diff --git a/pkg/iac/providers/aws/iam/wildcards.go b/pkg/iac/providers/aws/iam/wildcards.go new file mode 100755 index 000000000000..bee5c4e9637c --- /dev/null +++ b/pkg/iac/providers/aws/iam/wildcards.go @@ -0,0 +1,10 @@ +package iam + +func IsWildcardAllowed(actions ...string) (bool, string) { + for _, action := range actions { + if _, exist := allowedActionsForResourceWildcardsMap[action]; !exist { + return false, action + } + } + return true, "" +} diff --git a/pkg/iac/providers/aws/kinesis/kinesis.go b/pkg/iac/providers/aws/kinesis/kinesis.go new file mode 100755 index 000000000000..cf7a48799f80 --- /dev/null +++ b/pkg/iac/providers/aws/kinesis/kinesis.go @@ -0,0 +1,24 @@ +package kinesis + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Kinesis struct { + Streams []Stream +} + +type Stream struct { + Metadata defsecTypes.Metadata + Encryption Encryption +} + +const ( + EncryptionTypeKMS = "KMS" +) + +type Encryption struct { + Metadata defsecTypes.Metadata + Type defsecTypes.StringValue + KMSKeyID defsecTypes.StringValue +} diff --git a/pkg/iac/providers/aws/kms/kms.go b/pkg/iac/providers/aws/kms/kms.go new file mode 100755 index 000000000000..45889b8caec9 --- /dev/null +++ b/pkg/iac/providers/aws/kms/kms.go @@ -0,0 +1,19 @@ +package kms + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type KMS struct { + Keys []Key +} + +const ( + KeyUsageSignAndVerify = "SIGN_VERIFY" +) + +type Key struct { + Metadata defsecTypes.Metadata + Usage defsecTypes.StringValue + RotationEnabled defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/aws/lambda/lambda.go b/pkg/iac/providers/aws/lambda/lambda.go new file mode 100755 index 000000000000..475ceb9bc648 --- /dev/null +++ b/pkg/iac/providers/aws/lambda/lambda.go @@ -0,0 +1,31 @@ +package lambda + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Lambda struct { + Functions []Function +} + +type Function struct { + Metadata defsecTypes.Metadata + Tracing Tracing + Permissions []Permission +} + +const ( + TracingModePassThrough = "PassThrough" + TracingModeActive = "Active" +) + +type Tracing struct { + Metadata defsecTypes.Metadata + Mode defsecTypes.StringValue +} + +type Permission struct { + Metadata defsecTypes.Metadata + Principal defsecTypes.StringValue + SourceARN defsecTypes.StringValue +} diff --git a/pkg/iac/providers/aws/mq/mq.go b/pkg/iac/providers/aws/mq/mq.go new file mode 100755 index 000000000000..552f6ebf91a4 --- /dev/null +++ b/pkg/iac/providers/aws/mq/mq.go @@ -0,0 +1,21 @@ +package mq + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type MQ struct { + Brokers []Broker +} + +type Broker struct { + Metadata defsecTypes.Metadata + PublicAccess defsecTypes.BoolValue + Logging Logging +} + +type Logging struct { + Metadata defsecTypes.Metadata + General defsecTypes.BoolValue + Audit defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/aws/msk/msk.go b/pkg/iac/providers/aws/msk/msk.go new file mode 100755 index 000000000000..d70efbe863b1 --- /dev/null +++ b/pkg/iac/providers/aws/msk/msk.go @@ -0,0 +1,60 @@ +package msk + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type MSK struct { + Clusters []Cluster +} + +type Cluster struct { + Metadata defsecTypes.Metadata + EncryptionInTransit EncryptionInTransit + EncryptionAtRest EncryptionAtRest + Logging Logging +} + +const ( + ClientBrokerEncryptionTLS = "TLS" + ClientBrokerEncryptionPlaintext = "PLAINTEXT" + ClientBrokerEncryptionTLSOrPlaintext = "TLS_PLAINTEXT" +) + +type EncryptionInTransit struct { + Metadata defsecTypes.Metadata + ClientBroker defsecTypes.StringValue +} + +type EncryptionAtRest struct { + Metadata defsecTypes.Metadata + KMSKeyARN defsecTypes.StringValue + Enabled defsecTypes.BoolValue +} + +type Logging struct { + Metadata defsecTypes.Metadata + Broker BrokerLogging +} + +type BrokerLogging struct { + Metadata defsecTypes.Metadata + S3 S3Logging + Cloudwatch CloudwatchLogging + Firehose FirehoseLogging +} + +type S3Logging struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue +} + +type CloudwatchLogging struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue +} + +type FirehoseLogging struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/aws/neptune/neptune.go b/pkg/iac/providers/aws/neptune/neptune.go new file mode 100755 index 000000000000..d7b69f169309 --- /dev/null +++ b/pkg/iac/providers/aws/neptune/neptune.go @@ -0,0 +1,21 @@ +package neptune + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Neptune struct { + Clusters []Cluster +} + +type Cluster struct { + Metadata defsecTypes.Metadata + Logging Logging + StorageEncrypted defsecTypes.BoolValue + KMSKeyID defsecTypes.StringValue +} + +type Logging struct { + Metadata defsecTypes.Metadata + Audit defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/aws/provider.go b/pkg/iac/providers/aws/provider.go new file mode 100644 index 000000000000..475d1bd0691e --- /dev/null +++ b/pkg/iac/providers/aws/provider.go @@ -0,0 +1,77 @@ +package aws + +import "github.com/aquasecurity/trivy/pkg/iac/types" + +type TerraformProvider struct { + Metadata types.Metadata + // generic fields + Alias types.StringValue + Version types.StringValue + + // provider specific fields + AccessKey types.StringValue + AllowedAccountsIDs types.StringValueList + AssumeRole AssumeRole + AssumeRoleWithWebIdentity AssumeRoleWithWebIdentity + CustomCABundle types.StringValue + DefaultTags DefaultTags + EC2MetadataServiceEndpoint types.StringValue + EC2MetadataServiceEndpointMode types.StringValue + Endpoints types.MapValue + ForbiddenAccountIDs types.StringValueList + HttpProxy types.StringValue + IgnoreTags IgnoreTags + Insecure types.BoolValue + MaxRetries types.IntValue + Profile types.StringValue + Region types.StringValue + RetryMode types.StringValue + S3UsePathStyle types.BoolValue + S3USEast1RegionalEndpoint types.StringValue + SecretKey types.StringValue + SharedConfigFiles types.StringValueList + SharedCredentialsFiles types.StringValueList + SkipCredentialsValidation types.BoolValue + SkipMetadataAPICheck types.BoolValue + SkipRegionValidation types.BoolValue + SkipRequestingAccountID types.BoolValue + STSRegion types.StringValue + Token types.StringValue + UseDualstackEndpoint types.BoolValue + UseFIPSEndpoint types.BoolValue +} + +type AssumeRole struct { + Metadata types.Metadata + Duration types.StringValue + ExternalID types.StringValue + Policy types.StringValue + PolicyARNs types.StringValueList + RoleARN types.StringValue + SessionName types.StringValue + SourceIdentity types.StringValue + Tags types.MapValue + TransitiveTagKeys types.StringValueList +} + +type AssumeRoleWithWebIdentity struct { + Metadata types.Metadata + Duration types.StringValue + Policy types.StringValue + PolicyARNs types.StringValueList + RoleARN types.StringValue + SessionName types.StringValue + WebIdentityToken types.StringValue + WebIdentityTokenFile types.StringValue +} + +type IgnoreTags struct { + Metadata types.Metadata + Keys types.StringValueList + KeyPrefixes types.StringValueList +} + +type DefaultTags struct { + Metadata types.Metadata + Tags types.MapValue +} diff --git a/pkg/iac/providers/aws/rds/classic.go b/pkg/iac/providers/aws/rds/classic.go new file mode 100755 index 000000000000..41be09b743ef --- /dev/null +++ b/pkg/iac/providers/aws/rds/classic.go @@ -0,0 +1,13 @@ +package rds + +import ( + "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Classic struct { + DBSecurityGroups []DBSecurityGroup +} + +type DBSecurityGroup struct { + Metadata types.Metadata +} diff --git a/pkg/iac/providers/aws/rds/rds.go b/pkg/iac/providers/aws/rds/rds.go new file mode 100755 index 000000000000..dcc41cde5dcc --- /dev/null +++ b/pkg/iac/providers/aws/rds/rds.go @@ -0,0 +1,127 @@ +package rds + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type RDS struct { + Instances []Instance + Clusters []Cluster + Classic Classic + Snapshots []Snapshots + ParameterGroups []ParameterGroups +} + +type Instance struct { + Metadata defsecTypes.Metadata + BackupRetentionPeriodDays defsecTypes.IntValue + ReplicationSourceARN defsecTypes.StringValue + PerformanceInsights PerformanceInsights + Encryption Encryption + PublicAccess defsecTypes.BoolValue + Engine defsecTypes.StringValue + IAMAuthEnabled defsecTypes.BoolValue + DeletionProtection defsecTypes.BoolValue + DBInstanceArn defsecTypes.StringValue + StorageEncrypted defsecTypes.BoolValue + DBInstanceIdentifier defsecTypes.StringValue + DBParameterGroups []DBParameterGroupsList + TagList []TagList + EnabledCloudwatchLogsExports []defsecTypes.StringValue + EngineVersion defsecTypes.StringValue + AutoMinorVersionUpgrade defsecTypes.BoolValue + MultiAZ defsecTypes.BoolValue + PubliclyAccessible defsecTypes.BoolValue + LatestRestorableTime defsecTypes.TimeValue + ReadReplicaDBInstanceIdentifiers []defsecTypes.StringValue +} + +type Cluster struct { + Metadata defsecTypes.Metadata + BackupRetentionPeriodDays defsecTypes.IntValue + ReplicationSourceARN defsecTypes.StringValue + PerformanceInsights PerformanceInsights + Instances []ClusterInstance + Encryption Encryption + PublicAccess defsecTypes.BoolValue + Engine defsecTypes.StringValue + LatestRestorableTime defsecTypes.TimeValue + AvailabilityZones []defsecTypes.StringValue + DeletionProtection defsecTypes.BoolValue + SkipFinalSnapshot defsecTypes.BoolValue +} + +type Snapshots struct { + Metadata defsecTypes.Metadata + DBSnapshotIdentifier defsecTypes.StringValue + DBSnapshotArn defsecTypes.StringValue + Encrypted defsecTypes.BoolValue + KmsKeyId defsecTypes.StringValue + SnapshotAttributes []DBSnapshotAttributes +} + +type Parameters struct { + Metadata defsecTypes.Metadata + ParameterName defsecTypes.StringValue + ParameterValue defsecTypes.StringValue +} + +type ParameterGroups struct { + Metadata defsecTypes.Metadata + DBParameterGroupName defsecTypes.StringValue + DBParameterGroupFamily defsecTypes.StringValue + Parameters []Parameters +} + +type DBSnapshotAttributes struct { + Metadata defsecTypes.Metadata + AttributeValues []defsecTypes.StringValue +} + +const ( + EngineAurora = "aurora" + EngineAuroraMysql = "aurora-mysql" + EngineAuroraPostgresql = "aurora-postgresql" + EngineMySQL = "mysql" + EnginePostgres = "postgres" + EngineCustomOracleEE = "custom-oracle-ee" + EngineOracleEE = "oracle-ee" + EngineOracleEECDB = "oracle-ee-cdb" + EngineOracleSE2 = "oracle-se2" + EngineOracleSE2CDB = "oracle-se2-cdb" + EngineSQLServerEE = "sqlserver-ee" + EngineSQLServerSE = "sqlserver-se" + EngineSQLServerEX = "sqlserver-ex" + EngineSQLServerWEB = "sqlserver-web" + EngineMariaDB = "mariadb" + EngineCustomSQLServerEE = "custom-sqlserver-ee" + EngineCustomSQLServerSE = "custom-sqlserver-se" + EngineCustomSQLServerWEB = "custom-sqlserver-web" +) + +type Encryption struct { + Metadata defsecTypes.Metadata + EncryptStorage defsecTypes.BoolValue + KMSKeyID defsecTypes.StringValue +} + +type ClusterInstance struct { + Instance + ClusterIdentifier defsecTypes.StringValue +} + +type PerformanceInsights struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue + KMSKeyID defsecTypes.StringValue +} + +type DBParameterGroupsList struct { + Metadata defsecTypes.Metadata + DBParameterGroupName defsecTypes.StringValue + KMSKeyID defsecTypes.StringValue +} + +type TagList struct { + Metadata defsecTypes.Metadata +} diff --git a/pkg/iac/providers/aws/redshift/redshift.go b/pkg/iac/providers/aws/redshift/redshift.go new file mode 100755 index 000000000000..b57753309e75 --- /dev/null +++ b/pkg/iac/providers/aws/redshift/redshift.go @@ -0,0 +1,55 @@ +package redshift + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Redshift struct { + Clusters []Cluster + ReservedNodes []ReservedNode + ClusterParameters []ClusterParameter + SecurityGroups []SecurityGroup +} + +type SecurityGroup struct { + Metadata defsecTypes.Metadata + Description defsecTypes.StringValue +} + +type ReservedNode struct { + Metadata defsecTypes.Metadata + NodeType defsecTypes.StringValue +} + +type ClusterParameter struct { + Metadata defsecTypes.Metadata + ParameterName defsecTypes.StringValue + ParameterValue defsecTypes.StringValue +} + +type Cluster struct { + Metadata defsecTypes.Metadata + ClusterIdentifier defsecTypes.StringValue + NodeType defsecTypes.StringValue + VpcId defsecTypes.StringValue + NumberOfNodes defsecTypes.IntValue + PubliclyAccessible defsecTypes.BoolValue + AllowVersionUpgrade defsecTypes.BoolValue + MasterUsername defsecTypes.StringValue + AutomatedSnapshotRetentionPeriod defsecTypes.IntValue + LoggingEnabled defsecTypes.BoolValue + EndPoint EndPoint + Encryption Encryption + SubnetGroupName defsecTypes.StringValue +} + +type EndPoint struct { + Metadata defsecTypes.Metadata + Port defsecTypes.IntValue +} + +type Encryption struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue + KMSKeyID defsecTypes.StringValue +} diff --git a/pkg/iac/providers/aws/s3/bucket.go b/pkg/iac/providers/aws/s3/bucket.go new file mode 100755 index 000000000000..acd669af87a1 --- /dev/null +++ b/pkg/iac/providers/aws/s3/bucket.go @@ -0,0 +1,67 @@ +package s3 + +import ( + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Bucket struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + PublicAccessBlock *PublicAccessBlock + BucketPolicies []iam.Policy + Encryption Encryption + Versioning Versioning + Logging Logging + ACL defsecTypes.StringValue + BucketLocation defsecTypes.StringValue + AccelerateConfigurationStatus defsecTypes.StringValue + LifecycleConfiguration []Rules + Objects []Contents + Website *Website +} + +func (b *Bucket) HasPublicExposureACL() bool { + for _, publicACL := range []string{"public-read", "public-read-write", "website", "authenticated-read"} { + if b.ACL.EqualTo(publicACL) { + // if there is a public access block, check the public ACL blocks + if b.PublicAccessBlock != nil && b.PublicAccessBlock.Metadata.IsManaged() { + return b.PublicAccessBlock.IgnorePublicACLs.IsFalse() && b.PublicAccessBlock.BlockPublicACLs.IsFalse() + } + return true + } + } + return false +} + +type Logging struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue + TargetBucket defsecTypes.StringValue +} + +type Versioning struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue + MFADelete defsecTypes.BoolValue +} + +type Encryption struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue + Algorithm defsecTypes.StringValue + KMSKeyId defsecTypes.StringValue +} + +type Rules struct { + Metadata defsecTypes.Metadata + Status defsecTypes.StringValue +} + +type Contents struct { + Metadata defsecTypes.Metadata +} + +type Website struct { + Metadata defsecTypes.Metadata +} diff --git a/pkg/iac/providers/aws/s3/bucket_public_access_block.go b/pkg/iac/providers/aws/s3/bucket_public_access_block.go new file mode 100755 index 000000000000..f0d1a19e6f5b --- /dev/null +++ b/pkg/iac/providers/aws/s3/bucket_public_access_block.go @@ -0,0 +1,23 @@ +package s3 + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type PublicAccessBlock struct { + Metadata defsecTypes.Metadata + BlockPublicACLs defsecTypes.BoolValue + BlockPublicPolicy defsecTypes.BoolValue + IgnorePublicACLs defsecTypes.BoolValue + RestrictPublicBuckets defsecTypes.BoolValue +} + +func NewPublicAccessBlock(metadata defsecTypes.Metadata) PublicAccessBlock { + return PublicAccessBlock{ + Metadata: metadata, + BlockPublicPolicy: defsecTypes.BoolDefault(false, metadata), + BlockPublicACLs: defsecTypes.BoolDefault(false, metadata), + IgnorePublicACLs: defsecTypes.BoolDefault(false, metadata), + RestrictPublicBuckets: defsecTypes.BoolDefault(false, metadata), + } +} diff --git a/pkg/iac/providers/aws/s3/s3.go b/pkg/iac/providers/aws/s3/s3.go new file mode 100755 index 000000000000..230269a9e660 --- /dev/null +++ b/pkg/iac/providers/aws/s3/s3.go @@ -0,0 +1,5 @@ +package s3 + +type S3 struct { + Buckets []Bucket +} diff --git a/pkg/iac/providers/aws/sam/api.go b/pkg/iac/providers/aws/sam/api.go new file mode 100644 index 000000000000..101ff9c82aec --- /dev/null +++ b/pkg/iac/providers/aws/sam/api.go @@ -0,0 +1,38 @@ +package sam + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type API struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + TracingEnabled defsecTypes.BoolValue + DomainConfiguration DomainConfiguration + AccessLogging AccessLogging + RESTMethodSettings RESTMethodSettings +} + +type ApiAuth struct { + Metadata defsecTypes.Metadata + ApiKeyRequired defsecTypes.BoolValue +} + +type AccessLogging struct { + Metadata defsecTypes.Metadata + CloudwatchLogGroupARN defsecTypes.StringValue +} + +type DomainConfiguration struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + SecurityPolicy defsecTypes.StringValue +} + +type RESTMethodSettings struct { + Metadata defsecTypes.Metadata + CacheDataEncrypted defsecTypes.BoolValue + LoggingEnabled defsecTypes.BoolValue + DataTraceEnabled defsecTypes.BoolValue + MetricsEnabled defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/aws/sam/application.go b/pkg/iac/providers/aws/sam/application.go new file mode 100644 index 000000000000..cbb72d1e5f28 --- /dev/null +++ b/pkg/iac/providers/aws/sam/application.go @@ -0,0 +1,17 @@ +package sam + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Application struct { + Metadata defsecTypes.Metadata + LocationPath defsecTypes.StringValue + Location Location +} + +type Location struct { + Metadata defsecTypes.Metadata + ApplicationID defsecTypes.StringValue + SemanticVersion defsecTypes.StringValue +} diff --git a/pkg/iac/providers/aws/sam/function.go b/pkg/iac/providers/aws/sam/function.go new file mode 100644 index 000000000000..9b96c28a4702 --- /dev/null +++ b/pkg/iac/providers/aws/sam/function.go @@ -0,0 +1,25 @@ +package sam + +import ( + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Function struct { + Metadata defsecTypes.Metadata + FunctionName defsecTypes.StringValue + Tracing defsecTypes.StringValue + ManagedPolicies []defsecTypes.StringValue + Policies []iam.Policy +} + +const ( + TracingModePassThrough = "PassThrough" + TracingModeActive = "Active" +) + +type Permission struct { + Metadata defsecTypes.Metadata + Principal defsecTypes.StringValue + SourceARN defsecTypes.StringValue +} diff --git a/pkg/iac/providers/aws/sam/http_api.go b/pkg/iac/providers/aws/sam/http_api.go new file mode 100644 index 000000000000..da7d23b371ac --- /dev/null +++ b/pkg/iac/providers/aws/sam/http_api.go @@ -0,0 +1,20 @@ +package sam + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type HttpAPI struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + AccessLogging AccessLogging + DefaultRouteSettings RouteSettings + DomainConfiguration DomainConfiguration +} + +type RouteSettings struct { + Metadata defsecTypes.Metadata + LoggingEnabled defsecTypes.BoolValue + DataTraceEnabled defsecTypes.BoolValue + DetailedMetricsEnabled defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/aws/sam/sam.go b/pkg/iac/providers/aws/sam/sam.go new file mode 100644 index 000000000000..ed75777d8053 --- /dev/null +++ b/pkg/iac/providers/aws/sam/sam.go @@ -0,0 +1,10 @@ +package sam + +type SAM struct { + APIs []API + Applications []Application + Functions []Function + HttpAPIs []HttpAPI + SimpleTables []SimpleTable + StateMachines []StateMachine +} diff --git a/pkg/iac/providers/aws/sam/state_machine.go b/pkg/iac/providers/aws/sam/state_machine.go new file mode 100644 index 000000000000..9b37e188da19 --- /dev/null +++ b/pkg/iac/providers/aws/sam/state_machine.go @@ -0,0 +1,25 @@ +package sam + +import ( + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type StateMachine struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + LoggingConfiguration LoggingConfiguration + ManagedPolicies []defsecTypes.StringValue + Policies []iam.Policy + Tracing TracingConfiguration +} + +type LoggingConfiguration struct { + Metadata defsecTypes.Metadata + LoggingEnabled defsecTypes.BoolValue +} + +type TracingConfiguration struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/aws/sam/table.go b/pkg/iac/providers/aws/sam/table.go new file mode 100644 index 000000000000..b35cea5816ff --- /dev/null +++ b/pkg/iac/providers/aws/sam/table.go @@ -0,0 +1,18 @@ +package sam + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type SimpleTable struct { + Metadata defsecTypes.Metadata + TableName defsecTypes.StringValue + SSESpecification SSESpecification +} + +type SSESpecification struct { + Metadata defsecTypes.Metadata + + Enabled defsecTypes.BoolValue + KMSMasterKeyID defsecTypes.StringValue +} diff --git a/pkg/iac/providers/aws/sns/sns.go b/pkg/iac/providers/aws/sns/sns.go new file mode 100755 index 000000000000..c33949a19b86 --- /dev/null +++ b/pkg/iac/providers/aws/sns/sns.go @@ -0,0 +1,31 @@ +package sns + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type SNS struct { + Topics []Topic +} + +func NewTopic(arn string, metadata defsecTypes.Metadata) *Topic { + return &Topic{ + Metadata: metadata, + ARN: defsecTypes.String(arn, metadata), + Encryption: Encryption{ + Metadata: metadata, + KMSKeyID: defsecTypes.StringDefault("", metadata), + }, + } +} + +type Topic struct { + Metadata defsecTypes.Metadata + ARN defsecTypes.StringValue + Encryption Encryption +} + +type Encryption struct { + Metadata defsecTypes.Metadata + KMSKeyID defsecTypes.StringValue +} diff --git a/pkg/iac/providers/aws/sqs/sqs.go b/pkg/iac/providers/aws/sqs/sqs.go new file mode 100755 index 000000000000..a429b5384280 --- /dev/null +++ b/pkg/iac/providers/aws/sqs/sqs.go @@ -0,0 +1,23 @@ +package sqs + +import ( + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type SQS struct { + Queues []Queue +} + +type Queue struct { + Metadata defsecTypes.Metadata + QueueURL defsecTypes.StringValue + Encryption Encryption + Policies []iam.Policy +} + +type Encryption struct { + Metadata defsecTypes.Metadata + KMSKeyID defsecTypes.StringValue + ManagedEncryption defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/aws/ssm/ssm.go b/pkg/iac/providers/aws/ssm/ssm.go new file mode 100755 index 000000000000..a4e5ef1e35ef --- /dev/null +++ b/pkg/iac/providers/aws/ssm/ssm.go @@ -0,0 +1,16 @@ +package ssm + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type SSM struct { + Secrets []Secret +} + +type Secret struct { + Metadata defsecTypes.Metadata + KMSKeyID defsecTypes.StringValue +} + +const DefaultKMSKeyID = "alias/aws/secretsmanager" diff --git a/pkg/iac/providers/aws/workspaces/workspaces.go b/pkg/iac/providers/aws/workspaces/workspaces.go new file mode 100755 index 000000000000..3f63a60da15a --- /dev/null +++ b/pkg/iac/providers/aws/workspaces/workspaces.go @@ -0,0 +1,25 @@ +package workspaces + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type WorkSpaces struct { + WorkSpaces []WorkSpace +} + +type WorkSpace struct { + Metadata defsecTypes.Metadata + RootVolume Volume + UserVolume Volume +} + +type Volume struct { + Metadata defsecTypes.Metadata + Encryption Encryption +} + +type Encryption struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/azure/appservice/appservice.go b/pkg/iac/providers/azure/appservice/appservice.go new file mode 100755 index 000000000000..30eef770ab4f --- /dev/null +++ b/pkg/iac/providers/azure/appservice/appservice.go @@ -0,0 +1,30 @@ +package appservice + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type AppService struct { + Services []Service + FunctionApps []FunctionApp +} + +type Service struct { + Metadata defsecTypes.Metadata + EnableClientCert defsecTypes.BoolValue + Identity struct { + Type defsecTypes.StringValue + } + Authentication struct { + Enabled defsecTypes.BoolValue + } + Site struct { + EnableHTTP2 defsecTypes.BoolValue + MinimumTLSVersion defsecTypes.StringValue + } +} + +type FunctionApp struct { + Metadata defsecTypes.Metadata + HTTPSOnly defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/azure/authorization/authorization.go b/pkg/iac/providers/azure/authorization/authorization.go new file mode 100755 index 000000000000..2959fc01a6e3 --- /dev/null +++ b/pkg/iac/providers/azure/authorization/authorization.go @@ -0,0 +1,20 @@ +package authorization + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Authorization struct { + RoleDefinitions []RoleDefinition +} + +type RoleDefinition struct { + Metadata defsecTypes.Metadata + Permissions []Permission + AssignableScopes []defsecTypes.StringValue +} + +type Permission struct { + Metadata defsecTypes.Metadata + Actions []defsecTypes.StringValue +} diff --git a/pkg/iac/providers/azure/azure.go b/pkg/iac/providers/azure/azure.go new file mode 100755 index 000000000000..07774647a454 --- /dev/null +++ b/pkg/iac/providers/azure/azure.go @@ -0,0 +1,33 @@ +package azure + +import ( + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/appservice" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/authorization" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/compute" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/container" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/database" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/datafactory" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/datalake" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/keyvault" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/monitor" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/network" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/securitycenter" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/storage" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/synapse" +) + +type Azure struct { + AppService appservice.AppService + Authorization authorization.Authorization + Compute compute.Compute + Container container.Container + Database database.Database + DataFactory datafactory.DataFactory + DataLake datalake.DataLake + KeyVault keyvault.KeyVault + Monitor monitor.Monitor + Network network.Network + SecurityCenter securitycenter.SecurityCenter + Storage storage.Storage + Synapse synapse.Synapse +} diff --git a/pkg/iac/providers/azure/compute/compute.go b/pkg/iac/providers/azure/compute/compute.go new file mode 100755 index 000000000000..db7f6f964e89 --- /dev/null +++ b/pkg/iac/providers/azure/compute/compute.go @@ -0,0 +1,42 @@ +package compute + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Compute struct { + LinuxVirtualMachines []LinuxVirtualMachine + WindowsVirtualMachines []WindowsVirtualMachine + ManagedDisks []ManagedDisk +} + +type VirtualMachine struct { + Metadata defsecTypes.Metadata + CustomData defsecTypes.StringValue // NOT base64 encoded +} + +type LinuxVirtualMachine struct { + Metadata defsecTypes.Metadata + VirtualMachine + OSProfileLinuxConfig OSProfileLinuxConfig +} + +type WindowsVirtualMachine struct { + Metadata defsecTypes.Metadata + VirtualMachine +} + +type OSProfileLinuxConfig struct { + Metadata defsecTypes.Metadata + DisablePasswordAuthentication defsecTypes.BoolValue +} + +type ManagedDisk struct { + Metadata defsecTypes.Metadata + Encryption Encryption +} + +type Encryption struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/azure/container/container.go b/pkg/iac/providers/azure/container/container.go new file mode 100755 index 000000000000..5e996b8778a8 --- /dev/null +++ b/pkg/iac/providers/azure/container/container.go @@ -0,0 +1,38 @@ +package container + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Container struct { + KubernetesClusters []KubernetesCluster +} + +type KubernetesCluster struct { + Metadata defsecTypes.Metadata + NetworkProfile NetworkProfile + EnablePrivateCluster defsecTypes.BoolValue + APIServerAuthorizedIPRanges []defsecTypes.StringValue + AddonProfile AddonProfile + RoleBasedAccessControl RoleBasedAccessControl +} + +type RoleBasedAccessControl struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue +} + +type AddonProfile struct { + Metadata defsecTypes.Metadata + OMSAgent OMSAgent +} + +type OMSAgent struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue +} + +type NetworkProfile struct { + Metadata defsecTypes.Metadata + NetworkPolicy defsecTypes.StringValue // "", "calico", "azure" +} diff --git a/pkg/iac/providers/azure/database/database.go b/pkg/iac/providers/azure/database/database.go new file mode 100755 index 000000000000..08673557a448 --- /dev/null +++ b/pkg/iac/providers/azure/database/database.go @@ -0,0 +1,68 @@ +package database + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Database struct { + MSSQLServers []MSSQLServer + MariaDBServers []MariaDBServer + MySQLServers []MySQLServer + PostgreSQLServers []PostgreSQLServer +} + +type MariaDBServer struct { + Metadata defsecTypes.Metadata + Server +} + +type MySQLServer struct { + Metadata defsecTypes.Metadata + Server +} + +type PostgreSQLServer struct { + Metadata defsecTypes.Metadata + Server + Config PostgresSQLConfig +} + +type PostgresSQLConfig struct { + Metadata defsecTypes.Metadata + LogCheckpoints defsecTypes.BoolValue + ConnectionThrottling defsecTypes.BoolValue + LogConnections defsecTypes.BoolValue +} + +type Server struct { + Metadata defsecTypes.Metadata + EnableSSLEnforcement defsecTypes.BoolValue + MinimumTLSVersion defsecTypes.StringValue + EnablePublicNetworkAccess defsecTypes.BoolValue + FirewallRules []FirewallRule +} + +type MSSQLServer struct { + Metadata defsecTypes.Metadata + Server + ExtendedAuditingPolicies []ExtendedAuditingPolicy + SecurityAlertPolicies []SecurityAlertPolicy +} + +type SecurityAlertPolicy struct { + Metadata defsecTypes.Metadata + EmailAddresses []defsecTypes.StringValue + DisabledAlerts []defsecTypes.StringValue + EmailAccountAdmins defsecTypes.BoolValue +} + +type ExtendedAuditingPolicy struct { + Metadata defsecTypes.Metadata + RetentionInDays defsecTypes.IntValue +} + +type FirewallRule struct { + Metadata defsecTypes.Metadata + StartIP defsecTypes.StringValue + EndIP defsecTypes.StringValue +} diff --git a/pkg/iac/providers/azure/datafactory/datafactory.go b/pkg/iac/providers/azure/datafactory/datafactory.go new file mode 100755 index 000000000000..3fa9e15805b7 --- /dev/null +++ b/pkg/iac/providers/azure/datafactory/datafactory.go @@ -0,0 +1,14 @@ +package datafactory + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type DataFactory struct { + DataFactories []Factory +} + +type Factory struct { + Metadata defsecTypes.Metadata + EnablePublicNetwork defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/azure/datalake/datalake.go b/pkg/iac/providers/azure/datalake/datalake.go new file mode 100755 index 000000000000..981f1881b015 --- /dev/null +++ b/pkg/iac/providers/azure/datalake/datalake.go @@ -0,0 +1,14 @@ +package datalake + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type DataLake struct { + Stores []Store +} + +type Store struct { + Metadata defsecTypes.Metadata + EnableEncryption defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/azure/keyvault/keyvault.go b/pkg/iac/providers/azure/keyvault/keyvault.go new file mode 100755 index 000000000000..caf10ed067d2 --- /dev/null +++ b/pkg/iac/providers/azure/keyvault/keyvault.go @@ -0,0 +1,34 @@ +package keyvault + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type KeyVault struct { + Vaults []Vault +} + +type Vault struct { + Metadata defsecTypes.Metadata + Secrets []Secret + Keys []Key + EnablePurgeProtection defsecTypes.BoolValue + SoftDeleteRetentionDays defsecTypes.IntValue + NetworkACLs NetworkACLs +} + +type NetworkACLs struct { + Metadata defsecTypes.Metadata + DefaultAction defsecTypes.StringValue +} + +type Key struct { + Metadata defsecTypes.Metadata + ExpiryDate defsecTypes.TimeValue +} + +type Secret struct { + Metadata defsecTypes.Metadata + ContentType defsecTypes.StringValue + ExpiryDate defsecTypes.TimeValue +} diff --git a/pkg/iac/providers/azure/monitor/monitor.go b/pkg/iac/providers/azure/monitor/monitor.go new file mode 100755 index 000000000000..3cb14f75990a --- /dev/null +++ b/pkg/iac/providers/azure/monitor/monitor.go @@ -0,0 +1,22 @@ +package monitor + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Monitor struct { + LogProfiles []LogProfile +} + +type LogProfile struct { + Metadata defsecTypes.Metadata + RetentionPolicy RetentionPolicy + Categories []defsecTypes.StringValue + Locations []defsecTypes.StringValue +} + +type RetentionPolicy struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue + Days defsecTypes.IntValue +} diff --git a/pkg/iac/providers/azure/network/network.go b/pkg/iac/providers/azure/network/network.go new file mode 100755 index 000000000000..07542d8a12e7 --- /dev/null +++ b/pkg/iac/providers/azure/network/network.go @@ -0,0 +1,47 @@ +package network + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Network struct { + SecurityGroups []SecurityGroup + NetworkWatcherFlowLogs []NetworkWatcherFlowLog +} + +type SecurityGroup struct { + Metadata defsecTypes.Metadata + Rules []SecurityGroupRule +} + +type SecurityGroupRule struct { + Metadata defsecTypes.Metadata + Outbound defsecTypes.BoolValue + Allow defsecTypes.BoolValue + SourceAddresses []defsecTypes.StringValue + SourcePorts []PortRange + DestinationAddresses []defsecTypes.StringValue + DestinationPorts []PortRange + Protocol defsecTypes.StringValue +} + +type PortRange struct { + Metadata defsecTypes.Metadata + Start int + End int +} + +func (r PortRange) Includes(port int) bool { + return port >= r.Start && port <= r.End +} + +type NetworkWatcherFlowLog struct { + Metadata defsecTypes.Metadata + RetentionPolicy RetentionPolicy +} + +type RetentionPolicy struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue + Days defsecTypes.IntValue +} diff --git a/pkg/iac/providers/azure/securitycenter/securitycenter.go b/pkg/iac/providers/azure/securitycenter/securitycenter.go new file mode 100755 index 000000000000..546ae1f5a0a4 --- /dev/null +++ b/pkg/iac/providers/azure/securitycenter/securitycenter.go @@ -0,0 +1,26 @@ +package securitycenter + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type SecurityCenter struct { + Contacts []Contact + Subscriptions []SubscriptionPricing +} + +type Contact struct { + Metadata defsecTypes.Metadata + EnableAlertNotifications defsecTypes.BoolValue + Phone defsecTypes.StringValue +} + +const ( + TierFree = "Free" + TierStandard = "Standard" +) + +type SubscriptionPricing struct { + Metadata defsecTypes.Metadata + Tier defsecTypes.StringValue +} diff --git a/pkg/iac/providers/azure/storage/storage.go b/pkg/iac/providers/azure/storage/storage.go new file mode 100755 index 000000000000..1e76edf2eb91 --- /dev/null +++ b/pkg/iac/providers/azure/storage/storage.go @@ -0,0 +1,46 @@ +package storage + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Storage struct { + Accounts []Account +} + +type Account struct { + Metadata defsecTypes.Metadata + NetworkRules []NetworkRule + EnforceHTTPS defsecTypes.BoolValue + Containers []Container + QueueProperties QueueProperties + MinimumTLSVersion defsecTypes.StringValue + Queues []Queue +} + +type Queue struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue +} + +type QueueProperties struct { + Metadata defsecTypes.Metadata + EnableLogging defsecTypes.BoolValue +} + +type NetworkRule struct { + Metadata defsecTypes.Metadata + Bypass []defsecTypes.StringValue + AllowByDefault defsecTypes.BoolValue +} + +const ( + PublicAccessOff = "off" + PublicAccessBlob = "blob" + PublicAccessContainer = "container" +) + +type Container struct { + Metadata defsecTypes.Metadata + PublicAccess defsecTypes.StringValue +} diff --git a/pkg/iac/providers/azure/synapse/synapse.go b/pkg/iac/providers/azure/synapse/synapse.go new file mode 100755 index 000000000000..c219fc7d82a7 --- /dev/null +++ b/pkg/iac/providers/azure/synapse/synapse.go @@ -0,0 +1,14 @@ +package synapse + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Synapse struct { + Workspaces []Workspace +} + +type Workspace struct { + Metadata defsecTypes.Metadata + EnableManagedVirtualNetwork defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/cloudstack/cloudstack.go b/pkg/iac/providers/cloudstack/cloudstack.go new file mode 100755 index 000000000000..d514eae513a3 --- /dev/null +++ b/pkg/iac/providers/cloudstack/cloudstack.go @@ -0,0 +1,9 @@ +package cloudstack + +import ( + "github.com/aquasecurity/trivy/pkg/iac/providers/cloudstack/compute" +) + +type CloudStack struct { + Compute compute.Compute +} diff --git a/pkg/iac/providers/cloudstack/compute/compute.go b/pkg/iac/providers/cloudstack/compute/compute.go new file mode 100755 index 000000000000..bc4680c5df4c --- /dev/null +++ b/pkg/iac/providers/cloudstack/compute/compute.go @@ -0,0 +1,14 @@ +package compute + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Compute struct { + Instances []Instance +} + +type Instance struct { + Metadata defsecTypes.Metadata + UserData defsecTypes.StringValue // not b64 encoded pls +} diff --git a/pkg/iac/providers/digitalocean/compute/compute.go b/pkg/iac/providers/digitalocean/compute/compute.go new file mode 100755 index 000000000000..a46e41290eee --- /dev/null +++ b/pkg/iac/providers/digitalocean/compute/compute.go @@ -0,0 +1,50 @@ +package compute + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Compute struct { + Firewalls []Firewall + LoadBalancers []LoadBalancer + Droplets []Droplet + KubernetesClusters []KubernetesCluster +} + +type Firewall struct { + Metadata defsecTypes.Metadata + OutboundRules []OutboundFirewallRule + InboundRules []InboundFirewallRule +} + +type KubernetesCluster struct { + Metadata defsecTypes.Metadata + SurgeUpgrade defsecTypes.BoolValue + AutoUpgrade defsecTypes.BoolValue +} + +type LoadBalancer struct { + Metadata defsecTypes.Metadata + ForwardingRules []ForwardingRule + RedirectHttpToHttps defsecTypes.BoolValue +} + +type ForwardingRule struct { + Metadata defsecTypes.Metadata + EntryProtocol defsecTypes.StringValue +} + +type OutboundFirewallRule struct { + Metadata defsecTypes.Metadata + DestinationAddresses []defsecTypes.StringValue +} + +type InboundFirewallRule struct { + Metadata defsecTypes.Metadata + SourceAddresses []defsecTypes.StringValue +} + +type Droplet struct { + Metadata defsecTypes.Metadata + SSHKeys []defsecTypes.StringValue +} diff --git a/pkg/iac/providers/digitalocean/digitalocean.go b/pkg/iac/providers/digitalocean/digitalocean.go new file mode 100755 index 000000000000..d56240646279 --- /dev/null +++ b/pkg/iac/providers/digitalocean/digitalocean.go @@ -0,0 +1,11 @@ +package digitalocean + +import ( + "github.com/aquasecurity/trivy/pkg/iac/providers/digitalocean/compute" + "github.com/aquasecurity/trivy/pkg/iac/providers/digitalocean/spaces" +) + +type DigitalOcean struct { + Compute compute.Compute + Spaces spaces.Spaces +} diff --git a/pkg/iac/providers/digitalocean/spaces/spaces.go b/pkg/iac/providers/digitalocean/spaces/spaces.go new file mode 100755 index 000000000000..f76d64709977 --- /dev/null +++ b/pkg/iac/providers/digitalocean/spaces/spaces.go @@ -0,0 +1,28 @@ +package spaces + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Spaces struct { + Buckets []Bucket +} + +type Bucket struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + Objects []Object + ACL defsecTypes.StringValue + ForceDestroy defsecTypes.BoolValue + Versioning Versioning +} + +type Versioning struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue +} + +type Object struct { + Metadata defsecTypes.Metadata + ACL defsecTypes.StringValue +} diff --git a/pkg/iac/providers/dockerfile/dockerfile.go b/pkg/iac/providers/dockerfile/dockerfile.go new file mode 100644 index 000000000000..aed723989632 --- /dev/null +++ b/pkg/iac/providers/dockerfile/dockerfile.go @@ -0,0 +1,61 @@ +package dockerfile + +import ( + "reflect" + + "github.com/aquasecurity/trivy/pkg/iac/rego/convert" +) + +// NOTE: we are currently preserving mixed case json here for backward compatibility + +// Dockerfile represents a parsed Dockerfile +type Dockerfile struct { + Stages []Stage +} + +type Stage struct { + Name string + Commands []Command +} + +func (d Dockerfile) ToRego() interface{} { + return map[string]interface{}{ + "Stages": convert.SliceToRego(reflect.ValueOf(d.Stages)), + } +} + +func (s Stage) ToRego() interface{} { + return map[string]interface{}{ + "Name": s.Name, + "Commands": convert.SliceToRego(reflect.ValueOf(s.Commands)), + } +} + +// Command is the struct for each dockerfile command +type Command struct { + Cmd string + SubCmd string + Flags []string + Value []string + Original string + JSON bool + Stage int + Path string + StartLine int + EndLine int +} + +func (c Command) ToRego() interface{} { + return map[string]interface{}{ + "Cmd": c.Cmd, + "SubCmd": c.SubCmd, + "Flags": c.Flags, + "Value": c.Value, + "Original": c.Original, + "JSON": c.JSON, + "Stage": c.Stage, + "Path": c.Path, + "StartLine": c.StartLine, + "EndLine": c.EndLine, + } +} diff --git a/pkg/iac/providers/github/actions.go b/pkg/iac/providers/github/actions.go new file mode 100644 index 000000000000..6004e8275f56 --- /dev/null +++ b/pkg/iac/providers/github/actions.go @@ -0,0 +1,19 @@ +package github + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Action struct { + Metadata defsecTypes.Metadata + EnvironmentSecrets []EnvironmentSecret +} + +type EnvironmentSecret struct { + Metadata defsecTypes.Metadata + Repository defsecTypes.StringValue + Environment defsecTypes.StringValue + SecretName defsecTypes.StringValue + PlainTextValue defsecTypes.StringValue + EncryptedValue defsecTypes.StringValue +} diff --git a/pkg/iac/providers/github/branch_protections.go b/pkg/iac/providers/github/branch_protections.go new file mode 100755 index 000000000000..1e7c2c2817f6 --- /dev/null +++ b/pkg/iac/providers/github/branch_protections.go @@ -0,0 +1,14 @@ +package github + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type BranchProtection struct { + Metadata defsecTypes.Metadata + RequireSignedCommits defsecTypes.BoolValue +} + +func (b BranchProtection) RequiresSignedCommits() bool { + return b.RequireSignedCommits.IsTrue() +} diff --git a/pkg/iac/providers/github/github.go b/pkg/iac/providers/github/github.go new file mode 100755 index 000000000000..449f94cecc30 --- /dev/null +++ b/pkg/iac/providers/github/github.go @@ -0,0 +1,7 @@ +package github + +type GitHub struct { + Repositories []Repository + EnvironmentSecrets []EnvironmentSecret + BranchProtections []BranchProtection +} diff --git a/pkg/iac/providers/github/repositories.go b/pkg/iac/providers/github/repositories.go new file mode 100755 index 000000000000..6d835cab5fa8 --- /dev/null +++ b/pkg/iac/providers/github/repositories.go @@ -0,0 +1,16 @@ +package github + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Repository struct { + Metadata defsecTypes.Metadata + Public defsecTypes.BoolValue + VulnerabilityAlerts defsecTypes.BoolValue + Archived defsecTypes.BoolValue +} + +func (r Repository) IsArchived() bool { + return r.Archived.IsTrue() +} diff --git a/pkg/iac/providers/google/bigquery/bigquery.go b/pkg/iac/providers/google/bigquery/bigquery.go new file mode 100755 index 000000000000..4a1f9b03fd10 --- /dev/null +++ b/pkg/iac/providers/google/bigquery/bigquery.go @@ -0,0 +1,26 @@ +package bigquery + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type BigQuery struct { + Datasets []Dataset +} + +type Dataset struct { + Metadata defsecTypes.Metadata + ID defsecTypes.StringValue + AccessGrants []AccessGrant +} + +const ( + SpecialGroupAllAuthenticatedUsers = "allAuthenticatedUsers" +) + +type AccessGrant struct { + Metadata defsecTypes.Metadata + Role defsecTypes.StringValue + Domain defsecTypes.StringValue + SpecialGroup defsecTypes.StringValue +} diff --git a/pkg/iac/providers/google/compute/compute.go b/pkg/iac/providers/google/compute/compute.go new file mode 100755 index 000000000000..ffa9db257bad --- /dev/null +++ b/pkg/iac/providers/google/compute/compute.go @@ -0,0 +1,9 @@ +package compute + +type Compute struct { + Disks []Disk + Networks []Network + SSLPolicies []SSLPolicy + ProjectMetadata ProjectMetadata + Instances []Instance +} diff --git a/pkg/iac/providers/google/compute/disk.go b/pkg/iac/providers/google/compute/disk.go new file mode 100755 index 000000000000..1c4adc8e6db1 --- /dev/null +++ b/pkg/iac/providers/google/compute/disk.go @@ -0,0 +1,17 @@ +package compute + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Disk struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + Encryption DiskEncryption +} + +type DiskEncryption struct { + Metadata defsecTypes.Metadata + RawKey defsecTypes.BytesValue + KMSKeyLink defsecTypes.StringValue +} diff --git a/pkg/iac/providers/google/compute/firewall.go b/pkg/iac/providers/google/compute/firewall.go new file mode 100755 index 000000000000..7d14f6e9e673 --- /dev/null +++ b/pkg/iac/providers/google/compute/firewall.go @@ -0,0 +1,34 @@ +package compute + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Firewall struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + IngressRules []IngressRule + EgressRules []EgressRule + SourceTags []defsecTypes.StringValue + TargetTags []defsecTypes.StringValue +} + +type FirewallRule struct { + Metadata defsecTypes.Metadata + Enforced defsecTypes.BoolValue + IsAllow defsecTypes.BoolValue + Protocol defsecTypes.StringValue + Ports []defsecTypes.IntValue +} + +type IngressRule struct { + Metadata defsecTypes.Metadata + FirewallRule + SourceRanges []defsecTypes.StringValue +} + +type EgressRule struct { + Metadata defsecTypes.Metadata + FirewallRule + DestinationRanges []defsecTypes.StringValue +} diff --git a/pkg/iac/providers/google/compute/instance.go b/pkg/iac/providers/google/compute/instance.go new file mode 100755 index 000000000000..4f036ecea706 --- /dev/null +++ b/pkg/iac/providers/google/compute/instance.go @@ -0,0 +1,41 @@ +package compute + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Instance struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + NetworkInterfaces []NetworkInterface + ShieldedVM ShieldedVMConfig + ServiceAccount ServiceAccount + CanIPForward defsecTypes.BoolValue + OSLoginEnabled defsecTypes.BoolValue + EnableProjectSSHKeyBlocking defsecTypes.BoolValue + EnableSerialPort defsecTypes.BoolValue + BootDisks []Disk + AttachedDisks []Disk +} + +type ServiceAccount struct { + Metadata defsecTypes.Metadata + Email defsecTypes.StringValue + IsDefault defsecTypes.BoolValue + Scopes []defsecTypes.StringValue +} + +type NetworkInterface struct { + Metadata defsecTypes.Metadata + Network *Network + SubNetwork *SubNetwork + HasPublicIP defsecTypes.BoolValue + NATIP defsecTypes.StringValue +} + +type ShieldedVMConfig struct { + Metadata defsecTypes.Metadata + SecureBootEnabled defsecTypes.BoolValue + IntegrityMonitoringEnabled defsecTypes.BoolValue + VTPMEnabled defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/google/compute/metadata.go b/pkg/iac/providers/google/compute/metadata.go new file mode 100755 index 000000000000..5ba68fab0eff --- /dev/null +++ b/pkg/iac/providers/google/compute/metadata.go @@ -0,0 +1,10 @@ +package compute + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type ProjectMetadata struct { + Metadata defsecTypes.Metadata + EnableOSLogin defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/google/compute/network.go b/pkg/iac/providers/google/compute/network.go new file mode 100755 index 000000000000..c8e7d0b3d56c --- /dev/null +++ b/pkg/iac/providers/google/compute/network.go @@ -0,0 +1,11 @@ +package compute + +import ( + "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Network struct { + Metadata types.Metadata + Firewall *Firewall + Subnetworks []SubNetwork +} diff --git a/pkg/iac/providers/google/compute/ssl_policy.go b/pkg/iac/providers/google/compute/ssl_policy.go new file mode 100755 index 000000000000..7c01b2396f60 --- /dev/null +++ b/pkg/iac/providers/google/compute/ssl_policy.go @@ -0,0 +1,12 @@ +package compute + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type SSLPolicy struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + Profile defsecTypes.StringValue + MinimumTLSVersion defsecTypes.StringValue +} diff --git a/pkg/iac/providers/google/compute/subnetwork.go b/pkg/iac/providers/google/compute/subnetwork.go new file mode 100755 index 000000000000..16501e949218 --- /dev/null +++ b/pkg/iac/providers/google/compute/subnetwork.go @@ -0,0 +1,12 @@ +package compute + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type SubNetwork struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + Purpose defsecTypes.StringValue + EnableFlowLogs defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/google/dns/dns.go b/pkg/iac/providers/google/dns/dns.go new file mode 100755 index 000000000000..a736743fe437 --- /dev/null +++ b/pkg/iac/providers/google/dns/dns.go @@ -0,0 +1,31 @@ +package dns + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type DNS struct { + ManagedZones []ManagedZone +} + +type ManagedZone struct { + Metadata defsecTypes.Metadata + DNSSec DNSSec + Visibility defsecTypes.StringValue +} + +func (m ManagedZone) IsPrivate() bool { + return m.Visibility.EqualTo("private", defsecTypes.IgnoreCase) +} + +type DNSSec struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue + DefaultKeySpecs []KeySpecs +} + +type KeySpecs struct { + Metadata defsecTypes.Metadata + Algorithm defsecTypes.StringValue + KeyType defsecTypes.StringValue +} diff --git a/pkg/iac/providers/google/gke/gke.go b/pkg/iac/providers/google/gke/gke.go new file mode 100755 index 000000000000..18879e3ca842 --- /dev/null +++ b/pkg/iac/providers/google/gke/gke.go @@ -0,0 +1,86 @@ +package gke + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type GKE struct { + Clusters []Cluster +} + +type Cluster struct { + Metadata defsecTypes.Metadata + NodePools []NodePool + IPAllocationPolicy IPAllocationPolicy + MasterAuthorizedNetworks MasterAuthorizedNetworks + NetworkPolicy NetworkPolicy + PrivateCluster PrivateCluster + LoggingService defsecTypes.StringValue + MonitoringService defsecTypes.StringValue + MasterAuth MasterAuth + NodeConfig NodeConfig + EnableShieldedNodes defsecTypes.BoolValue + EnableLegacyABAC defsecTypes.BoolValue + ResourceLabels defsecTypes.MapValue + RemoveDefaultNodePool defsecTypes.BoolValue + EnableAutpilot defsecTypes.BoolValue + DatapathProvider defsecTypes.StringValue +} + +type NodeConfig struct { + Metadata defsecTypes.Metadata + ImageType defsecTypes.StringValue + WorkloadMetadataConfig WorkloadMetadataConfig + ServiceAccount defsecTypes.StringValue + EnableLegacyEndpoints defsecTypes.BoolValue +} + +type WorkloadMetadataConfig struct { + Metadata defsecTypes.Metadata + NodeMetadata defsecTypes.StringValue +} + +type MasterAuth struct { + Metadata defsecTypes.Metadata + ClientCertificate ClientCertificate + Username defsecTypes.StringValue + Password defsecTypes.StringValue +} + +type ClientCertificate struct { + Metadata defsecTypes.Metadata + IssueCertificate defsecTypes.BoolValue +} + +type PrivateCluster struct { + Metadata defsecTypes.Metadata + EnablePrivateNodes defsecTypes.BoolValue +} + +type NetworkPolicy struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue +} + +type MasterAuthorizedNetworks struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue + CIDRs []defsecTypes.StringValue +} + +type IPAllocationPolicy struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue +} + +type NodePool struct { + Metadata defsecTypes.Metadata + Management Management + NodeConfig NodeConfig +} + +type Management struct { + Metadata defsecTypes.Metadata + EnableAutoRepair defsecTypes.BoolValue + EnableAutoUpgrade defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/google/google.go b/pkg/iac/providers/google/google.go new file mode 100755 index 000000000000..4616c9f0089d --- /dev/null +++ b/pkg/iac/providers/google/google.go @@ -0,0 +1,23 @@ +package google + +import ( + "github.com/aquasecurity/trivy/pkg/iac/providers/google/bigquery" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/compute" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/dns" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/gke" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/iam" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/kms" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/sql" + "github.com/aquasecurity/trivy/pkg/iac/providers/google/storage" +) + +type Google struct { + BigQuery bigquery.BigQuery + Compute compute.Compute + DNS dns.DNS + GKE gke.GKE + KMS kms.KMS + IAM iam.IAM + SQL sql.SQL + Storage storage.Storage +} diff --git a/pkg/iac/providers/google/iam/iam.go b/pkg/iac/providers/google/iam/iam.go new file mode 100755 index 000000000000..936be6f5c6f5 --- /dev/null +++ b/pkg/iac/providers/google/iam/iam.go @@ -0,0 +1,88 @@ +package iam + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type IAM struct { + Organizations []Organization + WorkloadIdentityPoolProviders []WorkloadIdentityPoolProvider +} + +type Organization struct { + Metadata defsecTypes.Metadata + Folders []Folder + Projects []Project + Members []Member + Bindings []Binding +} + +type Folder struct { + Metadata defsecTypes.Metadata + Folders []Folder + Projects []Project + Members []Member + Bindings []Binding +} + +type Project struct { + Metadata defsecTypes.Metadata + AutoCreateNetwork defsecTypes.BoolValue + Members []Member + Bindings []Binding +} + +type Binding struct { + Metadata defsecTypes.Metadata + Members []defsecTypes.StringValue + Role defsecTypes.StringValue + IncludesDefaultServiceAccount defsecTypes.BoolValue +} + +type Member struct { + Metadata defsecTypes.Metadata + Member defsecTypes.StringValue + Role defsecTypes.StringValue + DefaultServiceAccount defsecTypes.BoolValue +} + +type WorkloadIdentityPoolProvider struct { + Metadata defsecTypes.Metadata + WorkloadIdentityPoolId defsecTypes.StringValue + WorkloadIdentityPoolProviderId defsecTypes.StringValue + AttributeCondition defsecTypes.StringValue +} + +func (p *IAM) AllProjects() []Project { + var projects []Project + for _, org := range p.Organizations { + projects = append(projects, org.Projects...) + for _, folder := range org.Folders { + projects = append(projects, folder.Projects...) + for _, desc := range folder.AllFolders() { + projects = append(projects, desc.Projects...) + } + } + } + return projects +} + +func (p *IAM) AllFolders() []Folder { + var folders []Folder + for _, org := range p.Organizations { + folders = append(folders, org.Folders...) + for _, folder := range org.Folders { + folders = append(folders, folder.AllFolders()...) + } + } + return folders +} + +func (f *Folder) AllFolders() []Folder { + var folders []Folder + for _, folder := range f.Folders { + folders = append(folders, folder) + folders = append(folders, folder.AllFolders()...) + } + return folders +} diff --git a/pkg/iac/providers/google/kms/kms.go b/pkg/iac/providers/google/kms/kms.go new file mode 100755 index 000000000000..5a8568fbbd6c --- /dev/null +++ b/pkg/iac/providers/google/kms/kms.go @@ -0,0 +1,19 @@ +package kms + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type KMS struct { + KeyRings []KeyRing +} + +type KeyRing struct { + Metadata defsecTypes.Metadata + Keys []Key +} + +type Key struct { + Metadata defsecTypes.Metadata + RotationPeriodSeconds defsecTypes.IntValue +} diff --git a/pkg/iac/providers/google/sql/sql.go b/pkg/iac/providers/google/sql/sql.go new file mode 100755 index 000000000000..b5a5185f9a62 --- /dev/null +++ b/pkg/iac/providers/google/sql/sql.go @@ -0,0 +1,78 @@ +package sql + +import ( + "strings" + + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type SQL struct { + Instances []DatabaseInstance +} + +const ( + DatabaseFamilyMySQL = "MYSQL" + DatabaseFamilyPostgres = "POSTGRES" + DatabaseFamilySQLServer = "SQLSERVER" +) + +const ( + DatabaseVersionMySQL_5_6 = "MYSQL_5_6" + DatabaseVersionMySQL_5_7 = "MYSQL_5_7" + DatabaseVersionMySQL_8_0 = "MYSQL_8_0" + DatabaseVersionPostgres_9_6 = "POSTGRES_9_6" + DatabaseVersionPostgres_10 = "POSTGRES_10" + DatabaseVersionPostgres_11 = "POSTGRES_11" + DatabaseVersionPostgres_12 = "POSTGRES_12" + DatabaseVersionPostgres_13 = "POSTGRES_13" + DatabaseVersionSQLServer_2017_STANDARD = "SQLSERVER_2017_STANDARD" + DatabaseVersionSQLServer_2017_ENTERPRISE = "SQLSERVER_2017_ENTERPRISE" + DatabaseVersionSQLServer_2017_EXPRESS = "SQLSERVER_2017_EXPRESS" + DatabaseVersionSQLServer_2017_WEB = "SQLSERVER_2017_WEB" +) + +type DatabaseInstance struct { + Metadata defsecTypes.Metadata + DatabaseVersion defsecTypes.StringValue + Settings Settings + IsReplica defsecTypes.BoolValue +} + +type Settings struct { + Metadata defsecTypes.Metadata + Flags Flags + Backups Backups + IPConfiguration IPConfiguration +} +type Flags struct { + Metadata defsecTypes.Metadata + LogTempFileSize defsecTypes.IntValue + LocalInFile defsecTypes.BoolValue + ContainedDatabaseAuthentication defsecTypes.BoolValue + CrossDBOwnershipChaining defsecTypes.BoolValue + LogCheckpoints defsecTypes.BoolValue + LogConnections defsecTypes.BoolValue + LogDisconnections defsecTypes.BoolValue + LogLockWaits defsecTypes.BoolValue + LogMinMessages defsecTypes.StringValue // FATAL, PANIC, LOG, ERROR, WARN + LogMinDurationStatement defsecTypes.IntValue +} + +type Backups struct { + Metadata defsecTypes.Metadata + Enabled defsecTypes.BoolValue +} + +type IPConfiguration struct { + Metadata defsecTypes.Metadata + RequireTLS defsecTypes.BoolValue + EnableIPv4 defsecTypes.BoolValue + AuthorizedNetworks []struct { + Name defsecTypes.StringValue + CIDR defsecTypes.StringValue + } +} + +func (i *DatabaseInstance) DatabaseFamily() string { + return strings.Split(i.DatabaseVersion.Value(), "_")[0] +} diff --git a/pkg/iac/providers/google/storage/storage.go b/pkg/iac/providers/google/storage/storage.go new file mode 100755 index 000000000000..543c316829f4 --- /dev/null +++ b/pkg/iac/providers/google/storage/storage.go @@ -0,0 +1,25 @@ +package storage + +import ( + "github.com/aquasecurity/trivy/pkg/iac/providers/google/iam" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Storage struct { + Buckets []Bucket +} + +type Bucket struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + Location defsecTypes.StringValue + EnableUniformBucketLevelAccess defsecTypes.BoolValue + Members []iam.Member + Bindings []iam.Binding + Encryption BucketEncryption +} + +type BucketEncryption struct { + Metadata defsecTypes.Metadata + DefaultKMSKeyName defsecTypes.StringValue +} diff --git a/pkg/iac/providers/kubernetes/kubernetes.go b/pkg/iac/providers/kubernetes/kubernetes.go new file mode 100755 index 000000000000..ff48710a6402 --- /dev/null +++ b/pkg/iac/providers/kubernetes/kubernetes.go @@ -0,0 +1,38 @@ +package kubernetes + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Kubernetes struct { + NetworkPolicies []NetworkPolicy +} + +type NetworkPolicy struct { + Metadata defsecTypes.Metadata + Spec NetworkPolicySpec +} + +type NetworkPolicySpec struct { + Metadata defsecTypes.Metadata + Egress Egress + Ingress Ingress +} + +type Egress struct { + Metadata defsecTypes.Metadata + Ports []Port + DestinationCIDRs []defsecTypes.StringValue +} + +type Ingress struct { + Metadata defsecTypes.Metadata + Ports []Port + SourceCIDRs []defsecTypes.StringValue +} + +type Port struct { + Metadata defsecTypes.Metadata + Number defsecTypes.StringValue // e.g. "http" or "80" + Protocol defsecTypes.StringValue +} diff --git a/pkg/iac/providers/nifcloud/computing/computing.go b/pkg/iac/providers/nifcloud/computing/computing.go new file mode 100755 index 000000000000..aaef2361bf98 --- /dev/null +++ b/pkg/iac/providers/nifcloud/computing/computing.go @@ -0,0 +1,6 @@ +package computing + +type Computing struct { + SecurityGroups []SecurityGroup + Instances []Instance +} diff --git a/pkg/iac/providers/nifcloud/computing/instance.go b/pkg/iac/providers/nifcloud/computing/instance.go new file mode 100644 index 000000000000..7202e281fdcb --- /dev/null +++ b/pkg/iac/providers/nifcloud/computing/instance.go @@ -0,0 +1,16 @@ +package computing + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Instance struct { + Metadata defsecTypes.Metadata + SecurityGroup defsecTypes.StringValue + NetworkInterfaces []NetworkInterface +} + +type NetworkInterface struct { + Metadata defsecTypes.Metadata + NetworkID defsecTypes.StringValue +} diff --git a/pkg/iac/providers/nifcloud/computing/security_group.go b/pkg/iac/providers/nifcloud/computing/security_group.go new file mode 100644 index 000000000000..54aecbe50a48 --- /dev/null +++ b/pkg/iac/providers/nifcloud/computing/security_group.go @@ -0,0 +1,18 @@ +package computing + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type SecurityGroup struct { + Metadata defsecTypes.Metadata + Description defsecTypes.StringValue + IngressRules []SecurityGroupRule + EgressRules []SecurityGroupRule +} + +type SecurityGroupRule struct { + Metadata defsecTypes.Metadata + Description defsecTypes.StringValue + CIDR defsecTypes.StringValue +} diff --git a/pkg/iac/providers/nifcloud/dns/dns.go b/pkg/iac/providers/nifcloud/dns/dns.go new file mode 100755 index 000000000000..7351506d7f6f --- /dev/null +++ b/pkg/iac/providers/nifcloud/dns/dns.go @@ -0,0 +1,5 @@ +package dns + +type DNS struct { + Records []Record +} diff --git a/pkg/iac/providers/nifcloud/dns/record.go b/pkg/iac/providers/nifcloud/dns/record.go new file mode 100644 index 000000000000..fa0cb3d45dc4 --- /dev/null +++ b/pkg/iac/providers/nifcloud/dns/record.go @@ -0,0 +1,13 @@ +package dns + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +const ZoneRegistrationAuthTxt = "nifty-dns-verify=" + +type Record struct { + Metadata defsecTypes.Metadata + Type defsecTypes.StringValue + Record defsecTypes.StringValue +} diff --git a/pkg/iac/providers/nifcloud/nas/nas.go b/pkg/iac/providers/nifcloud/nas/nas.go new file mode 100755 index 000000000000..e73a9c9efd70 --- /dev/null +++ b/pkg/iac/providers/nifcloud/nas/nas.go @@ -0,0 +1,6 @@ +package nas + +type NAS struct { + NASSecurityGroups []NASSecurityGroup + NASInstances []NASInstance +} diff --git a/pkg/iac/providers/nifcloud/nas/nas_instance.go b/pkg/iac/providers/nifcloud/nas/nas_instance.go new file mode 100644 index 000000000000..894490b4da6b --- /dev/null +++ b/pkg/iac/providers/nifcloud/nas/nas_instance.go @@ -0,0 +1,10 @@ +package nas + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type NASInstance struct { + Metadata defsecTypes.Metadata + NetworkID defsecTypes.StringValue +} diff --git a/pkg/iac/providers/nifcloud/nas/nas_security_group.go b/pkg/iac/providers/nifcloud/nas/nas_security_group.go new file mode 100644 index 000000000000..b8987b9d5e13 --- /dev/null +++ b/pkg/iac/providers/nifcloud/nas/nas_security_group.go @@ -0,0 +1,11 @@ +package nas + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type NASSecurityGroup struct { + Metadata defsecTypes.Metadata + Description defsecTypes.StringValue + CIDRs []defsecTypes.StringValue +} diff --git a/pkg/iac/providers/nifcloud/network/elastic_load_balancer.go b/pkg/iac/providers/nifcloud/network/elastic_load_balancer.go new file mode 100644 index 000000000000..8a8c85720e18 --- /dev/null +++ b/pkg/iac/providers/nifcloud/network/elastic_load_balancer.go @@ -0,0 +1,16 @@ +package network + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type ElasticLoadBalancer struct { + Metadata defsecTypes.Metadata + NetworkInterfaces []NetworkInterface + Listeners []ElasticLoadBalancerListener +} + +type ElasticLoadBalancerListener struct { + Metadata defsecTypes.Metadata + Protocol defsecTypes.StringValue +} diff --git a/pkg/iac/providers/nifcloud/network/load_balancer.go b/pkg/iac/providers/nifcloud/network/load_balancer.go new file mode 100644 index 000000000000..8027c5a4edf2 --- /dev/null +++ b/pkg/iac/providers/nifcloud/network/load_balancer.go @@ -0,0 +1,16 @@ +package network + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type LoadBalancer struct { + Metadata defsecTypes.Metadata + Listeners []LoadBalancerListener +} + +type LoadBalancerListener struct { + Metadata defsecTypes.Metadata + Protocol defsecTypes.StringValue + TLSPolicy defsecTypes.StringValue +} diff --git a/pkg/iac/providers/nifcloud/network/network.go b/pkg/iac/providers/nifcloud/network/network.go new file mode 100755 index 000000000000..30d97a2ebf75 --- /dev/null +++ b/pkg/iac/providers/nifcloud/network/network.go @@ -0,0 +1,16 @@ +package network + +import defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + +type Network struct { + ElasticLoadBalancers []ElasticLoadBalancer + LoadBalancers []LoadBalancer + Routers []Router + VpnGateways []VpnGateway +} + +type NetworkInterface struct { + Metadata defsecTypes.Metadata + NetworkID defsecTypes.StringValue + IsVipNetwork defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/nifcloud/network/router.go b/pkg/iac/providers/nifcloud/network/router.go new file mode 100644 index 000000000000..7343979e905a --- /dev/null +++ b/pkg/iac/providers/nifcloud/network/router.go @@ -0,0 +1,11 @@ +package network + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Router struct { + Metadata defsecTypes.Metadata + SecurityGroup defsecTypes.StringValue + NetworkInterfaces []NetworkInterface +} diff --git a/pkg/iac/providers/nifcloud/network/vpn_gateway.go b/pkg/iac/providers/nifcloud/network/vpn_gateway.go new file mode 100644 index 000000000000..594e58768423 --- /dev/null +++ b/pkg/iac/providers/nifcloud/network/vpn_gateway.go @@ -0,0 +1,10 @@ +package network + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type VpnGateway struct { + Metadata defsecTypes.Metadata + SecurityGroup defsecTypes.StringValue +} diff --git a/pkg/iac/providers/nifcloud/nifcloud.go b/pkg/iac/providers/nifcloud/nifcloud.go new file mode 100755 index 000000000000..4126407925c6 --- /dev/null +++ b/pkg/iac/providers/nifcloud/nifcloud.go @@ -0,0 +1,19 @@ +package nifcloud + +import ( + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/computing" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/dns" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/nas" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/network" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/rdb" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/sslcertificate" +) + +type Nifcloud struct { + Computing computing.Computing + DNS dns.DNS + NAS nas.NAS + Network network.Network + RDB rdb.RDB + SSLCertificate sslcertificate.SSLCertificate +} diff --git a/pkg/iac/providers/nifcloud/rdb/db_instance.go b/pkg/iac/providers/nifcloud/rdb/db_instance.go new file mode 100644 index 000000000000..9b00e11212f4 --- /dev/null +++ b/pkg/iac/providers/nifcloud/rdb/db_instance.go @@ -0,0 +1,14 @@ +package rdb + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type DBInstance struct { + Metadata defsecTypes.Metadata + BackupRetentionPeriodDays defsecTypes.IntValue + Engine defsecTypes.StringValue + EngineVersion defsecTypes.StringValue + NetworkID defsecTypes.StringValue + PublicAccess defsecTypes.BoolValue +} diff --git a/pkg/iac/providers/nifcloud/rdb/db_security_group.go b/pkg/iac/providers/nifcloud/rdb/db_security_group.go new file mode 100644 index 000000000000..f3e603a4af04 --- /dev/null +++ b/pkg/iac/providers/nifcloud/rdb/db_security_group.go @@ -0,0 +1,11 @@ +package rdb + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type DBSecurityGroup struct { + Metadata defsecTypes.Metadata + Description defsecTypes.StringValue + CIDRs []defsecTypes.StringValue +} diff --git a/pkg/iac/providers/nifcloud/rdb/rdb.go b/pkg/iac/providers/nifcloud/rdb/rdb.go new file mode 100755 index 000000000000..4aea31980708 --- /dev/null +++ b/pkg/iac/providers/nifcloud/rdb/rdb.go @@ -0,0 +1,6 @@ +package rdb + +type RDB struct { + DBSecurityGroups []DBSecurityGroup + DBInstances []DBInstance +} diff --git a/pkg/iac/providers/nifcloud/sslcertificate/server_certificate.go b/pkg/iac/providers/nifcloud/sslcertificate/server_certificate.go new file mode 100644 index 000000000000..1cb9613f6fd4 --- /dev/null +++ b/pkg/iac/providers/nifcloud/sslcertificate/server_certificate.go @@ -0,0 +1,10 @@ +package sslcertificate + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type ServerCertificate struct { + Metadata defsecTypes.Metadata + Expiration defsecTypes.TimeValue +} diff --git a/pkg/iac/providers/nifcloud/sslcertificate/ssl_certificate.go b/pkg/iac/providers/nifcloud/sslcertificate/ssl_certificate.go new file mode 100755 index 000000000000..7ab46d870b16 --- /dev/null +++ b/pkg/iac/providers/nifcloud/sslcertificate/ssl_certificate.go @@ -0,0 +1,5 @@ +package sslcertificate + +type SSLCertificate struct { + ServerCertificates []ServerCertificate +} diff --git a/pkg/iac/providers/openstack/networking.go b/pkg/iac/providers/openstack/networking.go new file mode 100644 index 000000000000..c0569358b325 --- /dev/null +++ b/pkg/iac/providers/openstack/networking.go @@ -0,0 +1,27 @@ +package openstack + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Networking struct { + SecurityGroups []SecurityGroup +} + +type SecurityGroup struct { + Metadata defsecTypes.Metadata + Name defsecTypes.StringValue + Description defsecTypes.StringValue + Rules []SecurityGroupRule +} + +// SecurityGroupRule describes https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/resources/networking_secgroup_rule_v2 +type SecurityGroupRule struct { + Metadata defsecTypes.Metadata + IsIngress defsecTypes.BoolValue + EtherType defsecTypes.IntValue // 4 or 6 for ipv4/ipv6 + Protocol defsecTypes.StringValue // e.g. tcp + PortMin defsecTypes.IntValue + PortMax defsecTypes.IntValue + CIDR defsecTypes.StringValue +} diff --git a/pkg/iac/providers/openstack/openstack.go b/pkg/iac/providers/openstack/openstack.go new file mode 100755 index 000000000000..cc299a61ae84 --- /dev/null +++ b/pkg/iac/providers/openstack/openstack.go @@ -0,0 +1,34 @@ +package openstack + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type OpenStack struct { + Compute Compute + Networking Networking +} + +type Compute struct { + Instances []Instance + Firewall Firewall +} + +type Firewall struct { + AllowRules []FirewallRule + DenyRules []FirewallRule +} + +type FirewallRule struct { + Metadata defsecTypes.Metadata + Source defsecTypes.StringValue + Destination defsecTypes.StringValue + SourcePort defsecTypes.StringValue + DestinationPort defsecTypes.StringValue + Enabled defsecTypes.BoolValue +} + +type Instance struct { + Metadata defsecTypes.Metadata + AdminPassword defsecTypes.StringValue +} diff --git a/pkg/iac/providers/oracle/oracle.go b/pkg/iac/providers/oracle/oracle.go new file mode 100755 index 000000000000..e8c558141517 --- /dev/null +++ b/pkg/iac/providers/oracle/oracle.go @@ -0,0 +1,18 @@ +package oracle + +import ( + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Oracle struct { + Compute Compute +} + +type Compute struct { + AddressReservations []AddressReservation +} + +type AddressReservation struct { + Metadata defsecTypes.Metadata + Pool defsecTypes.StringValue // e.g. public-pool +} diff --git a/pkg/iac/providers/provider.go b/pkg/iac/providers/provider.go new file mode 100755 index 000000000000..cef13ee8f205 --- /dev/null +++ b/pkg/iac/providers/provider.go @@ -0,0 +1,51 @@ +package providers + +import ( + "strings" + + "golang.org/x/text/cases" + "golang.org/x/text/language" +) + +// Provider is the provider that the check applies to +type Provider string + +const ( + UnknownProvider Provider = "" + AWSProvider Provider = "aws" + AzureProvider Provider = "azure" + CustomProvider Provider = "custom" + DigitalOceanProvider Provider = "digitalocean" + GeneralProvider Provider = "general" + GitHubProvider Provider = "github" + GoogleProvider Provider = "google" + KubernetesProvider Provider = "kubernetes" + OracleProvider Provider = "oracle" + OpenStackProvider Provider = "openstack" + NifcloudProvider Provider = "nifcloud" + CloudStackProvider Provider = "cloudstack" +) + +func RuleProviderToString(provider Provider) string { + return strings.ToUpper(string(provider)) +} + +func (p Provider) DisplayName() string { + switch p { + case "aws": + return strings.ToUpper(string(p)) + case "digitalocean": + return "Digital Ocean" + case "github": + return "GitHub" + case "openstack": + return "OpenStack" + case "cloudstack": + return "Cloudstack" + default: + return cases.Title(language.English).String(strings.ToLower(string(p))) + } +} +func (p Provider) ConstName() string { + return strings.ReplaceAll(p.DisplayName(), " ", "") +} diff --git a/pkg/iac/rego/build.go b/pkg/iac/rego/build.go new file mode 100644 index 000000000000..c8fe6a27ec12 --- /dev/null +++ b/pkg/iac/rego/build.go @@ -0,0 +1,84 @@ +package rego + +import ( + "io/fs" + "path/filepath" + "strings" + + "github.com/aquasecurity/trivy/pkg/iac/rego/schemas" + "github.com/aquasecurity/trivy/pkg/iac/types" + "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/util" +) + +func BuildSchemaSetFromPolicies(policies map[string]*ast.Module, paths []string, fsys fs.FS) (*ast.SchemaSet, bool, error) { + schemaSet := ast.NewSchemaSet() + schemaSet.Put(ast.MustParseRef("schema.input"), map[string]interface{}{}) // for backwards compat only + var customFound bool + for _, policy := range policies { + for _, annotation := range policy.Annotations { + for _, ss := range annotation.Schemas { + schemaName, err := ss.Schema.Ptr() + if err != nil { + continue + } + if schemaName != "input" { + if schema, ok := schemas.SchemaMap[types.Source(schemaName)]; ok { + customFound = true + schemaSet.Put(ast.MustParseRef(ss.Schema.String()), util.MustUnmarshalJSON([]byte(schema))) + } else { + b, err := findSchemaInFS(paths, fsys, schemaName) + if err != nil { + return schemaSet, true, err + } + if b != nil { + customFound = true + schemaSet.Put(ast.MustParseRef(ss.Schema.String()), util.MustUnmarshalJSON(b)) + } + } + } + } + } + } + + return schemaSet, customFound, nil +} + +// findSchemaInFS tries to find the schema anywhere in the specified FS +func findSchemaInFS(paths []string, srcFS fs.FS, schemaName string) ([]byte, error) { + var schema []byte + for _, path := range paths { + if err := fs.WalkDir(srcFS, sanitisePath(path), func(path string, info fs.DirEntry, err error) error { + if err != nil { + return err + } + if info.IsDir() { + return nil + } + if !IsJSONFile(info.Name()) { + return nil + } + if info.Name() == schemaName+".json" { + schema, err = fs.ReadFile(srcFS, filepath.ToSlash(path)) + if err != nil { + return err + } + return nil + } + return nil + }); err != nil { + return nil, err + } + } + return schema, nil +} + +func IsJSONFile(name string) bool { + return strings.HasSuffix(name, ".json") +} + +func sanitisePath(path string) string { + vol := filepath.VolumeName(path) + path = strings.TrimPrefix(path, vol) + return strings.TrimPrefix(strings.TrimPrefix(filepath.ToSlash(path), "./"), "/") +} diff --git a/pkg/iac/rego/convert/anonymous.go b/pkg/iac/rego/convert/anonymous.go new file mode 100644 index 000000000000..3563b0fccfc8 --- /dev/null +++ b/pkg/iac/rego/convert/anonymous.go @@ -0,0 +1,47 @@ +package convert + +import ( + "reflect" +) + +var converterInterface = reflect.TypeOf((*Converter)(nil)).Elem() + +func anonymousToRego(inputValue reflect.Value) interface{} { + + if inputValue.IsZero() { + return nil + } + + for inputValue.Type().Kind() == reflect.Interface { + if inputValue.IsNil() { + return nil + } + inputValue = inputValue.Elem() + } + + if inputValue.Type().Implements(converterInterface) { + returns := inputValue.MethodByName("ToRego").Call(nil) + return returns[0].Interface() + } + + for inputValue.Type().Kind() == reflect.Ptr { + if inputValue.IsNil() { + return nil + } + inputValue = inputValue.Elem() + } + + if inputValue.Type().Implements(converterInterface) { + returns := inputValue.MethodByName("ToRego").Call(nil) + return returns[0].Interface() + } + + switch kind := inputValue.Type().Kind(); kind { + case reflect.Struct: + return StructToRego(inputValue) + case reflect.Slice: + return SliceToRego(inputValue) + } + + return nil +} diff --git a/pkg/iac/rego/convert/converter.go b/pkg/iac/rego/convert/converter.go new file mode 100644 index 000000000000..e132d6875aa2 --- /dev/null +++ b/pkg/iac/rego/convert/converter.go @@ -0,0 +1,5 @@ +package convert + +type Converter interface { + ToRego() interface{} +} diff --git a/pkg/iac/rego/convert/slice.go b/pkg/iac/rego/convert/slice.go new file mode 100644 index 000000000000..8bb68a7fb551 --- /dev/null +++ b/pkg/iac/rego/convert/slice.go @@ -0,0 +1,32 @@ +package convert + +import ( + "reflect" +) + +func SliceToRego(inputValue reflect.Value) []interface{} { + + // make sure we have a struct literal + for inputValue.Type().Kind() == reflect.Ptr { + if inputValue.IsNil() { + return nil + } + inputValue = inputValue.Elem() + } + if inputValue.Type().Kind() != reflect.Slice { + panic("not a slice") + } + + output := make([]interface{}, inputValue.Len()) + + for i := 0; i < inputValue.Len(); i++ { + val := inputValue.Index(i) + if val.Type().Kind() == reflect.Ptr && val.IsZero() { + output[i] = nil + continue + } + output[i] = anonymousToRego(val) + } + + return output +} diff --git a/pkg/iac/rego/convert/slice_test.go b/pkg/iac/rego/convert/slice_test.go new file mode 100644 index 000000000000..5e071d0ed52a --- /dev/null +++ b/pkg/iac/rego/convert/slice_test.go @@ -0,0 +1,57 @@ +package convert + +import ( + "reflect" + "testing" + + "github.com/aquasecurity/trivy/pkg/iac/types" + + "github.com/stretchr/testify/assert" +) + +func Test_SliceConversion(t *testing.T) { + input := []struct { + X string + Y int + Z struct { + A float64 + } + }{ + {}, + } + input[0].Z.A = 123 + converted := SliceToRego(reflect.ValueOf(input)) + assert.Equal(t, []interface{}{map[string]interface{}{"z": map[string]interface{}{}}}, converted) +} + +func Test_SliceTypesConversion(t *testing.T) { + input := []types.StringValue{ + types.String("test1", types.NewTestMetadata()), + types.String("test2", types.NewTestMetadata()), + } + converted := SliceToRego(reflect.ValueOf(input)) + assert.Equal(t, []interface{}{ + map[string]interface{}{ + "value": "test1", + "filepath": "test.test", + "startline": 123, + "endline": 123, + "sourceprefix": "", + "managed": true, + "explicit": false, + "fskey": "", + "resource": "", + }, + map[string]interface{}{ + "value": "test2", + "filepath": "test.test", + "startline": 123, + "endline": 123, + "sourceprefix": "", + "managed": true, + "explicit": false, + "fskey": "", + "resource": "", + }, + }, converted) +} diff --git a/pkg/iac/rego/convert/struct.go b/pkg/iac/rego/convert/struct.go new file mode 100644 index 000000000000..c4819b96815e --- /dev/null +++ b/pkg/iac/rego/convert/struct.go @@ -0,0 +1,68 @@ +package convert + +import ( + "reflect" + "strings" + + "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type metadataProvider interface { + GetMetadata() types.Metadata +} + +var metadataInterface = reflect.TypeOf((*metadataProvider)(nil)).Elem() + +func StructToRego(inputValue reflect.Value) map[string]interface{} { + + // make sure we have a struct literal + for inputValue.Type().Kind() == reflect.Ptr || inputValue.Type().Kind() == reflect.Interface { + if inputValue.IsNil() { + return nil + } + inputValue = inputValue.Elem() + } + if inputValue.Type().Kind() != reflect.Struct { + panic("not a struct") + } + + output := make(map[string]interface{}, inputValue.NumField()) + + for i := 0; i < inputValue.NumField(); i++ { + field := inputValue.Field(i) + typ := inputValue.Type().Field(i) + name := typ.Name + if !typ.IsExported() { + continue + } + if field.Interface() == nil { + continue + } + val := anonymousToRego(reflect.ValueOf(field.Interface())) + if val == nil { + continue + } + key := strings.ToLower(name) + if _, ok := field.Interface().(types.Metadata); key == "metadata" && ok { + continue + } + output[strings.ToLower(name)] = val + } + + if inputValue.Type().Implements(metadataInterface) { + returns := inputValue.MethodByName("GetMetadata").Call(nil) + if metadata, ok := returns[0].Interface().(types.Metadata); ok { + output["__defsec_metadata"] = metadata.ToRego() + } + } else { + metaVal := inputValue.FieldByName("Metadata") + if metaVal.Kind() == reflect.Struct { + if meta, ok := metaVal.Interface().(types.Metadata); ok { + output["__defsec_metadata"] = meta.ToRego() + } + } + + } + + return output +} diff --git a/pkg/iac/rego/convert/struct_test.go b/pkg/iac/rego/convert/struct_test.go new file mode 100644 index 000000000000..ca72efabdedd --- /dev/null +++ b/pkg/iac/rego/convert/struct_test.go @@ -0,0 +1,21 @@ +package convert + +import ( + "reflect" + "testing" + + "github.com/stretchr/testify/assert" +) + +func Test_StructConversion(t *testing.T) { + input := struct { + X string + Y int + Z struct { + A float64 + } + }{} + input.Z.A = 123 + converted := StructToRego(reflect.ValueOf(input)) + assert.Equal(t, map[string]interface{}{"z": map[string]interface{}{}}, converted) +} diff --git a/pkg/iac/rego/custom.go b/pkg/iac/rego/custom.go new file mode 100644 index 000000000000..c15b05a4577f --- /dev/null +++ b/pkg/iac/rego/custom.go @@ -0,0 +1,109 @@ +package rego + +import ( + "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/rego" + "github.com/open-policy-agent/opa/types" +) + +func init() { + rego.RegisterBuiltin2(®o.Function{ + Name: "result.new", + Decl: types.NewFunction(types.Args(types.S, types.A), types.A), + }, + createResult, + ) + + rego.RegisterBuiltin1(®o.Function{ + Name: "isManaged", + Decl: types.NewFunction(types.Args(types.A), types.B), + }, + func(c rego.BuiltinContext, resource *ast.Term) (*ast.Term, error) { + metadata, err := createResult(c, ast.StringTerm(""), resource) + if err != nil { + return nil, err + } + return metadata.Get(ast.StringTerm("managed")), nil + }, + ) +} + +func createResult(ctx rego.BuiltinContext, msg, cause *ast.Term) (*ast.Term, error) { + + metadata := map[string]*ast.Term{ + "startline": ast.IntNumberTerm(0), + "endline": ast.IntNumberTerm(0), + "sourceprefix": ast.StringTerm(""), + "filepath": ast.StringTerm(""), + "explicit": ast.BooleanTerm(false), + "managed": ast.BooleanTerm(true), + "fskey": ast.StringTerm(""), + "resource": ast.StringTerm(""), + "parent": ast.NullTerm(), + } + if msg != nil { + metadata["msg"] = msg + } + + // universal + input := cause.Get(ast.StringTerm("__defsec_metadata")) + if input == nil { + // docker + input = cause + } + metadata = updateMetadata(metadata, input) + + if term := input.Get(ast.StringTerm("parent")); term != nil { + var err error + metadata["parent"], err = createResult(ctx, nil, term) + if err != nil { + return nil, err + } + } + + var values [][2]*ast.Term + for key, val := range metadata { + values = append(values, [2]*ast.Term{ + ast.StringTerm(key), + val, + }) + } + return ast.ObjectTerm(values...), nil +} + +func updateMetadata(metadata map[string]*ast.Term, input *ast.Term) map[string]*ast.Term { + if term := input.Get(ast.StringTerm("startline")); term != nil { + metadata["startline"] = term + } + if term := input.Get(ast.StringTerm("StartLine")); term != nil { + metadata["startline"] = term + } + if term := input.Get(ast.StringTerm("endline")); term != nil { + metadata["endline"] = term + } + if term := input.Get(ast.StringTerm("EndLine")); term != nil { + metadata["endline"] = term + } + if term := input.Get(ast.StringTerm("filepath")); term != nil { + metadata["filepath"] = term + } + if term := input.Get(ast.StringTerm("sourceprefix")); term != nil { + metadata["sourceprefix"] = term + } + if term := input.Get(ast.StringTerm("Path")); term != nil { + metadata["filepath"] = term + } + if term := input.Get(ast.StringTerm("explicit")); term != nil { + metadata["explicit"] = term + } + if term := input.Get(ast.StringTerm("managed")); term != nil { + metadata["managed"] = term + } + if term := input.Get(ast.StringTerm("fskey")); term != nil { + metadata["fskey"] = term + } + if term := input.Get(ast.StringTerm("resource")); term != nil { + metadata["resource"] = term + } + return metadata +} diff --git a/pkg/iac/rego/embed.go b/pkg/iac/rego/embed.go new file mode 100644 index 000000000000..c1f4a811ef03 --- /dev/null +++ b/pkg/iac/rego/embed.go @@ -0,0 +1,107 @@ +package rego + +import ( + "context" + "io/fs" + "path/filepath" + "strings" + + rules2 "github.com/aquasecurity/trivy-policies" + "github.com/aquasecurity/trivy/pkg/iac/rules" + "github.com/open-policy-agent/opa/ast" +) + +func init() { + + modules, err := LoadEmbeddedPolicies() + if err != nil { + // we should panic as the policies were not embedded properly + panic(err) + } + loadedLibs, err := LoadEmbeddedLibraries() + if err != nil { + panic(err) + } + for name, policy := range loadedLibs { + modules[name] = policy + } + + RegisterRegoRules(modules) +} + +func RegisterRegoRules(modules map[string]*ast.Module) { + ctx := context.TODO() + + schemaSet, _, _ := BuildSchemaSetFromPolicies(modules, nil, nil) + + compiler := ast.NewCompiler(). + WithSchemas(schemaSet). + WithCapabilities(nil). + WithUseTypeCheckAnnotations(true) + + compiler.Compile(modules) + if compiler.Failed() { + // we should panic as the embedded rego policies are syntactically incorrect... + panic(compiler.Errors) + } + + retriever := NewMetadataRetriever(compiler) + for _, module := range modules { + metadata, err := retriever.RetrieveMetadata(ctx, module) + if err != nil { + continue + } + if metadata.AVDID == "" { + continue + } + rules.Register( + metadata.ToRule(), + ) + } +} + +func LoadEmbeddedPolicies() (map[string]*ast.Module, error) { + return LoadPoliciesFromDirs(rules2.EmbeddedPolicyFileSystem, ".") +} + +func LoadEmbeddedLibraries() (map[string]*ast.Module, error) { + return LoadPoliciesFromDirs(rules2.EmbeddedLibraryFileSystem, ".") +} + +func LoadPoliciesFromDirs(target fs.FS, paths ...string) (map[string]*ast.Module, error) { + modules := make(map[string]*ast.Module) + for _, path := range paths { + if err := fs.WalkDir(target, sanitisePath(path), func(path string, info fs.DirEntry, err error) error { + if err != nil { + return err + } + if info.IsDir() { + return nil + } + + if strings.HasSuffix(filepath.Dir(filepath.ToSlash(path)), filepath.Join("advanced", "optional")) { + return fs.SkipDir + } + + if !IsRegoFile(info.Name()) || IsDotFile(info.Name()) { + return nil + } + data, err := fs.ReadFile(target, filepath.ToSlash(path)) + if err != nil { + return err + } + module, err := ast.ParseModuleWithOpts(path, string(data), ast.ParserOptions{ + ProcessAnnotation: true, + }) + if err != nil { + // s.debug.Log("Failed to load module: %s, err: %s", filepath.ToSlash(path), err.Error()) + return err + } + modules[path] = module + return nil + }); err != nil { + return nil, err + } + } + return modules, nil +} diff --git a/pkg/iac/rego/embed_test.go b/pkg/iac/rego/embed_test.go new file mode 100644 index 000000000000..77a88e40680b --- /dev/null +++ b/pkg/iac/rego/embed_test.go @@ -0,0 +1,123 @@ +package rego + +import ( + "testing" + + rules2 "github.com/aquasecurity/trivy-policies" + "github.com/aquasecurity/trivy/pkg/iac/rules" + "github.com/open-policy-agent/opa/ast" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func Test_EmbeddedLoading(t *testing.T) { + + frameworkRules := rules.GetRegistered() + var found bool + for _, rule := range frameworkRules { + if rule.GetRule().RegoPackage != "" { + found = true + } + } + assert.True(t, found, "no embedded rego policies were registered as rules") +} + +func Test_RegisterRegoRules(t *testing.T) { + var testCases = []struct { + name string + inputPolicy string + expectedError bool + }{ + { + name: "happy path old single schema", + inputPolicy: `# METADATA +# title: "dummy title" +# description: "some description" +# scope: package +# schemas: +# - input: schema["input"] +# custom: +# input: +# selector: +# - type: dockerfile +package builtin.dockerfile.DS1234 +deny[res]{ + res := true +}`, + }, + { + name: "happy path new builtin single schema", + inputPolicy: `# METADATA +# title: "dummy title" +# description: "some description" +# scope: package +# schemas: +# - input: schema["dockerfile"] +# custom: +# input: +# selector: +# - type: dockerfile +package builtin.dockerfile.DS1234 +deny[res]{ + res := true +}`, + }, + { + name: "happy path new multiple schemas", + inputPolicy: `# METADATA +# title: "dummy title" +# description: "some description" +# scope: package +# schemas: +# - input: schema["dockerfile"] +# - input: schema["kubernetes"] +# custom: +# input: +# selector: +# - type: dockerfile +package builtin.dockerfile.DS1234 +deny[res]{ + res := true +}`, + }, + { + name: "sad path schema does not exist", + inputPolicy: `# METADATA +# title: "dummy title" +# description: "some description" +# scope: package +# schemas: +# - input: schema["invalid schema"] +# custom: +# input: +# selector: +# - type: dockerfile +package builtin.dockerfile.DS1234 +deny[res]{ + res := true +}`, + expectedError: true, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + policies, err := LoadPoliciesFromDirs(rules2.EmbeddedLibraryFileSystem, ".") + require.NoError(t, err) + newRule, err := ast.ParseModuleWithOpts("/rules/newrule.rego", tc.inputPolicy, ast.ParserOptions{ + ProcessAnnotation: true, + }) + require.NoError(t, err) + + policies["/rules/newrule.rego"] = newRule + switch { + case tc.expectedError: + assert.Panics(t, func() { + RegisterRegoRules(policies) + }, tc.name) + default: + RegisterRegoRules(policies) + } + }) + } +} diff --git a/pkg/iac/rego/exceptions.go b/pkg/iac/rego/exceptions.go new file mode 100644 index 000000000000..ab202ec00d19 --- /dev/null +++ b/pkg/iac/rego/exceptions.go @@ -0,0 +1,33 @@ +package rego + +import ( + "context" + "fmt" +) + +func (s *Scanner) isIgnored(ctx context.Context, namespace string, ruleName string, input interface{}) (bool, error) { + if ignored, err := s.isNamespaceIgnored(ctx, namespace, input); err != nil { + return false, err + } else if ignored { + return true, nil + } + return s.isRuleIgnored(ctx, namespace, ruleName, input) +} + +func (s *Scanner) isNamespaceIgnored(ctx context.Context, namespace string, input interface{}) (bool, error) { + exceptionQuery := fmt.Sprintf("data.namespace.exceptions.exception[_] == %q", namespace) + result, _, err := s.runQuery(ctx, exceptionQuery, input, true) + if err != nil { + return false, fmt.Errorf("query namespace exceptions: %w", err) + } + return result.Allowed(), nil +} + +func (s *Scanner) isRuleIgnored(ctx context.Context, namespace string, ruleName string, input interface{}) (bool, error) { + exceptionQuery := fmt.Sprintf("endswith(%q, data.%s.exception[_][_])", ruleName, namespace) + result, _, err := s.runQuery(ctx, exceptionQuery, input, true) + if err != nil { + return false, err + } + return result.Allowed(), nil +} diff --git a/pkg/iac/rego/load.go b/pkg/iac/rego/load.go new file mode 100644 index 000000000000..909510e8f505 --- /dev/null +++ b/pkg/iac/rego/load.go @@ -0,0 +1,210 @@ +package rego + +import ( + "context" + "fmt" + "io" + "io/fs" + "strings" + + "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/bundle" +) + +func IsRegoFile(name string) bool { + return strings.HasSuffix(name, bundle.RegoExt) && !strings.HasSuffix(name, "_test"+bundle.RegoExt) +} + +func IsDotFile(name string) bool { + return strings.HasPrefix(name, ".") +} + +func (s *Scanner) loadPoliciesFromReaders(readers []io.Reader) (map[string]*ast.Module, error) { + modules := make(map[string]*ast.Module) + for i, r := range readers { + moduleName := fmt.Sprintf("reader_%d", i) + data, err := io.ReadAll(r) + if err != nil { + return nil, err + } + module, err := ast.ParseModuleWithOpts(moduleName, string(data), ast.ParserOptions{ + ProcessAnnotation: true, + }) + if err != nil { + return nil, err + } + modules[moduleName] = module + } + return modules, nil +} + +func (s *Scanner) loadEmbedded(enableEmbeddedLibraries, enableEmbeddedPolicies bool) error { + if enableEmbeddedLibraries { + loadedLibs, errLoad := LoadEmbeddedLibraries() + if errLoad != nil { + return fmt.Errorf("failed to load embedded rego libraries: %w", errLoad) + } + for name, policy := range loadedLibs { + s.policies[name] = policy + } + s.debug.Log("Loaded %d embedded libraries.", len(loadedLibs)) + } + + if enableEmbeddedPolicies { + loaded, err := LoadEmbeddedPolicies() + if err != nil { + return fmt.Errorf("failed to load embedded rego policies: %w", err) + } + for name, policy := range loaded { + s.policies[name] = policy + } + s.debug.Log("Loaded %d embedded policies.", len(loaded)) + } + + return nil +} + +func (s *Scanner) LoadPolicies(enableEmbeddedLibraries, enableEmbeddedPolicies bool, srcFS fs.FS, paths []string, readers []io.Reader) error { + + if s.policies == nil { + s.policies = make(map[string]*ast.Module) + } + + if s.policyFS != nil { + s.debug.Log("Overriding filesystem for policies!") + srcFS = s.policyFS + } + + if err := s.loadEmbedded(enableEmbeddedLibraries, enableEmbeddedPolicies); err != nil { + return err + } + + var err error + if len(paths) > 0 { + loaded, err := LoadPoliciesFromDirs(srcFS, paths...) + if err != nil { + return fmt.Errorf("failed to load rego policies from %s: %w", paths, err) + } + for name, policy := range loaded { + s.policies[name] = policy + } + s.debug.Log("Loaded %d policies from disk.", len(loaded)) + } + + if len(readers) > 0 { + loaded, err := s.loadPoliciesFromReaders(readers) + if err != nil { + return fmt.Errorf("failed to load rego policies from reader(s): %w", err) + } + for name, policy := range loaded { + s.policies[name] = policy + } + s.debug.Log("Loaded %d policies from reader(s).", len(loaded)) + } + + // gather namespaces + uniq := make(map[string]struct{}) + for _, module := range s.policies { + namespace := getModuleNamespace(module) + uniq[namespace] = struct{}{} + } + var namespaces []string + for namespace := range uniq { + namespaces = append(namespaces, namespace) + } + + dataFS := srcFS + if s.dataFS != nil { + s.debug.Log("Overriding filesystem for data!") + dataFS = s.dataFS + } + store, err := initStore(dataFS, s.dataDirs, namespaces) + if err != nil { + return fmt.Errorf("unable to load data: %w", err) + } + s.store = store + + return s.compilePolicies(srcFS, paths) +} + +func (s *Scanner) prunePoliciesWithError(compiler *ast.Compiler) error { + if len(compiler.Errors) > s.regoErrorLimit { + s.debug.Log("Error(s) occurred while loading policies") + return compiler.Errors + } + + for _, e := range compiler.Errors { + s.debug.Log("Error occurred while parsing: %s, %s", e.Location.File, e.Error()) + delete(s.policies, e.Location.File) + } + return nil +} + +func (s *Scanner) compilePolicies(srcFS fs.FS, paths []string) error { + + schemaSet, custom, err := BuildSchemaSetFromPolicies(s.policies, paths, srcFS) + if err != nil { + return err + } + if custom { + s.inputSchema = nil // discard auto detected input schema in favour of policy defined schema + } + + compiler := ast.NewCompiler(). + WithUseTypeCheckAnnotations(true). + WithCapabilities(ast.CapabilitiesForThisVersion()). + WithSchemas(schemaSet) + + compiler.Compile(s.policies) + if compiler.Failed() { + if err := s.prunePoliciesWithError(compiler); err != nil { + return err + } + return s.compilePolicies(srcFS, paths) + } + retriever := NewMetadataRetriever(compiler) + + if err := s.filterModules(retriever); err != nil { + return err + } + if s.inputSchema != nil { + schemaSet := ast.NewSchemaSet() + schemaSet.Put(ast.MustParseRef("schema.input"), s.inputSchema) + compiler.WithSchemas(schemaSet) + compiler.Compile(s.policies) + if compiler.Failed() { + if err := s.prunePoliciesWithError(compiler); err != nil { + return err + } + return s.compilePolicies(srcFS, paths) + } + } + s.compiler = compiler + s.retriever = retriever + return nil +} + +func (s *Scanner) filterModules(retriever *MetadataRetriever) error { + + filtered := make(map[string]*ast.Module) + for name, module := range s.policies { + meta, err := retriever.RetrieveMetadata(context.TODO(), module) + if err != nil { + return err + } + if len(meta.InputOptions.Selectors) == 0 { + s.debug.Log("WARNING: Module %s has no input selectors - it will be loaded for all inputs!", name) + filtered[name] = module + continue + } + for _, selector := range meta.InputOptions.Selectors { + if selector.Type == string(s.sourceType) { + filtered[name] = module + break + } + } + } + + s.policies = filtered + return nil +} diff --git a/pkg/iac/rego/load_test.go b/pkg/iac/rego/load_test.go new file mode 100644 index 000000000000..85f574e0c649 --- /dev/null +++ b/pkg/iac/rego/load_test.go @@ -0,0 +1,46 @@ +package rego + +import ( + "bytes" + "embed" + "testing" + + "github.com/aquasecurity/trivy/pkg/iac/types" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +//go:embed all:testdata/policies +var testEmbedFS embed.FS + +func Test_RegoScanning_WithSomeInvalidPolicies(t *testing.T) { + t.Run("allow no errors", func(t *testing.T) { + var debugBuf bytes.Buffer + scanner := NewScanner(types.SourceDockerfile) + scanner.SetRegoErrorLimit(0) + scanner.SetDebugWriter(&debugBuf) + p, _ := LoadPoliciesFromDirs(testEmbedFS, ".") + require.NotNil(t, p) + + scanner.policies = p + err := scanner.compilePolicies(testEmbedFS, []string{"policies"}) + require.ErrorContains(t, err, `want (one of): ["Cmd" "EndLine" "Flags" "JSON" "Original" "Path" "Stage" "StartLine" "SubCmd" "Value"]`) + assert.Contains(t, debugBuf.String(), "Error(s) occurred while loading policies") + }) + + t.Run("allow up to max 1 error", func(t *testing.T) { + var debugBuf bytes.Buffer + scanner := NewScanner(types.SourceDockerfile) + scanner.SetRegoErrorLimit(1) + scanner.SetDebugWriter(&debugBuf) + + p, _ := LoadPoliciesFromDirs(testEmbedFS, ".") + scanner.policies = p + + err := scanner.compilePolicies(testEmbedFS, []string{"policies"}) + require.NoError(t, err) + + assert.Contains(t, debugBuf.String(), "Error occurred while parsing: testdata/policies/invalid.rego, testdata/policies/invalid.rego:7") + }) + +} diff --git a/pkg/iac/rego/metadata.go b/pkg/iac/rego/metadata.go new file mode 100644 index 000000000000..013fe79ad87b --- /dev/null +++ b/pkg/iac/rego/metadata.go @@ -0,0 +1,393 @@ +package rego + +import ( + "context" + "fmt" + "strings" + + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/providers" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/severity" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + "github.com/mitchellh/mapstructure" + "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/rego" +) + +type StaticMetadata struct { + ID string + AVDID string + Title string + ShortCode string + Aliases []string + Description string + Severity string + RecommendedActions string + PrimaryURL string + References []string + InputOptions InputOptions + Package string + Frameworks map[framework.Framework][]string + Provider string + Service string + Library bool + CloudFormation *scan.EngineMetadata + Terraform *scan.EngineMetadata +} + +func NewStaticMetadata(pkgPath string, inputOpt InputOptions) *StaticMetadata { + return &StaticMetadata{ + ID: "N/A", + Title: "N/A", + Severity: "UNKNOWN", + Description: fmt.Sprintf("Rego module: %s", pkgPath), + Package: pkgPath, + InputOptions: inputOpt, + Frameworks: make(map[framework.Framework][]string), + } +} + +func (sm *StaticMetadata) Update(meta map[string]any) error { + + upd := func(field *string, key string) { + if raw, ok := meta[key]; ok { + *field = fmt.Sprintf("%s", raw) + } + } + + upd(&sm.ID, "id") + upd(&sm.AVDID, "avd_id") + upd(&sm.Title, "title") + upd(&sm.ShortCode, "short_code") + upd(&sm.Description, "description") + upd(&sm.Service, "service") + upd(&sm.Provider, "provider") + upd(&sm.RecommendedActions, "recommended_actions") + upd(&sm.RecommendedActions, "recommended_action") + + if raw, ok := meta["severity"]; ok { + sm.Severity = strings.ToUpper(fmt.Sprintf("%s", raw)) + } + + if raw, ok := meta["library"]; ok { + if lib, ok := raw.(bool); ok { + sm.Library = lib + } + } + + if raw, ok := meta["url"]; ok { + sm.References = append(sm.References, fmt.Sprintf("%s", raw)) + } + if raw, ok := meta["frameworks"]; ok { + frameworks, ok := raw.(map[string][]string) + if !ok { + return fmt.Errorf("failed to parse framework metadata: not an object") + } + for fw, sections := range frameworks { + sm.Frameworks[framework.Framework(fw)] = sections + } + } + if raw, ok := meta["related_resources"]; ok { + if relatedResources, ok := raw.([]map[string]any); ok { + for _, relatedResource := range relatedResources { + if raw, ok := relatedResource["ref"]; ok { + sm.References = append(sm.References, fmt.Sprintf("%s", raw)) + } + } + } else if relatedResources, ok := raw.([]string); ok { + sm.References = append(sm.References, relatedResources...) + } + } + + sm.updateAliases(meta) + + var err error + if sm.CloudFormation, err = NewEngineMetadata("cloud_formation", meta); err != nil { + return err + } + + if sm.Terraform, err = NewEngineMetadata("terraform", meta); err != nil { + return err + } + + return nil +} + +func (sm *StaticMetadata) updateAliases(meta map[string]any) { + if raw, ok := meta["aliases"]; ok { + if aliases, ok := raw.([]interface{}); ok { + for _, a := range aliases { + sm.Aliases = append(sm.Aliases, fmt.Sprintf("%s", a)) + } + } + } +} + +func (sm *StaticMetadata) FromAnnotations(annotations *ast.Annotations) error { + sm.Title = annotations.Title + sm.Description = annotations.Description + for _, resource := range annotations.RelatedResources { + if !resource.Ref.IsAbs() { + continue + } + sm.References = append(sm.References, resource.Ref.String()) + } + if custom := annotations.Custom; custom != nil { + if err := sm.Update(custom); err != nil { + return err + } + } + if len(annotations.RelatedResources) > 0 { + sm.PrimaryURL = annotations.RelatedResources[0].Ref.String() + } + return nil +} + +func NewEngineMetadata(schema string, meta map[string]interface{}) (*scan.EngineMetadata, error) { + var sMap map[string]interface{} + if raw, ok := meta[schema]; ok { + sMap, ok = raw.(map[string]interface{}) + if !ok { + return nil, fmt.Errorf("failed to parse %s metadata: not an object", schema) + } + } + + var em scan.EngineMetadata + if val, ok := sMap["good_examples"].(string); ok { + em.GoodExamples = []string{val} + } + if val, ok := sMap["bad_examples"].(string); ok { + em.BadExamples = []string{val} + } + if val, ok := sMap["links"].(string); ok { + em.Links = []string{val} + } + if val, ok := sMap["remediation_markdown"].(string); ok { + em.RemediationMarkdown = val + } + + return &em, nil +} + +type InputOptions struct { + Combined bool + Selectors []Selector +} + +type Selector struct { + Type string + Subtypes []SubType +} + +type SubType struct { + Group string + Version string + Kind string + Namespace string + Service string // only for cloud + Provider string // only for cloud +} + +func (m StaticMetadata) ToRule() scan.Rule { + + provider := "generic" + if m.Provider != "" { + provider = m.Provider + } else if len(m.InputOptions.Selectors) > 0 { + provider = m.InputOptions.Selectors[0].Type + } + service := "general" + if m.Service != "" { + service = m.Service + } + + return scan.Rule{ + AVDID: m.AVDID, + Aliases: append(m.Aliases, m.ID), + ShortCode: m.ShortCode, + Summary: m.Title, + Explanation: m.Description, + Impact: "", + Resolution: m.RecommendedActions, + Provider: providers.Provider(provider), + Service: service, + Links: m.References, + Severity: severity.Severity(m.Severity), + RegoPackage: m.Package, + Frameworks: m.Frameworks, + CloudFormation: m.CloudFormation, + Terraform: m.Terraform, + } +} + +type MetadataRetriever struct { + compiler *ast.Compiler +} + +func NewMetadataRetriever(compiler *ast.Compiler) *MetadataRetriever { + return &MetadataRetriever{ + compiler: compiler, + } +} + +func (m *MetadataRetriever) findPackageAnnotations(module *ast.Module) *ast.Annotations { + annotationSet := m.compiler.GetAnnotationSet() + if annotationSet == nil { + return nil + } + for _, annotation := range annotationSet.Flatten() { + if annotation.GetPackage().Path.String() != module.Package.Path.String() || annotation.Annotations.Scope != "package" { + continue + } + return annotation.Annotations + } + return nil +} + +func (m *MetadataRetriever) RetrieveMetadata(ctx context.Context, module *ast.Module, contents ...any) (*StaticMetadata, error) { + + metadata := NewStaticMetadata( + module.Package.Path.String(), + m.queryInputOptions(ctx, module), + ) + + // read metadata from official rego annotations if possible + if annotations := m.findPackageAnnotations(module); annotations != nil { + if err := metadata.FromAnnotations(annotations); err != nil { + return nil, err + } + return metadata, nil + } + + // otherwise, try to read metadata from the rego module itself - we used to do this before annotations were a thing + namespace := getModuleNamespace(module) + metadataQuery := fmt.Sprintf("data.%s.__rego_metadata__", namespace) + + options := []func(*rego.Rego){ + rego.Query(metadataQuery), + rego.Compiler(m.compiler), + rego.Capabilities(nil), + } + // support dynamic metadata fields + for _, in := range contents { + options = append(options, rego.Input(in)) + } + + instance := rego.New(options...) + set, err := instance.Eval(ctx) + if err != nil { + return nil, err + } + + // no metadata supplied + if set == nil { + return metadata, nil + } + + if len(set) != 1 { + return nil, fmt.Errorf("failed to parse metadata: unexpected set length") + } + if len(set[0].Expressions) != 1 { + return nil, fmt.Errorf("failed to parse metadata: unexpected expression length") + } + expression := set[0].Expressions[0] + meta, ok := expression.Value.(map[string]interface{}) + if !ok { + return nil, fmt.Errorf("failed to parse metadata: not an object") + } + + if err := metadata.Update(meta); err != nil { + return nil, err + } + + return metadata, nil +} + +// nolint: cyclop +func (m *MetadataRetriever) queryInputOptions(ctx context.Context, module *ast.Module) InputOptions { + + options := InputOptions{ + Combined: false, + Selectors: nil, + } + + var metadata map[string]interface{} + + // read metadata from official rego annotations if possible + if annotation := m.findPackageAnnotations(module); annotation != nil && annotation.Custom != nil { + if input, ok := annotation.Custom["input"]; ok { + if mapped, ok := input.(map[string]interface{}); ok { + metadata = mapped + } + } + } + + if metadata == nil { + + namespace := getModuleNamespace(module) + inputOptionQuery := fmt.Sprintf("data.%s.__rego_input__", namespace) + instance := rego.New( + rego.Query(inputOptionQuery), + rego.Compiler(m.compiler), + rego.Capabilities(nil), + ) + set, err := instance.Eval(ctx) + if err != nil { + return options + } + + if len(set) != 1 { + return options + } + if len(set[0].Expressions) != 1 { + return options + } + expression := set[0].Expressions[0] + meta, ok := expression.Value.(map[string]interface{}) + if !ok { + return options + } + metadata = meta + } + + if raw, ok := metadata["combine"]; ok { + if combine, ok := raw.(bool); ok { + options.Combined = combine + } + } + + if raw, ok := metadata["selector"]; ok { + if each, ok := raw.([]interface{}); ok { + for _, rawSelector := range each { + var selector Selector + if selectorMap, ok := rawSelector.(map[string]interface{}); ok { + if rawType, ok := selectorMap["type"]; ok { + selector.Type = fmt.Sprintf("%s", rawType) + // handle backward compatibility for "defsec" source type which is now "cloud" + if selector.Type == string(defsecTypes.SourceDefsec) { + selector.Type = string(defsecTypes.SourceCloud) + } + } + if subType, ok := selectorMap["subtypes"].([]interface{}); ok { + for _, subT := range subType { + if st, ok := subT.(map[string]interface{}); ok { + s := SubType{} + _ = mapstructure.Decode(st, &s) + selector.Subtypes = append(selector.Subtypes, s) + } + } + } + } + options.Selectors = append(options.Selectors, selector) + } + } + } + + return options + +} + +func getModuleNamespace(module *ast.Module) string { + return strings.TrimPrefix(module.Package.Path.String(), "data.") +} diff --git a/pkg/iac/rego/metadata_test.go b/pkg/iac/rego/metadata_test.go new file mode 100644 index 000000000000..d12b2d5d55f6 --- /dev/null +++ b/pkg/iac/rego/metadata_test.go @@ -0,0 +1,191 @@ +package rego + +import ( + "testing" + + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func Test_UpdateStaticMetadata(t *testing.T) { + t.Run("happy", func(t *testing.T) { + sm := StaticMetadata{ + ID: "i", + AVDID: "a", + Title: "t", + ShortCode: "sc", + Aliases: []string{"a", "b", "c"}, + Description: "d", + Severity: "s", + RecommendedActions: "ra", + PrimaryURL: "pu", + References: []string{"r"}, + Package: "pkg", + Provider: "pr", + Service: "srvc", + Library: false, + Frameworks: map[framework.Framework][]string{ + framework.Default: {"dd"}, + }, + } + + require.NoError(t, sm.Update( + map[string]any{ + "id": "i_n", + "avd_id": "a_n", + "title": "t_n", + "short_code": "sc_n", + "aliases": []any{"a_n", "b_n", "c_n"}, + "description": "d_n", + "service": "srvc_n", + "provider": "pr_n", + "recommended_actions": "ra_n", + "severity": "s_n", + "library": true, + "url": "r_n", + "frameworks": map[string][]string{ + "all": {"aa"}, + }, + }, + )) + + expected := StaticMetadata{ + ID: "i_n", + AVDID: "a_n", + Title: "t_n", + ShortCode: "sc_n", + Aliases: []string{"a", "b", "c", "a_n", "b_n", "c_n"}, + Description: "d_n", + Severity: "S_N", + RecommendedActions: "ra_n", + PrimaryURL: "pu", + References: []string{"r", "r_n"}, + Package: "pkg", + Provider: "pr_n", + Service: "srvc_n", + Library: true, + Frameworks: map[framework.Framework][]string{ + framework.Default: {"dd"}, + framework.ALL: {"aa"}, + }, + CloudFormation: &scan.EngineMetadata{}, + Terraform: &scan.EngineMetadata{}, + } + + assert.Equal(t, expected, sm) + }) + + t.Run("related resources are a map", func(t *testing.T) { + sm := StaticMetadata{ + References: []string{"r"}, + } + require.NoError(t, sm.Update(map[string]any{ + "related_resources": []map[string]any{ + { + "ref": "r1_n", + }, + { + "ref": "r2_n", + }, + }, + })) + + expected := StaticMetadata{ + References: []string{"r", "r1_n", "r2_n"}, + CloudFormation: &scan.EngineMetadata{}, + Terraform: &scan.EngineMetadata{}, + } + + assert.Equal(t, expected, sm) + }) + + t.Run("related resources are a string", func(t *testing.T) { + sm := StaticMetadata{ + References: []string{"r"}, + } + require.NoError(t, sm.Update(map[string]any{ + "related_resources": []string{"r1_n", "r2_n"}, + })) + + expected := StaticMetadata{ + References: []string{"r", "r1_n", "r2_n"}, + CloudFormation: &scan.EngineMetadata{}, + Terraform: &scan.EngineMetadata{}, + } + + assert.Equal(t, expected, sm) + }) +} + +func Test_getEngineMetadata(t *testing.T) { + inputSchema := map[string]interface{}{ + "terraform": map[string]interface{}{ + "good_examples": `resource "aws_cloudtrail" "good_example" { + is_multi_region_trail = true + + event_selector { + read_write_type = "All" + include_management_events = true + + data_resource { + type = "AWS::S3::Object" + values = ["${data.aws_s3_bucket.important-bucket.arn}/"] + } + } + }`, + }, + "cloud_formation": map[string]interface{}{"good_examples": `--- +Resources: + GoodExample: + Type: AWS::CloudTrail::Trail + Properties: + IsLogging: true + IsMultiRegionTrail: true + S3BucketName: "CloudtrailBucket" + S3KeyPrefix: "/trailing" + TrailName: "Cloudtrail"`, + }} + + var testCases = []struct { + schema string + want string + }{ + { + schema: "terraform", + want: `resource "aws_cloudtrail" "good_example" { + is_multi_region_trail = true + + event_selector { + read_write_type = "All" + include_management_events = true + + data_resource { + type = "AWS::S3::Object" + values = ["${data.aws_s3_bucket.important-bucket.arn}/"] + } + } + }`, + }, + {schema: "cloud_formation", + want: `--- +Resources: + GoodExample: + Type: AWS::CloudTrail::Trail + Properties: + IsLogging: true + IsMultiRegionTrail: true + S3BucketName: "CloudtrailBucket" + S3KeyPrefix: "/trailing" + TrailName: "Cloudtrail"`}, + } + + for _, tc := range testCases { + t.Run(tc.schema, func(t *testing.T) { + em, err := NewEngineMetadata(tc.schema, inputSchema) + assert.NoError(t, err) + assert.Equal(t, tc.want, em.GoodExamples[0]) + }) + } +} diff --git a/pkg/iac/rego/result.go b/pkg/iac/rego/result.go new file mode 100644 index 000000000000..ad5863196800 --- /dev/null +++ b/pkg/iac/rego/result.go @@ -0,0 +1,166 @@ +package rego + +import ( + "fmt" + "io/fs" + "strconv" + + "github.com/aquasecurity/trivy/pkg/iac/scan" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + "github.com/open-policy-agent/opa/rego" +) + +type regoResult struct { + Filepath string + Resource string + StartLine int + EndLine int + SourcePrefix string + Message string + Explicit bool + Managed bool + FSKey string + FS fs.FS + Parent *regoResult +} + +func (r regoResult) GetMetadata() defsecTypes.Metadata { + var m defsecTypes.Metadata + if !r.Managed { + m = defsecTypes.NewUnmanagedMetadata() + } else { + rng := defsecTypes.NewRangeWithFSKey(r.Filepath, r.StartLine, r.EndLine, r.SourcePrefix, r.FSKey, r.FS) + if r.Explicit { + m = defsecTypes.NewExplicitMetadata(rng, r.Resource) + } else { + m = defsecTypes.NewMetadata(rng, r.Resource) + } + } + if r.Parent != nil { + return m.WithParent(r.Parent.GetMetadata()) + } + return m +} + +func (r regoResult) GetRawValue() interface{} { + return nil +} + +func parseResult(raw interface{}) *regoResult { + var result regoResult + result.Managed = true + switch val := raw.(type) { + case []interface{}: + var msg string + for _, item := range val { + switch raw := item.(type) { + case map[string]interface{}: + result = parseCause(raw) + case string: + msg = raw + } + } + result.Message = msg + case string: + result.Message = val + case map[string]interface{}: + result = parseCause(val) + default: + result.Message = "Rego policy resulted in DENY" + } + return &result +} + +func parseCause(cause map[string]interface{}) regoResult { + var result regoResult + result.Managed = true + if msg, ok := cause["msg"]; ok { + result.Message = fmt.Sprintf("%s", msg) + } + if filepath, ok := cause["filepath"]; ok { + result.Filepath = fmt.Sprintf("%s", filepath) + } + if msg, ok := cause["fskey"]; ok { + result.FSKey = fmt.Sprintf("%s", msg) + } + if msg, ok := cause["resource"]; ok { + result.Resource = fmt.Sprintf("%s", msg) + } + if start, ok := cause["startline"]; ok { + result.StartLine = parseLineNumber(start) + } + if end, ok := cause["endline"]; ok { + result.EndLine = parseLineNumber(end) + } + if prefix, ok := cause["sourceprefix"]; ok { + result.SourcePrefix = fmt.Sprintf("%s", prefix) + } + if explicit, ok := cause["explicit"]; ok { + if set, ok := explicit.(bool); ok { + result.Explicit = set + } + } + if managed, ok := cause["managed"]; ok { + if set, ok := managed.(bool); ok { + result.Managed = set + } + } + if parent, ok := cause["parent"]; ok { + if m, ok := parent.(map[string]interface{}); ok { + parentResult := parseCause(m) + result.Parent = &parentResult + } + } + return result +} + +func parseLineNumber(raw interface{}) int { + str := fmt.Sprintf("%s", raw) + n, _ := strconv.Atoi(str) + return n +} + +func (s *Scanner) convertResults(set rego.ResultSet, input Input, namespace string, rule string, traces []string) scan.Results { + var results scan.Results + + offset := 0 + if input.Contents != nil { + if xx, ok := input.Contents.(map[string]interface{}); ok { + if md, ok := xx["__defsec_metadata"]; ok { + if md2, ok := md.(map[string]interface{}); ok { + if sl, ok := md2["offset"]; ok { + offset, _ = sl.(int) + } + } + } + } + } + for _, result := range set { + for _, expression := range result.Expressions { + values, ok := expression.Value.([]interface{}) + if !ok { + values = []interface{}{expression.Value} + } + + for _, value := range values { + regoResult := parseResult(value) + regoResult.FS = input.FS + if regoResult.Filepath == "" && input.Path != "" { + regoResult.Filepath = input.Path + } + if regoResult.Message == "" { + regoResult.Message = fmt.Sprintf("Rego policy rule: %s.%s", namespace, rule) + } + regoResult.StartLine += offset + regoResult.EndLine += offset + results.AddRego(regoResult.Message, namespace, rule, traces, regoResult) + } + } + } + return results +} + +func (s *Scanner) embellishResultsWithRuleMetadata(results scan.Results, metadata StaticMetadata) scan.Results { + results.SetRule(metadata.ToRule()) + return results +} diff --git a/pkg/iac/rego/result_test.go b/pkg/iac/rego/result_test.go new file mode 100644 index 000000000000..d958f7962b10 --- /dev/null +++ b/pkg/iac/rego/result_test.go @@ -0,0 +1,104 @@ +package rego + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func Test_parseResult(t *testing.T) { + var testCases = []struct { + name string + input interface{} + want regoResult + }{ + { + name: "unknown", + input: nil, + want: regoResult{ + Managed: true, + Message: "Rego policy resulted in DENY", + }, + }, + { + name: "string", + input: "message", + want: regoResult{ + Managed: true, + Message: "message", + }, + }, + { + name: "strings", + input: []interface{}{"message"}, + want: regoResult{ + Managed: true, + Message: "message", + }, + }, + { + name: "maps", + input: []interface{}{ + "message", + map[string]interface{}{ + "filepath": "a.out", + }, + }, + want: regoResult{ + Managed: true, + Message: "message", + Filepath: "a.out", + }, + }, + { + name: "map", + input: map[string]interface{}{ + "msg": "message", + "filepath": "a.out", + "fskey": "abcd", + "resource": "resource", + "startline": "123", + "endline": "456", + "sourceprefix": "git", + "explicit": true, + "managed": true, + }, + want: regoResult{ + Message: "message", + Filepath: "a.out", + Resource: "resource", + StartLine: 123, + EndLine: 456, + SourcePrefix: "git", + FSKey: "abcd", + Explicit: true, + Managed: true, + }, + }, + { + name: "parent", + input: map[string]interface{}{ + "msg": "child", + "parent": map[string]interface{}{ + "msg": "parent", + }, + }, + want: regoResult{ + Message: "child", + Managed: true, + Parent: ®oResult{ + Message: "parent", + Managed: true, + }, + }, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + have := parseResult(tc.input) + assert.NotNil(t, have) + assert.Equal(t, tc.want, *have) + }) + } +} diff --git a/pkg/iac/rego/runtime.go b/pkg/iac/rego/runtime.go new file mode 100644 index 000000000000..6e28268d9971 --- /dev/null +++ b/pkg/iac/rego/runtime.go @@ -0,0 +1,28 @@ +package rego + +import ( + "os" + "strings" + + "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/version" +) + +func addRuntimeValues() *ast.Term { + env := ast.NewObject() + for _, pair := range os.Environ() { + parts := strings.SplitN(pair, "=", 2) + if len(parts) == 1 { + env.Insert(ast.StringTerm(parts[0]), ast.NullTerm()) + } else if len(parts) > 1 { + env.Insert(ast.StringTerm(parts[0]), ast.StringTerm(parts[1])) + } + } + + obj := ast.NewObject() + obj.Insert(ast.StringTerm("env"), ast.NewTerm(env)) + obj.Insert(ast.StringTerm("version"), ast.StringTerm(version.Version)) + obj.Insert(ast.StringTerm("commit"), ast.StringTerm(version.Vcs)) + + return ast.NewTerm(obj) +} diff --git a/pkg/iac/rego/scanner.go b/pkg/iac/rego/scanner.go new file mode 100644 index 000000000000..7fcfc4099007 --- /dev/null +++ b/pkg/iac/rego/scanner.go @@ -0,0 +1,411 @@ +package rego + +import ( + "bytes" + "context" + "encoding/json" + "fmt" + "io" + "io/fs" + "strings" + + "github.com/aquasecurity/trivy/pkg/iac/debug" + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/rego/schemas" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/types" + "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/rego" + "github.com/open-policy-agent/opa/storage" +) + +var _ options.ConfigurableScanner = (*Scanner)(nil) + +type Scanner struct { + ruleNamespaces map[string]struct{} + policies map[string]*ast.Module + store storage.Store + dataDirs []string + runtimeValues *ast.Term + compiler *ast.Compiler + regoErrorLimit int + debug debug.Logger + traceWriter io.Writer + tracePerResult bool + retriever *MetadataRetriever + policyFS fs.FS + dataFS fs.FS + frameworks []framework.Framework + spec string + inputSchema interface{} // unmarshalled into this from a json schema document + sourceType types.Source +} + +func (s *Scanner) SetUseEmbeddedLibraries(b bool) { + // handled externally +} + +func (s *Scanner) SetSpec(spec string) { + s.spec = spec +} + +func (s *Scanner) SetRegoOnly(bool) {} + +func (s *Scanner) SetFrameworks(frameworks []framework.Framework) { + s.frameworks = frameworks +} + +func (s *Scanner) SetUseEmbeddedPolicies(b bool) { + // handled externally +} + +func (s *Scanner) trace(heading string, input interface{}) { + if s.traceWriter == nil { + return + } + data, err := json.MarshalIndent(input, "", " ") + if err != nil { + return + } + _, _ = fmt.Fprintf(s.traceWriter, "REGO %[1]s:\n%s\nEND REGO %[1]s\n\n", heading, string(data)) +} + +func (s *Scanner) SetPolicyFilesystem(fs fs.FS) { + s.policyFS = fs +} + +func (s *Scanner) SetDataFilesystem(fs fs.FS) { + s.dataFS = fs +} + +func (s *Scanner) SetPolicyReaders(_ []io.Reader) { + // NOTE: Policy readers option not applicable for rego, policies are loaded on-demand by other scanners. +} + +func (s *Scanner) SetDebugWriter(writer io.Writer) { + s.debug = debug.New(writer, "rego", "scanner") +} + +func (s *Scanner) SetTraceWriter(writer io.Writer) { + s.traceWriter = writer +} + +func (s *Scanner) SetPerResultTracingEnabled(b bool) { + s.tracePerResult = b +} + +func (s *Scanner) SetPolicyDirs(_ ...string) { + // NOTE: Policy dirs option not applicable for rego, policies are loaded on-demand by other scanners. +} + +func (s *Scanner) SetDataDirs(dirs ...string) { + s.dataDirs = dirs +} + +func (s *Scanner) SetPolicyNamespaces(namespaces ...string) { + for _, namespace := range namespaces { + s.ruleNamespaces[namespace] = struct{}{} + } +} + +func (s *Scanner) SetSkipRequiredCheck(_ bool) { + // NOTE: Skip required option not applicable for rego. +} + +func (s *Scanner) SetRegoErrorLimit(limit int) { + s.regoErrorLimit = limit +} + +type DynamicMetadata struct { + Warning bool + Filepath string + Message string + StartLine int + EndLine int +} + +func NewScanner(source types.Source, options ...options.ScannerOption) *Scanner { + schema, ok := schemas.SchemaMap[source] + if !ok { + schema = schemas.Anything + } + + s := &Scanner{ + regoErrorLimit: ast.CompileErrorLimitDefault, + sourceType: source, + ruleNamespaces: map[string]struct{}{ + "builtin": {}, + "appshield": {}, + "defsec": {}, + }, + runtimeValues: addRuntimeValues(), + } + for _, opt := range options { + opt(s) + } + if schema != schemas.None { + err := json.Unmarshal([]byte(schema), &s.inputSchema) + if err != nil { + panic(err) + } + } + return s +} + +func (s *Scanner) SetParentDebugLogger(l debug.Logger) { + s.debug = l.Extend("rego") +} + +func (s *Scanner) runQuery(ctx context.Context, query string, input interface{}, disableTracing bool) (rego.ResultSet, []string, error) { + + trace := (s.traceWriter != nil || s.tracePerResult) && !disableTracing + + regoOptions := []func(*rego.Rego){ + rego.Query(query), + rego.Compiler(s.compiler), + rego.Store(s.store), + rego.Runtime(s.runtimeValues), + rego.Trace(trace), + } + + if s.inputSchema != nil { + schemaSet := ast.NewSchemaSet() + schemaSet.Put(ast.MustParseRef("schema.input"), s.inputSchema) + regoOptions = append(regoOptions, rego.Schemas(schemaSet)) + } + + if input != nil { + regoOptions = append(regoOptions, rego.Input(input)) + } + + instance := rego.New(regoOptions...) + set, err := instance.Eval(ctx) + if err != nil { + return nil, nil, err + } + + // we also build a slice of trace lines for per-result tracing - primarily for fanal/trivy + var traces []string + + if trace { + if s.traceWriter != nil { + rego.PrintTrace(s.traceWriter, instance) + } + if s.tracePerResult { + traceBuffer := bytes.NewBuffer([]byte{}) + rego.PrintTrace(traceBuffer, instance) + traces = strings.Split(traceBuffer.String(), "\n") + } + } + return set, traces, nil +} + +type Input struct { + Path string `json:"path"` + FS fs.FS `json:"-"` + Contents interface{} `json:"contents"` +} + +func GetInputsContents(inputs []Input) []any { + results := make([]any, len(inputs)) + for i, c := range inputs { + results[i] = c.Contents + } + return results +} + +func (s *Scanner) ScanInput(ctx context.Context, inputs ...Input) (scan.Results, error) { + + s.debug.Log("Scanning %d inputs...", len(inputs)) + + var results scan.Results + + for _, module := range s.policies { + + select { + case <-ctx.Done(): + return nil, ctx.Err() + default: + } + + namespace := getModuleNamespace(module) + topLevel := strings.Split(namespace, ".")[0] + if _, ok := s.ruleNamespaces[topLevel]; !ok { + continue + } + + staticMeta, err := s.retriever.RetrieveMetadata(ctx, module, GetInputsContents(inputs)...) + if err != nil { + return nil, err + } + + if isPolicyWithSubtype(s.sourceType) { + // skip if policy isn't relevant to what is being scanned + if !isPolicyApplicable(staticMeta, inputs...) { + continue + } + } + + if len(inputs) == 0 { + continue + } + + usedRules := make(map[string]struct{}) + + // all rules + for _, rule := range module.Rules { + ruleName := rule.Head.Name.String() + if _, ok := usedRules[ruleName]; ok { + continue + } + usedRules[ruleName] = struct{}{} + if isEnforcedRule(ruleName) { + ruleResults, err := s.applyRule(ctx, namespace, ruleName, inputs, staticMeta.InputOptions.Combined) + if err != nil { + return nil, err + } + results = append(results, s.embellishResultsWithRuleMetadata(ruleResults, *staticMeta)...) + } + } + + } + + return results, nil +} + +func isPolicyWithSubtype(sourceType types.Source) bool { + for _, s := range []types.Source{types.SourceCloud, types.SourceDefsec, types.SourceKubernetes} { + if sourceType == s { + return true + } + } + return false +} + +func checkSubtype(ii map[string]interface{}, provider string, subTypes []SubType) bool { + if len(subTypes) == 0 { + return true + } + + for _, st := range subTypes { + switch services := ii[provider].(type) { + case map[string]interface{}: // cloud + for service := range services { + if (service == st.Service) && (st.Provider == provider) { + return true + } + } + case string: // k8s - logic can be improved + if strings.EqualFold(services, st.Group) || + strings.EqualFold(services, st.Version) || + strings.EqualFold(services, st.Kind) { + return true + } + } + } + return false +} + +func isPolicyApplicable(staticMetadata *StaticMetadata, inputs ...Input) bool { + for _, input := range inputs { + if ii, ok := input.Contents.(map[string]interface{}); ok { + for provider := range ii { + // TODO(simar): Add other providers + if !strings.Contains(strings.Join([]string{"kind", "aws", "azure"}, ","), provider) { + continue + } + + if len(staticMetadata.InputOptions.Selectors) == 0 { // policy always applies if no selectors + return true + } + + // check metadata for subtype + for _, s := range staticMetadata.InputOptions.Selectors { + if checkSubtype(ii, provider, s.Subtypes) { + return true + } + } + } + } + } + return false +} + +func (s *Scanner) applyRule(ctx context.Context, namespace string, rule string, inputs []Input, combined bool) (scan.Results, error) { + + // handle combined evaluations if possible + if combined { + s.trace("INPUT", inputs) + return s.applyRuleCombined(ctx, namespace, rule, inputs) + } + + var results scan.Results + qualified := fmt.Sprintf("data.%s.%s", namespace, rule) + for _, input := range inputs { + s.trace("INPUT", input) + if ignored, err := s.isIgnored(ctx, namespace, rule, input.Contents); err != nil { + return nil, err + } else if ignored { + var result regoResult + result.FS = input.FS + result.Filepath = input.Path + result.Managed = true + results.AddIgnored(result) + continue + } + set, traces, err := s.runQuery(ctx, qualified, input.Contents, false) + if err != nil { + return nil, err + } + s.trace("RESULTSET", set) + ruleResults := s.convertResults(set, input, namespace, rule, traces) + if len(ruleResults) == 0 { // It passed because we didn't find anything wrong (NOT because it didn't exist) + var result regoResult + result.FS = input.FS + result.Filepath = input.Path + result.Managed = true + results.AddPassedRego(namespace, rule, traces, result) + continue + } + results = append(results, ruleResults...) + } + + return results, nil +} + +func (s *Scanner) applyRuleCombined(ctx context.Context, namespace string, rule string, inputs []Input) (scan.Results, error) { + if len(inputs) == 0 { + return nil, nil + } + var results scan.Results + qualified := fmt.Sprintf("data.%s.%s", namespace, rule) + if ignored, err := s.isIgnored(ctx, namespace, rule, inputs); err != nil { + return nil, err + } else if ignored { + for _, input := range inputs { + var result regoResult + result.FS = input.FS + result.Filepath = input.Path + result.Managed = true + results.AddIgnored(result) + } + return results, nil + } + set, traces, err := s.runQuery(ctx, qualified, inputs, false) + if err != nil { + return nil, err + } + return s.convertResults(set, inputs[0], namespace, rule, traces), nil +} + +// severity is now set with metadata, so deny/warn/violation now behave the same way +func isEnforcedRule(name string) bool { + switch { + case name == "deny", strings.HasPrefix(name, "deny_"), + name == "warn", strings.HasPrefix(name, "warn_"), + name == "violation", strings.HasPrefix(name, "violation_"): + return true + } + return false +} diff --git a/pkg/iac/rego/scanner_test.go b/pkg/iac/rego/scanner_test.go new file mode 100644 index 000000000000..5a2c96ccb13e --- /dev/null +++ b/pkg/iac/rego/scanner_test.go @@ -0,0 +1,978 @@ +package rego + +import ( + "bytes" + "context" + "io/fs" + "os" + "path/filepath" + "strings" + "testing" + + "github.com/aquasecurity/trivy/pkg/iac/severity" + "github.com/aquasecurity/trivy/pkg/iac/types" + "github.com/liamg/memoryfs" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" +) + +func CreateFS(t *testing.T, files map[string]string) fs.FS { + memfs := memoryfs.New() + for name, content := range files { + name := strings.TrimPrefix(name, "/") + err := memfs.MkdirAll(filepath.Dir(name), 0o700) + require.NoError(t, err) + err = memfs.WriteFile(name, []byte(content), 0o644) + require.NoError(t, err) + } + return memfs +} + +func Test_RegoScanning_Deny(t *testing.T) { + + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": ` +package defsec.test + +deny { + input.evil +} +`, + }) + + scanner := NewScanner(types.SourceJSON) + require.NoError( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + ) + + results, err := scanner.ScanInput(context.TODO(), Input{ + Path: "/evil.lol", + Contents: map[string]interface{}{ + "evil": true, + }, + FS: srcFS, + }) + require.NoError(t, err) + + require.Equal(t, 1, len(results.GetFailed())) + assert.Equal(t, 0, len(results.GetPassed())) + assert.Equal(t, 0, len(results.GetIgnored())) + + assert.Equal(t, "/evil.lol", results.GetFailed()[0].Metadata().Range().GetFilename()) + assert.False(t, results.GetFailed()[0].IsWarning()) +} + +func Test_RegoScanning_AbsolutePolicyPath_Deny(t *testing.T) { + + tmp := t.TempDir() + require.NoError(t, os.Mkdir(filepath.Join(tmp, "policies"), 0755)) + require.NoError(t, os.WriteFile(filepath.Join(tmp, "policies", "test.rego"), []byte(`package defsec.test + +deny { + input.evil +}`), 0600)) + + srcFS := os.DirFS(tmp) + + scanner := NewScanner(types.SourceJSON) + require.NoError( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"/policies"}, nil), + ) + + results, err := scanner.ScanInput(context.TODO(), Input{ + Path: "/evil.lol", + Contents: map[string]interface{}{ + "evil": true, + }, + FS: srcFS, + }) + require.NoError(t, err) + + require.Equal(t, 1, len(results.GetFailed())) + assert.Equal(t, 0, len(results.GetPassed())) + assert.Equal(t, 0, len(results.GetIgnored())) + + assert.Equal(t, "/evil.lol", results.GetFailed()[0].Metadata().Range().GetFilename()) + assert.False(t, results.GetFailed()[0].IsWarning()) +} + +func Test_RegoScanning_Warn(t *testing.T) { + + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": ` +package defsec.test + +warn { + input.evil +} +`, + }) + + scanner := NewScanner(types.SourceJSON) + require.NoError( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + ) + + results, err := scanner.ScanInput(context.TODO(), Input{ + Path: "/evil.lol", + Contents: map[string]interface{}{ + "evil": true, + }, + }) + require.NoError(t, err) + + require.Equal(t, 1, len(results.GetFailed())) + require.Equal(t, 0, len(results.GetPassed())) + require.Equal(t, 0, len(results.GetIgnored())) + + assert.True(t, results.GetFailed()[0].IsWarning()) +} + +func Test_RegoScanning_Allow(t *testing.T) { + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": ` +package defsec.test + +deny { + input.evil +} +`, + }) + + scanner := NewScanner(types.SourceJSON) + require.NoError( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + ) + + results, err := scanner.ScanInput(context.TODO(), Input{ + Path: "/evil.lol", + Contents: map[string]interface{}{ + "evil": false, + }, + }) + require.NoError(t, err) + + assert.Equal(t, 0, len(results.GetFailed())) + require.Equal(t, 1, len(results.GetPassed())) + assert.Equal(t, 0, len(results.GetIgnored())) + + assert.Equal(t, "/evil.lol", results.GetPassed()[0].Metadata().Range().GetFilename()) +} + +func Test_RegoScanning_Namespace_Exception(t *testing.T) { + + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": ` +package defsec.test + +deny { + input.evil +} +`, + "policies/exceptions.rego": ` +package namespace.exceptions + +import data.namespaces + +exception[ns] { + ns := data.namespaces[_] + startswith(ns, "defsec") +} +`, + }) + + scanner := NewScanner(types.SourceJSON) + require.NoError( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + ) + + results, err := scanner.ScanInput(context.TODO(), Input{ + Path: "/evil.lol", + Contents: map[string]interface{}{ + "evil": true, + }, + }) + require.NoError(t, err) + + assert.Equal(t, 0, len(results.GetFailed())) + assert.Equal(t, 0, len(results.GetPassed())) + assert.Equal(t, 1, len(results.GetIgnored())) + +} + +func Test_RegoScanning_Namespace_Exception_WithoutMatch(t *testing.T) { + + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": ` +package defsec.test + +deny { + input.evil +} +`, "policies/something.rego": ` +package builtin.test + +deny_something { + input.something +} +`, + "policies/exceptions.rego": ` +package namespace.exceptions + +import data.namespaces + +exception[ns] { + ns := data.namespaces[_] + startswith(ns, "builtin") +} +`, + }) + + scanner := NewScanner(types.SourceJSON) + require.NoError( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + ) + + results, err := scanner.ScanInput(context.TODO(), Input{ + Path: "/evil.lol", + Contents: map[string]interface{}{ + "evil": true, + }, + }) + require.NoError(t, err) + + assert.Equal(t, 1, len(results.GetFailed())) + assert.Equal(t, 0, len(results.GetPassed())) + assert.Equal(t, 1, len(results.GetIgnored())) + +} + +func Test_RegoScanning_Rule_Exception(t *testing.T) { + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": ` +package defsec.test +deny_evil { + input.evil +} +`, + "policies/exceptions.rego": ` +package defsec.test + +exception[rules] { + rules := ["evil"] +} +`, + }) + + scanner := NewScanner(types.SourceJSON) + require.NoError( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + ) + + results, err := scanner.ScanInput(context.TODO(), Input{ + Path: "/evil.lol", + Contents: map[string]interface{}{ + "evil": true, + }, + }) + require.NoError(t, err) + + assert.Equal(t, 0, len(results.GetFailed())) + assert.Equal(t, 0, len(results.GetPassed())) + assert.Equal(t, 1, len(results.GetIgnored())) +} + +func Test_RegoScanning_Rule_Exception_WithoutMatch(t *testing.T) { + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": ` +package defsec.test +deny_evil { + input.evil +} +`, + "policies/exceptions.rego": ` +package defsec.test + +exception[rules] { + rules := ["good"] +} +`, + }) + + scanner := NewScanner(types.SourceJSON) + require.NoError( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + ) + + results, err := scanner.ScanInput(context.TODO(), Input{ + Path: "/evil.lol", + Contents: map[string]interface{}{ + "evil": true, + }, + }) + require.NoError(t, err) + + assert.Equal(t, 1, len(results.GetFailed())) + assert.Equal(t, 0, len(results.GetPassed())) + assert.Equal(t, 0, len(results.GetIgnored())) +} + +func Test_RegoScanning_WithRuntimeValues(t *testing.T) { + + _ = os.Setenv("DEFSEC_RUNTIME_VAL", "AOK") + + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": ` +package defsec.test + +deny_evil { + output := opa.runtime() + output.env.DEFSEC_RUNTIME_VAL == "AOK" +} +`, + }) + + scanner := NewScanner(types.SourceJSON) + require.NoError( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + ) + + results, err := scanner.ScanInput(context.TODO(), Input{ + Path: "/evil.lol", + Contents: map[string]interface{}{ + "evil": true, + }, + }) + require.NoError(t, err) + + assert.Equal(t, 1, len(results.GetFailed())) + assert.Equal(t, 0, len(results.GetPassed())) + assert.Equal(t, 0, len(results.GetIgnored())) +} + +func Test_RegoScanning_WithDenyMessage(t *testing.T) { + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": ` +package defsec.test + +deny[msg] { + input.evil + msg := "oh no" +} +`, + }) + + scanner := NewScanner(types.SourceJSON) + require.NoError( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + ) + + results, err := scanner.ScanInput(context.TODO(), Input{ + Path: "/evil.lol", + Contents: map[string]interface{}{ + "evil": true, + }, + }) + require.NoError(t, err) + + require.Equal(t, 1, len(results.GetFailed())) + assert.Equal(t, 0, len(results.GetPassed())) + assert.Equal(t, 0, len(results.GetIgnored())) + + assert.Equal(t, "oh no", results.GetFailed()[0].Description()) + assert.Equal(t, "/evil.lol", results.GetFailed()[0].Metadata().Range().GetFilename()) +} + +func Test_RegoScanning_WithDenyMetadata_ImpliedPath(t *testing.T) { + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": ` +package defsec.test + +deny[res] { + input.evil + res := { + "msg": "oh no", + "startline": 123, + "endline": 456, + } +} +`, + }) + + scanner := NewScanner(types.SourceJSON) + require.NoError( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + ) + + results, err := scanner.ScanInput(context.TODO(), Input{ + Path: "/evil.lol", + Contents: map[string]interface{}{ + "evil": true, + }, + }) + require.NoError(t, err) + + require.Equal(t, 1, len(results.GetFailed())) + assert.Equal(t, 0, len(results.GetPassed())) + assert.Equal(t, 0, len(results.GetIgnored())) + + assert.Equal(t, "oh no", results.GetFailed()[0].Description()) + assert.Equal(t, "/evil.lol", results.GetFailed()[0].Metadata().Range().GetFilename()) + assert.Equal(t, 123, results.GetFailed()[0].Metadata().Range().GetStartLine()) + assert.Equal(t, 456, results.GetFailed()[0].Metadata().Range().GetEndLine()) + +} + +func Test_RegoScanning_WithDenyMetadata_PersistedPath(t *testing.T) { + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": ` +package defsec.test + +deny[res] { + input.evil + res := { + "msg": "oh no", + "startline": 123, + "endline": 456, + "filepath": "/blah.txt", + } +} +`, + }) + + scanner := NewScanner(types.SourceJSON) + require.NoError( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + ) + + results, err := scanner.ScanInput(context.TODO(), Input{ + Path: "/evil.lol", + Contents: map[string]interface{}{ + "evil": true, + }, + }) + require.NoError(t, err) + + require.Equal(t, 1, len(results.GetFailed())) + assert.Equal(t, 0, len(results.GetPassed())) + assert.Equal(t, 0, len(results.GetIgnored())) + + assert.Equal(t, "oh no", results.GetFailed()[0].Description()) + assert.Equal(t, "/blah.txt", results.GetFailed()[0].Metadata().Range().GetFilename()) + assert.Equal(t, 123, results.GetFailed()[0].Metadata().Range().GetStartLine()) + assert.Equal(t, 456, results.GetFailed()[0].Metadata().Range().GetEndLine()) + +} + +func Test_RegoScanning_WithStaticMetadata(t *testing.T) { + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": ` +package defsec.test + +__rego_metadata__ := { + "id": "AA001", + "avd_id": "AVD-XX-9999", + "title": "This is a title", + "short_code": "short-code", + "severity": "LOW", + "type": "Dockerfile Security Check", + "description": "This is a description", + "recommended_actions": "This is a recommendation", + "url": "https://google.com", +} + +deny[res] { + input.evil + res := { + "msg": "oh no", + "startline": 123, + "endline": 456, + "filepath": "/blah.txt", + } +} +`, + }) + + scanner := NewScanner(types.SourceJSON) + require.NoError( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + ) + + results, err := scanner.ScanInput(context.TODO(), Input{ + Path: "/evil.lol", + Contents: map[string]interface{}{ + "evil": true, + }, + }) + require.NoError(t, err) + + require.Equal(t, 1, len(results.GetFailed())) + assert.Equal(t, 0, len(results.GetPassed())) + assert.Equal(t, 0, len(results.GetIgnored())) + + failure := results.GetFailed()[0] + + assert.Equal(t, "oh no", failure.Description()) + assert.Equal(t, "/blah.txt", failure.Metadata().Range().GetFilename()) + assert.Equal(t, 123, failure.Metadata().Range().GetStartLine()) + assert.Equal(t, 456, failure.Metadata().Range().GetEndLine()) + assert.Equal(t, "AVD-XX-9999", failure.Rule().AVDID) + assert.True(t, failure.Rule().HasID("AA001")) + assert.Equal(t, "This is a title", failure.Rule().Summary) + assert.Equal(t, severity.Low, failure.Rule().Severity) + assert.Equal(t, "This is a recommendation", failure.Rule().Resolution) + assert.Equal(t, "https://google.com", failure.Rule().Links[0]) + +} + +func Test_RegoScanning_WithMatchingInputSelector(t *testing.T) { + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": ` +package defsec.test + +__rego_input__ := { + "selector": [{"type": "json"}], +} + +deny { + input.evil +} + +`, + }) + + scanner := NewScanner(types.SourceJSON) + require.NoError( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + ) + + results, err := scanner.ScanInput(context.TODO(), Input{ + Path: "/evil.lol", + Contents: map[string]interface{}{ + "evil": true, + }, + }) + require.NoError(t, err) + + assert.Equal(t, 1, len(results.GetFailed())) + assert.Equal(t, 0, len(results.GetPassed())) + assert.Equal(t, 0, len(results.GetIgnored())) +} + +func Test_RegoScanning_WithNonMatchingInputSelector(t *testing.T) { + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": ` +package defsec.test + +__rego_input__ := { + "selector": [{"type": "testing"}], +} + +deny { + input.evil +} +`, + }) + + scanner := NewScanner(types.SourceJSON) + require.NoError( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + ) + + results, err := scanner.ScanInput(context.TODO(), Input{ + Path: "/evil.lol", + Contents: map[string]interface{}{ + "evil": true, + }, + }) + require.NoError(t, err) + + assert.Equal(t, 0, len(results.GetFailed())) + assert.Equal(t, 0, len(results.GetPassed())) + assert.Equal(t, 0, len(results.GetIgnored())) +} + +func Test_RegoScanning_NoTracingByDefault(t *testing.T) { + + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": ` +package defsec.test + +deny { + input.evil +} +`, + }) + + scanner := NewScanner(types.SourceJSON) + require.NoError( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + ) + + results, err := scanner.ScanInput(context.TODO(), Input{ + Path: "/evil.lol", + Contents: map[string]interface{}{ + "evil": true, + }, + }) + require.NoError(t, err) + + assert.Equal(t, 1, len(results.GetFailed())) + assert.Equal(t, 0, len(results.GetPassed())) + assert.Equal(t, 0, len(results.GetIgnored())) + + assert.Len(t, results.GetFailed()[0].Traces(), 0) +} + +func Test_RegoScanning_GlobalTracingEnabled(t *testing.T) { + + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": ` +package defsec.test + +deny { + input.evil +} +`, + }) + + traceBuffer := bytes.NewBuffer([]byte{}) + + scanner := NewScanner(types.SourceJSON, options.ScannerWithTrace(traceBuffer)) + require.NoError( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + ) + + results, err := scanner.ScanInput(context.TODO(), Input{ + Path: "/evil.lol", + Contents: map[string]interface{}{ + "evil": true, + }, + }) + require.NoError(t, err) + + assert.Equal(t, 1, len(results.GetFailed())) + assert.Equal(t, 0, len(results.GetPassed())) + assert.Equal(t, 0, len(results.GetIgnored())) + + assert.Len(t, results.GetFailed()[0].Traces(), 0) + assert.Greater(t, len(traceBuffer.Bytes()), 0) +} + +func Test_RegoScanning_PerResultTracingEnabled(t *testing.T) { + + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": ` +package defsec.test + +deny { + input.evil +} +`, + }) + + scanner := NewScanner(types.SourceJSON, options.ScannerWithPerResultTracing(true)) + require.NoError( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + ) + + results, err := scanner.ScanInput(context.TODO(), Input{ + Path: "/evil.lol", + Contents: map[string]interface{}{ + "evil": true, + }, + }) + require.NoError(t, err) + + assert.Equal(t, 1, len(results.GetFailed())) + assert.Equal(t, 0, len(results.GetPassed())) + assert.Equal(t, 0, len(results.GetIgnored())) + + assert.Greater(t, len(results.GetFailed()[0].Traces()), 0) +} + +func Test_dynamicMetadata(t *testing.T) { + + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": ` +package defsec.test + +__rego_metadata__ := { + "title" : sprintf("i am %s",[input.text]) +} + +deny { + input.text +} + +`, + }) + + scanner := NewScanner(types.SourceJSON) + require.NoError( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + ) + + results, err := scanner.ScanInput(context.TODO(), Input{ + Path: "/evil.lol", + Contents: map[string]interface{}{ + "text": "dynamic", + }, + }) + require.NoError(t, err) + assert.Equal(t, results[0].Rule().Summary, "i am dynamic") +} + +func Test_staticMetadata(t *testing.T) { + + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": ` +package defsec.test + +__rego_metadata__ := { + "title" : "i am static" +} + +deny { + input.text +} + +`, + }) + + scanner := NewScanner(types.SourceJSON) + require.NoError( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + ) + + results, err := scanner.ScanInput(context.TODO(), Input{ + Path: "/evil.lol", + Contents: map[string]interface{}{ + "text": "test", + }, + }) + require.NoError(t, err) + assert.Equal(t, results[0].Rule().Summary, "i am static") +} + +func Test_annotationMetadata(t *testing.T) { + + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": `# METADATA +# title: i am a title +# description: i am a description +# related_resources: +# - https://google.com +# custom: +# id: EG123 +# avd_id: AVD-EG-0123 +# severity: LOW +# recommended_action: have a cup of tea +package defsec.test + +deny { + input.text +} + +`, + "policies/test2.rego": `# METADATA +# title: i am another title +package defsec.test2 + +deny { + input.blah +} + +`, + }) + + scanner := NewScanner(types.SourceJSON) + require.NoError( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + ) + + results, err := scanner.ScanInput(context.TODO(), Input{ + Path: "/evil.lol", + Contents: map[string]interface{}{ + "text": "test", + }, + }) + require.NoError(t, err) + require.Len(t, results.GetFailed(), 1) + failure := results.GetFailed()[0].Rule() + assert.Equal(t, "i am a title", failure.Summary) + assert.Equal(t, "i am a description", failure.Explanation) + require.Len(t, failure.Links, 1) + assert.Equal(t, "https://google.com", failure.Links[0]) + assert.Equal(t, "AVD-EG-0123", failure.AVDID) + assert.Equal(t, severity.Low, failure.Severity) + assert.Equal(t, "have a cup of tea", failure.Resolution) +} + +func Test_RegoScanning_WithInvalidInputSchema(t *testing.T) { + + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": `# METADATA +# schemas: +# - input: schema["input"] +package defsec.test + +deny { + input.evil == "lol" +} +`, + }) + + scanner := NewScanner(types.SourceDockerfile) + scanner.SetRegoErrorLimit(0) // override to not allow any errors + assert.ErrorContains( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + "undefined ref: input.evil", + ) +} + +func Test_RegoScanning_WithValidInputSchema(t *testing.T) { + + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": `# METADATA +# schemas: +# - input: schema["input"] +package defsec.test + +deny { + input.Stages[0].Commands[0].Cmd == "lol" +} +`, + }) + + scanner := NewScanner(types.SourceDockerfile) + assert.NoError( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + ) +} + +func Test_RegoScanning_WithFilepathToSchema(t *testing.T) { + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": `# METADATA +# schemas: +# - input: schema["dockerfile"] +package defsec.test + +deny { + input.evil == "lol" +} +`, + }) + scanner := NewScanner(types.SourceJSON) + scanner.SetRegoErrorLimit(0) // override to not allow any errors + assert.ErrorContains( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + "undefined ref: input.evil", + ) +} + +func Test_RegoScanning_CustomData(t *testing.T) { + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": ` +package defsec.test +import data.settings.DS123.foo_bar_baz + +deny { + not foo_bar_baz +} +`, + }) + + dataFS := CreateFS(t, map[string]string{ + "data/data.json": `{ + "settings": { + "DS123":{ + "foo_bar_baz":false + } + } +}`, + "data/junk.txt": "this file should be ignored", + }) + + scanner := NewScanner(types.SourceJSON) + scanner.SetDataFilesystem(dataFS) + scanner.SetDataDirs(".") + + require.NoError( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + ) + + results, err := scanner.ScanInput(context.TODO(), Input{}) + require.NoError(t, err) + + assert.Equal(t, 1, len(results.GetFailed())) + assert.Equal(t, 0, len(results.GetPassed())) + assert.Equal(t, 0, len(results.GetIgnored())) +} + +func Test_RegoScanning_InvalidFS(t *testing.T) { + srcFS := CreateFS(t, map[string]string{ + "policies/test.rego": ` +package defsec.test +import data.settings.DS123.foo_bar_baz + +deny { + not foo_bar_baz +} +`, + }) + + dataFS := CreateFS(t, map[string]string{ + "data/data.json": `{ + "settings": { + "DS123":{ + "foo_bar_baz":false + } + } +}`, + "data/junk.txt": "this file should be ignored", + }) + + scanner := NewScanner(types.SourceJSON) + scanner.SetDataFilesystem(dataFS) + scanner.SetDataDirs("X://") + + require.NoError( + t, + scanner.LoadPolicies(false, false, srcFS, []string{"policies"}, nil), + ) + + results, err := scanner.ScanInput(context.TODO(), Input{}) + require.NoError(t, err) + + assert.Equal(t, 1, len(results.GetFailed())) + assert.Equal(t, 0, len(results.GetPassed())) + assert.Equal(t, 0, len(results.GetIgnored())) +} diff --git a/pkg/iac/rego/schemas/00_schema.go b/pkg/iac/rego/schemas/00_schema.go new file mode 100644 index 000000000000..e6674912fe58 --- /dev/null +++ b/pkg/iac/rego/schemas/00_schema.go @@ -0,0 +1,22 @@ +package schemas + +import _ "embed" + +type Schema string + +var ( + None Schema = "" + Anything Schema = `{}` + + //go:embed dockerfile.json + Dockerfile Schema + + //go:embed kubernetes.json + Kubernetes Schema + + //go:embed rbac.json + RBAC Schema + + //go:embed cloud.json + Cloud Schema +) diff --git a/pkg/iac/rego/schemas/builder.go b/pkg/iac/rego/schemas/builder.go new file mode 100644 index 000000000000..148d126845d0 --- /dev/null +++ b/pkg/iac/rego/schemas/builder.go @@ -0,0 +1,270 @@ +package schemas + +import ( + "fmt" + "reflect" + "strings" + + "github.com/aquasecurity/trivy/pkg/iac/rego/convert" + "github.com/aquasecurity/trivy/pkg/iac/state" +) + +type RawSchema struct { + Type string `json:"type"` // object + Properties map[string]Property `json:"properties,omitempty"` + Defs map[string]*Property `json:"definitions,omitempty"` +} + +type Property struct { + Type string `json:"type,omitempty"` + Ref string `json:"$ref,omitempty"` + Properties map[string]Property `json:"properties,omitempty"` + Items *Property `json:"items,omitempty"` +} + +type builder struct { + schema RawSchema +} + +func Build() (*RawSchema, error) { + + b := newBuilder() + + inputValue := reflect.ValueOf(state.State{}) + + err := b.fromInput(inputValue) + if err != nil { + return nil, err + } + + return &b.schema, nil +} + +func newBuilder() *builder { + return &builder{ + schema: RawSchema{ + Properties: nil, + Defs: nil, + }, + } +} + +func (b *builder) fromInput(inputValue reflect.Value) error { + + prop, err := b.readProperty("", nil, inputValue.Type(), 0) + if err != nil { + return err + } + if prop == nil { + return fmt.Errorf("property is nil") + } + b.schema.Properties = prop.Properties + b.schema.Type = prop.Type + return nil +} + +func refName(name string, parent, t reflect.Type) string { + if t.Name() == "" { // inline struct + return sanitise(parent.PkgPath() + "." + parent.Name() + "." + name) + } + return sanitise(t.PkgPath() + "." + t.Name()) +} + +func sanitise(s string) string { + return strings.ReplaceAll(s, "/", ".") +} + +func (b *builder) readProperty(name string, parent, inputType reflect.Type, indent int) (*Property, error) { + + if inputType.Kind() == reflect.Ptr { + inputType = inputType.Elem() + } + + switch inputType.String() { + case "types.Metadata", "types.Range", "types.Reference": + return nil, nil + } + + if b.schema.Defs != nil { + _, ok := b.schema.Defs[refName(name, parent, inputType)] + if ok { + return &Property{ + Type: "object", + Ref: "#/definitions/" + refName(name, parent, inputType), + }, nil + } + } + + fmt.Println(strings.Repeat(" ", indent) + name) + + switch kind := inputType.Kind(); kind { + case reflect.Struct: + return b.readStruct(name, parent, inputType, indent) + case reflect.Slice: + return b.readSlice(name, parent, inputType, indent) + case reflect.String: + return &Property{ + Type: "string", + }, nil + case reflect.Int: + return &Property{ + Type: "integer", + }, nil + case reflect.Bool: + return &Property{ + Type: "boolean", + }, nil + case reflect.Float32, reflect.Float64: + return &Property{ + Type: "number", + }, nil + } + + switch inputType.Name() { + case "BoolValue": + return &Property{ + Type: "object", + Properties: map[string]Property{ + "value": { + Type: "boolean", + }, + }, + }, nil + case "IntValue": + return &Property{ + Type: "object", + Properties: map[string]Property{ + "value": { + Type: "integer", + }, + }, + }, nil + case "StringValue", "TimeValue", "BytesValue": + return &Property{ + Type: "object", + Properties: map[string]Property{ + "value": { + Type: "string", + }, + }, + }, nil + case "MapValue": + return &Property{ + Type: "object", + Properties: map[string]Property{ + "value": { + Type: "object", + }, + }, + }, nil + + } + + fmt.Printf("WARNING: unsupported type: %s (%s)\n", inputType.Name(), inputType) + return nil, nil +} + +var converterInterface = reflect.TypeOf((*convert.Converter)(nil)).Elem() + +func (b *builder) readStruct(name string, parent, inputType reflect.Type, indent int) (*Property, error) { + + if b.schema.Defs == nil { + b.schema.Defs = map[string]*Property{} + } + + def := &Property{ + Type: "object", + Properties: map[string]Property{}, + } + + if parent != nil { + b.schema.Defs[refName(name, parent, inputType)] = def + } + + if inputType.Implements(converterInterface) { + if inputType.Kind() == reflect.Ptr { + inputType = inputType.Elem() + } + returns := reflect.New(inputType).MethodByName("ToRego").Call(nil) + if err := b.readRego(def, name, parent, returns[0].Type(), returns[0].Interface(), indent); err != nil { + return nil, err + } + } else { + + for i := 0; i < inputType.NumField(); i++ { + field := inputType.Field(i) + prop, err := b.readProperty(field.Name, inputType, field.Type, indent+1) + if err != nil { + return nil, err + } + if prop == nil { + continue + } + key := strings.ToLower(field.Name) + if key == "metadata" { + continue + } + def.Properties[key] = *prop + } + } + + if parent == nil { + return def, nil + } + + return &Property{ + Type: "object", + Ref: "#/definitions/" + refName(name, parent, inputType), + }, nil +} + +func (b *builder) readSlice(name string, parent, inputType reflect.Type, indent int) (*Property, error) { + + items, err := b.readProperty(name, parent, inputType.Elem(), indent+1) + if err != nil { + return nil, err + } + + prop := &Property{ + Type: "array", + Items: items, + } + return prop, nil +} + +func (b *builder) readRego(def *Property, name string, parent reflect.Type, typ reflect.Type, raw interface{}, indent int) error { + + switch cast := raw.(type) { + case map[string]interface{}: + def.Type = "object" + for k, v := range cast { + child := &Property{ + Properties: map[string]Property{}, + } + if err := b.readRego(child, k, reflect.TypeOf(raw), reflect.TypeOf(v), v, indent+1); err != nil { + return err + } + def.Properties[k] = *child + } + case map[string]string: + def.Type = "object" + for k, v := range cast { + child := &Property{ + Properties: map[string]Property{}, + } + if err := b.readRego(child, k, reflect.TypeOf(raw), reflect.TypeOf(v), v, indent+1); err != nil { + return err + } + def.Properties[k] = *child + } + default: + prop, err := b.readProperty(name, parent, typ, indent) + if err != nil { + return err + } + *def = *prop + } + + return nil + +} diff --git a/pkg/iac/rego/schemas/cloud.json b/pkg/iac/rego/schemas/cloud.json new file mode 100644 index 000000000000..e593c6b26be5 --- /dev/null +++ b/pkg/iac/rego/schemas/cloud.json @@ -0,0 +1,6836 @@ +{ + "type": "object", + "properties": { + "aws": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.AWS" + }, + "azure": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.Azure" + }, + "cloudstack": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.cloudstack.CloudStack" + }, + "digitalocean": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.DigitalOcean" + }, + "github": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.github.GitHub" + }, + "google": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.Google" + }, + "kubernetes": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.Kubernetes" + }, + "nifcloud": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.Nifcloud" + }, + "openstack": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.OpenStack" + }, + "oracle": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.oracle.Oracle" + } + }, + "definitions": { + "github.com.aquasecurity.defsec.pkg.providers.aws.AWS": { + "type": "object", + "properties": { + "accessanalyzer": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.AccessAnalyzer" + }, + "apigateway": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.APIGateway" + }, + "athena": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.athena.Athena" + }, + "cloudfront": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.Cloudfront" + }, + "cloudtrail": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.CloudTrail" + }, + "cloudwatch": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.CloudWatch" + }, + "codebuild": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.CodeBuild" + }, + "config": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.config.Config" + }, + "documentdb": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.documentdb.DocumentDB" + }, + "dynamodb": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.DynamoDB" + }, + "ec2": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.EC2" + }, + "ecr": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecr.ECR" + }, + "ecs": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.ECS" + }, + "efs": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.efs.EFS" + }, + "eks": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.eks.EKS" + }, + "elasticache": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.ElastiCache" + }, + "elasticsearch": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.Elasticsearch" + }, + "elb": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elb.ELB" + }, + "emr": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.emr.EMR" + }, + "iam": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.IAM" + }, + "kinesis": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.kinesis.Kinesis" + }, + "kms": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.kms.KMS" + }, + "lambda": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Lambda" + }, + "meta": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.Meta" + }, + "mq": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.mq.MQ" + }, + "msk": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.MSK" + }, + "neptune": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.neptune.Neptune" + }, + "rds": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.RDS" + }, + "redshift": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.Redshift" + }, + "s3": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.S3" + }, + "sam": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.SAM" + }, + "sns": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sns.SNS" + }, + "sqs": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sqs.SQS" + }, + "ssm": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ssm.SSM" + }, + "workspaces": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.WorkSpaces" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.AssumeRole": { + "type": "object", + "properties": { + "duration": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "externalid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "policy": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "policyarns": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "rolearn": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "sessionname": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "sourceidentity": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "tags": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.MapValue" + }, + "transitivetagkeys": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.AssumeRoleWithWebIdentity": { + "type": "object", + "properties": { + "duration": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "policy": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "policyarns": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "rolearn": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "sessionname": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "webidentitytoken": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "webidentitytokenfile": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.DefaultTags": { + "type": "object", + "properties": { + "tags": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.MapValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.IgnoreTags": { + "type": "object", + "properties": { + "keyprefixes": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "keys": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.Meta": { + "type": "object", + "properties": { + "tfproviders": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.TerraformProvider" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.TerraformProvider": { + "type": "object", + "properties": { + "accesskey": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "alias": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "allowedaccountsids": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "assumerole": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.AssumeRole" + }, + "assumerolewithwebidentity": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.AssumeRoleWithWebIdentity" + }, + "customcabundle": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "defaulttags": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.DefaultTags" + }, + "ec2metadataserviceendpoint": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "ec2metadataserviceendpointmode": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "endpoints": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.MapValue" + }, + "forbiddenaccountids": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "httpproxy": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "ignoretags": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.IgnoreTags" + }, + "insecure": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "maxretries": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + }, + "profile": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "region": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "retrymode": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "s3useast1regionalendpoint": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "s3usepathstyle": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "secretkey": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "sharedconfigfiles": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "sharedcredentialsfiles": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "skipcredentialsvalidation": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "skipmetadataapicheck": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "skipregionvalidation": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "skiprequestingaccountid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "stsregion": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "token": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "usedualstackendpoint": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "usefipsendpoint": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "version": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.AccessAnalyzer": { + "type": "object", + "properties": { + "analyzers": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.Analyzer" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.Analyzer": { + "type": "object", + "properties": { + "active": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "arn": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "findings": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.Findings" + } + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.Findings": { + "type": "object" + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.APIGateway": { + "type": "object", + "properties": { + "v1": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.APIGateway" + }, + "v2": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.APIGateway" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.API": { + "type": "object", + "properties": { + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "resources": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.Resource" + } + }, + "stages": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.Stage" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.APIGateway": { + "type": "object", + "properties": { + "apis": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.API" + } + }, + "domainnames": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.DomainName" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.AccessLogging": { + "type": "object", + "properties": { + "cloudwatchloggrouparn": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.DomainName": { + "type": "object", + "properties": { + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "securitypolicy": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.Method": { + "type": "object", + "properties": { + "apikeyrequired": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "authorizationtype": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "httpmethod": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.RESTMethodSettings": { + "type": "object", + "properties": { + "cachedataencrypted": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "cacheenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "method": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.Resource": { + "type": "object", + "properties": { + "methods": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.Method" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.Stage": { + "type": "object", + "properties": { + "accesslogging": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.AccessLogging" + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "restmethodsettings": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.RESTMethodSettings" + } + }, + "xraytracingenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.API": { + "type": "object", + "properties": { + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "protocoltype": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "stages": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.Stage" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.APIGateway": { + "type": "object", + "properties": { + "apis": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.API" + } + }, + "domainnames": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.DomainName" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.AccessLogging": { + "type": "object", + "properties": { + "cloudwatchloggrouparn": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.DomainName": { + "type": "object", + "properties": { + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "securitypolicy": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.Stage": { + "type": "object", + "properties": { + "accesslogging": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.AccessLogging" + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.athena.Athena": { + "type": "object", + "properties": { + "databases": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.athena.Database" + } + }, + "workgroups": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.athena.Workgroup" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.athena.Database": { + "type": "object", + "properties": { + "encryption": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.athena.EncryptionConfiguration" + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.athena.EncryptionConfiguration": { + "type": "object", + "properties": { + "type": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.athena.Workgroup": { + "type": "object", + "properties": { + "encryption": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.athena.EncryptionConfiguration" + }, + "enforceconfiguration": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.CacheBehaviour": { + "type": "object", + "properties": { + "viewerprotocolpolicy": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.Cloudfront": { + "type": "object", + "properties": { + "distributions": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.Distribution" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.Distribution": { + "type": "object", + "properties": { + "defaultcachebehaviour": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.CacheBehaviour" + }, + "logging": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.Logging" + }, + "orderercachebehaviours": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.CacheBehaviour" + } + }, + "viewercertificate": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.ViewerCertificate" + }, + "wafid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.Logging": { + "type": "object", + "properties": { + "bucket": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.ViewerCertificate": { + "type": "object", + "properties": { + "cloudfrontdefaultcertificate": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "minimumprotocolversion": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "sslsupportmethod": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.CloudTrail": { + "type": "object", + "properties": { + "trails": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.Trail" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.DataResource": { + "type": "object", + "properties": { + "type": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "values": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.EventSelector": { + "type": "object", + "properties": { + "dataresources": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.DataResource" + } + }, + "readwritetype": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.Trail": { + "type": "object", + "properties": { + "bucketname": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "cloudwatchlogsloggrouparn": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "enablelogfilevalidation": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "eventselectors": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.EventSelector" + } + }, + "islogging": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "ismultiregion": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "kmskeyid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.Alarm": { + "type": "object", + "properties": { + "alarmname": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "dimensions": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.AlarmDimension" + } + }, + "metricname": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "metrics": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.MetricDataQuery" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.AlarmDimension": { + "type": "object", + "properties": { + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "value": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.CloudWatch": { + "type": "object", + "properties": { + "alarms": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.Alarm" + } + }, + "loggroups": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.LogGroup" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.LogGroup": { + "type": "object", + "properties": { + "arn": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "kmskeyid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "metricfilters": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.MetricFilter" + } + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "retentionindays": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.MetricDataQuery": { + "type": "object", + "properties": { + "expression": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "id": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.MetricFilter": { + "type": "object", + "properties": { + "filtername": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "filterpattern": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.ArtifactSettings": { + "type": "object", + "properties": { + "encryptionenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.CodeBuild": { + "type": "object", + "properties": { + "projects": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.Project" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.Project": { + "type": "object", + "properties": { + "artifactsettings": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.ArtifactSettings" + }, + "secondaryartifactsettings": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.ArtifactSettings" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.config.Config": { + "type": "object", + "properties": { + "configurationaggregrator": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.config.ConfigurationAggregrator" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.config.ConfigurationAggregrator": { + "type": "object", + "properties": { + "sourceallregions": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.documentdb.Cluster": { + "type": "object", + "properties": { + "backupretentionperiod": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + }, + "enabledlogexports": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "identifier": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "instances": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.documentdb.Instance" + } + }, + "kmskeyid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "storageencrypted": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.documentdb.DocumentDB": { + "type": "object", + "properties": { + "clusters": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.documentdb.Cluster" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.documentdb.Instance": { + "type": "object", + "properties": { + "kmskeyid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.DAXCluster": { + "type": "object", + "properties": { + "pointintimerecovery": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "serversideencryption": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.ServerSideEncryption" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.DynamoDB": { + "type": "object", + "properties": { + "daxclusters": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.DAXCluster" + } + }, + "tables": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.Table" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.ServerSideEncryption": { + "type": "object", + "properties": { + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "kmskeyid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.Table": { + "type": "object", + "properties": { + "pointintimerecovery": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "serversideencryption": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.ServerSideEncryption" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.BlockDevice": { + "type": "object", + "properties": { + "encrypted": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.EC2": { + "type": "object", + "properties": { + "instances": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Instance" + } + }, + "launchconfigurations": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.LaunchConfiguration" + } + }, + "launchtemplates": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.LaunchTemplate" + } + }, + "networkacls": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.NetworkACL" + } + }, + "securitygroups": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroup" + } + }, + "subnets": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Subnet" + } + }, + "volumes": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Volume" + } + }, + "vpcs": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.VPC" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Encryption": { + "type": "object", + "properties": { + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "kmskeyid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Instance": { + "type": "object", + "properties": { + "ebsblockdevices": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.BlockDevice" + } + }, + "metadataoptions": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.MetadataOptions" + }, + "rootblockdevice": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.BlockDevice" + }, + "securitygroups": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroup" + } + }, + "userdata": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.LaunchConfiguration": { + "type": "object", + "properties": { + "associatepublicip": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "ebsblockdevices": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.BlockDevice" + } + }, + "metadataoptions": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.MetadataOptions" + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "rootblockdevice": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.BlockDevice" + }, + "userdata": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.LaunchTemplate": { + "type": "object", + "properties": { + "instance": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Instance" + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.MetadataOptions": { + "type": "object", + "properties": { + "httpendpoint": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "httptokens": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.NetworkACL": { + "type": "object", + "properties": { + "isdefaultrule": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "rules": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.NetworkACLRule" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.NetworkACLRule": { + "type": "object", + "properties": { + "action": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "cidrs": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "protocol": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "type": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroup": { + "type": "object", + "properties": { + "description": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "egressrules": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroupRule" + } + }, + "ingressrules": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroupRule" + } + }, + "isdefault": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "vpcid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroupRule": { + "type": "object", + "properties": { + "cidrs": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "description": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Subnet": { + "type": "object", + "properties": { + "mappubliciponlaunch": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.VPC": { + "type": "object", + "properties": { + "flowlogsenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "id": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "isdefault": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "securitygroups": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroup" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Volume": { + "type": "object", + "properties": { + "encryption": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Encryption" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ecr.ECR": { + "type": "object", + "properties": { + "repositories": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecr.Repository" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ecr.Encryption": { + "type": "object", + "properties": { + "kmskeyid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "type": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ecr.ImageScanning": { + "type": "object", + "properties": { + "scanonpush": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ecr.Repository": { + "type": "object", + "properties": { + "encryption": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecr.Encryption" + }, + "imagescanning": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecr.ImageScanning" + }, + "imagetagsimmutable": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "policies": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.Cluster": { + "type": "object", + "properties": { + "settings": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.ClusterSettings" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.ClusterSettings": { + "type": "object", + "properties": { + "containerinsightsenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.ContainerDefinition": { + "type": "object", + "properties": { + "cpu": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + }, + "environment": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.EnvVar" + } + }, + "essential": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "image": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "memory": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "portmappings": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.PortMapping" + } + }, + "privileged": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.ECS": { + "type": "object", + "properties": { + "clusters": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.Cluster" + } + }, + "taskdefinitions": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.TaskDefinition" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.EFSVolumeConfiguration": { + "type": "object", + "properties": { + "transitencryptionenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.EnvVar": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.PortMapping": { + "type": "object", + "properties": { + "containerport": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + }, + "hostport": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.TaskDefinition": { + "type": "object", + "properties": { + "containerdefinitions": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.ContainerDefinition" + } + }, + "volumes": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.Volume" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.Volume": { + "type": "object", + "properties": { + "efsvolumeconfiguration": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.EFSVolumeConfiguration" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.efs.EFS": { + "type": "object", + "properties": { + "filesystems": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.efs.FileSystem" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.efs.FileSystem": { + "type": "object", + "properties": { + "encrypted": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.eks.Cluster": { + "type": "object", + "properties": { + "encryption": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.eks.Encryption" + }, + "logging": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.eks.Logging" + }, + "publicaccesscidrs": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "publicaccessenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.eks.EKS": { + "type": "object", + "properties": { + "clusters": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.eks.Cluster" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.eks.Encryption": { + "type": "object", + "properties": { + "kmskeyid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "secrets": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.eks.Logging": { + "type": "object", + "properties": { + "api": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "audit": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "authenticator": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "controllermanager": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "scheduler": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.Cluster": { + "type": "object", + "properties": { + "engine": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "nodetype": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "snapshotretentionlimit": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.ElastiCache": { + "type": "object", + "properties": { + "clusters": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.Cluster" + } + }, + "replicationgroups": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.ReplicationGroup" + } + }, + "securitygroups": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.SecurityGroup" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.ReplicationGroup": { + "type": "object", + "properties": { + "atrestencryptionenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "transitencryptionenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.SecurityGroup": { + "type": "object", + "properties": { + "description": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.AtRestEncryption": { + "type": "object", + "properties": { + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "kmskeyid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.Domain": { + "type": "object", + "properties": { + "accesspolicies": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "atrestencryption": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.AtRestEncryption" + }, + "dedicatedmasterenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "domainname": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "endpoint": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.Endpoint" + }, + "logpublishing": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.LogPublishing" + }, + "servicesoftwareoptions": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.ServiceSoftwareOptions" + }, + "transitencryption": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.TransitEncryption" + }, + "vpcid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.Elasticsearch": { + "type": "object", + "properties": { + "domains": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.Domain" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.Endpoint": { + "type": "object", + "properties": { + "enforcehttps": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "tlspolicy": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.LogPublishing": { + "type": "object", + "properties": { + "auditenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "cloudwatchloggrouparn": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.ServiceSoftwareOptions": { + "type": "object", + "properties": { + "currentversion": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "newversion": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "updateavailable": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "updatestatus": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.TransitEncryption": { + "type": "object", + "properties": { + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.elb.Action": { + "type": "object", + "properties": { + "type": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.elb.ELB": { + "type": "object", + "properties": { + "loadbalancers": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elb.LoadBalancer" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.elb.Listener": { + "type": "object", + "properties": { + "defaultactions": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elb.Action" + } + }, + "protocol": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "tlspolicy": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.elb.LoadBalancer": { + "type": "object", + "properties": { + "dropinvalidheaderfields": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "internal": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "listeners": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elb.Listener" + } + }, + "type": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.emr.Cluster": { + "type": "object", + "properties": { + "settings": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.emr.ClusterSettings" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.emr.ClusterSettings": { + "type": "object", + "properties": { + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "releaselabel": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "servicerole": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.emr.EMR": { + "type": "object", + "properties": { + "clusters": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.emr.Cluster" + } + }, + "securityconfiguration": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.emr.SecurityConfiguration" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.emr.SecurityConfiguration": { + "type": "object", + "properties": { + "configuration": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.iam.AccessKey": { + "type": "object", + "properties": { + "accesskeyid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "active": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "creationdate": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" + }, + "lastaccess": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.iam.Document": { + "type": "object", + "properties": { + "endline": { + "type": "integer" + }, + "explicit": { + "type": "boolean" + }, + "filepath": { + "type": "string" + }, + "fskey": { + "type": "string" + }, + "managed": { + "type": "boolean" + }, + "resource": { + "type": "string" + }, + "sourceprefix": { + "type": "string" + }, + "startline": { + "type": "integer" + }, + "value": { + "type": "string" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.iam.Group": { + "type": "object", + "properties": { + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "policies": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" + } + }, + "users": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.User" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.iam.IAM": { + "type": "object", + "properties": { + "groups": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Group" + } + }, + "passwordpolicy": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.PasswordPolicy" + }, + "policies": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" + } + }, + "roles": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Role" + } + }, + "servercertificates": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.ServerCertificate" + } + }, + "users": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.User" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.iam.MFADevice": { + "type": "object", + "properties": { + "isvirtual": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.iam.PasswordPolicy": { + "type": "object", + "properties": { + "maxagedays": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + }, + "minimumlength": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + }, + "requirelowercase": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "requirenumbers": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "requiresymbols": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "requireuppercase": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "reusepreventioncount": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy": { + "type": "object", + "properties": { + "builtin": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "document": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Document" + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.iam.Role": { + "type": "object", + "properties": { + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "policies": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.iam.ServerCertificate": { + "type": "object", + "properties": { + "expiration": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.iam.User": { + "type": "object", + "properties": { + "accesskeys": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.AccessKey" + } + }, + "groups": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Group" + } + }, + "lastaccess": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" + }, + "mfadevices": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.MFADevice" + } + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "policies": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.kinesis.Encryption": { + "type": "object", + "properties": { + "kmskeyid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "type": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.kinesis.Kinesis": { + "type": "object", + "properties": { + "streams": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.kinesis.Stream" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.kinesis.Stream": { + "type": "object", + "properties": { + "encryption": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.kinesis.Encryption" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.kms.KMS": { + "type": "object", + "properties": { + "keys": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.kms.Key" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.kms.Key": { + "type": "object", + "properties": { + "rotationenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "usage": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Function": { + "type": "object", + "properties": { + "permissions": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Permission" + } + }, + "tracing": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Tracing" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Lambda": { + "type": "object", + "properties": { + "functions": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Function" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Permission": { + "type": "object", + "properties": { + "principal": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "sourcearn": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Tracing": { + "type": "object", + "properties": { + "mode": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.mq.Broker": { + "type": "object", + "properties": { + "logging": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.mq.Logging" + }, + "publicaccess": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.mq.Logging": { + "type": "object", + "properties": { + "audit": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "general": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.mq.MQ": { + "type": "object", + "properties": { + "brokers": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.mq.Broker" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.msk.BrokerLogging": { + "type": "object", + "properties": { + "cloudwatch": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.CloudwatchLogging" + }, + "firehose": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.FirehoseLogging" + }, + "s3": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.S3Logging" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.msk.CloudwatchLogging": { + "type": "object", + "properties": { + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.msk.Cluster": { + "type": "object", + "properties": { + "encryptionatrest": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.EncryptionAtRest" + }, + "encryptionintransit": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.EncryptionInTransit" + }, + "logging": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.Logging" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.msk.EncryptionAtRest": { + "type": "object", + "properties": { + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "kmskeyarn": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.msk.EncryptionInTransit": { + "type": "object", + "properties": { + "clientbroker": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.msk.FirehoseLogging": { + "type": "object", + "properties": { + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.msk.Logging": { + "type": "object", + "properties": { + "broker": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.BrokerLogging" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.msk.MSK": { + "type": "object", + "properties": { + "clusters": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.Cluster" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.msk.S3Logging": { + "type": "object", + "properties": { + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.neptune.Cluster": { + "type": "object", + "properties": { + "kmskeyid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "logging": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.neptune.Logging" + }, + "storageencrypted": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.neptune.Logging": { + "type": "object", + "properties": { + "audit": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.neptune.Neptune": { + "type": "object", + "properties": { + "clusters": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.neptune.Cluster" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.rds.Classic": { + "type": "object", + "properties": { + "dbsecuritygroups": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.DBSecurityGroup" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.rds.Cluster": { + "type": "object", + "properties": { + "availabilityzones": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "backupretentionperioddays": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + }, + "deletionprotection": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "encryption": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Encryption" + }, + "engine": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "instances": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.ClusterInstance" + } + }, + "latestrestorabletime": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" + }, + "performanceinsights": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.PerformanceInsights" + }, + "publicaccess": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "replicationsourcearn": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "skipfinalsnapshot": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.rds.ClusterInstance": { + "type": "object", + "properties": { + "clusteridentifier": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "instance": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Instance" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.rds.DBParameterGroupsList": { + "type": "object", + "properties": { + "dbparametergroupname": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "kmskeyid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.rds.DBSecurityGroup": { + "type": "object" + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.rds.DBSnapshotAttributes": { + "type": "object", + "properties": { + "attributevalues": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.rds.Encryption": { + "type": "object", + "properties": { + "encryptstorage": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "kmskeyid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.rds.Instance": { + "type": "object", + "properties": { + "autominorversionupgrade": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "backupretentionperioddays": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + }, + "dbinstancearn": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "dbinstanceidentifier": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "dbparametergroups": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.DBParameterGroupsList" + } + }, + "deletionprotection": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "enabledcloudwatchlogsexports": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "encryption": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Encryption" + }, + "engine": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "engineversion": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "iamauthenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "latestrestorabletime": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" + }, + "multiaz": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "performanceinsights": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.PerformanceInsights" + }, + "publicaccess": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "publiclyaccessible": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "readreplicadbinstanceidentifiers": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "replicationsourcearn": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "storageencrypted": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "taglist": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.TagList" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.rds.ParameterGroups": { + "type": "object", + "properties": { + "dbparametergroupfamily": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "dbparametergroupname": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "parameters": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Parameters" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.rds.Parameters": { + "type": "object", + "properties": { + "parametername": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "parametervalue": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.rds.PerformanceInsights": { + "type": "object", + "properties": { + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "kmskeyid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.rds.RDS": { + "type": "object", + "properties": { + "classic": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Classic" + }, + "clusters": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Cluster" + } + }, + "instances": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Instance" + } + }, + "parametergroups": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.ParameterGroups" + } + }, + "snapshots": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Snapshots" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.rds.Snapshots": { + "type": "object", + "properties": { + "dbsnapshotarn": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "dbsnapshotidentifier": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "encrypted": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "kmskeyid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "snapshotattributes": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.DBSnapshotAttributes" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.rds.TagList": { + "type": "object" + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.Cluster": { + "type": "object", + "properties": { + "allowversionupgrade": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "automatedsnapshotretentionperiod": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + }, + "clusteridentifier": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "encryption": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.Encryption" + }, + "endpoint": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.EndPoint" + }, + "loggingenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "masterusername": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "nodetype": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "numberofnodes": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + }, + "publiclyaccessible": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "subnetgroupname": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "vpcid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.ClusterParameter": { + "type": "object", + "properties": { + "parametername": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "parametervalue": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.Encryption": { + "type": "object", + "properties": { + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "kmskeyid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.EndPoint": { + "type": "object", + "properties": { + "port": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.Redshift": { + "type": "object", + "properties": { + "clusterparameters": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.ClusterParameter" + } + }, + "clusters": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.Cluster" + } + }, + "reservednodes": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.ReservedNode" + } + }, + "securitygroups": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.SecurityGroup" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.ReservedNode": { + "type": "object", + "properties": { + "nodetype": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.SecurityGroup": { + "type": "object", + "properties": { + "description": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Bucket": { + "type": "object", + "properties": { + "accelerateconfigurationstatus": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "acl": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "bucketlocation": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "bucketpolicies": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" + } + }, + "encryption": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Encryption" + }, + "lifecycleconfiguration": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Rules" + } + }, + "logging": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Logging" + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "objects": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Contents" + } + }, + "publicaccessblock": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.PublicAccessBlock" + }, + "versioning": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Versioning" + }, + "website": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Website" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Contents": { + "type": "object" + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Encryption": { + "type": "object", + "properties": { + "algorithm": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "kmskeyid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Logging": { + "type": "object", + "properties": { + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "targetbucket": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.s3.PublicAccessBlock": { + "type": "object", + "properties": { + "blockpublicacls": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "blockpublicpolicy": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "ignorepublicacls": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "restrictpublicbuckets": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Rules": { + "type": "object", + "properties": { + "status": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.s3.S3": { + "type": "object", + "properties": { + "buckets": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Bucket" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Versioning": { + "type": "object", + "properties": { + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "mfadelete": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Website": { + "type": "object" + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.sam.API": { + "type": "object", + "properties": { + "accesslogging": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.AccessLogging" + }, + "domainconfiguration": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.DomainConfiguration" + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "restmethodsettings": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.RESTMethodSettings" + }, + "tracingenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.sam.AccessLogging": { + "type": "object", + "properties": { + "cloudwatchloggrouparn": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.sam.Application": { + "type": "object", + "properties": { + "location": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.Location" + }, + "locationpath": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.sam.DomainConfiguration": { + "type": "object", + "properties": { + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "securitypolicy": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.sam.Function": { + "type": "object", + "properties": { + "functionname": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "managedpolicies": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "policies": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" + } + }, + "tracing": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.sam.HttpAPI": { + "type": "object", + "properties": { + "accesslogging": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.AccessLogging" + }, + "defaultroutesettings": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.RouteSettings" + }, + "domainconfiguration": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.DomainConfiguration" + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.sam.Location": { + "type": "object", + "properties": { + "applicationid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "semanticversion": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.sam.LoggingConfiguration": { + "type": "object", + "properties": { + "loggingenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.sam.RESTMethodSettings": { + "type": "object", + "properties": { + "cachedataencrypted": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "datatraceenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "loggingenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "metricsenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.sam.RouteSettings": { + "type": "object", + "properties": { + "datatraceenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "detailedmetricsenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "loggingenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.sam.SAM": { + "type": "object", + "properties": { + "apis": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.API" + } + }, + "applications": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.Application" + } + }, + "functions": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.Function" + } + }, + "httpapis": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.HttpAPI" + } + }, + "simpletables": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.SimpleTable" + } + }, + "statemachines": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.StateMachine" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.sam.SSESpecification": { + "type": "object", + "properties": { + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "kmsmasterkeyid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.sam.SimpleTable": { + "type": "object", + "properties": { + "ssespecification": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.SSESpecification" + }, + "tablename": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.sam.StateMachine": { + "type": "object", + "properties": { + "loggingconfiguration": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.LoggingConfiguration" + }, + "managedpolicies": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "policies": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" + } + }, + "tracing": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.TracingConfiguration" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.sam.TracingConfiguration": { + "type": "object", + "properties": { + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.sns.Encryption": { + "type": "object", + "properties": { + "kmskeyid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.sns.SNS": { + "type": "object", + "properties": { + "topics": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sns.Topic" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.sns.Topic": { + "type": "object", + "properties": { + "arn": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "encryption": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sns.Encryption" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.sqs.Encryption": { + "type": "object", + "properties": { + "kmskeyid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "managedencryption": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.sqs.Queue": { + "type": "object", + "properties": { + "encryption": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sqs.Encryption" + }, + "policies": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" + } + }, + "queueurl": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.sqs.SQS": { + "type": "object", + "properties": { + "queues": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sqs.Queue" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ssm.SSM": { + "type": "object", + "properties": { + "secrets": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ssm.Secret" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.ssm.Secret": { + "type": "object", + "properties": { + "kmskeyid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.Encryption": { + "type": "object", + "properties": { + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.Volume": { + "type": "object", + "properties": { + "encryption": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.Encryption" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.WorkSpace": { + "type": "object", + "properties": { + "rootvolume": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.Volume" + }, + "uservolume": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.Volume" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.WorkSpaces": { + "type": "object", + "properties": { + "workspaces": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.WorkSpace" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.Azure": { + "type": "object", + "properties": { + "appservice": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.appservice.AppService" + }, + "authorization": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.authorization.Authorization" + }, + "compute": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.Compute" + }, + "container": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.container.Container" + }, + "database": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.Database" + }, + "datafactory": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.datafactory.DataFactory" + }, + "datalake": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.datalake.DataLake" + }, + "keyvault": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.KeyVault" + }, + "monitor": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.monitor.Monitor" + }, + "network": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.Network" + }, + "securitycenter": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.securitycenter.SecurityCenter" + }, + "storage": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.storage.Storage" + }, + "synapse": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.synapse.Synapse" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.appservice.AppService": { + "type": "object", + "properties": { + "functionapps": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.appservice.FunctionApp" + } + }, + "services": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.appservice.FunctionApp": { + "type": "object", + "properties": { + "httpsonly": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service": { + "type": "object", + "properties": { + "authentication": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service.Authentication" + }, + "enableclientcert": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "identity": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service.Identity" + }, + "site": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service.Site" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service.Authentication": { + "type": "object", + "properties": { + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service.Identity": { + "type": "object", + "properties": { + "type": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service.Site": { + "type": "object", + "properties": { + "enablehttp2": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "minimumtlsversion": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.authorization.Authorization": { + "type": "object", + "properties": { + "roledefinitions": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.authorization.RoleDefinition" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.authorization.Permission": { + "type": "object", + "properties": { + "actions": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.authorization.RoleDefinition": { + "type": "object", + "properties": { + "assignablescopes": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "permissions": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.authorization.Permission" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.compute.Compute": { + "type": "object", + "properties": { + "linuxvirtualmachines": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.LinuxVirtualMachine" + } + }, + "manageddisks": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.ManagedDisk" + } + }, + "windowsvirtualmachines": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.WindowsVirtualMachine" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.compute.Encryption": { + "type": "object", + "properties": { + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.compute.LinuxVirtualMachine": { + "type": "object", + "properties": { + "osprofilelinuxconfig": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.OSProfileLinuxConfig" + }, + "virtualmachine": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.VirtualMachine" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.compute.ManagedDisk": { + "type": "object", + "properties": { + "encryption": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.Encryption" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.compute.OSProfileLinuxConfig": { + "type": "object", + "properties": { + "disablepasswordauthentication": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.compute.VirtualMachine": { + "type": "object", + "properties": { + "customdata": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.compute.WindowsVirtualMachine": { + "type": "object", + "properties": { + "virtualmachine": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.VirtualMachine" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.container.AddonProfile": { + "type": "object", + "properties": { + "omsagent": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.container.OMSAgent" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.container.Container": { + "type": "object", + "properties": { + "kubernetesclusters": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.container.KubernetesCluster" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.container.KubernetesCluster": { + "type": "object", + "properties": { + "addonprofile": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.container.AddonProfile" + }, + "apiserverauthorizedipranges": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "enableprivatecluster": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "networkprofile": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.container.NetworkProfile" + }, + "rolebasedaccesscontrol": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.container.RoleBasedAccessControl" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.container.NetworkProfile": { + "type": "object", + "properties": { + "networkpolicy": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.container.OMSAgent": { + "type": "object", + "properties": { + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.container.RoleBasedAccessControl": { + "type": "object", + "properties": { + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.database.Database": { + "type": "object", + "properties": { + "mariadbservers": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.MariaDBServer" + } + }, + "mssqlservers": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.MSSQLServer" + } + }, + "mysqlservers": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.MySQLServer" + } + }, + "postgresqlservers": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.PostgreSQLServer" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.database.ExtendedAuditingPolicy": { + "type": "object", + "properties": { + "retentionindays": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.database.FirewallRule": { + "type": "object", + "properties": { + "endip": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "startip": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.database.MSSQLServer": { + "type": "object", + "properties": { + "extendedauditingpolicies": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.ExtendedAuditingPolicy" + } + }, + "securityalertpolicies": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.SecurityAlertPolicy" + } + }, + "server": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.Server" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.database.MariaDBServer": { + "type": "object", + "properties": { + "server": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.Server" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.database.MySQLServer": { + "type": "object", + "properties": { + "server": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.Server" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.database.PostgreSQLServer": { + "type": "object", + "properties": { + "config": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.PostgresSQLConfig" + }, + "server": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.Server" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.database.PostgresSQLConfig": { + "type": "object", + "properties": { + "connectionthrottling": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "logcheckpoints": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "logconnections": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.database.SecurityAlertPolicy": { + "type": "object", + "properties": { + "disabledalerts": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "emailaccountadmins": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "emailaddresses": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.database.Server": { + "type": "object", + "properties": { + "enablepublicnetworkaccess": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "enablesslenforcement": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "firewallrules": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.FirewallRule" + } + }, + "minimumtlsversion": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.datafactory.DataFactory": { + "type": "object", + "properties": { + "datafactories": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.datafactory.Factory" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.datafactory.Factory": { + "type": "object", + "properties": { + "enablepublicnetwork": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.datalake.DataLake": { + "type": "object", + "properties": { + "stores": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.datalake.Store" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.datalake.Store": { + "type": "object", + "properties": { + "enableencryption": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.Key": { + "type": "object", + "properties": { + "expirydate": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.KeyVault": { + "type": "object", + "properties": { + "vaults": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.Vault" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.NetworkACLs": { + "type": "object", + "properties": { + "defaultaction": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.Secret": { + "type": "object", + "properties": { + "contenttype": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "expirydate": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.Vault": { + "type": "object", + "properties": { + "enablepurgeprotection": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "keys": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.Key" + } + }, + "networkacls": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.NetworkACLs" + }, + "secrets": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.Secret" + } + }, + "softdeleteretentiondays": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.monitor.LogProfile": { + "type": "object", + "properties": { + "categories": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "locations": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "retentionpolicy": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.monitor.RetentionPolicy" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.monitor.Monitor": { + "type": "object", + "properties": { + "logprofiles": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.monitor.LogProfile" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.monitor.RetentionPolicy": { + "type": "object", + "properties": { + "days": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + }, + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.network.Network": { + "type": "object", + "properties": { + "networkwatcherflowlogs": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.NetworkWatcherFlowLog" + } + }, + "securitygroups": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.SecurityGroup" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.network.NetworkWatcherFlowLog": { + "type": "object", + "properties": { + "retentionpolicy": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.RetentionPolicy" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.network.PortRange": { + "type": "object", + "properties": { + "end": { + "type": "integer" + }, + "start": { + "type": "integer" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.network.RetentionPolicy": { + "type": "object", + "properties": { + "days": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + }, + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.network.SecurityGroup": { + "type": "object", + "properties": { + "rules": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.SecurityGroupRule" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.network.SecurityGroupRule": { + "type": "object", + "properties": { + "allow": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "destinationaddresses": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "destinationports": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.PortRange" + } + }, + "outbound": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "protocol": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "sourceaddresses": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "sourceports": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.PortRange" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.securitycenter.Contact": { + "type": "object", + "properties": { + "enablealertnotifications": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "phone": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.securitycenter.SecurityCenter": { + "type": "object", + "properties": { + "contacts": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.securitycenter.Contact" + } + }, + "subscriptions": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.securitycenter.SubscriptionPricing" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.securitycenter.SubscriptionPricing": { + "type": "object", + "properties": { + "tier": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.storage.Account": { + "type": "object", + "properties": { + "containers": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.storage.Container" + } + }, + "enforcehttps": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "minimumtlsversion": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "networkrules": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.storage.NetworkRule" + } + }, + "queueproperties": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.storage.QueueProperties" + }, + "queues": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.storage.Queue" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.storage.Container": { + "type": "object", + "properties": { + "publicaccess": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.storage.NetworkRule": { + "type": "object", + "properties": { + "allowbydefault": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "bypass": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.storage.Queue": { + "type": "object", + "properties": { + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.storage.QueueProperties": { + "type": "object", + "properties": { + "enablelogging": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.storage.Storage": { + "type": "object", + "properties": { + "accounts": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.storage.Account" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.synapse.Synapse": { + "type": "object", + "properties": { + "workspaces": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.synapse.Workspace" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.azure.synapse.Workspace": { + "type": "object", + "properties": { + "enablemanagedvirtualnetwork": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.cloudstack.CloudStack": { + "type": "object", + "properties": { + "compute": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.cloudstack.compute.Compute" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.cloudstack.compute.Compute": { + "type": "object", + "properties": { + "instances": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.cloudstack.compute.Instance" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.cloudstack.compute.Instance": { + "type": "object", + "properties": { + "userdata": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.digitalocean.DigitalOcean": { + "type": "object", + "properties": { + "compute": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.Compute" + }, + "spaces": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Spaces" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.Compute": { + "type": "object", + "properties": { + "droplets": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.Droplet" + } + }, + "firewalls": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.Firewall" + } + }, + "kubernetesclusters": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.KubernetesCluster" + } + }, + "loadbalancers": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.LoadBalancer" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.Droplet": { + "type": "object", + "properties": { + "sshkeys": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.Firewall": { + "type": "object", + "properties": { + "inboundrules": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.InboundFirewallRule" + } + }, + "outboundrules": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.OutboundFirewallRule" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.ForwardingRule": { + "type": "object", + "properties": { + "entryprotocol": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.InboundFirewallRule": { + "type": "object", + "properties": { + "sourceaddresses": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.KubernetesCluster": { + "type": "object", + "properties": { + "autoupgrade": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "surgeupgrade": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.LoadBalancer": { + "type": "object", + "properties": { + "forwardingrules": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.ForwardingRule" + } + }, + "redirecthttptohttps": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.OutboundFirewallRule": { + "type": "object", + "properties": { + "destinationaddresses": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Bucket": { + "type": "object", + "properties": { + "acl": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "forcedestroy": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "objects": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Object" + } + }, + "versioning": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Versioning" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Object": { + "type": "object", + "properties": { + "acl": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Spaces": { + "type": "object", + "properties": { + "buckets": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Bucket" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Versioning": { + "type": "object", + "properties": { + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.github.BranchProtection": { + "type": "object", + "properties": { + "requiresignedcommits": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.github.EnvironmentSecret": { + "type": "object", + "properties": { + "encryptedvalue": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "environment": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "plaintextvalue": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "repository": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "secretname": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.github.GitHub": { + "type": "object", + "properties": { + "branchprotections": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.github.BranchProtection" + } + }, + "environmentsecrets": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.github.EnvironmentSecret" + } + }, + "repositories": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.github.Repository" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.github.Repository": { + "type": "object", + "properties": { + "archived": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "public": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "vulnerabilityalerts": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.Google": { + "type": "object", + "properties": { + "bigquery": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.bigquery.BigQuery" + }, + "compute": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Compute" + }, + "dns": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.dns.DNS" + }, + "gke": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.GKE" + }, + "iam": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.IAM" + }, + "kms": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.kms.KMS" + }, + "sql": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.SQL" + }, + "storage": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.storage.Storage" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.bigquery.AccessGrant": { + "type": "object", + "properties": { + "domain": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "role": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "specialgroup": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.bigquery.BigQuery": { + "type": "object", + "properties": { + "datasets": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.bigquery.Dataset" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.bigquery.Dataset": { + "type": "object", + "properties": { + "accessgrants": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.bigquery.AccessGrant" + } + }, + "id": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.compute.Compute": { + "type": "object", + "properties": { + "disks": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Disk" + } + }, + "instances": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Instance" + } + }, + "networks": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Network" + } + }, + "projectmetadata": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.ProjectMetadata" + }, + "sslpolicies": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.SSLPolicy" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.compute.Disk": { + "type": "object", + "properties": { + "encryption": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.DiskEncryption" + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.compute.DiskEncryption": { + "type": "object", + "properties": { + "kmskeylink": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "rawkey": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BytesValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.compute.EgressRule": { + "type": "object", + "properties": { + "destinationranges": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "firewallrule": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.FirewallRule" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.compute.Firewall": { + "type": "object", + "properties": { + "egressrules": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.EgressRule" + } + }, + "ingressrules": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.IngressRule" + } + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "sourcetags": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "targettags": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.compute.FirewallRule": { + "type": "object", + "properties": { + "enforced": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "isallow": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "ports": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + } + }, + "protocol": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.compute.IngressRule": { + "type": "object", + "properties": { + "firewallrule": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.FirewallRule" + }, + "sourceranges": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.compute.Instance": { + "type": "object", + "properties": { + "attacheddisks": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Disk" + } + }, + "bootdisks": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Disk" + } + }, + "canipforward": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "enableprojectsshkeyblocking": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "enableserialport": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "networkinterfaces": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.NetworkInterface" + } + }, + "osloginenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "serviceaccount": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.ServiceAccount" + }, + "shieldedvm": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.ShieldedVMConfig" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.compute.Network": { + "type": "object", + "properties": { + "firewall": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Firewall" + }, + "subnetworks": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.SubNetwork" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.compute.NetworkInterface": { + "type": "object", + "properties": { + "haspublicip": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "natip": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "network": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Network" + }, + "subnetwork": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.SubNetwork" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.compute.ProjectMetadata": { + "type": "object", + "properties": { + "enableoslogin": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.compute.SSLPolicy": { + "type": "object", + "properties": { + "minimumtlsversion": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "profile": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.compute.ServiceAccount": { + "type": "object", + "properties": { + "email": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "isdefault": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "scopes": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.compute.ShieldedVMConfig": { + "type": "object", + "properties": { + "integritymonitoringenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "securebootenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "vtpmenabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.compute.SubNetwork": { + "type": "object", + "properties": { + "enableflowlogs": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "purpose": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.dns.DNS": { + "type": "object", + "properties": { + "managedzones": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.dns.ManagedZone" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.dns.DNSSec": { + "type": "object", + "properties": { + "defaultkeyspecs": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.dns.KeySpecs" + } + }, + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.dns.KeySpecs": { + "type": "object", + "properties": { + "algorithm": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "keytype": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.dns.ManagedZone": { + "type": "object", + "properties": { + "dnssec": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.dns.DNSSec" + }, + "visibility": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.gke.ClientCertificate": { + "type": "object", + "properties": { + "issuecertificate": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.gke.Cluster": { + "type": "object", + "properties": { + "datapathprovider": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "enableautpilot": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "enablelegacyabac": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "enableshieldednodes": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "ipallocationpolicy": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.IPAllocationPolicy" + }, + "loggingservice": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "masterauth": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.MasterAuth" + }, + "masterauthorizednetworks": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.MasterAuthorizedNetworks" + }, + "monitoringservice": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "networkpolicy": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.NetworkPolicy" + }, + "nodeconfig": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.NodeConfig" + }, + "nodepools": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.NodePool" + } + }, + "privatecluster": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.PrivateCluster" + }, + "removedefaultnodepool": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "resourcelabels": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.MapValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.gke.GKE": { + "type": "object", + "properties": { + "clusters": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.Cluster" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.gke.IPAllocationPolicy": { + "type": "object", + "properties": { + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.gke.Management": { + "type": "object", + "properties": { + "enableautorepair": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "enableautoupgrade": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.gke.MasterAuth": { + "type": "object", + "properties": { + "clientcertificate": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.ClientCertificate" + }, + "password": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "username": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.gke.MasterAuthorizedNetworks": { + "type": "object", + "properties": { + "cidrs": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.gke.NetworkPolicy": { + "type": "object", + "properties": { + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.gke.NodeConfig": { + "type": "object", + "properties": { + "enablelegacyendpoints": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "imagetype": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "serviceaccount": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "workloadmetadataconfig": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.WorkloadMetadataConfig" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.gke.NodePool": { + "type": "object", + "properties": { + "management": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.Management" + }, + "nodeconfig": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.NodeConfig" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.gke.PrivateCluster": { + "type": "object", + "properties": { + "enableprivatenodes": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.gke.WorkloadMetadataConfig": { + "type": "object", + "properties": { + "nodemetadata": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.iam.Binding": { + "type": "object", + "properties": { + "includesdefaultserviceaccount": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "members": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "role": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.iam.Folder": { + "type": "object", + "properties": { + "bindings": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Binding" + } + }, + "folders": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Folder" + } + }, + "members": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Member" + } + }, + "projects": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Project" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.iam.IAM": { + "type": "object", + "properties": { + "organizations": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Organization" + } + }, + "workloadidentitypoolproviders": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.WorkloadIdentityPoolProvider" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.iam.Member": { + "type": "object", + "properties": { + "defaultserviceaccount": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "member": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "role": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.iam.Organization": { + "type": "object", + "properties": { + "bindings": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Binding" + } + }, + "folders": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Folder" + } + }, + "members": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Member" + } + }, + "projects": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Project" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.iam.Project": { + "type": "object", + "properties": { + "autocreatenetwork": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "bindings": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Binding" + } + }, + "members": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Member" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.iam.WorkloadIdentityPoolProvider": { + "type": "object", + "properties": { + "attributecondition": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "workloadidentitypoolid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "workloadidentitypoolproviderid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.kms.KMS": { + "type": "object", + "properties": { + "keyrings": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.kms.KeyRing" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.kms.Key": { + "type": "object", + "properties": { + "rotationperiodseconds": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.kms.KeyRing": { + "type": "object", + "properties": { + "keys": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.kms.Key" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.sql.Backups": { + "type": "object", + "properties": { + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.sql.DatabaseInstance": { + "type": "object", + "properties": { + "databaseversion": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "isreplica": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "settings": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.Settings" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.sql.Flags": { + "type": "object", + "properties": { + "containeddatabaseauthentication": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "crossdbownershipchaining": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "localinfile": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "logcheckpoints": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "logconnections": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "logdisconnections": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "loglockwaits": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "logmindurationstatement": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + }, + "logminmessages": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "logtempfilesize": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.sql.IPConfiguration": { + "type": "object", + "properties": { + "authorizednetworks": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.IPConfiguration.AuthorizedNetworks" + } + }, + "enableipv4": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "requiretls": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.sql.IPConfiguration.AuthorizedNetworks": { + "type": "object", + "properties": { + "cidr": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.sql.SQL": { + "type": "object", + "properties": { + "instances": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.DatabaseInstance" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.sql.Settings": { + "type": "object", + "properties": { + "backups": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.Backups" + }, + "flags": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.Flags" + }, + "ipconfiguration": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.IPConfiguration" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.storage.Bucket": { + "type": "object", + "properties": { + "bindings": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Binding" + } + }, + "enableuniformbucketlevelaccess": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "encryption": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.storage.BucketEncryption" + }, + "location": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "members": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Member" + } + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.storage.BucketEncryption": { + "type": "object", + "properties": { + "defaultkmskeyname": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.google.storage.Storage": { + "type": "object", + "properties": { + "buckets": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.storage.Bucket" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.kubernetes.Egress": { + "type": "object", + "properties": { + "destinationcidrs": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "ports": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.Port" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.kubernetes.Ingress": { + "type": "object", + "properties": { + "ports": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.Port" + } + }, + "sourcecidrs": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.kubernetes.Kubernetes": { + "type": "object", + "properties": { + "networkpolicies": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.NetworkPolicy" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.kubernetes.NetworkPolicy": { + "type": "object", + "properties": { + "spec": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.NetworkPolicySpec" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.kubernetes.NetworkPolicySpec": { + "type": "object", + "properties": { + "egress": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.Egress" + }, + "ingress": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.Ingress" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.kubernetes.Port": { + "type": "object", + "properties": { + "number": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "protocol": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.nifcloud.Nifcloud": { + "type": "object", + "properties": { + "computing": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.Computing" + }, + "dns": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.dns.DNS" + }, + "nas": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.nas.NAS" + }, + "network": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.Network" + }, + "rdb": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.rdb.RDB" + }, + "sslcertificate": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.sslcertificate.SSLCertificate" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.Computing": { + "type": "object", + "properties": { + "instances": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.Instance" + } + }, + "securitygroups": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.SecurityGroup" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.Instance": { + "type": "object", + "properties": { + "networkinterfaces": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.NetworkInterface" + } + }, + "securitygroup": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.NetworkInterface": { + "type": "object", + "properties": { + "networkid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.SecurityGroup": { + "type": "object", + "properties": { + "description": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "egressrules": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.SecurityGroupRule" + } + }, + "ingressrules": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.SecurityGroupRule" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.SecurityGroupRule": { + "type": "object", + "properties": { + "cidr": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "description": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.nifcloud.dns.DNS": { + "type": "object", + "properties": { + "records": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.dns.Record" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.nifcloud.dns.Record": { + "type": "object", + "properties": { + "record": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "type": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.nifcloud.nas.NAS": { + "type": "object", + "properties": { + "nasinstances": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.nas.NASInstance" + } + }, + "nassecuritygroups": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.nas.NASSecurityGroup" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.nifcloud.nas.NASInstance": { + "type": "object", + "properties": { + "networkid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.nifcloud.nas.NASSecurityGroup": { + "type": "object", + "properties": { + "cidrs": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "description": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.ElasticLoadBalancer": { + "type": "object", + "properties": { + "listeners": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.ElasticLoadBalancerListener" + } + }, + "networkinterfaces": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.NetworkInterface" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.ElasticLoadBalancerListener": { + "type": "object", + "properties": { + "protocol": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.LoadBalancer": { + "type": "object", + "properties": { + "listeners": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.LoadBalancerListener" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.LoadBalancerListener": { + "type": "object", + "properties": { + "protocol": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "tlspolicy": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.Network": { + "type": "object", + "properties": { + "elasticloadbalancers": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.ElasticLoadBalancer" + } + }, + "loadbalancers": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.LoadBalancer" + } + }, + "routers": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.Router" + } + }, + "vpngateways": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.VpnGateway" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.NetworkInterface": { + "type": "object", + "properties": { + "isvipnetwork": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "networkid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.Router": { + "type": "object", + "properties": { + "networkinterfaces": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.NetworkInterface" + } + }, + "securitygroup": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.VpnGateway": { + "type": "object", + "properties": { + "securitygroup": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.nifcloud.rdb.DBInstance": { + "type": "object", + "properties": { + "backupretentionperioddays": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + }, + "engine": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "engineversion": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "networkid": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "publicaccess": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.nifcloud.rdb.DBSecurityGroup": { + "type": "object", + "properties": { + "cidrs": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + }, + "description": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.nifcloud.rdb.RDB": { + "type": "object", + "properties": { + "dbinstances": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.rdb.DBInstance" + } + }, + "dbsecuritygroups": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.rdb.DBSecurityGroup" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.nifcloud.sslcertificate.SSLCertificate": { + "type": "object", + "properties": { + "servercertificates": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.sslcertificate.ServerCertificate" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.nifcloud.sslcertificate.ServerCertificate": { + "type": "object", + "properties": { + "expiration": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.openstack.Compute": { + "type": "object", + "properties": { + "firewall": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.Firewall" + }, + "instances": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.Instance" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.openstack.Firewall": { + "type": "object", + "properties": { + "allowrules": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.FirewallRule" + } + }, + "denyrules": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.FirewallRule" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.openstack.FirewallRule": { + "type": "object", + "properties": { + "destination": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "destinationport": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "enabled": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "source": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "sourceport": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.openstack.Instance": { + "type": "object", + "properties": { + "adminpassword": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.openstack.Networking": { + "type": "object", + "properties": { + "securitygroups": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.SecurityGroup" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.openstack.OpenStack": { + "type": "object", + "properties": { + "compute": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.Compute" + }, + "networking": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.Networking" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.openstack.SecurityGroup": { + "type": "object", + "properties": { + "description": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "name": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "rules": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.SecurityGroupRule" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.openstack.SecurityGroupRule": { + "type": "object", + "properties": { + "cidr": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + }, + "ethertype": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + }, + "isingress": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + }, + "portmax": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + }, + "portmin": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + }, + "protocol": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.oracle.AddressReservation": { + "type": "object", + "properties": { + "pool": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.oracle.Compute": { + "type": "object", + "properties": { + "addressreservations": { + "type": "array", + "items": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.oracle.AddressReservation" + } + } + } + }, + "github.com.aquasecurity.defsec.pkg.providers.oracle.Oracle": { + "type": "object", + "properties": { + "compute": { + "type": "object", + "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.oracle.Compute" + } + } + }, + "github.com.aquasecurity.defsec.pkg.types.BoolValue": { + "type": "object", + "properties": { + "endline": { + "type": "integer" + }, + "explicit": { + "type": "boolean" + }, + "filepath": { + "type": "string" + }, + "fskey": { + "type": "string" + }, + "managed": { + "type": "boolean" + }, + "resource": { + "type": "string" + }, + "sourceprefix": { + "type": "string" + }, + "startline": { + "type": "integer" + }, + "value": { + "type": "boolean" + } + } + }, + "github.com.aquasecurity.defsec.pkg.types.BytesValue": { + "type": "object", + "properties": { + "endline": { + "type": "integer" + }, + "explicit": { + "type": "boolean" + }, + "filepath": { + "type": "string" + }, + "fskey": { + "type": "string" + }, + "managed": { + "type": "boolean" + }, + "resource": { + "type": "string" + }, + "sourceprefix": { + "type": "string" + }, + "startline": { + "type": "integer" + }, + "value": { + "type": "string" + } + } + }, + "github.com.aquasecurity.defsec.pkg.types.IntValue": { + "type": "object", + "properties": { + "endline": { + "type": "integer" + }, + "explicit": { + "type": "boolean" + }, + "filepath": { + "type": "string" + }, + "fskey": { + "type": "string" + }, + "managed": { + "type": "boolean" + }, + "resource": { + "type": "string" + }, + "sourceprefix": { + "type": "string" + }, + "startline": { + "type": "integer" + }, + "value": { + "type": "integer" + } + } + }, + "github.com.aquasecurity.defsec.pkg.types.MapValue": { + "type": "object", + "properties": { + "endline": { + "type": "integer" + }, + "explicit": { + "type": "boolean" + }, + "filepath": { + "type": "string" + }, + "fskey": { + "type": "string" + }, + "managed": { + "type": "boolean" + }, + "resource": { + "type": "string" + }, + "sourceprefix": { + "type": "string" + }, + "startline": { + "type": "integer" + }, + "value": { + "type": "object" + } + } + }, + "github.com.aquasecurity.defsec.pkg.types.StringValue": { + "type": "object", + "properties": { + "endline": { + "type": "integer" + }, + "explicit": { + "type": "boolean" + }, + "filepath": { + "type": "string" + }, + "fskey": { + "type": "string" + }, + "managed": { + "type": "boolean" + }, + "resource": { + "type": "string" + }, + "sourceprefix": { + "type": "string" + }, + "startline": { + "type": "integer" + }, + "value": { + "type": "string" + } + } + }, + "github.com.aquasecurity.defsec.pkg.types.TimeValue": { + "type": "object", + "properties": { + "endline": { + "type": "integer" + }, + "explicit": { + "type": "boolean" + }, + "filepath": { + "type": "string" + }, + "fskey": { + "type": "string" + }, + "managed": { + "type": "boolean" + }, + "resource": { + "type": "string" + }, + "sourceprefix": { + "type": "string" + }, + "startline": { + "type": "integer" + }, + "value": { + "type": "string" + } + } + } + } +} \ No newline at end of file diff --git a/pkg/iac/rego/schemas/dockerfile.json b/pkg/iac/rego/schemas/dockerfile.json new file mode 100644 index 000000000000..d769cb195bae --- /dev/null +++ b/pkg/iac/rego/schemas/dockerfile.json @@ -0,0 +1,70 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://github.com/aquasecurity/trivy-policies/blob/main/pkg/rego/schemas/dockerfile.json", + "type": "object", + "properties": { + "Stages": { + "type": "array", + "items": { + "$ref": "#/$defs/stage" + } + } + }, + "$defs": { + "stage": { + "type": "object", + "properties": { + "Name": { + "type": "string" + }, + "Commands": { + "type": "array", + "items": { + "$ref": "#/$defs/command" + } + } + } + }, + "command": { + "type": "object", + "properties": { + "Flags": { + "type": "array", + "items": { + "type": "string" + } + }, + "Value": { + "type": "array", + "items": { + "type": "string" + } + }, + "Cmd": { + "type": "string" + }, + "SubCmd": { + "type": "string" + }, + "Original": { + "type": "string" + }, + "Path": { + "type": "string" + }, + "JSON": { + "type": "boolean" + }, + "Stage": { + "type": "integer" + }, + "StartLine": { + "type": "integer" + }, + "EndLine": { + "type": "integer" + } + } + } + } +} \ No newline at end of file diff --git a/pkg/iac/rego/schemas/kubernetes.json b/pkg/iac/rego/schemas/kubernetes.json new file mode 100644 index 000000000000..1975944b7790 --- /dev/null +++ b/pkg/iac/rego/schemas/kubernetes.json @@ -0,0 +1,51 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://github.com/aquasecurity/trivy-policies/blob/main/pkg/rego/schemas/kubernetes.json", + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "type": "object" + }, + "rules": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiGroups": { + "type": "array", + "items": { + "type": "string" + } + }, + "resources": { + "type": "array", + "items": { + "type": "string" + } + }, + "resourceNames": { + "type": "array", + "items": { + "type": "string" + } + }, + "verbs": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } +} \ No newline at end of file diff --git a/pkg/iac/rego/schemas/rbac.json b/pkg/iac/rego/schemas/rbac.json new file mode 100644 index 000000000000..c251890f91fd --- /dev/null +++ b/pkg/iac/rego/schemas/rbac.json @@ -0,0 +1,51 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://github.com/aquasecurity/trivy-policies/blob/main/pkg/rego/schemas/rbac.json", + "type": "object", + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "type": "object" + }, + "rules": { + "type": "array", + "items": { + "type": "object", + "properties": { + "apiGroups": { + "type": "array", + "items": { + "type": "string" + } + }, + "resources": { + "type": "array", + "items": { + "type": "string" + } + }, + "resourceNames": { + "type": "array", + "items": { + "type": "string" + } + }, + "verbs": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } +} \ No newline at end of file diff --git a/pkg/iac/rego/schemas/schemas.go b/pkg/iac/rego/schemas/schemas.go new file mode 100644 index 000000000000..73f92c10fc89 --- /dev/null +++ b/pkg/iac/rego/schemas/schemas.go @@ -0,0 +1,16 @@ +package schemas + +import ( + "github.com/aquasecurity/trivy/pkg/iac/types" +) + +var SchemaMap = map[types.Source]Schema{ + types.SourceDefsec: Cloud, + types.SourceCloud: Cloud, + types.SourceKubernetes: Kubernetes, + types.SourceRbac: Kubernetes, + types.SourceDockerfile: Dockerfile, + types.SourceTOML: Anything, + types.SourceYAML: Anything, + types.SourceJSON: Anything, +} diff --git a/pkg/iac/rego/store.go b/pkg/iac/rego/store.go new file mode 100644 index 000000000000..127b1d8dd647 --- /dev/null +++ b/pkg/iac/rego/store.go @@ -0,0 +1,48 @@ +package rego + +import ( + "fmt" + "io/fs" + "os" + "path/filepath" + "strings" + + "github.com/open-policy-agent/opa/loader" + "github.com/open-policy-agent/opa/storage" +) + +// initialise a store populated with OPA data files found in dataPaths +func initStore(dataFS fs.FS, dataPaths, namespaces []string) (storage.Store, error) { + // FilteredPaths will recursively find all file paths that contain a valid document + // extension from the given list of data paths. + allDocumentPaths, _ := loader.FilteredPathsFS(dataFS, dataPaths, func(abspath string, info os.FileInfo, depth int) bool { + if info.IsDir() { + return false // filter in, include + } + ext := strings.ToLower(filepath.Ext(info.Name())) + for _, filter := range []string{ + ".yaml", + ".yml", + ".json", + } { + if filter == ext { + return false // filter in, include + } + } + return true // filter out, exclude + }) + + documents, err := loader.NewFileLoader().WithFS(dataFS).All(allDocumentPaths) + if err != nil { + return nil, fmt.Errorf("load documents: %w", err) + } + + // pass all namespaces so that rego rule can refer to namespaces as data.namespaces + documents.Documents["namespaces"] = namespaces + + store, err := documents.Store() + if err != nil { + return nil, fmt.Errorf("get documents store: %w", err) + } + return store, nil +} diff --git a/pkg/iac/rego/testdata/policies/._sysfile.rego b/pkg/iac/rego/testdata/policies/._sysfile.rego new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/pkg/iac/rego/testdata/policies/invalid.rego b/pkg/iac/rego/testdata/policies/invalid.rego new file mode 100644 index 000000000000..a2ef3607bc70 --- /dev/null +++ b/pkg/iac/rego/testdata/policies/invalid.rego @@ -0,0 +1,8 @@ +# METADATA +# schemas: +# - input: schema["input"] +package defsec.test_invalid + +deny { + input.Stages[0].Commands[0].FooBarNothingBurger == "lol" +} diff --git a/pkg/iac/rego/testdata/policies/valid.rego b/pkg/iac/rego/testdata/policies/valid.rego new file mode 100644 index 000000000000..74a96afeec0c --- /dev/null +++ b/pkg/iac/rego/testdata/policies/valid.rego @@ -0,0 +1,8 @@ +# METADATA +# schemas: +# - input: schema["input"] +package defsec.test_valid + +deny { + input.Stages[0].Commands[0].Cmd == "lol" +} diff --git a/pkg/iac/rules/providers.go b/pkg/iac/rules/providers.go new file mode 100644 index 000000000000..60c976fd045b --- /dev/null +++ b/pkg/iac/rules/providers.go @@ -0,0 +1,169 @@ +package rules + +import ( + "encoding/json" + "strings" +) + +type Provider struct { + Name string `json:"name"` + Services []Service `json:"services"` +} + +type Service struct { + Name string `json:"name"` + Checks []Check `json:"checks"` +} + +type Check struct { + Name string `json:"name"` + Description string `json:"description"` +} + +func GetProvidersHierarchy() (providers map[string]map[string][]string) { + + registeredRules := GetRegistered() + + provs := make(map[string]map[string][]string) + + for _, rule := range registeredRules { + + cNames := make(map[string]bool) + pName := strings.ToLower(rule.GetRule().Provider.DisplayName()) + sName := strings.ToLower(rule.GetRule().Service) + cName := rule.GetRule().AVDID + + if _, ok := provs[pName]; !ok { + provs[pName] = make(map[string][]string) + } + + if _, ok := provs[pName][sName]; !ok { + provs[pName][sName] = make([]string, 0) + } + + if _, ok := cNames[cName]; !ok { + cNames[cName] = true + provs[pName][sName] = append(provs[pName][sName], cName) + } + } + + return provs +} + +func GetProviders() (providers []Provider) { + + registeredRules := GetRegistered() + + provs := make(map[string]map[string][]Check) + + for _, rule := range registeredRules { + + pName := strings.ToLower(rule.GetRule().Provider.DisplayName()) + sName := strings.ToLower(rule.GetRule().Service) + cName := rule.GetRule().AVDID + desc := rule.GetRule().Summary + + if _, ok := provs[pName]; !ok { + provs[pName] = make(map[string][]Check) + } + + if _, ok := provs[pName][sName]; !ok { + provs[pName][sName] = []Check{} + } + + provs[pName][sName] = append(provs[pName][sName], Check{ + Name: cName, + Description: desc, + }) + } + + for providerName, providerServices := range provs { + var services []Service + for serviceName, checks := range providerServices { + services = append(services, Service{ + Name: serviceName, + Checks: checks, + }) + } + + providers = append(providers, Provider{ + Name: providerName, + Services: services, + }) + } + + return providers +} + +func GetProvidersAsJson() ([]byte, error) { + + providers := GetProviders() + + return json.MarshalIndent(providers, "", " ") +} + +func GetProviderNames() []string { + + registeredRules := GetRegistered() + + providers := make(map[string]bool) + + for _, rule := range registeredRules { + + if _, ok := providers[rule.GetRule().Provider.DisplayName()]; !ok { + providers[rule.GetRule().Provider.DisplayName()] = true + } + + } + + var uniqueProviders []string + for p := range providers { + uniqueProviders = append(uniqueProviders, p) + } + + return uniqueProviders + +} + +func GetProviderServiceNames(providerName string) []string { + + registeredRules := GetRegistered() + + services := make(map[string]bool) + + for _, rule := range registeredRules { + + if !strings.EqualFold(providerName, rule.GetRule().Provider.DisplayName()) { + continue + } + + if _, ok := services[rule.GetRule().Service]; !ok { + services[rule.GetRule().Service] = true + } + + } + var uniqueServices []string + for p := range services { + uniqueServices = append(uniqueServices, p) + } + + return uniqueServices +} + +func GetProviderServiceCheckNames(providerName string, serviceName string) []string { + + registeredRules := GetRegistered() + + var checks []string + + for _, rule := range registeredRules { + + if !strings.EqualFold(providerName, rule.GetRule().Provider.DisplayName()) || + !strings.EqualFold(serviceName, rule.GetRule().Service) { + continue + } + + checks = append(checks, rule.GetRule().AVDID) + } + return checks +} diff --git a/pkg/iac/rules/register.go b/pkg/iac/rules/register.go new file mode 100644 index 000000000000..177c2244b18e --- /dev/null +++ b/pkg/iac/rules/register.go @@ -0,0 +1,25 @@ +package rules + +// +//import ( +// "github.com/aquasecurity/trivy/pkg/iac/internal/rules" +// "github.com/aquasecurity/trivy/pkg/iac/framework" +// "github.com/aquasecurity/trivy/pkg/iac/scan" +// ruleTypes "github.com/aquasecurity/trivy/pkg/iac/types/rules" +//) +// +//func Register(rule scan.Rule) ruleTypes.RegisteredRule { +// return rules.Register(rule) +//} +// +//func Deregister(rule ruleTypes.RegisteredRule) { +// rules.Deregister(rule) +//} +// +//func GetRegistered(fw ...framework.Framework) []ruleTypes.RegisteredRule { +// return rules.GetFrameworkRules(fw...) +//} +// +//func GetSpecRules(spec string) []ruleTypes.RegisteredRule { +// return rules.GetSpecRules(spec) +//} diff --git a/pkg/iac/rules/register_internal.go b/pkg/iac/rules/register_internal.go new file mode 100755 index 000000000000..f34cdf904da3 --- /dev/null +++ b/pkg/iac/rules/register_internal.go @@ -0,0 +1,137 @@ +package rules + +import ( + "sync" + + "gopkg.in/yaml.v3" + + "github.com/aquasecurity/trivy-policies/specs" + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/scan" + dftypes "github.com/aquasecurity/trivy/pkg/iac/types" + ruleTypes "github.com/aquasecurity/trivy/pkg/iac/types/rules" +) + +type registry struct { + sync.RWMutex + index int + frameworks map[framework.Framework][]ruleTypes.RegisteredRule +} + +var coreRegistry = registry{ + frameworks: make(map[framework.Framework][]ruleTypes.RegisteredRule), +} + +func Reset() { + coreRegistry.Reset() +} + +func Register(rule scan.Rule) ruleTypes.RegisteredRule { + return coreRegistry.register(rule) +} + +func Deregister(rule ruleTypes.RegisteredRule) { + coreRegistry.deregister(rule) +} + +func (r *registry) register(rule scan.Rule) ruleTypes.RegisteredRule { + r.Lock() + defer r.Unlock() + if len(rule.Frameworks) == 0 { + rule.Frameworks = map[framework.Framework][]string{framework.Default: nil} + } + registeredRule := ruleTypes.RegisteredRule{ + Number: r.index, + Rule: rule, + } + r.index++ + for fw := range rule.Frameworks { + r.frameworks[fw] = append(r.frameworks[fw], registeredRule) + } + + r.frameworks[framework.ALL] = append(r.frameworks[framework.ALL], registeredRule) + + return registeredRule +} + +func (r *registry) deregister(rule ruleTypes.RegisteredRule) { + r.Lock() + defer r.Unlock() + for fw := range r.frameworks { + for i, registered := range r.frameworks[fw] { + if registered.Number == rule.Number { + r.frameworks[fw] = append(r.frameworks[fw][:i], r.frameworks[fw][i+1:]...) + break + } + } + } +} + +func (r *registry) getFrameworkRules(fw ...framework.Framework) []ruleTypes.RegisteredRule { + r.RLock() + defer r.RUnlock() + var registered []ruleTypes.RegisteredRule + if len(fw) == 0 { + fw = []framework.Framework{framework.Default} + } + unique := make(map[int]struct{}) + for _, f := range fw { + for _, rule := range r.frameworks[f] { + if _, ok := unique[rule.Number]; ok { + continue + } + registered = append(registered, rule) + unique[rule.Number] = struct{}{} + } + } + return registered +} + +func (r *registry) getSpecRules(spec string) []ruleTypes.RegisteredRule { + r.RLock() + defer r.RUnlock() + var specRules []ruleTypes.RegisteredRule + + var complianceSpec dftypes.ComplianceSpec + specContent := specs.GetSpec(spec) + if err := yaml.Unmarshal([]byte(specContent), &complianceSpec); err != nil { + return nil + } + + registered := r.getFrameworkRules(framework.ALL) + for _, rule := range registered { + for _, csRule := range complianceSpec.Spec.Controls { + if len(csRule.Checks) > 0 { + for _, c := range csRule.Checks { + if rule.GetRule().AVDID == c.ID { + specRules = append(specRules, rule) + } + } + } + } + } + + return specRules +} + +func (r *registry) Reset() { + r.Lock() + defer r.Unlock() + r.frameworks = make(map[framework.Framework][]ruleTypes.RegisteredRule) +} + +func GetFrameworkRules(fw ...framework.Framework) []ruleTypes.RegisteredRule { + return coreRegistry.getFrameworkRules(fw...) +} + +func GetSpecRules(spec string) []ruleTypes.RegisteredRule { + if len(spec) > 0 { + return coreRegistry.getSpecRules(spec) + } + + return GetFrameworkRules() +} + +func GetRegistered(fw ...framework.Framework) []ruleTypes.RegisteredRule { + return GetFrameworkRules(fw...) +} diff --git a/pkg/iac/rules/register_test.go b/pkg/iac/rules/register_test.go new file mode 100644 index 000000000000..22eec16c0c66 --- /dev/null +++ b/pkg/iac/rules/register_test.go @@ -0,0 +1,139 @@ +package rules + +import ( + "fmt" + "testing" + + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func Test_Reset(t *testing.T) { + Reset() + rule := scan.Rule{} + _ = Register(rule) + assert.Equal(t, 1, len(GetFrameworkRules())) + Reset() + assert.Equal(t, 0, len(GetFrameworkRules())) +} + +func Test_Registration(t *testing.T) { + var tests = []struct { + name string + registeredFrameworks map[framework.Framework][]string + inputFrameworks []framework.Framework + expected bool + }{ + { + name: "rule without framework specified should be returned when no frameworks are requested", + expected: true, + }, + { + name: "rule without framework specified should not be returned when a specific framework is requested", + inputFrameworks: []framework.Framework{framework.CIS_AWS_1_2}, + expected: false, + }, + { + name: "rule without framework specified should be returned when the default framework is requested", + inputFrameworks: []framework.Framework{framework.Default}, + expected: true, + }, + { + name: "rule with default framework specified should be returned when the default framework is requested", + registeredFrameworks: map[framework.Framework][]string{framework.Default: {"1.1"}}, + inputFrameworks: []framework.Framework{framework.Default}, + expected: true, + }, + { + name: "rule with default framework specified should not be returned when a specific framework is requested", + registeredFrameworks: map[framework.Framework][]string{framework.Default: {"1.1"}}, + inputFrameworks: []framework.Framework{framework.CIS_AWS_1_2}, + expected: false, + }, + { + name: "rule with specific framework specified should not be returned when a default framework is requested", + registeredFrameworks: map[framework.Framework][]string{framework.CIS_AWS_1_2: {"1.1"}}, + inputFrameworks: []framework.Framework{framework.Default}, + expected: false, + }, + { + name: "rule with specific framework specified should be returned when the specific framework is requested", + registeredFrameworks: map[framework.Framework][]string{framework.CIS_AWS_1_2: {"1.1"}}, + inputFrameworks: []framework.Framework{framework.CIS_AWS_1_2}, + expected: true, + }, + { + name: "rule with multiple frameworks specified should be returned when the specific framework is requested", + registeredFrameworks: map[framework.Framework][]string{framework.CIS_AWS_1_2: {"1.1"}, "blah": {"1.2"}}, + inputFrameworks: []framework.Framework{framework.CIS_AWS_1_2}, + expected: true, + }, + { + name: "rule with multiple frameworks specified should be returned only once when multiple matching frameworks are requested", + registeredFrameworks: map[framework.Framework][]string{framework.CIS_AWS_1_2: {"1.1"}, "blah": {"1.2"}, "something": {"1.3"}}, + inputFrameworks: []framework.Framework{framework.CIS_AWS_1_2, "blah", "other"}, + expected: true, + }, + } + + for i, test := range tests { + t.Run(test.name, func(t *testing.T) { + Reset() + rule := scan.Rule{ + AVDID: fmt.Sprintf("%d-%s", i, test.name), + Frameworks: test.registeredFrameworks, + } + _ = Register(rule) + var found bool + for _, matchedRule := range GetFrameworkRules(test.inputFrameworks...) { + if matchedRule.GetRule().AVDID == rule.AVDID { + assert.False(t, found, "rule should not be returned more than once") + found = true + } + } + assert.Equal(t, test.expected, found, "rule should be returned if it matches any of the input frameworks") + }) + } +} + +func Test_Deregistration(t *testing.T) { + Reset() + registrationA := Register(scan.Rule{ + AVDID: "A", + }) + registrationB := Register(scan.Rule{ + AVDID: "B", + }) + assert.Equal(t, 2, len(GetFrameworkRules())) + Deregister(registrationA) + actual := GetFrameworkRules() + require.Equal(t, 1, len(actual)) + assert.Equal(t, "B", actual[0].GetRule().AVDID) + Deregister(registrationB) + assert.Equal(t, 0, len(GetFrameworkRules())) +} + +func Test_DeregistrationMultipleFrameworks(t *testing.T) { + Reset() + registrationA := Register(scan.Rule{ + AVDID: "A", + }) + registrationB := Register(scan.Rule{ + AVDID: "B", + Frameworks: map[framework.Framework][]string{ + "a": nil, + "b": nil, + "c": nil, + framework.Default: nil, + }, + }) + assert.Equal(t, 2, len(GetFrameworkRules())) + Deregister(registrationA) + actual := GetFrameworkRules() + require.Equal(t, 1, len(actual)) + assert.Equal(t, "B", actual[0].GetRule().AVDID) + Deregister(registrationB) + assert.Equal(t, 0, len(GetFrameworkRules())) +} diff --git a/pkg/iac/rules/rules.go b/pkg/iac/rules/rules.go new file mode 100644 index 000000000000..1cbd54b8c78f --- /dev/null +++ b/pkg/iac/rules/rules.go @@ -0,0 +1,82 @@ +package rules + +import ( + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/accessanalyzer" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/apigateway" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/athena" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/cloudfront" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/cloudtrail" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/cloudwatch" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/codebuild" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/config" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/documentdb" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/dynamodb" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/ec2" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/ecr" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/ecs" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/efs" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/eks" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/elasticache" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/elasticsearch" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/elb" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/emr" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/iam" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/kinesis" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/kms" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/lambda" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/mq" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/msk" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/neptune" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/rds" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/redshift" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/s3" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/sam" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/sns" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/sqs" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/ssm" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/workspaces" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/appservice" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/authorization" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/compute" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/container" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/database" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/datafactory" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/datalake" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/keyvault" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/monitor" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/network" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/securitycenter" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/storage" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/azure/synapse" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/cloudstack/compute" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/digitalocean/compute" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/digitalocean/spaces" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/github/actions" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/github/branch_protections" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/github/repositories" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/google/bigquery" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/google/compute" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/google/dns" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/google/gke" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/google/iam" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/google/kms" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/google/sql" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/google/storage" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/nifcloud/computing" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/nifcloud/dns" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/nifcloud/nas" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/nifcloud/network" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/nifcloud/rdb" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/nifcloud/sslcertificate" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/openstack/compute" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/openstack/networking" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/oracle/compute" + _ "github.com/aquasecurity/trivy-policies/checks/kubernetes/network" + trules "github.com/aquasecurity/trivy-policies/pkg/rules" +) + +func init() { + for _, r := range trules.GetRules() { + Register(r) + } +} diff --git a/pkg/iac/scan/code.go b/pkg/iac/scan/code.go new file mode 100644 index 000000000000..7a37b6e0cdb6 --- /dev/null +++ b/pkg/iac/scan/code.go @@ -0,0 +1,285 @@ +package scan + +import ( + "fmt" + "io/fs" + "path/filepath" + "strings" + + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Code struct { + Lines []Line +} + +type Line struct { + Number int `json:"Number"` + Content string `json:"Content"` + IsCause bool `json:"IsCause"` + Annotation string `json:"Annotation"` + Truncated bool `json:"Truncated"` + Highlighted string `json:"Highlighted,omitempty"` + FirstCause bool `json:"FirstCause"` + LastCause bool `json:"LastCause"` +} + +func (c *Code) IsCauseMultiline() bool { + var count int + for _, line := range c.Lines { + if line.IsCause { + count++ + if count > 1 { + return true + } + } + } + return false +} + +const ( + darkTheme = "solarized-dark256" + lightTheme = "github" +) + +type codeSettings struct { + theme string + allowTruncation bool + maxLines int + includeHighlighted bool +} + +var defaultCodeSettings = codeSettings{ + theme: darkTheme, + allowTruncation: true, + maxLines: 10, + includeHighlighted: true, +} + +type CodeOption func(*codeSettings) + +func OptionCodeWithTheme(theme string) CodeOption { + return func(s *codeSettings) { + s.theme = theme + } +} + +func OptionCodeWithDarkTheme() CodeOption { + return func(s *codeSettings) { + s.theme = darkTheme + } +} + +func OptionCodeWithLightTheme() CodeOption { + return func(s *codeSettings) { + s.theme = lightTheme + } +} + +func OptionCodeWithTruncation(truncate bool) CodeOption { + return func(s *codeSettings) { + s.allowTruncation = truncate + } +} + +func OptionCodeWithMaxLines(lines int) CodeOption { + return func(s *codeSettings) { + s.maxLines = lines + } +} + +func OptionCodeWithHighlighted(include bool) CodeOption { + return func(s *codeSettings) { + s.includeHighlighted = include + } +} + +func validateRange(r defsecTypes.Range) error { + if r.GetStartLine() < 0 || r.GetStartLine() > r.GetEndLine() || r.GetEndLine() < 0 { + return fmt.Errorf("invalid range: %s", r.String()) + } + return nil +} + +// nolint +func (r *Result) GetCode(opts ...CodeOption) (*Code, error) { + + settings := defaultCodeSettings + for _, opt := range opts { + opt(&settings) + } + + srcFS := r.Metadata().Range().GetFS() + if srcFS == nil { + return nil, fmt.Errorf("code unavailable: result was not mapped to a known filesystem") + } + + innerRange := r.Range() + outerRange := innerRange + metadata := r.Metadata() + for { + if parent := metadata.Parent(); parent != nil && + parent.Range().GetFilename() == metadata.Range().GetFilename() && + parent.Range().GetStartLine() > 0 { + outerRange = parent.Range() + metadata = *parent + continue + } + break + } + + if err := validateRange(innerRange); err != nil { + return nil, err + } + if err := validateRange(outerRange); err != nil { + return nil, err + } + + slashed := filepath.ToSlash(r.fsPath) + slashed = strings.TrimPrefix(slashed, "/") + + content, err := fs.ReadFile(srcFS, slashed) + if err != nil { + return nil, fmt.Errorf("failed to read file from result filesystem (%#v): %w", srcFS, err) + } + + hasAnnotation := r.Annotation() != "" + + code := Code{ + Lines: nil, + } + + rawLines := strings.Split(string(content), "\n") + + var highlightedLines []string + if settings.includeHighlighted { + highlightedLines = highlight(defsecTypes.CreateFSKey(innerRange.GetFS()), innerRange.GetLocalFilename(), content, settings.theme) + if len(highlightedLines) < len(rawLines) { + highlightedLines = rawLines + } + } else { + highlightedLines = make([]string, len(rawLines)) + } + + if outerRange.GetEndLine()-1 >= len(rawLines) || innerRange.GetStartLine() == 0 { + return nil, fmt.Errorf("invalid line number") + } + + shrink := settings.allowTruncation && outerRange.LineCount() > (innerRange.LineCount()+10) + + if shrink { + + if outerRange.GetStartLine() < innerRange.GetStartLine() { + code.Lines = append( + code.Lines, + Line{ + Content: rawLines[outerRange.GetStartLine()-1], + Highlighted: highlightedLines[outerRange.GetStartLine()-1], + Number: outerRange.GetStartLine(), + }, + ) + if outerRange.GetStartLine()+1 < innerRange.GetStartLine() { + code.Lines = append( + code.Lines, + Line{ + Truncated: true, + Number: outerRange.GetStartLine() + 1, + }, + ) + } + } + + for lineNo := innerRange.GetStartLine(); lineNo <= innerRange.GetEndLine(); lineNo++ { + + if lineNo-1 >= len(rawLines) || lineNo-1 >= len(highlightedLines) { + break + } + + line := Line{ + Number: lineNo, + Content: strings.TrimSuffix(rawLines[lineNo-1], "\r"), + Highlighted: strings.TrimSuffix(highlightedLines[lineNo-1], "\r"), + IsCause: true, + } + + if hasAnnotation && lineNo == innerRange.GetStartLine() { + line.Annotation = r.Annotation() + } + + code.Lines = append(code.Lines, line) + } + + if outerRange.GetEndLine() > innerRange.GetEndLine() { + if outerRange.GetEndLine() > innerRange.GetEndLine()+1 { + code.Lines = append( + code.Lines, + Line{ + Truncated: true, + Number: outerRange.GetEndLine() - 1, + }, + ) + } + code.Lines = append( + code.Lines, + Line{ + Content: rawLines[outerRange.GetEndLine()-1], + Highlighted: highlightedLines[outerRange.GetEndLine()-1], + Number: outerRange.GetEndLine(), + }, + ) + + } + + } else { + for lineNo := outerRange.GetStartLine(); lineNo <= outerRange.GetEndLine(); lineNo++ { + + line := Line{ + Number: lineNo, + Content: strings.TrimSuffix(rawLines[lineNo-1], "\r"), + Highlighted: strings.TrimSuffix(highlightedLines[lineNo-1], "\r"), + IsCause: lineNo >= innerRange.GetStartLine() && lineNo <= innerRange.GetEndLine(), + } + + if hasAnnotation && lineNo == innerRange.GetStartLine() { + line.Annotation = r.Annotation() + } + + code.Lines = append(code.Lines, line) + } + } + + if settings.allowTruncation && len(code.Lines) > settings.maxLines && settings.maxLines > 0 { + previouslyTruncated := settings.maxLines-1 > 0 && code.Lines[settings.maxLines-2].Truncated + if settings.maxLines-1 > 0 && code.Lines[settings.maxLines-1].LastCause { + code.Lines[settings.maxLines-2].LastCause = true + } + code.Lines[settings.maxLines-1] = Line{ + Truncated: true, + Number: code.Lines[settings.maxLines-1].Number, + } + if previouslyTruncated { + code.Lines = code.Lines[:settings.maxLines-1] + } else { + code.Lines = code.Lines[:settings.maxLines] + } + } + + var first, last bool + for i, line := range code.Lines { + if line.IsCause && !first { + code.Lines[i].FirstCause = true + first = true + continue + } + if first && !line.IsCause && i > 0 { + code.Lines[i-1].LastCause = true + last = true + break + } + } + if !last && len(code.Lines) > 0 { + code.Lines[len(code.Lines)-1].LastCause = true + } + + return &code, nil +} diff --git a/pkg/iac/scan/code_test.go b/pkg/iac/scan/code_test.go new file mode 100644 index 000000000000..3e68d99ad73f --- /dev/null +++ b/pkg/iac/scan/code_test.go @@ -0,0 +1,266 @@ +package scan + +import ( + "os" + "strings" + "testing" + + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + + "github.com/stretchr/testify/assert" + + "github.com/stretchr/testify/require" + + "github.com/liamg/memoryfs" +) + +func TestResult_GetCode(t *testing.T) { + + tests := []struct { + name string + source string + filename string + start int + end int + outerStart int + outerEnd int + expected []Line + options []CodeOption + wantErr bool + annotation string + }{ + { + name: "basic w/ defaults", + source: `1 +2 +3 +4`, + filename: "test.txt", + start: 2, + end: 3, + expected: []Line{ + { + Number: 2, + Content: "2", + IsCause: true, + Highlighted: "2", + FirstCause: true, + LastCause: false, + }, + { + Number: 3, + Content: "3", + IsCause: true, + Highlighted: "3", + FirstCause: false, + LastCause: true, + }, + }, + }, + { + name: "nested ranges", + source: `resource "aws_s3_bucket" "something" { + bucket = "something" +}`, + filename: "main.tf", + start: 2, + end: 2, + outerStart: 1, + outerEnd: 3, + options: []CodeOption{OptionCodeWithHighlighted(false)}, + expected: []Line{ + { + Number: 1, + Content: `resource "aws_s3_bucket" "something" {`, + }, + { + Number: 2, + Content: ` bucket = "something"`, + IsCause: true, + FirstCause: true, + LastCause: true, + }, + { + Number: 3, + Content: "}", + }, + }, + }, + { + name: "bad filename", + source: `1 +2 +3 +4`, + filename: "", + start: 2, + end: 3, + wantErr: true, + }, + { + name: "no line numbers", + source: `1 +2 +3 +4`, + filename: "test.txt", + start: 0, + end: 0, + wantErr: true, + }, + { + name: "negative line numbers", + source: `1 +2 +3 +4`, + filename: "test.txt", + start: -2, + end: -1, + wantErr: true, + }, + { + name: "invalid line numbers", + source: `1 +2 +3 +4`, + filename: "test.txt", + start: 5, + end: 6, + wantErr: true, + }, + { + name: "syntax highlighting", + source: `FROM ubuntu`, + filename: "Dockerfile", + start: 1, + end: 1, + expected: []Line{ + { + Number: 1, + Content: "FROM ubuntu", + IsCause: true, + Highlighted: "\x1b[38;5;64mFROM\x1b[0m\x1b[38;5;37m ubuntu\x1b[0m", + FirstCause: true, + LastCause: true, + }, + }, + }, + { + name: "truncation", + source: strings.Repeat("If you can do a half-assed job of anything, you're a one-eyed man in a kingdom of the blind.\n", 100), + filename: "longfile.txt", + start: 1, + end: 100, + expected: []Line{ + { + Number: 1, + Content: "If you can do a half-assed job of anything, you're a one-eyed man in a kingdom of the blind.", + IsCause: true, + Highlighted: "If you can do a half-assed job of anything, you're a one-eyed man in a kingdom of the blind.", + FirstCause: true, + LastCause: false, + }, + { + Number: 2, + Content: "If you can do a half-assed job of anything, you're a one-eyed man in a kingdom of the blind.", + IsCause: true, + Highlighted: "If you can do a half-assed job of anything, you're a one-eyed man in a kingdom of the blind.", + FirstCause: false, + LastCause: false, + }, + { + Number: 3, + Content: "If you can do a half-assed job of anything, you're a one-eyed man in a kingdom of the blind.", + IsCause: true, + Highlighted: "If you can do a half-assed job of anything, you're a one-eyed man in a kingdom of the blind.", + FirstCause: false, + LastCause: false, + }, + { + Number: 4, + Content: "If you can do a half-assed job of anything, you're a one-eyed man in a kingdom of the blind.", + IsCause: true, + Highlighted: "If you can do a half-assed job of anything, you're a one-eyed man in a kingdom of the blind.", + FirstCause: false, + LastCause: false, + }, + { + Number: 5, + Content: "If you can do a half-assed job of anything, you're a one-eyed man in a kingdom of the blind.", + IsCause: true, + Highlighted: "If you can do a half-assed job of anything, you're a one-eyed man in a kingdom of the blind.", + FirstCause: false, + LastCause: false, + }, + { + Number: 6, + Content: "If you can do a half-assed job of anything, you're a one-eyed man in a kingdom of the blind.", + IsCause: true, + Highlighted: "If you can do a half-assed job of anything, you're a one-eyed man in a kingdom of the blind.", + FirstCause: false, + LastCause: false, + }, + { + Number: 7, + Content: "If you can do a half-assed job of anything, you're a one-eyed man in a kingdom of the blind.", + IsCause: true, + Highlighted: "If you can do a half-assed job of anything, you're a one-eyed man in a kingdom of the blind.", + FirstCause: false, + LastCause: false, + }, + { + Number: 8, + Content: "If you can do a half-assed job of anything, you're a one-eyed man in a kingdom of the blind.", + IsCause: true, + Highlighted: "If you can do a half-assed job of anything, you're a one-eyed man in a kingdom of the blind.", + FirstCause: false, + LastCause: false, + }, + { + Number: 9, + Content: "If you can do a half-assed job of anything, you're a one-eyed man in a kingdom of the blind.", + IsCause: true, + Highlighted: "If you can do a half-assed job of anything, you're a one-eyed man in a kingdom of the blind.", + FirstCause: false, + LastCause: true, + }, + { + Number: 10, + Truncated: true, + }, + }, + }, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + system := memoryfs.New() + require.NoError(t, system.WriteFile(test.filename, []byte(test.source), os.ModePerm)) + meta := defsecTypes.NewMetadata( + defsecTypes.NewRange(test.filename, test.start, test.end, "", system), + "", + ) + if test.outerStart > 0 { + meta = meta.WithParent(defsecTypes.NewMetadata( + defsecTypes.NewRange(test.filename, test.outerStart, test.outerEnd, "", system), + "", + )) + } + result := &Result{ + annotation: test.annotation, + metadata: meta, + fsPath: test.filename, + } + code, err := result.GetCode(test.options...) + if test.wantErr { + require.Error(t, err) + return + } + require.NoError(t, err) + assert.Equal(t, test.expected, code.Lines) + }) + } + +} diff --git a/pkg/iac/scan/flat.go b/pkg/iac/scan/flat.go new file mode 100755 index 000000000000..c640b5fc14ac --- /dev/null +++ b/pkg/iac/scan/flat.go @@ -0,0 +1,72 @@ +package scan + +import ( + "github.com/aquasecurity/trivy/pkg/iac/providers" + "github.com/aquasecurity/trivy/pkg/iac/severity" +) + +type FlatResult struct { + RuleID string `json:"rule_id"` + LongID string `json:"long_id"` + RuleSummary string `json:"rule_description"` + RuleProvider providers.Provider `json:"rule_provider"` + RuleService string `json:"rule_service"` + Impact string `json:"impact"` + Resolution string `json:"resolution"` + Links []string `json:"links"` + Description string `json:"description"` + RangeAnnotation string `json:"-"` + Severity severity.Severity `json:"severity"` + Warning bool `json:"warning"` + Status Status `json:"status"` + Resource string `json:"resource"` + Occurrences []Occurrence `json:"occurrences,omitempty"` + Location FlatRange `json:"location"` +} + +type FlatRange struct { + Filename string `json:"filename"` + StartLine int `json:"start_line"` + EndLine int `json:"end_line"` +} + +func (r Results) Flatten() []FlatResult { + var results []FlatResult + for _, original := range r { + results = append(results, original.Flatten()) + } + return results +} + +func (r *Result) Flatten() FlatResult { + rng := r.metadata.Range() + + resMetadata := r.metadata + + for resMetadata.Parent() != nil { + resMetadata = *resMetadata.Parent() + } + + return FlatResult{ + RuleID: r.rule.AVDID, + LongID: r.Rule().LongID(), + RuleSummary: r.rule.Summary, + RuleProvider: r.rule.Provider, + RuleService: r.rule.Service, + Impact: r.rule.Impact, + Resolution: r.rule.Resolution, + Links: r.rule.Links, + Description: r.Description(), + RangeAnnotation: r.Annotation(), + Severity: r.rule.Severity, + Status: r.status, + Resource: resMetadata.Reference(), + Occurrences: r.Occurrences(), + Warning: r.IsWarning(), + Location: FlatRange{ + Filename: rng.GetFilename(), + StartLine: rng.GetStartLine(), + EndLine: rng.GetEndLine(), + }, + } +} diff --git a/pkg/iac/scan/highlighting.go b/pkg/iac/scan/highlighting.go new file mode 100644 index 000000000000..7f46a29a20c7 --- /dev/null +++ b/pkg/iac/scan/highlighting.go @@ -0,0 +1,124 @@ +package scan + +import ( + "bytes" + "fmt" + "strings" + "sync" + + "github.com/alecthomas/chroma" + "github.com/alecthomas/chroma/formatters" + "github.com/alecthomas/chroma/lexers" + "github.com/alecthomas/chroma/styles" +) + +type cache struct { + sync.RWMutex + data map[string][]string +} + +func (c *cache) Get(key string) ([]string, bool) { + c.RLock() + defer c.RUnlock() + data, ok := c.data[key] + return data, ok +} + +func (c *cache) Set(key string, data []string) { + c.Lock() + defer c.Unlock() + c.data[key] = data +} + +var globalCache = &cache{ + data: make(map[string][]string), +} + +func highlight(fsKey string, filename string, input []byte, theme string) []string { + + key := fmt.Sprintf("%s|%s", fsKey, filename) + if lines, ok := globalCache.Get(key); ok { + return lines + } + + lexer := lexers.Match(filename) + if lexer == nil { + lexer = lexers.Fallback + } + lexer = chroma.Coalesce(lexer) + + style := styles.Get(theme) + if style == nil { + style = styles.Fallback + } + formatter := formatters.Get("terminal256") + if formatter == nil { + formatter = formatters.Fallback + } + + // replace windows line endings + input = bytes.ReplaceAll(input, []byte{0x0d}, []byte{}) + iterator, err := lexer.Tokenise(nil, string(input)) + if err != nil { + return nil + } + + buffer := bytes.NewBuffer([]byte{}) + if err := formatter.Format(buffer, style, iterator); err != nil { + return nil + } + + raw := shiftANSIOverLineEndings(buffer.Bytes()) + lines := strings.Split(string(raw), "\n") + globalCache.Set(key, lines) + return lines +} + +func shiftANSIOverLineEndings(input []byte) []byte { + var output []byte + prev := byte(0) + inCSI := false + csiShouldCarry := false + var csi []byte + var skipOutput bool + for _, r := range input { + skipOutput = false + if !inCSI { + switch { + case r == '\n': + if csiShouldCarry && len(csi) > 0 { + skipOutput = true + output = append(output, '\n') + output = append(output, csi...) + csi = nil + csiShouldCarry = false + } + case r == '[' && prev == 0x1b: + inCSI = true + csi = append(csi, 0x1b, '[') + output = output[:len(output)-1] + skipOutput = true + default: + csiShouldCarry = false + if len(csi) > 0 { + output = append(output, csi...) + csi = nil + } + } + } else { + csi = append(csi, r) + skipOutput = true + switch { + case r >= 0x40 && r <= 0x7E: + csiShouldCarry = true + inCSI = false + } + } + if !skipOutput { + output = append(output, r) + } + prev = r + } + + return append(output, csi...) +} diff --git a/pkg/iac/scan/result.go b/pkg/iac/scan/result.go new file mode 100755 index 000000000000..9c1fe4ef5a61 --- /dev/null +++ b/pkg/iac/scan/result.go @@ -0,0 +1,366 @@ +package scan + +import ( + "fmt" + "io/fs" + "path/filepath" + "reflect" + "strings" + + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + + "github.com/aquasecurity/trivy/pkg/iac/severity" +) + +type Status uint8 + +const ( + StatusFailed Status = iota + StatusPassed + StatusIgnored +) + +type Result struct { + rule Rule + description string + annotation string + status Status + metadata defsecTypes.Metadata + severityOverride *severity.Severity + regoNamespace string + regoRule string + warning bool + traces []string + fsPath string +} + +func (r Result) RegoNamespace() string { + return r.regoNamespace +} + +func (r Result) RegoRule() string { + return r.regoRule +} + +func (r Result) Severity() severity.Severity { + if r.severityOverride != nil { + return *r.severityOverride + } + return r.Rule().Severity +} + +func (r *Result) IsWarning() bool { + return r.warning +} + +func (r *Result) OverrideSeverity(s severity.Severity) { + r.severityOverride = &s +} + +func (r *Result) OverrideDescription(description string) { + r.description = description +} + +func (r *Result) OverrideMetadata(metadata defsecTypes.Metadata) { + r.metadata = metadata +} + +func (r *Result) OverrideStatus(status Status) { + r.status = status +} + +func (r *Result) OverrideAnnotation(annotation string) { + r.annotation = annotation +} + +func (r *Result) SetRule(ru Rule) { + r.rule = ru +} + +func (r Result) Status() Status { + return r.status +} + +func (r Result) Rule() Rule { + return r.rule +} + +func (r Result) Description() string { + return r.description +} + +func (r Result) Annotation() string { + return r.annotation +} + +func (r Result) Metadata() defsecTypes.Metadata { + return r.metadata +} + +func (r Result) Range() defsecTypes.Range { + return r.metadata.Range() +} + +func (r Result) Traces() []string { + return r.traces +} + +func (r *Result) AbsolutePath(fsRoot string, metadata defsecTypes.Metadata) string { + if strings.HasSuffix(fsRoot, ":") { + fsRoot += "/" + } + + if metadata.IsUnmanaged() { + return "" + } + rng := metadata.Range() + if rng.GetSourcePrefix() != "" && !strings.HasPrefix(rng.GetSourcePrefix(), ".") { + return rng.GetFilename() + } + return filepath.Join(fsRoot, rng.GetLocalFilename()) +} + +func (r *Result) RelativePathTo(fsRoot, to string, metadata defsecTypes.Metadata) string { + + absolute := r.AbsolutePath(fsRoot, metadata) + + if strings.HasSuffix(fsRoot, ":") { + fsRoot += "/" + } + + if metadata.IsUnmanaged() { + return absolute + } + rng := metadata.Range() + if rng.GetSourcePrefix() != "" && !strings.HasPrefix(rng.GetSourcePrefix(), ".") { + return absolute + } + if !strings.HasPrefix(rng.GetLocalFilename(), strings.TrimSuffix(fsRoot, "/")) { + return absolute + } + relative, err := filepath.Rel(to, rng.GetLocalFilename()) + if err != nil { + return absolute + } + return relative +} + +type Results []Result + +type MetadataProvider interface { + GetMetadata() defsecTypes.Metadata + GetRawValue() interface{} +} + +func (r *Results) GetPassed() Results { + return r.filterStatus(StatusPassed) +} + +func (r *Results) GetIgnored() Results { + return r.filterStatus(StatusIgnored) +} + +func (r *Results) GetFailed() Results { + return r.filterStatus(StatusFailed) +} + +func (r *Results) filterStatus(status Status) Results { + var filtered Results + if r == nil { + return filtered + } + for _, res := range *r { + if res.Status() == status { + filtered = append(filtered, res) + } + } + return filtered +} + +func (r *Results) Add(description string, source interface{}) { + result := Result{ + description: description, + } + result.metadata = getMetadataFromSource(source) + if result.metadata.IsExplicit() { + result.annotation = getAnnotation(source) + } + rnge := result.metadata.Range() + result.fsPath = rnge.GetLocalFilename() + *r = append(*r, result) +} + +func (r *Results) AddRego(description string, namespace string, rule string, traces []string, source MetadataProvider) { + result := Result{ + description: description, + regoNamespace: namespace, + regoRule: rule, + warning: rule == "warn" || strings.HasPrefix(rule, "warn_"), + traces: traces, + } + result.metadata = getMetadataFromSource(source) + if result.metadata.IsExplicit() { + result.annotation = getAnnotation(source) + } + rnge := result.metadata.Range() + result.fsPath = rnge.GetLocalFilename() + *r = append(*r, result) +} + +func (r *Results) AddPassed(source interface{}, descriptions ...string) { + res := Result{ + description: strings.Join(descriptions, " "), + status: StatusPassed, + } + res.metadata = getMetadataFromSource(source) + rnge := res.metadata.Range() + res.fsPath = rnge.GetLocalFilename() + *r = append(*r, res) +} + +func getMetadataFromSource(source interface{}) defsecTypes.Metadata { + if provider, ok := source.(MetadataProvider); ok { + return provider.GetMetadata() + } + + metaValue := reflect.ValueOf(source) + if metaValue.Kind() == reflect.Ptr { + metaValue = metaValue.Elem() + } + metaVal := metaValue.FieldByName("Metadata") + return metaVal.Interface().(defsecTypes.Metadata) +} + +func getAnnotation(source interface{}) string { + if provider, ok := source.(MetadataProvider); ok { + return rawToString(provider.GetRawValue()) + } + return "" +} + +func (r *Results) AddPassedRego(namespace string, rule string, traces []string, source interface{}) { + res := Result{ + status: StatusPassed, + regoNamespace: namespace, + regoRule: rule, + traces: traces, + } + res.metadata = getMetadataFromSource(source) + rnge := res.metadata.Range() + res.fsPath = rnge.GetLocalFilename() + *r = append(*r, res) +} + +func (r *Results) AddIgnored(source interface{}, descriptions ...string) { + res := Result{ + description: strings.Join(descriptions, " "), + status: StatusIgnored, + } + res.metadata = getMetadataFromSource(source) + rnge := res.metadata.Range() + res.fsPath = rnge.GetLocalFilename() + *r = append(*r, res) +} + +func (r *Results) SetRule(rule Rule) { + for i := range *r { + (*r)[i].rule = rule + } +} + +func (r *Results) SetSourceAndFilesystem(source string, f fs.FS, logicalSource bool) { + for i := range *r { + m := (*r)[i].Metadata() + if m.IsUnmanaged() { + continue + } + rng := m.Range() + + newrng := defsecTypes.NewRange(rng.GetLocalFilename(), rng.GetStartLine(), rng.GetEndLine(), source, f) + if logicalSource { + newrng = defsecTypes.NewRangeWithLogicalSource(rng.GetLocalFilename(), rng.GetStartLine(), rng.GetEndLine(), + source, f) + } + parent := m.Parent() + switch { + case m.IsExplicit(): + m = defsecTypes.NewExplicitMetadata(newrng, m.Reference()) + default: + m = defsecTypes.NewMetadata(newrng, m.Reference()) + } + if parent != nil { + m.SetParentPtr(parent) + } + (*r)[i].OverrideMetadata(m) + } +} + +func rawToString(raw interface{}) string { + if raw == nil { + return "" + } + switch t := raw.(type) { + case int: + return fmt.Sprintf("%d", t) + case bool: + return fmt.Sprintf("%t", t) + case float64: + return fmt.Sprintf("%f", t) + case string: + return fmt.Sprintf("%q", t) + case []string: + var items []string + for _, item := range t { + items = append(items, rawToString(item)) + } + return fmt.Sprintf("[%s]", strings.Join(items, ", ")) + case []int: + var items []string + for _, item := range t { + items = append(items, rawToString(item)) + } + return fmt.Sprintf("[%s]", strings.Join(items, ", ")) + case []float64: + var items []string + for _, item := range t { + items = append(items, rawToString(item)) + } + return fmt.Sprintf("[%s]", strings.Join(items, ", ")) + case []bool: + var items []string + for _, item := range t { + items = append(items, rawToString(item)) + } + return fmt.Sprintf("[%s]", strings.Join(items, ", ")) + default: + return "?" + } +} + +type Occurrence struct { + Resource string `json:"resource"` + Filename string `json:"filename"` + StartLine int `json:"start_line"` + EndLine int `json:"end_line"` +} + +func (r *Result) Occurrences() []Occurrence { + var occurrences []Occurrence + + mod := &r.metadata + + for { + mod = mod.Parent() + if mod == nil { + break + } + parentRange := mod.Range() + occurrences = append(occurrences, Occurrence{ + Resource: mod.Reference(), + Filename: parentRange.GetFilename(), + StartLine: parentRange.GetStartLine(), + EndLine: parentRange.GetEndLine(), + }) + } + return occurrences +} diff --git a/pkg/iac/scan/result_test.go b/pkg/iac/scan/result_test.go new file mode 100644 index 000000000000..d5b9a4a577f0 --- /dev/null +++ b/pkg/iac/scan/result_test.go @@ -0,0 +1,56 @@ +package scan_test + +import ( + "testing" + + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/types" + "github.com/stretchr/testify/assert" +) + +func Test_Occurrences(t *testing.T) { + tests := []struct { + name string + factory func() *scan.Result + expected []scan.Occurrence + }{ + { + name: "happy", + factory: func() *scan.Result { + r := scan.Result{} + causeResourceMeta := types.NewMetadata(types.NewRange( + "main.tf", 1, 13, "", nil, + ), "module.aws-security-groups[\"db1\"]") + + parentMeta := types.NewMetadata(types.NewRange( + "terraform-aws-modules/security-group/aws/main.tf", 191, 227, "", nil, + ), "aws_security_group_rule.ingress_with_cidr_blocks[0]").WithParent(causeResourceMeta) + + r.OverrideMetadata(types.NewMetadata(types.NewRange( + "terraform-aws-modules/security-group/aws/main.tf", 197, 204, "", nil, + ), "aws_security_group_rule.ingress_with_cidr_blocks").WithParent(parentMeta)) + return &r + }, + expected: []scan.Occurrence{ + { + Resource: "aws_security_group_rule.ingress_with_cidr_blocks[0]", + Filename: "terraform-aws-modules/security-group/aws/main.tf", + StartLine: 191, + EndLine: 227, + }, + { + Resource: "module.aws-security-groups[\"db1\"]", + Filename: "main.tf", + StartLine: 1, + EndLine: 13, + }, + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + assert.Equal(t, tt.expected, tt.factory().Occurrences()) + }) + } +} diff --git a/pkg/iac/scan/rule.go b/pkg/iac/scan/rule.go new file mode 100755 index 000000000000..a1a3ada18e99 --- /dev/null +++ b/pkg/iac/scan/rule.go @@ -0,0 +1,168 @@ +package scan + +import ( + "fmt" + "regexp" + "strings" + + "golang.org/x/text/cases" + "golang.org/x/text/language" + + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/providers" + "github.com/aquasecurity/trivy/pkg/iac/severity" + "github.com/aquasecurity/trivy/pkg/iac/state" + "github.com/aquasecurity/trivy/pkg/iac/terraform" +) + +type CheckFunc func(s *state.State) (results Results) + +type EngineMetadata struct { + GoodExamples []string `json:"good_examples,omitempty"` + BadExamples []string `json:"bad_examples,omitempty"` + RemediationMarkdown string `json:"remediation_markdown,omitempty"` + Links []string `json:"links,omitempty"` +} + +type CustomChecks struct { + Terraform *TerraformCustomCheck +} + +type TerraformCustomCheck struct { + RequiredTypes []string + RequiredLabels []string + RequiredSources []string + Check func(*terraform.Block, *terraform.Module) Results +} + +type Rule struct { + AVDID string `json:"avd_id"` + Aliases []string `json:"aliases"` + ShortCode string `json:"short_code"` + Summary string `json:"summary"` + Explanation string `json:"explanation"` + Impact string `json:"impact"` + Resolution string `json:"resolution"` + Provider providers.Provider `json:"provider"` + Service string `json:"service"` + Links []string `json:"links"` + Severity severity.Severity `json:"severity"` + Terraform *EngineMetadata `json:"terraform,omitempty"` + CloudFormation *EngineMetadata `json:"cloud_formation,omitempty"` + CustomChecks CustomChecks `json:"-"` + RegoPackage string `json:"-"` + Frameworks map[framework.Framework][]string `json:"frameworks"` + Check CheckFunc `json:"-"` +} + +func (r Rule) HasID(id string) bool { + if r.AVDID == id || r.LongID() == id { + return true + } + for _, alias := range r.Aliases { + if alias == id { + return true + } + } + return false +} + +func (r Rule) LongID() string { + return strings.ToLower(fmt.Sprintf("%s-%s-%s", r.Provider, r.Service, r.ShortCode)) +} + +func (r Rule) ServiceDisplayName() string { + return nicify(r.Service) +} + +func (r Rule) ShortCodeDisplayName() string { + return nicify(r.ShortCode) +} + +func (r Rule) CanCheck() bool { + return r.Check != nil +} + +func (r Rule) Evaluate(s *state.State) Results { + if !r.CanCheck() { + return nil + } + results := r.Check(s) + for i := range results { + results[i].SetRule(r) + } + return results +} + +var acronyms = []string{ + "acl", + "alb", + "api", + "arn", + "aws", + "cidr", + "db", + "dns", + "ebs", + "ec2", + "ecr", + "ecs", + "efs", + "eks", + "elb", + "gke", + "http", + "http2", + "https", + "iam", + "im", + "imds", + "ip", + "ips", + "kms", + "lb", + "md5", + "mfa", + "mq", + "msk", + "rbac", + "rdp", + "rds", + "rsa", + "sam", + "sgr", + "sha1", + "sha256", + "sns", + "sql", + "sqs", + "ssh", + "ssm", + "tls", + "ubla", + "vm", + "vpc", + "vtpm", + "waf", +} + +var specials = map[string]string{ + "dynamodb": "DynamoDB", + "documentdb": "DocumentDB", + "mysql": "MySQL", + "postgresql": "PostgreSQL", + "acls": "ACLs", + "ips": "IPs", + "bigquery": "BigQuery", +} + +func nicify(input string) string { + input = strings.ToLower(input) + for replace, with := range specials { + input = regexp.MustCompile(fmt.Sprintf("\\b%s\\b", replace)).ReplaceAllString(input, with) + } + for _, acronym := range acronyms { + input = regexp.MustCompile(fmt.Sprintf("\\b%s\\b", acronym)).ReplaceAllString(input, strings.ToUpper(acronym)) + } + return cases.Title(language.English).String(strings.ReplaceAll(input, "-", " ")) +} diff --git a/pkg/iac/scanners/azure/arm/parser/armjson/bench_test.go b/pkg/iac/scanners/azure/arm/parser/armjson/bench_test.go index f2e56f853f7b..12bc71eae899 100644 --- a/pkg/iac/scanners/azure/arm/parser/armjson/bench_test.go +++ b/pkg/iac/scanners/azure/arm/parser/armjson/bench_test.go @@ -4,7 +4,7 @@ import ( "encoding/json" "testing" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/scanners/azure/arm/parser/armjson/decode.go b/pkg/iac/scanners/azure/arm/parser/armjson/decode.go index 5dd2f6fd3e1c..1f228065b9c5 100644 --- a/pkg/iac/scanners/azure/arm/parser/armjson/decode.go +++ b/pkg/iac/scanners/azure/arm/parser/armjson/decode.go @@ -4,7 +4,7 @@ import ( "fmt" "reflect" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func (n *node) Decode(target interface{}) error { diff --git a/pkg/iac/scanners/azure/arm/parser/armjson/decode_meta_test.go b/pkg/iac/scanners/azure/arm/parser/armjson/decode_meta_test.go index 57e657a7093a..9924288497fe 100644 --- a/pkg/iac/scanners/azure/arm/parser/armjson/decode_meta_test.go +++ b/pkg/iac/scanners/azure/arm/parser/armjson/decode_meta_test.go @@ -3,7 +3,7 @@ package armjson import ( "testing" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/scanners/azure/arm/parser/armjson/node.go b/pkg/iac/scanners/azure/arm/parser/armjson/node.go index 3c398d6ed29c..af8f9188ebd8 100644 --- a/pkg/iac/scanners/azure/arm/parser/armjson/node.go +++ b/pkg/iac/scanners/azure/arm/parser/armjson/node.go @@ -1,6 +1,6 @@ package armjson -import "github.com/aquasecurity/defsec/pkg/types" +import "github.com/aquasecurity/trivy/pkg/iac/types" type Node interface { Comments() []Node diff --git a/pkg/iac/scanners/azure/arm/parser/armjson/parse.go b/pkg/iac/scanners/azure/arm/parser/armjson/parse.go index ac86f459fced..8248ec1a1723 100644 --- a/pkg/iac/scanners/azure/arm/parser/armjson/parse.go +++ b/pkg/iac/scanners/azure/arm/parser/armjson/parse.go @@ -4,7 +4,7 @@ import ( "fmt" "strings" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/types" ) type parser struct { diff --git a/pkg/iac/scanners/azure/arm/parser/armjson/parse_array.go b/pkg/iac/scanners/azure/arm/parser/armjson/parse_array.go index 795d69460253..8d3795ee792a 100644 --- a/pkg/iac/scanners/azure/arm/parser/armjson/parse_array.go +++ b/pkg/iac/scanners/azure/arm/parser/armjson/parse_array.go @@ -3,7 +3,7 @@ package armjson import ( "fmt" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func (p *parser) parseArray(parentMetadata *types.Metadata) (Node, error) { diff --git a/pkg/iac/scanners/azure/arm/parser/armjson/parse_array_test.go b/pkg/iac/scanners/azure/arm/parser/armjson/parse_array_test.go index f1146ab08d87..382da0b0c45d 100644 --- a/pkg/iac/scanners/azure/arm/parser/armjson/parse_array_test.go +++ b/pkg/iac/scanners/azure/arm/parser/armjson/parse_array_test.go @@ -3,7 +3,7 @@ package armjson import ( "testing" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/scanners/azure/arm/parser/armjson/parse_boolean.go b/pkg/iac/scanners/azure/arm/parser/armjson/parse_boolean.go index 3d97589acdcb..30903ea85973 100644 --- a/pkg/iac/scanners/azure/arm/parser/armjson/parse_boolean.go +++ b/pkg/iac/scanners/azure/arm/parser/armjson/parse_boolean.go @@ -3,7 +3,7 @@ package armjson import ( "fmt" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/types" ) var trueRunes = []rune("true") diff --git a/pkg/iac/scanners/azure/arm/parser/armjson/parse_boolean_test.go b/pkg/iac/scanners/azure/arm/parser/armjson/parse_boolean_test.go index e1d44db6119c..106d55f426f5 100644 --- a/pkg/iac/scanners/azure/arm/parser/armjson/parse_boolean_test.go +++ b/pkg/iac/scanners/azure/arm/parser/armjson/parse_boolean_test.go @@ -3,7 +3,7 @@ package armjson import ( "testing" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/scanners/azure/arm/parser/armjson/parse_comment.go b/pkg/iac/scanners/azure/arm/parser/armjson/parse_comment.go index 7f35078ae84e..3408d330c2b3 100644 --- a/pkg/iac/scanners/azure/arm/parser/armjson/parse_comment.go +++ b/pkg/iac/scanners/azure/arm/parser/armjson/parse_comment.go @@ -3,7 +3,7 @@ package armjson import ( "strings" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func (p *parser) parseComment(parentMetadata *types.Metadata) (Node, error) { diff --git a/pkg/iac/scanners/azure/arm/parser/armjson/parse_complex_test.go b/pkg/iac/scanners/azure/arm/parser/armjson/parse_complex_test.go index 17c4014b83a3..3584ebc97fa1 100644 --- a/pkg/iac/scanners/azure/arm/parser/armjson/parse_complex_test.go +++ b/pkg/iac/scanners/azure/arm/parser/armjson/parse_complex_test.go @@ -3,7 +3,7 @@ package armjson import ( "testing" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/scanners/azure/arm/parser/armjson/parse_null.go b/pkg/iac/scanners/azure/arm/parser/armjson/parse_null.go index 36fa5d7370e1..1a0011ec5dac 100644 --- a/pkg/iac/scanners/azure/arm/parser/armjson/parse_null.go +++ b/pkg/iac/scanners/azure/arm/parser/armjson/parse_null.go @@ -3,7 +3,7 @@ package armjson import ( "fmt" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/types" ) var nullRunes = []rune("null") diff --git a/pkg/iac/scanners/azure/arm/parser/armjson/parse_null_test.go b/pkg/iac/scanners/azure/arm/parser/armjson/parse_null_test.go index 5fd343479c82..4f6d109fdf4f 100644 --- a/pkg/iac/scanners/azure/arm/parser/armjson/parse_null_test.go +++ b/pkg/iac/scanners/azure/arm/parser/armjson/parse_null_test.go @@ -3,7 +3,7 @@ package armjson import ( "testing" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/scanners/azure/arm/parser/armjson/parse_number.go b/pkg/iac/scanners/azure/arm/parser/armjson/parse_number.go index ca544cecce35..586fbd3a4841 100644 --- a/pkg/iac/scanners/azure/arm/parser/armjson/parse_number.go +++ b/pkg/iac/scanners/azure/arm/parser/armjson/parse_number.go @@ -5,7 +5,7 @@ import ( "strconv" "strings" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func (p *parser) parseNumber(parentMetadata *types.Metadata) (Node, error) { diff --git a/pkg/iac/scanners/azure/arm/parser/armjson/parse_number_test.go b/pkg/iac/scanners/azure/arm/parser/armjson/parse_number_test.go index 237c3b918fe9..39226b090ede 100644 --- a/pkg/iac/scanners/azure/arm/parser/armjson/parse_number_test.go +++ b/pkg/iac/scanners/azure/arm/parser/armjson/parse_number_test.go @@ -3,7 +3,7 @@ package armjson import ( "testing" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/scanners/azure/arm/parser/armjson/parse_object.go b/pkg/iac/scanners/azure/arm/parser/armjson/parse_object.go index 9d9dc53472c7..392dbbbae697 100644 --- a/pkg/iac/scanners/azure/arm/parser/armjson/parse_object.go +++ b/pkg/iac/scanners/azure/arm/parser/armjson/parse_object.go @@ -1,7 +1,7 @@ package armjson import ( - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func (p *parser) parseObject(parentMetadata *types.Metadata) (Node, error) { diff --git a/pkg/iac/scanners/azure/arm/parser/armjson/parse_object_test.go b/pkg/iac/scanners/azure/arm/parser/armjson/parse_object_test.go index 56985ecbc805..f689ebd0fa26 100644 --- a/pkg/iac/scanners/azure/arm/parser/armjson/parse_object_test.go +++ b/pkg/iac/scanners/azure/arm/parser/armjson/parse_object_test.go @@ -3,7 +3,7 @@ package armjson import ( "testing" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/scanners/azure/arm/parser/armjson/parse_string.go b/pkg/iac/scanners/azure/arm/parser/armjson/parse_string.go index 7f4740cd459b..41847b914d7f 100644 --- a/pkg/iac/scanners/azure/arm/parser/armjson/parse_string.go +++ b/pkg/iac/scanners/azure/arm/parser/armjson/parse_string.go @@ -4,7 +4,7 @@ import ( "strconv" "strings" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/types" ) var escapes = map[rune]string{ diff --git a/pkg/iac/scanners/azure/arm/parser/armjson/parse_string_test.go b/pkg/iac/scanners/azure/arm/parser/armjson/parse_string_test.go index 83c98cd859fc..b2c546f479d2 100644 --- a/pkg/iac/scanners/azure/arm/parser/armjson/parse_string_test.go +++ b/pkg/iac/scanners/azure/arm/parser/armjson/parse_string_test.go @@ -3,7 +3,7 @@ package armjson import ( "testing" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/scanners/azure/arm/parser/armjson/unmarshal.go b/pkg/iac/scanners/azure/arm/parser/armjson/unmarshal.go index 6e096a694d8a..a75942808eba 100644 --- a/pkg/iac/scanners/azure/arm/parser/armjson/unmarshal.go +++ b/pkg/iac/scanners/azure/arm/parser/armjson/unmarshal.go @@ -4,7 +4,7 @@ import ( "bytes" "io" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/types" ) type Unmarshaller interface { diff --git a/pkg/iac/scanners/azure/arm/parser/parser.go b/pkg/iac/scanners/azure/arm/parser/parser.go index ca8a86f89b81..e5e171914b42 100644 --- a/pkg/iac/scanners/azure/arm/parser/parser.go +++ b/pkg/iac/scanners/azure/arm/parser/parser.go @@ -8,12 +8,12 @@ import ( "path/filepath" "strings" - "github.com/aquasecurity/defsec/pkg/debug" - "github.com/aquasecurity/defsec/pkg/scanners/options" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/debug" azure2 "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure/arm/parser/armjson" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure/resolver" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/types" ) type Parser struct { diff --git a/pkg/iac/scanners/azure/arm/parser/parser_test.go b/pkg/iac/scanners/azure/arm/parser/parser_test.go index 493a17ac37c0..d54a147370e0 100644 --- a/pkg/iac/scanners/azure/arm/parser/parser_test.go +++ b/pkg/iac/scanners/azure/arm/parser/parser_test.go @@ -6,14 +6,14 @@ import ( "os" "testing" - "github.com/aquasecurity/defsec/pkg/types" azure2 "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure/resolver" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/liamg/memoryfs" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/aquasecurity/defsec/pkg/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" ) func createMetadata(targetFS fs.FS, filename string, start, end int, ref string, parent *types.Metadata) types.Metadata { diff --git a/pkg/iac/scanners/azure/arm/parser/template.go b/pkg/iac/scanners/azure/arm/parser/template.go index 04dd5a78cef7..ed7b3fa30238 100644 --- a/pkg/iac/scanners/azure/arm/parser/template.go +++ b/pkg/iac/scanners/azure/arm/parser/template.go @@ -1,9 +1,9 @@ package parser import ( - "github.com/aquasecurity/defsec/pkg/types" types2 "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure/arm/parser/armjson" + "github.com/aquasecurity/trivy/pkg/iac/types" ) type Template struct { diff --git a/pkg/iac/scanners/azure/arm/parser/template_test.go b/pkg/iac/scanners/azure/arm/parser/template_test.go index bc2083b9c2b5..3c96c8cf588f 100644 --- a/pkg/iac/scanners/azure/arm/parser/template_test.go +++ b/pkg/iac/scanners/azure/arm/parser/template_test.go @@ -5,9 +5,9 @@ import ( "path/filepath" "testing" - "github.com/aquasecurity/defsec/pkg/types" types2 "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure/arm/parser/armjson" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/scanners/azure/arm/scanner.go b/pkg/iac/scanners/azure/arm/scanner.go index 48f8df6a9cfc..d9ae227a0992 100644 --- a/pkg/iac/scanners/azure/arm/scanner.go +++ b/pkg/iac/scanners/azure/arm/scanner.go @@ -7,18 +7,18 @@ import ( "io/fs" "sync" - "github.com/aquasecurity/defsec/pkg/debug" - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/rego" - "github.com/aquasecurity/defsec/pkg/rules" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/scanners/options" - "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/pkg/iac/adapters/arm" + "github.com/aquasecurity/trivy/pkg/iac/debug" + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/rego" + "github.com/aquasecurity/trivy/pkg/iac/rules" + "github.com/aquasecurity/trivy/pkg/iac/scan" "github.com/aquasecurity/trivy/pkg/iac/scanners" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure/arm/parser" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/state" + "github.com/aquasecurity/trivy/pkg/iac/types" ) var _ scanners.FSScanner = (*Scanner)(nil) diff --git a/pkg/iac/scanners/azure/deployment.go b/pkg/iac/scanners/azure/deployment.go index 6df8b48d6b6a..f2f050f7cf95 100644 --- a/pkg/iac/scanners/azure/deployment.go +++ b/pkg/iac/scanners/azure/deployment.go @@ -3,7 +3,7 @@ package azure import ( "os" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/types" ) type Deployment struct { diff --git a/pkg/iac/scanners/azure/resolver/resolver.go b/pkg/iac/scanners/azure/resolver/resolver.go index 06383c43b2f0..00b248cc4eef 100644 --- a/pkg/iac/scanners/azure/resolver/resolver.go +++ b/pkg/iac/scanners/azure/resolver/resolver.go @@ -1,9 +1,9 @@ package resolver import ( - defsecTypes "github.com/aquasecurity/defsec/pkg/types" azure2 "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure/expressions" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Resolver interface { diff --git a/pkg/iac/scanners/azure/resolver/resolver_test.go b/pkg/iac/scanners/azure/resolver/resolver_test.go index ee72b4593863..b4aabdce0a7f 100644 --- a/pkg/iac/scanners/azure/resolver/resolver_test.go +++ b/pkg/iac/scanners/azure/resolver/resolver_test.go @@ -4,8 +4,8 @@ import ( "testing" "time" - "github.com/aquasecurity/defsec/pkg/types" azure2 "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/scanners/azure/value.go b/pkg/iac/scanners/azure/value.go index eb57927ebbbe..1b21d62de380 100644 --- a/pkg/iac/scanners/azure/value.go +++ b/pkg/iac/scanners/azure/value.go @@ -6,8 +6,8 @@ import ( "golang.org/x/exp/slices" - "github.com/aquasecurity/defsec/pkg/types" armjson2 "github.com/aquasecurity/trivy/pkg/iac/scanners/azure/arm/parser/armjson" + "github.com/aquasecurity/trivy/pkg/iac/types" ) type EvalContext struct{} diff --git a/pkg/iac/scanners/azure/value_test.go b/pkg/iac/scanners/azure/value_test.go index 7b463722794e..646ddc0b0cd0 100644 --- a/pkg/iac/scanners/azure/value_test.go +++ b/pkg/iac/scanners/azure/value_test.go @@ -3,7 +3,7 @@ package azure import ( "testing" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/assert" ) diff --git a/pkg/iac/scanners/cloudformation/parser/file_context.go b/pkg/iac/scanners/cloudformation/parser/file_context.go index 35f4483018f8..252e519bf096 100644 --- a/pkg/iac/scanners/cloudformation/parser/file_context.go +++ b/pkg/iac/scanners/cloudformation/parser/file_context.go @@ -1,7 +1,7 @@ package parser import ( - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type SourceFormat string diff --git a/pkg/iac/scanners/cloudformation/parser/fn_and_test.go b/pkg/iac/scanners/cloudformation/parser/fn_and_test.go index a2a9989b2805..2663270e99dc 100644 --- a/pkg/iac/scanners/cloudformation/parser/fn_and_test.go +++ b/pkg/iac/scanners/cloudformation/parser/fn_and_test.go @@ -3,8 +3,8 @@ package parser import ( "testing" - "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/cftypes" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/scanners/cloudformation/parser/fn_base64_test.go b/pkg/iac/scanners/cloudformation/parser/fn_base64_test.go index d1f31600a8c1..7a30827f761c 100644 --- a/pkg/iac/scanners/cloudformation/parser/fn_base64_test.go +++ b/pkg/iac/scanners/cloudformation/parser/fn_base64_test.go @@ -1,8 +1,8 @@ package parser import ( - "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/cftypes" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/scanners/cloudformation/parser/fn_equals_test.go b/pkg/iac/scanners/cloudformation/parser/fn_equals_test.go index b1b74724c636..e3a806798393 100644 --- a/pkg/iac/scanners/cloudformation/parser/fn_equals_test.go +++ b/pkg/iac/scanners/cloudformation/parser/fn_equals_test.go @@ -3,8 +3,8 @@ package parser import ( "testing" - "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/cftypes" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/scanners/cloudformation/parser/fn_if_test.go b/pkg/iac/scanners/cloudformation/parser/fn_if_test.go index a232b157e7a7..0e5e41bbc963 100644 --- a/pkg/iac/scanners/cloudformation/parser/fn_if_test.go +++ b/pkg/iac/scanners/cloudformation/parser/fn_if_test.go @@ -3,8 +3,8 @@ package parser import ( "testing" - "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/cftypes" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/scanners/cloudformation/parser/fn_join_test.go b/pkg/iac/scanners/cloudformation/parser/fn_join_test.go index 6e8abf143f19..8eca9ad5763b 100644 --- a/pkg/iac/scanners/cloudformation/parser/fn_join_test.go +++ b/pkg/iac/scanners/cloudformation/parser/fn_join_test.go @@ -3,8 +3,8 @@ package parser import ( "testing" - "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/cftypes" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/scanners/cloudformation/parser/fn_not_test.go b/pkg/iac/scanners/cloudformation/parser/fn_not_test.go index 55cdcede75eb..44df6fa6d421 100644 --- a/pkg/iac/scanners/cloudformation/parser/fn_not_test.go +++ b/pkg/iac/scanners/cloudformation/parser/fn_not_test.go @@ -3,8 +3,8 @@ package parser import ( "testing" - "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/cftypes" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/scanners/cloudformation/parser/fn_or_test.go b/pkg/iac/scanners/cloudformation/parser/fn_or_test.go index 095af0b940a7..18340031434b 100644 --- a/pkg/iac/scanners/cloudformation/parser/fn_or_test.go +++ b/pkg/iac/scanners/cloudformation/parser/fn_or_test.go @@ -3,8 +3,8 @@ package parser import ( "testing" - "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/cftypes" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/scanners/cloudformation/parser/fn_ref_test.go b/pkg/iac/scanners/cloudformation/parser/fn_ref_test.go index e017190b44db..a535b30386e2 100644 --- a/pkg/iac/scanners/cloudformation/parser/fn_ref_test.go +++ b/pkg/iac/scanners/cloudformation/parser/fn_ref_test.go @@ -3,8 +3,8 @@ package parser import ( "testing" - "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/cftypes" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/scanners/cloudformation/parser/fn_split_test.go b/pkg/iac/scanners/cloudformation/parser/fn_split_test.go index f3e73f2c3d4a..59261ff57a20 100644 --- a/pkg/iac/scanners/cloudformation/parser/fn_split_test.go +++ b/pkg/iac/scanners/cloudformation/parser/fn_split_test.go @@ -1,8 +1,8 @@ package parser import ( - "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/cftypes" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/pkg/iac/scanners/cloudformation/parser/parser.go b/pkg/iac/scanners/cloudformation/parser/parser.go index 5ba989220544..43e4099289c5 100644 --- a/pkg/iac/scanners/cloudformation/parser/parser.go +++ b/pkg/iac/scanners/cloudformation/parser/parser.go @@ -14,9 +14,9 @@ import ( "github.com/liamg/jfather" "gopkg.in/yaml.v3" - "github.com/aquasecurity/defsec/pkg/debug" - "github.com/aquasecurity/defsec/pkg/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/debug" "github.com/aquasecurity/trivy/pkg/iac/detection" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" ) var _ options.ConfigurableParser = (*Parser)(nil) diff --git a/pkg/iac/scanners/cloudformation/parser/property.go b/pkg/iac/scanners/cloudformation/parser/property.go index 466de3497c85..de377e895f14 100644 --- a/pkg/iac/scanners/cloudformation/parser/property.go +++ b/pkg/iac/scanners/cloudformation/parser/property.go @@ -9,8 +9,8 @@ import ( "github.com/liamg/jfather" "gopkg.in/yaml.v3" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/cftypes" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type EqualityOptions = int diff --git a/pkg/iac/scanners/cloudformation/parser/property_helpers.go b/pkg/iac/scanners/cloudformation/parser/property_helpers.go index c7b9d9efac2d..4e8533d89428 100644 --- a/pkg/iac/scanners/cloudformation/parser/property_helpers.go +++ b/pkg/iac/scanners/cloudformation/parser/property_helpers.go @@ -4,8 +4,8 @@ import ( "strconv" "strings" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/cftypes" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func (p *Property) IsNil() bool { diff --git a/pkg/iac/scanners/cloudformation/parser/property_helpers_test.go b/pkg/iac/scanners/cloudformation/parser/property_helpers_test.go index 1fa1885a408b..4b3779eac587 100644 --- a/pkg/iac/scanners/cloudformation/parser/property_helpers_test.go +++ b/pkg/iac/scanners/cloudformation/parser/property_helpers_test.go @@ -3,8 +3,8 @@ package parser import ( "testing" - "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/cftypes" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/assert" ) diff --git a/pkg/iac/scanners/cloudformation/parser/reference.go b/pkg/iac/scanners/cloudformation/parser/reference.go index 2ff10058d868..d5cf5e40e936 100644 --- a/pkg/iac/scanners/cloudformation/parser/reference.go +++ b/pkg/iac/scanners/cloudformation/parser/reference.go @@ -3,7 +3,7 @@ package parser import ( "fmt" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type CFReference struct { diff --git a/pkg/iac/scanners/cloudformation/parser/resource.go b/pkg/iac/scanners/cloudformation/parser/resource.go index d18bc2212d16..7db1bbb7e858 100644 --- a/pkg/iac/scanners/cloudformation/parser/resource.go +++ b/pkg/iac/scanners/cloudformation/parser/resource.go @@ -7,7 +7,7 @@ import ( "github.com/liamg/jfather" "gopkg.in/yaml.v3" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Resource struct { diff --git a/pkg/iac/scanners/cloudformation/scanner.go b/pkg/iac/scanners/cloudformation/scanner.go index c93ca7c841e8..4c0cbbc4216d 100644 --- a/pkg/iac/scanners/cloudformation/scanner.go +++ b/pkg/iac/scanners/cloudformation/scanner.go @@ -8,16 +8,16 @@ import ( "sort" "sync" - "github.com/aquasecurity/defsec/pkg/debug" - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/rego" - "github.com/aquasecurity/defsec/pkg/rules" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/scanners/options" - "github.com/aquasecurity/defsec/pkg/types" adapter "github.com/aquasecurity/trivy/pkg/iac/adapters/cloudformation" + "github.com/aquasecurity/trivy/pkg/iac/debug" + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/rego" + "github.com/aquasecurity/trivy/pkg/iac/rules" + "github.com/aquasecurity/trivy/pkg/iac/scan" "github.com/aquasecurity/trivy/pkg/iac/scanners" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func WithParameters(params map[string]any) options.ScannerOption { diff --git a/pkg/iac/scanners/cloudformation/scanner_test.go b/pkg/iac/scanners/cloudformation/scanner_test.go index 0f10f0a3e48f..6aea88abc1af 100644 --- a/pkg/iac/scanners/cloudformation/scanner_test.go +++ b/pkg/iac/scanners/cloudformation/scanner_test.go @@ -4,13 +4,13 @@ import ( "context" "testing" - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/scan" "github.com/aquasecurity/trivy/internal/testutil" + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/scan" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/aquasecurity/defsec/pkg/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" ) func Test_BasicScan(t *testing.T) { diff --git a/pkg/iac/scanners/cloudformation/test/cf_scanning_test.go b/pkg/iac/scanners/cloudformation/test/cf_scanning_test.go index 8f52c7a197c0..47063669a24d 100644 --- a/pkg/iac/scanners/cloudformation/test/cf_scanning_test.go +++ b/pkg/iac/scanners/cloudformation/test/cf_scanning_test.go @@ -10,7 +10,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/aquasecurity/defsec/pkg/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" ) func Test_basic_cloudformation_scanning(t *testing.T) { diff --git a/pkg/iac/scanners/dockerfile/parser/parser.go b/pkg/iac/scanners/dockerfile/parser/parser.go index 8b13d1e0e61e..d6ff7b4df21a 100644 --- a/pkg/iac/scanners/dockerfile/parser/parser.go +++ b/pkg/iac/scanners/dockerfile/parser/parser.go @@ -11,10 +11,10 @@ import ( "github.com/moby/buildkit/frontend/dockerfile/instructions" "github.com/moby/buildkit/frontend/dockerfile/parser" - "github.com/aquasecurity/defsec/pkg/debug" - "github.com/aquasecurity/defsec/pkg/providers/dockerfile" - "github.com/aquasecurity/defsec/pkg/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/debug" "github.com/aquasecurity/trivy/pkg/iac/detection" + "github.com/aquasecurity/trivy/pkg/iac/providers/dockerfile" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" ) var _ options.ConfigurableParser = (*Parser)(nil) diff --git a/pkg/iac/scanners/dockerfile/scanner.go b/pkg/iac/scanners/dockerfile/scanner.go index 5d7bca114562..88a18e35ed1a 100644 --- a/pkg/iac/scanners/dockerfile/scanner.go +++ b/pkg/iac/scanners/dockerfile/scanner.go @@ -6,14 +6,14 @@ import ( "io/fs" "sync" - "github.com/aquasecurity/defsec/pkg/debug" - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/rego" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/scanners/options" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/debug" + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/rego" + "github.com/aquasecurity/trivy/pkg/iac/scan" "github.com/aquasecurity/trivy/pkg/iac/scanners" "github.com/aquasecurity/trivy/pkg/iac/scanners/dockerfile/parser" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/types" ) var _ scanners.FSScanner = (*Scanner)(nil) diff --git a/pkg/iac/scanners/dockerfile/scanner_test.go b/pkg/iac/scanners/dockerfile/scanner_test.go index 9277cc842a01..e396b15e1b09 100644 --- a/pkg/iac/scanners/dockerfile/scanner_test.go +++ b/pkg/iac/scanners/dockerfile/scanner_test.go @@ -5,12 +5,12 @@ import ( "context" "testing" - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/rego" - "github.com/aquasecurity/defsec/pkg/rego/schemas" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/scanners/options" "github.com/aquasecurity/trivy/internal/testutil" + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/rego" + "github.com/aquasecurity/trivy/pkg/iac/rego/schemas" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/scanners/helm/options.go b/pkg/iac/scanners/helm/options.go index b2ec6ddf987d..009809e734e6 100644 --- a/pkg/iac/scanners/helm/options.go +++ b/pkg/iac/scanners/helm/options.go @@ -1,8 +1,8 @@ package helm import ( - "github.com/aquasecurity/defsec/pkg/scanners/options" "github.com/aquasecurity/trivy/pkg/iac/scanners/helm/parser" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" ) type ConfigurableHelmScanner interface { diff --git a/pkg/iac/scanners/helm/parser/option.go b/pkg/iac/scanners/helm/parser/option.go index 6cf79009615d..379cc9460979 100644 --- a/pkg/iac/scanners/helm/parser/option.go +++ b/pkg/iac/scanners/helm/parser/option.go @@ -1,6 +1,6 @@ package parser -import "github.com/aquasecurity/defsec/pkg/scanners/options" +import "github.com/aquasecurity/trivy/pkg/iac/scanners/options" type ConfigurableHelmParser interface { options.ConfigurableParser diff --git a/pkg/iac/scanners/helm/parser/parser.go b/pkg/iac/scanners/helm/parser/parser.go index b6d8f77ad311..20228258e5d3 100644 --- a/pkg/iac/scanners/helm/parser/parser.go +++ b/pkg/iac/scanners/helm/parser/parser.go @@ -21,9 +21,9 @@ import ( "helm.sh/helm/v3/pkg/release" "helm.sh/helm/v3/pkg/releaseutil" - "github.com/aquasecurity/defsec/pkg/debug" - "github.com/aquasecurity/defsec/pkg/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/debug" detection2 "github.com/aquasecurity/trivy/pkg/iac/detection" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" ) var manifestNameRegex = regexp.MustCompile("# Source: [^/]+/(.+)") diff --git a/pkg/iac/scanners/helm/scanner.go b/pkg/iac/scanners/helm/scanner.go index 4a4fe4f4b0b0..e655932e01fd 100644 --- a/pkg/iac/scanners/helm/scanner.go +++ b/pkg/iac/scanners/helm/scanner.go @@ -10,16 +10,16 @@ import ( "github.com/liamg/memoryfs" - "github.com/aquasecurity/defsec/pkg/debug" - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/rego" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/scanners/options" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/debug" "github.com/aquasecurity/trivy/pkg/iac/detection" + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/rego" + "github.com/aquasecurity/trivy/pkg/iac/scan" "github.com/aquasecurity/trivy/pkg/iac/scanners" "github.com/aquasecurity/trivy/pkg/iac/scanners/helm/parser" kparser "github.com/aquasecurity/trivy/pkg/iac/scanners/kubernetes/parser" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/types" ) var _ scanners.FSScanner = (*Scanner)(nil) diff --git a/pkg/iac/scanners/helm/test/option_test.go b/pkg/iac/scanners/helm/test/option_test.go index 66f961a6b53d..2ad7efc64008 100644 --- a/pkg/iac/scanners/helm/test/option_test.go +++ b/pkg/iac/scanners/helm/test/option_test.go @@ -11,7 +11,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/aquasecurity/defsec/pkg/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" ) func Test_helm_parser_with_options_with_values_file(t *testing.T) { diff --git a/pkg/iac/scanners/helm/test/scanner_test.go b/pkg/iac/scanners/helm/test/scanner_test.go index 9819589b2644..67099af2bb36 100644 --- a/pkg/iac/scanners/helm/test/scanner_test.go +++ b/pkg/iac/scanners/helm/test/scanner_test.go @@ -10,8 +10,8 @@ import ( "strings" "testing" - "github.com/aquasecurity/defsec/pkg/scanners/options" "github.com/aquasecurity/trivy/pkg/iac/scanners/helm" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/scanners/json/parser/parser.go b/pkg/iac/scanners/json/parser/parser.go index ff3417b8f0b9..3504e3e10a3c 100644 --- a/pkg/iac/scanners/json/parser/parser.go +++ b/pkg/iac/scanners/json/parser/parser.go @@ -7,9 +7,9 @@ import ( "io/fs" "path/filepath" - "github.com/aquasecurity/defsec/pkg/debug" - "github.com/aquasecurity/defsec/pkg/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/debug" "github.com/aquasecurity/trivy/pkg/iac/detection" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" ) var _ options.ConfigurableParser = (*Parser)(nil) diff --git a/pkg/iac/scanners/json/scanner.go b/pkg/iac/scanners/json/scanner.go index eaa8fc43aa5a..5c53d0a10896 100644 --- a/pkg/iac/scanners/json/scanner.go +++ b/pkg/iac/scanners/json/scanner.go @@ -6,14 +6,14 @@ import ( "io/fs" "sync" - "github.com/aquasecurity/defsec/pkg/debug" - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/rego" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/scanners/options" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/debug" + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/rego" + "github.com/aquasecurity/trivy/pkg/iac/scan" "github.com/aquasecurity/trivy/pkg/iac/scanners" "github.com/aquasecurity/trivy/pkg/iac/scanners/json/parser" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/types" ) var _ scanners.FSScanner = (*Scanner)(nil) diff --git a/pkg/iac/scanners/json/scanner_test.go b/pkg/iac/scanners/json/scanner_test.go index 9ab8a2e431c2..774d26612823 100644 --- a/pkg/iac/scanners/json/scanner_test.go +++ b/pkg/iac/scanners/json/scanner_test.go @@ -4,10 +4,10 @@ import ( "context" "testing" - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/scanners/options" "github.com/aquasecurity/trivy/internal/testutil" + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/scanners/kubernetes/parser/parser.go b/pkg/iac/scanners/kubernetes/parser/parser.go index 297f196ac9f0..fd2c12ecb327 100644 --- a/pkg/iac/scanners/kubernetes/parser/parser.go +++ b/pkg/iac/scanners/kubernetes/parser/parser.go @@ -13,9 +13,9 @@ import ( "gopkg.in/yaml.v3" - "github.com/aquasecurity/defsec/pkg/debug" - "github.com/aquasecurity/defsec/pkg/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/debug" "github.com/aquasecurity/trivy/pkg/iac/detection" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" ) var _ options.ConfigurableParser = (*Parser)(nil) diff --git a/pkg/iac/scanners/kubernetes/scanner.go b/pkg/iac/scanners/kubernetes/scanner.go index 546c07f9bf0a..121c954990a3 100644 --- a/pkg/iac/scanners/kubernetes/scanner.go +++ b/pkg/iac/scanners/kubernetes/scanner.go @@ -10,14 +10,14 @@ import ( "github.com/liamg/memoryfs" - "github.com/aquasecurity/defsec/pkg/debug" - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/rego" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/scanners/options" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/debug" + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/rego" + "github.com/aquasecurity/trivy/pkg/iac/scan" "github.com/aquasecurity/trivy/pkg/iac/scanners" "github.com/aquasecurity/trivy/pkg/iac/scanners/kubernetes/parser" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/types" ) var _ scanners.FSScanner = (*Scanner)(nil) diff --git a/pkg/iac/scanners/kubernetes/scanner_test.go b/pkg/iac/scanners/kubernetes/scanner_test.go index f55a07ec39b1..931b2a09b8f2 100644 --- a/pkg/iac/scanners/kubernetes/scanner_test.go +++ b/pkg/iac/scanners/kubernetes/scanner_test.go @@ -6,10 +6,10 @@ import ( "strings" "testing" - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/scanners/options" "github.com/aquasecurity/trivy/internal/testutil" + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/scanners/options/parser.go b/pkg/iac/scanners/options/parser.go new file mode 100644 index 000000000000..65ec41bb825d --- /dev/null +++ b/pkg/iac/scanners/options/parser.go @@ -0,0 +1,23 @@ +package options + +import "io" + +type ConfigurableParser interface { + SetDebugWriter(io.Writer) + SetSkipRequiredCheck(bool) +} + +type ParserOption func(s ConfigurableParser) + +func ParserWithSkipRequiredCheck(skip bool) ParserOption { + return func(s ConfigurableParser) { + s.SetSkipRequiredCheck(skip) + } +} + +// ParserWithDebug specifies an io.Writer for debug logs - if not set, they are discarded +func ParserWithDebug(w io.Writer) ParserOption { + return func(s ConfigurableParser) { + s.SetDebugWriter(w) + } +} diff --git a/pkg/iac/scanners/options/scanner.go b/pkg/iac/scanners/options/scanner.go new file mode 100644 index 000000000000..02c01be5c95a --- /dev/null +++ b/pkg/iac/scanners/options/scanner.go @@ -0,0 +1,128 @@ +package options + +import ( + "io" + "io/fs" + + "github.com/aquasecurity/trivy/pkg/iac/framework" +) + +type ConfigurableScanner interface { + SetDebugWriter(io.Writer) + SetTraceWriter(io.Writer) + SetPerResultTracingEnabled(bool) + SetPolicyDirs(...string) + SetDataDirs(...string) + SetPolicyNamespaces(...string) + SetSkipRequiredCheck(bool) + SetPolicyReaders([]io.Reader) + SetPolicyFilesystem(fs.FS) + SetDataFilesystem(fs.FS) + SetUseEmbeddedPolicies(bool) + SetFrameworks(frameworks []framework.Framework) + SetSpec(spec string) + SetRegoOnly(regoOnly bool) + SetRegoErrorLimit(limit int) + SetUseEmbeddedLibraries(bool) +} + +type ScannerOption func(s ConfigurableScanner) + +func ScannerWithFrameworks(frameworks ...framework.Framework) ScannerOption { + return func(s ConfigurableScanner) { + s.SetFrameworks(frameworks) + } +} + +func ScannerWithSpec(spec string) ScannerOption { + return func(s ConfigurableScanner) { + s.SetSpec(spec) + } +} + +func ScannerWithPolicyReader(readers ...io.Reader) ScannerOption { + return func(s ConfigurableScanner) { + s.SetPolicyReaders(readers) + } +} + +// ScannerWithDebug specifies an io.Writer for debug logs - if not set, they are discarded +func ScannerWithDebug(w io.Writer) ScannerOption { + return func(s ConfigurableScanner) { + s.SetDebugWriter(w) + } +} + +func ScannerWithEmbeddedPolicies(embedded bool) ScannerOption { + return func(s ConfigurableScanner) { + s.SetUseEmbeddedPolicies(embedded) + } +} + +func ScannerWithEmbeddedLibraries(enabled bool) ScannerOption { + return func(s ConfigurableScanner) { + s.SetUseEmbeddedLibraries(enabled) + } +} + +// ScannerWithTrace specifies an io.Writer for trace logs (mainly rego tracing) - if not set, they are discarded +func ScannerWithTrace(w io.Writer) ScannerOption { + return func(s ConfigurableScanner) { + s.SetTraceWriter(w) + } +} + +func ScannerWithPerResultTracing(enabled bool) ScannerOption { + return func(s ConfigurableScanner) { + s.SetPerResultTracingEnabled(enabled) + } +} + +func ScannerWithPolicyDirs(paths ...string) ScannerOption { + return func(s ConfigurableScanner) { + s.SetPolicyDirs(paths...) + } +} + +func ScannerWithDataDirs(paths ...string) ScannerOption { + return func(s ConfigurableScanner) { + s.SetDataDirs(paths...) + } +} + +// ScannerWithPolicyNamespaces - namespaces which indicate rego policies containing enforced rules +func ScannerWithPolicyNamespaces(namespaces ...string) ScannerOption { + return func(s ConfigurableScanner) { + s.SetPolicyNamespaces(namespaces...) + } +} + +func ScannerWithSkipRequiredCheck(skip bool) ScannerOption { + return func(s ConfigurableScanner) { + s.SetSkipRequiredCheck(skip) + } +} + +func ScannerWithPolicyFilesystem(f fs.FS) ScannerOption { + return func(s ConfigurableScanner) { + s.SetPolicyFilesystem(f) + } +} + +func ScannerWithDataFilesystem(f fs.FS) ScannerOption { + return func(s ConfigurableScanner) { + s.SetDataFilesystem(f) + } +} + +func ScannerWithRegoOnly(regoOnly bool) ScannerOption { + return func(s ConfigurableScanner) { + s.SetRegoOnly(regoOnly) + } +} + +func ScannerWithRegoErrorLimits(limit int) ScannerOption { + return func(s ConfigurableScanner) { + s.SetRegoErrorLimit(limit) + } +} diff --git a/pkg/iac/scanners/scanner.go b/pkg/iac/scanners/scanner.go index 4d940d029d42..e792545b9e97 100644 --- a/pkg/iac/scanners/scanner.go +++ b/pkg/iac/scanners/scanner.go @@ -5,7 +5,7 @@ import ( "io/fs" "os" - "github.com/aquasecurity/defsec/pkg/scan" + "github.com/aquasecurity/trivy/pkg/iac/scan" ) type WriteFileFS interface { diff --git a/pkg/iac/scanners/terraform/attribute_test.go b/pkg/iac/scanners/terraform/attribute_test.go index 04fad7f32aa2..e81486e938a2 100644 --- a/pkg/iac/scanners/terraform/attribute_test.go +++ b/pkg/iac/scanners/terraform/attribute_test.go @@ -3,7 +3,7 @@ package terraform import ( "testing" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/terraform" "github.com/stretchr/testify/assert" ) diff --git a/pkg/iac/scanners/terraform/count_test.go b/pkg/iac/scanners/terraform/count_test.go index 2c8794787df3..2ce46c4388cc 100644 --- a/pkg/iac/scanners/terraform/count_test.go +++ b/pkg/iac/scanners/terraform/count_test.go @@ -3,12 +3,12 @@ package terraform import ( "testing" - "github.com/aquasecurity/defsec/pkg/providers" - "github.com/aquasecurity/defsec/pkg/rules" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/severity" - "github.com/aquasecurity/defsec/pkg/terraform" "github.com/aquasecurity/trivy/internal/testutil" + "github.com/aquasecurity/trivy/pkg/iac/providers" + "github.com/aquasecurity/trivy/pkg/iac/rules" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/severity" + "github.com/aquasecurity/trivy/pkg/iac/terraform" "github.com/stretchr/testify/assert" ) diff --git a/pkg/iac/scanners/terraform/deterministic_test.go b/pkg/iac/scanners/terraform/deterministic_test.go index 8b11f1ba65a6..d47161ec0059 100644 --- a/pkg/iac/scanners/terraform/deterministic_test.go +++ b/pkg/iac/scanners/terraform/deterministic_test.go @@ -4,8 +4,8 @@ import ( "context" "testing" - "github.com/aquasecurity/defsec/pkg/rules" "github.com/aquasecurity/trivy/internal/testutil" + "github.com/aquasecurity/trivy/pkg/iac/rules" "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/executor" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/parser" "github.com/stretchr/testify/require" diff --git a/pkg/iac/scanners/terraform/executor/executor.go b/pkg/iac/scanners/terraform/executor/executor.go index ece352daf0bd..003b5b7f4db2 100644 --- a/pkg/iac/scanners/terraform/executor/executor.go +++ b/pkg/iac/scanners/terraform/executor/executor.go @@ -6,15 +6,15 @@ import ( "strings" "time" - "github.com/aquasecurity/defsec/pkg/debug" - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/rego" - "github.com/aquasecurity/defsec/pkg/rules" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/severity" - "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/defsec/pkg/terraform" adapter "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform" + "github.com/aquasecurity/trivy/pkg/iac/debug" + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/rego" + "github.com/aquasecurity/trivy/pkg/iac/rules" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/severity" + "github.com/aquasecurity/trivy/pkg/iac/state" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) // Executor scans HCL blocks by running all registered rules against them diff --git a/pkg/iac/scanners/terraform/executor/executor_test.go b/pkg/iac/scanners/terraform/executor/executor_test.go index 3f49b54fcde7..952803a507f5 100644 --- a/pkg/iac/scanners/terraform/executor/executor_test.go +++ b/pkg/iac/scanners/terraform/executor/executor_test.go @@ -4,13 +4,13 @@ import ( "context" "testing" - "github.com/aquasecurity/defsec/pkg/providers" - "github.com/aquasecurity/defsec/pkg/rules" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/severity" - "github.com/aquasecurity/defsec/pkg/terraform" "github.com/aquasecurity/trivy/internal/testutil" + "github.com/aquasecurity/trivy/pkg/iac/providers" + "github.com/aquasecurity/trivy/pkg/iac/rules" + "github.com/aquasecurity/trivy/pkg/iac/scan" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/parser" + "github.com/aquasecurity/trivy/pkg/iac/severity" + "github.com/aquasecurity/trivy/pkg/iac/terraform" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/scanners/terraform/executor/option.go b/pkg/iac/scanners/terraform/executor/option.go index 5470146321e1..d32abb7afdcb 100644 --- a/pkg/iac/scanners/terraform/executor/option.go +++ b/pkg/iac/scanners/terraform/executor/option.go @@ -3,11 +3,11 @@ package executor import ( "io" - "github.com/aquasecurity/defsec/pkg/debug" - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/rego" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/state" + "github.com/aquasecurity/trivy/pkg/iac/debug" + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/rego" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/state" ) type Option func(s *Executor) diff --git a/pkg/iac/scanners/terraform/executor/pool.go b/pkg/iac/scanners/terraform/executor/pool.go index 39a277c5480d..a62fbe510de0 100644 --- a/pkg/iac/scanners/terraform/executor/pool.go +++ b/pkg/iac/scanners/terraform/executor/pool.go @@ -9,11 +9,11 @@ import ( "strings" "sync" - "github.com/aquasecurity/defsec/pkg/rego" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/defsec/pkg/terraform" - types "github.com/aquasecurity/defsec/pkg/types/rules" + "github.com/aquasecurity/trivy/pkg/iac/rego" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/state" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + types "github.com/aquasecurity/trivy/pkg/iac/types/rules" ) type Pool struct { diff --git a/pkg/iac/scanners/terraform/executor/statistics.go b/pkg/iac/scanners/terraform/executor/statistics.go index 6bdaab0fd2a4..fc42985747a5 100644 --- a/pkg/iac/scanners/terraform/executor/statistics.go +++ b/pkg/iac/scanners/terraform/executor/statistics.go @@ -10,7 +10,7 @@ import ( "github.com/olekukonko/tablewriter" - "github.com/aquasecurity/defsec/pkg/scan" + "github.com/aquasecurity/trivy/pkg/iac/scan" ) type StatisticsItem struct { diff --git a/pkg/iac/scanners/terraform/fs_test.go b/pkg/iac/scanners/terraform/fs_test.go index eaf54e8c32c5..117b3c17ac6e 100644 --- a/pkg/iac/scanners/terraform/fs_test.go +++ b/pkg/iac/scanners/terraform/fs_test.go @@ -5,7 +5,7 @@ import ( "os" "testing" - "github.com/aquasecurity/defsec/pkg/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/scanners/terraform/ignore_test.go b/pkg/iac/scanners/terraform/ignore_test.go index eccfe49a40f7..6e561d256653 100644 --- a/pkg/iac/scanners/terraform/ignore_test.go +++ b/pkg/iac/scanners/terraform/ignore_test.go @@ -5,11 +5,11 @@ import ( "strings" "testing" - "github.com/aquasecurity/defsec/pkg/providers" - "github.com/aquasecurity/defsec/pkg/rules" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/severity" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/providers" + "github.com/aquasecurity/trivy/pkg/iac/rules" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/severity" + "github.com/aquasecurity/trivy/pkg/iac/terraform" "github.com/stretchr/testify/assert" ) diff --git a/pkg/iac/scanners/terraform/json_test.go b/pkg/iac/scanners/terraform/json_test.go index d61ea6175029..835425265f17 100644 --- a/pkg/iac/scanners/terraform/json_test.go +++ b/pkg/iac/scanners/terraform/json_test.go @@ -3,12 +3,12 @@ package terraform import ( "testing" - "github.com/aquasecurity/defsec/pkg/providers" - "github.com/aquasecurity/defsec/pkg/rules" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/severity" - "github.com/aquasecurity/defsec/pkg/terraform" "github.com/aquasecurity/trivy/internal/testutil" + "github.com/aquasecurity/trivy/pkg/iac/providers" + "github.com/aquasecurity/trivy/pkg/iac/rules" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/severity" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func TestScanningJSON(t *testing.T) { diff --git a/pkg/iac/scanners/terraform/module_test.go b/pkg/iac/scanners/terraform/module_test.go index 99db7a23e1fb..a8131b40c5d0 100644 --- a/pkg/iac/scanners/terraform/module_test.go +++ b/pkg/iac/scanners/terraform/module_test.go @@ -7,15 +7,15 @@ import ( "os" "testing" - "github.com/aquasecurity/defsec/pkg/providers" - "github.com/aquasecurity/defsec/pkg/rules" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/scanners/options" - "github.com/aquasecurity/defsec/pkg/severity" - "github.com/aquasecurity/defsec/pkg/terraform" "github.com/aquasecurity/trivy/internal/testutil" + "github.com/aquasecurity/trivy/pkg/iac/providers" + "github.com/aquasecurity/trivy/pkg/iac/rules" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/executor" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/parser" + "github.com/aquasecurity/trivy/pkg/iac/severity" + "github.com/aquasecurity/trivy/pkg/iac/terraform" "github.com/stretchr/testify/require" "github.com/aquasecurity/trivy-policies/checks/cloud/aws/iam" diff --git a/pkg/iac/scanners/terraform/options.go b/pkg/iac/scanners/terraform/options.go index 3fd3ba63579f..c0fce8134a34 100644 --- a/pkg/iac/scanners/terraform/options.go +++ b/pkg/iac/scanners/terraform/options.go @@ -4,12 +4,12 @@ import ( "io/fs" "strings" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/scanners/options" - "github.com/aquasecurity/defsec/pkg/severity" - "github.com/aquasecurity/defsec/pkg/state" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/executor" "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/parser" + "github.com/aquasecurity/trivy/pkg/iac/severity" + "github.com/aquasecurity/trivy/pkg/iac/state" ) type ConfigurableTerraformScanner interface { diff --git a/pkg/iac/scanners/terraform/parser/evaluator.go b/pkg/iac/scanners/terraform/parser/evaluator.go index e83ea9301db9..1dea2e9473a3 100644 --- a/pkg/iac/scanners/terraform/parser/evaluator.go +++ b/pkg/iac/scanners/terraform/parser/evaluator.go @@ -14,10 +14,10 @@ import ( "github.com/zclconf/go-cty/cty/convert" "golang.org/x/exp/slices" - "github.com/aquasecurity/defsec/pkg/debug" - "github.com/aquasecurity/defsec/pkg/terraform" - tfcontext "github.com/aquasecurity/defsec/pkg/terraform/context" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/debug" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + tfcontext "github.com/aquasecurity/trivy/pkg/iac/terraform/context" + "github.com/aquasecurity/trivy/pkg/iac/types" ) const ( diff --git a/pkg/iac/scanners/terraform/parser/load_blocks.go b/pkg/iac/scanners/terraform/parser/load_blocks.go index 34b303e3a91f..c5409d42f27b 100644 --- a/pkg/iac/scanners/terraform/parser/load_blocks.go +++ b/pkg/iac/scanners/terraform/parser/load_blocks.go @@ -8,8 +8,8 @@ import ( "github.com/hashicorp/hcl/v2" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func loadBlocksFromFile(file sourceFile, moduleSource string) (hcl.Blocks, []terraform.Ignore, error) { diff --git a/pkg/iac/scanners/terraform/parser/load_module.go b/pkg/iac/scanners/terraform/parser/load_module.go index 7f1ef3060995..4afa69beb462 100644 --- a/pkg/iac/scanners/terraform/parser/load_module.go +++ b/pkg/iac/scanners/terraform/parser/load_module.go @@ -10,8 +10,8 @@ import ( "github.com/zclconf/go-cty/cty" - "github.com/aquasecurity/defsec/pkg/terraform" "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/parser/resolvers" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) type moduleLoadError struct { diff --git a/pkg/iac/scanners/terraform/parser/option.go b/pkg/iac/scanners/terraform/parser/option.go index a37e20da1888..887899496f1b 100644 --- a/pkg/iac/scanners/terraform/parser/option.go +++ b/pkg/iac/scanners/terraform/parser/option.go @@ -3,7 +3,7 @@ package parser import ( "io/fs" - "github.com/aquasecurity/defsec/pkg/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" ) type ConfigurableTerraformParser interface { diff --git a/pkg/iac/scanners/terraform/parser/parser.go b/pkg/iac/scanners/terraform/parser/parser.go index 7f3fa52b2307..c5ed55fcc3cd 100644 --- a/pkg/iac/scanners/terraform/parser/parser.go +++ b/pkg/iac/scanners/terraform/parser/parser.go @@ -14,11 +14,11 @@ import ( "github.com/hashicorp/hcl/v2/hclparse" "github.com/zclconf/go-cty/cty" - "github.com/aquasecurity/defsec/pkg/debug" - "github.com/aquasecurity/defsec/pkg/scanners/options" - "github.com/aquasecurity/defsec/pkg/terraform" - tfcontext "github.com/aquasecurity/defsec/pkg/terraform/context" "github.com/aquasecurity/trivy/pkg/extrafs" + "github.com/aquasecurity/trivy/pkg/iac/debug" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + tfcontext "github.com/aquasecurity/trivy/pkg/iac/terraform/context" ) type sourceFile struct { diff --git a/pkg/iac/scanners/terraform/parser/parser_test.go b/pkg/iac/scanners/terraform/parser/parser_test.go index 21ee4ffd381a..926d9e56603d 100644 --- a/pkg/iac/scanners/terraform/parser/parser_test.go +++ b/pkg/iac/scanners/terraform/parser/parser_test.go @@ -6,8 +6,8 @@ import ( "sort" "testing" - "github.com/aquasecurity/defsec/pkg/scanners/options" - "github.com/aquasecurity/defsec/test/testutil" + "github.com/aquasecurity/trivy/internal/testutil" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/zclconf/go-cty/cty" diff --git a/pkg/iac/scanners/terraform/parser/resolvers/options.go b/pkg/iac/scanners/terraform/parser/resolvers/options.go index 61f720e8cc9e..8373a78525cd 100644 --- a/pkg/iac/scanners/terraform/parser/resolvers/options.go +++ b/pkg/iac/scanners/terraform/parser/resolvers/options.go @@ -3,7 +3,7 @@ package resolvers import ( "strings" - "github.com/aquasecurity/defsec/pkg/debug" + "github.com/aquasecurity/trivy/pkg/iac/debug" ) type Options struct { diff --git a/pkg/iac/scanners/terraform/parser/sort.go b/pkg/iac/scanners/terraform/parser/sort.go index d43e86b4e740..28fc79b1990c 100644 --- a/pkg/iac/scanners/terraform/parser/sort.go +++ b/pkg/iac/scanners/terraform/parser/sort.go @@ -3,7 +3,7 @@ package parser import ( "sort" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func sortBlocksByHierarchy(blocks terraform.Blocks) { diff --git a/pkg/iac/scanners/terraform/performance_test.go b/pkg/iac/scanners/terraform/performance_test.go index 52380a5801a4..f4a390a3b2cc 100644 --- a/pkg/iac/scanners/terraform/performance_test.go +++ b/pkg/iac/scanners/terraform/performance_test.go @@ -6,8 +6,8 @@ import ( "io/fs" "testing" - "github.com/aquasecurity/defsec/pkg/rules" "github.com/aquasecurity/trivy/internal/testutil" + "github.com/aquasecurity/trivy/pkg/iac/rules" "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/executor" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/parser" ) diff --git a/pkg/iac/scanners/terraform/scanner.go b/pkg/iac/scanners/terraform/scanner.go index 340f5855842d..cccd69dddca8 100644 --- a/pkg/iac/scanners/terraform/scanner.go +++ b/pkg/iac/scanners/terraform/scanner.go @@ -12,18 +12,18 @@ import ( "golang.org/x/exp/slices" - "github.com/aquasecurity/defsec/pkg/debug" - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/rego" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/scanners/options" - "github.com/aquasecurity/defsec/pkg/terraform" - "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy/pkg/extrafs" + "github.com/aquasecurity/trivy/pkg/iac/debug" + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/rego" + "github.com/aquasecurity/trivy/pkg/iac/scan" "github.com/aquasecurity/trivy/pkg/iac/scanners" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" executor2 "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/executor" "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/parser" "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/parser/resolvers" + "github.com/aquasecurity/trivy/pkg/iac/terraform" + "github.com/aquasecurity/trivy/pkg/iac/types" ) var _ scanners.FSScanner = (*Scanner)(nil) diff --git a/pkg/iac/scanners/terraform/scanner_integration_test.go b/pkg/iac/scanners/terraform/scanner_integration_test.go index 976ebb2d1783..892a65e036a6 100644 --- a/pkg/iac/scanners/terraform/scanner_integration_test.go +++ b/pkg/iac/scanners/terraform/scanner_integration_test.go @@ -6,8 +6,8 @@ import ( "fmt" "testing" - "github.com/aquasecurity/defsec/pkg/scanners/options" "github.com/aquasecurity/trivy/internal/testutil" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/scanners/terraform/scanner_test.go b/pkg/iac/scanners/terraform/scanner_test.go index 103efe0da3cf..130427d9f5b4 100644 --- a/pkg/iac/scanners/terraform/scanner_test.go +++ b/pkg/iac/scanners/terraform/scanner_test.go @@ -7,14 +7,14 @@ import ( "strconv" "testing" - "github.com/aquasecurity/defsec/pkg/providers" - "github.com/aquasecurity/defsec/pkg/rules" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/scanners/options" - "github.com/aquasecurity/defsec/pkg/severity" - "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/defsec/pkg/terraform" "github.com/aquasecurity/trivy/internal/testutil" + "github.com/aquasecurity/trivy/pkg/iac/providers" + "github.com/aquasecurity/trivy/pkg/iac/rules" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/severity" + "github.com/aquasecurity/trivy/pkg/iac/state" + "github.com/aquasecurity/trivy/pkg/iac/terraform" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/scanners/terraform/setup_test.go b/pkg/iac/scanners/terraform/setup_test.go index 934c1fbf3362..c1f1aeb2e8ca 100644 --- a/pkg/iac/scanners/terraform/setup_test.go +++ b/pkg/iac/scanners/terraform/setup_test.go @@ -4,11 +4,11 @@ import ( "context" "testing" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/scanners/options" - "github.com/aquasecurity/defsec/pkg/terraform" "github.com/aquasecurity/trivy/internal/testutil" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/parser" + "github.com/aquasecurity/trivy/pkg/iac/terraform" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/scanners/terraform/wildcard_test.go b/pkg/iac/scanners/terraform/wildcard_test.go index 225cb09266af..5de281e69be0 100644 --- a/pkg/iac/scanners/terraform/wildcard_test.go +++ b/pkg/iac/scanners/terraform/wildcard_test.go @@ -4,11 +4,11 @@ import ( "fmt" "testing" - "github.com/aquasecurity/defsec/pkg/rules" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/severity" - "github.com/aquasecurity/defsec/pkg/terraform" "github.com/aquasecurity/trivy/internal/testutil" + "github.com/aquasecurity/trivy/pkg/iac/rules" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/severity" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) func Test_WildcardMatchingOnRequiredLabels(t *testing.T) { diff --git a/pkg/iac/scanners/terraformplan/parser/parser.go b/pkg/iac/scanners/terraformplan/parser/parser.go index 583e539f1b66..4d4d04feb093 100644 --- a/pkg/iac/scanners/terraformplan/parser/parser.go +++ b/pkg/iac/scanners/terraformplan/parser/parser.go @@ -10,7 +10,7 @@ import ( "github.com/liamg/memoryfs" - "github.com/aquasecurity/defsec/pkg/terraform" + "github.com/aquasecurity/trivy/pkg/iac/terraform" ) type Parser struct { diff --git a/pkg/iac/scanners/terraformplan/scanner.go b/pkg/iac/scanners/terraformplan/scanner.go index f15b060ae047..2a22c4b24690 100644 --- a/pkg/iac/scanners/terraformplan/scanner.go +++ b/pkg/iac/scanners/terraformplan/scanner.go @@ -8,10 +8,10 @@ import ( "github.com/bmatcuk/doublestar/v4" - "github.com/aquasecurity/defsec/pkg/debug" - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/debug" + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" terraformScanner "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform" "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/executor" "github.com/aquasecurity/trivy/pkg/iac/scanners/terraformplan/parser" diff --git a/pkg/iac/scanners/terraformplan/scanner_test.go b/pkg/iac/scanners/terraformplan/scanner_test.go index cf0a15ec7526..8f3dfc0f8a29 100644 --- a/pkg/iac/scanners/terraformplan/scanner_test.go +++ b/pkg/iac/scanners/terraformplan/scanner_test.go @@ -7,8 +7,8 @@ import ( "os" "testing" - "github.com/aquasecurity/defsec/pkg/scanners/options" "github.com/aquasecurity/trivy/internal/testutil" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/scanners/terraformplan/test/scanner_test.go b/pkg/iac/scanners/terraformplan/test/scanner_test.go index 5762e4e9bc3b..9e275ac6082a 100644 --- a/pkg/iac/scanners/terraformplan/test/scanner_test.go +++ b/pkg/iac/scanners/terraformplan/test/scanner_test.go @@ -5,12 +5,12 @@ import ( "testing" "testing/fstest" - "github.com/aquasecurity/defsec/pkg/scan" + "github.com/aquasecurity/trivy/pkg/iac/scan" "github.com/aquasecurity/trivy/pkg/iac/scanners/terraformplan" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/aquasecurity/defsec/pkg/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" ) func Test_Scanning_Plan(t *testing.T) { diff --git a/pkg/iac/scanners/toml/parser/parser.go b/pkg/iac/scanners/toml/parser/parser.go index ac909ba1563b..9b572267fdf9 100644 --- a/pkg/iac/scanners/toml/parser/parser.go +++ b/pkg/iac/scanners/toml/parser/parser.go @@ -8,9 +8,9 @@ import ( "github.com/BurntSushi/toml" - "github.com/aquasecurity/defsec/pkg/debug" - "github.com/aquasecurity/defsec/pkg/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/debug" "github.com/aquasecurity/trivy/pkg/iac/detection" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" ) var _ options.ConfigurableParser = (*Parser)(nil) diff --git a/pkg/iac/scanners/toml/scanner.go b/pkg/iac/scanners/toml/scanner.go index 290a3d139df1..57f27df92db6 100644 --- a/pkg/iac/scanners/toml/scanner.go +++ b/pkg/iac/scanners/toml/scanner.go @@ -6,13 +6,13 @@ import ( "io/fs" "sync" - "github.com/aquasecurity/defsec/pkg/debug" - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/rego" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/scanners/options" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/debug" + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/rego" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" "github.com/aquasecurity/trivy/pkg/iac/scanners/toml/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" ) var _ options.ConfigurableScanner = (*Scanner)(nil) diff --git a/pkg/iac/scanners/toml/scanner_test.go b/pkg/iac/scanners/toml/scanner_test.go index 641bcdda7ac9..c3217587cd55 100644 --- a/pkg/iac/scanners/toml/scanner_test.go +++ b/pkg/iac/scanners/toml/scanner_test.go @@ -4,10 +4,10 @@ import ( "context" "testing" - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/scanners/options" "github.com/aquasecurity/trivy/internal/testutil" + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/scanners/universal/scanner.go b/pkg/iac/scanners/universal/scanner.go index d289f1961f6c..3687da85fc3d 100644 --- a/pkg/iac/scanners/universal/scanner.go +++ b/pkg/iac/scanners/universal/scanner.go @@ -4,8 +4,7 @@ import ( "context" "io/fs" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/scan" "github.com/aquasecurity/trivy/pkg/iac/scanners" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure/arm" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation" @@ -13,6 +12,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/scanners/helm" "github.com/aquasecurity/trivy/pkg/iac/scanners/json" "github.com/aquasecurity/trivy/pkg/iac/scanners/kubernetes" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform" "github.com/aquasecurity/trivy/pkg/iac/scanners/toml" "github.com/aquasecurity/trivy/pkg/iac/scanners/yaml" diff --git a/pkg/iac/scanners/yaml/parser/parser.go b/pkg/iac/scanners/yaml/parser/parser.go index 177d2289dd30..6f22a0742d1e 100644 --- a/pkg/iac/scanners/yaml/parser/parser.go +++ b/pkg/iac/scanners/yaml/parser/parser.go @@ -10,9 +10,9 @@ import ( "gopkg.in/yaml.v3" - "github.com/aquasecurity/defsec/pkg/debug" - "github.com/aquasecurity/defsec/pkg/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/debug" "github.com/aquasecurity/trivy/pkg/iac/detection" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" ) var _ options.ConfigurableParser = (*Parser)(nil) diff --git a/pkg/iac/scanners/yaml/scanner.go b/pkg/iac/scanners/yaml/scanner.go index 4c4a03e85d5d..02a68f0d5566 100644 --- a/pkg/iac/scanners/yaml/scanner.go +++ b/pkg/iac/scanners/yaml/scanner.go @@ -6,13 +6,13 @@ import ( "io/fs" "sync" - "github.com/aquasecurity/defsec/pkg/debug" - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/rego" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/scanners/options" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/debug" + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/rego" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" "github.com/aquasecurity/trivy/pkg/iac/scanners/yaml/parser" + "github.com/aquasecurity/trivy/pkg/iac/types" ) var _ options.ConfigurableScanner = (*Scanner)(nil) diff --git a/pkg/iac/scanners/yaml/scanner_test.go b/pkg/iac/scanners/yaml/scanner_test.go index 007f315491f4..f4554997cf5a 100644 --- a/pkg/iac/scanners/yaml/scanner_test.go +++ b/pkg/iac/scanners/yaml/scanner_test.go @@ -4,10 +4,10 @@ import ( "context" "testing" - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/scanners/options" "github.com/aquasecurity/trivy/internal/testutil" + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/iac/severity/severity.go b/pkg/iac/severity/severity.go new file mode 100755 index 000000000000..45e9e1740d95 --- /dev/null +++ b/pkg/iac/severity/severity.go @@ -0,0 +1,48 @@ +package severity + +import ( + "strings" +) + +type Severity string + +const ( + None Severity = "" + Critical Severity = "CRITICAL" + High Severity = "HIGH" + Medium Severity = "MEDIUM" + Low Severity = "LOW" +) + +var ValidSeverity = []Severity{ + Critical, High, Medium, Low, +} + +func (s *Severity) IsValid() bool { + for _, severity := range ValidSeverity { + if severity == *s { + return true + } + } + return false +} + +func (s *Severity) Valid() []Severity { + return ValidSeverity +} + +func StringToSeverity(sev string) Severity { + s := strings.ToUpper(sev) + switch s { + case "CRITICAL", "HIGH", "MEDIUM", "LOW": + return Severity(s) + case "ERROR": + return High + case "WARNING": + return Medium + case "INFO": + return Low + default: + return None + } +} diff --git a/pkg/iac/state/merge.go b/pkg/iac/state/merge.go new file mode 100644 index 000000000000..16e1275813a8 --- /dev/null +++ b/pkg/iac/state/merge.go @@ -0,0 +1,43 @@ +package state + +import ( + "reflect" +) + +// Merge merges the states of the services that have been scanned into a single state. +// if a service has data on both a and b, the service data from b will be preferred. +func (a *State) Merge(b *State) (*State, error) { + var output State + + aVal := reflect.ValueOf(a).Elem() + bVal := reflect.ValueOf(b).Elem() + outputVal := reflect.ValueOf(&output).Elem() + + stateType := reflect.ValueOf(a).Elem().Type() + for i := 0; i < stateType.NumField(); i++ { + field := stateType.Field(i) + if !field.IsExported() { + continue + } + if field.Type.Kind() != reflect.Struct { + continue + } + for j := 0; j < field.Type.NumField(); j++ { + serviceField := field.Type.Field(j) + if !serviceField.IsExported() { + continue + } + if serviceField.Type.Kind() != reflect.Struct { + continue + } + if !bVal.Field(i).Field(j).IsZero() { + outputVal.Field(i).Field(j).Set(bVal.Field(i).Field(j)) + } else { + outputVal.Field(i).Field(j).Set(aVal.Field(i).Field(j)) + } + } + } + + normalised := outputVal.Interface().(State) + return &normalised, nil +} diff --git a/pkg/iac/state/merge_test.go b/pkg/iac/state/merge_test.go new file mode 100644 index 000000000000..4fab07883500 --- /dev/null +++ b/pkg/iac/state/merge_test.go @@ -0,0 +1,342 @@ +package state + +import ( + "testing" + + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" + + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + + "github.com/aquasecurity/trivy/pkg/iac/providers/aws" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/rds" + + "github.com/stretchr/testify/assert" +) + +func Test_Merging(t *testing.T) { + tests := []struct { + name string + a, b, expected State + }{ + { + name: "both empty", + }, + { + name: "a empty, b has a service", + b: State{ + AWS: aws.AWS{ + RDS: rds.RDS{ + Instances: []rds.Instance{ + { + BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), + ReplicationSourceARN: defsecTypes.String("arn:whatever", defsecTypes.Metadata{}), + PerformanceInsights: rds.PerformanceInsights{ + Metadata: defsecTypes.Metadata{}, + Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), + KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + }, + Encryption: rds.Encryption{ + Metadata: defsecTypes.Metadata{}, + EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), + KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + }, + PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), + }, + }, + }, + }, + }, + expected: State{ + AWS: aws.AWS{ + RDS: rds.RDS{ + Instances: []rds.Instance{ + { + BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), + ReplicationSourceARN: defsecTypes.String("arn:whatever", defsecTypes.Metadata{}), + PerformanceInsights: rds.PerformanceInsights{ + Metadata: defsecTypes.Metadata{}, + Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), + KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + }, + Encryption: rds.Encryption{ + Metadata: defsecTypes.Metadata{}, + EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), + KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + }, + PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), + }, + }, + }, + }, + }, + }, + { + name: "b empty, a has a service", + a: State{ + AWS: aws.AWS{ + RDS: rds.RDS{ + Instances: []rds.Instance{ + { + BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), + ReplicationSourceARN: defsecTypes.String("arn:whatever", defsecTypes.Metadata{}), + PerformanceInsights: rds.PerformanceInsights{ + Metadata: defsecTypes.Metadata{}, + Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), + KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + }, + Encryption: rds.Encryption{ + Metadata: defsecTypes.Metadata{}, + EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), + KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + }, + PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), + }, + }, + }, + }, + }, + expected: State{ + AWS: aws.AWS{ + RDS: rds.RDS{ + Instances: []rds.Instance{ + { + BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), + ReplicationSourceARN: defsecTypes.String("arn:whatever", defsecTypes.Metadata{}), + PerformanceInsights: rds.PerformanceInsights{ + Metadata: defsecTypes.Metadata{}, + Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), + KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + }, + Encryption: rds.Encryption{ + Metadata: defsecTypes.Metadata{}, + EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), + KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + }, + PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), + }, + }, + }, + }, + }, + }, + { + name: "both have differing versions of same service", + a: State{ + AWS: aws.AWS{ + RDS: rds.RDS{ + Instances: []rds.Instance{ + { + BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), + ReplicationSourceARN: defsecTypes.String("arn:whatever", defsecTypes.Metadata{}), + PerformanceInsights: rds.PerformanceInsights{ + Metadata: defsecTypes.Metadata{}, + Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), + KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + }, + Encryption: rds.Encryption{ + Metadata: defsecTypes.Metadata{}, + EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), + KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + }, + PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), + }, + }, + }, + }, + }, + b: State{ + AWS: aws.AWS{ + RDS: rds.RDS{ + Instances: []rds.Instance{ + { + BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), + ReplicationSourceARN: defsecTypes.String("arn:whatever:B", defsecTypes.Metadata{}), + PerformanceInsights: rds.PerformanceInsights{ + Metadata: defsecTypes.Metadata{}, + Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), + KMSKeyID: defsecTypes.String("keyidhere:B", defsecTypes.Metadata{}), + }, + Encryption: rds.Encryption{ + Metadata: defsecTypes.Metadata{}, + EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), + KMSKeyID: defsecTypes.String("keyidhere:B", defsecTypes.Metadata{}), + }, + PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), + }, + }, + }, + }, + }, + expected: State{ + AWS: aws.AWS{ + RDS: rds.RDS{ + Instances: []rds.Instance{ + { + BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), + ReplicationSourceARN: defsecTypes.String("arn:whatever:B", defsecTypes.Metadata{}), + PerformanceInsights: rds.PerformanceInsights{ + Metadata: defsecTypes.Metadata{}, + Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), + KMSKeyID: defsecTypes.String("keyidhere:B", defsecTypes.Metadata{}), + }, + Encryption: rds.Encryption{ + Metadata: defsecTypes.Metadata{}, + EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), + KMSKeyID: defsecTypes.String("keyidhere:B", defsecTypes.Metadata{}), + }, + PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), + }, + }, + }, + }, + }, + }, + { + name: "each has a different service", + a: State{ + AWS: aws.AWS{ + RDS: rds.RDS{ + Instances: []rds.Instance{ + { + BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), + ReplicationSourceARN: defsecTypes.String("arn:whatever", defsecTypes.Metadata{}), + PerformanceInsights: rds.PerformanceInsights{ + Metadata: defsecTypes.Metadata{}, + Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), + KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + }, + Encryption: rds.Encryption{ + Metadata: defsecTypes.Metadata{}, + EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), + KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + }, + PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), + }, + }, + }, + }, + }, + b: State{ + AWS: aws.AWS{ + EC2: ec2.EC2{ + Instances: []ec2.Instance{ + { + Metadata: defsecTypes.Metadata{}, + MetadataOptions: ec2.MetadataOptions{ + Metadata: defsecTypes.Metadata{}, + HttpTokens: defsecTypes.String("something", defsecTypes.Metadata{}), + HttpEndpoint: defsecTypes.String("something", defsecTypes.Metadata{}), + }, + UserData: defsecTypes.String("something", defsecTypes.Metadata{}), + SecurityGroups: []ec2.SecurityGroup{ + { + Metadata: defsecTypes.Metadata{}, + IsDefault: defsecTypes.Bool(true, defsecTypes.Metadata{}), + Description: defsecTypes.String("something", defsecTypes.Metadata{}), + IngressRules: []ec2.SecurityGroupRule{ + { + Metadata: defsecTypes.Metadata{}, + Description: defsecTypes.String("something", defsecTypes.Metadata{}), + CIDRs: []defsecTypes.StringValue{ + defsecTypes.String("something", defsecTypes.Metadata{}), + }, + }, + }, + EgressRules: nil, + VPCID: defsecTypes.String("something", defsecTypes.Metadata{}), + }, + }, + RootBlockDevice: &ec2.BlockDevice{ + Metadata: defsecTypes.Metadata{}, + Encrypted: defsecTypes.Bool(true, defsecTypes.Metadata{}), + }, + EBSBlockDevices: []*ec2.BlockDevice{ + { + Metadata: defsecTypes.Metadata{}, + Encrypted: defsecTypes.Bool(true, defsecTypes.Metadata{}), + }, + }, + }, + }, + }, + }, + }, + expected: State{ + AWS: aws.AWS{ + EC2: ec2.EC2{ + Instances: []ec2.Instance{ + { + Metadata: defsecTypes.Metadata{}, + MetadataOptions: ec2.MetadataOptions{ + Metadata: defsecTypes.Metadata{}, + HttpTokens: defsecTypes.String("something", defsecTypes.Metadata{}), + HttpEndpoint: defsecTypes.String("something", defsecTypes.Metadata{}), + }, + UserData: defsecTypes.String("something", defsecTypes.Metadata{}), + SecurityGroups: []ec2.SecurityGroup{ + { + Metadata: defsecTypes.Metadata{}, + IsDefault: defsecTypes.Bool(true, defsecTypes.Metadata{}), + Description: defsecTypes.String("something", defsecTypes.Metadata{}), + IngressRules: []ec2.SecurityGroupRule{ + { + Metadata: defsecTypes.Metadata{}, + Description: defsecTypes.String("something", defsecTypes.Metadata{}), + CIDRs: []defsecTypes.StringValue{ + defsecTypes.String("something", defsecTypes.Metadata{}), + }, + }, + }, + EgressRules: nil, + VPCID: defsecTypes.String("something", defsecTypes.Metadata{}), + }, + }, + RootBlockDevice: &ec2.BlockDevice{ + Metadata: defsecTypes.Metadata{}, + Encrypted: defsecTypes.Bool(true, defsecTypes.Metadata{}), + }, + EBSBlockDevices: []*ec2.BlockDevice{ + { + Metadata: defsecTypes.Metadata{}, + Encrypted: defsecTypes.Bool(true, defsecTypes.Metadata{}), + }, + }, + }, + }, + }, + RDS: rds.RDS{ + Instances: []rds.Instance{ + { + BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), + ReplicationSourceARN: defsecTypes.String("arn:whatever", defsecTypes.Metadata{}), + PerformanceInsights: rds.PerformanceInsights{ + Metadata: defsecTypes.Metadata{}, + Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), + KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + }, + Encryption: rds.Encryption{ + Metadata: defsecTypes.Metadata{}, + EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), + KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + }, + PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), + }, + }, + }, + }, + }, + }, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + state := test.b + actual, err := test.a.Merge(&state) + if err != nil { + t.Fatal(err) + } + assert.Equal(t, test.expected, *actual) + }) + } + +} diff --git a/pkg/iac/state/state.go b/pkg/iac/state/state.go new file mode 100755 index 000000000000..580c2e4813f8 --- /dev/null +++ b/pkg/iac/state/state.go @@ -0,0 +1,34 @@ +package state + +import ( + "reflect" + + "github.com/aquasecurity/trivy/pkg/iac/providers/aws" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure" + "github.com/aquasecurity/trivy/pkg/iac/providers/cloudstack" + "github.com/aquasecurity/trivy/pkg/iac/providers/digitalocean" + "github.com/aquasecurity/trivy/pkg/iac/providers/github" + "github.com/aquasecurity/trivy/pkg/iac/providers/google" + "github.com/aquasecurity/trivy/pkg/iac/providers/kubernetes" + "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud" + "github.com/aquasecurity/trivy/pkg/iac/providers/openstack" + "github.com/aquasecurity/trivy/pkg/iac/providers/oracle" + "github.com/aquasecurity/trivy/pkg/iac/rego/convert" +) + +type State struct { + AWS aws.AWS + Azure azure.Azure + CloudStack cloudstack.CloudStack + DigitalOcean digitalocean.DigitalOcean + GitHub github.GitHub + Google google.Google + Kubernetes kubernetes.Kubernetes + OpenStack openstack.OpenStack + Oracle oracle.Oracle + Nifcloud nifcloud.Nifcloud +} + +func (a *State) ToRego() interface{} { + return convert.StructToRego(reflect.ValueOf(a)) +} diff --git a/pkg/iac/state/state_test.go b/pkg/iac/state/state_test.go new file mode 100644 index 000000000000..6147075fb84d --- /dev/null +++ b/pkg/iac/state/state_test.go @@ -0,0 +1,96 @@ +package state + +import ( + "encoding/json" + "testing" + + "github.com/stretchr/testify/require" + + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + + "github.com/aquasecurity/trivy/pkg/iac/providers/aws" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/s3" + + "github.com/stretchr/testify/assert" +) + +func Test_RegoConversion(t *testing.T) { + s := State{ + AWS: aws.AWS{ + S3: s3.S3{ + Buckets: []s3.Bucket{ + { + Metadata: defsecTypes.NewMetadata( + defsecTypes.NewRange("main.tf", 2, 4, "", nil), + "aws_s3_bucket.example", + ), + Name: defsecTypes.String("my-bucket", defsecTypes.NewMetadata( + defsecTypes.NewRange("main.tf", 3, 3, "", nil), + "aws_s3_bucket.example.bucket", + )), + }, + }, + }, + }, + } + converted := s.ToRego() + assert.Equal(t, map[string]interface{}{ + "aws": map[string]interface{}{ + "s3": map[string]interface{}{ + "buckets": []interface{}{ + map[string]interface{}{ + "__defsec_metadata": map[string]interface{}{ + "resource": "aws_s3_bucket.example", + "sourceprefix": "", + "filepath": "main.tf", + "startline": 2, + "endline": 4, + "managed": true, + "explicit": false, + "fskey": "", + }, + "name": map[string]interface{}{ + "resource": "aws_s3_bucket.example.bucket", + "sourceprefix": "", + "filepath": "main.tf", + "startline": 3, + "endline": 3, + "value": "my-bucket", + "managed": true, + "explicit": false, + "fskey": "", + }, + }, + }, + }, + }, + }, converted) +} + +func Test_JSONPersistenceOfData(t *testing.T) { + s := State{ + AWS: aws.AWS{ + S3: s3.S3{ + Buckets: []s3.Bucket{ + { + Metadata: defsecTypes.NewMetadata( + defsecTypes.NewRange("main.tf", 2, 4, "", nil), + "aws_s3_bucket.example", + ), + Name: defsecTypes.String("my-bucket", defsecTypes.NewMetadata( + defsecTypes.NewRange("main.tf", 3, 3, "", nil), + "aws_s3_bucket.example.bucket", + )), + }, + }, + }, + }, + } + data, err := json.Marshal(s) + require.NoError(t, err) + + var restored State + require.NoError(t, json.Unmarshal(data, &restored)) + + assert.Equal(t, s, restored) +} diff --git a/pkg/iac/terraform/attribute.go b/pkg/iac/terraform/attribute.go new file mode 100644 index 000000000000..8bf3873291da --- /dev/null +++ b/pkg/iac/terraform/attribute.go @@ -0,0 +1,1100 @@ +package terraform + +import ( + "fmt" + "io/fs" + "reflect" + "regexp" + "strconv" + "strings" + + "github.com/aquasecurity/trivy/pkg/iac/terraform/context" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + + "github.com/hashicorp/hcl/v2" + "github.com/hashicorp/hcl/v2/ext/typeexpr" + "github.com/hashicorp/hcl/v2/hclsyntax" + "github.com/zclconf/go-cty/cty" + "github.com/zclconf/go-cty/cty/gocty" +) + +type Attribute struct { + hclAttribute *hcl.Attribute + module string + ctx *context.Context + metadata defsecTypes.Metadata + reference Reference +} + +func (a *Attribute) DecodeVarType() (cty.Type, *typeexpr.Defaults, error) { + t, def, diag := typeexpr.TypeConstraintWithDefaults(a.hclAttribute.Expr) + if diag.HasErrors() { + return cty.NilType, nil, diag + } + return t, def, nil +} + +func NewAttribute(attr *hcl.Attribute, ctx *context.Context, module string, parent defsecTypes.Metadata, parentRef Reference, moduleSource string, moduleFS fs.FS) *Attribute { + rng := defsecTypes.NewRange( + attr.Range.Filename, + attr.Range.Start.Line, + attr.Range.End.Line, + moduleSource, + moduleFS, + ) + reference := extendReference(parentRef, attr.Name) + metadata := defsecTypes.NewMetadata(rng, reference.String()) + return &Attribute{ + hclAttribute: attr, + ctx: ctx, + module: module, + metadata: metadata.WithParent(parent), + reference: reference, + } +} + +func (a *Attribute) GetMetadata() defsecTypes.Metadata { + return a.metadata +} + +func (a *Attribute) GetRawValue() interface{} { + switch typ := a.Type(); typ { + case cty.String: + return a.Value().AsString() + case cty.Bool: + return a.Value().True() + case cty.Number: + float, _ := a.Value().AsBigFloat().Float64() + return float + default: + switch { + case typ.IsTupleType(), typ.IsListType(): + values := a.Value().AsValueSlice() + if len(values) == 0 { + return []string{} + } + switch values[0].Type() { + case cty.String: + var output []string + for _, value := range values { + output = append(output, value.AsString()) + } + return output + case cty.Number: + var output []float64 + for _, value := range values { + bf := value.AsBigFloat() + f, _ := bf.Float64() + output = append(output, f) + } + return output + case cty.Bool: + var output []bool + for _, value := range values { + output = append(output, value.True()) + } + return output + } + } + } + return nil +} + +func (a *Attribute) AsBytesValueOrDefault(defaultValue []byte, parent *Block) defsecTypes.BytesValue { + if a.IsNil() { + return defsecTypes.BytesDefault(defaultValue, parent.GetMetadata()) + } + if a.IsNotResolvable() || !a.IsString() { + return defsecTypes.BytesUnresolvable(a.GetMetadata()) + } + return defsecTypes.BytesExplicit( + []byte(a.Value().AsString()), + a.GetMetadata(), + ) +} + +func (a *Attribute) AsStringValueOrDefault(defaultValue string, parent *Block) defsecTypes.StringValue { + if a.IsNil() { + return defsecTypes.StringDefault(defaultValue, parent.GetMetadata()) + } + if a.IsNotResolvable() || !a.IsString() { + return defsecTypes.StringUnresolvable(a.GetMetadata()) + } + return defsecTypes.StringExplicit( + a.Value().AsString(), + a.GetMetadata(), + ) +} + +func (a *Attribute) AsStringValueSliceOrEmpty() (stringValues []defsecTypes.StringValue) { + if a.IsNil() { + return stringValues + } + return a.AsStringValues() +} + +func (a *Attribute) AsStringValuesOrDefault(parent *Block, defaults ...string) []defsecTypes.StringValue { + if a.IsNil() { + res := make(defsecTypes.StringValueList, 0, len(defaults)) + for _, def := range defaults { + res = append(res, defsecTypes.StringDefault(def, parent.GetMetadata())) + } + return res + } + return a.AsStringValues() +} + +func (a *Attribute) AsBoolValueOrDefault(defaultValue bool, parent *Block) defsecTypes.BoolValue { + if a.IsNil() { + return defsecTypes.BoolDefault(defaultValue, parent.GetMetadata()) + } + if a.IsNotResolvable() || !a.IsBool() { + return defsecTypes.BoolUnresolvable(a.GetMetadata()) + } + return defsecTypes.BoolExplicit( + a.IsTrue(), + a.GetMetadata(), + ) +} + +func (a *Attribute) AsIntValueOrDefault(defaultValue int, parent *Block) defsecTypes.IntValue { + if a.IsNil() { + return defsecTypes.IntDefault(defaultValue, parent.GetMetadata()) + } + if a.IsNotResolvable() || !a.IsNumber() { + return defsecTypes.IntUnresolvable(a.GetMetadata()) + } + flt := a.AsNumber() + return defsecTypes.IntExplicit( + int(flt), + a.GetMetadata(), + ) +} + +func (a *Attribute) IsLiteral() bool { + if a == nil { + return false + } + return len(a.hclAttribute.Expr.Variables()) == 0 +} + +func (a *Attribute) IsResolvable() bool { + if a == nil { + return false + } + return a.Value() != cty.NilVal && a.Value().IsKnown() +} + +func (a *Attribute) IsNotResolvable() bool { + return !a.IsResolvable() +} + +func (a *Attribute) Type() cty.Type { + if a == nil { + return cty.NilType + } + return a.Value().Type() +} + +func (a *Attribute) IsIterable() bool { + if a == nil { + return false + } + return a.Value().Type().IsListType() || a.Value().Type().IsCollectionType() || a.Value().Type().IsObjectType() || a.Value().Type().IsMapType() || a.Value().Type().IsListType() || a.Value().Type().IsSetType() || a.Value().Type().IsTupleType() +} + +func (a *Attribute) Each(f func(key cty.Value, val cty.Value)) error { + if a == nil { + return nil + } + var outerErr error + defer func() { + if err := recover(); err != nil { + outerErr = fmt.Errorf("go-cty bug detected - cannot call ForEachElement: %s", err) + } + }() + val := a.Value() + val.ForEachElement(func(key cty.Value, val cty.Value) (stop bool) { + f(key, val) + return false + }) + return outerErr +} + +func (a *Attribute) IsString() bool { + if a == nil { + return false + } + return !a.Value().IsNull() && a.Value().IsKnown() && a.Value().Type() == cty.String +} + +func (a *Attribute) IsMapOrObject() bool { + if a == nil || a.Value().IsNull() || !a.Value().IsKnown() { + return false + } + + return a.Value().Type().IsObjectType() || a.Value().Type().IsMapType() +} + +func (a *Attribute) IsNumber() bool { + if a != nil && !a.Value().IsNull() && a.Value().IsKnown() { + if a.Value().Type() == cty.Number { + return true + } + if a.Value().Type() == cty.String { + _, err := strconv.ParseFloat(a.Value().AsString(), 64) + return err == nil + } + } + + return false +} + +func (a *Attribute) IsBool() bool { + if a == nil { + return false + } + switch a.Value().Type() { + case cty.Bool, cty.Number: + return true + case cty.String: + val := a.Value().AsString() + val = strings.Trim(val, "\"") + return strings.EqualFold(val, "false") || strings.EqualFold(val, "true") + } + return false +} + +func (a *Attribute) Value() (ctyVal cty.Value) { + if a == nil { + return cty.NilVal + } + defer func() { + if err := recover(); err != nil { + ctyVal = cty.NilVal + } + }() + ctyVal, _ = a.hclAttribute.Expr.Value(a.ctx.Inner()) + if !ctyVal.IsKnown() || ctyVal.IsNull() { + return cty.NilVal + } + return ctyVal +} + +// Allows a null value for a variable https://developer.hashicorp.com/terraform/language/expressions/types#null +func (a *Attribute) NullableValue() (ctyVal cty.Value) { + if a == nil { + return cty.NilVal + } + defer func() { + if err := recover(); err != nil { + ctyVal = cty.NilVal + } + }() + ctyVal, _ = a.hclAttribute.Expr.Value(a.ctx.Inner()) + if !ctyVal.IsKnown() { + return cty.NilVal + } + return ctyVal +} + +func (a *Attribute) Name() string { + if a == nil { + return "" + } + return a.hclAttribute.Name +} + +func (a *Attribute) AsStringValues() defsecTypes.StringValueList { + if a == nil { + return nil + } + return a.getStringValues(a.hclAttribute.Expr, a.ctx.Inner()) +} + +// nolint +func (a *Attribute) getStringValues(expr hcl.Expression, ctx *hcl.EvalContext) (results []defsecTypes.StringValue) { + + defer func() { + if err := recover(); err != nil { + results = []defsecTypes.StringValue{defsecTypes.StringUnresolvable(a.metadata)} + } + }() + + switch t := expr.(type) { + case *hclsyntax.TupleConsExpr: + for _, expr := range t.Exprs { + val, err := expr.Value(a.ctx.Inner()) + if err != nil { + results = append(results, defsecTypes.StringUnresolvable(a.metadata)) + continue + } + results = append(results, a.valueToString(val)) + } + case *hclsyntax.FunctionCallExpr, *hclsyntax.ConditionalExpr: + subVal, err := t.Value(ctx) + if err != nil { + return append(results, defsecTypes.StringUnresolvable(a.metadata)) + } + return a.valueToStrings(subVal) + case *hclsyntax.LiteralValueExpr: + return a.valueToStrings(t.Val) + case *hclsyntax.TemplateExpr: + // walk the parts of the expression to ensure that it has a literal value + for _, p := range t.Parts { + val, err := p.Value(a.ctx.Inner()) + if err != nil { + results = append(results, defsecTypes.StringUnresolvable(a.metadata)) + continue + } + value := a.valueToString(val) + results = append(results, value) + } + case *hclsyntax.ScopeTraversalExpr: + // handle the case for referencing a data + if len(t.Variables()) > 0 { + if t.Variables()[0].RootName() == "data" { + // we can't resolve data lookups at this time, so make unresolvable + return append(results, defsecTypes.StringUnresolvable(a.metadata)) + } + } + subVal, err := t.Value(ctx) + if err != nil { + return append(results, defsecTypes.StringUnresolvable(a.metadata)) + } + return a.valueToStrings(subVal) + default: + val, err := t.Value(a.ctx.Inner()) + if err != nil { + return append(results, defsecTypes.StringUnresolvable(a.metadata)) + } + results = a.valueToStrings(val) + } + return results +} + +func (a *Attribute) valueToStrings(value cty.Value) (results []defsecTypes.StringValue) { + defer func() { + if err := recover(); err != nil { + results = []defsecTypes.StringValue{defsecTypes.StringUnresolvable(a.metadata)} + } + }() + if value.IsNull() { + return []defsecTypes.StringValue{defsecTypes.StringUnresolvable(a.metadata)} + } + if !value.IsKnown() { + return []defsecTypes.StringValue{defsecTypes.StringUnresolvable(a.metadata)} + } + if value.Type().IsListType() || value.Type().IsTupleType() || value.Type().IsSetType() { + for _, val := range value.AsValueSlice() { + results = append(results, a.valueToString(val)) + } + } + return results +} + +func (a *Attribute) valueToString(value cty.Value) (result defsecTypes.StringValue) { + defer func() { + if err := recover(); err != nil { + result = defsecTypes.StringUnresolvable(a.metadata) + } + }() + + result = defsecTypes.StringUnresolvable(a.metadata) + + if value.IsNull() || !value.IsKnown() { + return result + } + + switch value.Type() { + case cty.String: + return defsecTypes.String(value.AsString(), a.metadata) + default: + return result + } +} + +func (a *Attribute) listContains(val cty.Value, stringToLookFor string, ignoreCase bool) bool { + if a == nil { + return false + } + + valueSlice := val.AsValueSlice() + for _, value := range valueSlice { + if value.IsNull() || !value.IsKnown() { + // there is nothing we can do with this value + continue + } + stringToTest := value + if value.Type().IsObjectType() || value.Type().IsMapType() { + valueMap := value.AsValueMap() + stringToTest = valueMap["key"] + } + if value.Type().HasDynamicTypes() { + for _, extracted := range a.extractListValues() { + if extracted == stringToLookFor { + return true + } + } + return false + } + if !value.IsKnown() { + continue + } + if ignoreCase && strings.EqualFold(stringToTest.AsString(), stringToLookFor) { + return true + } + if stringToTest.AsString() == stringToLookFor { + return true + } + } + return false +} + +func (a *Attribute) extractListValues() []string { + var values []string + if a.hclAttribute == nil || a.hclAttribute.Expr == nil || a.hclAttribute.Expr.Variables() == nil { + return values + } + for _, v := range a.hclAttribute.Expr.Variables() { + values = append(values, v.RootName()) + } + return values +} + +func (a *Attribute) mapContains(checkValue interface{}, val cty.Value) bool { + if a == nil { + return false + } + valueMap := val.AsValueMap() + switch t := checkValue.(type) { + case map[interface{}]interface{}: + for k, v := range t { + for key, value := range valueMap { + rawValue := getRawValue(value) + if key == k && evaluate(v, rawValue) { + return true + } + } + } + return false + case map[string]interface{}: + for k, v := range t { + for key, value := range valueMap { + rawValue := getRawValue(value) + if key == k && evaluate(v, rawValue) { + return true + } + } + } + return false + default: + for key := range valueMap { + if key == checkValue { + return true + } + } + return false + } +} + +func (a *Attribute) NotContains(checkValue interface{}, equalityOptions ...EqualityOption) bool { + return !a.Contains(checkValue, equalityOptions...) +} + +func (a *Attribute) Contains(checkValue interface{}, equalityOptions ...EqualityOption) bool { + if a == nil { + return false + } + ignoreCase := false + for _, option := range equalityOptions { + if option == IgnoreCase { + ignoreCase = true + } + } + val := a.Value() + if val.IsNull() { + return false + } + + if val.Type().IsObjectType() || val.Type().IsMapType() { + return a.mapContains(checkValue, val) + } + + stringToLookFor := fmt.Sprintf("%v", checkValue) + + if val.Type().IsListType() || val.Type().IsTupleType() { + return a.listContains(val, stringToLookFor, ignoreCase) + } + + if ignoreCase && containsIgnoreCase(val.AsString(), stringToLookFor) { + return true + } + + return strings.Contains(val.AsString(), stringToLookFor) +} + +func (a *Attribute) OnlyContains(checkValue interface{}) bool { + if a == nil { + return false + } + val := a.Value() + if val.IsNull() { + return false + } + + checkSlice, ok := checkValue.([]interface{}) + if !ok { + return false + } + + if val.Type().IsListType() || val.Type().IsTupleType() { + for _, value := range val.AsValueSlice() { + found := false + for _, cVal := range checkSlice { + switch t := cVal.(type) { + case string: + if t == value.AsString() { + found = true + break + } + case bool: + if t == value.True() { + found = true + break + } + case int, int8, int16, int32, int64: + i, _ := value.AsBigFloat().Int64() + if t == i { + found = true + break + } + case float32, float64: + f, _ := value.AsBigFloat().Float64() + if t == f { + found = true + break + } + } + + } + if !found { + return false + } + } + return true + } + + return false +} + +func containsIgnoreCase(left, substring string) bool { + return strings.Contains(strings.ToLower(left), strings.ToLower(substring)) +} + +func (a *Attribute) StartsWith(prefix interface{}) bool { + if a == nil { + return false + } + if a.Value().Type() == cty.String { + return strings.HasPrefix(a.Value().AsString(), fmt.Sprintf("%v", prefix)) + } + return false +} + +func (a *Attribute) EndsWith(suffix interface{}) bool { + if a == nil { + return false + } + if a.Value().Type() == cty.String { + return strings.HasSuffix(a.Value().AsString(), fmt.Sprintf("%v", suffix)) + } + return false +} + +type EqualityOption int + +const ( + IgnoreCase EqualityOption = iota +) + +func (a *Attribute) Equals(checkValue interface{}, equalityOptions ...EqualityOption) bool { + if a == nil { + return false + } + if a.Value().Type() == cty.String { + for _, option := range equalityOptions { + if option == IgnoreCase { + return strings.EqualFold(strings.ToLower(a.Value().AsString()), strings.ToLower(fmt.Sprintf("%v", checkValue))) + } + } + result := strings.EqualFold(a.Value().AsString(), fmt.Sprintf("%v", checkValue)) + return result + } + if a.Value().Type() == cty.Bool { + return a.Value().True() == checkValue + } + if a.Value().Type() == cty.Number { + checkNumber, err := gocty.ToCtyValue(checkValue, cty.Number) + if err != nil { + return false + } + return a.Value().RawEquals(checkNumber) + } + + return false +} + +func (a *Attribute) NotEqual(checkValue interface{}, equalityOptions ...EqualityOption) bool { + return !a.Equals(checkValue, equalityOptions...) +} + +func (a *Attribute) RegexMatches(re regexp.Regexp) bool { + if a == nil { + return false + } + if a.Value().Type() == cty.String { + match := re.MatchString(a.Value().AsString()) + return match + } + return false +} + +func (a *Attribute) IsNotAny(options ...interface{}) bool { + return !a.IsAny(options...) +} + +func (a *Attribute) IsAny(options ...interface{}) bool { + if a == nil { + return false + } + if a.Value().Type() == cty.String { + value := a.Value().AsString() + for _, option := range options { + if option == value { + return true + } + } + } + if a.Value().Type() == cty.Number { + for _, option := range options { + checkValue, err := gocty.ToCtyValue(option, cty.Number) + if err != nil { + return false + } + if a.Value().RawEquals(checkValue) { + return true + } + } + } + return false +} + +func (a *Attribute) IsNone(options ...interface{}) bool { + if a == nil { + return false + } + if a.Value().Type() == cty.String { + for _, option := range options { + if option == a.Value().AsString() { + return false + } + } + } + if a.Value().Type() == cty.Number { + for _, option := range options { + checkValue, err := gocty.ToCtyValue(option, cty.Number) + if err != nil { + return false + } + if a.Value().RawEquals(checkValue) { + return false + } + + } + } + + return true +} + +func (a *Attribute) IsTrue() bool { + if a == nil { + return false + } + switch a.Value().Type() { + case cty.Bool: + return a.Value().True() + case cty.String: + val := a.Value().AsString() + val = strings.Trim(val, "\"") + return strings.ToLower(val) == "true" + case cty.Number: + val := a.Value().AsBigFloat() + f, _ := val.Float64() + return f > 0 + } + return false +} + +func (a *Attribute) IsFalse() bool { + if a == nil { + return false + } + switch a.Value().Type() { + case cty.Bool: + return a.Value().False() + case cty.String: + val := a.Value().AsString() + val = strings.Trim(val, "\"") + return strings.ToLower(val) == "false" + case cty.Number: + val := a.Value().AsBigFloat() + f, _ := val.Float64() + return f == 0 + } + return false +} + +func (a *Attribute) IsEmpty() bool { + if a == nil { + return false + } + if a.Value().Type() == cty.String { + return len(a.Value().AsString()) == 0 + } + if a.Type().IsListType() || a.Type().IsTupleType() { + return len(a.Value().AsValueSlice()) == 0 + } + if a.Type().IsMapType() || a.Type().IsObjectType() { + return len(a.Value().AsValueMap()) == 0 + } + if a.Value().Type() == cty.Number { + // a number can't ever be empty + return false + } + if a.Value().IsNull() { + return a.isNullAttributeEmpty() + } + return true +} + +func (a *Attribute) IsNotEmpty() bool { + return !a.IsEmpty() +} + +func (a *Attribute) isNullAttributeEmpty() bool { + if a == nil { + return false + } + switch t := a.hclAttribute.Expr.(type) { + case *hclsyntax.FunctionCallExpr, *hclsyntax.ScopeTraversalExpr, + *hclsyntax.ConditionalExpr, *hclsyntax.LiteralValueExpr: + return false + case *hclsyntax.TemplateExpr: + // walk the parts of the expression to ensure that it has a literal value + for _, p := range t.Parts { + switch pt := p.(type) { + case *hclsyntax.LiteralValueExpr: + if pt != nil && !pt.Val.IsNull() { + return false + } + case *hclsyntax.ScopeTraversalExpr: + return false + } + } + } + return true +} + +func (a *Attribute) MapValue(mapKey string) cty.Value { + if a == nil { + return cty.NilVal + } + if a.Type().IsObjectType() || a.Type().IsMapType() { + attrMap := a.Value().AsValueMap() + for key, value := range attrMap { + if key == mapKey { + return value + } + } + } + return cty.NilVal +} + +func (a *Attribute) AsMapValue() defsecTypes.MapValue { + if a.IsNil() || a.IsNotResolvable() || !a.IsMapOrObject() { + return defsecTypes.MapValue{} + } + + values := make(map[string]string) + _ = a.Each(func(key, val cty.Value) { + if key.Type() == cty.String && val.Type() == cty.String { + values[key.AsString()] = val.AsString() + } + }) + + return defsecTypes.Map(values, a.GetMetadata()) +} + +func (a *Attribute) LessThan(checkValue interface{}) bool { + if a == nil { + return false + } + if a.Value().Type() == cty.Number { + checkNumber, err := gocty.ToCtyValue(checkValue, cty.Number) + if err != nil { + return false + } + + return a.Value().LessThan(checkNumber).True() + } + return false +} + +func (a *Attribute) LessThanOrEqualTo(checkValue interface{}) bool { + if a == nil { + return false + } + if a.Value().Type() == cty.Number { + checkNumber, err := gocty.ToCtyValue(checkValue, cty.Number) + if err != nil { + return false + } + + return a.Value().LessThanOrEqualTo(checkNumber).True() + } + return false +} + +func (a *Attribute) GreaterThan(checkValue interface{}) bool { + if a == nil { + return false + } + if a.Value().Type() == cty.Number { + checkNumber, err := gocty.ToCtyValue(checkValue, cty.Number) + if err != nil { + return false + } + + return a.Value().GreaterThan(checkNumber).True() + } + return false +} + +func (a *Attribute) GreaterThanOrEqualTo(checkValue interface{}) bool { + if a == nil { + return false + } + if a.Value().Type() == cty.Number { + checkNumber, err := gocty.ToCtyValue(checkValue, cty.Number) + if err != nil { + return false + } + + return a.Value().GreaterThanOrEqualTo(checkNumber).True() + } + return false +} + +func (a *Attribute) IsDataBlockReference() bool { + if a == nil { + return false + } + switch t := a.hclAttribute.Expr.(type) { + case *hclsyntax.ScopeTraversalExpr: + split := t.Traversal.SimpleSplit() + return split.Abs.RootName() == "data" + } + return false +} + +func createDotReferenceFromTraversal(parentRef string, traversals ...hcl.Traversal) (*Reference, error) { + var refParts []string + var key cty.Value + for _, x := range traversals { + for _, p := range x { + switch part := p.(type) { + case hcl.TraverseRoot: + refParts = append(refParts, part.Name) + case hcl.TraverseAttr: + refParts = append(refParts, part.Name) + case hcl.TraverseIndex: + key = part.Key + } + } + } + ref, err := newReference(refParts, parentRef) + if err != nil { + return nil, err + } + ref.SetKey(key) + return ref, nil +} + +func (a *Attribute) ReferencesBlock(b *Block) bool { + if a == nil { + return false + } + for _, ref := range a.AllReferences() { + if ref.RefersTo(b.reference) { + return true + } + } + return false +} + +func (a *Attribute) AllReferences(blocks ...*Block) []*Reference { + if a == nil { + return nil + } + refs := a.extractReferences() + for _, block := range blocks { + for _, ref := range refs { + if ref.TypeLabel() == "each" && block.HasChild("for_each") { + refs = append(refs, block.GetAttribute("for_each").AllReferences()...) + } + } + } + return refs +} + +// nolint +func (a *Attribute) referencesFromExpression(expression hcl.Expression) []*Reference { + var refs []*Reference + switch t := expression.(type) { + case *hclsyntax.ConditionalExpr: + if ref, err := createDotReferenceFromTraversal(a.module, t.TrueResult.Variables()...); err == nil { + refs = append(refs, ref) + } + if ref, err := createDotReferenceFromTraversal(a.module, t.FalseResult.Variables()...); err == nil { + refs = append(refs, ref) + } + if ref, err := createDotReferenceFromTraversal(a.module, t.Condition.Variables()...); err == nil { + refs = append(refs, ref) + } + case *hclsyntax.ScopeTraversalExpr: + if ref, err := createDotReferenceFromTraversal(a.module, t.Variables()...); err == nil { + refs = append(refs, ref) + } + case *hclsyntax.TemplateWrapExpr: + refs = a.referencesFromExpression(t.Wrapped) + case *hclsyntax.TemplateExpr: + for _, part := range t.Parts { + ref, err := createDotReferenceFromTraversal(a.module, part.Variables()...) + if err != nil { + continue + } + refs = append(refs, ref) + } + case *hclsyntax.TupleConsExpr: + for _, v := range t.Variables() { + if ref, err := createDotReferenceFromTraversal(a.module, v); err == nil { + refs = append(refs, ref) + } + } + case *hclsyntax.RelativeTraversalExpr: + switch s := t.Source.(type) { + case *hclsyntax.IndexExpr: + if collectionRef, err := createDotReferenceFromTraversal(a.module, s.Collection.Variables()...); err == nil { + key, _ := s.Key.Value(a.ctx.Inner()) + collectionRef.SetKey(key) + refs = append(refs, collectionRef) + } + default: + if ref, err := createDotReferenceFromTraversal(a.module, t.Source.Variables()...); err == nil { + refs = append(refs, ref) + } + } + default: + if reflect.TypeOf(expression).String() == "*json.expression" { + if ref, err := createDotReferenceFromTraversal(a.module, expression.Variables()...); err == nil { + refs = append(refs, ref) + } + } + } + return refs +} + +func (a *Attribute) extractReferences() []*Reference { + if a == nil { + return nil + } + return a.referencesFromExpression(a.hclAttribute.Expr) +} + +func (a *Attribute) IsResourceBlockReference(resourceType string) bool { + if a == nil { + return false + } + switch t := a.hclAttribute.Expr.(type) { + case *hclsyntax.ScopeTraversalExpr: + split := t.Traversal.SimpleSplit() + return split.Abs.RootName() == resourceType + } + return false +} + +func (a *Attribute) References(r Reference) bool { + if a == nil { + return false + } + for _, ref := range a.AllReferences() { + if ref.RefersTo(r) { + return true + } + } + return false +} + +func getRawValue(value cty.Value) interface{} { + if value.IsNull() || !value.IsKnown() { + return value + } + + typeName := value.Type().FriendlyName() + + switch typeName { + case "string": + return value.AsString() + case "number": + return value.AsBigFloat() + case "bool": + return value.True() + } + + return value +} + +func (a *Attribute) IsNil() bool { + return a == nil +} + +func (a *Attribute) IsNotNil() bool { + return !a.IsNil() +} + +func (a *Attribute) HasIntersect(checkValues ...interface{}) bool { + if !a.Type().IsListType() && !a.Type().IsTupleType() { + return false + } + + for _, item := range checkValues { + if a.Contains(item) { + return true + } + } + return false + +} + +func (a *Attribute) AsNumber() float64 { + if a.Value().Type() == cty.Number { + v, _ := a.Value().AsBigFloat().Float64() + return v + } + if a.Value().Type() == cty.String { + v, _ := strconv.ParseFloat(a.Value().AsString(), 64) + return v + } + panic("Attribute is not a number") +} diff --git a/pkg/iac/terraform/block.go b/pkg/iac/terraform/block.go new file mode 100644 index 000000000000..afb0fbe98a69 --- /dev/null +++ b/pkg/iac/terraform/block.go @@ -0,0 +1,459 @@ +package terraform + +import ( + "fmt" + "io/fs" + "strings" + + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + + "github.com/aquasecurity/trivy/pkg/iac/terraform/context" + + "github.com/google/uuid" + "github.com/hashicorp/hcl/v2" + "github.com/hashicorp/hcl/v2/hclsyntax" + "github.com/zclconf/go-cty/cty" + "github.com/zclconf/go-cty/cty/gocty" +) + +type Block struct { + id string + hclBlock *hcl.Block + context *context.Context + moduleBlock *Block + parentBlock *Block + expanded bool + cloneIndex int + childBlocks []*Block + attributes []*Attribute + metadata defsecTypes.Metadata + moduleSource string + moduleFS fs.FS + reference Reference +} + +func NewBlock(hclBlock *hcl.Block, ctx *context.Context, moduleBlock *Block, parentBlock *Block, moduleSource string, + moduleFS fs.FS, index ...cty.Value) *Block { + if ctx == nil { + ctx = context.NewContext(&hcl.EvalContext{}, nil) + } + + var r hcl.Range + switch body := hclBlock.Body.(type) { + case *hclsyntax.Body: + r = body.SrcRange + default: + r = hclBlock.DefRange + r.End = hclBlock.Body.MissingItemRange().End + } + moduleName := "root" + if moduleBlock != nil { + moduleName = moduleBlock.FullName() + } + rng := defsecTypes.NewRange( + r.Filename, + r.Start.Line, + r.End.Line, + moduleSource, + moduleFS, + ) + + var parts []string + // if there are no labels then use the block type + // this is for the case where "special" keywords like "resource" are used + // as normal block names in top level blocks - see issue tfsec#1528 for an example + if hclBlock.Type != "resource" || len(hclBlock.Labels) == 0 { + parts = append(parts, hclBlock.Type) + } + parts = append(parts, hclBlock.Labels...) + + var parent string + if moduleBlock != nil { + parent = moduleBlock.FullName() + } + ref, _ := newReference(parts, parent) + if len(index) > 0 { + key := index[0] + ref.SetKey(key) + } + + metadata := defsecTypes.NewMetadata(rng, ref.String()) + + if parentBlock != nil { + metadata = metadata.WithParent(parentBlock.metadata) + } else if moduleBlock != nil { + metadata = metadata.WithParent(moduleBlock.GetMetadata()) + } + + b := Block{ + id: uuid.New().String(), + context: ctx, + hclBlock: hclBlock, + moduleBlock: moduleBlock, + moduleSource: moduleSource, + moduleFS: moduleFS, + parentBlock: parentBlock, + metadata: metadata, + reference: *ref, + } + + var children Blocks + switch body := hclBlock.Body.(type) { + case *hclsyntax.Body: + for _, b2 := range body.Blocks { + children = append(children, NewBlock(b2.AsHCLBlock(), ctx, moduleBlock, &b, moduleSource, moduleFS)) + } + default: + content, _, diag := hclBlock.Body.PartialContent(Schema) + if diag == nil { + for _, hb := range content.Blocks { + children = append(children, NewBlock(hb, ctx, moduleBlock, &b, moduleSource, moduleFS)) + } + } + } + + b.childBlocks = children + + for _, attr := range b.createAttributes() { + b.attributes = append(b.attributes, NewAttribute(attr, ctx, moduleName, metadata, *ref, moduleSource, moduleFS)) + } + + return &b +} + +func (b *Block) ID() string { + return b.id +} + +func (b *Block) Reference() Reference { + return b.reference +} + +func (b *Block) GetMetadata() defsecTypes.Metadata { + return b.metadata +} + +func (b *Block) GetRawValue() interface{} { + return nil +} + +func (b *Block) InjectBlock(block *Block, name string) { + block.hclBlock.Labels = []string{} + block.hclBlock.Type = name + for attrName, attr := range block.Attributes() { + b.context.Root().SetByDot(attr.Value(), fmt.Sprintf("%s.%s.%s", b.reference.String(), name, attrName)) + } + b.childBlocks = append(b.childBlocks, block) +} + +func (b *Block) MarkCountExpanded() { + b.expanded = true +} + +func (b *Block) IsCountExpanded() bool { + return b.expanded +} + +func (b *Block) Clone(index cty.Value) *Block { + var childCtx *context.Context + if b.context != nil { + childCtx = b.context.NewChild() + } else { + childCtx = context.NewContext(&hcl.EvalContext{}, nil) + } + + cloneHCL := *b.hclBlock + + clone := NewBlock(&cloneHCL, childCtx, b.moduleBlock, b.parentBlock, b.moduleSource, b.moduleFS, index) + if len(clone.hclBlock.Labels) > 0 { + position := len(clone.hclBlock.Labels) - 1 + labels := make([]string, len(clone.hclBlock.Labels)) + for i := 0; i < len(labels); i++ { + labels[i] = clone.hclBlock.Labels[i] + } + if index.IsKnown() && !index.IsNull() { + switch index.Type() { + case cty.Number: + f, _ := index.AsBigFloat().Float64() + labels[position] = fmt.Sprintf("%s[%d]", clone.hclBlock.Labels[position], int(f)) + case cty.String: + labels[position] = fmt.Sprintf("%s[%q]", clone.hclBlock.Labels[position], index.AsString()) + default: + labels[position] = fmt.Sprintf("%s[%#v]", clone.hclBlock.Labels[position], index) + } + } else { + labels[position] = fmt.Sprintf("%s[%d]", clone.hclBlock.Labels[position], b.cloneIndex) + } + clone.hclBlock.Labels = labels + } + indexVal, _ := gocty.ToCtyValue(index, cty.Number) + clone.context.SetByDot(indexVal, "count.index") + clone.MarkCountExpanded() + b.cloneIndex++ + return clone +} + +func (b *Block) Context() *context.Context { + return b.context +} + +func (b *Block) OverrideContext(ctx *context.Context) { + b.context = ctx + for _, block := range b.childBlocks { + block.OverrideContext(ctx.NewChild()) + } + for _, attr := range b.attributes { + attr.ctx = ctx + } +} + +func (b *Block) Type() string { + return b.hclBlock.Type +} + +func (b *Block) Labels() []string { + return b.hclBlock.Labels +} + +func (b *Block) GetFirstMatchingBlock(names ...string) *Block { + var returnBlock *Block + for _, name := range names { + childBlock := b.GetBlock(name) + if childBlock.IsNotNil() { + return childBlock + } + } + return returnBlock +} + +func (b *Block) createAttributes() hcl.Attributes { + switch body := b.hclBlock.Body.(type) { + case *hclsyntax.Body: + attributes := make(hcl.Attributes) + for _, a := range body.Attributes { + attributes[a.Name] = a.AsHCLAttribute() + } + return attributes + default: + _, body, diag := b.hclBlock.Body.PartialContent(Schema) + if diag != nil { + return nil + } + attrs, diag := body.JustAttributes() + if diag != nil { + return nil + } + return attrs + } +} + +func (b *Block) GetBlock(name string) *Block { + var returnBlock *Block + if b == nil || b.hclBlock == nil { + return returnBlock + } + for _, child := range b.childBlocks { + if child.Type() == name { + return child + } + } + return returnBlock +} + +func (b *Block) AllBlocks() Blocks { + if b == nil || b.hclBlock == nil { + return nil + } + return b.childBlocks +} + +func (b *Block) GetBlocks(name string) Blocks { + if b == nil || b.hclBlock == nil { + return nil + } + var results []*Block + for _, child := range b.childBlocks { + if child.Type() == name { + results = append(results, child) + } + } + return results +} + +func (b *Block) GetAttributes() []*Attribute { + if b == nil { + return nil + } + return b.attributes +} + +func (b *Block) GetAttribute(name string) *Attribute { + if b == nil || b.hclBlock == nil { + return nil + } + for _, attr := range b.attributes { + if attr.Name() == name { + return attr + } + } + return nil +} + +func (b *Block) GetNestedAttribute(name string) (*Attribute, *Block) { + + parts := strings.Split(name, ".") + blocks := parts[:len(parts)-1] + attrName := parts[len(parts)-1] + + working := b + for _, subBlock := range blocks { + if checkBlock := working.GetBlock(subBlock); checkBlock == nil { + return nil, working + } else { + working = checkBlock + } + } + + if working != nil { + return working.GetAttribute(attrName), working + } + + return nil, b +} + +func MapNestedAttribute[T any](block *Block, path string, f func(attr *Attribute, parent *Block) T) T { + return f(block.GetNestedAttribute(path)) +} + +// LocalName is the name relative to the current module +func (b *Block) LocalName() string { + return b.reference.String() +} + +func (b *Block) FullName() string { + + if b.moduleBlock != nil { + return fmt.Sprintf( + "%s.%s", + b.moduleBlock.FullName(), + b.LocalName(), + ) + } + + return b.LocalName() +} + +func (b *Block) ModuleName() string { + name := strings.TrimPrefix(b.LocalName(), "module.") + if b.moduleBlock != nil { + module := strings.TrimPrefix(b.moduleBlock.FullName(), "module.") + name = fmt.Sprintf( + "%s.%s", + module, + name, + ) + } + var parts []string + for _, part := range strings.Split(name, ".") { + part = strings.Split(part, "[")[0] + parts = append(parts, part) + } + return strings.Join(parts, ".") +} + +func (b *Block) UniqueName() string { + if b.moduleBlock != nil { + return fmt.Sprintf("%s:%s:%s", b.FullName(), b.metadata.Range().GetFilename(), b.moduleBlock.UniqueName()) + } + return fmt.Sprintf("%s:%s", b.FullName(), b.metadata.Range().GetFilename()) +} + +func (b *Block) TypeLabel() string { + if len(b.Labels()) > 0 { + return b.Labels()[0] + } + return "" +} + +func (b *Block) NameLabel() string { + if len(b.Labels()) > 1 { + return b.Labels()[1] + } + return "" +} + +func (b *Block) HasChild(childElement string) bool { + return b.GetAttribute(childElement).IsNotNil() || b.GetBlock(childElement).IsNotNil() +} + +func (b *Block) MissingChild(childElement string) bool { + if b == nil { + return true + } + + return !b.HasChild(childElement) +} + +func (b *Block) MissingNestedChild(name string) bool { + if b == nil { + return true + } + + parts := strings.Split(name, ".") + blocks := parts[:len(parts)-1] + last := parts[len(parts)-1] + + working := b + for _, subBlock := range blocks { + if checkBlock := working.GetBlock(subBlock); checkBlock == nil { + return true + } else { + working = checkBlock + } + } + return !working.HasChild(last) + +} + +func (b *Block) InModule() bool { + if b == nil { + return false + } + return b.moduleBlock != nil +} + +func (b *Block) Label() string { + return strings.Join(b.hclBlock.Labels, ".") +} + +func (b *Block) IsResourceType(resourceType string) bool { + return b.TypeLabel() == resourceType +} + +func (b *Block) IsEmpty() bool { + return len(b.AllBlocks()) == 0 && len(b.GetAttributes()) == 0 +} + +func (b *Block) Attributes() map[string]*Attribute { + attributes := make(map[string]*Attribute) + for _, attr := range b.GetAttributes() { + attributes[attr.Name()] = attr + } + return attributes +} + +func (b *Block) Values() cty.Value { + values := createPresetValues(b) + for _, attribute := range b.GetAttributes() { + values[attribute.Name()] = attribute.Value() + } + return cty.ObjectVal(postProcessValues(b, values)) +} + +func (b *Block) IsNil() bool { + return b == nil +} + +func (b *Block) IsNotNil() bool { + return !b.IsNil() +} diff --git a/pkg/iac/terraform/blocks.go b/pkg/iac/terraform/blocks.go new file mode 100644 index 000000000000..311e83583d26 --- /dev/null +++ b/pkg/iac/terraform/blocks.go @@ -0,0 +1,22 @@ +package terraform + +type Blocks []*Block + +func (blocks Blocks) OfType(t string) Blocks { + var results []*Block + for _, block := range blocks { + if block.Type() == t { + results = append(results, block) + } + } + return results +} + +func (blocks Blocks) WithID(id string) *Block { + for _, block := range blocks { + if block.ID() == id { + return block + } + } + return nil +} diff --git a/pkg/iac/terraform/context/context.go b/pkg/iac/terraform/context/context.go new file mode 100644 index 000000000000..496aad1cb920 --- /dev/null +++ b/pkg/iac/terraform/context/context.go @@ -0,0 +1,134 @@ +package context + +import ( + "strings" + + "github.com/hashicorp/hcl/v2" + "github.com/zclconf/go-cty/cty" +) + +type Context struct { + ctx *hcl.EvalContext + parent *Context +} + +func NewContext(ctx *hcl.EvalContext, parent *Context) *Context { + if ctx.Variables == nil { + ctx.Variables = make(map[string]cty.Value) + } + return &Context{ + ctx: ctx, + parent: parent, + } +} + +func (c *Context) NewChild() *Context { + return NewContext(c.ctx.NewChild(), c) +} + +func (c *Context) Parent() *Context { + return c.parent +} + +func (c *Context) Inner() *hcl.EvalContext { + return c.ctx +} + +func (c *Context) Root() *Context { + root := c + for root.Parent() != nil { + root = root.Parent() + } + return root +} + +func (c *Context) Get(parts ...string) cty.Value { + if len(parts) == 0 { + return cty.NilVal + } + src := c.ctx.Variables + for i, part := range parts { + if i == len(parts)-1 { + return src[part] + } + nextPart := src[part] + if nextPart == cty.NilVal { + return cty.NilVal + } + src = nextPart.AsValueMap() + } + return cty.NilVal +} + +func (c *Context) GetByDot(path string) cty.Value { + return c.Get(strings.Split(path, ".")...) +} + +func (c *Context) SetByDot(val cty.Value, path string) { + c.Set(val, strings.Split(path, ".")...) +} + +func (c *Context) Set(val cty.Value, parts ...string) { + if len(parts) == 0 { + return + } + + v := mergeVars(c.ctx.Variables[parts[0]], parts[1:], val) + c.ctx.Variables[parts[0]] = v +} + +func (c *Context) Replace(val cty.Value, path string) { + parts := strings.Split(path, ".") + if len(parts) == 0 { + return + } + + delete(c.ctx.Variables, parts[0]) + c.Set(val, parts...) +} + +func mergeVars(src cty.Value, parts []string, value cty.Value) cty.Value { + + if len(parts) == 0 { + if isNotEmptyObject(src) && isNotEmptyObject(value) { + return mergeObjects(src, value) + } + return value + } + + data := make(map[string]cty.Value) + if src.Type().IsObjectType() && !src.IsNull() && src.LengthInt() > 0 { + data = src.AsValueMap() + tmp, ok := src.AsValueMap()[parts[0]] + if !ok { + src = cty.ObjectVal(make(map[string]cty.Value)) + } else { + src = tmp + } + } + + data[parts[0]] = mergeVars(src, parts[1:], value) + + return cty.ObjectVal(data) +} + +func mergeObjects(a cty.Value, b cty.Value) cty.Value { + output := make(map[string]cty.Value) + + for key, val := range a.AsValueMap() { + output[key] = val + } + for key, val := range b.AsValueMap() { + old, exists := output[key] + if exists && isNotEmptyObject(old) && isNotEmptyObject(val) { + output[key] = mergeObjects(old, val) + } else { + output[key] = val + } + } + return cty.ObjectVal(output) +} + +func isNotEmptyObject(val cty.Value) bool { + return !val.IsNull() && val.IsKnown() && val.Type().IsObjectType() && val.LengthInt() > 0 +} diff --git a/pkg/iac/terraform/context/context_test.go b/pkg/iac/terraform/context/context_test.go new file mode 100644 index 000000000000..8185d7b9892d --- /dev/null +++ b/pkg/iac/terraform/context/context_test.go @@ -0,0 +1,238 @@ +package context + +import ( + "testing" + + "github.com/hashicorp/hcl/v2" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/zclconf/go-cty/cty" + "github.com/zclconf/go-cty/cty/gocty" +) + +func Test_ContextVariables(t *testing.T) { + underlying := &hcl.EvalContext{} + ctx := NewContext(underlying, nil) + + val, err := gocty.ToCtyValue("hello", cty.String) + if err != nil { + t.Fatal(err) + } + + ctx.Set(val, "my", "value") + value := underlying.Variables["my"].AsValueMap()["value"] + assert.Equal(t, "hello", value.AsString()) + +} + +func Test_ContextVariablesPreservation(t *testing.T) { + + underlying := &hcl.EvalContext{} + underlying.Variables = make(map[string]cty.Value) + underlying.Variables["x"], _ = gocty.ToCtyValue("does it work?", cty.String) + str, _ := gocty.ToCtyValue("something", cty.String) + underlying.Variables["my"] = cty.ObjectVal(map[string]cty.Value{ + "other": str, + "obj": cty.ObjectVal(map[string]cty.Value{ + "another": str, + }), + }) + ctx := NewContext(underlying, nil) + + val, err := gocty.ToCtyValue("hello", cty.String) + if err != nil { + t.Fatal(err) + } + + ctx.Set(val, "my", "value") + assert.Equal(t, "hello", underlying.Variables["my"].AsValueMap()["value"].AsString()) + assert.Equal(t, "something", underlying.Variables["my"].AsValueMap()["other"].AsString()) + assert.Equal(t, "something", underlying.Variables["my"].AsValueMap()["obj"].AsValueMap()["another"].AsString()) + assert.Equal(t, "does it work?", underlying.Variables["x"].AsString()) + +} + +func Test_ContextVariablesPreservationByDot(t *testing.T) { + + underlying := &hcl.EvalContext{} + underlying.Variables = make(map[string]cty.Value) + underlying.Variables["x"], _ = gocty.ToCtyValue("does it work?", cty.String) + str, _ := gocty.ToCtyValue("something", cty.String) + underlying.Variables["my"] = cty.ObjectVal(map[string]cty.Value{ + "other": str, + "obj": cty.ObjectVal(map[string]cty.Value{ + "another": str, + }), + }) + ctx := NewContext(underlying, nil) + + val, err := gocty.ToCtyValue("hello", cty.String) + if err != nil { + t.Fatal(err) + } + + ctx.SetByDot(val, "my.something.value") + assert.Equal(t, "hello", underlying.Variables["my"].AsValueMap()["something"].AsValueMap()["value"].AsString()) + assert.Equal(t, "something", underlying.Variables["my"].AsValueMap()["other"].AsString()) + assert.Equal(t, "something", underlying.Variables["my"].AsValueMap()["obj"].AsValueMap()["another"].AsString()) + assert.Equal(t, "does it work?", underlying.Variables["x"].AsString()) +} + +func Test_ContextSetThenImmediateGet(t *testing.T) { + + underlying := &hcl.EvalContext{} + + ctx := NewContext(underlying, nil) + + ctx.Set(cty.ObjectVal(map[string]cty.Value{ + "mod_result": cty.StringVal("ok"), + }), "module", "modulename") + + val := ctx.Get("module", "modulename", "mod_result") + assert.Equal(t, "ok", val.AsString()) +} + +func Test_ContextSetThenImmediateGetWithChild(t *testing.T) { + + underlying := &hcl.EvalContext{} + + ctx := NewContext(underlying, nil) + + childCtx := ctx.NewChild() + + childCtx.Root().Set(cty.ObjectVal(map[string]cty.Value{ + "mod_result": cty.StringVal("ok"), + }), "module", "modulename") + + val := ctx.Get("module", "modulename", "mod_result") + assert.Equal(t, "ok", val.AsString()) +} + +func Test_MergeObjects(t *testing.T) { + + tests := []struct { + name string + oldVal cty.Value + newVal cty.Value + expected cty.Value + }{ + { + name: "happy", + oldVal: cty.ObjectVal(map[string]cty.Value{ + "this": cty.ObjectVal(map[string]cty.Value{ + "id": cty.StringVal("some_id"), + "arn": cty.StringVal("some_arn"), + }), + }), + newVal: cty.ObjectVal(map[string]cty.Value{ + "this": cty.ObjectVal(map[string]cty.Value{ + "arn": cty.StringVal("some_new_arn"), + "bucket": cty.StringVal("test"), + }), + }), + expected: cty.ObjectVal(map[string]cty.Value{ + "this": cty.ObjectVal(map[string]cty.Value{ + "id": cty.StringVal("some_id"), + "arn": cty.StringVal("some_new_arn"), + "bucket": cty.StringVal("test"), + }), + }), + }, + { + name: "old value is empty", + oldVal: cty.EmptyObjectVal, + newVal: cty.ObjectVal(map[string]cty.Value{ + "this": cty.ObjectVal(map[string]cty.Value{ + "bucket": cty.StringVal("test"), + }), + }), + expected: cty.ObjectVal(map[string]cty.Value{ + "this": cty.ObjectVal(map[string]cty.Value{ + "bucket": cty.StringVal("test"), + }), + }), + }, + { + name: "new value is empty", + oldVal: cty.ObjectVal(map[string]cty.Value{ + "this": cty.ObjectVal(map[string]cty.Value{ + "bucket": cty.StringVal("test"), + }), + }), + newVal: cty.EmptyObjectVal, + expected: cty.ObjectVal(map[string]cty.Value{ + "this": cty.ObjectVal(map[string]cty.Value{ + "bucket": cty.StringVal("test"), + }), + }), + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + assert.Equal(t, tt.expected, mergeObjects(tt.oldVal, tt.newVal)) + }) + } + +} + +func Test_IsNotEmptyObject(t *testing.T) { + tests := []struct { + name string + val cty.Value + expected bool + }{ + { + name: "happy", + val: cty.ObjectVal(map[string]cty.Value{ + "field": cty.NilVal, + }), + expected: true, + }, + { + name: "empty object", + val: cty.EmptyObjectVal, + expected: false, + }, + { + name: "nil value", + val: cty.NilVal, + expected: false, + }, + { + name: "dynamic value", + val: cty.DynamicVal, + expected: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + assert.Equal(t, tt.expected, isNotEmptyObject(tt.val)) + }) + } +} + +func TestReplace(t *testing.T) { + t.Run("replacement of an existing value", func(t *testing.T) { + underlying := &hcl.EvalContext{} + ctx := NewContext(underlying, nil) + ctx.SetByDot(cty.StringVal("some-value"), "my.value") + require.NotEqual(t, cty.NilVal, ctx.GetByDot("my.value")) + ctx.Replace(cty.NumberIntVal(-1), "my.value") + assert.Equal(t, cty.NumberIntVal(-1), ctx.GetByDot("my.value")) + }) + + t.Run("replacement of a non-existing value", func(t *testing.T) { + underlying := &hcl.EvalContext{} + ctx := NewContext(underlying, nil) + ctx.Replace(cty.NumberIntVal(-1), "my.value") + assert.Equal(t, cty.NumberIntVal(-1), ctx.GetByDot("my.value")) + }) + + t.Run("empty path", func(t *testing.T) { + underlying := &hcl.EvalContext{} + ctx := NewContext(underlying, nil) + ctx.Replace(cty.NumberIntVal(-1), "") + }) +} diff --git a/pkg/iac/terraform/ignore.go b/pkg/iac/terraform/ignore.go new file mode 100644 index 000000000000..310425efdd7c --- /dev/null +++ b/pkg/iac/terraform/ignore.go @@ -0,0 +1,100 @@ +package terraform + +import ( + "fmt" + "time" + + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + + "github.com/zclconf/go-cty/cty" +) + +type Ignore struct { + Range defsecTypes.Range + RuleID string + Expiry *time.Time + Workspace string + Block bool + Params map[string]string +} + +type Ignores []Ignore + +func (ignores Ignores) Covering(modules Modules, m defsecTypes.Metadata, workspace string, ids ...string) *Ignore { + for _, ignore := range ignores { + if ignore.Covering(modules, m, workspace, ids...) { + return &ignore + } + } + return nil +} + +func (ignore Ignore) Covering(modules Modules, m defsecTypes.Metadata, workspace string, ids ...string) bool { + if ignore.Expiry != nil && time.Now().After(*ignore.Expiry) { + return false + } + if ignore.Workspace != "" && ignore.Workspace != workspace { + return false + } + idMatch := ignore.RuleID == "*" || len(ids) == 0 + for _, id := range ids { + if id == ignore.RuleID { + idMatch = true + break + } + } + if !idMatch { + return false + } + + metaHierarchy := &m + for metaHierarchy != nil { + if ignore.Range.GetFilename() != metaHierarchy.Range().GetFilename() { + metaHierarchy = metaHierarchy.Parent() + continue + } + if metaHierarchy.Range().GetStartLine() == ignore.Range.GetStartLine()+1 || metaHierarchy.Range().GetStartLine() == ignore.Range.GetStartLine() { + return ignore.MatchParams(modules, metaHierarchy) + } + metaHierarchy = metaHierarchy.Parent() + } + return false + +} + +func (ignore Ignore) MatchParams(modules Modules, blockMetadata *defsecTypes.Metadata) bool { + if len(ignore.Params) == 0 { + return true + } + block := modules.GetBlockByIgnoreRange(blockMetadata) + if block == nil { + return true + } + for key, val := range ignore.Params { + attr := block.GetAttribute(key) + if attr.IsNil() || !attr.Value().IsKnown() { + return false + } + switch attr.Type() { + case cty.String: + if !attr.Equals(val) { + return false + } + case cty.Number: + bf := attr.Value().AsBigFloat() + f64, _ := bf.Float64() + comparableInt := fmt.Sprintf("%d", int(f64)) + comparableFloat := fmt.Sprintf("%f", f64) + if val != comparableInt && val != comparableFloat { + return false + } + case cty.Bool: + if fmt.Sprintf("%t", attr.IsTrue()) != val { + return false + } + default: + return false + } + } + return true +} diff --git a/pkg/iac/terraform/module.go b/pkg/iac/terraform/module.go new file mode 100644 index 000000000000..673e3ac7f625 --- /dev/null +++ b/pkg/iac/terraform/module.go @@ -0,0 +1,188 @@ +package terraform + +import ( + "fmt" + "strings" +) + +type Module struct { + blocks Blocks + blockMap map[string]Blocks + rootPath string + modulePath string + ignores Ignores + parent *Module + local bool +} + +func NewModule(rootPath string, modulePath string, blocks Blocks, ignores Ignores, local bool) *Module { + + blockMap := make(map[string]Blocks) + + for _, b := range blocks { + if b.NameLabel() != "" { + blockMap[b.TypeLabel()] = append(blockMap[b.TypeLabel()], b) + } + } + + return &Module{ + blocks: blocks, + ignores: ignores, + blockMap: blockMap, + rootPath: rootPath, + modulePath: modulePath, + local: local, + } +} + +func (c *Module) SetParent(parent *Module) { + c.parent = parent +} + +func (c *Module) RootPath() string { + return c.rootPath +} + +func (c *Module) Ignores() Ignores { + return c.ignores +} + +func (c *Module) GetBlocks() Blocks { + return c.blocks +} + +func (h *Module) GetBlocksByTypeLabel(typeLabel string) Blocks { + return h.blockMap[typeLabel] +} + +func (c *Module) getBlocksByType(blockType string, labels ...string) Blocks { + if blockType == "module" { + return c.getModuleBlocks() + } + var results Blocks + for _, label := range labels { + for _, block := range c.blockMap[label] { + if block.Type() == blockType { + results = append(results, block) + } + } + } + return results +} + +func (c *Module) getModuleBlocks() Blocks { + var results Blocks + for _, block := range c.blocks { + if block.Type() == "module" { + results = append(results, block) + } + } + return results +} + +func (c *Module) GetResourcesByType(labels ...string) Blocks { + return c.getBlocksByType("resource", labels...) +} + +func (c *Module) GetResourcesByIDs(ids ...string) Blocks { + var blocks Blocks + + for _, id := range ids { + if block := c.blocks.WithID(id); block != nil { + blocks = append(blocks, block) + } + } + return blocks +} + +func (c *Module) GetDatasByType(label string) Blocks { + return c.getBlocksByType("data", label) +} + +func (c *Module) GetProviderBlocksByProvider(providerName string, alias string) Blocks { + var results Blocks + for _, block := range c.blocks { + if block.Type() == "provider" && len(block.Labels()) > 0 && block.TypeLabel() == providerName { + if alias != "" { + if block.HasChild("alias") && block.GetAttribute("alias").Equals(strings.ReplaceAll(alias, fmt.Sprintf("%s.", providerName), "")) { + results = append(results, block) + + } + } else if block.MissingChild("alias") { + results = append(results, block) + } + } + } + return results +} + +func (c *Module) GetReferencedBlock(referringAttr *Attribute, parentBlock *Block) (*Block, error) { + for _, ref := range referringAttr.AllReferences() { + if ref.TypeLabel() == "each" { + if forEachAttr := parentBlock.GetAttribute("for_each"); forEachAttr.IsNotNil() { + if b, err := c.GetReferencedBlock(forEachAttr, parentBlock); err == nil { + return b, nil + } + } + } + for _, block := range c.blocks { + if ref.RefersTo(block.reference) { + return block, nil + } + kref := *ref + kref.SetKey(parentBlock.reference.RawKey()) + if kref.RefersTo(block.reference) { + return block, nil + } + } + } + return nil, fmt.Errorf("no referenced block found in '%s'", referringAttr.Name()) +} + +func (c *Module) GetBlockByID(id string) (*Block, error) { + found := c.blocks.WithID(id) + if found == nil { + return nil, fmt.Errorf("no block found with id '%s'", id) + } + return found, nil +} + +func (c *Module) GetReferencingResources(originalBlock *Block, referencingLabel string, referencingAttributeName string) Blocks { + return c.GetReferencingBlocks(originalBlock, "resource", referencingLabel, referencingAttributeName) +} + +func (c *Module) GetsModulesBySource(moduleSource string) (Blocks, error) { + var results Blocks + + modules := c.getModuleBlocks() + for _, module := range modules { + if module.HasChild("source") && module.GetAttribute("source").Equals(moduleSource) { + results = append(results, module) + } + } + return results, nil +} + +func (c *Module) GetReferencingBlocks(originalBlock *Block, referencingType string, referencingLabel string, referencingAttributeName string) Blocks { + blocks := c.getBlocksByType(referencingType, referencingLabel) + var results Blocks + for _, block := range blocks { + attr := block.GetAttribute(referencingAttributeName) + if attr == nil { + continue + } + if attr.References(originalBlock.reference) { + results = append(results, block) + } else { + for _, ref := range attr.AllReferences() { + if ref.TypeLabel() == "each" { + fe := block.GetAttribute("for_each") + if fe.References(originalBlock.reference) { + results = append(results, block) + } + } + } + } + } + return results +} diff --git a/pkg/iac/terraform/modules.go b/pkg/iac/terraform/modules.go new file mode 100644 index 000000000000..296839b16751 --- /dev/null +++ b/pkg/iac/terraform/modules.go @@ -0,0 +1,118 @@ +package terraform + +import ( + "fmt" + + "github.com/aquasecurity/trivy/pkg/iac/types" +) + +type Modules []*Module + +func (m Modules) ChildModulesPaths() []string { + var result []string + for _, module := range m { + if module.parent != nil && module.local { + result = append(result, module.modulePath) + } + } + return result +} + +type ResourceIDResolutions map[string]bool + +func (r ResourceIDResolutions) Resolve(id string) { + r[id] = true +} + +func (r ResourceIDResolutions) Orphans() (orphanIDs []string) { + for id, resolved := range r { + if !resolved { + orphanIDs = append(orphanIDs, id) + } + } + return orphanIDs +} + +func (m Modules) GetResourcesByType(typeLabel ...string) Blocks { + var blocks Blocks + for _, module := range m { + blocks = append(blocks, module.GetResourcesByType(typeLabel...)...) + } + + return blocks +} + +func (m Modules) GetChildResourceIDMapByType(typeLabels ...string) ResourceIDResolutions { + blocks := m.GetResourcesByType(typeLabels...) + + idMap := make(map[string]bool) + for _, block := range blocks { + idMap[block.ID()] = false + } + + return idMap +} + +func (m Modules) GetReferencedBlock(referringAttr *Attribute, parentBlock *Block) (*Block, error) { + var bestMatch *Block + for _, module := range m { + b, err := module.GetReferencedBlock(referringAttr, parentBlock) + if err == nil { + if bestMatch == nil || b.moduleBlock == parentBlock.moduleBlock { + bestMatch = b + } + } + } + if bestMatch != nil { + return bestMatch, nil + } + return nil, fmt.Errorf("block not found") +} + +func (m Modules) GetReferencingResources(originalBlock *Block, referencingLabel string, referencingAttributeName string) Blocks { + var blocks Blocks + for _, module := range m { + blocks = append(blocks, module.GetReferencingResources(originalBlock, referencingLabel, referencingAttributeName)...) + } + + return blocks +} + +func (m Modules) GetBlocks() Blocks { + var blocks Blocks + for _, module := range m { + blocks = append(blocks, module.GetBlocks()...) + } + return blocks +} + +func (m Modules) GetBlockById(id string) (*Block, error) { + for _, module := range m { + if found := module.blocks.WithID(id); found != nil { + return found, nil + } + + } + return nil, fmt.Errorf("block not found") +} + +func (m Modules) GetResourceByIDs(id ...string) Blocks { + var blocks Blocks + for _, module := range m { + blocks = append(blocks, module.GetResourcesByIDs(id...)...) + } + + return blocks +} + +func (m Modules) GetBlockByIgnoreRange(blockMetadata *types.Metadata) *Block { + for _, module := range m { + for _, block := range module.GetBlocks() { + metadata := block.GetMetadata() + if blockMetadata.Reference() == metadata.Reference() { + return block + } + } + } + return nil +} diff --git a/pkg/iac/terraform/presets.go b/pkg/iac/terraform/presets.go new file mode 100644 index 000000000000..6dff625a29c7 --- /dev/null +++ b/pkg/iac/terraform/presets.go @@ -0,0 +1,56 @@ +package terraform + +import ( + "fmt" + "strings" + + "github.com/google/uuid" + "github.com/zclconf/go-cty/cty" +) + +func createPresetValues(b *Block) map[string]cty.Value { + presets := make(map[string]cty.Value) + + // here we set up common "id" values that are set by the provider - this ensures all blocks have a default + // referencable id/arn. this isn't perfect, but the only way to link blocks in certain circumstances. + presets["id"] = cty.StringVal(b.ID()) + + if strings.HasPrefix(b.TypeLabel(), "aws_") { + presets["arn"] = cty.StringVal(b.ID()) + } + + // workaround for weird iam feature + switch b.TypeLabel() { + case "aws_iam_policy_document": + presets["json"] = cty.StringVal(b.ID()) + // If the user leaves the name blank, Terraform will automatically generate a unique name + case "aws_launch_template": + presets["name"] = cty.StringVal(uuid.New().String()) + } + + return presets + +} + +func postProcessValues(b *Block, input map[string]cty.Value) map[string]cty.Value { + + // alias id to "bucket" (bucket name) for s3 bucket resources + if strings.HasPrefix(b.TypeLabel(), "aws_s3_bucket") { + if bucket, ok := input["bucket"]; ok { + input["id"] = bucket + } else { + input["bucket"] = cty.StringVal(b.ID()) + } + } + + switch b.TypeLabel() { + case "aws_s3_bucket": + var bucketName string + if bucket := input["bucket"]; bucket.Type().Equals(cty.String) { + bucketName = bucket.AsString() + } + input["arn"] = cty.StringVal(fmt.Sprintf("arn:aws:s3:::%s", bucketName)) + } + + return input +} diff --git a/pkg/iac/terraform/reference.go b/pkg/iac/terraform/reference.go new file mode 100644 index 000000000000..978773da5010 --- /dev/null +++ b/pkg/iac/terraform/reference.go @@ -0,0 +1,177 @@ +package terraform + +import ( + "fmt" + + "github.com/zclconf/go-cty/cty" +) + +type Reference struct { + blockType Type + typeLabel string + nameLabel string + remainder []string + key cty.Value + parent string +} + +func extendReference(ref Reference, name string) Reference { + child := ref + child.remainder = make([]string, len(ref.remainder)) + if len(ref.remainder) > 0 { + copy(child.remainder, ref.remainder) + } + child.remainder = append(child.remainder, name) + return child +} + +func newReference(parts []string, parentKey string) (*Reference, error) { + + var ref Reference + + if len(parts) == 0 { + return nil, fmt.Errorf("cannot create empty reference") + } + + blockType, err := TypeFromRefName(parts[0]) + if err != nil { + blockType = &TypeResource + } + + ref.blockType = *blockType + + if ref.blockType.removeTypeInReference && parts[0] != blockType.name { + ref.typeLabel = parts[0] + if len(parts) > 1 { + ref.nameLabel = parts[1] + } + } else if len(parts) > 1 { + ref.typeLabel = parts[1] + if len(parts) > 2 { + ref.nameLabel = parts[2] + } else { + ref.nameLabel = ref.typeLabel + ref.typeLabel = "" + } + } + if len(parts) > 3 { + ref.remainder = parts[3:] + } + + if parentKey != "root" { + ref.parent = parentKey + } + + return &ref, nil +} + +func (r Reference) BlockType() Type { + return r.blockType +} + +func (r Reference) TypeLabel() string { + return r.typeLabel +} + +func (r Reference) NameLabel() string { + return r.nameLabel +} + +func (r Reference) HumanReadable() string { + if r.parent == "" { + return r.String() + } + return fmt.Sprintf("%s:%s", r.parent, r.String()) +} + +func (r Reference) LogicalID() string { + return r.String() +} + +func (r Reference) String() string { + + base := r.typeLabel + if r.nameLabel != "" { + base = fmt.Sprintf("%s.%s", base, r.nameLabel) + } + + if !r.blockType.removeTypeInReference { + base = r.blockType.Name() + if r.typeLabel != "" { + base += "." + r.typeLabel + } + if r.nameLabel != "" { + base += "." + r.nameLabel + } + } + + base += r.KeyBracketed() + + for _, rem := range r.remainder { + base += "." + rem + } + + return base +} + +func (r Reference) RefersTo(other Reference) bool { + + if r.BlockType() != other.BlockType() { + return false + } + if r.TypeLabel() != other.TypeLabel() { + return false + } + if r.NameLabel() != other.NameLabel() { + return false + } + if (r.Key() != "" || other.Key() != "") && r.Key() != other.Key() { + return false + } + return true +} + +func (r *Reference) SetKey(key cty.Value) { + if key.IsNull() || !key.IsKnown() { + return + } + r.key = key +} + +func (r Reference) KeyBracketed() string { + switch v := key(r).(type) { + case int: + return fmt.Sprintf("[%d]", v) + case string: + if v == "" { + return "" + } + return fmt.Sprintf("[%q]", v) + default: + return "" + } +} + +func (r Reference) RawKey() cty.Value { + return r.key +} + +func (r Reference) Key() string { + return fmt.Sprintf("%v", key(r)) +} + +func key(r Reference) interface{} { + if r.key.IsNull() || !r.key.IsKnown() { + return "" + } + switch r.key.Type() { + case cty.Number: + f := r.key.AsBigFloat() + f64, _ := f.Float64() + return int(f64) + case cty.String: + return r.key.AsString() + default: + return "" + } +} diff --git a/pkg/iac/terraform/reference_test.go b/pkg/iac/terraform/reference_test.go new file mode 100644 index 000000000000..1b6a7b59be73 --- /dev/null +++ b/pkg/iac/terraform/reference_test.go @@ -0,0 +1,171 @@ +package terraform + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/zclconf/go-cty/cty" +) + +func Test_ReferenceParsing(t *testing.T) { + cases := []struct { + input []string + expected string + }{ + { + input: []string{"module", "my-mod"}, + expected: "module.my-mod", + }, + { + input: []string{"aws_s3_bucket", "test"}, + expected: "aws_s3_bucket.test", + }, + { + input: []string{"resource", "aws_s3_bucket", "test"}, + expected: "aws_s3_bucket.test", + }, + { + input: []string{"module", "my-mod"}, + expected: "module.my-mod", + }, + { + input: []string{"data", "aws_iam_policy_document", "s3_policy"}, + expected: "data.aws_iam_policy_document.s3_policy", + }, + { + input: []string{"provider", "aws"}, + expected: "provider.aws", + }, + { + input: []string{"output", "something"}, + expected: "output.something", + }, + } + + for _, test := range cases { + t.Run(test.expected, func(t *testing.T) { + ref, err := newReference(test.input, "") + assert.NoError(t, err) + assert.Equal(t, test.expected, ref.String()) + }) + } +} + +func Test_SetKey(t *testing.T) { + tests := []struct { + name string + key cty.Value + want cty.Value + }{ + { + name: "happy", + key: cty.StringVal("str"), + want: cty.StringVal("str"), + }, + { + name: "null key", + key: cty.NullVal(cty.String), + want: cty.Value{}, + }, + { + name: "unknown key", + key: cty.UnknownVal(cty.String), + want: cty.Value{}, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Run(tt.name, func(t *testing.T) { + ref, err := newReference([]string{"resource", "test"}, "") + require.NoError(t, err) + + ref.SetKey(tt.key) + + assert.Equal(t, tt.want, ref.RawKey()) + }) + }) + } +} + +func Test_Key(t *testing.T) { + + tests := []struct { + name string + key cty.Value + want string + }{ + { + name: "empty key", + want: "", + }, + { + name: "str key", + key: cty.StringVal("some_value"), + want: "some_value", + }, + { + name: "number key", + key: cty.NumberIntVal(122), + want: "122", + }, + { + name: "bool key", + key: cty.BoolVal(true), + want: "", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Run(tt.name, func(t *testing.T) { + ref, err := newReference([]string{"resource", "test"}, "") + require.NoError(t, err) + + ref.SetKey(tt.key) + + assert.Equal(t, tt.want, ref.Key()) + }) + }) + } +} + +func Test_KeyBracketed(t *testing.T) { + tests := []struct { + name string + key cty.Value + want string + }{ + { + name: "empty key", + want: "", + }, + { + name: "str key", + key: cty.StringVal("some_value"), + want: "[\"some_value\"]", + }, + { + name: "number key", + key: cty.NumberIntVal(122), + want: "[122]", + }, + { + name: "bool key", + key: cty.BoolVal(true), + want: "", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + ref, err := newReference([]string{"resource", "test"}, "") + require.NoError(t, err) + + ref.SetKey(tt.key) + + assert.Equal(t, tt.want, ref.KeyBracketed()) + }) + } +} diff --git a/pkg/iac/terraform/resource_block.go b/pkg/iac/terraform/resource_block.go new file mode 100644 index 000000000000..cc50c8d9b872 --- /dev/null +++ b/pkg/iac/terraform/resource_block.go @@ -0,0 +1,160 @@ +package terraform + +import ( + "bytes" + "fmt" + "strings" + "text/template" +) + +type PlanReference struct { + Value interface{} +} + +type PlanBlock struct { + Type string + Name string + BlockType string + Blocks map[string]map[string]interface{} + Attributes map[string]interface{} +} + +func NewPlanBlock(blockType, resourceType, resourceName string) *PlanBlock { + if blockType == "managed" { + blockType = "resource" + } + + return &PlanBlock{ + Type: resourceType, + Name: resourceName, + BlockType: blockType, + Blocks: make(map[string]map[string]interface{}), + Attributes: make(map[string]interface{}), + } +} + +func (rb *PlanBlock) HasAttribute(attribute string) bool { + for k := range rb.Attributes { + if k == attribute { + return true + } + } + return false +} + +func (rb *PlanBlock) ToHCL() string { + + resourceTmpl, err := template.New("resource").Funcs(template.FuncMap{ + "RenderValue": renderTemplateValue, + "RenderPrimitive": renderPrimitive, + }).Parse(resourceTemplate) + if err != nil { + panic(err) + } + + var res bytes.Buffer + if err := resourceTmpl.Execute(&res, map[string]interface{}{ + "BlockType": rb.BlockType, + "Type": rb.Type, + "Name": rb.Name, + "Attributes": rb.Attributes, + "Blocks": rb.Blocks, + }); err != nil { + return "" + } + return res.String() +} + +var resourceTemplate = `{{ .BlockType }} "{{ .Type }}" "{{ .Name }}" { + {{ range $name, $value := .Attributes }}{{ if $value }}{{ $name }} {{ RenderValue $value }} + {{end}}{{ end }}{{ range $name, $block := .Blocks }}{{ $name }} { + {{ range $name, $value := $block }}{{ if $value }}{{ $name }} {{ RenderValue $value }} + {{end}}{{ end }}} +{{end}}}` + +func renderTemplateValue(val interface{}) string { + switch t := val.(type) { + case map[string]interface{}: + return fmt.Sprintf("= %s", renderMap(t)) + case []interface{}: + if isMapSlice(t) { + return renderSlice(t) + } + return fmt.Sprintf("= %s", renderSlice(t)) + default: + return fmt.Sprintf("= %s", renderPrimitive(val)) + } +} + +func renderPrimitive(val interface{}) string { + switch t := val.(type) { + case PlanReference: + return fmt.Sprintf("%v", t.Value) + case string: + if strings.Contains(t, "\n") { + return fmt.Sprintf(`< i +} + +func (s IntValue) ToRego() interface{} { + m := s.metadata.ToRego().(map[string]interface{}) + m["value"] = s.Value() + return m +} diff --git a/pkg/iac/types/int_test.go b/pkg/iac/types/int_test.go new file mode 100644 index 000000000000..83e2d65cf0b0 --- /dev/null +++ b/pkg/iac/types/int_test.go @@ -0,0 +1,21 @@ +package types + +import ( + "encoding/json" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func Test_IntJSON(t *testing.T) { + val := Int(0x66, NewMetadata(NewRange("main.tf", 123, 123, "", nil), "")) + data, err := json.Marshal(val) + require.NoError(t, err) + + var restored IntValue + err = json.Unmarshal(data, &restored) + require.NoError(t, err) + + assert.Equal(t, val, restored) +} diff --git a/pkg/iac/types/map.go b/pkg/iac/types/map.go new file mode 100755 index 000000000000..95a0e6851700 --- /dev/null +++ b/pkg/iac/types/map.go @@ -0,0 +1,92 @@ +package types + +import ( + "encoding/json" +) + +type MapValue struct { + BaseAttribute + value map[string]string +} + +func (b MapValue) MarshalJSON() ([]byte, error) { + return json.Marshal(map[string]interface{}{ + "value": b.value, + "metadata": b.metadata, + }) +} + +func (b *MapValue) UnmarshalJSON(data []byte) error { + var keys map[string]interface{} + if err := json.Unmarshal(data, &keys); err != nil { + return err + } + if keys["value"] != nil { + var target map[string]string + raw, err := json.Marshal(keys["value"]) + if err != nil { + return err + } + if err := json.Unmarshal(raw, &target); err != nil { + return err + } + b.value = target + } + if keys["metadata"] != nil { + raw, err := json.Marshal(keys["metadata"]) + if err != nil { + return err + } + var m Metadata + if err := json.Unmarshal(raw, &m); err != nil { + return err + } + b.metadata = m + } + return nil +} + +func Map(value map[string]string, m Metadata) MapValue { + return MapValue{ + value: value, + BaseAttribute: BaseAttribute{metadata: m}, + } +} + +func MapDefault(value map[string]string, m Metadata) MapValue { + b := Map(value, m) + b.BaseAttribute.metadata.isDefault = true + return b +} + +func MapExplicit(value map[string]string, m Metadata) MapValue { + b := Map(value, m) + b.BaseAttribute.metadata.isExplicit = true + return b +} + +func (b MapValue) Value() map[string]string { + return b.value +} + +func (b MapValue) GetRawValue() interface{} { + return b.value +} + +func (b MapValue) Len() int { + return len(b.value) +} + +func (b MapValue) HasKey(key string) bool { + if b.value == nil { + return false + } + _, ok := b.value[key] + return ok +} + +func (s MapValue) ToRego() interface{} { + m := s.metadata.ToRego().(map[string]interface{}) + m["value"] = s.Value() + return m +} diff --git a/pkg/iac/types/map_test.go b/pkg/iac/types/map_test.go new file mode 100644 index 000000000000..1dba9504b30c --- /dev/null +++ b/pkg/iac/types/map_test.go @@ -0,0 +1,25 @@ +package types + +import ( + "encoding/json" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func Test_MapJSON(t *testing.T) { + val := Map(map[string]string{ + "yeah": "it", + "seems": "to", + "work": "fine", + }, NewMetadata(NewRange("main.tf", 123, 123, "", nil), "")) + data, err := json.Marshal(val) + require.NoError(t, err) + + var restored MapValue + err = json.Unmarshal(data, &restored) + require.NoError(t, err) + + assert.Equal(t, val, restored) +} diff --git a/pkg/iac/types/metadata.go b/pkg/iac/types/metadata.go new file mode 100755 index 000000000000..6b130eb3d17e --- /dev/null +++ b/pkg/iac/types/metadata.go @@ -0,0 +1,222 @@ +package types + +import ( + "encoding/json" + "fmt" + "strings" +) + +type Metadata struct { + rnge Range + ref string + isManaged bool + isDefault bool + isExplicit bool + isUnresolvable bool + parent *Metadata + internal interface{} +} + +func (m Metadata) MarshalJSON() ([]byte, error) { + return json.Marshal(map[string]interface{}{ + "range": m.rnge, + "ref": m.ref, + "managed": m.isManaged, + "default": m.isDefault, + "explicit": m.isExplicit, + "unresolvable": m.isUnresolvable, + "parent": m.parent, + }) +} + +func (m *Metadata) UnmarshalJSON(data []byte) error { + var keys map[string]interface{} + if err := json.Unmarshal(data, &keys); err != nil { + return err + } + if keys["range"] != nil { + raw, err := json.Marshal(keys["range"]) + if err != nil { + return err + } + var r Range + if err := json.Unmarshal(raw, &r); err != nil { + return err + } + m.rnge = r + } + if keys["ref"] != nil { + m.ref = keys["ref"].(string) + } + if keys["managed"] != nil { + m.isManaged = keys["managed"].(bool) + } + if keys["default"] != nil { + m.isDefault = keys["default"].(bool) + } + if keys["explicit"] != nil { + m.isExplicit = keys["explicit"].(bool) + } + if keys["unresolvable"] != nil { + m.isUnresolvable = keys["unresolvable"].(bool) + } + if keys["parent"] != nil { + if _, ok := keys["parent"].(map[string]interface{}); ok { + raw, err := json.Marshal(keys["parent"]) + if err != nil { + return err + } + var parent Metadata + if err := json.Unmarshal(raw, &parent); err != nil { + return err + } + m.parent = &parent + } + } + return nil +} + +func (m *Metadata) ToRego() interface{} { + input := map[string]interface{}{ + "filepath": m.Range().GetLocalFilename(), + "startline": m.Range().GetStartLine(), + "endline": m.Range().GetEndLine(), + "sourceprefix": m.Range().GetSourcePrefix(), + "managed": m.isManaged, + "explicit": m.isExplicit, + "fskey": CreateFSKey(m.Range().GetFS()), + "resource": m.Reference(), + } + if m.parent != nil { + input["parent"] = m.parent.ToRego() + } + return input +} + +func NewMetadata(r Range, ref string) Metadata { + return Metadata{ + rnge: r, + ref: ref, + isManaged: true, + } +} + +func NewUnresolvableMetadata(r Range, ref string) Metadata { + unres := NewMetadata(r, ref) + unres.isUnresolvable = true + return unres +} + +func NewExplicitMetadata(r Range, ref string) Metadata { + m := NewMetadata(r, ref) + m.isExplicit = true + return m +} + +func (m Metadata) WithParent(p Metadata) Metadata { + m.parent = &p + return m +} + +func (m *Metadata) SetParentPtr(p *Metadata) { + m.parent = p +} + +func (m Metadata) Parent() *Metadata { + return m.parent +} + +func (m Metadata) Root() Metadata { + meta := &m + for meta.Parent() != nil { + meta = meta.Parent() + } + return *meta +} + +func (m Metadata) WithInternal(internal interface{}) Metadata { + m.internal = internal + return m +} + +func (m Metadata) Internal() interface{} { + return m.internal +} + +func (m Metadata) IsMultiLine() bool { + return m.rnge.GetStartLine() < m.rnge.GetEndLine() +} + +func NewUnmanagedMetadata() Metadata { + m := NewMetadata(NewRange("", 0, 0, "", nil), "") + m.isManaged = false + return m +} + +func NewTestMetadata() Metadata { + return NewMetadata(NewRange("test.test", 123, 123, "", nil), "") +} + +func NewApiMetadata(provider string, parts ...string) Metadata { + return NewMetadata(NewRange(fmt.Sprintf("/%s/%s", provider, strings.Join(parts, "/")), 0, 0, "", nil), "") +} + +func NewRemoteMetadata(id string) Metadata { + return NewMetadata(NewRange(id, 0, 0, "remote", nil), id) +} + +func (m Metadata) IsDefault() bool { + return m.isDefault +} + +func (m Metadata) IsResolvable() bool { + return !m.isUnresolvable +} + +func (m Metadata) IsExplicit() bool { + return m.isExplicit +} + +func (m Metadata) String() string { + return m.ref +} + +func (m Metadata) Reference() string { + return m.ref +} + +func (m Metadata) Range() Range { + return m.rnge +} + +func (m Metadata) IsManaged() bool { + return m.isManaged +} + +func (m Metadata) IsUnmanaged() bool { + return !m.isManaged +} + +type BaseAttribute struct { + metadata Metadata +} + +func (b BaseAttribute) GetMetadata() Metadata { + return b.metadata +} + +func (m Metadata) GetMetadata() Metadata { + return m +} + +func (m Metadata) GetRawValue() interface{} { + return nil +} + +func (m *Metadata) SetReference(ref string) { + m.ref = ref +} + +func (m *Metadata) SetRange(r Range) { + m.rnge = r +} diff --git a/pkg/iac/types/metadata_test.go b/pkg/iac/types/metadata_test.go new file mode 100644 index 000000000000..1b263f3289de --- /dev/null +++ b/pkg/iac/types/metadata_test.go @@ -0,0 +1,35 @@ +package types + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func Test_MetadataToRego(t *testing.T) { + m1 := NewTestMetadata() + expected := map[string]interface{}{ + "endline": 123, + "explicit": false, + "filepath": "test.test", + "fskey": "", + "managed": true, + "resource": "", + "sourceprefix": "", + "startline": 123, + } + assert.Equal(t, expected, m1.ToRego()) + m2 := NewTestMetadata() + m1.SetParentPtr(&m2) + expected["parent"] = map[string]interface{}{ + "endline": 123, + "explicit": false, + "filepath": "test.test", + "fskey": "", + "managed": true, + "resource": "", + "sourceprefix": "", + "startline": 123, + } + assert.Equal(t, expected, m1.ToRego()) +} diff --git a/pkg/iac/types/range.go b/pkg/iac/types/range.go new file mode 100755 index 000000000000..bbcb94a8a57e --- /dev/null +++ b/pkg/iac/types/range.go @@ -0,0 +1,148 @@ +package types + +import ( + "encoding/json" + "fmt" + "io/fs" + "path/filepath" +) + +func NewRange(filename string, startLine int, endLine int, sourcePrefix string, srcFS fs.FS) Range { + r := Range{ + filename: filename, + startLine: startLine, + endLine: endLine, + fs: srcFS, + fsKey: CreateFSKey(srcFS), + sourcePrefix: sourcePrefix, + } + return r +} + +func NewRangeWithLogicalSource(filename string, startLine int, endLine int, sourcePrefix string, + srcFS fs.FS) Range { + r := Range{ + filename: filename, + startLine: startLine, + endLine: endLine, + fs: srcFS, + fsKey: CreateFSKey(srcFS), + sourcePrefix: sourcePrefix, + isLogicalSource: true, + } + return r +} + +func NewRangeWithFSKey(filename string, startLine int, endLine int, sourcePrefix string, fsKey string, fs fs.FS) Range { + r := Range{ + filename: filename, + startLine: startLine, + endLine: endLine, + fs: fs, + fsKey: fsKey, + sourcePrefix: sourcePrefix, + } + return r +} + +type Range struct { + filename string + startLine int + endLine int + sourcePrefix string + isLogicalSource bool + fs fs.FS + fsKey string +} + +func (r Range) MarshalJSON() ([]byte, error) { + return json.Marshal(map[string]interface{}{ + "filename": r.filename, + "startLine": r.startLine, + "endLine": r.endLine, + "sourcePrefix": r.sourcePrefix, + "fsKey": r.fsKey, + "isLogicalSource": r.isLogicalSource, + }) +} + +func (r *Range) UnmarshalJSON(data []byte) error { + var keys map[string]interface{} + if err := json.Unmarshal(data, &keys); err != nil { + return err + } + if keys["filename"] != nil { + r.filename = keys["filename"].(string) + } + if keys["startLine"] != nil { + r.startLine = int(keys["startLine"].(float64)) + } + if keys["endLine"] != nil { + r.endLine = int(keys["endLine"].(float64)) + } + if keys["sourcePrefix"] != nil { + r.sourcePrefix = keys["sourcePrefix"].(string) + } + if keys["fsKey"] != nil { + r.fsKey = keys["fsKey"].(string) + } + if keys["isLogicalSource"] != nil { + r.isLogicalSource = keys["isLogicalSource"].(bool) + } + return nil +} + +func (r Range) GetFSKey() string { + return r.fsKey +} + +func (r Range) LineCount() int { + if r.endLine == 0 { + return 0 + } + return (r.endLine - r.startLine) + 1 +} + +func (r Range) GetFilename() string { + if r.sourcePrefix == "" { + return r.filename + } + if r.isLogicalSource { + return fmt.Sprintf("%s:%s", r.sourcePrefix, r.filename) + } + return filepath.Join(r.sourcePrefix, r.filename) +} + +func (r Range) GetLocalFilename() string { + return r.filename +} + +func (r Range) GetStartLine() int { + return r.startLine +} + +func (r Range) GetEndLine() int { + return r.endLine +} + +func (r Range) IsMultiLine() bool { + return r.startLine < r.endLine +} + +func (r Range) String() string { + if r.startLine != r.endLine { + return fmt.Sprintf("%s:%d-%d", r.GetFilename(), r.startLine, r.endLine) + } + if r.startLine == 0 && r.endLine == 0 { + return r.GetFilename() + } + return fmt.Sprintf("%s:%d", r.GetFilename(), r.startLine) +} + +func (r Range) GetFS() fs.FS { + return r.fs +} + +func (r Range) GetSourcePrefix() string { + return r.sourcePrefix +} diff --git a/pkg/iac/types/rules/rule.go b/pkg/iac/types/rules/rule.go new file mode 100644 index 000000000000..b86a4ad6d11f --- /dev/null +++ b/pkg/iac/types/rules/rule.go @@ -0,0 +1,18 @@ +package rules + +import ( + "github.com/aquasecurity/trivy/pkg/iac/scan" +) + +type RegisteredRule struct { + scan.Rule + Number int +} + +func (r *RegisteredRule) GetRule() scan.Rule { + return r.Rule +} + +func (r *RegisteredRule) AddLink(link string) { + r.Rule.Links = append([]string{link}, r.Rule.Links...) +} diff --git a/pkg/iac/types/sources.go b/pkg/iac/types/sources.go new file mode 100644 index 000000000000..02e43dac3a35 --- /dev/null +++ b/pkg/iac/types/sources.go @@ -0,0 +1,14 @@ +package types + +type Source string + +const ( + SourceDockerfile Source = "dockerfile" + SourceKubernetes Source = "kubernetes" + SourceRbac Source = "rbac" // deprecated - please use "kubernetes" instead + SourceDefsec Source = "defsec" // deprecated - please use "cloud" instead + SourceCloud Source = "cloud" + SourceYAML Source = "yaml" + SourceJSON Source = "json" + SourceTOML Source = "toml" +) diff --git a/pkg/iac/types/string.go b/pkg/iac/types/string.go new file mode 100755 index 000000000000..8c04d967be0b --- /dev/null +++ b/pkg/iac/types/string.go @@ -0,0 +1,189 @@ +package types + +import ( + "encoding/json" + "strings" +) + +type StringEqualityOption int + +const ( + IgnoreCase StringEqualityOption = iota + IsPallindrome + IgnoreWhitespace +) + +func String(str string, m Metadata) StringValue { + return StringValue{ + value: str, + BaseAttribute: BaseAttribute{metadata: m}, + } +} +func StringDefault(value string, m Metadata) StringValue { + b := String(value, m) + b.BaseAttribute.metadata.isDefault = true + return b +} + +func StringUnresolvable(m Metadata) StringValue { + b := String("", m) + b.BaseAttribute.metadata.isUnresolvable = true + return b +} + +func StringExplicit(value string, m Metadata) StringValue { + b := String(value, m) + b.BaseAttribute.metadata.isExplicit = true + return b +} + +type StringValueList []StringValue + +type StringValue struct { + BaseAttribute + value string +} + +func (l StringValueList) AsStrings() (output []string) { + for _, item := range l { + output = append(output, item.Value()) + } + return output +} + +type stringCheckFunc func(string, string) bool + +func (b StringValue) MarshalJSON() ([]byte, error) { + return json.Marshal(map[string]interface{}{ + "value": b.value, + "metadata": b.metadata, + }) +} + +func (b *StringValue) UnmarshalJSON(data []byte) error { + var keys map[string]interface{} + if err := json.Unmarshal(data, &keys); err != nil { + return err + } + if keys["value"] != nil { + b.value = keys["value"].(string) + } + if keys["metadata"] != nil { + raw, err := json.Marshal(keys["metadata"]) + if err != nil { + return err + } + var m Metadata + if err := json.Unmarshal(raw, &m); err != nil { + return err + } + b.metadata = m + } + return nil +} + +func (s StringValue) ToRego() interface{} { + m := s.metadata.ToRego().(map[string]interface{}) + m["value"] = s.Value() + return m +} + +func (s StringValue) IsOneOf(values ...string) bool { + if s.metadata.isUnresolvable { + return false + } + for _, value := range values { + if value == s.value { + return true + } + } + return false +} + +func (s StringValue) GetMetadata() Metadata { + return s.metadata +} + +func (s StringValue) Value() string { + return s.value +} + +func (b StringValue) GetRawValue() interface{} { + return b.value +} + +func (s StringValue) IsEmpty() bool { + if s.metadata.isUnresolvable { + return false + } + return s.value == "" +} + +func (s StringValue) IsNotEmpty() bool { + if s.metadata.isUnresolvable { + return false + } + return s.value != "" +} + +func (s StringValue) EqualTo(value string, equalityOptions ...StringEqualityOption) bool { + if s.metadata.isUnresolvable { + return false + } + + return s.executePredicate(value, func(a, b string) bool { return a == b }, equalityOptions...) +} + +func (s StringValue) NotEqualTo(value string, equalityOptions ...StringEqualityOption) bool { + if s.metadata.isUnresolvable { + return false + } + + return !s.EqualTo(value, equalityOptions...) +} + +func (s StringValue) StartsWith(prefix string, equalityOptions ...StringEqualityOption) bool { + if s.metadata.isUnresolvable { + return false + } + + return s.executePredicate(prefix, strings.HasPrefix, equalityOptions...) +} + +func (s StringValue) EndsWith(suffix string, equalityOptions ...StringEqualityOption) bool { + if s.metadata.isUnresolvable { + return false + } + return s.executePredicate(suffix, strings.HasSuffix, equalityOptions...) +} + +func (s StringValue) Contains(value string, equalityOptions ...StringEqualityOption) bool { + if s.metadata.isUnresolvable { + return false + } + return s.executePredicate(value, strings.Contains, equalityOptions...) +} + +func (s StringValue) executePredicate(value string, fn stringCheckFunc, equalityOptions ...StringEqualityOption) bool { + subjectString := s.value + searchString := value + + for _, eqOpt := range equalityOptions { + switch eqOpt { + case IgnoreCase: + subjectString = strings.ToLower(subjectString) + searchString = strings.ToLower(searchString) + case IsPallindrome: + var result string + for _, v := range subjectString { + result = string(v) + result + } + subjectString = result + case IgnoreWhitespace: + subjectString = strings.ReplaceAll(subjectString, " ", "") + searchString = strings.ReplaceAll(searchString, " ", "") + } + } + + return fn(subjectString, searchString) +} diff --git a/pkg/iac/types/string_test.go b/pkg/iac/types/string_test.go new file mode 100755 index 000000000000..1f135874bf18 --- /dev/null +++ b/pkg/iac/types/string_test.go @@ -0,0 +1,94 @@ +package types + +import ( + "encoding/json" + "testing" + + "github.com/stretchr/testify/require" + + "github.com/stretchr/testify/assert" +) + +func Test_StringValueEqualTo(t *testing.T) { + testCases := []struct { + desc string + input string + check string + ignoreCase bool + expected bool + }{ + { + desc: "return truw when string is equal", + input: "something", + check: "", + expected: false, + }, + } + for _, tC := range testCases { + t.Run(tC.desc, func(t *testing.T) { + + }) + } +} + +func Test_StringValueStartsWith(t *testing.T) { + testCases := []struct { + desc string + input string + prefix string + ignoreCase bool + expected bool + }{ + { + desc: "return true when starts with", + input: "something", + prefix: "some", + expected: true, + }, + { + desc: "return false when does not start with", + input: "something", + prefix: "nothing", + expected: false, + }, + { + desc: "return true when starts with", + input: "something", + prefix: "SOME", + ignoreCase: true, + expected: true, + }, + { + desc: "return false when does not start with", + input: "something", + prefix: "SOME", + expected: false, + }, + } + for _, tC := range testCases { + t.Run(tC.desc, func(t *testing.T) { + + val := String(tC.input, fakeMetadata) + + var options []StringEqualityOption + + if tC.ignoreCase { + options = append(options, IgnoreCase) + } + + assert.Equal(t, tC.expected, val.StartsWith(tC.prefix, options...)) + }) + } +} + +func Test_StringJSON(t *testing.T) { + val := String("hello world", NewMetadata(NewRange("main.tf", 123, 123, "", nil), "")) + data, err := json.Marshal(val) + require.NoError(t, err) + + var restored StringValue + err = json.Unmarshal(data, &restored) + require.NoError(t, err) + + assert.Equal(t, val, restored) +} diff --git a/pkg/iac/types/time.go b/pkg/iac/types/time.go new file mode 100755 index 000000000000..4f3c8c455f2f --- /dev/null +++ b/pkg/iac/types/time.go @@ -0,0 +1,102 @@ +package types + +import ( + "encoding/json" + "time" +) + +type TimeValue struct { + BaseAttribute + value time.Time +} + +func (b TimeValue) MarshalJSON() ([]byte, error) { + return json.Marshal(map[string]interface{}{ + "value": b.value.Format(time.RFC3339), + "metadata": b.metadata, + }) +} + +func (b *TimeValue) UnmarshalJSON(data []byte) error { + var keys map[string]interface{} + if err := json.Unmarshal(data, &keys); err != nil { + return err + } + if keys["value"] != nil { + if ti, err := time.Parse(time.RFC3339, keys["value"].(string)); err == nil { + b.value = ti + } + } + if keys["metadata"] != nil { + raw, err := json.Marshal(keys["metadata"]) + if err != nil { + return err + } + var m Metadata + if err := json.Unmarshal(raw, &m); err != nil { + return err + } + b.metadata = m + } + return nil +} + +func Time(value time.Time, m Metadata) TimeValue { + return TimeValue{ + value: value, + BaseAttribute: BaseAttribute{metadata: m}, + } +} + +func TimeDefault(value time.Time, m Metadata) TimeValue { + b := Time(value, m) + b.BaseAttribute.metadata.isDefault = true + return b +} + +func TimeExplicit(value time.Time, m Metadata) TimeValue { + b := Time(value, m) + b.BaseAttribute.metadata.isExplicit = true + return b +} + +func TimeUnresolvable(m Metadata) TimeValue { + b := Time(time.Time{}, m) + b.BaseAttribute.metadata.isUnresolvable = true + return b +} + +func (t TimeValue) Value() time.Time { + return t.value +} + +func (t TimeValue) GetRawValue() interface{} { + return t.value +} + +func (t TimeValue) IsNever() bool { + if t.GetMetadata().isUnresolvable { + return false + } + return t.value.IsZero() +} + +func (t TimeValue) Before(i time.Time) bool { + if t.metadata.isUnresolvable { + return false + } + return t.value.Before(i) +} + +func (t TimeValue) After(i time.Time) bool { + if t.metadata.isUnresolvable { + return false + } + return t.value.After(i) +} + +func (t TimeValue) ToRego() interface{} { + m := t.metadata.ToRego().(map[string]interface{}) + m["value"] = t.Value().Format(time.RFC3339) + return m +} diff --git a/pkg/iac/types/time_test.go b/pkg/iac/types/time_test.go new file mode 100644 index 000000000000..5d38b0dfb570 --- /dev/null +++ b/pkg/iac/types/time_test.go @@ -0,0 +1,23 @@ +package types + +import ( + "encoding/json" + "testing" + "time" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func Test_TimeJSON(t *testing.T) { + val := Time(time.Now(), NewMetadata(NewRange("main.tf", 123, 123, "", nil), "")) + data, err := json.Marshal(val) + require.NoError(t, err) + + var restored TimeValue + err = json.Unmarshal(data, &restored) + require.NoError(t, err) + + assert.Equal(t, val.value.Format(time.RFC3339), restored.Value().Format(time.RFC3339)) + assert.Equal(t, val.metadata, restored.metadata) +} diff --git a/pkg/misconf/scanner.go b/pkg/misconf/scanner.go index bcab56dafadd..cb4970a1bd86 100644 --- a/pkg/misconf/scanner.go +++ b/pkg/misconf/scanner.go @@ -14,10 +14,9 @@ import ( "github.com/samber/lo" "golang.org/x/xerrors" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/scanners/options" "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/iac/detection" + "github.com/aquasecurity/trivy/pkg/iac/scan" "github.com/aquasecurity/trivy/pkg/iac/scanners" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure/arm" cfscanner "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation" @@ -25,6 +24,7 @@ import ( dfscanner "github.com/aquasecurity/trivy/pkg/iac/scanners/dockerfile" helm2 "github.com/aquasecurity/trivy/pkg/iac/scanners/helm" k8sscanner "github.com/aquasecurity/trivy/pkg/iac/scanners/kubernetes" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform" tfpscanner "github.com/aquasecurity/trivy/pkg/iac/scanners/terraformplan" "github.com/aquasecurity/trivy/pkg/log" From a645cc96a78add8a8f8bb54ee598bbaf5d9234e9 Mon Sep 17 00:00:00 2001 From: Simar Date: Mon, 12 Feb 2024 16:31:56 -0700 Subject: [PATCH 02/13] bump trivy-aws dep --- go.mod | 15 ++++++--------- go.sum | 32 ++++++++++++++++---------------- 2 files changed, 22 insertions(+), 25 deletions(-) diff --git a/go.mod b/go.mod index 704a885ac413..7966769fd2ba 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,6 @@ require ( github.com/NYTimes/gziphandler v1.1.1 github.com/alicebob/miniredis/v2 v2.31.1 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 - github.com/aquasecurity/defsec v0.94.2-0.20240119001230-c2d65f49dfeb // indirect github.com/aquasecurity/go-dep-parser v0.0.0-20240208080026-8cc7d408bce4 github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 @@ -23,11 +22,11 @@ require ( github.com/aquasecurity/table v1.8.0 github.com/aquasecurity/testdocker v0.0.0-20230111101738-e741bda259da github.com/aquasecurity/tml v0.6.1 - github.com/aquasecurity/trivy-aws v0.7.1 + github.com/aquasecurity/trivy-aws v0.7.2-0.20240212233003-6359c269e5d2 github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 github.com/aquasecurity/trivy-kubernetes v0.6.3-0.20240118072219-c433b06f98e1 - github.com/aquasecurity/trivy-policies v0.9.0 + github.com/aquasecurity/trivy-policies v0.9.1-0.20240212232053-c450017d5624 github.com/aws/aws-sdk-go-v2 v1.24.1 github.com/aws/aws-sdk-go-v2/config v1.26.6 github.com/aws/aws-sdk-go-v2/credentials v1.16.16 @@ -380,10 +379,10 @@ require ( go.mongodb.org/mongo-driver v1.13.1 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect - go.opentelemetry.io/otel v1.21.0 // indirect - go.opentelemetry.io/otel/metric v1.21.0 // indirect - go.opentelemetry.io/otel/sdk v1.21.0 // indirect - go.opentelemetry.io/otel/trace v1.21.0 // indirect + go.opentelemetry.io/otel v1.23.1 // indirect + go.opentelemetry.io/otel/metric v1.23.1 // indirect + go.opentelemetry.io/otel/sdk v1.23.1 // indirect + go.opentelemetry.io/otel/trace v1.23.1 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/goleak v1.3.0 // indirect go.uber.org/multierr v1.11.0 // indirect @@ -431,5 +430,3 @@ require ( // testcontainers-go has a bug with versions v0.25.0 and v0.26.0 // ref: https://github.com/testcontainers/testcontainers-go/issues/1782 replace github.com/testcontainers/testcontainers-go => github.com/testcontainers/testcontainers-go v0.23.0 - -replace github.com/aquasecurity/trivy-policies => /Users/simarpreetsingh/repos/trivy-policies diff --git a/go.sum b/go.sum index 9b71d6264f65..e445976f5057 100644 --- a/go.sum +++ b/go.sum @@ -325,8 +325,6 @@ github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30xLN2sUZcMXl50hg+PJCIDdJgIvIbVcKqLJ/ZrtM= github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8= -github.com/aquasecurity/defsec v0.94.2-0.20240119001230-c2d65f49dfeb h1:7x3aMSnQhXJLcFOCivOmNBk0zAVLKkEk5UWkrRxxHIk= -github.com/aquasecurity/defsec v0.94.2-0.20240119001230-c2d65f49dfeb/go.mod h1:wiX9BX0SOG0ZWjVIPYGPl46fyO3Gu8lJnk4rmhFR7IA= github.com/aquasecurity/go-dep-parser v0.0.0-20240208080026-8cc7d408bce4 h1:6qs80w4qPbPnF6GhbIifSANqfCrq90CKtSUBaw6p0z0= github.com/aquasecurity/go-dep-parser v0.0.0-20240208080026-8cc7d408bce4/go.mod h1:P0PmelcN1ABKJrDzRbPnn6hK7RvgI+xmjiV/9uPaNnY= github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM= @@ -348,14 +346,16 @@ github.com/aquasecurity/testdocker v0.0.0-20230111101738-e741bda259da h1:pj/adfN github.com/aquasecurity/testdocker v0.0.0-20230111101738-e741bda259da/go.mod h1:852lbQLpK2nCwlR4ZLYIccxYCfoQao6q9Nl6tjz54v8= github.com/aquasecurity/tml v0.6.1 h1:y2ZlGSfrhnn7t4ZJ/0rotuH+v5Jgv6BDDO5jB6A9gwo= github.com/aquasecurity/tml v0.6.1/go.mod h1:OnYMWY5lvI9ejU7yH9LCberWaaTBW7hBFsITiIMY2yY= -github.com/aquasecurity/trivy-aws v0.7.1 h1:XElKZsP9Hqe2JVekQgGCIkFtgRgVlP+80wKL2JWBctk= -github.com/aquasecurity/trivy-aws v0.7.1/go.mod h1:bJT7pzsqo9q5yi3arJSt789bAH0eDb7c+niFYMBNcMQ= +github.com/aquasecurity/trivy-aws v0.7.2-0.20240212233003-6359c269e5d2 h1:eHiq1nR7LyM07P/tLeaqBqIO3vxoG5796qZoPM4vFxU= +github.com/aquasecurity/trivy-aws v0.7.2-0.20240212233003-6359c269e5d2/go.mod h1:euihrP58wHfKXdTuCsRgP8U9vYjMMKZbEyHVwQt4GuI= github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d h1:fjI9mkoTUAkbGqpzt9nJsO24RAdfG+ZSiLFj0G2jO8c= github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d/go.mod h1:cj9/QmD9N3OZnKQMp+/DvdV+ym3HyIkd4e+F0ZM3ZGs= github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 h1:JVgBIuIYbwG+ekC5lUHUpGJboPYiCcxiz06RCtz8neI= github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48/go.mod h1:Ldya37FLi0e/5Cjq2T5Bty7cFkzUDwTcPeQua+2M8i8= github.com/aquasecurity/trivy-kubernetes v0.6.3-0.20240118072219-c433b06f98e1 h1:/LsIHMQJ4SOxZeib/bvLP7S3YDTXJVIsQyS4kIIP0GQ= github.com/aquasecurity/trivy-kubernetes v0.6.3-0.20240118072219-c433b06f98e1/go.mod h1:v6B8SO2ep718ccGbbjhpzMn6p27IijS+dMb+MeYz3jQ= +github.com/aquasecurity/trivy-policies v0.9.1-0.20240212232053-c450017d5624 h1:OKJa4JRaB54tY3XxrUA5waEPuI+AsNMoz7PR5rkDQj0= +github.com/aquasecurity/trivy-policies v0.9.1-0.20240212232053-c450017d5624/go.mod h1:AHMSfZ86npbvCMRxrGFw51PIfl60FRwXWgrvxWy7EU0= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= @@ -1713,20 +1713,20 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 h1:aFJWCqJMNjENlcleuuOkGAPH82y0yULBScfXcIEdS24= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo= -go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc= -go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 h1:cl5P5/GIfFh4t6xyruOgJP5QiA1pw4fYYdv6nc6CBWw= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0/go.mod h1:zgBdWWAu7oEEMC06MMKc5NLbA/1YDXV1sMpSqEeLQLg= +go.opentelemetry.io/otel v1.23.1 h1:Za4UzOqJYS+MUczKI320AtqZHZb7EqxO00jAHE0jmQY= +go.opentelemetry.io/otel v1.23.1/go.mod h1:Td0134eafDLcTS4y+zQ26GE8u3dEuRBiBCTUIRHaikA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.23.1 h1:o8iWeVFa1BcLtVEV0LzrCxV2/55tB3xLxADr6Kyoey4= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.23.1/go.mod h1:SEVfdK4IoBnbT2FXNM/k8yC08MrfbhWk3U4ljM8B3HE= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 h1:tIqheXEFWAZ7O8A7m+J0aPTmpJN3YQ7qetUAdkkkKpk= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0/go.mod h1:nUeKExfxAQVbiVFn32YXpXZZHZ61Cc3s3Rn1pDBGAb0= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0 h1:IeMeyr1aBvBiPVYihXIaeIZba6b8E1bYp7lbdxK8CQg= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0/go.mod h1:oVdCUtjq9MK9BlS7TtucsQwUcXcymNiEDjgDD2jMtZU= -go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4= -go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM= -go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8= -go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E= -go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc= -go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.23.1 h1:cfuy3bXmLJS7M1RZmAL6SuhGtKUp2KEsrm00OlAXkq4= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.23.1/go.mod h1:22jr92C6KwlwItJmQzfixzQM3oyyuYLCfHiMY+rpsPU= +go.opentelemetry.io/otel/metric v1.23.1 h1:PQJmqJ9u2QaJLBOELl1cxIdPcpbwzbkjfEyelTl2rlo= +go.opentelemetry.io/otel/metric v1.23.1/go.mod h1:mpG2QPlAfnK8yNhNJAxDZruU9Y1/HubbC+KyH8FaCWI= +go.opentelemetry.io/otel/sdk v1.23.1 h1:O7JmZw0h76if63LQdsBMKQDWNb5oEcOThG9IrxscV+E= +go.opentelemetry.io/otel/sdk v1.23.1/go.mod h1:LzdEVR5am1uKOOwfBWFef2DCi1nu3SA8XQxx2IerWFk= +go.opentelemetry.io/otel/trace v1.23.1 h1:4LrmmEd8AU2rFvU1zegmvqW7+kWarxtNOPyeL6HmYY8= +go.opentelemetry.io/otel/trace v1.23.1/go.mod h1:4IpnpJFwr1mo/6HL8XIPJaE9y0+u1KcVmuW7dwFSVrI= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= From 458abebd3ad70a34cf7d47d5f61820c93785cba3 Mon Sep 17 00:00:00 2001 From: Simar Date: Mon, 12 Feb 2024 19:05:30 -0700 Subject: [PATCH 03/13] fix lint issues --- cmd/iac/allowed_actions/main.go | 2 +- cmd/iac/schema/main.go | 6 ++++-- pkg/iac/providers/aws/ec2/instance.go | 3 ++- pkg/iac/providers/aws/iam/iam.go | 3 ++- pkg/iac/rego/build.go | 7 ++++--- pkg/iac/rego/embed.go | 3 ++- pkg/iac/rego/exceptions.go | 4 ++-- pkg/iac/rego/load.go | 2 +- pkg/iac/rego/metadata.go | 14 ++++++++------ pkg/iac/rego/result.go | 5 +++-- pkg/iac/rego/scanner.go | 23 ++++++++++++----------- pkg/iac/rego/schemas/builder.go | 16 ++++++++-------- pkg/iac/rego/store.go | 2 +- pkg/iac/rules/providers.go | 2 +- pkg/iac/rules/register.go | 8 ++++---- pkg/iac/rules/rules.go | 3 ++- pkg/iac/scan/highlighting.go | 5 ++--- pkg/iac/scan/result.go | 7 +++---- pkg/iac/terraform/attribute.go | 19 +++++++++---------- pkg/iac/terraform/block.go | 11 ++++++----- pkg/iac/terraform/context/context.go | 2 +- pkg/iac/terraform/ignore.go | 4 ++-- pkg/iac/terraform/module.go | 8 ++++---- pkg/iac/terraform/modules.go | 2 +- pkg/iac/terraform/presets.go | 3 +-- pkg/iac/terraform/value_functions.go | 8 ++++---- pkg/iac/types/range.go | 6 +++--- 27 files changed, 93 insertions(+), 85 deletions(-) mode change 100755 => 100644 pkg/iac/providers/aws/ec2/instance.go mode change 100755 => 100644 pkg/iac/providers/aws/iam/iam.go mode change 100755 => 100644 pkg/iac/scan/result.go diff --git a/cmd/iac/allowed_actions/main.go b/cmd/iac/allowed_actions/main.go index ffa60167c890..84278162fb95 100644 --- a/cmd/iac/allowed_actions/main.go +++ b/cmd/iac/allowed_actions/main.go @@ -198,7 +198,7 @@ func findSubtag(n *html.Node, tagName string) *html.Node { } func findSubtags(n *html.Node, tagName string) []*html.Node { - result := make([]*html.Node, 0) + var result []*html.Node for c := n.FirstChild; c != nil; c = c.NextSibling { if c.Type == html.ElementNode && c.Data == tagName { result = append(result, c) diff --git a/cmd/iac/schema/main.go b/cmd/iac/schema/main.go index 8c60e5d0fe0a..bae01243967a 100644 --- a/cmd/iac/schema/main.go +++ b/cmd/iac/schema/main.go @@ -1,12 +1,14 @@ package main import ( + "bytes" "encoding/json" "fmt" "os" - "github.com/aquasecurity/trivy/pkg/iac/rego/schemas" "github.com/spf13/cobra" + + "github.com/aquasecurity/trivy/pkg/iac/rego/schemas" ) // generate a json schema document for cloud rego input (state.State) @@ -69,7 +71,7 @@ var verifyCmd = &cobra.Command{ if err != nil { return err } - if string(data) != string(existing) { + if !bytes.Equal(data, existing) { return fmt.Errorf("schema is out of date:\n\nplease run 'make schema' and commit the changes") } fmt.Println("schema is valid") diff --git a/pkg/iac/providers/aws/ec2/instance.go b/pkg/iac/providers/aws/ec2/instance.go old mode 100755 new mode 100644 index c145f7f294ca..86ec15c2316c --- a/pkg/iac/providers/aws/ec2/instance.go +++ b/pkg/iac/providers/aws/ec2/instance.go @@ -1,8 +1,9 @@ package ec2 import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/owenrumney/squealer/pkg/squealer" + + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Instance struct { diff --git a/pkg/iac/providers/aws/iam/iam.go b/pkg/iac/providers/aws/iam/iam.go old mode 100755 new mode 100644 index 6215a085613c..ea8ff34d3384 --- a/pkg/iac/providers/aws/iam/iam.go +++ b/pkg/iac/providers/aws/iam/iam.go @@ -1,8 +1,9 @@ package iam import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/liamg/iamgo" + + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type IAM struct { diff --git a/pkg/iac/rego/build.go b/pkg/iac/rego/build.go index c8fe6a27ec12..bfc62ee7b188 100644 --- a/pkg/iac/rego/build.go +++ b/pkg/iac/rego/build.go @@ -5,15 +5,16 @@ import ( "path/filepath" "strings" - "github.com/aquasecurity/trivy/pkg/iac/rego/schemas" - "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/open-policy-agent/opa/ast" "github.com/open-policy-agent/opa/util" + + "github.com/aquasecurity/trivy/pkg/iac/rego/schemas" + "github.com/aquasecurity/trivy/pkg/iac/types" ) func BuildSchemaSetFromPolicies(policies map[string]*ast.Module, paths []string, fsys fs.FS) (*ast.SchemaSet, bool, error) { schemaSet := ast.NewSchemaSet() - schemaSet.Put(ast.MustParseRef("schema.input"), map[string]interface{}{}) // for backwards compat only + schemaSet.Put(ast.MustParseRef("schema.input"), make(map[string]interface{})) // for backwards compat only var customFound bool for _, policy := range policies { for _, annotation := range policy.Annotations { diff --git a/pkg/iac/rego/embed.go b/pkg/iac/rego/embed.go index c1f4a811ef03..16eff7345cc7 100644 --- a/pkg/iac/rego/embed.go +++ b/pkg/iac/rego/embed.go @@ -6,9 +6,10 @@ import ( "path/filepath" "strings" + "github.com/open-policy-agent/opa/ast" + rules2 "github.com/aquasecurity/trivy-policies" "github.com/aquasecurity/trivy/pkg/iac/rules" - "github.com/open-policy-agent/opa/ast" ) func init() { diff --git a/pkg/iac/rego/exceptions.go b/pkg/iac/rego/exceptions.go index ab202ec00d19..7abe9e8a9afa 100644 --- a/pkg/iac/rego/exceptions.go +++ b/pkg/iac/rego/exceptions.go @@ -5,7 +5,7 @@ import ( "fmt" ) -func (s *Scanner) isIgnored(ctx context.Context, namespace string, ruleName string, input interface{}) (bool, error) { +func (s *Scanner) isIgnored(ctx context.Context, namespace, ruleName string, input interface{}) (bool, error) { if ignored, err := s.isNamespaceIgnored(ctx, namespace, input); err != nil { return false, err } else if ignored { @@ -23,7 +23,7 @@ func (s *Scanner) isNamespaceIgnored(ctx context.Context, namespace string, inpu return result.Allowed(), nil } -func (s *Scanner) isRuleIgnored(ctx context.Context, namespace string, ruleName string, input interface{}) (bool, error) { +func (s *Scanner) isRuleIgnored(ctx context.Context, namespace, ruleName string, input interface{}) (bool, error) { exceptionQuery := fmt.Sprintf("endswith(%q, data.%s.exception[_][_])", ruleName, namespace) result, _, err := s.runQuery(ctx, exceptionQuery, input, true) if err != nil { diff --git a/pkg/iac/rego/load.go b/pkg/iac/rego/load.go index 909510e8f505..aeef80144472 100644 --- a/pkg/iac/rego/load.go +++ b/pkg/iac/rego/load.go @@ -147,7 +147,7 @@ func (s *Scanner) compilePolicies(srcFS fs.FS, paths []string) error { return err } if custom { - s.inputSchema = nil // discard auto detected input schema in favour of policy defined schema + s.inputSchema = nil // discard auto detected input schema in favor of policy defined schema } compiler := ast.NewCompiler(). diff --git a/pkg/iac/rego/metadata.go b/pkg/iac/rego/metadata.go index 013fe79ad87b..d345084ecc59 100644 --- a/pkg/iac/rego/metadata.go +++ b/pkg/iac/rego/metadata.go @@ -5,14 +5,15 @@ import ( "fmt" "strings" + "github.com/mitchellh/mapstructure" + "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/rego" + "github.com/aquasecurity/trivy/pkg/iac/framework" "github.com/aquasecurity/trivy/pkg/iac/providers" "github.com/aquasecurity/trivy/pkg/iac/scan" "github.com/aquasecurity/trivy/pkg/iac/severity" defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/mitchellh/mapstructure" - "github.com/open-policy-agent/opa/ast" - "github.com/open-policy-agent/opa/rego" ) type StaticMetadata struct { @@ -89,13 +90,14 @@ func (sm *StaticMetadata) Update(meta map[string]any) error { } } if raw, ok := meta["related_resources"]; ok { - if relatedResources, ok := raw.([]map[string]any); ok { + switch relatedResources := raw.(type) { + case []map[string]any: for _, relatedResource := range relatedResources { if raw, ok := relatedResource["ref"]; ok { sm.References = append(sm.References, fmt.Sprintf("%s", raw)) } } - } else if relatedResources, ok := raw.([]string); ok { + case []string: sm.References = append(sm.References, relatedResources...) } } @@ -304,7 +306,7 @@ func (m *MetadataRetriever) RetrieveMetadata(ctx context.Context, module *ast.Mo return metadata, nil } -// nolint: cyclop +// nolint: gocyclo func (m *MetadataRetriever) queryInputOptions(ctx context.Context, module *ast.Module) InputOptions { options := InputOptions{ diff --git a/pkg/iac/rego/result.go b/pkg/iac/rego/result.go index ad5863196800..6ec7ee7157d5 100644 --- a/pkg/iac/rego/result.go +++ b/pkg/iac/rego/result.go @@ -5,9 +5,10 @@ import ( "io/fs" "strconv" + "github.com/open-policy-agent/opa/rego" + "github.com/aquasecurity/trivy/pkg/iac/scan" defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/open-policy-agent/opa/rego" ) type regoResult struct { @@ -120,7 +121,7 @@ func parseLineNumber(raw interface{}) int { return n } -func (s *Scanner) convertResults(set rego.ResultSet, input Input, namespace string, rule string, traces []string) scan.Results { +func (s *Scanner) convertResults(set rego.ResultSet, input Input, namespace, rule string, traces []string) scan.Results { var results scan.Results offset := 0 diff --git a/pkg/iac/rego/scanner.go b/pkg/iac/rego/scanner.go index 7fcfc4099007..6969f957fa5a 100644 --- a/pkg/iac/rego/scanner.go +++ b/pkg/iac/rego/scanner.go @@ -9,15 +9,16 @@ import ( "io/fs" "strings" + "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/rego" + "github.com/open-policy-agent/opa/storage" + "github.com/aquasecurity/trivy/pkg/iac/debug" "github.com/aquasecurity/trivy/pkg/iac/framework" "github.com/aquasecurity/trivy/pkg/iac/rego/schemas" "github.com/aquasecurity/trivy/pkg/iac/scan" "github.com/aquasecurity/trivy/pkg/iac/scanners/options" "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/open-policy-agent/opa/ast" - "github.com/open-policy-agent/opa/rego" - "github.com/open-policy-agent/opa/storage" ) var _ options.ConfigurableScanner = (*Scanner)(nil) @@ -71,12 +72,12 @@ func (s *Scanner) trace(heading string, input interface{}) { _, _ = fmt.Fprintf(s.traceWriter, "REGO %[1]s:\n%s\nEND REGO %[1]s\n\n", heading, string(data)) } -func (s *Scanner) SetPolicyFilesystem(fs fs.FS) { - s.policyFS = fs +func (s *Scanner) SetPolicyFilesystem(fsys fs.FS) { + s.policyFS = fsys } -func (s *Scanner) SetDataFilesystem(fs fs.FS) { - s.dataFS = fs +func (s *Scanner) SetDataFilesystem(fsys fs.FS) { + s.dataFS = fsys } func (s *Scanner) SetPolicyReaders(_ []io.Reader) { @@ -125,7 +126,7 @@ type DynamicMetadata struct { EndLine int } -func NewScanner(source types.Source, options ...options.ScannerOption) *Scanner { +func NewScanner(source types.Source, opts ...options.ScannerOption) *Scanner { schema, ok := schemas.SchemaMap[source] if !ok { schema = schemas.Anything @@ -141,7 +142,7 @@ func NewScanner(source types.Source, options ...options.ScannerOption) *Scanner }, runtimeValues: addRuntimeValues(), } - for _, opt := range options { + for _, opt := range opts { opt(s) } if schema != schemas.None { @@ -332,7 +333,7 @@ func isPolicyApplicable(staticMetadata *StaticMetadata, inputs ...Input) bool { return false } -func (s *Scanner) applyRule(ctx context.Context, namespace string, rule string, inputs []Input, combined bool) (scan.Results, error) { +func (s *Scanner) applyRule(ctx context.Context, namespace, rule string, inputs []Input, combined bool) (scan.Results, error) { // handle combined evaluations if possible if combined { @@ -374,7 +375,7 @@ func (s *Scanner) applyRule(ctx context.Context, namespace string, rule string, return results, nil } -func (s *Scanner) applyRuleCombined(ctx context.Context, namespace string, rule string, inputs []Input) (scan.Results, error) { +func (s *Scanner) applyRuleCombined(ctx context.Context, namespace, rule string, inputs []Input) (scan.Results, error) { if len(inputs) == 0 { return nil, nil } diff --git a/pkg/iac/rego/schemas/builder.go b/pkg/iac/rego/schemas/builder.go index 148d126845d0..76edec4163a8 100644 --- a/pkg/iac/rego/schemas/builder.go +++ b/pkg/iac/rego/schemas/builder.go @@ -65,12 +65,12 @@ func (b *builder) fromInput(inputValue reflect.Value) error { func refName(name string, parent, t reflect.Type) string { if t.Name() == "" { // inline struct - return sanitise(parent.PkgPath() + "." + parent.Name() + "." + name) + return sanitize(parent.PkgPath() + "." + parent.Name() + "." + name) } - return sanitise(t.PkgPath() + "." + t.Name()) + return sanitize(t.PkgPath() + "." + t.Name()) } -func sanitise(s string) string { +func sanitize(s string) string { return strings.ReplaceAll(s, "/", ".") } @@ -169,12 +169,12 @@ var converterInterface = reflect.TypeOf((*convert.Converter)(nil)).Elem() func (b *builder) readStruct(name string, parent, inputType reflect.Type, indent int) (*Property, error) { if b.schema.Defs == nil { - b.schema.Defs = map[string]*Property{} + b.schema.Defs = make(map[string]*Property) } def := &Property{ Type: "object", - Properties: map[string]Property{}, + Properties: make(map[string]Property), } if parent != nil { @@ -232,14 +232,14 @@ func (b *builder) readSlice(name string, parent, inputType reflect.Type, indent return prop, nil } -func (b *builder) readRego(def *Property, name string, parent reflect.Type, typ reflect.Type, raw interface{}, indent int) error { +func (b *builder) readRego(def *Property, name string, parent, typ reflect.Type, raw interface{}, indent int) error { switch cast := raw.(type) { case map[string]interface{}: def.Type = "object" for k, v := range cast { child := &Property{ - Properties: map[string]Property{}, + Properties: make(map[string]Property), } if err := b.readRego(child, k, reflect.TypeOf(raw), reflect.TypeOf(v), v, indent+1); err != nil { return err @@ -250,7 +250,7 @@ func (b *builder) readRego(def *Property, name string, parent reflect.Type, typ def.Type = "object" for k, v := range cast { child := &Property{ - Properties: map[string]Property{}, + Properties: make(map[string]Property), } if err := b.readRego(child, k, reflect.TypeOf(raw), reflect.TypeOf(v), v, indent+1); err != nil { return err diff --git a/pkg/iac/rego/store.go b/pkg/iac/rego/store.go index 127b1d8dd647..c75818d402e7 100644 --- a/pkg/iac/rego/store.go +++ b/pkg/iac/rego/store.go @@ -11,7 +11,7 @@ import ( "github.com/open-policy-agent/opa/storage" ) -// initialise a store populated with OPA data files found in dataPaths +// initialize a store populated with OPA data files found in dataPaths func initStore(dataFS fs.FS, dataPaths, namespaces []string) (storage.Store, error) { // FilteredPaths will recursively find all file paths that contain a valid document // extension from the given list of data paths. diff --git a/pkg/iac/rules/providers.go b/pkg/iac/rules/providers.go index 60c976fd045b..7c14aa1c627a 100644 --- a/pkg/iac/rules/providers.go +++ b/pkg/iac/rules/providers.go @@ -150,7 +150,7 @@ func GetProviderServiceNames(providerName string) []string { return uniqueServices } -func GetProviderServiceCheckNames(providerName string, serviceName string) []string { +func GetProviderServiceCheckNames(providerName, serviceName string) []string { registeredRules := GetRegistered() diff --git a/pkg/iac/rules/register.go b/pkg/iac/rules/register.go index 177c2244b18e..8c8b7f2109f7 100644 --- a/pkg/iac/rules/register.go +++ b/pkg/iac/rules/register.go @@ -1,22 +1,22 @@ package rules // -//import ( +// import ( // "github.com/aquasecurity/trivy/pkg/iac/internal/rules" // "github.com/aquasecurity/trivy/pkg/iac/framework" // "github.com/aquasecurity/trivy/pkg/iac/scan" // ruleTypes "github.com/aquasecurity/trivy/pkg/iac/types/rules" //) // -//func Register(rule scan.Rule) ruleTypes.RegisteredRule { +// func Register(rule scan.Rule) ruleTypes.RegisteredRule { // return rules.Register(rule) //} // -//func Deregister(rule ruleTypes.RegisteredRule) { +// func Deregister(rule ruleTypes.RegisteredRule) { // rules.Deregister(rule) //} // -//func GetRegistered(fw ...framework.Framework) []ruleTypes.RegisteredRule { +// func GetRegistered(fw ...framework.Framework) []ruleTypes.RegisteredRule { // return rules.GetFrameworkRules(fw...) //} // diff --git a/pkg/iac/rules/rules.go b/pkg/iac/rules/rules.go index 1cbd54b8c78f..bb3eec14ae35 100644 --- a/pkg/iac/rules/rules.go +++ b/pkg/iac/rules/rules.go @@ -1,6 +1,8 @@ package rules import ( + trules "github.com/aquasecurity/trivy-policies/pkg/rules" + _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/accessanalyzer" _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/apigateway" _ "github.com/aquasecurity/trivy-policies/checks/cloud/aws/athena" @@ -72,7 +74,6 @@ import ( _ "github.com/aquasecurity/trivy-policies/checks/cloud/openstack/networking" _ "github.com/aquasecurity/trivy-policies/checks/cloud/oracle/compute" _ "github.com/aquasecurity/trivy-policies/checks/kubernetes/network" - trules "github.com/aquasecurity/trivy-policies/pkg/rules" ) func init() { diff --git a/pkg/iac/scan/highlighting.go b/pkg/iac/scan/highlighting.go index 7f46a29a20c7..12bd3fe086cf 100644 --- a/pkg/iac/scan/highlighting.go +++ b/pkg/iac/scan/highlighting.go @@ -34,7 +34,7 @@ var globalCache = &cache{ data: make(map[string][]string), } -func highlight(fsKey string, filename string, input []byte, theme string) []string { +func highlight(fsKey, filename string, input []byte, theme string) []string { key := fmt.Sprintf("%s|%s", fsKey, filename) if lines, ok := globalCache.Get(key); ok { @@ -108,8 +108,7 @@ func shiftANSIOverLineEndings(input []byte) []byte { } else { csi = append(csi, r) skipOutput = true - switch { - case r >= 0x40 && r <= 0x7E: + if r >= 0x40 && r <= 0x7E { csiShouldCarry = true inCSI = false } diff --git a/pkg/iac/scan/result.go b/pkg/iac/scan/result.go old mode 100755 new mode 100644 index 9c1fe4ef5a61..79ef77b10889 --- a/pkg/iac/scan/result.go +++ b/pkg/iac/scan/result.go @@ -7,9 +7,8 @@ import ( "reflect" "strings" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/trivy/pkg/iac/severity" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Status uint8 @@ -190,7 +189,7 @@ func (r *Results) Add(description string, source interface{}) { *r = append(*r, result) } -func (r *Results) AddRego(description string, namespace string, rule string, traces []string, source MetadataProvider) { +func (r *Results) AddRego(description, namespace, rule string, traces []string, source MetadataProvider) { result := Result{ description: description, regoNamespace: namespace, @@ -238,7 +237,7 @@ func getAnnotation(source interface{}) string { return "" } -func (r *Results) AddPassedRego(namespace string, rule string, traces []string, source interface{}) { +func (r *Results) AddPassedRego(namespace, rule string, traces []string, source interface{}) { res := Result{ status: StatusPassed, regoNamespace: namespace, diff --git a/pkg/iac/terraform/attribute.go b/pkg/iac/terraform/attribute.go index 8bf3873291da..8d6e5e6e99e7 100644 --- a/pkg/iac/terraform/attribute.go +++ b/pkg/iac/terraform/attribute.go @@ -8,14 +8,14 @@ import ( "strconv" "strings" - "github.com/aquasecurity/trivy/pkg/iac/terraform/context" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/hashicorp/hcl/v2" "github.com/hashicorp/hcl/v2/ext/typeexpr" "github.com/hashicorp/hcl/v2/hclsyntax" "github.com/zclconf/go-cty/cty" "github.com/zclconf/go-cty/cty/gocty" + + "github.com/aquasecurity/trivy/pkg/iac/terraform/context" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Attribute struct { @@ -727,7 +727,7 @@ func (a *Attribute) IsTrue() bool { case cty.String: val := a.Value().AsString() val = strings.Trim(val, "\"") - return strings.ToLower(val) == "true" + return strings.EqualFold(val, "true") case cty.Number: val := a.Value().AsBigFloat() f, _ := val.Float64() @@ -746,7 +746,7 @@ func (a *Attribute) IsFalse() bool { case cty.String: val := a.Value().AsString() val = strings.Trim(val, "\"") - return strings.ToLower(val) == "false" + return strings.EqualFold(val, "false") case cty.Number: val := a.Value().AsBigFloat() f, _ := val.Float64() @@ -760,7 +760,7 @@ func (a *Attribute) IsEmpty() bool { return false } if a.Value().Type() == cty.String { - return len(a.Value().AsString()) == 0 + return a.Value().AsString() == "" } if a.Type().IsListType() || a.Type().IsTupleType() { return len(a.Value().AsValueSlice()) == 0 @@ -900,8 +900,7 @@ func (a *Attribute) IsDataBlockReference() bool { if a == nil { return false } - switch t := a.hclAttribute.Expr.(type) { - case *hclsyntax.ScopeTraversalExpr: + if t, ok := a.hclAttribute.Expr.(*hclsyntax.ScopeTraversalExpr); ok { split := t.Traversal.SimpleSplit() return split.Abs.RootName() == "data" } @@ -943,6 +942,7 @@ func (a *Attribute) ReferencesBlock(b *Block) bool { return false } +// nolint func (a *Attribute) AllReferences(blocks ...*Block) []*Reference { if a == nil { return nil @@ -1026,8 +1026,7 @@ func (a *Attribute) IsResourceBlockReference(resourceType string) bool { if a == nil { return false } - switch t := a.hclAttribute.Expr.(type) { - case *hclsyntax.ScopeTraversalExpr: + if t, ok := a.hclAttribute.Expr.(*hclsyntax.ScopeTraversalExpr); ok { split := t.Traversal.SimpleSplit() return split.Abs.RootName() == resourceType } diff --git a/pkg/iac/terraform/block.go b/pkg/iac/terraform/block.go index afb0fbe98a69..d69b28ee5317 100644 --- a/pkg/iac/terraform/block.go +++ b/pkg/iac/terraform/block.go @@ -5,15 +5,14 @@ import ( "io/fs" "strings" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - - "github.com/aquasecurity/trivy/pkg/iac/terraform/context" - "github.com/google/uuid" "github.com/hashicorp/hcl/v2" "github.com/hashicorp/hcl/v2/hclsyntax" "github.com/zclconf/go-cty/cty" "github.com/zclconf/go-cty/cty/gocty" + + "github.com/aquasecurity/trivy/pkg/iac/terraform/context" + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Block struct { @@ -315,7 +314,9 @@ func (b *Block) GetNestedAttribute(name string) (*Attribute, *Block) { } if working != nil { - return working.GetAttribute(attrName), working + if attr := working.GetAttribute(attrName); attr != nil { + return attr, working + } } return nil, b diff --git a/pkg/iac/terraform/context/context.go b/pkg/iac/terraform/context/context.go index 496aad1cb920..0f4a58de9ac9 100644 --- a/pkg/iac/terraform/context/context.go +++ b/pkg/iac/terraform/context/context.go @@ -112,7 +112,7 @@ func mergeVars(src cty.Value, parts []string, value cty.Value) cty.Value { return cty.ObjectVal(data) } -func mergeObjects(a cty.Value, b cty.Value) cty.Value { +func mergeObjects(a, b cty.Value) cty.Value { output := make(map[string]cty.Value) for key, val := range a.AsValueMap() { diff --git a/pkg/iac/terraform/ignore.go b/pkg/iac/terraform/ignore.go index 310425efdd7c..6db39914c885 100644 --- a/pkg/iac/terraform/ignore.go +++ b/pkg/iac/terraform/ignore.go @@ -4,9 +4,9 @@ import ( "fmt" "time" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/zclconf/go-cty/cty" + + defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Ignore struct { diff --git a/pkg/iac/terraform/module.go b/pkg/iac/terraform/module.go index 673e3ac7f625..73cb01d2048c 100644 --- a/pkg/iac/terraform/module.go +++ b/pkg/iac/terraform/module.go @@ -15,7 +15,7 @@ type Module struct { local bool } -func NewModule(rootPath string, modulePath string, blocks Blocks, ignores Ignores, local bool) *Module { +func NewModule(rootPath, modulePath string, blocks Blocks, ignores Ignores, local bool) *Module { blockMap := make(map[string]Blocks) @@ -99,7 +99,7 @@ func (c *Module) GetDatasByType(label string) Blocks { return c.getBlocksByType("data", label) } -func (c *Module) GetProviderBlocksByProvider(providerName string, alias string) Blocks { +func (c *Module) GetProviderBlocksByProvider(providerName, alias string) Blocks { var results Blocks for _, block := range c.blocks { if block.Type() == "provider" && len(block.Labels()) > 0 && block.TypeLabel() == providerName { @@ -147,7 +147,7 @@ func (c *Module) GetBlockByID(id string) (*Block, error) { return found, nil } -func (c *Module) GetReferencingResources(originalBlock *Block, referencingLabel string, referencingAttributeName string) Blocks { +func (c *Module) GetReferencingResources(originalBlock *Block, referencingLabel, referencingAttributeName string) Blocks { return c.GetReferencingBlocks(originalBlock, "resource", referencingLabel, referencingAttributeName) } @@ -163,7 +163,7 @@ func (c *Module) GetsModulesBySource(moduleSource string) (Blocks, error) { return results, nil } -func (c *Module) GetReferencingBlocks(originalBlock *Block, referencingType string, referencingLabel string, referencingAttributeName string) Blocks { +func (c *Module) GetReferencingBlocks(originalBlock *Block, referencingType, referencingLabel, referencingAttributeName string) Blocks { blocks := c.getBlocksByType(referencingType, referencingLabel) var results Blocks for _, block := range blocks { diff --git a/pkg/iac/terraform/modules.go b/pkg/iac/terraform/modules.go index 296839b16751..9272f2096145 100644 --- a/pkg/iac/terraform/modules.go +++ b/pkg/iac/terraform/modules.go @@ -69,7 +69,7 @@ func (m Modules) GetReferencedBlock(referringAttr *Attribute, parentBlock *Block return nil, fmt.Errorf("block not found") } -func (m Modules) GetReferencingResources(originalBlock *Block, referencingLabel string, referencingAttributeName string) Blocks { +func (m Modules) GetReferencingResources(originalBlock *Block, referencingLabel, referencingAttributeName string) Blocks { var blocks Blocks for _, module := range m { blocks = append(blocks, module.GetReferencingResources(originalBlock, referencingLabel, referencingAttributeName)...) diff --git a/pkg/iac/terraform/presets.go b/pkg/iac/terraform/presets.go index 6dff625a29c7..d10d795a86d7 100644 --- a/pkg/iac/terraform/presets.go +++ b/pkg/iac/terraform/presets.go @@ -43,8 +43,7 @@ func postProcessValues(b *Block, input map[string]cty.Value) map[string]cty.Valu } } - switch b.TypeLabel() { - case "aws_s3_bucket": + if b.TypeLabel() == "aws_s3_bucket" { var bucketName string if bucket := input["bucket"]; bucket.Type().Equals(cty.String) { bucketName = bucket.AsString() diff --git a/pkg/iac/terraform/value_functions.go b/pkg/iac/terraform/value_functions.go index 448272bb8a89..af987039af54 100644 --- a/pkg/iac/terraform/value_functions.go +++ b/pkg/iac/terraform/value_functions.go @@ -19,7 +19,7 @@ var functions = map[string]func(interface{}, interface{}) bool{ "regexMatches": regexMatches, } -func evaluate(criteriaValue interface{}, testValue interface{}) bool { +func evaluate(criteriaValue, testValue interface{}) bool { switch t := criteriaValue.(type) { case map[interface{}]interface{}: if t[functionNameKey] != nil { @@ -42,7 +42,7 @@ func executeFunction(functionName string, criteriaValues, testValue interface{}) return false } -func isAny(criteriaValues interface{}, testValue interface{}) bool { +func isAny(criteriaValues, testValue interface{}) bool { switch t := criteriaValues.(type) { case []interface{}: for _, v := range t { @@ -60,11 +60,11 @@ func isAny(criteriaValues interface{}, testValue interface{}) bool { return false } -func isNone(criteriaValues interface{}, testValue interface{}) bool { +func isNone(criteriaValues, testValue interface{}) bool { return !isAny(criteriaValues, testValue) } -func regexMatches(criteriaValue interface{}, testValue interface{}) bool { +func regexMatches(criteriaValue, testValue interface{}) bool { var patternVal string switch t := criteriaValue.(type) { case string: diff --git a/pkg/iac/types/range.go b/pkg/iac/types/range.go index bbcb94a8a57e..05aa535797d7 100755 --- a/pkg/iac/types/range.go +++ b/pkg/iac/types/range.go @@ -7,7 +7,7 @@ import ( "path/filepath" ) -func NewRange(filename string, startLine int, endLine int, sourcePrefix string, srcFS fs.FS) Range { +func NewRange(filename string, startLine, endLine int, sourcePrefix string, srcFS fs.FS) Range { r := Range{ filename: filename, startLine: startLine, @@ -33,12 +33,12 @@ func NewRangeWithLogicalSource(filename string, startLine int, endLine int, sour return r } -func NewRangeWithFSKey(filename string, startLine int, endLine int, sourcePrefix string, fsKey string, fs fs.FS) Range { +func NewRangeWithFSKey(filename string, startLine, endLine int, sourcePrefix, fsKey string, fsys fs.FS) Range { r := Range{ filename: filename, startLine: startLine, endLine: endLine, - fs: fs, + fs: fsys, fsKey: fsKey, sourcePrefix: sourcePrefix, } From f68b33bcbbec9deeedbce52870196f4a7099fd31 Mon Sep 17 00:00:00 2001 From: Simar Date: Mon, 12 Feb 2024 20:57:41 -0700 Subject: [PATCH 04/13] fix lint --- pkg/iac/rules/register.go | 158 ++++++++++++++++++++++++----- pkg/iac/rules/register_internal.go | 137 ------------------------- 2 files changed, 135 insertions(+), 160 deletions(-) mode change 100644 => 100755 pkg/iac/rules/register.go delete mode 100755 pkg/iac/rules/register_internal.go diff --git a/pkg/iac/rules/register.go b/pkg/iac/rules/register.go old mode 100644 new mode 100755 index 8c8b7f2109f7..f34cdf904da3 --- a/pkg/iac/rules/register.go +++ b/pkg/iac/rules/register.go @@ -1,25 +1,137 @@ package rules -// -// import ( -// "github.com/aquasecurity/trivy/pkg/iac/internal/rules" -// "github.com/aquasecurity/trivy/pkg/iac/framework" -// "github.com/aquasecurity/trivy/pkg/iac/scan" -// ruleTypes "github.com/aquasecurity/trivy/pkg/iac/types/rules" -//) -// -// func Register(rule scan.Rule) ruleTypes.RegisteredRule { -// return rules.Register(rule) -//} -// -// func Deregister(rule ruleTypes.RegisteredRule) { -// rules.Deregister(rule) -//} -// -// func GetRegistered(fw ...framework.Framework) []ruleTypes.RegisteredRule { -// return rules.GetFrameworkRules(fw...) -//} -// -//func GetSpecRules(spec string) []ruleTypes.RegisteredRule { -// return rules.GetSpecRules(spec) -//} +import ( + "sync" + + "gopkg.in/yaml.v3" + + "github.com/aquasecurity/trivy-policies/specs" + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/scan" + dftypes "github.com/aquasecurity/trivy/pkg/iac/types" + ruleTypes "github.com/aquasecurity/trivy/pkg/iac/types/rules" +) + +type registry struct { + sync.RWMutex + index int + frameworks map[framework.Framework][]ruleTypes.RegisteredRule +} + +var coreRegistry = registry{ + frameworks: make(map[framework.Framework][]ruleTypes.RegisteredRule), +} + +func Reset() { + coreRegistry.Reset() +} + +func Register(rule scan.Rule) ruleTypes.RegisteredRule { + return coreRegistry.register(rule) +} + +func Deregister(rule ruleTypes.RegisteredRule) { + coreRegistry.deregister(rule) +} + +func (r *registry) register(rule scan.Rule) ruleTypes.RegisteredRule { + r.Lock() + defer r.Unlock() + if len(rule.Frameworks) == 0 { + rule.Frameworks = map[framework.Framework][]string{framework.Default: nil} + } + registeredRule := ruleTypes.RegisteredRule{ + Number: r.index, + Rule: rule, + } + r.index++ + for fw := range rule.Frameworks { + r.frameworks[fw] = append(r.frameworks[fw], registeredRule) + } + + r.frameworks[framework.ALL] = append(r.frameworks[framework.ALL], registeredRule) + + return registeredRule +} + +func (r *registry) deregister(rule ruleTypes.RegisteredRule) { + r.Lock() + defer r.Unlock() + for fw := range r.frameworks { + for i, registered := range r.frameworks[fw] { + if registered.Number == rule.Number { + r.frameworks[fw] = append(r.frameworks[fw][:i], r.frameworks[fw][i+1:]...) + break + } + } + } +} + +func (r *registry) getFrameworkRules(fw ...framework.Framework) []ruleTypes.RegisteredRule { + r.RLock() + defer r.RUnlock() + var registered []ruleTypes.RegisteredRule + if len(fw) == 0 { + fw = []framework.Framework{framework.Default} + } + unique := make(map[int]struct{}) + for _, f := range fw { + for _, rule := range r.frameworks[f] { + if _, ok := unique[rule.Number]; ok { + continue + } + registered = append(registered, rule) + unique[rule.Number] = struct{}{} + } + } + return registered +} + +func (r *registry) getSpecRules(spec string) []ruleTypes.RegisteredRule { + r.RLock() + defer r.RUnlock() + var specRules []ruleTypes.RegisteredRule + + var complianceSpec dftypes.ComplianceSpec + specContent := specs.GetSpec(spec) + if err := yaml.Unmarshal([]byte(specContent), &complianceSpec); err != nil { + return nil + } + + registered := r.getFrameworkRules(framework.ALL) + for _, rule := range registered { + for _, csRule := range complianceSpec.Spec.Controls { + if len(csRule.Checks) > 0 { + for _, c := range csRule.Checks { + if rule.GetRule().AVDID == c.ID { + specRules = append(specRules, rule) + } + } + } + } + } + + return specRules +} + +func (r *registry) Reset() { + r.Lock() + defer r.Unlock() + r.frameworks = make(map[framework.Framework][]ruleTypes.RegisteredRule) +} + +func GetFrameworkRules(fw ...framework.Framework) []ruleTypes.RegisteredRule { + return coreRegistry.getFrameworkRules(fw...) +} + +func GetSpecRules(spec string) []ruleTypes.RegisteredRule { + if len(spec) > 0 { + return coreRegistry.getSpecRules(spec) + } + + return GetFrameworkRules() +} + +func GetRegistered(fw ...framework.Framework) []ruleTypes.RegisteredRule { + return GetFrameworkRules(fw...) +} diff --git a/pkg/iac/rules/register_internal.go b/pkg/iac/rules/register_internal.go deleted file mode 100755 index f34cdf904da3..000000000000 --- a/pkg/iac/rules/register_internal.go +++ /dev/null @@ -1,137 +0,0 @@ -package rules - -import ( - "sync" - - "gopkg.in/yaml.v3" - - "github.com/aquasecurity/trivy-policies/specs" - "github.com/aquasecurity/trivy/pkg/iac/framework" - "github.com/aquasecurity/trivy/pkg/iac/scan" - dftypes "github.com/aquasecurity/trivy/pkg/iac/types" - ruleTypes "github.com/aquasecurity/trivy/pkg/iac/types/rules" -) - -type registry struct { - sync.RWMutex - index int - frameworks map[framework.Framework][]ruleTypes.RegisteredRule -} - -var coreRegistry = registry{ - frameworks: make(map[framework.Framework][]ruleTypes.RegisteredRule), -} - -func Reset() { - coreRegistry.Reset() -} - -func Register(rule scan.Rule) ruleTypes.RegisteredRule { - return coreRegistry.register(rule) -} - -func Deregister(rule ruleTypes.RegisteredRule) { - coreRegistry.deregister(rule) -} - -func (r *registry) register(rule scan.Rule) ruleTypes.RegisteredRule { - r.Lock() - defer r.Unlock() - if len(rule.Frameworks) == 0 { - rule.Frameworks = map[framework.Framework][]string{framework.Default: nil} - } - registeredRule := ruleTypes.RegisteredRule{ - Number: r.index, - Rule: rule, - } - r.index++ - for fw := range rule.Frameworks { - r.frameworks[fw] = append(r.frameworks[fw], registeredRule) - } - - r.frameworks[framework.ALL] = append(r.frameworks[framework.ALL], registeredRule) - - return registeredRule -} - -func (r *registry) deregister(rule ruleTypes.RegisteredRule) { - r.Lock() - defer r.Unlock() - for fw := range r.frameworks { - for i, registered := range r.frameworks[fw] { - if registered.Number == rule.Number { - r.frameworks[fw] = append(r.frameworks[fw][:i], r.frameworks[fw][i+1:]...) - break - } - } - } -} - -func (r *registry) getFrameworkRules(fw ...framework.Framework) []ruleTypes.RegisteredRule { - r.RLock() - defer r.RUnlock() - var registered []ruleTypes.RegisteredRule - if len(fw) == 0 { - fw = []framework.Framework{framework.Default} - } - unique := make(map[int]struct{}) - for _, f := range fw { - for _, rule := range r.frameworks[f] { - if _, ok := unique[rule.Number]; ok { - continue - } - registered = append(registered, rule) - unique[rule.Number] = struct{}{} - } - } - return registered -} - -func (r *registry) getSpecRules(spec string) []ruleTypes.RegisteredRule { - r.RLock() - defer r.RUnlock() - var specRules []ruleTypes.RegisteredRule - - var complianceSpec dftypes.ComplianceSpec - specContent := specs.GetSpec(spec) - if err := yaml.Unmarshal([]byte(specContent), &complianceSpec); err != nil { - return nil - } - - registered := r.getFrameworkRules(framework.ALL) - for _, rule := range registered { - for _, csRule := range complianceSpec.Spec.Controls { - if len(csRule.Checks) > 0 { - for _, c := range csRule.Checks { - if rule.GetRule().AVDID == c.ID { - specRules = append(specRules, rule) - } - } - } - } - } - - return specRules -} - -func (r *registry) Reset() { - r.Lock() - defer r.Unlock() - r.frameworks = make(map[framework.Framework][]ruleTypes.RegisteredRule) -} - -func GetFrameworkRules(fw ...framework.Framework) []ruleTypes.RegisteredRule { - return coreRegistry.getFrameworkRules(fw...) -} - -func GetSpecRules(spec string) []ruleTypes.RegisteredRule { - if len(spec) > 0 { - return coreRegistry.getSpecRules(spec) - } - - return GetFrameworkRules() -} - -func GetRegistered(fw ...framework.Framework) []ruleTypes.RegisteredRule { - return GetFrameworkRules(fw...) -} From c07f61a96df150e9323e2d6dc2241ac9ea22eaf4 Mon Sep 17 00:00:00 2001 From: Simar Date: Mon, 12 Feb 2024 22:24:53 -0700 Subject: [PATCH 05/13] improve dockerfile AVD-DS-0005 test --- .../imgconf/dockerfile/dockerfile_test.go | 69 ++++++++++++------- 1 file changed, 44 insertions(+), 25 deletions(-) diff --git a/pkg/fanal/analyzer/imgconf/dockerfile/dockerfile_test.go b/pkg/fanal/analyzer/imgconf/dockerfile/dockerfile_test.go index 681d886d97d5..c23174d76540 100644 --- a/pkg/fanal/analyzer/imgconf/dockerfile/dockerfile_test.go +++ b/pkg/fanal/analyzer/imgconf/dockerfile/dockerfile_test.go @@ -5,7 +5,6 @@ import ( "testing" "time" - "github.com/aquasecurity/trivy/pkg/misconf" v1 "github.com/google/go-containerregistry/pkg/v1" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -22,7 +21,7 @@ func Test_historyAnalyzer_Analyze(t *testing.T) { wantErr bool }{ { - name: "happy", + name: "happy path no policy failure", input: analyzer.ConfigAnalysisInput{ Config: &v1.ConfigFile{ Config: v1.Config{ @@ -34,6 +33,7 @@ func Test_historyAnalyzer_Analyze(t *testing.T) { }, History: []v1.History{ { + // this is fine, see https://github.com/aquasecurity/trivy-policies/pull/60 for details CreatedBy: "/bin/sh -c #(nop) ADD file:e4d600fc4c9c293efe360be7b30ee96579925d1b4634c94332e2ec73f7d8eca1 in /", EmptyLayer: false, }, @@ -52,6 +52,44 @@ func Test_historyAnalyzer_Analyze(t *testing.T) { }, }, }, + want: &analyzer.ConfigAnalysisResult{ + Misconfiguration: &types.Misconfiguration{ + FileType: "dockerfile", + FilePath: "Dockerfile", + }, + }, + }, + { + name: "happy path with policy failure", + input: analyzer.ConfigAnalysisInput{ + Config: &v1.ConfigFile{ + Config: v1.Config{ + Healthcheck: &v1.HealthConfig{ + Test: []string{"CMD-SHELL", "curl --fail http://localhost:3000 || exit 1"}, + Interval: time.Second * 10, + Timeout: time.Second * 3, + }, + }, + History: []v1.History{ + { + CreatedBy: "/bin/sh -c #(nop) ADD file:e4d600fc4c9c293efe360be7b30ee96579925d1b4634c94332e2ec73f7d8eca1 /", + EmptyLayer: false, + }, + { + CreatedBy: `HEALTHCHECK &{["CMD-SHELL" "curl --fail http://localhost:3000 || exit 1"] "10s" "3s" "0s" '\x00'}`, + EmptyLayer: false, + }, + { + CreatedBy: `USER user`, + EmptyLayer: true, + }, + { + CreatedBy: `/bin/sh -c #(nop) CMD [\"/bin/sh\"]`, + EmptyLayer: true, + }, + }, + }, + }, want: &analyzer.ConfigAnalysisResult{ Misconfiguration: &types.Misconfiguration{ FileType: "dockerfile", @@ -60,7 +98,7 @@ func Test_historyAnalyzer_Analyze(t *testing.T) { types.MisconfResult{ Namespace: "builtin.dockerfile.DS005", Query: "data.builtin.dockerfile.DS005.deny", - Message: "Consider using 'COPY file:e4d600fc4c9c293efe360be7b30ee96579925d1b4634c94332e2ec73f7d8eca1 in /' command instead of 'ADD file:e4d600fc4c9c293efe360be7b30ee96579925d1b4634c94332e2ec73f7d8eca1 in /'", + Message: "Consider using 'COPY file:e4d600fc4c9c293efe360be7b30ee96579925d1b4634c94332e2ec73f7d8eca1 /' command instead of 'ADD file:e4d600fc4c9c293efe360be7b30ee96579925d1b4634c94332e2ec73f7d8eca1 /'", PolicyMetadata: types.PolicyMetadata{ ID: "DS005", AVDID: "AVD-DS-0005", @@ -80,10 +118,10 @@ func Test_historyAnalyzer_Analyze(t *testing.T) { Lines: []types.Line{ { Number: 1, - Content: "ADD file:e4d600fc4c9c293efe360be7b30ee96579925d1b4634c94332e2ec73f7d8eca1 in /", + Content: "ADD file:e4d600fc4c9c293efe360be7b30ee96579925d1b4634c94332e2ec73f7d8eca1 /", IsCause: true, Truncated: false, - Highlighted: "\x1b[38;5;64mADD\x1b[0m file:e4d600fc4c9c293efe360be7b30ee96579925d1b4634c94332e2ec73f7d8eca1 in /", + Highlighted: "\x1b[38;5;64mADD\x1b[0m file:e4d600fc4c9c293efe360be7b30ee96579925d1b4634c94332e2ec73f7d8eca1 /", FirstCause: true, LastCause: true, }, @@ -249,26 +287,7 @@ func Test_historyAnalyzer_Analyze(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - a, err := newHistoryAnalyzer(analyzer.ConfigAnalyzerOptions{ - MisconfScannerOption: misconf.ScannerOption{ - Debug: false, - Trace: false, - RegoOnly: false, - Namespaces: nil, - PolicyPaths: nil, - DataPaths: nil, - DisableEmbeddedPolicies: false, - DisableEmbeddedLibraries: false, - HelmValues: nil, - HelmValueFiles: nil, - HelmFileValues: nil, - HelmStringValues: nil, - TerraformTFVars: nil, - CloudFormationParamVars: nil, - TfExcludeDownloaded: false, - K8sVersion: "", - }, - }) + a, err := newHistoryAnalyzer(analyzer.ConfigAnalyzerOptions{}) require.NoError(t, err) got, err := a.Analyze(context.Background(), tt.input) if tt.wantErr { From dd6db3b3184233b07ed8b3b9e5a2e749a3bc9fe4 Mon Sep 17 00:00:00 2001 From: Simar Date: Tue, 13 Feb 2024 19:29:50 -0700 Subject: [PATCH 06/13] update tests Signed-off-by: Simar --- integration/testdata/dockerfile-custom-policies.json.golden | 2 +- integration/testdata/dockerfile-namespace-exception.json.golden | 2 +- integration/testdata/dockerfile-rule-exception.json.golden | 2 +- integration/testdata/dockerfile.json.golden | 2 +- integration/testdata/dockerfile_file_pattern.json.golden | 2 +- integration/testdata/helm.json.golden | 2 +- integration/testdata/helm_testchart.json.golden | 2 +- integration/testdata/helm_testchart.overridden.json.golden | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/integration/testdata/dockerfile-custom-policies.json.golden b/integration/testdata/dockerfile-custom-policies.json.golden index c9ec6cd7d5b4..438ecf5d7270 100644 --- a/integration/testdata/dockerfile-custom-policies.json.golden +++ b/integration/testdata/dockerfile-custom-policies.json.golden @@ -21,7 +21,7 @@ "Class": "config", "Type": "dockerfile", "MisconfSummary": { - "Successes": 26, + "Successes": 27, "Failures": 2, "Exceptions": 0 }, diff --git a/integration/testdata/dockerfile-namespace-exception.json.golden b/integration/testdata/dockerfile-namespace-exception.json.golden index d3a974f52410..be3a6adfa8d6 100644 --- a/integration/testdata/dockerfile-namespace-exception.json.golden +++ b/integration/testdata/dockerfile-namespace-exception.json.golden @@ -23,7 +23,7 @@ "MisconfSummary": { "Successes": 0, "Failures": 0, - "Exceptions": 26 + "Exceptions": 27 } } ] diff --git a/integration/testdata/dockerfile-rule-exception.json.golden b/integration/testdata/dockerfile-rule-exception.json.golden index f37cb5fc1c15..eae4e1e32fd6 100644 --- a/integration/testdata/dockerfile-rule-exception.json.golden +++ b/integration/testdata/dockerfile-rule-exception.json.golden @@ -21,7 +21,7 @@ "Class": "config", "Type": "dockerfile", "MisconfSummary": { - "Successes": 25, + "Successes": 26, "Failures": 1, "Exceptions": 0 }, diff --git a/integration/testdata/dockerfile.json.golden b/integration/testdata/dockerfile.json.golden index 67fb571b18ee..3f6dd1b5b201 100644 --- a/integration/testdata/dockerfile.json.golden +++ b/integration/testdata/dockerfile.json.golden @@ -21,7 +21,7 @@ "Class": "config", "Type": "dockerfile", "MisconfSummary": { - "Successes": 25, + "Successes": 26, "Failures": 1, "Exceptions": 0 }, diff --git a/integration/testdata/dockerfile_file_pattern.json.golden b/integration/testdata/dockerfile_file_pattern.json.golden index 810c6ed1e425..fe0372ddc79c 100644 --- a/integration/testdata/dockerfile_file_pattern.json.golden +++ b/integration/testdata/dockerfile_file_pattern.json.golden @@ -21,7 +21,7 @@ "Class": "config", "Type": "dockerfile", "MisconfSummary": { - "Successes": 25, + "Successes": 26, "Failures": 1, "Exceptions": 0 }, diff --git a/integration/testdata/helm.json.golden b/integration/testdata/helm.json.golden index df4705b12115..c9721e205272 100644 --- a/integration/testdata/helm.json.golden +++ b/integration/testdata/helm.json.golden @@ -791,7 +791,7 @@ "AVDID": "AVD-KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", - "Message": "container nginx of deployment nginx-deployment in default namespace should specify a seccomp profile", + "Message": "container \"nginx\" of deployment \"nginx-deployment\" in \"default\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", diff --git a/integration/testdata/helm_testchart.json.golden b/integration/testdata/helm_testchart.json.golden index 7b78e3f38620..ce6df6b17cee 100644 --- a/integration/testdata/helm_testchart.json.golden +++ b/integration/testdata/helm_testchart.json.golden @@ -288,7 +288,7 @@ "AVDID": "AVD-KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", - "Message": "container testchart of deployment testchart in default namespace should specify a seccomp profile", + "Message": "container \"testchart\" of deployment \"testchart\" in \"default\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", diff --git a/integration/testdata/helm_testchart.overridden.json.golden b/integration/testdata/helm_testchart.overridden.json.golden index 55725f96a6e3..573d789ef7b4 100644 --- a/integration/testdata/helm_testchart.overridden.json.golden +++ b/integration/testdata/helm_testchart.overridden.json.golden @@ -416,7 +416,7 @@ "AVDID": "AVD-KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", - "Message": "container testchart of deployment testchart in default namespace should specify a seccomp profile", + "Message": "container \"testchart\" of deployment \"testchart\" in \"default\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", From 2ecafe3cd3ab7ebbaa6e24cfcc3fc6b770724a23 Mon Sep 17 00:00:00 2001 From: Simar Date: Wed, 14 Feb 2024 18:34:18 -0700 Subject: [PATCH 07/13] convert defsec cmds into magefile actions --- cmd/iac/schema/main.go | 80 ------------ .../main.go => magefiles/allowed_actions.go | 106 ++-------------- .../allowed_actions_test.go | 2 +- magefiles/magefile.go | 116 ++++++++++++++++++ .../testdata/list_amazoncloudwatch.html | 0 ...olicies_actions-resources-contextkeys.html | 0 pkg/iac/providers/aws/iam/actions.go | 53 +++++++- 7 files changed, 177 insertions(+), 180 deletions(-) delete mode 100644 cmd/iac/schema/main.go rename cmd/iac/allowed_actions/main.go => magefiles/allowed_actions.go (63%) rename cmd/iac/allowed_actions/main_test.go => magefiles/allowed_actions_test.go (97%) rename {cmd/iac/allowed_actions => magefiles}/testdata/list_amazoncloudwatch.html (100%) rename {cmd/iac/allowed_actions => magefiles}/testdata/reference_policies_actions-resources-contextkeys.html (100%) diff --git a/cmd/iac/schema/main.go b/cmd/iac/schema/main.go deleted file mode 100644 index bae01243967a..000000000000 --- a/cmd/iac/schema/main.go +++ /dev/null @@ -1,80 +0,0 @@ -package main - -import ( - "bytes" - "encoding/json" - "fmt" - "os" - - "github.com/spf13/cobra" - - "github.com/aquasecurity/trivy/pkg/iac/rego/schemas" -) - -// generate a json schema document for cloud rego input (state.State) - -const schemaPath = "pkg/iac/rego/schemas/cloud.json" - -func main() { - if err := rootCmd.Execute(); err != nil { - _, _ = fmt.Fprintln(os.Stderr, err) - os.Exit(1) - } -} - -var rootCmd = &cobra.Command{ - Use: "schema", -} - -func init() { - rootCmd.AddCommand(generateCmd) - rootCmd.AddCommand(verifyCmd) -} - -var generateCmd = &cobra.Command{ - Use: "generate", - Short: "generate a json schema document for cloud rego input (state.State)", - RunE: func(cmd *cobra.Command, args []string) error { - cmd.SilenceErrors = true - cmd.SilenceUsage = true - schema, err := schemas.Build() - if err != nil { - return err - } - data, err := json.MarshalIndent(schema, "", " ") - if err != nil { - return err - } - if err := os.WriteFile(schemaPath, data, 0600); err != nil { - return err - } - fmt.Println("done") - return nil - }, -} - -var verifyCmd = &cobra.Command{ - Use: "verify", - Short: "verify that the schema is up to date", - RunE: func(cmd *cobra.Command, args []string) error { - cmd.SilenceErrors = true - cmd.SilenceUsage = true - schema, err := schemas.Build() - if err != nil { - return err - } - data, err := json.MarshalIndent(schema, "", " ") - if err != nil { - return err - } - existing, err := os.ReadFile(schemaPath) - if err != nil { - return err - } - if !bytes.Equal(data, existing) { - return fmt.Errorf("schema is out of date:\n\nplease run 'make schema' and commit the changes") - } - fmt.Println("schema is valid") - return nil - }, -} diff --git a/cmd/iac/allowed_actions/main.go b/magefiles/allowed_actions.go similarity index 63% rename from cmd/iac/allowed_actions/main.go rename to magefiles/allowed_actions.go index 84278162fb95..cf8eb048a4f3 100644 --- a/cmd/iac/allowed_actions/main.go +++ b/magefiles/allowed_actions.go @@ -2,110 +2,26 @@ package main import ( "bufio" - "context" "errors" - "flag" "fmt" - "log" "os" - "path/filepath" - "sort" "strings" - "sync" - "time" "github.com/antchfx/htmlquery" "golang.org/x/net/html" - "golang.org/x/sync/errgroup" ) const ( serviceAuthURL = "https://docs.aws.amazon.com/service-authorization/latest/reference/" serviceActionReferencesURL = "https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html" + targetFile = "pkg/iac/providers/aws/iam/actions.go" + defaultParallel = 10 ) -const targetFile = "./pkg/providers/aws/iam/actions.go" - -func main() { - if err := run(); err != nil { - log.Fatal(err) - } -} - -const defaultParallel = 10 - -func run() error { - log.Println("Start parsing actions") - startTime := time.Now() - defer func() { - log.Printf("Parsing is completed. Duration %fs", time.Since(startTime).Seconds()) - }() - - limit := flag.Int("limit", defaultParallel, fmt.Sprintf("number of goroutines for scraping pages (default %d)", defaultParallel)) - flag.Parse() - - doc, err := htmlquery.LoadURL(serviceActionReferencesURL) - if err != nil { - return fmt.Errorf("failed to retrieve action references: %w", err) - } - urls, err := parseServiceURLs(doc) - if err != nil { - return err - } - - g, ctx := errgroup.WithContext(context.TODO()) - g.SetLimit(*limit) - - // actions may be the same for services of different versions, - // e.g. Elastic Load Balancing and Elastic Load Balancing V2 - actionsSet := make(map[string]struct{}) - - var mu sync.Mutex - - for _, url := range urls { - url := url - if ctx.Err() != nil { - break - } - g.Go(func() error { - serviceActions, err := parseActions(url) - if err != nil { - return fmt.Errorf("failed to parse actions from %q: %w", url, err) - } - - mu.Lock() - for _, act := range serviceActions { - actionsSet[act] = struct{}{} - } - mu.Unlock() - - return nil - }) - } - - if err := g.Wait(); err != nil { - return err - } - - actions := make([]string, 0, len(actionsSet)) - - for act := range actionsSet { - actions = append(actions, act) - } - - sort.Strings(actions) - - path := filepath.FromSlash(targetFile) - if err := generateFile(path, actions); err != nil { - return fmt.Errorf("failed to generate file: %w", err) - } - return nil -} - func parseServiceURLs(doc *html.Node) ([]string, error) { nodes, err := htmlquery.QueryAll(doc, `//div[@class="highlights"]/ul/li/a/@href`) if err != nil { - return nil, fmt.Errorf("failed to search nodes: %w", err) + return nil, fmt.Errorf("failed to search nodes: %w\n", err) } res := make([]string, 0, len(nodes)) @@ -143,7 +59,7 @@ func parseActions(url string) ([]string, error) { res = append(res, servicePrefix+":"+act) } - log.Printf("Parsing of %q actions is completed", servicePrefix) + fmt.Printf("Parsing of %q actions is completed\n", servicePrefix) return res, nil } @@ -154,7 +70,7 @@ func parseServiceActions(doc *html.Node) ([]string, error) { return nil, errors.New("actions table not found") } if err != nil { - return nil, fmt.Errorf("failed to query tables: %w", err) + return nil, fmt.Errorf("failed to query tables: %w\n", err) } var actions []string @@ -210,7 +126,7 @@ func findSubtags(n *html.Node, tagName string) []*html.Node { func parseServicePrefix(doc *html.Node) (string, error) { nodes, err := htmlquery.QueryAll(doc, `//div[@id="main-col-body"]/p/descendant-or-self::*/text()`) if err != nil { - return "", fmt.Errorf("failed to query paragraph: %w", err) + return "", fmt.Errorf("failed to query paragraph: %w\n", err) } var sb strings.Builder @@ -223,12 +139,12 @@ func parseServicePrefix(doc *html.Node) (string, error) { idx := strings.Index(p, "service prefix: ") if idx == -1 { - return "", fmt.Errorf("failed extract service prefix from text: %s", p) + return "", fmt.Errorf("failed extract service prefix from text: %s\n", p) } idx += len("service prefix: ") if len(p)-1 <= idx { - return "", fmt.Errorf("failed to parse service prefix from text: %s", p) + return "", fmt.Errorf("failed to parse service prefix from text: %s\n", p) } var parsed bool @@ -241,7 +157,7 @@ func parseServicePrefix(doc *html.Node) (string, error) { } if !parsed { - return "", fmt.Errorf("failed to parse service prefix from text: %s", p) + return "", fmt.Errorf("failed to parse service prefix from text: %s\n", p) } return sb.String(), nil @@ -251,13 +167,13 @@ func generateFile(path string, actions []string) error { f, err := os.Create(path) if err != nil { - return fmt.Errorf("failed to create file: %w", err) + return fmt.Errorf("failed to create file: %w\n", err) } defer f.Close() w := bufio.NewWriter(f) _, _ = w.WriteString( - `// Code generated by cmd/allowed_actions DO NOT EDIT. + `// Code generated by mage genallowedactions DO NOT EDIT. package iam diff --git a/cmd/iac/allowed_actions/main_test.go b/magefiles/allowed_actions_test.go similarity index 97% rename from cmd/iac/allowed_actions/main_test.go rename to magefiles/allowed_actions_test.go index c4d2b81f4183..712c607b1a48 100644 --- a/cmd/iac/allowed_actions/main_test.go +++ b/magefiles/allowed_actions_test.go @@ -81,7 +81,7 @@ func TestGenerateFile(t *testing.T) { path := filepath.Join(tmpDir, "test.go") require.NoError(t, generateFile(path, actions)) - expected := `// Code generated by cmd/allowed_actions DO NOT EDIT. + expected := `// Code generated by mage genallowedactions DO NOT EDIT. package iam diff --git a/magefiles/magefile.go b/magefiles/magefile.go index 7869eb1c5abd..b9427b857db0 100644 --- a/magefiles/magefile.go +++ b/magefiles/magefile.go @@ -1,17 +1,30 @@ package main import ( + "bytes" + "context" + "encoding/json" "errors" "fmt" "io/fs" "os" "os/exec" "path/filepath" + "sort" "strings" + "sync" + "time" + "github.com/antchfx/htmlquery" + "github.com/aquasecurity/trivy/pkg/iac/rego/schemas" "github.com/magefile/mage/mg" "github.com/magefile/mage/sh" "github.com/magefile/mage/target" + "golang.org/x/sync/errgroup" +) + +const ( + schemaPath = "pkg/iac/rego/schemas/cloud.json" ) var ( @@ -425,3 +438,106 @@ func installed(cmd string) bool { _, err := exec.LookPath(cmd) return err == nil } + +// GenSchema generates the Trivy IaC schema +func GenSchema() error { + schema, err := schemas.Build() + if err != nil { + return err + } + data, err := json.MarshalIndent(schema, "", " ") + if err != nil { + return err + } + if err := os.WriteFile(schemaPath, data, 0600); err != nil { + return err + } + fmt.Println("schema generated") + return nil +} + +// VerifySchema verifies a generated schema for validity +func VerifySchema() error { + schema, err := schemas.Build() + if err != nil { + return err + } + data, err := json.MarshalIndent(schema, "", " ") + if err != nil { + return err + } + existing, err := os.ReadFile(schemaPath) + if err != nil { + return err + } + if !bytes.Equal(data, existing) { + return fmt.Errorf("schema is out of date:\n\nplease run 'mage genschema' and commit the changes\n") + } + fmt.Println("schema is valid") + return nil +} + +func GenAllowedActions() error { + fmt.Println("Start parsing actions") + startTime := time.Now() + defer func() { + fmt.Printf("Parsing is completed. Duration %fs\n", time.Since(startTime).Seconds()) + }() + + doc, err := htmlquery.LoadURL(serviceActionReferencesURL) + if err != nil { + return fmt.Errorf("failed to retrieve action references: %w\n", err) + } + urls, err := parseServiceURLs(doc) + if err != nil { + return err + } + + g, ctx := errgroup.WithContext(context.TODO()) + g.SetLimit(defaultParallel) + + // actions may be the same for services of different versions, + // e.g. Elastic Load Balancing and Elastic Load Balancing V2 + actionsSet := make(map[string]struct{}) + + var mu sync.Mutex + + for _, url := range urls { + url := url + if ctx.Err() != nil { + break + } + g.Go(func() error { + serviceActions, err := parseActions(url) + if err != nil { + return fmt.Errorf("failed to parse actions from %q: %w\n", url, err) + } + + mu.Lock() + for _, act := range serviceActions { + actionsSet[act] = struct{}{} + } + mu.Unlock() + + return nil + }) + } + + if err := g.Wait(); err != nil { + return err + } + + actions := make([]string, 0, len(actionsSet)) + + for act := range actionsSet { + actions = append(actions, act) + } + + sort.Strings(actions) + + path := filepath.FromSlash(targetFile) + if err := generateFile(path, actions); err != nil { + return fmt.Errorf("failed to generate file: %w\n", err) + } + return nil +} diff --git a/cmd/iac/allowed_actions/testdata/list_amazoncloudwatch.html b/magefiles/testdata/list_amazoncloudwatch.html similarity index 100% rename from cmd/iac/allowed_actions/testdata/list_amazoncloudwatch.html rename to magefiles/testdata/list_amazoncloudwatch.html diff --git a/cmd/iac/allowed_actions/testdata/reference_policies_actions-resources-contextkeys.html b/magefiles/testdata/reference_policies_actions-resources-contextkeys.html similarity index 100% rename from cmd/iac/allowed_actions/testdata/reference_policies_actions-resources-contextkeys.html rename to magefiles/testdata/reference_policies_actions-resources-contextkeys.html diff --git a/pkg/iac/providers/aws/iam/actions.go b/pkg/iac/providers/aws/iam/actions.go index 564b4a38f917..125d32c521da 100644 --- a/pkg/iac/providers/aws/iam/actions.go +++ b/pkg/iac/providers/aws/iam/actions.go @@ -1,4 +1,4 @@ -// Code generated by cmd/allowed_actions DO NOT EDIT. +// Code generated by mage genallowedactions DO NOT EDIT. package iam @@ -119,6 +119,7 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "aoss:UpdateSecurityConfig": {}, "aoss:UpdateSecurityPolicy": {}, "aoss:UpdateVpcEndpoint": {}, + "app-integrations:ListApplicationAssociations": {}, "app-integrations:ListApplications": {}, "app-integrations:ListDataIntegrationAssociations": {}, "app-integrations:ListDataIntegrations": {}, @@ -242,6 +243,7 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "appsync:GetDataSource": {}, "appsync:GetDataSourceIntrospection": {}, "appsync:GetFunction": {}, + "appsync:GetGraphqlApiEnvironmentVariables": {}, "appsync:GetIntrospectionSchema": {}, "appsync:GetResolver": {}, "appsync:GetResourcePolicy": {}, @@ -257,6 +259,7 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "appsync:ListSourceApiAssociations": {}, "appsync:ListTypes": {}, "appsync:ListTypesByAssociation": {}, + "appsync:PutGraphqlApiEnvironmentVariables": {}, "appsync:PutResourcePolicy": {}, "appsync:SetWebACL": {}, "appsync:StartDataSourceIntrospection": {}, @@ -774,25 +777,34 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "cloudformation:ActivateType": {}, "cloudformation:BatchDescribeTypeConfigurations": {}, "cloudformation:CancelResourceRequest": {}, + "cloudformation:CreateGeneratedTemplate": {}, "cloudformation:CreateResource": {}, "cloudformation:CreateStackSet": {}, "cloudformation:CreateUploadBucket": {}, "cloudformation:DeactivateOrganizationsAccess": {}, "cloudformation:DeactivateType": {}, + "cloudformation:DeleteGeneratedTemplate": {}, "cloudformation:DeleteResource": {}, "cloudformation:DeregisterType": {}, "cloudformation:DescribeAccountLimits": {}, + "cloudformation:DescribeGeneratedTemplate": {}, "cloudformation:DescribeOrganizationsAccess": {}, "cloudformation:DescribePublisher": {}, + "cloudformation:DescribeResourceScan": {}, "cloudformation:DescribeStackDriftDetectionStatus": {}, "cloudformation:DescribeType": {}, "cloudformation:DescribeTypeRegistration": {}, "cloudformation:EstimateTemplateCost": {}, + "cloudformation:GetGeneratedTemplate": {}, "cloudformation:GetResource": {}, "cloudformation:GetResourceRequestStatus": {}, "cloudformation:ListExports": {}, + "cloudformation:ListGeneratedTemplates": {}, "cloudformation:ListImports": {}, "cloudformation:ListResourceRequests": {}, + "cloudformation:ListResourceScanRelatedResources": {}, + "cloudformation:ListResourceScanResources": {}, + "cloudformation:ListResourceScans": {}, "cloudformation:ListResources": {}, "cloudformation:ListStackSets": {}, "cloudformation:ListStacks": {}, @@ -804,7 +816,9 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "cloudformation:RegisterType": {}, "cloudformation:SetTypeConfiguration": {}, "cloudformation:SetTypeDefaultVersion": {}, + "cloudformation:StartResourceScan": {}, "cloudformation:TestType": {}, + "cloudformation:UpdateGeneratedTemplate": {}, "cloudformation:UpdateResource": {}, "cloudformation:ValidateTemplate": {}, "cloudfront:CreateFieldLevelEncryptionConfig": {}, @@ -922,6 +936,7 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "codebuild:ListBuilds": {}, "codebuild:ListConnectedOAuthAccounts": {}, "codebuild:ListCuratedEnvironmentImages": {}, + "codebuild:ListFleets": {}, "codebuild:ListProjects": {}, "codebuild:ListReportGroups": {}, "codebuild:ListReports": {}, @@ -1368,6 +1383,7 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "datazone:ListDataSourceRuns": {}, "datazone:ListDataSources": {}, "datazone:ListDomains": {}, + "datazone:ListEnvironmentBlueprintConfigurationSummaries": {}, "datazone:ListEnvironmentBlueprintConfigurations": {}, "datazone:ListEnvironmentBlueprints": {}, "datazone:ListEnvironmentProfiles": {}, @@ -1894,6 +1910,7 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "eks:CreateEksAnywhereSubscription": {}, "eks:DescribeAddonConfiguration": {}, "eks:DescribeAddonVersions": {}, + "eks:ListAccessPolicies": {}, "eks:ListClusters": {}, "eks:ListEksAnywhereSubscriptions": {}, "eks:RegisterCluster": {}, @@ -2334,6 +2351,7 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "guardduty:GetMasterAccount": {}, "guardduty:GetMemberDetectors": {}, "guardduty:GetMembers": {}, + "guardduty:GetOrganizationStatistics": {}, "guardduty:GetRemainingFreeTrialDays": {}, "guardduty:GetUsageStatistics": {}, "guardduty:InviteMembers": {}, @@ -2435,6 +2453,8 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "imagebuilder:ListImages": {}, "imagebuilder:ListInfrastructureConfigurations": {}, "imagebuilder:ListLifecyclePolicies": {}, + "imagebuilder:ListWaitingWorkflowSteps": {}, + "imagebuilder:ListWorkflows": {}, "importexport:CancelJob": {}, "importexport:CreateJob": {}, "importexport:GetShippingLabel": {}, @@ -2459,6 +2479,8 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "inspector2:DisassociateMember": {}, "inspector2:Enable": {}, "inspector2:EnableDelegatedAdminAccount": {}, + "inspector2:GetCisScanReport": {}, + "inspector2:GetCisScanResultDetails": {}, "inspector2:GetConfiguration": {}, "inspector2:GetDelegatedAdminAccount": {}, "inspector2:GetEc2DeepInspectionConfiguration": {}, @@ -2467,6 +2489,10 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "inspector2:GetMember": {}, "inspector2:GetSbomExport": {}, "inspector2:ListAccountPermissions": {}, + "inspector2:ListCisScanConfigurations": {}, + "inspector2:ListCisScanResultsAggregatedByChecks": {}, + "inspector2:ListCisScanResultsAggregatedByTargetResource": {}, + "inspector2:ListCisScans": {}, "inspector2:ListCoverage": {}, "inspector2:ListCoverageStatistics": {}, "inspector2:ListDelegatedAdminAccounts": {}, @@ -2478,8 +2504,10 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "inspector2:ListUsageTotals": {}, "inspector2:ResetEncryptionKey": {}, "inspector2:SearchVulnerabilities": {}, - "inspector2:TagResource": {}, - "inspector2:UntagResource": {}, + "inspector2:SendCisSessionHealth": {}, + "inspector2:SendCisSessionTelemetry": {}, + "inspector2:StartCisSession": {}, + "inspector2:StopCisSession": {}, "inspector2:UpdateConfiguration": {}, "inspector2:UpdateEc2DeepInspectionConfiguration": {}, "inspector2:UpdateEncryptionKey": {}, @@ -2572,6 +2600,7 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "iot:ListAuthorizers": {}, "iot:ListBillingGroups": {}, "iot:ListCACertificates": {}, + "iot:ListCertificateProviders": {}, "iot:ListCertificates": {}, "iot:ListCertificatesByCA": {}, "iot:ListCustomMetrics": {}, @@ -2720,6 +2749,7 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "iotwireless:UpdateLogLevelsByResourceTypes": {}, "iq:span": {}, "ivs:ListEncoderConfigurations": {}, + "ivs:ListPlaybackRestrictionPolicies": {}, "ivs:ListStorageConfigurations": {}, "kafka:DescribeClusterOperation": {}, "kafka:DescribeClusterOperationV2": {}, @@ -2774,12 +2804,15 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "lakeformation:CommitTransaction": {}, "lakeformation:CreateDataCellsFilter": {}, "lakeformation:CreateLFTag": {}, + "lakeformation:CreateLakeFormationIdentityCenterConfiguration": {}, "lakeformation:CreateLakeFormationOptIn": {}, "lakeformation:DeleteDataCellsFilter": {}, "lakeformation:DeleteLFTag": {}, + "lakeformation:DeleteLakeFormationIdentityCenterConfiguration": {}, "lakeformation:DeleteLakeFormationOptIn": {}, "lakeformation:DeleteObjectsOnCancel": {}, "lakeformation:DeregisterResource": {}, + "lakeformation:DescribeLakeFormationIdentityCenterConfiguration": {}, "lakeformation:DescribeResource": {}, "lakeformation:DescribeTransaction": {}, "lakeformation:ExtendTransaction": {}, @@ -2812,6 +2845,7 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "lakeformation:StartTransaction": {}, "lakeformation:UpdateDataCellsFilter": {}, "lakeformation:UpdateLFTag": {}, + "lakeformation:UpdateLakeFormationIdentityCenterConfiguration": {}, "lakeformation:UpdateResource": {}, "lakeformation:UpdateTableObjects": {}, "lakeformation:UpdateTableStorageOptimizer": {}, @@ -3023,7 +3057,6 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "logs:PutAccountPolicy": {}, "logs:PutQueryDefinition": {}, "logs:PutResourcePolicy": {}, - "logs:StartLiveTail": {}, "logs:StopLiveTail": {}, "logs:StopQuery": {}, "logs:TestMetricFilter": {}, @@ -3182,6 +3215,7 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "mediaconnect:CreateFlow": {}, "mediaconnect:DeleteFlow": {}, "mediaconnect:DescribeFlow": {}, + "mediaconnect:DescribeFlowSourceMetadata": {}, "mediaconnect:DescribeOffering": {}, "mediaconnect:DescribeReservation": {}, "mediaconnect:DiscoverGatewayPollEndpoint": {}, @@ -3374,6 +3408,8 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "networkmanager:ListOrganizationServiceAccessStatus": {}, "networkmanager:ListPeerings": {}, "networkmanager:StartOrganizationServiceAccessUpdate": {}, + "networkmonitor:CreateProbe": {}, + "networkmonitor:ListMonitors": {}, "nimble:GetFeatureMap": {}, "nimble:ListStudios": {}, "notifications-contacts:CreateEmailContact": {}, @@ -3518,6 +3554,8 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "payment-cryptography:GetParametersForExport": {}, "payment-cryptography:GetParametersForImport": {}, "payment-cryptography:ImportKey": {}, + "payment-cryptography:ListAliases": {}, + "payment-cryptography:ListKeys": {}, "payment-cryptography:ReEncryptData": {}, "payment-cryptography:TranslatePinData": {}, "payment-cryptography:VerifyAuthRequestCryptogram": {}, @@ -3687,6 +3725,7 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "rds:DescribeAccountAttributes": {}, "rds:DescribeCertificates": {}, "rds:DescribeDBEngineVersions": {}, + "rds:DescribeDBRecommendations": {}, "rds:DescribeEngineDefaultClusterParameters": {}, "rds:DescribeEngineDefaultParameters": {}, "rds:DescribeEventCategories": {}, @@ -3698,6 +3737,7 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "rds:DescribeReservedDBInstancesOfferings": {}, "rds:DescribeSourceRegions": {}, "rds:ModifyCertificates": {}, + "rds:ModifyDBRecommendation": {}, "rds:ModifyRecommendation": {}, "rds:StartExportTask": {}, "redshift-data:CancelStatement": {}, @@ -3780,6 +3820,7 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "redshift:GetReservedNodeExchangeConfigurationOptions": {}, "redshift:GetReservedNodeExchangeOfferings": {}, "redshift:ListDatabases": {}, + "redshift:ListRecommendations": {}, "redshift:ListSavedQueries": {}, "redshift:ListSchemas": {}, "redshift:ListTables": {}, @@ -3851,6 +3892,9 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "resource-explorer-2:ListIndexesForMembers": {}, "resource-explorer-2:ListSupportedResourceTypes": {}, "resource-explorer-2:ListViews": {}, + "resource-explorer:ListResourceTypes": {}, + "resource-explorer:ListResources": {}, + "resource-explorer:ListTags": {}, "resource-groups:CreateGroup": {}, "resource-groups:GetAccountSettings": {}, "resource-groups:ListGroups": {}, @@ -4766,6 +4810,7 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ "tax:BatchPutTaxRegistration": {}, "tax:DeleteTaxRegistration": {}, "tax:GetExemptions": {}, + "tax:GetTaxInfoReportingDocument": {}, "tax:GetTaxInheritance": {}, "tax:GetTaxInterview": {}, "tax:GetTaxRegistration": {}, From 52f31f925e63ac47bb2fe73b2e5115dfe4db8d26 Mon Sep 17 00:00:00 2001 From: Simar Date: Wed, 14 Feb 2024 18:58:35 -0700 Subject: [PATCH 08/13] fix lint --- magefiles/magefile.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/magefiles/magefile.go b/magefiles/magefile.go index b9427b857db0..fa280054310b 100644 --- a/magefiles/magefile.go +++ b/magefiles/magefile.go @@ -16,11 +16,12 @@ import ( "time" "github.com/antchfx/htmlquery" - "github.com/aquasecurity/trivy/pkg/iac/rego/schemas" "github.com/magefile/mage/mg" "github.com/magefile/mage/sh" "github.com/magefile/mage/target" "golang.org/x/sync/errgroup" + + "github.com/aquasecurity/trivy/pkg/iac/rego/schemas" ) const ( @@ -477,6 +478,7 @@ func VerifySchema() error { return nil } +// GenAllowedActions generates the list of valid actions for wildcard support func GenAllowedActions() error { fmt.Println("Start parsing actions") startTime := time.Now() From 04adb8b874a1f5eea0c4ebcc1581f5997d22ebe4 Mon Sep 17 00:00:00 2001 From: Simar Date: Fri, 16 Feb 2024 00:33:39 -0700 Subject: [PATCH 09/13] update schema gen logic and schema --- magefiles/magefile.go | 44 +- magefiles/schema.go | 71 + pkg/iac/rego/schemas/cloud.json | 2726 +++++++++++++++---------------- 3 files changed, 1440 insertions(+), 1401 deletions(-) create mode 100644 magefiles/schema.go diff --git a/magefiles/magefile.go b/magefiles/magefile.go index fa280054310b..d420584daeb6 100644 --- a/magefiles/magefile.go +++ b/magefiles/magefile.go @@ -1,9 +1,7 @@ package main import ( - "bytes" "context" - "encoding/json" "errors" "fmt" "io/fs" @@ -20,8 +18,6 @@ import ( "github.com/magefile/mage/sh" "github.com/magefile/mage/target" "golang.org/x/sync/errgroup" - - "github.com/aquasecurity/trivy/pkg/iac/rego/schemas" ) const ( @@ -440,42 +436,14 @@ func installed(cmd string) bool { return err == nil } -// GenSchema generates the Trivy IaC schema -func GenSchema() error { - schema, err := schemas.Build() - if err != nil { - return err - } - data, err := json.MarshalIndent(schema, "", " ") - if err != nil { - return err - } - if err := os.WriteFile(schemaPath, data, 0600); err != nil { - return err - } - fmt.Println("schema generated") - return nil +type Schema mg.Namespace + +func (Schema) Generate() error { + return sh.RunWith(ENV, "go", "run", "-tags=mage_schema", "./magefiles", "--", "generate") } -// VerifySchema verifies a generated schema for validity -func VerifySchema() error { - schema, err := schemas.Build() - if err != nil { - return err - } - data, err := json.MarshalIndent(schema, "", " ") - if err != nil { - return err - } - existing, err := os.ReadFile(schemaPath) - if err != nil { - return err - } - if !bytes.Equal(data, existing) { - return fmt.Errorf("schema is out of date:\n\nplease run 'mage genschema' and commit the changes\n") - } - fmt.Println("schema is valid") - return nil +func (Schema) Verify() error { + return sh.RunWith(ENV, "go", "run", "-tags=mage_schema", "./magefiles", "--", "verify") } // GenAllowedActions generates the list of valid actions for wildcard support diff --git a/magefiles/schema.go b/magefiles/schema.go new file mode 100644 index 000000000000..19493f163fc2 --- /dev/null +++ b/magefiles/schema.go @@ -0,0 +1,71 @@ +//go:build mage_schema + +package main + +import ( + "bytes" + "encoding/json" + "fmt" + "log" + "os" + + "github.com/aquasecurity/trivy/pkg/iac/rego/schemas" +) + +func main() { + if len(os.Args) < 3 { + log.Printf("invalid schema command args: %s", os.Args) + os.Exit(1) + } + + switch os.Args[2] { + case "generate": + if err := GenSchema(); err != nil { + fmt.Printf(err.Error()) + os.Exit(1) + } + log.Println("schema generated") + case "verify": + if err := VerifySchema(); err != nil { + fmt.Printf(err.Error()) + os.Exit(1) + } + log.Println("schema valid") + } +} + +// GenSchema generates the Trivy IaC schema +func GenSchema() error { + schema, err := schemas.Build() + if err != nil { + return err + } + data, err := json.MarshalIndent(schema, "", " ") + if err != nil { + return err + } + if err := os.WriteFile(schemaPath, data, 0600); err != nil { + return err + } + return nil +} + +// VerifySchema verifies a generated schema for validity +func VerifySchema() error { + schema, err := schemas.Build() + if err != nil { + return err + } + data, err := json.MarshalIndent(schema, "", " ") + if err != nil { + return err + } + existing, err := os.ReadFile(schemaPath) + if err != nil { + return err + } + if !bytes.Equal(data, existing) { + return fmt.Errorf("schema is out of date:\n\nplease run 'mage schema:generate' and commit the changes\n") + } + return nil +} diff --git a/pkg/iac/rego/schemas/cloud.json b/pkg/iac/rego/schemas/cloud.json index e593c6b26be5..2ac3594e98c5 100644 --- a/pkg/iac/rego/schemas/cloud.json +++ b/pkg/iac/rego/schemas/cloud.json @@ -3,1667 +3,1667 @@ "properties": { "aws": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.AWS" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.AWS" }, "azure": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.Azure" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.Azure" }, "cloudstack": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.cloudstack.CloudStack" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.cloudstack.CloudStack" }, "digitalocean": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.DigitalOcean" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.DigitalOcean" }, "github": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.github.GitHub" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.github.GitHub" }, "google": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.Google" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.Google" }, "kubernetes": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.Kubernetes" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.kubernetes.Kubernetes" }, "nifcloud": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.Nifcloud" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.Nifcloud" }, "openstack": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.OpenStack" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.openstack.OpenStack" }, "oracle": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.oracle.Oracle" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.oracle.Oracle" } }, "definitions": { - "github.com.aquasecurity.defsec.pkg.providers.aws.AWS": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.AWS": { "type": "object", "properties": { "accessanalyzer": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.AccessAnalyzer" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.accessanalyzer.AccessAnalyzer" }, "apigateway": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.APIGateway" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.APIGateway" }, "athena": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.athena.Athena" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.athena.Athena" }, "cloudfront": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.Cloudfront" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudfront.Cloudfront" }, "cloudtrail": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.CloudTrail" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudtrail.CloudTrail" }, "cloudwatch": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.CloudWatch" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudwatch.CloudWatch" }, "codebuild": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.CodeBuild" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.codebuild.CodeBuild" }, "config": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.config.Config" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.config.Config" }, "documentdb": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.documentdb.DocumentDB" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.documentdb.DocumentDB" }, "dynamodb": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.DynamoDB" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.dynamodb.DynamoDB" }, "ec2": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.EC2" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.EC2" }, "ecr": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecr.ECR" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecr.ECR" }, "ecs": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.ECS" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecs.ECS" }, "efs": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.efs.EFS" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.efs.EFS" }, "eks": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.eks.EKS" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.eks.EKS" }, "elasticache": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.ElastiCache" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.elasticache.ElastiCache" }, "elasticsearch": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.Elasticsearch" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.elasticsearch.Elasticsearch" }, "elb": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elb.ELB" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.elb.ELB" }, "emr": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.emr.EMR" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.emr.EMR" }, "iam": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.IAM" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.IAM" }, "kinesis": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.kinesis.Kinesis" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.kinesis.Kinesis" }, "kms": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.kms.KMS" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.kms.KMS" }, "lambda": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Lambda" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.lambda.Lambda" }, "meta": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.Meta" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.Meta" }, "mq": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.mq.MQ" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.mq.MQ" }, "msk": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.MSK" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.msk.MSK" }, "neptune": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.neptune.Neptune" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.neptune.Neptune" }, "rds": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.RDS" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.RDS" }, "redshift": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.Redshift" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.redshift.Redshift" }, "s3": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.S3" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.s3.S3" }, "sam": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.SAM" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.SAM" }, "sns": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sns.SNS" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.sns.SNS" }, "sqs": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sqs.SQS" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.sqs.SQS" }, "ssm": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ssm.SSM" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ssm.SSM" }, "workspaces": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.WorkSpaces" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.workspaces.WorkSpaces" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.AssumeRole": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.AssumeRole": { "type": "object", "properties": { "duration": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "externalid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "policy": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "policyarns": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "rolearn": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "sessionname": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "sourceidentity": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "tags": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.MapValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.MapValue" }, "transitivetagkeys": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.AssumeRoleWithWebIdentity": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.AssumeRoleWithWebIdentity": { "type": "object", "properties": { "duration": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "policy": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "policyarns": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "rolearn": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "sessionname": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "webidentitytoken": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "webidentitytokenfile": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.DefaultTags": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.DefaultTags": { "type": "object", "properties": { "tags": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.MapValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.MapValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.IgnoreTags": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.IgnoreTags": { "type": "object", "properties": { "keyprefixes": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "keys": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.Meta": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.Meta": { "type": "object", "properties": { "tfproviders": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.TerraformProvider" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.TerraformProvider" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.TerraformProvider": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.TerraformProvider": { "type": "object", "properties": { "accesskey": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "alias": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "allowedaccountsids": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "assumerole": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.AssumeRole" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.AssumeRole" }, "assumerolewithwebidentity": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.AssumeRoleWithWebIdentity" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.AssumeRoleWithWebIdentity" }, "customcabundle": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "defaulttags": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.DefaultTags" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.DefaultTags" }, "ec2metadataserviceendpoint": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "ec2metadataserviceendpointmode": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "endpoints": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.MapValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.MapValue" }, "forbiddenaccountids": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "httpproxy": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "ignoretags": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.IgnoreTags" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.IgnoreTags" }, "insecure": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "maxretries": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" }, "profile": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "region": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "retrymode": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "s3useast1regionalendpoint": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "s3usepathstyle": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "secretkey": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "sharedconfigfiles": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "sharedcredentialsfiles": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "skipcredentialsvalidation": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "skipmetadataapicheck": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "skipregionvalidation": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "skiprequestingaccountid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "stsregion": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "token": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "usedualstackendpoint": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "usefipsendpoint": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "version": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.AccessAnalyzer": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.accessanalyzer.AccessAnalyzer": { "type": "object", "properties": { "analyzers": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.Analyzer" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.accessanalyzer.Analyzer" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.Analyzer": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.accessanalyzer.Analyzer": { "type": "object", "properties": { "active": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "arn": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "findings": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.Findings" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.accessanalyzer.Findings" } }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.accessanalyzer.Findings": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.accessanalyzer.Findings": { "type": "object" }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.APIGateway": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.APIGateway": { "type": "object", "properties": { "v1": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.APIGateway" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v1.APIGateway" }, "v2": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.APIGateway" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v2.APIGateway" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.API": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v1.API": { "type": "object", "properties": { "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "resources": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.Resource" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v1.Resource" } }, "stages": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.Stage" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v1.Stage" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.APIGateway": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v1.APIGateway": { "type": "object", "properties": { "apis": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.API" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v1.API" } }, "domainnames": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.DomainName" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v1.DomainName" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.AccessLogging": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v1.AccessLogging": { "type": "object", "properties": { "cloudwatchloggrouparn": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.DomainName": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v1.DomainName": { "type": "object", "properties": { "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "securitypolicy": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.Method": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v1.Method": { "type": "object", "properties": { "apikeyrequired": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "authorizationtype": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "httpmethod": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.RESTMethodSettings": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v1.RESTMethodSettings": { "type": "object", "properties": { "cachedataencrypted": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "cacheenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "method": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.Resource": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v1.Resource": { "type": "object", "properties": { "methods": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.Method" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v1.Method" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.Stage": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v1.Stage": { "type": "object", "properties": { "accesslogging": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.AccessLogging" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v1.AccessLogging" }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "restmethodsettings": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v1.RESTMethodSettings" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v1.RESTMethodSettings" } }, "xraytracingenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.API": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v2.API": { "type": "object", "properties": { "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "protocoltype": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "stages": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.Stage" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v2.Stage" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.APIGateway": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v2.APIGateway": { "type": "object", "properties": { "apis": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.API" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v2.API" } }, "domainnames": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.DomainName" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v2.DomainName" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.AccessLogging": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v2.AccessLogging": { "type": "object", "properties": { "cloudwatchloggrouparn": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.DomainName": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v2.DomainName": { "type": "object", "properties": { "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "securitypolicy": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.Stage": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v2.Stage": { "type": "object", "properties": { "accesslogging": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.apigateway.v2.AccessLogging" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.apigateway.v2.AccessLogging" }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.athena.Athena": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.athena.Athena": { "type": "object", "properties": { "databases": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.athena.Database" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.athena.Database" } }, "workgroups": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.athena.Workgroup" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.athena.Workgroup" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.athena.Database": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.athena.Database": { "type": "object", "properties": { "encryption": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.athena.EncryptionConfiguration" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.athena.EncryptionConfiguration" }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.athena.EncryptionConfiguration": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.athena.EncryptionConfiguration": { "type": "object", "properties": { "type": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.athena.Workgroup": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.athena.Workgroup": { "type": "object", "properties": { "encryption": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.athena.EncryptionConfiguration" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.athena.EncryptionConfiguration" }, "enforceconfiguration": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.CacheBehaviour": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudfront.CacheBehaviour": { "type": "object", "properties": { "viewerprotocolpolicy": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.Cloudfront": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudfront.Cloudfront": { "type": "object", "properties": { "distributions": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.Distribution" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudfront.Distribution" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.Distribution": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudfront.Distribution": { "type": "object", "properties": { "defaultcachebehaviour": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.CacheBehaviour" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudfront.CacheBehaviour" }, "logging": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.Logging" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudfront.Logging" }, "orderercachebehaviours": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.CacheBehaviour" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudfront.CacheBehaviour" } }, "viewercertificate": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.ViewerCertificate" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudfront.ViewerCertificate" }, "wafid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.Logging": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudfront.Logging": { "type": "object", "properties": { "bucket": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudfront.ViewerCertificate": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudfront.ViewerCertificate": { "type": "object", "properties": { "cloudfrontdefaultcertificate": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "minimumprotocolversion": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "sslsupportmethod": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.CloudTrail": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudtrail.CloudTrail": { "type": "object", "properties": { "trails": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.Trail" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudtrail.Trail" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.DataResource": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudtrail.DataResource": { "type": "object", "properties": { "type": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "values": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.EventSelector": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudtrail.EventSelector": { "type": "object", "properties": { "dataresources": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.DataResource" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudtrail.DataResource" } }, "readwritetype": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.Trail": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudtrail.Trail": { "type": "object", "properties": { "bucketname": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "cloudwatchlogsloggrouparn": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "enablelogfilevalidation": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "eventselectors": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudtrail.EventSelector" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudtrail.EventSelector" } }, "islogging": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "ismultiregion": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "kmskeyid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.Alarm": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudwatch.Alarm": { "type": "object", "properties": { "alarmname": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "dimensions": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.AlarmDimension" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudwatch.AlarmDimension" } }, "metricname": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "metrics": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.MetricDataQuery" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudwatch.MetricDataQuery" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.AlarmDimension": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudwatch.AlarmDimension": { "type": "object", "properties": { "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "value": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.CloudWatch": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudwatch.CloudWatch": { "type": "object", "properties": { "alarms": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.Alarm" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudwatch.Alarm" } }, "loggroups": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.LogGroup" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudwatch.LogGroup" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.LogGroup": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudwatch.LogGroup": { "type": "object", "properties": { "arn": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "kmskeyid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "metricfilters": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.MetricFilter" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudwatch.MetricFilter" } }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "retentionindays": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.MetricDataQuery": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudwatch.MetricDataQuery": { "type": "object", "properties": { "expression": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "id": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.cloudwatch.MetricFilter": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.cloudwatch.MetricFilter": { "type": "object", "properties": { "filtername": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "filterpattern": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.ArtifactSettings": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.codebuild.ArtifactSettings": { "type": "object", "properties": { "encryptionenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.CodeBuild": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.codebuild.CodeBuild": { "type": "object", "properties": { "projects": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.Project" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.codebuild.Project" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.Project": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.codebuild.Project": { "type": "object", "properties": { "artifactsettings": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.ArtifactSettings" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.codebuild.ArtifactSettings" }, "secondaryartifactsettings": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.codebuild.ArtifactSettings" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.codebuild.ArtifactSettings" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.config.Config": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.config.Config": { "type": "object", "properties": { "configurationaggregrator": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.config.ConfigurationAggregrator" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.config.ConfigurationAggregrator" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.config.ConfigurationAggregrator": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.config.ConfigurationAggregrator": { "type": "object", "properties": { "sourceallregions": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.documentdb.Cluster": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.documentdb.Cluster": { "type": "object", "properties": { "backupretentionperiod": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" }, "enabledlogexports": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "identifier": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "instances": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.documentdb.Instance" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.documentdb.Instance" } }, "kmskeyid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "storageencrypted": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.documentdb.DocumentDB": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.documentdb.DocumentDB": { "type": "object", "properties": { "clusters": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.documentdb.Cluster" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.documentdb.Cluster" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.documentdb.Instance": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.documentdb.Instance": { "type": "object", "properties": { "kmskeyid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.DAXCluster": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.dynamodb.DAXCluster": { "type": "object", "properties": { "pointintimerecovery": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "serversideencryption": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.ServerSideEncryption" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.dynamodb.ServerSideEncryption" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.DynamoDB": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.dynamodb.DynamoDB": { "type": "object", "properties": { "daxclusters": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.DAXCluster" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.dynamodb.DAXCluster" } }, "tables": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.Table" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.dynamodb.Table" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.ServerSideEncryption": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.dynamodb.ServerSideEncryption": { "type": "object", "properties": { "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "kmskeyid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.Table": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.dynamodb.Table": { "type": "object", "properties": { "pointintimerecovery": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "serversideencryption": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.dynamodb.ServerSideEncryption" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.dynamodb.ServerSideEncryption" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.BlockDevice": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.BlockDevice": { "type": "object", "properties": { "encrypted": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.EC2": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.EC2": { "type": "object", "properties": { "instances": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Instance" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.Instance" } }, "launchconfigurations": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.LaunchConfiguration" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.LaunchConfiguration" } }, "launchtemplates": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.LaunchTemplate" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.LaunchTemplate" } }, "networkacls": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.NetworkACL" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.NetworkACL" } }, "securitygroups": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroup" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.SecurityGroup" } }, "subnets": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Subnet" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.Subnet" } }, "volumes": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Volume" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.Volume" } }, "vpcs": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.VPC" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.VPC" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Encryption": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.Encryption": { "type": "object", "properties": { "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "kmskeyid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Instance": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.Instance": { "type": "object", "properties": { "ebsblockdevices": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.BlockDevice" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.BlockDevice" } }, "metadataoptions": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.MetadataOptions" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.MetadataOptions" }, "rootblockdevice": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.BlockDevice" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.BlockDevice" }, "securitygroups": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroup" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.SecurityGroup" } }, "userdata": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.LaunchConfiguration": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.LaunchConfiguration": { "type": "object", "properties": { "associatepublicip": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "ebsblockdevices": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.BlockDevice" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.BlockDevice" } }, "metadataoptions": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.MetadataOptions" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.MetadataOptions" }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "rootblockdevice": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.BlockDevice" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.BlockDevice" }, "userdata": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.LaunchTemplate": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.LaunchTemplate": { "type": "object", "properties": { "instance": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Instance" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.Instance" }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.MetadataOptions": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.MetadataOptions": { "type": "object", "properties": { "httpendpoint": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "httptokens": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.NetworkACL": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.NetworkACL": { "type": "object", "properties": { "isdefaultrule": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "rules": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.NetworkACLRule" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.NetworkACLRule" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.NetworkACLRule": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.NetworkACLRule": { "type": "object", "properties": { "action": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "cidrs": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "protocol": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "type": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroup": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.SecurityGroup": { "type": "object", "properties": { "description": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "egressrules": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroupRule" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.SecurityGroupRule" } }, "ingressrules": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroupRule" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.SecurityGroupRule" } }, "isdefault": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "vpcid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroupRule": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.SecurityGroupRule": { "type": "object", "properties": { "cidrs": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "description": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Subnet": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.Subnet": { "type": "object", "properties": { "mappubliciponlaunch": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.VPC": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.VPC": { "type": "object", "properties": { "flowlogsenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "id": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "isdefault": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "securitygroups": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.SecurityGroup" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.SecurityGroup" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Volume": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.Volume": { "type": "object", "properties": { "encryption": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ec2.Encryption" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ec2.Encryption" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecr.ECR": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecr.ECR": { "type": "object", "properties": { "repositories": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecr.Repository" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecr.Repository" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecr.Encryption": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecr.Encryption": { "type": "object", "properties": { "kmskeyid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "type": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecr.ImageScanning": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecr.ImageScanning": { "type": "object", "properties": { "scanonpush": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecr.Repository": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecr.Repository": { "type": "object", "properties": { "encryption": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecr.Encryption" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecr.Encryption" }, "imagescanning": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecr.ImageScanning" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecr.ImageScanning" }, "imagetagsimmutable": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "policies": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.Policy" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.Cluster": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecs.Cluster": { "type": "object", "properties": { "settings": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.ClusterSettings" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecs.ClusterSettings" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.ClusterSettings": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecs.ClusterSettings": { "type": "object", "properties": { "containerinsightsenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.ContainerDefinition": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecs.ContainerDefinition": { "type": "object", "properties": { "cpu": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" }, "environment": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.EnvVar" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecs.EnvVar" } }, "essential": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "image": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "memory": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "portmappings": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.PortMapping" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecs.PortMapping" } }, "privileged": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.ECS": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecs.ECS": { "type": "object", "properties": { "clusters": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.Cluster" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecs.Cluster" } }, "taskdefinitions": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.TaskDefinition" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecs.TaskDefinition" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.EFSVolumeConfiguration": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecs.EFSVolumeConfiguration": { "type": "object", "properties": { "transitencryptionenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.EnvVar": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecs.EnvVar": { "type": "object", "properties": { "name": { @@ -1674,474 +1674,474 @@ } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.PortMapping": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecs.PortMapping": { "type": "object", "properties": { "containerport": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" }, "hostport": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.TaskDefinition": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecs.TaskDefinition": { "type": "object", "properties": { "containerdefinitions": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.ContainerDefinition" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecs.ContainerDefinition" } }, "volumes": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.Volume" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecs.Volume" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ecs.Volume": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecs.Volume": { "type": "object", "properties": { "efsvolumeconfiguration": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ecs.EFSVolumeConfiguration" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ecs.EFSVolumeConfiguration" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.efs.EFS": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.efs.EFS": { "type": "object", "properties": { "filesystems": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.efs.FileSystem" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.efs.FileSystem" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.efs.FileSystem": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.efs.FileSystem": { "type": "object", "properties": { "encrypted": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.eks.Cluster": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.eks.Cluster": { "type": "object", "properties": { "encryption": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.eks.Encryption" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.eks.Encryption" }, "logging": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.eks.Logging" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.eks.Logging" }, "publicaccesscidrs": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "publicaccessenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.eks.EKS": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.eks.EKS": { "type": "object", "properties": { "clusters": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.eks.Cluster" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.eks.Cluster" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.eks.Encryption": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.eks.Encryption": { "type": "object", "properties": { "kmskeyid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "secrets": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.eks.Logging": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.eks.Logging": { "type": "object", "properties": { "api": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "audit": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "authenticator": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "controllermanager": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "scheduler": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.Cluster": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.elasticache.Cluster": { "type": "object", "properties": { "engine": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "nodetype": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "snapshotretentionlimit": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.ElastiCache": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.elasticache.ElastiCache": { "type": "object", "properties": { "clusters": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.Cluster" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.elasticache.Cluster" } }, "replicationgroups": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.ReplicationGroup" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.elasticache.ReplicationGroup" } }, "securitygroups": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.SecurityGroup" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.elasticache.SecurityGroup" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.ReplicationGroup": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.elasticache.ReplicationGroup": { "type": "object", "properties": { "atrestencryptionenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "transitencryptionenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticache.SecurityGroup": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.elasticache.SecurityGroup": { "type": "object", "properties": { "description": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.AtRestEncryption": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.elasticsearch.AtRestEncryption": { "type": "object", "properties": { "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "kmskeyid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.Domain": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.elasticsearch.Domain": { "type": "object", "properties": { "accesspolicies": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "atrestencryption": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.AtRestEncryption" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.elasticsearch.AtRestEncryption" }, "dedicatedmasterenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "domainname": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "endpoint": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.Endpoint" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.elasticsearch.Endpoint" }, "logpublishing": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.LogPublishing" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.elasticsearch.LogPublishing" }, "servicesoftwareoptions": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.ServiceSoftwareOptions" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.elasticsearch.ServiceSoftwareOptions" }, "transitencryption": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.TransitEncryption" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.elasticsearch.TransitEncryption" }, "vpcid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.Elasticsearch": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.elasticsearch.Elasticsearch": { "type": "object", "properties": { "domains": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.Domain" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.elasticsearch.Domain" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.Endpoint": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.elasticsearch.Endpoint": { "type": "object", "properties": { "enforcehttps": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "tlspolicy": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.LogPublishing": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.elasticsearch.LogPublishing": { "type": "object", "properties": { "auditenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "cloudwatchloggrouparn": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.ServiceSoftwareOptions": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.elasticsearch.ServiceSoftwareOptions": { "type": "object", "properties": { "currentversion": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "newversion": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "updateavailable": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "updatestatus": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elasticsearch.TransitEncryption": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.elasticsearch.TransitEncryption": { "type": "object", "properties": { "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elb.Action": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.elb.Action": { "type": "object", "properties": { "type": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elb.ELB": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.elb.ELB": { "type": "object", "properties": { "loadbalancers": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elb.LoadBalancer" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.elb.LoadBalancer" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elb.Listener": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.elb.Listener": { "type": "object", "properties": { "defaultactions": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elb.Action" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.elb.Action" } }, "protocol": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "tlspolicy": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.elb.LoadBalancer": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.elb.LoadBalancer": { "type": "object", "properties": { "dropinvalidheaderfields": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "internal": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "listeners": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.elb.Listener" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.elb.Listener" } }, "type": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.emr.Cluster": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.emr.Cluster": { "type": "object", "properties": { "settings": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.emr.ClusterSettings" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.emr.ClusterSettings" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.emr.ClusterSettings": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.emr.ClusterSettings": { "type": "object", "properties": { "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "releaselabel": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "servicerole": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.emr.EMR": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.emr.EMR": { "type": "object", "properties": { "clusters": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.emr.Cluster" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.emr.Cluster" } }, "securityconfiguration": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.emr.SecurityConfiguration" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.emr.SecurityConfiguration" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.emr.SecurityConfiguration": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.emr.SecurityConfiguration": { "type": "object", "properties": { "configuration": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.AccessKey": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.AccessKey": { "type": "object", "properties": { "accesskeyid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "active": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "creationdate": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.TimeValue" }, "lastaccess": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.TimeValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.Document": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.Document": { "type": "object", "properties": { "endline": { @@ -2173,2241 +2173,2241 @@ } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.Group": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.Group": { "type": "object", "properties": { "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "policies": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.Policy" } }, "users": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.User" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.User" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.IAM": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.IAM": { "type": "object", "properties": { "groups": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Group" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.Group" } }, "passwordpolicy": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.PasswordPolicy" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.PasswordPolicy" }, "policies": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.Policy" } }, "roles": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Role" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.Role" } }, "servercertificates": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.ServerCertificate" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.ServerCertificate" } }, "users": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.User" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.User" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.MFADevice": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.MFADevice": { "type": "object", "properties": { "isvirtual": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.PasswordPolicy": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.PasswordPolicy": { "type": "object", "properties": { "maxagedays": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" }, "minimumlength": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" }, "requirelowercase": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "requirenumbers": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "requiresymbols": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "requireuppercase": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "reusepreventioncount": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.Policy": { "type": "object", "properties": { "builtin": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "document": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Document" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.Document" }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.Role": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.Role": { "type": "object", "properties": { "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "policies": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.Policy" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.ServerCertificate": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.ServerCertificate": { "type": "object", "properties": { "expiration": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.TimeValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.iam.User": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.User": { "type": "object", "properties": { "accesskeys": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.AccessKey" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.AccessKey" } }, "groups": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Group" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.Group" } }, "lastaccess": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.TimeValue" }, "mfadevices": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.MFADevice" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.MFADevice" } }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "policies": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.Policy" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.kinesis.Encryption": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.kinesis.Encryption": { "type": "object", "properties": { "kmskeyid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "type": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.kinesis.Kinesis": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.kinesis.Kinesis": { "type": "object", "properties": { "streams": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.kinesis.Stream" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.kinesis.Stream" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.kinesis.Stream": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.kinesis.Stream": { "type": "object", "properties": { "encryption": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.kinesis.Encryption" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.kinesis.Encryption" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.kms.KMS": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.kms.KMS": { "type": "object", "properties": { "keys": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.kms.Key" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.kms.Key" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.kms.Key": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.kms.Key": { "type": "object", "properties": { "rotationenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "usage": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Function": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.lambda.Function": { "type": "object", "properties": { "permissions": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Permission" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.lambda.Permission" } }, "tracing": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Tracing" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.lambda.Tracing" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Lambda": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.lambda.Lambda": { "type": "object", "properties": { "functions": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Function" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.lambda.Function" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Permission": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.lambda.Permission": { "type": "object", "properties": { "principal": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "sourcearn": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.lambda.Tracing": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.lambda.Tracing": { "type": "object", "properties": { "mode": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.mq.Broker": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.mq.Broker": { "type": "object", "properties": { "logging": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.mq.Logging" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.mq.Logging" }, "publicaccess": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.mq.Logging": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.mq.Logging": { "type": "object", "properties": { "audit": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "general": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.mq.MQ": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.mq.MQ": { "type": "object", "properties": { "brokers": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.mq.Broker" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.mq.Broker" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.BrokerLogging": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.msk.BrokerLogging": { "type": "object", "properties": { "cloudwatch": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.CloudwatchLogging" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.msk.CloudwatchLogging" }, "firehose": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.FirehoseLogging" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.msk.FirehoseLogging" }, "s3": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.S3Logging" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.msk.S3Logging" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.CloudwatchLogging": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.msk.CloudwatchLogging": { "type": "object", "properties": { "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.Cluster": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.msk.Cluster": { "type": "object", "properties": { "encryptionatrest": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.EncryptionAtRest" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.msk.EncryptionAtRest" }, "encryptionintransit": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.EncryptionInTransit" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.msk.EncryptionInTransit" }, "logging": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.Logging" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.msk.Logging" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.EncryptionAtRest": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.msk.EncryptionAtRest": { "type": "object", "properties": { "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "kmskeyarn": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.EncryptionInTransit": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.msk.EncryptionInTransit": { "type": "object", "properties": { "clientbroker": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.FirehoseLogging": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.msk.FirehoseLogging": { "type": "object", "properties": { "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.Logging": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.msk.Logging": { "type": "object", "properties": { "broker": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.BrokerLogging" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.msk.BrokerLogging" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.MSK": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.msk.MSK": { "type": "object", "properties": { "clusters": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.msk.Cluster" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.msk.Cluster" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.msk.S3Logging": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.msk.S3Logging": { "type": "object", "properties": { "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.neptune.Cluster": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.neptune.Cluster": { "type": "object", "properties": { "kmskeyid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "logging": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.neptune.Logging" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.neptune.Logging" }, "storageencrypted": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.neptune.Logging": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.neptune.Logging": { "type": "object", "properties": { "audit": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.neptune.Neptune": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.neptune.Neptune": { "type": "object", "properties": { "clusters": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.neptune.Cluster" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.neptune.Cluster" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.Classic": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.Classic": { "type": "object", "properties": { "dbsecuritygroups": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.DBSecurityGroup" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.DBSecurityGroup" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.Cluster": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.Cluster": { "type": "object", "properties": { "availabilityzones": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "backupretentionperioddays": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" }, "deletionprotection": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "encryption": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Encryption" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.Encryption" }, "engine": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "instances": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.ClusterInstance" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.ClusterInstance" } }, "latestrestorabletime": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.TimeValue" }, "performanceinsights": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.PerformanceInsights" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.PerformanceInsights" }, "publicaccess": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "replicationsourcearn": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "skipfinalsnapshot": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.ClusterInstance": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.ClusterInstance": { "type": "object", "properties": { "clusteridentifier": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "instance": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Instance" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.Instance" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.DBParameterGroupsList": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.DBParameterGroupsList": { "type": "object", "properties": { "dbparametergroupname": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "kmskeyid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.DBSecurityGroup": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.DBSecurityGroup": { "type": "object" }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.DBSnapshotAttributes": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.DBSnapshotAttributes": { "type": "object", "properties": { "attributevalues": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.Encryption": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.Encryption": { "type": "object", "properties": { "encryptstorage": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "kmskeyid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.Instance": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.Instance": { "type": "object", "properties": { "autominorversionupgrade": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "backupretentionperioddays": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" }, "dbinstancearn": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "dbinstanceidentifier": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "dbparametergroups": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.DBParameterGroupsList" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.DBParameterGroupsList" } }, "deletionprotection": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "enabledcloudwatchlogsexports": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "encryption": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Encryption" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.Encryption" }, "engine": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "engineversion": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "iamauthenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "latestrestorabletime": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.TimeValue" }, "multiaz": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "performanceinsights": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.PerformanceInsights" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.PerformanceInsights" }, "publicaccess": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "publiclyaccessible": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "readreplicadbinstanceidentifiers": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "replicationsourcearn": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "storageencrypted": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "taglist": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.TagList" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.TagList" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.ParameterGroups": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.ParameterGroups": { "type": "object", "properties": { "dbparametergroupfamily": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "dbparametergroupname": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "parameters": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Parameters" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.Parameters" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.Parameters": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.Parameters": { "type": "object", "properties": { "parametername": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "parametervalue": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.PerformanceInsights": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.PerformanceInsights": { "type": "object", "properties": { "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "kmskeyid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.RDS": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.RDS": { "type": "object", "properties": { "classic": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Classic" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.Classic" }, "clusters": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Cluster" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.Cluster" } }, "instances": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Instance" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.Instance" } }, "parametergroups": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.ParameterGroups" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.ParameterGroups" } }, "snapshots": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.Snapshots" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.Snapshots" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.Snapshots": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.Snapshots": { "type": "object", "properties": { "dbsnapshotarn": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "dbsnapshotidentifier": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "encrypted": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "kmskeyid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "snapshotattributes": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.rds.DBSnapshotAttributes" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.DBSnapshotAttributes" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.rds.TagList": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.rds.TagList": { "type": "object" }, - "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.Cluster": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.redshift.Cluster": { "type": "object", "properties": { "allowversionupgrade": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "automatedsnapshotretentionperiod": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" }, "clusteridentifier": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "encryption": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.Encryption" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.redshift.Encryption" }, "endpoint": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.EndPoint" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.redshift.EndPoint" }, "loggingenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "masterusername": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "nodetype": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "numberofnodes": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" }, "publiclyaccessible": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "subnetgroupname": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "vpcid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.ClusterParameter": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.redshift.ClusterParameter": { "type": "object", "properties": { "parametername": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "parametervalue": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.Encryption": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.redshift.Encryption": { "type": "object", "properties": { "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "kmskeyid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.EndPoint": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.redshift.EndPoint": { "type": "object", "properties": { "port": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.Redshift": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.redshift.Redshift": { "type": "object", "properties": { "clusterparameters": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.ClusterParameter" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.redshift.ClusterParameter" } }, "clusters": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.Cluster" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.redshift.Cluster" } }, "reservednodes": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.ReservedNode" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.redshift.ReservedNode" } }, "securitygroups": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.redshift.SecurityGroup" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.redshift.SecurityGroup" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.ReservedNode": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.redshift.ReservedNode": { "type": "object", "properties": { "nodetype": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.redshift.SecurityGroup": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.redshift.SecurityGroup": { "type": "object", "properties": { "description": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Bucket": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.s3.Bucket": { "type": "object", "properties": { "accelerateconfigurationstatus": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "acl": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "bucketlocation": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "bucketpolicies": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.Policy" } }, "encryption": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Encryption" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.s3.Encryption" }, "lifecycleconfiguration": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Rules" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.s3.Rules" } }, "logging": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Logging" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.s3.Logging" }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "objects": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Contents" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.s3.Contents" } }, "publicaccessblock": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.PublicAccessBlock" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.s3.PublicAccessBlock" }, "versioning": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Versioning" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.s3.Versioning" }, "website": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Website" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.s3.Website" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Contents": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.s3.Contents": { "type": "object" }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Encryption": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.s3.Encryption": { "type": "object", "properties": { "algorithm": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "kmskeyid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Logging": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.s3.Logging": { "type": "object", "properties": { "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "targetbucket": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.PublicAccessBlock": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.s3.PublicAccessBlock": { "type": "object", "properties": { "blockpublicacls": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "blockpublicpolicy": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "ignorepublicacls": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "restrictpublicbuckets": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Rules": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.s3.Rules": { "type": "object", "properties": { "status": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.S3": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.s3.S3": { "type": "object", "properties": { "buckets": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.s3.Bucket" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.s3.Bucket" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Versioning": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.s3.Versioning": { "type": "object", "properties": { "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "mfadelete": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.s3.Website": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.s3.Website": { "type": "object" }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.API": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.API": { "type": "object", "properties": { "accesslogging": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.AccessLogging" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.AccessLogging" }, "domainconfiguration": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.DomainConfiguration" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.DomainConfiguration" }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "restmethodsettings": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.RESTMethodSettings" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.RESTMethodSettings" }, "tracingenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.AccessLogging": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.AccessLogging": { "type": "object", "properties": { "cloudwatchloggrouparn": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.Application": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.Application": { "type": "object", "properties": { "location": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.Location" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.Location" }, "locationpath": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.DomainConfiguration": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.DomainConfiguration": { "type": "object", "properties": { "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "securitypolicy": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.Function": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.Function": { "type": "object", "properties": { "functionname": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "managedpolicies": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "policies": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.Policy" } }, "tracing": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.HttpAPI": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.HttpAPI": { "type": "object", "properties": { "accesslogging": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.AccessLogging" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.AccessLogging" }, "defaultroutesettings": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.RouteSettings" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.RouteSettings" }, "domainconfiguration": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.DomainConfiguration" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.DomainConfiguration" }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.Location": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.Location": { "type": "object", "properties": { "applicationid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "semanticversion": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.LoggingConfiguration": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.LoggingConfiguration": { "type": "object", "properties": { "loggingenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.RESTMethodSettings": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.RESTMethodSettings": { "type": "object", "properties": { "cachedataencrypted": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "datatraceenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "loggingenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "metricsenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.RouteSettings": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.RouteSettings": { "type": "object", "properties": { "datatraceenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "detailedmetricsenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "loggingenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.SAM": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.SAM": { "type": "object", "properties": { "apis": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.API" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.API" } }, "applications": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.Application" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.Application" } }, "functions": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.Function" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.Function" } }, "httpapis": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.HttpAPI" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.HttpAPI" } }, "simpletables": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.SimpleTable" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.SimpleTable" } }, "statemachines": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.StateMachine" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.StateMachine" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.SSESpecification": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.SSESpecification": { "type": "object", "properties": { "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "kmsmasterkeyid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.SimpleTable": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.SimpleTable": { "type": "object", "properties": { "ssespecification": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.SSESpecification" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.SSESpecification" }, "tablename": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.StateMachine": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.StateMachine": { "type": "object", "properties": { "loggingconfiguration": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.LoggingConfiguration" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.LoggingConfiguration" }, "managedpolicies": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "policies": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.Policy" } }, "tracing": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sam.TracingConfiguration" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.TracingConfiguration" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sam.TracingConfiguration": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.sam.TracingConfiguration": { "type": "object", "properties": { "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sns.Encryption": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.sns.Encryption": { "type": "object", "properties": { "kmskeyid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sns.SNS": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.sns.SNS": { "type": "object", "properties": { "topics": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sns.Topic" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.sns.Topic" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sns.Topic": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.sns.Topic": { "type": "object", "properties": { "arn": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "encryption": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sns.Encryption" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.sns.Encryption" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sqs.Encryption": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.sqs.Encryption": { "type": "object", "properties": { "kmskeyid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "managedencryption": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sqs.Queue": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.sqs.Queue": { "type": "object", "properties": { "encryption": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sqs.Encryption" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.sqs.Encryption" }, "policies": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.iam.Policy" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.iam.Policy" } }, "queueurl": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.sqs.SQS": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.sqs.SQS": { "type": "object", "properties": { "queues": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.sqs.Queue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.sqs.Queue" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ssm.SSM": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ssm.SSM": { "type": "object", "properties": { "secrets": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.ssm.Secret" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.ssm.Secret" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.ssm.Secret": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.ssm.Secret": { "type": "object", "properties": { "kmskeyid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.Encryption": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.workspaces.Encryption": { "type": "object", "properties": { "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.Volume": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.workspaces.Volume": { "type": "object", "properties": { "encryption": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.Encryption" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.workspaces.Encryption" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.WorkSpace": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.workspaces.WorkSpace": { "type": "object", "properties": { "rootvolume": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.Volume" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.workspaces.Volume" }, "uservolume": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.Volume" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.workspaces.Volume" } } }, - "github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.WorkSpaces": { + "github.com.aquasecurity.trivy.pkg.iac.providers.aws.workspaces.WorkSpaces": { "type": "object", "properties": { "workspaces": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.aws.workspaces.WorkSpace" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.aws.workspaces.WorkSpace" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.Azure": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.Azure": { "type": "object", "properties": { "appservice": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.appservice.AppService" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.AppService" }, "authorization": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.authorization.Authorization" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.authorization.Authorization" }, "compute": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.Compute" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.compute.Compute" }, "container": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.container.Container" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.container.Container" }, "database": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.Database" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.database.Database" }, "datafactory": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.datafactory.DataFactory" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.datafactory.DataFactory" }, "datalake": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.datalake.DataLake" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.datalake.DataLake" }, "keyvault": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.KeyVault" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.keyvault.KeyVault" }, "monitor": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.monitor.Monitor" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.monitor.Monitor" }, "network": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.Network" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.network.Network" }, "securitycenter": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.securitycenter.SecurityCenter" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.securitycenter.SecurityCenter" }, "storage": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.storage.Storage" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.storage.Storage" }, "synapse": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.synapse.Synapse" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.synapse.Synapse" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.appservice.AppService": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.AppService": { "type": "object", "properties": { "functionapps": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.appservice.FunctionApp" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.FunctionApp" } }, "services": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.Service" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.appservice.FunctionApp": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.FunctionApp": { "type": "object", "properties": { "httpsonly": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.Service": { "type": "object", "properties": { "authentication": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service.Authentication" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.Service.Authentication" }, "enableclientcert": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "identity": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service.Identity" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.Service.Identity" }, "site": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service.Site" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.Service.Site" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service.Authentication": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.Service.Authentication": { "type": "object", "properties": { "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service.Identity": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.Service.Identity": { "type": "object", "properties": { "type": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.appservice.Service.Site": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.appservice.Service.Site": { "type": "object", "properties": { "enablehttp2": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "minimumtlsversion": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.authorization.Authorization": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.authorization.Authorization": { "type": "object", "properties": { "roledefinitions": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.authorization.RoleDefinition" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.authorization.RoleDefinition" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.authorization.Permission": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.authorization.Permission": { "type": "object", "properties": { "actions": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.authorization.RoleDefinition": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.authorization.RoleDefinition": { "type": "object", "properties": { "assignablescopes": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "permissions": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.authorization.Permission" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.authorization.Permission" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.compute.Compute": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.compute.Compute": { "type": "object", "properties": { "linuxvirtualmachines": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.LinuxVirtualMachine" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.compute.LinuxVirtualMachine" } }, "manageddisks": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.ManagedDisk" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.compute.ManagedDisk" } }, "windowsvirtualmachines": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.WindowsVirtualMachine" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.compute.WindowsVirtualMachine" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.compute.Encryption": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.compute.Encryption": { "type": "object", "properties": { "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.compute.LinuxVirtualMachine": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.compute.LinuxVirtualMachine": { "type": "object", "properties": { "osprofilelinuxconfig": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.OSProfileLinuxConfig" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.compute.OSProfileLinuxConfig" }, "virtualmachine": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.VirtualMachine" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.compute.VirtualMachine" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.compute.ManagedDisk": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.compute.ManagedDisk": { "type": "object", "properties": { "encryption": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.Encryption" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.compute.Encryption" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.compute.OSProfileLinuxConfig": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.compute.OSProfileLinuxConfig": { "type": "object", "properties": { "disablepasswordauthentication": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.compute.VirtualMachine": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.compute.VirtualMachine": { "type": "object", "properties": { "customdata": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.compute.WindowsVirtualMachine": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.compute.WindowsVirtualMachine": { "type": "object", "properties": { "virtualmachine": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.compute.VirtualMachine" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.compute.VirtualMachine" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.container.AddonProfile": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.container.AddonProfile": { "type": "object", "properties": { "omsagent": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.container.OMSAgent" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.container.OMSAgent" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.container.Container": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.container.Container": { "type": "object", "properties": { "kubernetesclusters": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.container.KubernetesCluster" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.container.KubernetesCluster" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.container.KubernetesCluster": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.container.KubernetesCluster": { "type": "object", "properties": { "addonprofile": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.container.AddonProfile" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.container.AddonProfile" }, "apiserverauthorizedipranges": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "enableprivatecluster": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "networkprofile": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.container.NetworkProfile" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.container.NetworkProfile" }, "rolebasedaccesscontrol": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.container.RoleBasedAccessControl" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.container.RoleBasedAccessControl" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.container.NetworkProfile": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.container.NetworkProfile": { "type": "object", "properties": { "networkpolicy": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.container.OMSAgent": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.container.OMSAgent": { "type": "object", "properties": { "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.container.RoleBasedAccessControl": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.container.RoleBasedAccessControl": { "type": "object", "properties": { "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.Database": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.database.Database": { "type": "object", "properties": { "mariadbservers": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.MariaDBServer" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.database.MariaDBServer" } }, "mssqlservers": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.MSSQLServer" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.database.MSSQLServer" } }, "mysqlservers": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.MySQLServer" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.database.MySQLServer" } }, "postgresqlservers": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.PostgreSQLServer" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.database.PostgreSQLServer" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.ExtendedAuditingPolicy": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.database.ExtendedAuditingPolicy": { "type": "object", "properties": { "retentionindays": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.FirewallRule": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.database.FirewallRule": { "type": "object", "properties": { "endip": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "startip": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.MSSQLServer": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.database.MSSQLServer": { "type": "object", "properties": { "extendedauditingpolicies": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.ExtendedAuditingPolicy" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.database.ExtendedAuditingPolicy" } }, "securityalertpolicies": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.SecurityAlertPolicy" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.database.SecurityAlertPolicy" } }, "server": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.Server" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.database.Server" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.MariaDBServer": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.database.MariaDBServer": { "type": "object", "properties": { "server": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.Server" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.database.Server" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.MySQLServer": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.database.MySQLServer": { "type": "object", "properties": { "server": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.Server" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.database.Server" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.PostgreSQLServer": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.database.PostgreSQLServer": { "type": "object", "properties": { "config": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.PostgresSQLConfig" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.database.PostgresSQLConfig" }, "server": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.Server" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.database.Server" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.PostgresSQLConfig": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.database.PostgresSQLConfig": { "type": "object", "properties": { "connectionthrottling": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "logcheckpoints": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "logconnections": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.SecurityAlertPolicy": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.database.SecurityAlertPolicy": { "type": "object", "properties": { "disabledalerts": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "emailaccountadmins": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "emailaddresses": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.database.Server": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.database.Server": { "type": "object", "properties": { "enablepublicnetworkaccess": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "enablesslenforcement": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "firewallrules": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.database.FirewallRule" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.database.FirewallRule" } }, "minimumtlsversion": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.datafactory.DataFactory": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.datafactory.DataFactory": { "type": "object", "properties": { "datafactories": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.datafactory.Factory" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.datafactory.Factory" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.datafactory.Factory": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.datafactory.Factory": { "type": "object", "properties": { "enablepublicnetwork": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.datalake.DataLake": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.datalake.DataLake": { "type": "object", "properties": { "stores": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.datalake.Store" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.datalake.Store" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.datalake.Store": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.datalake.Store": { "type": "object", "properties": { "enableencryption": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.Key": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.keyvault.Key": { "type": "object", "properties": { "expirydate": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.TimeValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.KeyVault": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.keyvault.KeyVault": { "type": "object", "properties": { "vaults": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.Vault" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.keyvault.Vault" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.NetworkACLs": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.keyvault.NetworkACLs": { "type": "object", "properties": { "defaultaction": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.Secret": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.keyvault.Secret": { "type": "object", "properties": { "contenttype": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "expirydate": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.TimeValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.Vault": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.keyvault.Vault": { "type": "object", "properties": { "enablepurgeprotection": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "keys": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.Key" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.keyvault.Key" } }, "networkacls": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.NetworkACLs" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.keyvault.NetworkACLs" }, "secrets": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.keyvault.Secret" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.keyvault.Secret" } }, "softdeleteretentiondays": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.monitor.LogProfile": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.monitor.LogProfile": { "type": "object", "properties": { "categories": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "locations": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "retentionpolicy": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.monitor.RetentionPolicy" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.monitor.RetentionPolicy" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.monitor.Monitor": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.monitor.Monitor": { "type": "object", "properties": { "logprofiles": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.monitor.LogProfile" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.monitor.LogProfile" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.monitor.RetentionPolicy": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.monitor.RetentionPolicy": { "type": "object", "properties": { "days": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" }, "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.network.Network": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.network.Network": { "type": "object", "properties": { "networkwatcherflowlogs": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.NetworkWatcherFlowLog" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.network.NetworkWatcherFlowLog" } }, "securitygroups": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.SecurityGroup" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.network.SecurityGroup" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.network.NetworkWatcherFlowLog": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.network.NetworkWatcherFlowLog": { "type": "object", "properties": { "retentionpolicy": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.RetentionPolicy" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.network.RetentionPolicy" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.network.PortRange": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.network.PortRange": { "type": "object", "properties": { "end": { @@ -4418,2229 +4418,2229 @@ } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.network.RetentionPolicy": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.network.RetentionPolicy": { "type": "object", "properties": { "days": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" }, "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.network.SecurityGroup": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.network.SecurityGroup": { "type": "object", "properties": { "rules": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.SecurityGroupRule" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.network.SecurityGroupRule" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.network.SecurityGroupRule": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.network.SecurityGroupRule": { "type": "object", "properties": { "allow": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "destinationaddresses": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "destinationports": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.PortRange" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.network.PortRange" } }, "outbound": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "protocol": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "sourceaddresses": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "sourceports": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.network.PortRange" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.network.PortRange" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.securitycenter.Contact": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.securitycenter.Contact": { "type": "object", "properties": { "enablealertnotifications": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "phone": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.securitycenter.SecurityCenter": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.securitycenter.SecurityCenter": { "type": "object", "properties": { "contacts": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.securitycenter.Contact" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.securitycenter.Contact" } }, "subscriptions": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.securitycenter.SubscriptionPricing" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.securitycenter.SubscriptionPricing" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.securitycenter.SubscriptionPricing": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.securitycenter.SubscriptionPricing": { "type": "object", "properties": { "tier": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.storage.Account": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.storage.Account": { "type": "object", "properties": { "containers": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.storage.Container" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.storage.Container" } }, "enforcehttps": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "minimumtlsversion": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "networkrules": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.storage.NetworkRule" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.storage.NetworkRule" } }, "queueproperties": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.storage.QueueProperties" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.storage.QueueProperties" }, "queues": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.storage.Queue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.storage.Queue" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.storage.Container": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.storage.Container": { "type": "object", "properties": { "publicaccess": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.storage.NetworkRule": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.storage.NetworkRule": { "type": "object", "properties": { "allowbydefault": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "bypass": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.storage.Queue": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.storage.Queue": { "type": "object", "properties": { "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.storage.QueueProperties": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.storage.QueueProperties": { "type": "object", "properties": { "enablelogging": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.storage.Storage": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.storage.Storage": { "type": "object", "properties": { "accounts": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.storage.Account" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.storage.Account" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.synapse.Synapse": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.synapse.Synapse": { "type": "object", "properties": { "workspaces": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.azure.synapse.Workspace" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.azure.synapse.Workspace" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.azure.synapse.Workspace": { + "github.com.aquasecurity.trivy.pkg.iac.providers.azure.synapse.Workspace": { "type": "object", "properties": { "enablemanagedvirtualnetwork": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.cloudstack.CloudStack": { + "github.com.aquasecurity.trivy.pkg.iac.providers.cloudstack.CloudStack": { "type": "object", "properties": { "compute": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.cloudstack.compute.Compute" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.cloudstack.compute.Compute" } } }, - "github.com.aquasecurity.defsec.pkg.providers.cloudstack.compute.Compute": { + "github.com.aquasecurity.trivy.pkg.iac.providers.cloudstack.compute.Compute": { "type": "object", "properties": { "instances": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.cloudstack.compute.Instance" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.cloudstack.compute.Instance" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.cloudstack.compute.Instance": { + "github.com.aquasecurity.trivy.pkg.iac.providers.cloudstack.compute.Instance": { "type": "object", "properties": { "userdata": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.DigitalOcean": { + "github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.DigitalOcean": { "type": "object", "properties": { "compute": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.Compute" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.compute.Compute" }, "spaces": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Spaces" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.spaces.Spaces" } } }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.Compute": { + "github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.compute.Compute": { "type": "object", "properties": { "droplets": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.Droplet" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.compute.Droplet" } }, "firewalls": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.Firewall" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.compute.Firewall" } }, "kubernetesclusters": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.KubernetesCluster" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.compute.KubernetesCluster" } }, "loadbalancers": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.LoadBalancer" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.compute.LoadBalancer" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.Droplet": { + "github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.compute.Droplet": { "type": "object", "properties": { "sshkeys": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.Firewall": { + "github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.compute.Firewall": { "type": "object", "properties": { "inboundrules": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.InboundFirewallRule" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.compute.InboundFirewallRule" } }, "outboundrules": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.OutboundFirewallRule" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.compute.OutboundFirewallRule" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.ForwardingRule": { + "github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.compute.ForwardingRule": { "type": "object", "properties": { "entryprotocol": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.InboundFirewallRule": { + "github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.compute.InboundFirewallRule": { "type": "object", "properties": { "sourceaddresses": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.KubernetesCluster": { + "github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.compute.KubernetesCluster": { "type": "object", "properties": { "autoupgrade": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "surgeupgrade": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.LoadBalancer": { + "github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.compute.LoadBalancer": { "type": "object", "properties": { "forwardingrules": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.ForwardingRule" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.compute.ForwardingRule" } }, "redirecthttptohttps": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.compute.OutboundFirewallRule": { + "github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.compute.OutboundFirewallRule": { "type": "object", "properties": { "destinationaddresses": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Bucket": { + "github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.spaces.Bucket": { "type": "object", "properties": { "acl": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "forcedestroy": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "objects": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Object" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.spaces.Object" } }, "versioning": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Versioning" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.spaces.Versioning" } } }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Object": { + "github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.spaces.Object": { "type": "object", "properties": { "acl": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Spaces": { + "github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.spaces.Spaces": { "type": "object", "properties": { "buckets": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Bucket" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.spaces.Bucket" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.digitalocean.spaces.Versioning": { + "github.com.aquasecurity.trivy.pkg.iac.providers.digitalocean.spaces.Versioning": { "type": "object", "properties": { "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.github.BranchProtection": { + "github.com.aquasecurity.trivy.pkg.iac.providers.github.BranchProtection": { "type": "object", "properties": { "requiresignedcommits": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.github.EnvironmentSecret": { + "github.com.aquasecurity.trivy.pkg.iac.providers.github.EnvironmentSecret": { "type": "object", "properties": { "encryptedvalue": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "environment": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "plaintextvalue": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "repository": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "secretname": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.github.GitHub": { + "github.com.aquasecurity.trivy.pkg.iac.providers.github.GitHub": { "type": "object", "properties": { "branchprotections": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.github.BranchProtection" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.github.BranchProtection" } }, "environmentsecrets": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.github.EnvironmentSecret" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.github.EnvironmentSecret" } }, "repositories": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.github.Repository" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.github.Repository" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.github.Repository": { + "github.com.aquasecurity.trivy.pkg.iac.providers.github.Repository": { "type": "object", "properties": { "archived": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "public": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "vulnerabilityalerts": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.Google": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.Google": { "type": "object", "properties": { "bigquery": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.bigquery.BigQuery" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.bigquery.BigQuery" }, "compute": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Compute" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.Compute" }, "dns": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.dns.DNS" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.dns.DNS" }, "gke": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.GKE" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.GKE" }, "iam": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.IAM" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.iam.IAM" }, "kms": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.kms.KMS" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.kms.KMS" }, "sql": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.SQL" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.sql.SQL" }, "storage": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.storage.Storage" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.storage.Storage" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.bigquery.AccessGrant": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.bigquery.AccessGrant": { "type": "object", "properties": { "domain": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "role": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "specialgroup": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.bigquery.BigQuery": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.bigquery.BigQuery": { "type": "object", "properties": { "datasets": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.bigquery.Dataset" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.bigquery.Dataset" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.bigquery.Dataset": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.bigquery.Dataset": { "type": "object", "properties": { "accessgrants": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.bigquery.AccessGrant" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.bigquery.AccessGrant" } }, "id": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.Compute": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.Compute": { "type": "object", "properties": { "disks": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Disk" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.Disk" } }, "instances": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Instance" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.Instance" } }, "networks": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Network" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.Network" } }, "projectmetadata": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.ProjectMetadata" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.ProjectMetadata" }, "sslpolicies": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.SSLPolicy" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.SSLPolicy" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.Disk": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.Disk": { "type": "object", "properties": { "encryption": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.DiskEncryption" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.DiskEncryption" }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.DiskEncryption": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.DiskEncryption": { "type": "object", "properties": { "kmskeylink": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "rawkey": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BytesValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BytesValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.EgressRule": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.EgressRule": { "type": "object", "properties": { "destinationranges": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "firewallrule": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.FirewallRule" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.FirewallRule" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.Firewall": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.Firewall": { "type": "object", "properties": { "egressrules": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.EgressRule" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.EgressRule" } }, "ingressrules": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.IngressRule" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.IngressRule" } }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "sourcetags": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "targettags": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.FirewallRule": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.FirewallRule": { "type": "object", "properties": { "enforced": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "isallow": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "ports": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" } }, "protocol": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.IngressRule": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.IngressRule": { "type": "object", "properties": { "firewallrule": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.FirewallRule" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.FirewallRule" }, "sourceranges": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.Instance": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.Instance": { "type": "object", "properties": { "attacheddisks": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Disk" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.Disk" } }, "bootdisks": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Disk" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.Disk" } }, "canipforward": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "enableprojectsshkeyblocking": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "enableserialport": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "networkinterfaces": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.NetworkInterface" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.NetworkInterface" } }, "osloginenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "serviceaccount": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.ServiceAccount" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.ServiceAccount" }, "shieldedvm": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.ShieldedVMConfig" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.ShieldedVMConfig" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.Network": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.Network": { "type": "object", "properties": { "firewall": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Firewall" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.Firewall" }, "subnetworks": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.SubNetwork" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.SubNetwork" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.NetworkInterface": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.NetworkInterface": { "type": "object", "properties": { "haspublicip": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "natip": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "network": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.Network" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.Network" }, "subnetwork": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.compute.SubNetwork" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.SubNetwork" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.ProjectMetadata": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.ProjectMetadata": { "type": "object", "properties": { "enableoslogin": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.SSLPolicy": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.SSLPolicy": { "type": "object", "properties": { "minimumtlsversion": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "profile": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.ServiceAccount": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.ServiceAccount": { "type": "object", "properties": { "email": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "isdefault": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "scopes": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.ShieldedVMConfig": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.ShieldedVMConfig": { "type": "object", "properties": { "integritymonitoringenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "securebootenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "vtpmenabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.compute.SubNetwork": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.compute.SubNetwork": { "type": "object", "properties": { "enableflowlogs": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "purpose": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.dns.DNS": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.dns.DNS": { "type": "object", "properties": { "managedzones": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.dns.ManagedZone" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.dns.ManagedZone" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.dns.DNSSec": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.dns.DNSSec": { "type": "object", "properties": { "defaultkeyspecs": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.dns.KeySpecs" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.dns.KeySpecs" } }, "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.dns.KeySpecs": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.dns.KeySpecs": { "type": "object", "properties": { "algorithm": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "keytype": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.dns.ManagedZone": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.dns.ManagedZone": { "type": "object", "properties": { "dnssec": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.dns.DNSSec" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.dns.DNSSec" }, "visibility": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.ClientCertificate": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.ClientCertificate": { "type": "object", "properties": { "issuecertificate": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.Cluster": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.Cluster": { "type": "object", "properties": { "datapathprovider": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "enableautpilot": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "enablelegacyabac": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "enableshieldednodes": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "ipallocationpolicy": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.IPAllocationPolicy" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.IPAllocationPolicy" }, "loggingservice": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "masterauth": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.MasterAuth" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.MasterAuth" }, "masterauthorizednetworks": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.MasterAuthorizedNetworks" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.MasterAuthorizedNetworks" }, "monitoringservice": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "networkpolicy": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.NetworkPolicy" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.NetworkPolicy" }, "nodeconfig": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.NodeConfig" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.NodeConfig" }, "nodepools": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.NodePool" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.NodePool" } }, "privatecluster": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.PrivateCluster" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.PrivateCluster" }, "removedefaultnodepool": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "resourcelabels": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.MapValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.MapValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.GKE": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.GKE": { "type": "object", "properties": { "clusters": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.Cluster" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.Cluster" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.IPAllocationPolicy": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.IPAllocationPolicy": { "type": "object", "properties": { "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.Management": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.Management": { "type": "object", "properties": { "enableautorepair": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "enableautoupgrade": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.MasterAuth": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.MasterAuth": { "type": "object", "properties": { "clientcertificate": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.ClientCertificate" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.ClientCertificate" }, "password": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "username": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.MasterAuthorizedNetworks": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.MasterAuthorizedNetworks": { "type": "object", "properties": { "cidrs": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.NetworkPolicy": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.NetworkPolicy": { "type": "object", "properties": { "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.NodeConfig": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.NodeConfig": { "type": "object", "properties": { "enablelegacyendpoints": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "imagetype": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "serviceaccount": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "workloadmetadataconfig": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.WorkloadMetadataConfig" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.WorkloadMetadataConfig" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.NodePool": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.NodePool": { "type": "object", "properties": { "management": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.Management" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.Management" }, "nodeconfig": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.gke.NodeConfig" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.NodeConfig" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.PrivateCluster": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.PrivateCluster": { "type": "object", "properties": { "enableprivatenodes": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.gke.WorkloadMetadataConfig": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.gke.WorkloadMetadataConfig": { "type": "object", "properties": { "nodemetadata": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.iam.Binding": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.iam.Binding": { "type": "object", "properties": { "includesdefaultserviceaccount": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "members": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "role": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.iam.Folder": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.iam.Folder": { "type": "object", "properties": { "bindings": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Binding" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.iam.Binding" } }, "folders": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Folder" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.iam.Folder" } }, "members": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Member" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.iam.Member" } }, "projects": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Project" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.iam.Project" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.iam.IAM": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.iam.IAM": { "type": "object", "properties": { "organizations": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Organization" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.iam.Organization" } }, "workloadidentitypoolproviders": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.WorkloadIdentityPoolProvider" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.iam.WorkloadIdentityPoolProvider" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.iam.Member": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.iam.Member": { "type": "object", "properties": { "defaultserviceaccount": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "member": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "role": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.iam.Organization": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.iam.Organization": { "type": "object", "properties": { "bindings": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Binding" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.iam.Binding" } }, "folders": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Folder" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.iam.Folder" } }, "members": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Member" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.iam.Member" } }, "projects": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Project" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.iam.Project" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.iam.Project": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.iam.Project": { "type": "object", "properties": { "autocreatenetwork": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "bindings": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Binding" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.iam.Binding" } }, "members": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Member" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.iam.Member" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.iam.WorkloadIdentityPoolProvider": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.iam.WorkloadIdentityPoolProvider": { "type": "object", "properties": { "attributecondition": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "workloadidentitypoolid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "workloadidentitypoolproviderid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.kms.KMS": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.kms.KMS": { "type": "object", "properties": { "keyrings": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.kms.KeyRing" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.kms.KeyRing" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.kms.Key": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.kms.Key": { "type": "object", "properties": { "rotationperiodseconds": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.kms.KeyRing": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.kms.KeyRing": { "type": "object", "properties": { "keys": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.kms.Key" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.kms.Key" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.sql.Backups": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.sql.Backups": { "type": "object", "properties": { "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.sql.DatabaseInstance": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.sql.DatabaseInstance": { "type": "object", "properties": { "databaseversion": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "isreplica": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "settings": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.Settings" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.sql.Settings" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.sql.Flags": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.sql.Flags": { "type": "object", "properties": { "containeddatabaseauthentication": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "crossdbownershipchaining": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "localinfile": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "logcheckpoints": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "logconnections": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "logdisconnections": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "loglockwaits": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "logmindurationstatement": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" }, "logminmessages": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "logtempfilesize": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.sql.IPConfiguration": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.sql.IPConfiguration": { "type": "object", "properties": { "authorizednetworks": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.IPConfiguration.AuthorizedNetworks" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.sql.IPConfiguration.AuthorizedNetworks" } }, "enableipv4": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "requiretls": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.sql.IPConfiguration.AuthorizedNetworks": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.sql.IPConfiguration.AuthorizedNetworks": { "type": "object", "properties": { "cidr": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.sql.SQL": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.sql.SQL": { "type": "object", "properties": { "instances": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.DatabaseInstance" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.sql.DatabaseInstance" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.sql.Settings": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.sql.Settings": { "type": "object", "properties": { "backups": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.Backups" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.sql.Backups" }, "flags": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.Flags" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.sql.Flags" }, "ipconfiguration": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.sql.IPConfiguration" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.sql.IPConfiguration" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.storage.Bucket": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.storage.Bucket": { "type": "object", "properties": { "bindings": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Binding" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.iam.Binding" } }, "enableuniformbucketlevelaccess": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "encryption": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.storage.BucketEncryption" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.storage.BucketEncryption" }, "location": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "members": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.iam.Member" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.iam.Member" } }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.storage.BucketEncryption": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.storage.BucketEncryption": { "type": "object", "properties": { "defaultkmskeyname": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.google.storage.Storage": { + "github.com.aquasecurity.trivy.pkg.iac.providers.google.storage.Storage": { "type": "object", "properties": { "buckets": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.google.storage.Bucket" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.google.storage.Bucket" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.kubernetes.Egress": { + "github.com.aquasecurity.trivy.pkg.iac.providers.kubernetes.Egress": { "type": "object", "properties": { "destinationcidrs": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "ports": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.Port" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.kubernetes.Port" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.kubernetes.Ingress": { + "github.com.aquasecurity.trivy.pkg.iac.providers.kubernetes.Ingress": { "type": "object", "properties": { "ports": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.Port" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.kubernetes.Port" } }, "sourcecidrs": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.kubernetes.Kubernetes": { + "github.com.aquasecurity.trivy.pkg.iac.providers.kubernetes.Kubernetes": { "type": "object", "properties": { "networkpolicies": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.NetworkPolicy" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.kubernetes.NetworkPolicy" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.kubernetes.NetworkPolicy": { + "github.com.aquasecurity.trivy.pkg.iac.providers.kubernetes.NetworkPolicy": { "type": "object", "properties": { "spec": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.NetworkPolicySpec" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.kubernetes.NetworkPolicySpec" } } }, - "github.com.aquasecurity.defsec.pkg.providers.kubernetes.NetworkPolicySpec": { + "github.com.aquasecurity.trivy.pkg.iac.providers.kubernetes.NetworkPolicySpec": { "type": "object", "properties": { "egress": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.Egress" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.kubernetes.Egress" }, "ingress": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.kubernetes.Ingress" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.kubernetes.Ingress" } } }, - "github.com.aquasecurity.defsec.pkg.providers.kubernetes.Port": { + "github.com.aquasecurity.trivy.pkg.iac.providers.kubernetes.Port": { "type": "object", "properties": { "number": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "protocol": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.Nifcloud": { + "github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.Nifcloud": { "type": "object", "properties": { "computing": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.Computing" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.computing.Computing" }, "dns": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.dns.DNS" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.dns.DNS" }, "nas": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.nas.NAS" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.nas.NAS" }, "network": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.Network" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.network.Network" }, "rdb": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.rdb.RDB" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.rdb.RDB" }, "sslcertificate": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.sslcertificate.SSLCertificate" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.sslcertificate.SSLCertificate" } } }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.Computing": { + "github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.computing.Computing": { "type": "object", "properties": { "instances": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.Instance" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.computing.Instance" } }, "securitygroups": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.SecurityGroup" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.computing.SecurityGroup" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.Instance": { + "github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.computing.Instance": { "type": "object", "properties": { "networkinterfaces": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.NetworkInterface" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.computing.NetworkInterface" } }, "securitygroup": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.NetworkInterface": { + "github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.computing.NetworkInterface": { "type": "object", "properties": { "networkid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.SecurityGroup": { + "github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.computing.SecurityGroup": { "type": "object", "properties": { "description": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "egressrules": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.SecurityGroupRule" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.computing.SecurityGroupRule" } }, "ingressrules": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.SecurityGroupRule" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.computing.SecurityGroupRule" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.computing.SecurityGroupRule": { + "github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.computing.SecurityGroupRule": { "type": "object", "properties": { "cidr": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "description": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.dns.DNS": { + "github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.dns.DNS": { "type": "object", "properties": { "records": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.dns.Record" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.dns.Record" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.dns.Record": { + "github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.dns.Record": { "type": "object", "properties": { "record": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "type": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.nas.NAS": { + "github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.nas.NAS": { "type": "object", "properties": { "nasinstances": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.nas.NASInstance" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.nas.NASInstance" } }, "nassecuritygroups": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.nas.NASSecurityGroup" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.nas.NASSecurityGroup" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.nas.NASInstance": { + "github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.nas.NASInstance": { "type": "object", "properties": { "networkid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.nas.NASSecurityGroup": { + "github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.nas.NASSecurityGroup": { "type": "object", "properties": { "cidrs": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "description": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.ElasticLoadBalancer": { + "github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.network.ElasticLoadBalancer": { "type": "object", "properties": { "listeners": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.ElasticLoadBalancerListener" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.network.ElasticLoadBalancerListener" } }, "networkinterfaces": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.NetworkInterface" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.network.NetworkInterface" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.ElasticLoadBalancerListener": { + "github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.network.ElasticLoadBalancerListener": { "type": "object", "properties": { "protocol": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.LoadBalancer": { + "github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.network.LoadBalancer": { "type": "object", "properties": { "listeners": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.LoadBalancerListener" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.network.LoadBalancerListener" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.LoadBalancerListener": { + "github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.network.LoadBalancerListener": { "type": "object", "properties": { "protocol": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "tlspolicy": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.Network": { + "github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.network.Network": { "type": "object", "properties": { "elasticloadbalancers": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.ElasticLoadBalancer" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.network.ElasticLoadBalancer" } }, "loadbalancers": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.LoadBalancer" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.network.LoadBalancer" } }, "routers": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.Router" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.network.Router" } }, "vpngateways": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.VpnGateway" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.network.VpnGateway" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.NetworkInterface": { + "github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.network.NetworkInterface": { "type": "object", "properties": { "isvipnetwork": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "networkid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.Router": { + "github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.network.Router": { "type": "object", "properties": { "networkinterfaces": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.NetworkInterface" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.network.NetworkInterface" } }, "securitygroup": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.network.VpnGateway": { + "github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.network.VpnGateway": { "type": "object", "properties": { "securitygroup": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.rdb.DBInstance": { + "github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.rdb.DBInstance": { "type": "object", "properties": { "backupretentionperioddays": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" }, "engine": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "engineversion": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "networkid": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "publicaccess": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.rdb.DBSecurityGroup": { + "github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.rdb.DBSecurityGroup": { "type": "object", "properties": { "cidrs": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } }, "description": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.rdb.RDB": { + "github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.rdb.RDB": { "type": "object", "properties": { "dbinstances": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.rdb.DBInstance" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.rdb.DBInstance" } }, "dbsecuritygroups": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.rdb.DBSecurityGroup" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.rdb.DBSecurityGroup" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.sslcertificate.SSLCertificate": { + "github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.sslcertificate.SSLCertificate": { "type": "object", "properties": { "servercertificates": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.nifcloud.sslcertificate.ServerCertificate" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.sslcertificate.ServerCertificate" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.nifcloud.sslcertificate.ServerCertificate": { + "github.com.aquasecurity.trivy.pkg.iac.providers.nifcloud.sslcertificate.ServerCertificate": { "type": "object", "properties": { "expiration": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.TimeValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.TimeValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.openstack.Compute": { + "github.com.aquasecurity.trivy.pkg.iac.providers.openstack.Compute": { "type": "object", "properties": { "firewall": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.Firewall" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.openstack.Firewall" }, "instances": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.Instance" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.openstack.Instance" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.openstack.Firewall": { + "github.com.aquasecurity.trivy.pkg.iac.providers.openstack.Firewall": { "type": "object", "properties": { "allowrules": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.FirewallRule" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.openstack.FirewallRule" } }, "denyrules": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.FirewallRule" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.openstack.FirewallRule" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.openstack.FirewallRule": { + "github.com.aquasecurity.trivy.pkg.iac.providers.openstack.FirewallRule": { "type": "object", "properties": { "destination": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "destinationport": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "enabled": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "source": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "sourceport": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.openstack.Instance": { + "github.com.aquasecurity.trivy.pkg.iac.providers.openstack.Instance": { "type": "object", "properties": { "adminpassword": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.openstack.Networking": { + "github.com.aquasecurity.trivy.pkg.iac.providers.openstack.Networking": { "type": "object", "properties": { "securitygroups": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.SecurityGroup" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.openstack.SecurityGroup" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.openstack.OpenStack": { + "github.com.aquasecurity.trivy.pkg.iac.providers.openstack.OpenStack": { "type": "object", "properties": { "compute": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.Compute" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.openstack.Compute" }, "networking": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.Networking" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.openstack.Networking" } } }, - "github.com.aquasecurity.defsec.pkg.providers.openstack.SecurityGroup": { + "github.com.aquasecurity.trivy.pkg.iac.providers.openstack.SecurityGroup": { "type": "object", "properties": { "description": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "name": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "rules": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.openstack.SecurityGroupRule" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.openstack.SecurityGroupRule" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.openstack.SecurityGroupRule": { + "github.com.aquasecurity.trivy.pkg.iac.providers.openstack.SecurityGroupRule": { "type": "object", "properties": { "cidr": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" }, "ethertype": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" }, "isingress": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.BoolValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.BoolValue" }, "portmax": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" }, "portmin": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.IntValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue" }, "protocol": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.oracle.AddressReservation": { + "github.com.aquasecurity.trivy.pkg.iac.providers.oracle.AddressReservation": { "type": "object", "properties": { "pool": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.types.StringValue" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue" } } }, - "github.com.aquasecurity.defsec.pkg.providers.oracle.Compute": { + "github.com.aquasecurity.trivy.pkg.iac.providers.oracle.Compute": { "type": "object", "properties": { "addressreservations": { "type": "array", "items": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.oracle.AddressReservation" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.oracle.AddressReservation" } } } }, - "github.com.aquasecurity.defsec.pkg.providers.oracle.Oracle": { + "github.com.aquasecurity.trivy.pkg.iac.providers.oracle.Oracle": { "type": "object", "properties": { "compute": { "type": "object", - "$ref": "#/definitions/github.com.aquasecurity.defsec.pkg.providers.oracle.Compute" + "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.providers.oracle.Compute" } } }, - "github.com.aquasecurity.defsec.pkg.types.BoolValue": { + "github.com.aquasecurity.trivy.pkg.iac.types.BoolValue": { "type": "object", "properties": { "endline": { @@ -6672,7 +6672,7 @@ } } }, - "github.com.aquasecurity.defsec.pkg.types.BytesValue": { + "github.com.aquasecurity.trivy.pkg.iac.types.BytesValue": { "type": "object", "properties": { "endline": { @@ -6704,7 +6704,7 @@ } } }, - "github.com.aquasecurity.defsec.pkg.types.IntValue": { + "github.com.aquasecurity.trivy.pkg.iac.types.IntValue": { "type": "object", "properties": { "endline": { @@ -6736,7 +6736,7 @@ } } }, - "github.com.aquasecurity.defsec.pkg.types.MapValue": { + "github.com.aquasecurity.trivy.pkg.iac.types.MapValue": { "type": "object", "properties": { "endline": { @@ -6768,7 +6768,7 @@ } } }, - "github.com.aquasecurity.defsec.pkg.types.StringValue": { + "github.com.aquasecurity.trivy.pkg.iac.types.StringValue": { "type": "object", "properties": { "endline": { @@ -6800,7 +6800,7 @@ } } }, - "github.com.aquasecurity.defsec.pkg.types.TimeValue": { + "github.com.aquasecurity.trivy.pkg.iac.types.TimeValue": { "type": "object", "properties": { "endline": { From 82d6ba1356a40dc067045dd90c443a84cb7c66c6 Mon Sep 17 00:00:00 2001 From: Simar Date: Fri, 16 Feb 2024 00:47:12 -0700 Subject: [PATCH 10/13] refactor cloud actions --- .../{allowed_actions.go => cloud_actions.go} | 81 +++++++++++++++++++ ..._actions_test.go => cloud_actions_test.go} | 0 magefiles/magefile.go | 72 +---------------- magefiles/schema.go | 9 +-- 4 files changed, 87 insertions(+), 75 deletions(-) rename magefiles/{allowed_actions.go => cloud_actions.go} (71%) rename magefiles/{allowed_actions_test.go => cloud_actions_test.go} (100%) diff --git a/magefiles/allowed_actions.go b/magefiles/cloud_actions.go similarity index 71% rename from magefiles/allowed_actions.go rename to magefiles/cloud_actions.go index cf8eb048a4f3..045586c8837a 100644 --- a/magefiles/allowed_actions.go +++ b/magefiles/cloud_actions.go @@ -1,14 +1,23 @@ +//go:build mage_cloudactions + package main import ( "bufio" + "context" "errors" "fmt" "os" + "path/filepath" + "sort" "strings" + "sync" + "time" "github.com/antchfx/htmlquery" + "github.com/aquasecurity/trivy/pkg/log" "golang.org/x/net/html" + "golang.org/x/sync/errgroup" ) const ( @@ -188,3 +197,75 @@ var allowedActionsForResourceWildcardsMap = map[string]struct{}{ return w.Flush() } + +func main() { + if err := GenAllowedActions(); err != nil { + log.Fatal(err) + } +} + +// GenAllowedActions generates the list of valid actions for wildcard support +func GenAllowedActions() error { + log.Logger.Info("Start parsing actions") + startTime := time.Now() + defer func() { + log.Logger.Infof("Parsing is completed. Duration %fs\n", time.Since(startTime).Seconds()) + }() + + doc, err := htmlquery.LoadURL(serviceActionReferencesURL) + if err != nil { + return fmt.Errorf("failed to retrieve action references: %w\n", err) + } + urls, err := parseServiceURLs(doc) + if err != nil { + return err + } + + g, ctx := errgroup.WithContext(context.TODO()) + g.SetLimit(defaultParallel) + + // actions may be the same for services of different versions, + // e.g. Elastic Load Balancing and Elastic Load Balancing V2 + actionsSet := make(map[string]struct{}) + + var mu sync.Mutex + + for _, url := range urls { + url := url + if ctx.Err() != nil { + break + } + g.Go(func() error { + serviceActions, err := parseActions(url) + if err != nil { + return fmt.Errorf("failed to parse actions from %q: %w\n", url, err) + } + + mu.Lock() + for _, act := range serviceActions { + actionsSet[act] = struct{}{} + } + mu.Unlock() + + return nil + }) + } + + if err := g.Wait(); err != nil { + return err + } + + actions := make([]string, 0, len(actionsSet)) + + for act := range actionsSet { + actions = append(actions, act) + } + + sort.Strings(actions) + + path := filepath.FromSlash(targetFile) + if err := generateFile(path, actions); err != nil { + return fmt.Errorf("failed to generate file: %w\n", err) + } + return nil +} diff --git a/magefiles/allowed_actions_test.go b/magefiles/cloud_actions_test.go similarity index 100% rename from magefiles/allowed_actions_test.go rename to magefiles/cloud_actions_test.go diff --git a/magefiles/magefile.go b/magefiles/magefile.go index d420584daeb6..db9fd210be34 100644 --- a/magefiles/magefile.go +++ b/magefiles/magefile.go @@ -1,23 +1,17 @@ package main import ( - "context" "errors" "fmt" "io/fs" "os" "os/exec" "path/filepath" - "sort" "strings" - "sync" - "time" - "github.com/antchfx/htmlquery" "github.com/magefile/mage/mg" "github.com/magefile/mage/sh" "github.com/magefile/mage/target" - "golang.org/x/sync/errgroup" ) const ( @@ -446,68 +440,8 @@ func (Schema) Verify() error { return sh.RunWith(ENV, "go", "run", "-tags=mage_schema", "./magefiles", "--", "verify") } -// GenAllowedActions generates the list of valid actions for wildcard support -func GenAllowedActions() error { - fmt.Println("Start parsing actions") - startTime := time.Now() - defer func() { - fmt.Printf("Parsing is completed. Duration %fs\n", time.Since(startTime).Seconds()) - }() - - doc, err := htmlquery.LoadURL(serviceActionReferencesURL) - if err != nil { - return fmt.Errorf("failed to retrieve action references: %w\n", err) - } - urls, err := parseServiceURLs(doc) - if err != nil { - return err - } - - g, ctx := errgroup.WithContext(context.TODO()) - g.SetLimit(defaultParallel) - - // actions may be the same for services of different versions, - // e.g. Elastic Load Balancing and Elastic Load Balancing V2 - actionsSet := make(map[string]struct{}) - - var mu sync.Mutex - - for _, url := range urls { - url := url - if ctx.Err() != nil { - break - } - g.Go(func() error { - serviceActions, err := parseActions(url) - if err != nil { - return fmt.Errorf("failed to parse actions from %q: %w\n", url, err) - } +type CloudActions mg.Namespace - mu.Lock() - for _, act := range serviceActions { - actionsSet[act] = struct{}{} - } - mu.Unlock() - - return nil - }) - } - - if err := g.Wait(); err != nil { - return err - } - - actions := make([]string, 0, len(actionsSet)) - - for act := range actionsSet { - actions = append(actions, act) - } - - sort.Strings(actions) - - path := filepath.FromSlash(targetFile) - if err := generateFile(path, actions); err != nil { - return fmt.Errorf("failed to generate file: %w\n", err) - } - return nil +func (CloudActions) Generate() error { + return sh.RunWith(ENV, "go", "run", "-tags=mage_cloudactions", "./magefiles") } diff --git a/magefiles/schema.go b/magefiles/schema.go index 19493f163fc2..e492190c942c 100644 --- a/magefiles/schema.go +++ b/magefiles/schema.go @@ -14,21 +14,18 @@ import ( func main() { if len(os.Args) < 3 { - log.Printf("invalid schema command args: %s", os.Args) - os.Exit(1) + log.Fatalf("invalid schema command args: %s", os.Args) } switch os.Args[2] { case "generate": if err := GenSchema(); err != nil { - fmt.Printf(err.Error()) - os.Exit(1) + log.Fatalf(err.Error()) } log.Println("schema generated") case "verify": if err := VerifySchema(); err != nil { - fmt.Printf(err.Error()) - os.Exit(1) + log.Fatalf(err.Error()) } log.Println("schema valid") } From fa87b6455f10cf02851675dbff5a3da5737f452a Mon Sep 17 00:00:00 2001 From: Simar Date: Fri, 16 Feb 2024 00:48:38 -0700 Subject: [PATCH 11/13] fix lint issues --- magefiles/cloud_actions_test.go | 2 ++ magefiles/magefile.go | 4 ---- magefiles/schema.go | 4 ++++ 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/magefiles/cloud_actions_test.go b/magefiles/cloud_actions_test.go index 712c607b1a48..8b558062f96f 100644 --- a/magefiles/cloud_actions_test.go +++ b/magefiles/cloud_actions_test.go @@ -1,3 +1,5 @@ +//go:build mage_cloudactions + package main import ( diff --git a/magefiles/magefile.go b/magefiles/magefile.go index db9fd210be34..cafd8a045c47 100644 --- a/magefiles/magefile.go +++ b/magefiles/magefile.go @@ -14,10 +14,6 @@ import ( "github.com/magefile/mage/target" ) -const ( - schemaPath = "pkg/iac/rego/schemas/cloud.json" -) - var ( GOPATH = os.Getenv("GOPATH") GOBIN = filepath.Join(GOPATH, "bin") diff --git a/magefiles/schema.go b/magefiles/schema.go index e492190c942c..77d98d75d535 100644 --- a/magefiles/schema.go +++ b/magefiles/schema.go @@ -12,6 +12,10 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/rego/schemas" ) +const ( + schemaPath = "pkg/iac/rego/schemas/cloud.json" +) + func main() { if len(os.Args) < 3 { log.Fatalf("invalid schema command args: %s", os.Args) From 6e54b28cd6499004ee50acd675ca1d622850cb95 Mon Sep 17 00:00:00 2001 From: Simar Date: Fri, 16 Feb 2024 00:51:24 -0700 Subject: [PATCH 12/13] rename defsecTypes to iacTypes --- pkg/cloud/aws/commands/run_test.go | 8 +- pkg/cloud/report/convert_test.go | 10 +- pkg/cloud/report/service_test.go | 12 +- pkg/compliance/report/report.go | 8 +- pkg/compliance/report/report_test.go | 12 +- pkg/compliance/spec/compliance.go | 10 +- pkg/compliance/spec/compliance_test.go | 48 ++-- pkg/flag/report_flags_test.go | 8 +- pkg/iac/adapters/arm/appservice/adapt.go | 10 +- pkg/iac/adapters/arm/compute/adapt.go | 4 +- pkg/iac/adapters/arm/database/mssql.go | 6 +- pkg/iac/adapters/arm/database/postgresql.go | 8 +- pkg/iac/adapters/arm/network/adapt.go | 12 +- .../cloudformation/aws/config/aggregator.go | 8 +- .../cloudformation/aws/dynamodb/cluster.go | 10 +- .../cloudformation/aws/ec2/instance.go | 8 +- .../adapters/cloudformation/aws/ec2/nacl.go | 20 +- .../cloudformation/aws/ecr/repository.go | 20 +- .../cloudformation/aws/eks/cluster.go | 20 +- .../aws/elasticsearch/domain.go | 26 +- .../adapters/cloudformation/aws/iam/iam.go | 18 +- .../adapters/cloudformation/aws/iam/policy.go | 18 +- .../cloudformation/aws/msk/cluster.go | 16 +- .../cloudformation/aws/rds/cluster.go | 6 +- .../adapters/cloudformation/aws/s3/bucket.go | 30 +-- .../adapters/cloudformation/aws/sam/api.go | 22 +- .../cloudformation/aws/sam/function.go | 6 +- .../cloudformation/aws/sam/state_machines.go | 12 +- .../adapters/cloudformation/aws/sam/tables.go | 6 +- .../adapters/cloudformation/aws/sqs/queue.go | 10 +- .../terraform/aws/apigateway/adapt_test.go | 16 +- .../terraform/aws/apigateway/apiv1.go | 16 +- .../terraform/aws/apigateway/apiv2.go | 12 +- .../adapters/terraform/aws/athena/adapt.go | 8 +- .../terraform/aws/athena/adapt_test.go | 50 ++-- .../terraform/aws/cloudfront/adapt_test.go | 42 ++-- .../terraform/aws/cloudtrail/adapt_test.go | 34 +-- .../terraform/aws/cloudwatch/adapt_test.go | 32 +-- .../terraform/aws/codebuild/adapt_test.go | 22 +- .../adapters/terraform/aws/config/adapt.go | 8 +- .../terraform/aws/config/adapt_test.go | 10 +- .../terraform/aws/documentdb/adapt_test.go | 26 +- .../adapters/terraform/aws/dynamodb/adapt.go | 16 +- .../terraform/aws/dynamodb/adapt_test.go | 42 ++-- .../adapters/terraform/aws/ec2/adapt_test.go | 72 +++--- .../adapters/terraform/aws/ec2/autoscaling.go | 18 +- .../terraform/aws/ec2/autoscaling_test.go | 56 ++--- .../adapters/terraform/aws/ec2/subnet_test.go | 14 +- .../adapters/terraform/aws/ec2/volume_test.go | 26 +- pkg/iac/adapters/terraform/aws/ec2/vpc.go | 34 +-- .../adapters/terraform/aws/ec2/vpc_test.go | 104 ++++---- pkg/iac/adapters/terraform/aws/ecr/adapt.go | 24 +- .../adapters/terraform/aws/ecr/adapt_test.go | 38 +-- .../adapters/terraform/aws/ecs/adapt_test.go | 44 ++-- .../adapters/terraform/aws/efs/adapt_test.go | 10 +- pkg/iac/adapters/terraform/aws/eks/adapt.go | 32 +-- .../adapters/terraform/aws/eks/adapt_test.go | 50 ++-- .../terraform/aws/elasticache/adapt_test.go | 38 +-- .../terraform/aws/elasticsearch/adapt.go | 28 +-- .../terraform/aws/elasticsearch/adapt_test.go | 46 ++-- pkg/iac/adapters/terraform/aws/elb/adapt.go | 18 +- .../adapters/terraform/aws/elb/adapt_test.go | 28 +-- .../adapters/terraform/aws/emr/adapt_test.go | 10 +- .../adapters/terraform/aws/iam/groups_test.go | 18 +- .../adapters/terraform/aws/iam/passwords.go | 46 ++-- .../terraform/aws/iam/passwords_test.go | 18 +- .../adapters/terraform/aws/iam/policies.go | 6 +- .../terraform/aws/iam/policies_test.go | 26 +- .../adapters/terraform/aws/iam/roles_test.go | 42 ++-- pkg/iac/adapters/terraform/aws/iam/users.go | 14 +- .../adapters/terraform/aws/iam/users_test.go | 46 ++-- .../terraform/aws/kinesis/adapt_test.go | 18 +- .../adapters/terraform/aws/kms/adapt_test.go | 10 +- .../adapters/terraform/aws/lambda/adapt.go | 12 +- .../terraform/aws/lambda/adapt_test.go | 32 +-- .../adapters/terraform/aws/mq/adapt_test.go | 32 +-- pkg/iac/adapters/terraform/aws/msk/adapt.go | 16 +- .../adapters/terraform/aws/msk/adapt_test.go | 52 ++-- .../adapters/terraform/aws/neptune/adapt.go | 10 +- .../terraform/aws/neptune/adapt_test.go | 22 +- pkg/iac/adapters/terraform/aws/rds/adapt.go | 46 ++-- .../adapters/terraform/aws/rds/adapt_test.go | 134 +++++----- .../adapters/terraform/aws/redshift/adapt.go | 16 +- .../terraform/aws/redshift/adapt_test.go | 76 +++--- .../adapters/terraform/aws/s3/adapt_test.go | 46 ++-- pkg/iac/adapters/terraform/aws/s3/bucket.go | 72 +++--- pkg/iac/adapters/terraform/aws/s3/policies.go | 6 +- .../adapters/terraform/aws/sns/adapt_test.go | 18 +- pkg/iac/adapters/terraform/aws/sqs/adapt.go | 30 +-- .../adapters/terraform/aws/sqs/adapt_test.go | 30 +-- .../adapters/terraform/aws/ssm/adapt_test.go | 14 +- .../terraform/aws/workspaces/adapt_test.go | 30 +-- .../terraform/azure/appservice/adapt.go | 18 +- .../terraform/azure/appservice/adapt_test.go | 50 ++-- .../azure/authorization/adapt_test.go | 22 +- .../adapters/terraform/azure/compute/adapt.go | 12 +- .../terraform/azure/compute/adapt_test.go | 52 ++-- .../terraform/azure/container/adapt.go | 12 +- .../terraform/azure/container/adapt_test.go | 78 +++--- .../terraform/azure/database/adapt.go | 82 +++---- .../terraform/azure/database/adapt_test.go | 92 +++---- .../terraform/azure/datafactory/adapt_test.go | 10 +- .../terraform/azure/datalake/adapt_test.go | 14 +- .../terraform/azure/keyvault/adapt.go | 34 +-- .../terraform/azure/keyvault/adapt_test.go | 50 ++-- .../adapters/terraform/azure/monitor/adapt.go | 6 +- .../terraform/azure/monitor/adapt_test.go | 34 +-- .../adapters/terraform/azure/network/adapt.go | 22 +- .../terraform/azure/network/adapt_test.go | 58 ++--- .../azure/securitycenter/adapt_test.go | 26 +- .../adapters/terraform/azure/storage/adapt.go | 34 +-- .../terraform/azure/storage/adapt_test.go | 66 ++--- .../terraform/azure/synapse/adapt_test.go | 14 +- .../cloudstack/compute/adapt_test.go | 16 +- .../digitalocean/compute/adapt_test.go | 56 ++--- .../terraform/digitalocean/spaces/adapt.go | 14 +- .../digitalocean/spaces/adapt_test.go | 30 +-- .../terraform/github/secrets/adapt_test.go | 26 +- .../terraform/google/bigquery/adapt_test.go | 38 +-- .../terraform/google/compute/disks.go | 8 +- .../terraform/google/compute/disks_test.go | 28 +-- .../terraform/google/compute/instances.go | 34 +-- .../google/compute/instances_test.go | 98 ++++---- .../terraform/google/compute/metadata.go | 10 +- .../terraform/google/compute/metadata_test.go | 10 +- .../terraform/google/compute/networks.go | 40 +-- .../terraform/google/compute/networks_test.go | 50 ++-- .../terraform/google/compute/ssl_test.go | 18 +- .../adapters/terraform/google/dns/adapt.go | 6 +- .../terraform/google/dns/adapt_test.go | 20 +- .../adapters/terraform/google/gke/adapt.go | 120 ++++----- .../terraform/google/gke/adapt_test.go | 140 +++++------ .../terraform/google/iam/adapt_test.go | 54 ++-- .../adapters/terraform/google/iam/convert.go | 6 +- .../terraform/google/iam/project_iam.go | 24 +- .../terraform/google/iam/project_iam_test.go | 18 +- .../terraform/google/kms/adapt_test.go | 16 +- .../adapters/terraform/google/sql/adapt.go | 58 ++--- .../terraform/google/sql/adapt_test.go | 82 +++---- .../terraform/google/storage/adapt.go | 12 +- .../terraform/google/storage/adapt_test.go | 58 ++--- .../nifcloud/computing/instance_test.go | 18 +- .../nifcloud/computing/security_group.go | 6 +- .../nifcloud/computing/security_group_test.go | 22 +- .../terraform/nifcloud/dns/record_test.go | 14 +- .../nifcloud/nas/nas_instance_test.go | 10 +- .../nifcloud/nas/nas_security_group.go | 4 +- .../nifcloud/nas/nas_security_group_test.go | 18 +- .../network/elastic_load_balancer_test.go | 28 +-- .../nifcloud/network/load_balancer.go | 14 +- .../nifcloud/network/load_balancer_test.go | 20 +- .../terraform/nifcloud/network/router_test.go | 18 +- .../nifcloud/network/vpn_gateway_test.go | 10 +- .../nifcloud/rdb/db_instance_test.go | 26 +- .../nifcloud/rdb/db_security_group.go | 4 +- .../nifcloud/rdb/db_security_group_test.go | 18 +- .../sslcertificate/server_certificate.go | 8 +- .../sslcertificate/server_certificate_test.go | 12 +- .../terraform/openstack/adapt_test.go | 22 +- .../terraform/openstack/networking.go | 20 +- .../providers/aws/apigateway/v1/apigateway.go | 40 +-- .../providers/aws/apigateway/v2/apigateway.go | 22 +- pkg/iac/providers/aws/athena/athena.go | 16 +- .../providers/aws/cloudfront/cloudfront.go | 22 +- .../providers/aws/cloudtrail/cloudtrail.go | 28 +-- .../providers/aws/cloudwatch/cloudwatch.go | 36 +-- pkg/iac/providers/aws/codebuild/codebuild.go | 8 +- pkg/iac/providers/aws/config/config.go | 6 +- .../providers/aws/documentdb/documentdb.go | 18 +- pkg/iac/providers/aws/dynamodb/dynamodb.go | 16 +- pkg/iac/providers/aws/ec2/instance.go | 24 +- pkg/iac/providers/aws/ec2/launch.go | 14 +- pkg/iac/providers/aws/ec2/subnet.go | 6 +- pkg/iac/providers/aws/ec2/volume.go | 10 +- pkg/iac/providers/aws/ec2/vpc.go | 38 +-- pkg/iac/providers/aws/ecr/ecr.go | 16 +- pkg/iac/providers/aws/ecs/ecs.go | 54 ++-- pkg/iac/providers/aws/efs/efs.go | 6 +- pkg/iac/providers/aws/eks/eks.go | 26 +- .../providers/aws/elasticache/elasticache.go | 20 +- .../aws/elasticsearch/elasticsearch.go | 44 ++-- pkg/iac/providers/aws/elb/elb.go | 20 +- pkg/iac/providers/aws/emr/emr.go | 18 +- pkg/iac/providers/aws/iam/iam.go | 50 ++-- pkg/iac/providers/aws/iam/passwords.go | 18 +- pkg/iac/providers/aws/kinesis/kinesis.go | 10 +- pkg/iac/providers/aws/kms/kms.go | 8 +- pkg/iac/providers/aws/lambda/lambda.go | 14 +- pkg/iac/providers/aws/mq/mq.go | 12 +- pkg/iac/providers/aws/msk/msk.go | 30 +-- pkg/iac/providers/aws/neptune/neptune.go | 12 +- pkg/iac/providers/aws/rds/rds.go | 102 ++++---- pkg/iac/providers/aws/redshift/redshift.go | 48 ++-- pkg/iac/providers/aws/s3/bucket.go | 40 +-- .../aws/s3/bucket_public_access_block.go | 22 +- pkg/iac/providers/aws/sam/api.go | 32 +-- pkg/iac/providers/aws/sam/application.go | 12 +- pkg/iac/providers/aws/sam/function.go | 16 +- pkg/iac/providers/aws/sam/http_api.go | 14 +- pkg/iac/providers/aws/sam/state_machine.go | 16 +- pkg/iac/providers/aws/sam/table.go | 12 +- pkg/iac/providers/aws/sns/sns.go | 16 +- pkg/iac/providers/aws/sqs/sqs.go | 12 +- pkg/iac/providers/aws/ssm/ssm.go | 6 +- .../providers/aws/workspaces/workspaces.go | 10 +- .../providers/azure/appservice/appservice.go | 18 +- .../azure/authorization/authorization.go | 10 +- pkg/iac/providers/azure/compute/compute.go | 20 +- .../providers/azure/container/container.go | 22 +- pkg/iac/providers/azure/database/database.go | 44 ++-- .../azure/datafactory/datafactory.go | 6 +- pkg/iac/providers/azure/datalake/datalake.go | 6 +- pkg/iac/providers/azure/keyvault/keyvault.go | 22 +- pkg/iac/providers/azure/monitor/monitor.go | 14 +- pkg/iac/providers/azure/network/network.go | 26 +- .../azure/securitycenter/securitycenter.go | 12 +- pkg/iac/providers/azure/storage/storage.go | 26 +- pkg/iac/providers/azure/synapse/synapse.go | 6 +- .../providers/cloudstack/compute/compute.go | 6 +- .../providers/digitalocean/compute/compute.go | 30 +-- .../providers/digitalocean/spaces/spaces.go | 18 +- pkg/iac/providers/github/actions.go | 16 +- .../providers/github/branch_protections.go | 6 +- pkg/iac/providers/github/repositories.go | 10 +- pkg/iac/providers/google/bigquery/bigquery.go | 14 +- pkg/iac/providers/google/compute/disk.go | 12 +- pkg/iac/providers/google/compute/firewall.go | 28 +-- pkg/iac/providers/google/compute/instance.go | 36 +-- pkg/iac/providers/google/compute/metadata.go | 6 +- .../providers/google/compute/ssl_policy.go | 10 +- .../providers/google/compute/subnetwork.go | 10 +- pkg/iac/providers/google/dns/dns.go | 18 +- pkg/iac/providers/google/gke/gke.go | 68 ++--- pkg/iac/providers/google/iam/iam.go | 34 +-- pkg/iac/providers/google/kms/kms.go | 8 +- pkg/iac/providers/google/sql/sql.go | 46 ++-- pkg/iac/providers/google/storage/storage.go | 14 +- pkg/iac/providers/kubernetes/kubernetes.go | 20 +- .../providers/nifcloud/computing/instance.go | 10 +- .../nifcloud/computing/security_group.go | 12 +- pkg/iac/providers/nifcloud/dns/record.go | 8 +- .../providers/nifcloud/nas/nas_instance.go | 6 +- .../nifcloud/nas/nas_security_group.go | 8 +- .../nifcloud/network/elastic_load_balancer.go | 8 +- .../nifcloud/network/load_balancer.go | 10 +- pkg/iac/providers/nifcloud/network/network.go | 8 +- pkg/iac/providers/nifcloud/network/router.go | 6 +- .../providers/nifcloud/network/vpn_gateway.go | 6 +- pkg/iac/providers/nifcloud/rdb/db_instance.go | 14 +- .../nifcloud/rdb/db_security_group.go | 8 +- .../sslcertificate/server_certificate.go | 6 +- pkg/iac/providers/openstack/networking.go | 22 +- pkg/iac/providers/openstack/openstack.go | 18 +- pkg/iac/providers/oracle/oracle.go | 6 +- pkg/iac/rego/metadata.go | 6 +- pkg/iac/rego/result.go | 14 +- pkg/iac/scan/code.go | 6 +- pkg/iac/scan/code_test.go | 10 +- pkg/iac/scan/result.go | 28 +-- pkg/iac/scanners/azure/resolver/resolver.go | 4 +- .../cloudformation/parser/file_context.go | 8 +- .../cloudformation/parser/property.go | 68 ++--- .../cloudformation/parser/property_helpers.go | 20 +- .../cloudformation/parser/reference.go | 14 +- .../cloudformation/parser/resource.go | 52 ++-- pkg/iac/state/merge_test.go | 232 +++++++++--------- pkg/iac/state/state_test.go | 18 +- pkg/iac/terraform/attribute.go | 92 +++---- pkg/iac/terraform/block.go | 10 +- pkg/iac/terraform/ignore.go | 10 +- pkg/misconf/scanner.go | 4 +- 271 files changed, 3478 insertions(+), 3478 deletions(-) diff --git a/pkg/cloud/aws/commands/run_test.go b/pkg/cloud/aws/commands/run_test.go index d96985e393c4..069ec53751a1 100644 --- a/pkg/cloud/aws/commands/run_test.go +++ b/pkg/cloud/aws/commands/run_test.go @@ -16,7 +16,7 @@ import ( dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/compliance/spec" "github.com/aquasecurity/trivy/pkg/flag" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) const expectedS3ScanResult = `{ @@ -1003,18 +1003,18 @@ deny { }, ReportOptions: flag.ReportOptions{ Compliance: spec.ComplianceSpec{ - Spec: defsecTypes.Spec{ + Spec: iacTypes.Spec{ // TODO: refactor defsec so that the parsed spec can be passed ID: "@testdata/example-spec.yaml", Title: "my-custom-spec", Description: "My fancy spec", Version: "1.2", - Controls: []defsecTypes.Control{ + Controls: []iacTypes.Control{ { ID: "1.1", Name: "Unencrypted S3 bucket", Description: "S3 Buckets should be encrypted to protect the data that is stored within them if access is compromised.", - Checks: []defsecTypes.SpecCheck{ + Checks: []iacTypes.SpecCheck{ {ID: "AVD-AWS-0088"}, }, Severity: "HIGH", diff --git a/pkg/cloud/report/convert_test.go b/pkg/cloud/report/convert_test.go index c1a3027d0ff5..b8a0b728c53f 100644 --- a/pkg/cloud/report/convert_test.go +++ b/pkg/cloud/report/convert_test.go @@ -9,7 +9,7 @@ import ( fanaltypes "github.com/aquasecurity/trivy/pkg/fanal/types" "github.com/aquasecurity/trivy/pkg/iac/scan" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/types" ) @@ -57,7 +57,7 @@ func Test_ResultConversion(t *testing.T) { var s3Results scan.Results s3Results.Add( "something failed", - defsecTypes.NewRemoteMetadata((arn.ARN{ + iacTypes.NewRemoteMetadata((arn.ARN{ Partition: "aws", Service: "s3", Region: "us-east-1", @@ -67,7 +67,7 @@ func Test_ResultConversion(t *testing.T) { ) s3Results.Add( "something else failed", - defsecTypes.NewRemoteMetadata((arn.ARN{ + iacTypes.NewRemoteMetadata((arn.ARN{ Partition: "aws", Service: "s3", Region: "us-east-1", @@ -77,7 +77,7 @@ func Test_ResultConversion(t *testing.T) { ) s3Results.Add( "something else failed again", - defsecTypes.NewRemoteMetadata((arn.ARN{ + iacTypes.NewRemoteMetadata((arn.ARN{ Partition: "aws", Service: "s3", Region: "us-east-1", @@ -90,7 +90,7 @@ func Test_ResultConversion(t *testing.T) { var ec2Results scan.Results ec2Results.Add( "instance is bad", - defsecTypes.NewRemoteMetadata((arn.ARN{ + iacTypes.NewRemoteMetadata((arn.ARN{ Partition: "aws", Service: "ec2", Region: "us-east-1", diff --git a/pkg/cloud/report/service_test.go b/pkg/cloud/report/service_test.go index 521a0c97b2fd..12c998e23913 100644 --- a/pkg/cloud/report/service_test.go +++ b/pkg/cloud/report/service_test.go @@ -15,7 +15,7 @@ import ( "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/flag" "github.com/aquasecurity/trivy/pkg/iac/scan" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Test_ServiceReport(t *testing.T) { @@ -365,7 +365,7 @@ func createTestResults() scan.Results { var s3Results scan.Results s3Results.Add( "something failed", - defsecTypes.NewRemoteMetadata((arn.ARN{ + iacTypes.NewRemoteMetadata((arn.ARN{ Partition: "aws", Service: "s3", Region: "us-east-1", @@ -375,7 +375,7 @@ func createTestResults() scan.Results { ) s3Results.Add( "something else failed", - defsecTypes.NewRemoteMetadata((arn.ARN{ + iacTypes.NewRemoteMetadata((arn.ARN{ Partition: "aws", Service: "s3", Region: "us-east-1", @@ -385,7 +385,7 @@ func createTestResults() scan.Results { ) s3Results.Add( "something else failed again", - defsecTypes.NewRemoteMetadata((arn.ARN{ + iacTypes.NewRemoteMetadata((arn.ARN{ Partition: "aws", Service: "s3", Region: "us-east-1", @@ -394,7 +394,7 @@ func createTestResults() scan.Results { }).String()), ) s3Results.AddPassed( - defsecTypes.NewRemoteMetadata((arn.ARN{ + iacTypes.NewRemoteMetadata((arn.ARN{ Partition: "aws", Service: "s3", Region: "us-east-1", @@ -407,7 +407,7 @@ func createTestResults() scan.Results { var ec2Results scan.Results ec2Results.Add( "instance is bad", - defsecTypes.NewRemoteMetadata((arn.ARN{ + iacTypes.NewRemoteMetadata((arn.ARN{ Partition: "aws", Service: "ec2", Region: "us-east-1", diff --git a/pkg/compliance/report/report.go b/pkg/compliance/report/report.go index fb82b940952c..d4b31668ed6d 100644 --- a/pkg/compliance/report/report.go +++ b/pkg/compliance/report/report.go @@ -8,7 +8,7 @@ import ( dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/compliance/spec" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/types" ) @@ -39,7 +39,7 @@ type ControlCheckResult struct { ID string Name string Description string - DefaultStatus defsecTypes.ControlStatus `json:",omitempty"` + DefaultStatus iacTypes.ControlStatus `json:",omitempty"` Severity string Results types.Results } @@ -96,7 +96,7 @@ func (r ComplianceReport) empty() bool { } // buildControlCheckResults create compliance results data -func buildControlCheckResults(checksMap map[string]types.Results, controls []defsecTypes.Control) []*ControlCheckResult { +func buildControlCheckResults(checksMap map[string]types.Results, controls []iacTypes.Control) []*ControlCheckResult { var complianceResults []*ControlCheckResult for _, control := range controls { var results types.Results @@ -116,7 +116,7 @@ func buildControlCheckResults(checksMap map[string]types.Results, controls []def } // buildComplianceReportResults create compliance results data -func buildComplianceReportResults(checksMap map[string]types.Results, s defsecTypes.Spec) *ComplianceReport { +func buildComplianceReportResults(checksMap map[string]types.Results, s iacTypes.Spec) *ComplianceReport { controlCheckResult := buildControlCheckResults(checksMap, s.Controls) return &ComplianceReport{ ID: s.ID, diff --git a/pkg/compliance/report/report_test.go b/pkg/compliance/report/report_test.go index 30a659d0e5c2..f200576d1c62 100644 --- a/pkg/compliance/report/report_test.go +++ b/pkg/compliance/report/report_test.go @@ -11,7 +11,7 @@ import ( "github.com/aquasecurity/trivy/pkg/compliance/report" "github.com/aquasecurity/trivy/pkg/compliance/spec" ftypes "github.com/aquasecurity/trivy/pkg/fanal/types" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/types" ) @@ -98,7 +98,7 @@ func TestBuildComplianceReport(t *testing.T) { }, }, cs: spec.ComplianceSpec{ - Spec: defsecTypes.Spec{ + Spec: iacTypes.Spec{ ID: "1234", Title: "NSA", Description: "National Security Agency - Kubernetes Hardening Guidance", @@ -106,13 +106,13 @@ func TestBuildComplianceReport(t *testing.T) { RelatedResources: []string{ "https://example.com", }, - Controls: []defsecTypes.Control{ + Controls: []iacTypes.Control{ { ID: "1.0", Name: "Non-root containers", Description: "Check that container is not running as root", Severity: "MEDIUM", - Checks: []defsecTypes.SpecCheck{ + Checks: []iacTypes.SpecCheck{ {ID: "AVD-KSV-0001"}, }, }, @@ -121,7 +121,7 @@ func TestBuildComplianceReport(t *testing.T) { Name: "Immutable container file systems", Description: "Check that container root file system is immutable", Severity: "LOW", - Checks: []defsecTypes.SpecCheck{ + Checks: []iacTypes.SpecCheck{ {ID: "AVD-KSV-0002"}, }, }, @@ -130,7 +130,7 @@ func TestBuildComplianceReport(t *testing.T) { Name: "tzdata - new upstream version", Description: "Bad tzdata package", Severity: "CRITICAL", - Checks: []defsecTypes.SpecCheck{ + Checks: []iacTypes.SpecCheck{ {ID: "DLA-2424-1"}, }, }, diff --git a/pkg/compliance/spec/compliance.go b/pkg/compliance/spec/compliance.go index 7c4bae65d363..0f219dca7c60 100644 --- a/pkg/compliance/spec/compliance.go +++ b/pkg/compliance/spec/compliance.go @@ -10,7 +10,7 @@ import ( "gopkg.in/yaml.v3" sp "github.com/aquasecurity/trivy-policies/pkg/spec" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/types" ) @@ -18,13 +18,13 @@ type Severity string // ComplianceSpec represent the compliance specification type ComplianceSpec struct { - Spec defsecTypes.Spec `yaml:"spec"` + Spec iacTypes.Spec `yaml:"spec"` } const ( - FailStatus defsecTypes.ControlStatus = "FAIL" - PassStatus defsecTypes.ControlStatus = "PASS" - WarnStatus defsecTypes.ControlStatus = "WARN" + FailStatus iacTypes.ControlStatus = "FAIL" + PassStatus iacTypes.ControlStatus = "PASS" + WarnStatus iacTypes.ControlStatus = "WARN" ) // Scanners reads spec control and determines the scanners by check ID prefix diff --git a/pkg/compliance/spec/compliance_test.go b/pkg/compliance/spec/compliance_test.go index 3ec700a2f45e..a4ee4961973e 100644 --- a/pkg/compliance/spec/compliance_test.go +++ b/pkg/compliance/spec/compliance_test.go @@ -7,20 +7,20 @@ import ( "github.com/stretchr/testify/assert" "github.com/aquasecurity/trivy/pkg/compliance/spec" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/types" ) func TestComplianceSpec_Scanners(t *testing.T) { tests := []struct { name string - spec defsecTypes.Spec + spec iacTypes.Spec want types.Scanners wantErr assert.ErrorAssertionFunc }{ { name: "get config scanner type by check id prefix", - spec: defsecTypes.Spec{ + spec: iacTypes.Spec{ ID: "1234", Title: "NSA", Description: "National Security Agency - Kubernetes Hardening Guidance", @@ -28,12 +28,12 @@ func TestComplianceSpec_Scanners(t *testing.T) { "https://example.com", }, Version: "1.0", - Controls: []defsecTypes.Control{ + Controls: []iacTypes.Control{ { Name: "Non-root containers", Description: "Check that container is not running as root", ID: "1.0", - Checks: []defsecTypes.SpecCheck{ + Checks: []iacTypes.SpecCheck{ {ID: "AVD-KSV012"}, }, }, @@ -41,7 +41,7 @@ func TestComplianceSpec_Scanners(t *testing.T) { Name: "Check that encryption resource has been set", Description: "Control checks whether encryption resource has been set", ID: "1.1", - Checks: []defsecTypes.SpecCheck{ + Checks: []iacTypes.SpecCheck{ {ID: "AVD-1.2.31"}, {ID: "AVD-1.2.32"}, }, @@ -53,7 +53,7 @@ func TestComplianceSpec_Scanners(t *testing.T) { }, { name: "get config and vuln scanners types by check id prefix", - spec: defsecTypes.Spec{ + spec: iacTypes.Spec{ ID: "1234", Title: "NSA", Description: "National Security Agency - Kubernetes Hardening Guidance", @@ -61,12 +61,12 @@ func TestComplianceSpec_Scanners(t *testing.T) { "https://example.com", }, Version: "1.0", - Controls: []defsecTypes.Control{ + Controls: []iacTypes.Control{ { Name: "Non-root containers", Description: "Check that container is not running as root", ID: "1.0", - Checks: []defsecTypes.SpecCheck{ + Checks: []iacTypes.SpecCheck{ {ID: "AVD-KSV012"}, }, }, @@ -74,7 +74,7 @@ func TestComplianceSpec_Scanners(t *testing.T) { Name: "Check that encryption resource has been set", Description: "Control checks whether encryption resource has been set", ID: "1.1", - Checks: []defsecTypes.SpecCheck{ + Checks: []iacTypes.SpecCheck{ {ID: "AVD-1.2.31"}, {ID: "AVD-1.2.32"}, }, @@ -83,7 +83,7 @@ func TestComplianceSpec_Scanners(t *testing.T) { Name: "Ensure no critical vulnerabilities", Description: "Control checks whether critical vulnerabilities are not found", ID: "7.0", - Checks: []defsecTypes.SpecCheck{ + Checks: []iacTypes.SpecCheck{ {ID: "CVE-9999-9999"}, }, }, @@ -97,7 +97,7 @@ func TestComplianceSpec_Scanners(t *testing.T) { }, { name: "unknown prefix", - spec: defsecTypes.Spec{ + spec: iacTypes.Spec{ ID: "1234", Title: "NSA", Description: "National Security Agency - Kubernetes Hardening Guidance", @@ -105,11 +105,11 @@ func TestComplianceSpec_Scanners(t *testing.T) { "https://example.com", }, Version: "1.0", - Controls: []defsecTypes.Control{ + Controls: []iacTypes.Control{ { Name: "Unknown", ID: "1.0", - Checks: []defsecTypes.SpecCheck{ + Checks: []iacTypes.SpecCheck{ {ID: "UNKNOWN-001"}, }, }, @@ -138,12 +138,12 @@ func TestComplianceSpec_Scanners(t *testing.T) { func TestComplianceSpec_CheckIDs(t *testing.T) { tests := []struct { name string - spec defsecTypes.Spec + spec iacTypes.Spec want map[types.Scanner][]string }{ { name: "get config scanner type by check id prefix", - spec: defsecTypes.Spec{ + spec: iacTypes.Spec{ ID: "1234", Title: "NSA", Description: "National Security Agency - Kubernetes Hardening Guidance", @@ -151,12 +151,12 @@ func TestComplianceSpec_CheckIDs(t *testing.T) { "https://example.com", }, Version: "1.0", - Controls: []defsecTypes.Control{ + Controls: []iacTypes.Control{ { Name: "Non-root containers", Description: "Check that container is not running as root", ID: "1.0", - Checks: []defsecTypes.SpecCheck{ + Checks: []iacTypes.SpecCheck{ {ID: "AVD-KSV012"}, }, }, @@ -164,7 +164,7 @@ func TestComplianceSpec_CheckIDs(t *testing.T) { Name: "Check that encryption resource has been set", Description: "Control checks whether encryption resource has been set", ID: "1.1", - Checks: []defsecTypes.SpecCheck{ + Checks: []iacTypes.SpecCheck{ {ID: "AVD-1.2.31"}, {ID: "AVD-1.2.32"}, }, @@ -181,7 +181,7 @@ func TestComplianceSpec_CheckIDs(t *testing.T) { }, { name: "get config and vuln scanners types by check id prefix", - spec: defsecTypes.Spec{ + spec: iacTypes.Spec{ ID: "1234", Title: "NSA", Description: "National Security Agency - Kubernetes Hardening Guidance", @@ -189,12 +189,12 @@ func TestComplianceSpec_CheckIDs(t *testing.T) { "https://example.com", }, Version: "1.0", - Controls: []defsecTypes.Control{ + Controls: []iacTypes.Control{ { Name: "Non-root containers", Description: "Check that container is not running as root", ID: "1.0", - Checks: []defsecTypes.SpecCheck{ + Checks: []iacTypes.SpecCheck{ {ID: "AVD-KSV012"}, }, }, @@ -202,7 +202,7 @@ func TestComplianceSpec_CheckIDs(t *testing.T) { Name: "Check that encryption resource has been set", Description: "Control checks whether encryption resource has been set", ID: "1.1", - Checks: []defsecTypes.SpecCheck{ + Checks: []iacTypes.SpecCheck{ {ID: "AVD-1.2.31"}, {ID: "AVD-1.2.32"}, }, @@ -211,7 +211,7 @@ func TestComplianceSpec_CheckIDs(t *testing.T) { Name: "Ensure no critical vulnerabilities", Description: "Control checks whether critical vulnerabilities are not found", ID: "7.0", - Checks: []defsecTypes.SpecCheck{ + Checks: []iacTypes.SpecCheck{ {ID: "CVE-9999-9999"}, }, }, diff --git a/pkg/flag/report_flags_test.go b/pkg/flag/report_flags_test.go index 4c0489d72774..1d230398d5c7 100644 --- a/pkg/flag/report_flags_test.go +++ b/pkg/flag/report_flags_test.go @@ -11,7 +11,7 @@ import ( dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/compliance/spec" "github.com/aquasecurity/trivy/pkg/flag" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/types" ) @@ -161,17 +161,17 @@ func TestReportFlagGroup_ToOptions(t *testing.T) { }, want: flag.ReportOptions{ Compliance: spec.ComplianceSpec{ - Spec: defsecTypes.Spec{ + Spec: iacTypes.Spec{ ID: "0001", Title: "my-custom-spec", Description: "My fancy spec", Version: "1.2", - Controls: []defsecTypes.Control{ + Controls: []iacTypes.Control{ { ID: "1.1", Name: "Unencrypted S3 bucket", Description: "S3 Buckets should be encrypted to protect the data that is stored within them if access is compromised.", - Checks: []defsecTypes.SpecCheck{ + Checks: []iacTypes.SpecCheck{ {ID: "AVD-AWS-0088"}, }, Severity: "HIGH", diff --git a/pkg/iac/adapters/arm/appservice/adapt.go b/pkg/iac/adapters/arm/appservice/adapt.go index 3858d78c2ee9..d5512cc5d3b4 100644 --- a/pkg/iac/adapters/arm/appservice/adapt.go +++ b/pkg/iac/adapters/arm/appservice/adapt.go @@ -3,7 +3,7 @@ package appservice import ( "github.com/aquasecurity/trivy/pkg/iac/providers/azure/appservice" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(deployment azure.Deployment) appservice.AppService { @@ -41,15 +41,15 @@ func adaptService(resource azure.Resource) appservice.Service { return appservice.Service{ Metadata: resource.Metadata, EnableClientCert: resource.Properties.GetMapValue("clientCertEnabled").AsBoolValue(false, resource.Properties.GetMetadata()), - Identity: struct{ Type defsecTypes.StringValue }{ + Identity: struct{ Type iacTypes.StringValue }{ Type: resource.Properties.GetMapValue("identity").GetMapValue("type").AsStringValue("", resource.Properties.GetMetadata()), }, - Authentication: struct{ Enabled defsecTypes.BoolValue }{ + Authentication: struct{ Enabled iacTypes.BoolValue }{ Enabled: resource.Properties.GetMapValue("siteAuthSettings").GetMapValue("enabled").AsBoolValue(false, resource.Properties.GetMetadata()), }, Site: struct { - EnableHTTP2 defsecTypes.BoolValue - MinimumTLSVersion defsecTypes.StringValue + EnableHTTP2 iacTypes.BoolValue + MinimumTLSVersion iacTypes.StringValue }{ EnableHTTP2: resource.Properties.GetMapValue("httpsOnly").AsBoolValue(false, resource.Properties.GetMetadata()), MinimumTLSVersion: resource.Properties.GetMapValue("minTlsVersion").AsStringValue("", resource.Properties.GetMetadata()), diff --git a/pkg/iac/adapters/arm/compute/adapt.go b/pkg/iac/adapters/arm/compute/adapt.go index aa85aa52eddf..bdcbfac500fd 100644 --- a/pkg/iac/adapters/arm/compute/adapt.go +++ b/pkg/iac/adapters/arm/compute/adapt.go @@ -3,7 +3,7 @@ package compute import ( "github.com/aquasecurity/trivy/pkg/iac/providers/azure/compute" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(deployment azure.Deployment) compute.Compute { @@ -30,7 +30,7 @@ func adaptManagedDisk(resource azure.Resource) compute.ManagedDisk { Metadata: resource.Metadata, Encryption: compute.Encryption{ Metadata: resource.Metadata, - Enabled: defsecTypes.Bool(hasEncryption, resource.Metadata), + Enabled: iacTypes.Bool(hasEncryption, resource.Metadata), }, } } diff --git a/pkg/iac/adapters/arm/database/mssql.go b/pkg/iac/adapters/arm/database/mssql.go index 25d69a73c6e2..95cc41ed6b25 100644 --- a/pkg/iac/adapters/arm/database/mssql.go +++ b/pkg/iac/adapters/arm/database/mssql.go @@ -3,7 +3,7 @@ package database import ( "github.com/aquasecurity/trivy/pkg/iac/providers/azure/database" azure2 "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptMSSQLServers(deployment azure2.Deployment) (msSQlServers []database.MSSQLServer) { @@ -52,8 +52,8 @@ func adaptSecurityAlertPolicies(resource azure2.Resource, deployment azure2.Depl return policies } -func adaptStringList(value azure2.Value) []defsecTypes.StringValue { - var list []defsecTypes.StringValue +func adaptStringList(value azure2.Value) []iacTypes.StringValue { + var list []iacTypes.StringValue for _, v := range value.AsList() { list = append(list, v.AsStringValue("", value.Metadata)) } diff --git a/pkg/iac/adapters/arm/database/postgresql.go b/pkg/iac/adapters/arm/database/postgresql.go index 6314bf494c7d..155667c65f39 100644 --- a/pkg/iac/adapters/arm/database/postgresql.go +++ b/pkg/iac/adapters/arm/database/postgresql.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/azure/database" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptPostgreSQLServers(deployment azure.Deployment) (databases []database.PostgreSQLServer) { @@ -37,9 +37,9 @@ func adaptPostgreSQLConfiguration(resource azure.Resource, deployment azure.Depl config := database.PostgresSQLConfig{ Metadata: resource.Metadata, - LogCheckpoints: defsecTypes.BoolDefault(false, resource.Metadata), - ConnectionThrottling: defsecTypes.BoolDefault(false, resource.Metadata), - LogConnections: defsecTypes.BoolDefault(false, resource.Metadata), + LogCheckpoints: iacTypes.BoolDefault(false, resource.Metadata), + ConnectionThrottling: iacTypes.BoolDefault(false, resource.Metadata), + LogConnections: iacTypes.BoolDefault(false, resource.Metadata), } for _, configuration := range deployment.GetResourcesByType("Microsoft.DBforPostgreSQL/servers/configurations") { diff --git a/pkg/iac/adapters/arm/network/adapt.go b/pkg/iac/adapters/arm/network/adapt.go index 6145ad5215d3..5201b84761e7 100644 --- a/pkg/iac/adapters/arm/network/adapt.go +++ b/pkg/iac/adapters/arm/network/adapt.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/azure/network" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(deployment azure.Deployment) network.Network { @@ -57,14 +57,14 @@ func adaptSecurityGroupRule(resource azure.Resource) network.SecurityGroupRule { } destinationPortRanges = append(destinationPortRanges, expandRange(resource.Properties.GetMapValue("destinationPortRange").AsString(), resource.Metadata)) - allow := defsecTypes.BoolDefault(false, resource.Metadata) + allow := iacTypes.BoolDefault(false, resource.Metadata) if resource.Properties.GetMapValue("access").AsString() == "Allow" { - allow = defsecTypes.Bool(true, resource.Metadata) + allow = iacTypes.Bool(true, resource.Metadata) } - outbound := defsecTypes.BoolDefault(false, resource.Metadata) + outbound := iacTypes.BoolDefault(false, resource.Metadata) if resource.Properties.GetMapValue("direction").AsString() == "Outbound" { - outbound = defsecTypes.Bool(true, resource.Metadata) + outbound = iacTypes.Bool(true, resource.Metadata) } return network.SecurityGroupRule{ @@ -97,7 +97,7 @@ func adaptNetworkWatcherFlowLog(resource azure.Resource) network.NetworkWatcherF } } -func expandRange(r string, m defsecTypes.Metadata) network.PortRange { +func expandRange(r string, m iacTypes.Metadata) network.PortRange { start := 0 end := 65535 switch { diff --git a/pkg/iac/adapters/cloudformation/aws/config/aggregator.go b/pkg/iac/adapters/cloudformation/aws/config/aggregator.go index 4acd00b31d61..1f34c21591b0 100644 --- a/pkg/iac/adapters/cloudformation/aws/config/aggregator.go +++ b/pkg/iac/adapters/cloudformation/aws/config/aggregator.go @@ -3,14 +3,14 @@ package config import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/config" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getConfigurationAggregator(ctx parser2.FileContext) config.ConfigurationAggregrator { aggregator := config.ConfigurationAggregrator{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - SourceAllRegions: defsecTypes.BoolDefault(false, ctx.Metadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + SourceAllRegions: iacTypes.BoolDefault(false, ctx.Metadata()), } aggregatorResources := ctx.GetResourcesByType("AWS::Config::ConfigurationAggregator") @@ -25,7 +25,7 @@ func getConfigurationAggregator(ctx parser2.FileContext) config.ConfigurationAgg } } -func isSourcingAllRegions(r *parser2.Resource) defsecTypes.BoolValue { +func isSourcingAllRegions(r *parser2.Resource) iacTypes.BoolValue { accountProp := r.GetProperty("AccountAggregationSources") if accountProp.IsNotNil() && accountProp.IsList() { diff --git a/pkg/iac/adapters/cloudformation/aws/dynamodb/cluster.go b/pkg/iac/adapters/cloudformation/aws/dynamodb/cluster.go index 8432f40005c1..8a350236134c 100644 --- a/pkg/iac/adapters/cloudformation/aws/dynamodb/cluster.go +++ b/pkg/iac/adapters/cloudformation/aws/dynamodb/cluster.go @@ -3,7 +3,7 @@ package dynamodb import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/dynamodb" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getClusters(file parser.FileContext) (clusters []dynamodb.DAXCluster) { @@ -15,17 +15,17 @@ func getClusters(file parser.FileContext) (clusters []dynamodb.DAXCluster) { Metadata: r.Metadata(), ServerSideEncryption: dynamodb.ServerSideEncryption{ Metadata: r.Metadata(), - Enabled: defsecTypes.BoolDefault(false, r.Metadata()), - KMSKeyID: defsecTypes.StringDefault("", r.Metadata()), + Enabled: iacTypes.BoolDefault(false, r.Metadata()), + KMSKeyID: iacTypes.StringDefault("", r.Metadata()), }, - PointInTimeRecovery: defsecTypes.BoolUnresolvable(r.Metadata()), + PointInTimeRecovery: iacTypes.BoolUnresolvable(r.Metadata()), } if sseProp := r.GetProperty("SSESpecification"); sseProp.IsNotNil() { cluster.ServerSideEncryption = dynamodb.ServerSideEncryption{ Metadata: sseProp.Metadata(), Enabled: r.GetBoolProperty("SSESpecification.SSEEnabled"), - KMSKeyID: defsecTypes.StringUnresolvable(sseProp.Metadata()), + KMSKeyID: iacTypes.StringUnresolvable(sseProp.Metadata()), } } diff --git a/pkg/iac/adapters/cloudformation/aws/ec2/instance.go b/pkg/iac/adapters/cloudformation/aws/ec2/instance.go index d3c1f7a43bb5..8a7952f9b809 100644 --- a/pkg/iac/adapters/cloudformation/aws/ec2/instance.go +++ b/pkg/iac/adapters/cloudformation/aws/ec2/instance.go @@ -3,7 +3,7 @@ package ec2 import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getInstances(ctx parser2.FileContext) (instances []ec2.Instance) { @@ -16,8 +16,8 @@ func getInstances(ctx parser2.FileContext) (instances []ec2.Instance) { // https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/655 MetadataOptions: ec2.MetadataOptions{ Metadata: r.Metadata(), - HttpTokens: defsecTypes.StringDefault("optional", r.Metadata()), - HttpEndpoint: defsecTypes.StringDefault("enabled", r.Metadata()), + HttpTokens: iacTypes.StringDefault("optional", r.Metadata()), + HttpEndpoint: iacTypes.StringDefault("enabled", r.Metadata()), }, UserData: r.GetStringProperty("UserData"), } @@ -29,7 +29,7 @@ func getInstances(ctx parser2.FileContext) (instances []ec2.Instance) { if instance.RootBlockDevice == nil { instance.RootBlockDevice = &ec2.BlockDevice{ Metadata: r.Metadata(), - Encrypted: defsecTypes.BoolDefault(false, r.Metadata()), + Encrypted: iacTypes.BoolDefault(false, r.Metadata()), } } diff --git a/pkg/iac/adapters/cloudformation/aws/ec2/nacl.go b/pkg/iac/adapters/cloudformation/aws/ec2/nacl.go index 21d5546ffadf..0f908f78ae08 100644 --- a/pkg/iac/adapters/cloudformation/aws/ec2/nacl.go +++ b/pkg/iac/adapters/cloudformation/aws/ec2/nacl.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getNetworkACLs(ctx parser.FileContext) (acls []ec2.NetworkACL) { @@ -13,7 +13,7 @@ func getNetworkACLs(ctx parser.FileContext) (acls []ec2.NetworkACL) { acl := ec2.NetworkACL{ Metadata: aclResource.Metadata(), Rules: getRules(aclResource.ID(), ctx), - IsDefaultRule: defsecTypes.BoolDefault(false, aclResource.Metadata()), + IsDefaultRule: iacTypes.BoolDefault(false, aclResource.Metadata()), } acls = append(acls, acl) } @@ -27,31 +27,31 @@ func getRules(id string, ctx parser.FileContext) (rules []ec2.NetworkACLRule) { rule := ec2.NetworkACLRule{ Metadata: ruleResource.Metadata(), - Type: defsecTypes.StringDefault(ec2.TypeIngress, ruleResource.Metadata()), - Action: defsecTypes.StringDefault(ec2.ActionAllow, ruleResource.Metadata()), - Protocol: defsecTypes.String("-1", ruleResource.Metadata()), + Type: iacTypes.StringDefault(ec2.TypeIngress, ruleResource.Metadata()), + Action: iacTypes.StringDefault(ec2.ActionAllow, ruleResource.Metadata()), + Protocol: iacTypes.String("-1", ruleResource.Metadata()), CIDRs: nil, } if egressProperty := ruleResource.GetProperty("Egress"); egressProperty.IsBool() { if egressProperty.AsBool() { - rule.Type = defsecTypes.String(ec2.TypeEgress, egressProperty.Metadata()) + rule.Type = iacTypes.String(ec2.TypeEgress, egressProperty.Metadata()) } else { - rule.Type = defsecTypes.String(ec2.TypeIngress, egressProperty.Metadata()) + rule.Type = iacTypes.String(ec2.TypeIngress, egressProperty.Metadata()) } } if actionProperty := ruleResource.GetProperty("RuleAction"); actionProperty.IsString() { if actionProperty.AsString() == ec2.ActionAllow { - rule.Action = defsecTypes.String(ec2.ActionAllow, actionProperty.Metadata()) + rule.Action = iacTypes.String(ec2.ActionAllow, actionProperty.Metadata()) } else { - rule.Action = defsecTypes.String(ec2.ActionDeny, actionProperty.Metadata()) + rule.Action = iacTypes.String(ec2.ActionDeny, actionProperty.Metadata()) } } if protocolProperty := ruleResource.GetProperty("Protocol"); protocolProperty.IsInt() { protocol := protocolProperty.AsIntValue().Value() - rule.Protocol = defsecTypes.String(strconv.Itoa(protocol), protocolProperty.Metadata()) + rule.Protocol = iacTypes.String(strconv.Itoa(protocol), protocolProperty.Metadata()) } if ipv4Cidr := ruleResource.GetProperty("CidrBlock"); ipv4Cidr.IsString() { diff --git a/pkg/iac/adapters/cloudformation/aws/ecr/repository.go b/pkg/iac/adapters/cloudformation/aws/ecr/repository.go index 83a319a200dd..886be64037a3 100644 --- a/pkg/iac/adapters/cloudformation/aws/ecr/repository.go +++ b/pkg/iac/adapters/cloudformation/aws/ecr/repository.go @@ -8,7 +8,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ecr" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getRepositories(ctx parser2.FileContext) (repositories []ecr.Repository) { @@ -21,14 +21,14 @@ func getRepositories(ctx parser2.FileContext) (repositories []ecr.Repository) { Metadata: r.Metadata(), ImageScanning: ecr.ImageScanning{ Metadata: r.Metadata(), - ScanOnPush: defsecTypes.BoolDefault(false, r.Metadata()), + ScanOnPush: iacTypes.BoolDefault(false, r.Metadata()), }, ImageTagsImmutable: hasImmutableImageTags(r), Policies: nil, Encryption: ecr.Encryption{ Metadata: r.Metadata(), - Type: defsecTypes.StringDefault(ecr.EncryptionTypeAES256, r.Metadata()), - KMSKeyID: defsecTypes.StringDefault("", r.Metadata()), + Type: iacTypes.StringDefault(ecr.EncryptionTypeAES256, r.Metadata()), + KMSKeyID: iacTypes.StringDefault("", r.Metadata()), }, } @@ -70,22 +70,22 @@ func getPolicy(r *parser2.Resource) (*iam.Policy, error) { return &iam.Policy{ Metadata: policyProp.Metadata(), - Name: defsecTypes.StringDefault("", policyProp.Metadata()), + Name: iacTypes.StringDefault("", policyProp.Metadata()), Document: iam.Document{ Metadata: policyProp.Metadata(), Parsed: *parsed, }, - Builtin: defsecTypes.Bool(false, policyProp.Metadata()), + Builtin: iacTypes.Bool(false, policyProp.Metadata()), }, nil } -func hasImmutableImageTags(r *parser2.Resource) defsecTypes.BoolValue { +func hasImmutableImageTags(r *parser2.Resource) iacTypes.BoolValue { mutabilityProp := r.GetProperty("ImageTagMutability") if mutabilityProp.IsNil() { - return defsecTypes.BoolDefault(false, r.Metadata()) + return iacTypes.BoolDefault(false, r.Metadata()) } if !mutabilityProp.EqualTo("IMMUTABLE") { - return defsecTypes.Bool(false, mutabilityProp.Metadata()) + return iacTypes.Bool(false, mutabilityProp.Metadata()) } - return defsecTypes.Bool(true, mutabilityProp.Metadata()) + return iacTypes.Bool(true, mutabilityProp.Metadata()) } diff --git a/pkg/iac/adapters/cloudformation/aws/eks/cluster.go b/pkg/iac/adapters/cloudformation/aws/eks/cluster.go index 290961933aa7..07adedf06c21 100644 --- a/pkg/iac/adapters/cloudformation/aws/eks/cluster.go +++ b/pkg/iac/adapters/cloudformation/aws/eks/cluster.go @@ -3,7 +3,7 @@ package eks import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/eks" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getClusters(ctx parser2.FileContext) (clusters []eks.Cluster) { @@ -16,15 +16,15 @@ func getClusters(ctx parser2.FileContext) (clusters []eks.Cluster) { // Logging not supported for cloudformation https://github.com/aws/containers-roadmap/issues/242 Logging: eks.Logging{ Metadata: r.Metadata(), - API: defsecTypes.BoolUnresolvable(r.Metadata()), - Audit: defsecTypes.BoolUnresolvable(r.Metadata()), - Authenticator: defsecTypes.BoolUnresolvable(r.Metadata()), - ControllerManager: defsecTypes.BoolUnresolvable(r.Metadata()), - Scheduler: defsecTypes.BoolUnresolvable(r.Metadata()), + API: iacTypes.BoolUnresolvable(r.Metadata()), + Audit: iacTypes.BoolUnresolvable(r.Metadata()), + Authenticator: iacTypes.BoolUnresolvable(r.Metadata()), + ControllerManager: iacTypes.BoolUnresolvable(r.Metadata()), + Scheduler: iacTypes.BoolUnresolvable(r.Metadata()), }, Encryption: getEncryptionConfig(r), // endpoint protection not supported - https://github.com/aws/containers-roadmap/issues/242 - PublicAccessEnabled: defsecTypes.BoolUnresolvable(r.Metadata()), + PublicAccessEnabled: iacTypes.BoolUnresolvable(r.Metadata()), PublicAccessCIDRs: nil, } @@ -37,8 +37,8 @@ func getEncryptionConfig(r *parser2.Resource) eks.Encryption { encryption := eks.Encryption{ Metadata: r.Metadata(), - Secrets: defsecTypes.BoolDefault(false, r.Metadata()), - KMSKeyID: defsecTypes.StringDefault("", r.Metadata()), + Secrets: iacTypes.BoolDefault(false, r.Metadata()), + KMSKeyID: iacTypes.StringDefault("", r.Metadata()), } if encProp := r.GetProperty("EncryptionConfig"); encProp.IsNotNil() { @@ -47,7 +47,7 @@ func getEncryptionConfig(r *parser2.Resource) eks.Encryption { resourcesProp := encProp.GetProperty("Resources") if resourcesProp.IsList() { if resourcesProp.Contains("secrets") { - encryption.Secrets = defsecTypes.Bool(true, resourcesProp.Metadata()) + encryption.Secrets = iacTypes.Bool(true, resourcesProp.Metadata()) } } } diff --git a/pkg/iac/adapters/cloudformation/aws/elasticsearch/domain.go b/pkg/iac/adapters/cloudformation/aws/elasticsearch/domain.go index 3c8b4dd2d428..5ff46bc41cbd 100644 --- a/pkg/iac/adapters/cloudformation/aws/elasticsearch/domain.go +++ b/pkg/iac/adapters/cloudformation/aws/elasticsearch/domain.go @@ -3,7 +3,7 @@ package elasticsearch import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elasticsearch" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getDomains(ctx parser.FileContext) (domains []elasticsearch.Domain) { @@ -17,32 +17,32 @@ func getDomains(ctx parser.FileContext) (domains []elasticsearch.Domain) { DomainName: r.GetStringProperty("DomainName"), AccessPolicies: r.GetStringProperty("AccessPolicies"), DedicatedMasterEnabled: r.GetBoolProperty("ElasticsearchClusterConfig.DedicatedMasterEnabled"), - VpcId: defsecTypes.String("", r.Metadata()), + VpcId: iacTypes.String("", r.Metadata()), LogPublishing: elasticsearch.LogPublishing{ Metadata: r.Metadata(), - AuditEnabled: defsecTypes.BoolDefault(false, r.Metadata()), - CloudWatchLogGroupArn: defsecTypes.String("", r.Metadata()), + AuditEnabled: iacTypes.BoolDefault(false, r.Metadata()), + CloudWatchLogGroupArn: iacTypes.String("", r.Metadata()), }, TransitEncryption: elasticsearch.TransitEncryption{ Metadata: r.Metadata(), - Enabled: defsecTypes.BoolDefault(false, r.Metadata()), + Enabled: iacTypes.BoolDefault(false, r.Metadata()), }, AtRestEncryption: elasticsearch.AtRestEncryption{ Metadata: r.Metadata(), - Enabled: defsecTypes.BoolDefault(false, r.Metadata()), - KmsKeyId: defsecTypes.String("", r.Metadata()), + Enabled: iacTypes.BoolDefault(false, r.Metadata()), + KmsKeyId: iacTypes.String("", r.Metadata()), }, Endpoint: elasticsearch.Endpoint{ Metadata: r.Metadata(), - EnforceHTTPS: defsecTypes.BoolDefault(false, r.Metadata()), - TLSPolicy: defsecTypes.StringDefault("Policy-Min-TLS-1-0-2019-07", r.Metadata()), + EnforceHTTPS: iacTypes.BoolDefault(false, r.Metadata()), + TLSPolicy: iacTypes.StringDefault("Policy-Min-TLS-1-0-2019-07", r.Metadata()), }, ServiceSoftwareOptions: elasticsearch.ServiceSoftwareOptions{ Metadata: r.Metadata(), - CurrentVersion: defsecTypes.String("", r.Metadata()), - NewVersion: defsecTypes.String("", r.Metadata()), - UpdateStatus: defsecTypes.String("", r.Metadata()), - UpdateAvailable: defsecTypes.Bool(false, r.Metadata()), + CurrentVersion: iacTypes.String("", r.Metadata()), + NewVersion: iacTypes.String("", r.Metadata()), + UpdateStatus: iacTypes.String("", r.Metadata()), + UpdateAvailable: iacTypes.Bool(false, r.Metadata()), }, } diff --git a/pkg/iac/adapters/cloudformation/aws/iam/iam.go b/pkg/iac/adapters/cloudformation/aws/iam/iam.go index 06a5ed65795b..d3aab1646534 100644 --- a/pkg/iac/adapters/cloudformation/aws/iam/iam.go +++ b/pkg/iac/adapters/cloudformation/aws/iam/iam.go @@ -3,21 +3,21 @@ package iam import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) // Adapt adapts an IAM instance func Adapt(cfFile parser.FileContext) iam.IAM { return iam.IAM{ PasswordPolicy: iam.PasswordPolicy{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - ReusePreventionCount: defsecTypes.IntDefault(0, defsecTypes.NewUnmanagedMetadata()), - RequireLowercase: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - RequireUppercase: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - RequireNumbers: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - RequireSymbols: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - MaxAgeDays: defsecTypes.IntDefault(0, defsecTypes.NewUnmanagedMetadata()), - MinimumLength: defsecTypes.IntDefault(0, defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + ReusePreventionCount: iacTypes.IntDefault(0, iacTypes.NewUnmanagedMetadata()), + RequireLowercase: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + RequireUppercase: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + RequireNumbers: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + RequireSymbols: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + MaxAgeDays: iacTypes.IntDefault(0, iacTypes.NewUnmanagedMetadata()), + MinimumLength: iacTypes.IntDefault(0, iacTypes.NewUnmanagedMetadata()), }, Policies: getPolicies(cfFile), Groups: getGroups(cfFile), diff --git a/pkg/iac/adapters/cloudformation/aws/iam/policy.go b/pkg/iac/adapters/cloudformation/aws/iam/policy.go index 91088de981c6..9843c8cdaa43 100644 --- a/pkg/iac/adapters/cloudformation/aws/iam/policy.go +++ b/pkg/iac/adapters/cloudformation/aws/iam/policy.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getPolicies(ctx parser2.FileContext) (policies []iam.Policy) { @@ -18,7 +18,7 @@ func getPolicies(ctx parser2.FileContext) (policies []iam.Policy) { Metadata: policyResource.Metadata(), Parsed: iamgo.Document{}, }, - Builtin: defsecTypes.Bool(false, policyResource.Metadata()), + Builtin: iacTypes.Bool(false, policyResource.Metadata()), } if policyProp := policyResource.GetProperty("PolicyDocument"); policyProp.IsNotNil() { @@ -56,7 +56,7 @@ func getUsers(ctx parser2.FileContext) (users []iam.User) { users = append(users, iam.User{ Metadata: userResource.Metadata(), Name: userName, - LastAccess: defsecTypes.TimeUnresolvable(userResource.Metadata()), + LastAccess: iacTypes.TimeUnresolvable(userResource.Metadata()), Policies: getPoliciesDocs(policyProp), AccessKeys: getAccessKeys(ctx, userName.Value()), }) @@ -70,16 +70,16 @@ func getAccessKeys(ctx parser2.FileContext, username string) (accessKeys []iam.A if !keyUsername.EqualTo(username) { continue } - active := defsecTypes.BoolDefault(false, keyResource.Metadata()) + active := iacTypes.BoolDefault(false, keyResource.Metadata()) if statusProp := keyResource.GetProperty("Status"); statusProp.IsString() { - active = defsecTypes.Bool(statusProp.AsString() == "Active", statusProp.Metadata()) + active = iacTypes.Bool(statusProp.AsString() == "Active", statusProp.Metadata()) } accessKeys = append(accessKeys, iam.AccessKey{ Metadata: keyResource.Metadata(), - AccessKeyId: defsecTypes.StringUnresolvable(keyResource.Metadata()), - CreationDate: defsecTypes.TimeUnresolvable(keyResource.Metadata()), - LastAccess: defsecTypes.TimeUnresolvable(keyResource.Metadata()), + AccessKeyId: iacTypes.StringUnresolvable(keyResource.Metadata()), + CreationDate: iacTypes.TimeUnresolvable(keyResource.Metadata()), + LastAccess: iacTypes.TimeUnresolvable(keyResource.Metadata()), Active: active, }) } @@ -119,7 +119,7 @@ func getPoliciesDocs(policiesProp *parser2.Property) []iam.Policy { Metadata: policyProp.Metadata(), Parsed: *doc, }, - Builtin: defsecTypes.Bool(false, policyProp.Metadata()), + Builtin: iacTypes.Bool(false, policyProp.Metadata()), }) } return policies diff --git a/pkg/iac/adapters/cloudformation/aws/msk/cluster.go b/pkg/iac/adapters/cloudformation/aws/msk/cluster.go index a530ac37dc03..c55d5745e22b 100644 --- a/pkg/iac/adapters/cloudformation/aws/msk/cluster.go +++ b/pkg/iac/adapters/cloudformation/aws/msk/cluster.go @@ -3,7 +3,7 @@ package msk import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/msk" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getClusters(ctx parser.FileContext) (clusters []msk.Cluster) { @@ -13,12 +13,12 @@ func getClusters(ctx parser.FileContext) (clusters []msk.Cluster) { Metadata: r.Metadata(), EncryptionInTransit: msk.EncryptionInTransit{ Metadata: r.Metadata(), - ClientBroker: defsecTypes.StringDefault("TLS", r.Metadata()), + ClientBroker: iacTypes.StringDefault("TLS", r.Metadata()), }, EncryptionAtRest: msk.EncryptionAtRest{ Metadata: r.Metadata(), - KMSKeyARN: defsecTypes.StringDefault("", r.Metadata()), - Enabled: defsecTypes.BoolDefault(false, r.Metadata()), + KMSKeyARN: iacTypes.StringDefault("", r.Metadata()), + Enabled: iacTypes.BoolDefault(false, r.Metadata()), }, Logging: msk.Logging{ Metadata: r.Metadata(), @@ -26,15 +26,15 @@ func getClusters(ctx parser.FileContext) (clusters []msk.Cluster) { Metadata: r.Metadata(), S3: msk.S3Logging{ Metadata: r.Metadata(), - Enabled: defsecTypes.BoolDefault(false, r.Metadata()), + Enabled: iacTypes.BoolDefault(false, r.Metadata()), }, Cloudwatch: msk.CloudwatchLogging{ Metadata: r.Metadata(), - Enabled: defsecTypes.BoolDefault(false, r.Metadata()), + Enabled: iacTypes.BoolDefault(false, r.Metadata()), }, Firehose: msk.FirehoseLogging{ Metadata: r.Metadata(), - Enabled: defsecTypes.BoolDefault(false, r.Metadata()), + Enabled: iacTypes.BoolDefault(false, r.Metadata()), }, }, }, @@ -51,7 +51,7 @@ func getClusters(ctx parser.FileContext) (clusters []msk.Cluster) { cluster.EncryptionAtRest = msk.EncryptionAtRest{ Metadata: encAtRestProp.Metadata(), KMSKeyARN: encAtRestProp.GetStringProperty("DataVolumeKMSKeyId", ""), - Enabled: defsecTypes.BoolDefault(true, encAtRestProp.Metadata()), + Enabled: iacTypes.BoolDefault(true, encAtRestProp.Metadata()), } } diff --git a/pkg/iac/adapters/cloudformation/aws/rds/cluster.go b/pkg/iac/adapters/cloudformation/aws/rds/cluster.go index e36eb8e39ac0..87bbc7ae64ba 100644 --- a/pkg/iac/adapters/cloudformation/aws/rds/cluster.go +++ b/pkg/iac/adapters/cloudformation/aws/rds/cluster.go @@ -3,7 +3,7 @@ package rds import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/rds" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getClusters(ctx parser.FileContext) (clusters map[string]rds.Cluster) { @@ -22,9 +22,9 @@ func getClusters(ctx parser.FileContext) (clusters map[string]rds.Cluster) { EncryptStorage: clusterResource.GetBoolProperty("StorageEncrypted"), KMSKeyID: clusterResource.GetStringProperty("KmsKeyId"), }, - PublicAccess: defsecTypes.BoolDefault(false, clusterResource.Metadata()), + PublicAccess: iacTypes.BoolDefault(false, clusterResource.Metadata()), Engine: clusterResource.GetStringProperty("Engine", rds.EngineAurora), - LatestRestorableTime: defsecTypes.TimeUnresolvable(clusterResource.Metadata()), + LatestRestorableTime: iacTypes.TimeUnresolvable(clusterResource.Metadata()), DeletionProtection: clusterResource.GetBoolProperty("DeletionProtection"), } } diff --git a/pkg/iac/adapters/cloudformation/aws/s3/bucket.go b/pkg/iac/adapters/cloudformation/aws/s3/bucket.go index b1a86d8f6f50..20a69d0416c1 100644 --- a/pkg/iac/adapters/cloudformation/aws/s3/bucket.go +++ b/pkg/iac/adapters/cloudformation/aws/s3/bucket.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/s3" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) var aclConvertRegex = regexp.MustCompile(`[A-Z][^A-Z]*`) @@ -24,14 +24,14 @@ func getBuckets(cfFile parser2.FileContext) []s3.Bucket { Versioning: s3.Versioning{ Metadata: r.Metadata(), Enabled: hasVersioning(r), - MFADelete: defsecTypes.BoolUnresolvable(r.Metadata()), + MFADelete: iacTypes.BoolUnresolvable(r.Metadata()), }, Logging: getLogging(r), ACL: convertAclValue(r.GetStringProperty("AccessControl", "private")), LifecycleConfiguration: getLifecycle(r), AccelerateConfigurationStatus: r.GetStringProperty("AccelerateConfiguration.AccelerationStatus"), Website: getWebsite(r), - BucketLocation: defsecTypes.String("", r.Metadata()), + BucketLocation: iacTypes.String("", r.Metadata()), Objects: nil, } @@ -54,34 +54,34 @@ func getPublicAccessBlock(r *parser2.Resource) *s3.PublicAccessBlock { } } -func convertAclValue(aclValue defsecTypes.StringValue) defsecTypes.StringValue { +func convertAclValue(aclValue iacTypes.StringValue) iacTypes.StringValue { matches := aclConvertRegex.FindAllString(aclValue.Value(), -1) - return defsecTypes.String(strings.ToLower(strings.Join(matches, "-")), aclValue.GetMetadata()) + return iacTypes.String(strings.ToLower(strings.Join(matches, "-")), aclValue.GetMetadata()) } func getLogging(r *parser2.Resource) s3.Logging { logging := s3.Logging{ Metadata: r.Metadata(), - Enabled: defsecTypes.BoolDefault(false, r.Metadata()), - TargetBucket: defsecTypes.StringDefault("", r.Metadata()), + Enabled: iacTypes.BoolDefault(false, r.Metadata()), + TargetBucket: iacTypes.StringDefault("", r.Metadata()), } if config := r.GetProperty("LoggingConfiguration"); config.IsNotNil() { logging.TargetBucket = config.GetStringProperty("DestinationBucketName") if logging.TargetBucket.IsNotEmpty() || !logging.TargetBucket.GetMetadata().IsResolvable() { - logging.Enabled = defsecTypes.Bool(true, config.Metadata()) + logging.Enabled = iacTypes.Bool(true, config.Metadata()) } } return logging } -func hasVersioning(r *parser2.Resource) defsecTypes.BoolValue { +func hasVersioning(r *parser2.Resource) iacTypes.BoolValue { versioningProp := r.GetProperty("VersioningConfiguration.Status") if versioningProp.IsNil() { - return defsecTypes.BoolDefault(false, r.Metadata()) + return iacTypes.BoolDefault(false, r.Metadata()) } versioningEnabled := false @@ -89,22 +89,22 @@ func hasVersioning(r *parser2.Resource) defsecTypes.BoolValue { versioningEnabled = true } - return defsecTypes.Bool(versioningEnabled, versioningProp.Metadata()) + return iacTypes.Bool(versioningEnabled, versioningProp.Metadata()) } func getEncryption(r *parser2.Resource, _ parser2.FileContext) s3.Encryption { encryption := s3.Encryption{ Metadata: r.Metadata(), - Enabled: defsecTypes.BoolDefault(false, r.Metadata()), - Algorithm: defsecTypes.StringDefault("", r.Metadata()), - KMSKeyId: defsecTypes.StringDefault("", r.Metadata()), + Enabled: iacTypes.BoolDefault(false, r.Metadata()), + Algorithm: iacTypes.StringDefault("", r.Metadata()), + KMSKeyId: iacTypes.StringDefault("", r.Metadata()), } if encryptProps := r.GetProperty("BucketEncryption.ServerSideEncryptionConfiguration"); encryptProps.IsNotNil() { for _, rule := range encryptProps.AsList() { if algo := rule.GetProperty("ServerSideEncryptionByDefault.SSEAlgorithm"); algo.EqualTo("AES256") { - encryption.Enabled = defsecTypes.Bool(true, algo.Metadata()) + encryption.Enabled = iacTypes.Bool(true, algo.Metadata()) } else if kmsKeyProp := rule.GetProperty("ServerSideEncryptionByDefault.KMSMasterKeyID"); !kmsKeyProp.IsEmpty() && kmsKeyProp.IsString() { encryption.KMSKeyId = kmsKeyProp.AsStringValue() } diff --git a/pkg/iac/adapters/cloudformation/aws/sam/api.go b/pkg/iac/adapters/cloudformation/aws/sam/api.go index 11fd0a86184b..d42010166914 100644 --- a/pkg/iac/adapters/cloudformation/aws/sam/api.go +++ b/pkg/iac/adapters/cloudformation/aws/sam/api.go @@ -3,7 +3,7 @@ package sam import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sam" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getApis(cfFile parser2.FileContext) (apis []sam.API) { @@ -29,10 +29,10 @@ func getRestMethodSettings(r *parser2.Resource) sam.RESTMethodSettings { settings := sam.RESTMethodSettings{ Metadata: r.Metadata(), - CacheDataEncrypted: defsecTypes.BoolDefault(false, r.Metadata()), - LoggingEnabled: defsecTypes.BoolDefault(false, r.Metadata()), - DataTraceEnabled: defsecTypes.BoolDefault(false, r.Metadata()), - MetricsEnabled: defsecTypes.BoolDefault(false, r.Metadata()), + CacheDataEncrypted: iacTypes.BoolDefault(false, r.Metadata()), + LoggingEnabled: iacTypes.BoolDefault(false, r.Metadata()), + DataTraceEnabled: iacTypes.BoolDefault(false, r.Metadata()), + MetricsEnabled: iacTypes.BoolDefault(false, r.Metadata()), } settingsProp := r.GetProperty("MethodSettings") @@ -41,16 +41,16 @@ func getRestMethodSettings(r *parser2.Resource) sam.RESTMethodSettings { settings = sam.RESTMethodSettings{ Metadata: settingsProp.Metadata(), CacheDataEncrypted: settingsProp.GetBoolProperty("CacheDataEncrypted"), - LoggingEnabled: defsecTypes.BoolDefault(false, settingsProp.Metadata()), + LoggingEnabled: iacTypes.BoolDefault(false, settingsProp.Metadata()), DataTraceEnabled: settingsProp.GetBoolProperty("DataTraceEnabled"), MetricsEnabled: settingsProp.GetBoolProperty("MetricsEnabled"), } if loggingLevel := settingsProp.GetProperty("LoggingLevel"); loggingLevel.IsNotNil() { if loggingLevel.EqualTo("OFF", parser2.IgnoreCase) { - settings.LoggingEnabled = defsecTypes.Bool(false, loggingLevel.Metadata()) + settings.LoggingEnabled = iacTypes.Bool(false, loggingLevel.Metadata()) } else { - settings.LoggingEnabled = defsecTypes.Bool(true, loggingLevel.Metadata()) + settings.LoggingEnabled = iacTypes.Bool(true, loggingLevel.Metadata()) } } } @@ -62,7 +62,7 @@ func getAccessLogging(r *parser2.Resource) sam.AccessLogging { logging := sam.AccessLogging{ Metadata: r.Metadata(), - CloudwatchLogGroupARN: defsecTypes.StringDefault("", r.Metadata()), + CloudwatchLogGroupARN: iacTypes.StringDefault("", r.Metadata()), } if access := r.GetProperty("AccessLogSetting"); access.IsNotNil() { @@ -79,8 +79,8 @@ func getDomainConfiguration(r *parser2.Resource) sam.DomainConfiguration { domainConfig := sam.DomainConfiguration{ Metadata: r.Metadata(), - Name: defsecTypes.StringDefault("", r.Metadata()), - SecurityPolicy: defsecTypes.StringDefault("TLS_1_0", r.Metadata()), + Name: iacTypes.StringDefault("", r.Metadata()), + SecurityPolicy: iacTypes.StringDefault("TLS_1_0", r.Metadata()), } if domain := r.GetProperty("Domain"); domain.IsNotNil() { diff --git a/pkg/iac/adapters/cloudformation/aws/sam/function.go b/pkg/iac/adapters/cloudformation/aws/sam/function.go index 9ffaa7446c90..f6f2cfd747a6 100644 --- a/pkg/iac/adapters/cloudformation/aws/sam/function.go +++ b/pkg/iac/adapters/cloudformation/aws/sam/function.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sam" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getFunctions(cfFile parser2.FileContext) (functions []sam.Function) { @@ -42,12 +42,12 @@ func setFunctionPolicies(r *parser2.Resource, function *sam.Function) { } policy := iam.Policy{ Metadata: property.Metadata(), - Name: defsecTypes.StringDefault("", property.Metadata()), + Name: iacTypes.StringDefault("", property.Metadata()), Document: iam.Document{ Metadata: property.Metadata(), Parsed: *parsed, }, - Builtin: defsecTypes.Bool(false, property.Metadata()), + Builtin: iacTypes.Bool(false, property.Metadata()), } function.Policies = append(function.Policies, policy) } else if property.IsString() { diff --git a/pkg/iac/adapters/cloudformation/aws/sam/state_machines.go b/pkg/iac/adapters/cloudformation/aws/sam/state_machines.go index 98d58284106a..efcaf3772be4 100644 --- a/pkg/iac/adapters/cloudformation/aws/sam/state_machines.go +++ b/pkg/iac/adapters/cloudformation/aws/sam/state_machines.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sam" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getStateMachines(cfFile parser2.FileContext) (stateMachines []sam.StateMachine) { @@ -18,7 +18,7 @@ func getStateMachines(cfFile parser2.FileContext) (stateMachines []sam.StateMach Name: r.GetStringProperty("Name"), LoggingConfiguration: sam.LoggingConfiguration{ Metadata: r.Metadata(), - LoggingEnabled: defsecTypes.BoolDefault(false, r.Metadata()), + LoggingEnabled: iacTypes.BoolDefault(false, r.Metadata()), }, ManagedPolicies: nil, Policies: nil, @@ -28,7 +28,7 @@ func getStateMachines(cfFile parser2.FileContext) (stateMachines []sam.StateMach if logging := r.GetProperty("Logging"); logging.IsNotNil() { stateMachine.LoggingConfiguration.Metadata = logging.Metadata() if level := logging.GetProperty("Level"); level.IsNotNil() { - stateMachine.LoggingConfiguration.LoggingEnabled = defsecTypes.Bool(!level.EqualTo("OFF"), level.Metadata()) + stateMachine.LoggingConfiguration.LoggingEnabled = iacTypes.Bool(!level.EqualTo("OFF"), level.Metadata()) } } @@ -44,7 +44,7 @@ func getTracingConfiguration(r *parser2.Resource) sam.TracingConfiguration { if tracing.IsNil() { return sam.TracingConfiguration{ Metadata: r.Metadata(), - Enabled: defsecTypes.BoolDefault(false, r.Metadata()), + Enabled: iacTypes.BoolDefault(false, r.Metadata()), } } @@ -67,12 +67,12 @@ func setStateMachinePolicies(r *parser2.Resource, stateMachine *sam.StateMachine } policy := iam.Policy{ Metadata: property.Metadata(), - Name: defsecTypes.StringDefault("", property.Metadata()), + Name: iacTypes.StringDefault("", property.Metadata()), Document: iam.Document{ Metadata: property.Metadata(), Parsed: *parsed, }, - Builtin: defsecTypes.Bool(false, property.Metadata()), + Builtin: iacTypes.Bool(false, property.Metadata()), } stateMachine.Policies = append(stateMachine.Policies, policy) } diff --git a/pkg/iac/adapters/cloudformation/aws/sam/tables.go b/pkg/iac/adapters/cloudformation/aws/sam/tables.go index 8065e3710b5e..713f723bf319 100644 --- a/pkg/iac/adapters/cloudformation/aws/sam/tables.go +++ b/pkg/iac/adapters/cloudformation/aws/sam/tables.go @@ -3,7 +3,7 @@ package sam import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sam" parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getSimpleTables(cfFile parser2.FileContext) (tables []sam.SimpleTable) { @@ -26,8 +26,8 @@ func getSSESpecification(r *parser2.Resource) sam.SSESpecification { spec := sam.SSESpecification{ Metadata: r.Metadata(), - Enabled: defsecTypes.BoolDefault(false, r.Metadata()), - KMSMasterKeyID: defsecTypes.StringDefault("", r.Metadata()), + Enabled: iacTypes.BoolDefault(false, r.Metadata()), + KMSMasterKeyID: iacTypes.StringDefault("", r.Metadata()), } if sse := r.GetProperty("SSESpecification"); sse.IsNotNil() { diff --git a/pkg/iac/adapters/cloudformation/aws/sqs/queue.go b/pkg/iac/adapters/cloudformation/aws/sqs/queue.go index 744fcb35acd2..2670dc299663 100644 --- a/pkg/iac/adapters/cloudformation/aws/sqs/queue.go +++ b/pkg/iac/adapters/cloudformation/aws/sqs/queue.go @@ -8,17 +8,17 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sqs" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/parser" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func getQueues(ctx parser.FileContext) (queues []sqs.Queue) { for _, r := range ctx.GetResourcesByType("AWS::SQS::Queue") { queue := sqs.Queue{ Metadata: r.Metadata(), - QueueURL: defsecTypes.StringDefault("", r.Metadata()), + QueueURL: iacTypes.StringDefault("", r.Metadata()), Encryption: sqs.Encryption{ Metadata: r.Metadata(), - ManagedEncryption: defsecTypes.Bool(false, r.Metadata()), + ManagedEncryption: iacTypes.Bool(false, r.Metadata()), KMSKeyID: r.GetStringProperty("KmsMasterKeyId"), }, Policies: []iam.Policy{}, @@ -50,12 +50,12 @@ func getPolicy(id string, ctx parser.FileContext) (*iam.Policy, error) { } return &iam.Policy{ Metadata: documentProp.Metadata(), - Name: defsecTypes.StringDefault("", documentProp.Metadata()), + Name: iacTypes.StringDefault("", documentProp.Metadata()), Document: iam.Document{ Metadata: documentProp.Metadata(), Parsed: *parsed, }, - Builtin: defsecTypes.Bool(false, documentProp.Metadata()), + Builtin: iacTypes.Bool(false, documentProp.Metadata()), }, nil } } diff --git a/pkg/iac/adapters/terraform/aws/apigateway/adapt_test.go b/pkg/iac/adapters/terraform/aws/apigateway/adapt_test.go index dfc076d3a59b..92d96f396e9c 100644 --- a/pkg/iac/adapters/terraform/aws/apigateway/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/apigateway/adapt_test.go @@ -8,7 +8,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway" v1 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v1" v2 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v2" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) @@ -65,7 +65,7 @@ resource "aws_apigatewayv2_domain_name" "example" { V1: v1.APIGateway{ APIs: []v1.API{ { - Metadata: defsecTypes.Metadata{}, + Metadata: iacTypes.Metadata{}, Name: String("MyDemoAPI"), Resources: []v1.Resource{ { @@ -122,16 +122,16 @@ resource "aws_apigatewayv2_domain_name" "example" { } } -func Int(i int) defsecTypes.IntValue { - return defsecTypes.Int(i, defsecTypes.NewTestMetadata()) +func Int(i int) iacTypes.IntValue { + return iacTypes.Int(i, iacTypes.NewTestMetadata()) } -func Bool(b bool) defsecTypes.BoolValue { - return defsecTypes.Bool(b, defsecTypes.NewTestMetadata()) +func Bool(b bool) iacTypes.BoolValue { + return iacTypes.Bool(b, iacTypes.NewTestMetadata()) } -func String(s string) defsecTypes.StringValue { - return defsecTypes.String(s, defsecTypes.NewTestMetadata()) +func String(s string) iacTypes.StringValue { + return iacTypes.String(s, iacTypes.NewTestMetadata()) } func TestLines(t *testing.T) { src := ` diff --git a/pkg/iac/adapters/terraform/aws/apigateway/apiv1.go b/pkg/iac/adapters/terraform/aws/apigateway/apiv1.go index 493cb4500a67..3f03817b9e1b 100644 --- a/pkg/iac/adapters/terraform/aws/apigateway/apiv1.go +++ b/pkg/iac/adapters/terraform/aws/apigateway/apiv1.go @@ -3,7 +3,7 @@ package apigateway import ( v1 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v1" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptAPIResourcesV1(modules terraform.Modules, apiBlock *terraform.Block) []v1.Resource { @@ -59,8 +59,8 @@ func adaptAPIsV1(modules terraform.Modules) []v1.API { if len(orphanResources) > 0 { orphanage := v1.API{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - Name: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + Name: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), } for _, stage := range orphanResources { orphanage.Stages = append(orphanage.Stages, adaptStageV1(stage, modules)) @@ -77,7 +77,7 @@ func adaptStageV1(stageBlock *terraform.Block, modules terraform.Modules) v1.Sta Name: stageBlock.GetAttribute("name").AsStringValueOrDefault("", stageBlock), AccessLogging: v1.AccessLogging{ Metadata: stageBlock.GetMetadata(), - CloudwatchLogGroupARN: defsecTypes.StringDefault("", stageBlock.GetMetadata()), + CloudwatchLogGroupARN: iacTypes.StringDefault("", stageBlock.GetMetadata()), }, XRayTracingEnabled: stageBlock.GetAttribute("xray_tracing_enabled").AsBoolValueOrDefault(false, stageBlock), } @@ -85,9 +85,9 @@ func adaptStageV1(stageBlock *terraform.Block, modules terraform.Modules) v1.Sta restMethodSettings := v1.RESTMethodSettings{ Metadata: methodSettings.GetMetadata(), - Method: defsecTypes.String("", methodSettings.GetMetadata()), - CacheDataEncrypted: defsecTypes.BoolDefault(false, methodSettings.GetMetadata()), - CacheEnabled: defsecTypes.BoolDefault(false, methodSettings.GetMetadata()), + Method: iacTypes.String("", methodSettings.GetMetadata()), + CacheDataEncrypted: iacTypes.BoolDefault(false, methodSettings.GetMetadata()), + CacheEnabled: iacTypes.BoolDefault(false, methodSettings.GetMetadata()), } if settings := methodSettings.GetBlock("settings"); settings.IsNotNil() { @@ -108,7 +108,7 @@ func adaptStageV1(stageBlock *terraform.Block, modules terraform.Modules) v1.Sta stage.AccessLogging.CloudwatchLogGroupARN = accessLogging.GetAttribute("destination_arn").AsStringValueOrDefault("", accessLogging) } else { stage.AccessLogging.Metadata = stageBlock.GetMetadata() - stage.AccessLogging.CloudwatchLogGroupARN = defsecTypes.StringDefault("", stageBlock.GetMetadata()) + stage.AccessLogging.CloudwatchLogGroupARN = iacTypes.StringDefault("", stageBlock.GetMetadata()) } return stage diff --git a/pkg/iac/adapters/terraform/aws/apigateway/apiv2.go b/pkg/iac/adapters/terraform/aws/apigateway/apiv2.go index 52b8e4401541..8a6d12679802 100644 --- a/pkg/iac/adapters/terraform/aws/apigateway/apiv2.go +++ b/pkg/iac/adapters/terraform/aws/apigateway/apiv2.go @@ -3,7 +3,7 @@ package apigateway import ( v2 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v2" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptAPIsV2(modules terraform.Modules) []v2.API { @@ -35,9 +35,9 @@ func adaptAPIsV2(modules terraform.Modules) []v2.API { orphanResources := modules.GetResourceByIDs(apiStageIDs.Orphans()...) if len(orphanResources) > 0 { orphanage := v2.API{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - Name: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), - ProtocolType: defsecTypes.StringUnresolvable(defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + Name: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + ProtocolType: iacTypes.StringUnresolvable(iacTypes.NewUnmanagedMetadata()), Stages: nil, } for _, stage := range orphanResources { @@ -55,7 +55,7 @@ func adaptStageV2(stageBlock *terraform.Block) v2.Stage { Name: stageBlock.GetAttribute("name").AsStringValueOrDefault("", stageBlock), AccessLogging: v2.AccessLogging{ Metadata: stageBlock.GetMetadata(), - CloudwatchLogGroupARN: defsecTypes.StringDefault("", stageBlock.GetMetadata()), + CloudwatchLogGroupARN: iacTypes.StringDefault("", stageBlock.GetMetadata()), }, } if accessLogging := stageBlock.GetBlock("access_log_settings"); accessLogging.IsNotNil() { @@ -63,7 +63,7 @@ func adaptStageV2(stageBlock *terraform.Block) v2.Stage { stage.AccessLogging.CloudwatchLogGroupARN = accessLogging.GetAttribute("destination_arn").AsStringValueOrDefault("", accessLogging) } else { stage.AccessLogging.Metadata = stageBlock.GetMetadata() - stage.AccessLogging.CloudwatchLogGroupARN = defsecTypes.StringDefault("", stageBlock.GetMetadata()) + stage.AccessLogging.CloudwatchLogGroupARN = iacTypes.StringDefault("", stageBlock.GetMetadata()) } return stage } diff --git a/pkg/iac/adapters/terraform/aws/athena/adapt.go b/pkg/iac/adapters/terraform/aws/athena/adapt.go index 04019aeaf7c1..f8f56df99e87 100644 --- a/pkg/iac/adapters/terraform/aws/athena/adapt.go +++ b/pkg/iac/adapters/terraform/aws/athena/adapt.go @@ -3,7 +3,7 @@ package athena import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/athena" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) athena.Athena { @@ -39,7 +39,7 @@ func adaptDatabase(resource *terraform.Block) athena.Database { Name: resource.GetAttribute("name").AsStringValueOrDefault("", resource), Encryption: athena.EncryptionConfiguration{ Metadata: resource.GetMetadata(), - Type: defsecTypes.StringDefault("", resource.GetMetadata()), + Type: iacTypes.StringDefault("", resource.GetMetadata()), }, } if encryptionConfigBlock := resource.GetBlock("encryption_configuration"); encryptionConfigBlock.IsNotNil() { @@ -57,9 +57,9 @@ func adaptWorkgroup(resource *terraform.Block) athena.Workgroup { Name: resource.GetAttribute("name").AsStringValueOrDefault("", resource), Encryption: athena.EncryptionConfiguration{ Metadata: resource.GetMetadata(), - Type: defsecTypes.StringDefault("", resource.GetMetadata()), + Type: iacTypes.StringDefault("", resource.GetMetadata()), }, - EnforceConfiguration: defsecTypes.BoolDefault(false, resource.GetMetadata()), + EnforceConfiguration: iacTypes.BoolDefault(false, resource.GetMetadata()), } if configBlock := resource.GetBlock("configuration"); configBlock.IsNotNil() { diff --git a/pkg/iac/adapters/terraform/aws/athena/adapt_test.go b/pkg/iac/adapters/terraform/aws/athena/adapt_test.go index 77bd11dba6c6..e734b024b274 100644 --- a/pkg/iac/adapters/terraform/aws/athena/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/athena/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/athena" @@ -31,11 +31,11 @@ func Test_adaptDatabase(t *testing.T) { } `, expected: athena.Database{ - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("database_name", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("database_name", iacTypes.NewTestMetadata()), Encryption: athena.EncryptionConfiguration{ - Metadata: defsecTypes.NewTestMetadata(), - Type: defsecTypes.String(athena.EncryptionTypeSSEKMS, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Type: iacTypes.String(athena.EncryptionTypeSSEKMS, iacTypes.NewTestMetadata()), }, }, }, @@ -74,13 +74,13 @@ func Test_adaptWorkgroup(t *testing.T) { } `, expected: athena.Workgroup{ - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("example", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("example", iacTypes.NewTestMetadata()), Encryption: athena.EncryptionConfiguration{ - Metadata: defsecTypes.NewTestMetadata(), - Type: defsecTypes.String(athena.EncryptionTypeSSEKMS, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Type: iacTypes.String(athena.EncryptionTypeSSEKMS, iacTypes.NewTestMetadata()), }, - EnforceConfiguration: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + EnforceConfiguration: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, { @@ -101,13 +101,13 @@ func Test_adaptWorkgroup(t *testing.T) { } `, expected: athena.Workgroup{ - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("example", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("example", iacTypes.NewTestMetadata()), Encryption: athena.EncryptionConfiguration{ - Metadata: defsecTypes.NewTestMetadata(), - Type: defsecTypes.String(athena.EncryptionTypeSSEKMS, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Type: iacTypes.String(athena.EncryptionTypeSSEKMS, iacTypes.NewTestMetadata()), }, - EnforceConfiguration: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + EnforceConfiguration: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, { @@ -126,13 +126,13 @@ func Test_adaptWorkgroup(t *testing.T) { } `, expected: athena.Workgroup{ - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("example", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("example", iacTypes.NewTestMetadata()), Encryption: athena.EncryptionConfiguration{ - Metadata: defsecTypes.NewTestMetadata(), - Type: defsecTypes.String(athena.EncryptionTypeNone, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Type: iacTypes.String(athena.EncryptionTypeNone, iacTypes.NewTestMetadata()), }, - EnforceConfiguration: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + EnforceConfiguration: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, { @@ -143,13 +143,13 @@ func Test_adaptWorkgroup(t *testing.T) { } `, expected: athena.Workgroup{ - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("example", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("example", iacTypes.NewTestMetadata()), Encryption: athena.EncryptionConfiguration{ - Metadata: defsecTypes.NewTestMetadata(), - Type: defsecTypes.String(athena.EncryptionTypeNone, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Type: iacTypes.String(athena.EncryptionTypeNone, iacTypes.NewTestMetadata()), }, - EnforceConfiguration: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + EnforceConfiguration: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, } diff --git a/pkg/iac/adapters/terraform/aws/cloudfront/adapt_test.go b/pkg/iac/adapters/terraform/aws/cloudfront/adapt_test.go index 26600ebedc6f..eade38048204 100644 --- a/pkg/iac/adapters/terraform/aws/cloudfront/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/cloudfront/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudfront" @@ -45,27 +45,27 @@ func Test_adaptDistribution(t *testing.T) { } `, expected: cloudfront.Distribution{ - Metadata: defsecTypes.NewTestMetadata(), - WAFID: defsecTypes.String("waf_id", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + WAFID: iacTypes.String("waf_id", iacTypes.NewTestMetadata()), Logging: cloudfront.Logging{ - Metadata: defsecTypes.NewTestMetadata(), - Bucket: defsecTypes.String("mylogs.s3.amazonaws.com", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Bucket: iacTypes.String("mylogs.s3.amazonaws.com", iacTypes.NewTestMetadata()), }, DefaultCacheBehaviour: cloudfront.CacheBehaviour{ - Metadata: defsecTypes.NewTestMetadata(), - ViewerProtocolPolicy: defsecTypes.String("redirect-to-https", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ViewerProtocolPolicy: iacTypes.String("redirect-to-https", iacTypes.NewTestMetadata()), }, OrdererCacheBehaviours: []cloudfront.CacheBehaviour{ { - Metadata: defsecTypes.NewTestMetadata(), - ViewerProtocolPolicy: defsecTypes.String("redirect-to-https", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ViewerProtocolPolicy: iacTypes.String("redirect-to-https", iacTypes.NewTestMetadata()), }, }, ViewerCertificate: cloudfront.ViewerCertificate{ - Metadata: defsecTypes.NewTestMetadata(), - MinimumProtocolVersion: defsecTypes.String("TLSv1.2_2021", defsecTypes.NewTestMetadata()), - CloudfrontDefaultCertificate: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - SSLSupportMethod: defsecTypes.String("sni-only", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + MinimumProtocolVersion: iacTypes.String("TLSv1.2_2021", iacTypes.NewTestMetadata()), + CloudfrontDefaultCertificate: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + SSLSupportMethod: iacTypes.String("sni-only", iacTypes.NewTestMetadata()), }, }, }, @@ -76,20 +76,20 @@ func Test_adaptDistribution(t *testing.T) { } `, expected: cloudfront.Distribution{ - Metadata: defsecTypes.NewTestMetadata(), - WAFID: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + WAFID: iacTypes.String("", iacTypes.NewTestMetadata()), Logging: cloudfront.Logging{ - Metadata: defsecTypes.NewTestMetadata(), - Bucket: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Bucket: iacTypes.String("", iacTypes.NewTestMetadata()), }, DefaultCacheBehaviour: cloudfront.CacheBehaviour{ - Metadata: defsecTypes.NewTestMetadata(), - ViewerProtocolPolicy: defsecTypes.String("allow-all", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ViewerProtocolPolicy: iacTypes.String("allow-all", iacTypes.NewTestMetadata()), }, ViewerCertificate: cloudfront.ViewerCertificate{ - Metadata: defsecTypes.NewTestMetadata(), - MinimumProtocolVersion: defsecTypes.String("TLSv1", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + MinimumProtocolVersion: iacTypes.String("TLSv1", iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/aws/cloudtrail/adapt_test.go b/pkg/iac/adapters/terraform/aws/cloudtrail/adapt_test.go index 38e5e705db12..9088b115752e 100644 --- a/pkg/iac/adapters/terraform/aws/cloudtrail/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/cloudtrail/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudtrail" @@ -34,14 +34,14 @@ func Test_adaptTrail(t *testing.T) { } `, expected: cloudtrail.Trail{ - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("example", defsecTypes.NewTestMetadata()), - EnableLogFileValidation: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - IsMultiRegion: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("kms-key", defsecTypes.NewTestMetadata()), - CloudWatchLogsLogGroupArn: defsecTypes.String("abc", defsecTypes.NewTestMetadata()), - IsLogging: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - BucketName: defsecTypes.String("abcdefgh", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("example", iacTypes.NewTestMetadata()), + EnableLogFileValidation: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + IsMultiRegion: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("kms-key", iacTypes.NewTestMetadata()), + CloudWatchLogsLogGroupArn: iacTypes.String("abc", iacTypes.NewTestMetadata()), + IsLogging: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + BucketName: iacTypes.String("abcdefgh", iacTypes.NewTestMetadata()), }, }, { @@ -51,14 +51,14 @@ func Test_adaptTrail(t *testing.T) { } `, expected: cloudtrail.Trail{ - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("", defsecTypes.NewTestMetadata()), - EnableLogFileValidation: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - IsMultiRegion: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("", defsecTypes.NewTestMetadata()), - BucketName: defsecTypes.String("", defsecTypes.NewTestMetadata()), - CloudWatchLogsLogGroupArn: defsecTypes.String("", defsecTypes.NewTestMetadata()), - IsLogging: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("", iacTypes.NewTestMetadata()), + EnableLogFileValidation: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + IsMultiRegion: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("", iacTypes.NewTestMetadata()), + BucketName: iacTypes.String("", iacTypes.NewTestMetadata()), + CloudWatchLogsLogGroupArn: iacTypes.String("", iacTypes.NewTestMetadata()), + IsLogging: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, } diff --git a/pkg/iac/adapters/terraform/aws/cloudwatch/adapt_test.go b/pkg/iac/adapters/terraform/aws/cloudwatch/adapt_test.go index 35034f37cd3e..5febcd592dfe 100644 --- a/pkg/iac/adapters/terraform/aws/cloudwatch/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/cloudwatch/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudwatch" @@ -32,11 +32,11 @@ func Test_adaptLogGroups(t *testing.T) { `, expected: []cloudwatch.LogGroup{ { - Metadata: defsecTypes.NewTestMetadata(), - Arn: defsecTypes.String("", defsecTypes.NewTestMetadata()), - Name: defsecTypes.String("my-group", defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("aws_kms_key.log_key", defsecTypes.NewTestMetadata()), - RetentionInDays: defsecTypes.Int(0, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Arn: iacTypes.String("", iacTypes.NewTestMetadata()), + Name: iacTypes.String("my-group", iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("aws_kms_key.log_key", iacTypes.NewTestMetadata()), + RetentionInDays: iacTypes.Int(0, iacTypes.NewTestMetadata()), MetricFilters: nil, }, }, @@ -51,11 +51,11 @@ func Test_adaptLogGroups(t *testing.T) { `, expected: []cloudwatch.LogGroup{ { - Metadata: defsecTypes.NewTestMetadata(), - Arn: defsecTypes.String("", defsecTypes.NewTestMetadata()), - Name: defsecTypes.String("my-group", defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("key-as-string", defsecTypes.NewTestMetadata()), - RetentionInDays: defsecTypes.Int(0, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Arn: iacTypes.String("", iacTypes.NewTestMetadata()), + Name: iacTypes.String("my-group", iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("key-as-string", iacTypes.NewTestMetadata()), + RetentionInDays: iacTypes.Int(0, iacTypes.NewTestMetadata()), }, }, }, @@ -69,11 +69,11 @@ func Test_adaptLogGroups(t *testing.T) { `, expected: []cloudwatch.LogGroup{ { - Metadata: defsecTypes.NewTestMetadata(), - Arn: defsecTypes.String("", defsecTypes.NewTestMetadata()), - Name: defsecTypes.String("my-group", defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("", defsecTypes.NewTestMetadata()), - RetentionInDays: defsecTypes.Int(3, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Arn: iacTypes.String("", iacTypes.NewTestMetadata()), + Name: iacTypes.String("my-group", iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("", iacTypes.NewTestMetadata()), + RetentionInDays: iacTypes.Int(3, iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/aws/codebuild/adapt_test.go b/pkg/iac/adapters/terraform/aws/codebuild/adapt_test.go index 402b86ccfe7b..58aeca7df9d1 100644 --- a/pkg/iac/adapters/terraform/aws/codebuild/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/codebuild/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/codebuild" @@ -37,19 +37,19 @@ func Test_adaptProject(t *testing.T) { } `, expected: codebuild.Project{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), ArtifactSettings: codebuild.ArtifactSettings{ - Metadata: defsecTypes.NewTestMetadata(), - EncryptionEnabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EncryptionEnabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, SecondaryArtifactSettings: []codebuild.ArtifactSettings{ { - Metadata: defsecTypes.NewTestMetadata(), - EncryptionEnabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EncryptionEnabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, { - Metadata: defsecTypes.NewTestMetadata(), - EncryptionEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EncryptionEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, @@ -61,10 +61,10 @@ func Test_adaptProject(t *testing.T) { } `, expected: codebuild.Project{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), ArtifactSettings: codebuild.ArtifactSettings{ - Metadata: defsecTypes.NewTestMetadata(), - EncryptionEnabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EncryptionEnabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/aws/config/adapt.go b/pkg/iac/adapters/terraform/aws/config/adapt.go index c1b1a4c56afe..643fbd86720c 100644 --- a/pkg/iac/adapters/terraform/aws/config/adapt.go +++ b/pkg/iac/adapters/terraform/aws/config/adapt.go @@ -3,7 +3,7 @@ package config import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/config" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) config.Config { @@ -14,15 +14,15 @@ func Adapt(modules terraform.Modules) config.Config { func adaptConfigurationAggregrator(modules terraform.Modules) config.ConfigurationAggregrator { configurationAggregrator := config.ConfigurationAggregrator{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - SourceAllRegions: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + SourceAllRegions: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), } for _, resource := range modules.GetResourcesByType("aws_config_configuration_aggregator") { configurationAggregrator.Metadata = resource.GetMetadata() aggregationBlock := resource.GetFirstMatchingBlock("account_aggregation_source", "organization_aggregation_source") if aggregationBlock.IsNil() { - configurationAggregrator.SourceAllRegions = defsecTypes.Bool(false, resource.GetMetadata()) + configurationAggregrator.SourceAllRegions = iacTypes.Bool(false, resource.GetMetadata()) } else { allRegionsAttr := aggregationBlock.GetAttribute("all_regions") allRegionsVal := allRegionsAttr.AsBoolValueOrDefault(false, aggregationBlock) diff --git a/pkg/iac/adapters/terraform/aws/config/adapt_test.go b/pkg/iac/adapters/terraform/aws/config/adapt_test.go index 809608d94d86..94917b430fbe 100644 --- a/pkg/iac/adapters/terraform/aws/config/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/config/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/config" @@ -31,8 +31,8 @@ func Test_adaptConfigurationAggregrator(t *testing.T) { } `, expected: config.ConfigurationAggregrator{ - Metadata: defsecTypes.NewTestMetadata(), - SourceAllRegions: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + SourceAllRegions: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, { @@ -42,8 +42,8 @@ func Test_adaptConfigurationAggregrator(t *testing.T) { } `, expected: config.ConfigurationAggregrator{ - Metadata: defsecTypes.NewTestMetadata(), - SourceAllRegions: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + SourceAllRegions: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, } diff --git a/pkg/iac/adapters/terraform/aws/documentdb/adapt_test.go b/pkg/iac/adapters/terraform/aws/documentdb/adapt_test.go index 4d8900401090..db7dbd7937e8 100644 --- a/pkg/iac/adapters/terraform/aws/documentdb/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/documentdb/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/documentdb" @@ -37,19 +37,19 @@ func Test_adaptCluster(t *testing.T) { } `, expected: documentdb.Cluster{ - Metadata: defsecTypes.NewTestMetadata(), - Identifier: defsecTypes.String("my-docdb-cluster", defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("kms-key", defsecTypes.NewTestMetadata()), - EnabledLogExports: []defsecTypes.StringValue{ - defsecTypes.String("audit", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Identifier: iacTypes.String("my-docdb-cluster", iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("kms-key", iacTypes.NewTestMetadata()), + EnabledLogExports: []iacTypes.StringValue{ + iacTypes.String("audit", iacTypes.NewTestMetadata()), }, Instances: []documentdb.Instance{ { - Metadata: defsecTypes.NewTestMetadata(), - KMSKeyID: defsecTypes.String("kms-key#1", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + KMSKeyID: iacTypes.String("kms-key#1", iacTypes.NewTestMetadata()), }, }, - StorageEncrypted: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + StorageEncrypted: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, { @@ -59,10 +59,10 @@ func Test_adaptCluster(t *testing.T) { } `, expected: documentdb.Cluster{ - Metadata: defsecTypes.NewTestMetadata(), - Identifier: defsecTypes.String("", defsecTypes.NewTestMetadata()), - StorageEncrypted: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Identifier: iacTypes.String("", iacTypes.NewTestMetadata()), + StorageEncrypted: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, } diff --git a/pkg/iac/adapters/terraform/aws/dynamodb/adapt.go b/pkg/iac/adapters/terraform/aws/dynamodb/adapt.go index 8ab8c43eba73..c4c1582c807b 100644 --- a/pkg/iac/adapters/terraform/aws/dynamodb/adapt.go +++ b/pkg/iac/adapters/terraform/aws/dynamodb/adapt.go @@ -3,7 +3,7 @@ package dynamodb import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/dynamodb" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) dynamodb.DynamoDB { @@ -39,10 +39,10 @@ func adaptCluster(resource *terraform.Block, module *terraform.Module) dynamodb. Metadata: resource.GetMetadata(), ServerSideEncryption: dynamodb.ServerSideEncryption{ Metadata: resource.GetMetadata(), - Enabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), - KMSKeyID: defsecTypes.StringDefault("", resource.GetMetadata()), + Enabled: iacTypes.BoolDefault(false, resource.GetMetadata()), + KMSKeyID: iacTypes.StringDefault("", resource.GetMetadata()), }, - PointInTimeRecovery: defsecTypes.BoolDefault(false, resource.GetMetadata()), + PointInTimeRecovery: iacTypes.BoolDefault(false, resource.GetMetadata()), } if ssEncryptionBlock := resource.GetBlock("server_side_encryption"); ssEncryptionBlock.IsNotNil() { @@ -65,10 +65,10 @@ func adaptTable(resource *terraform.Block, module *terraform.Module) dynamodb.Ta Metadata: resource.GetMetadata(), ServerSideEncryption: dynamodb.ServerSideEncryption{ Metadata: resource.GetMetadata(), - Enabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), - KMSKeyID: defsecTypes.StringDefault("", resource.GetMetadata()), + Enabled: iacTypes.BoolDefault(false, resource.GetMetadata()), + KMSKeyID: iacTypes.StringDefault("", resource.GetMetadata()), }, - PointInTimeRecovery: defsecTypes.BoolDefault(false, resource.GetMetadata()), + PointInTimeRecovery: iacTypes.BoolDefault(false, resource.GetMetadata()), } if ssEncryptionBlock := resource.GetBlock("server_side_encryption"); ssEncryptionBlock.IsNotNil() { @@ -81,7 +81,7 @@ func adaptTable(resource *terraform.Block, module *terraform.Module) dynamodb.Ta kmsBlock, err := module.GetReferencedBlock(kmsKeyIdAttr, resource) if err == nil && kmsBlock.IsNotNil() { - table.ServerSideEncryption.KMSKeyID = defsecTypes.String(kmsBlock.FullName(), kmsBlock.GetMetadata()) + table.ServerSideEncryption.KMSKeyID = iacTypes.String(kmsBlock.FullName(), kmsBlock.GetMetadata()) } } diff --git a/pkg/iac/adapters/terraform/aws/dynamodb/adapt_test.go b/pkg/iac/adapters/terraform/aws/dynamodb/adapt_test.go index c75fd3421fc5..ae7002ac697b 100644 --- a/pkg/iac/adapters/terraform/aws/dynamodb/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/dynamodb/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/dynamodb" @@ -29,13 +29,13 @@ func Test_adaptCluster(t *testing.T) { } `, expected: dynamodb.DAXCluster{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), ServerSideEncryption: dynamodb.ServerSideEncryption{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("", iacTypes.NewTestMetadata()), }, - PointInTimeRecovery: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + PointInTimeRecovery: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, } @@ -72,13 +72,13 @@ func Test_adaptTable(t *testing.T) { } `, expected: dynamodb.Table{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), ServerSideEncryption: dynamodb.ServerSideEncryption{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("key-string", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("key-string", iacTypes.NewTestMetadata()), }, - PointInTimeRecovery: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + PointInTimeRecovery: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, { @@ -91,13 +91,13 @@ func Test_adaptTable(t *testing.T) { } `, expected: dynamodb.Table{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), ServerSideEncryption: dynamodb.ServerSideEncryption{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("alias/aws/dynamodb", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("alias/aws/dynamodb", iacTypes.NewTestMetadata()), }, - PointInTimeRecovery: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + PointInTimeRecovery: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, { @@ -116,13 +116,13 @@ func Test_adaptTable(t *testing.T) { } `, expected: dynamodb.Table{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), ServerSideEncryption: dynamodb.ServerSideEncryption{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("aws_kms_key.a", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("aws_kms_key.a", iacTypes.NewTestMetadata()), }, - PointInTimeRecovery: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + PointInTimeRecovery: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, } diff --git a/pkg/iac/adapters/terraform/aws/ec2/adapt_test.go b/pkg/iac/adapters/terraform/aws/ec2/adapt_test.go index 5808e9dbf3fc..e539b3f827dc 100644 --- a/pkg/iac/adapters/terraform/aws/ec2/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/ec2/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" @@ -47,24 +47,24 @@ export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE expected: ec2.EC2{ Instances: []ec2.Instance{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), MetadataOptions: ec2.MetadataOptions{ - Metadata: defsecTypes.NewTestMetadata(), - HttpTokens: defsecTypes.String("required", defsecTypes.NewTestMetadata()), - HttpEndpoint: defsecTypes.String("disabled", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + HttpTokens: iacTypes.String("required", iacTypes.NewTestMetadata()), + HttpEndpoint: iacTypes.String("disabled", iacTypes.NewTestMetadata()), }, - UserData: defsecTypes.String( + UserData: iacTypes.String( `export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE `, - defsecTypes.NewTestMetadata()), + iacTypes.NewTestMetadata()), RootBlockDevice: &ec2.BlockDevice{ - Metadata: defsecTypes.NewTestMetadata(), - Encrypted: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Encrypted: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, EBSBlockDevices: []*ec2.BlockDevice{ { - Metadata: defsecTypes.NewTestMetadata(), - Encrypted: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Encrypted: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, }, @@ -80,16 +80,16 @@ export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE expected: ec2.EC2{ Instances: []ec2.Instance{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), MetadataOptions: ec2.MetadataOptions{ - Metadata: defsecTypes.NewTestMetadata(), - HttpTokens: defsecTypes.String("", defsecTypes.NewTestMetadata()), - HttpEndpoint: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + HttpTokens: iacTypes.String("", iacTypes.NewTestMetadata()), + HttpEndpoint: iacTypes.String("", iacTypes.NewTestMetadata()), }, - UserData: defsecTypes.String("", defsecTypes.NewTestMetadata()), + UserData: iacTypes.String("", iacTypes.NewTestMetadata()), RootBlockDevice: &ec2.BlockDevice{ - Metadata: defsecTypes.NewTestMetadata(), - Encrypted: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Encrypted: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, @@ -114,26 +114,26 @@ resource "aws_instance" "this" { expected: ec2.EC2{ LaunchTemplates: []ec2.LaunchTemplate{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Instance: ec2.Instance{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), MetadataOptions: ec2.MetadataOptions{ - HttpEndpoint: defsecTypes.String("disabled", defsecTypes.NewTestMetadata()), - HttpTokens: defsecTypes.String("required", defsecTypes.NewTestMetadata()), + HttpEndpoint: iacTypes.String("disabled", iacTypes.NewTestMetadata()), + HttpTokens: iacTypes.String("required", iacTypes.NewTestMetadata()), }, }, }, }, Instances: []ec2.Instance{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), MetadataOptions: ec2.MetadataOptions{ - HttpEndpoint: defsecTypes.String("disabled", defsecTypes.NewTestMetadata()), - HttpTokens: defsecTypes.String("required", defsecTypes.NewTestMetadata()), + HttpEndpoint: iacTypes.String("disabled", iacTypes.NewTestMetadata()), + HttpTokens: iacTypes.String("required", iacTypes.NewTestMetadata()), }, RootBlockDevice: &ec2.BlockDevice{ - Metadata: defsecTypes.NewTestMetadata(), - Encrypted: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Encrypted: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, @@ -159,26 +159,26 @@ resource "aws_instance" "this" { expected: ec2.EC2{ LaunchTemplates: []ec2.LaunchTemplate{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Instance: ec2.Instance{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), MetadataOptions: ec2.MetadataOptions{ - HttpEndpoint: defsecTypes.String("disabled", defsecTypes.NewTestMetadata()), - HttpTokens: defsecTypes.String("required", defsecTypes.NewTestMetadata()), + HttpEndpoint: iacTypes.String("disabled", iacTypes.NewTestMetadata()), + HttpTokens: iacTypes.String("required", iacTypes.NewTestMetadata()), }, }, }, }, Instances: []ec2.Instance{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), MetadataOptions: ec2.MetadataOptions{ - HttpEndpoint: defsecTypes.String("disabled", defsecTypes.NewTestMetadata()), - HttpTokens: defsecTypes.String("required", defsecTypes.NewTestMetadata()), + HttpEndpoint: iacTypes.String("disabled", iacTypes.NewTestMetadata()), + HttpTokens: iacTypes.String("required", iacTypes.NewTestMetadata()), }, RootBlockDevice: &ec2.BlockDevice{ - Metadata: defsecTypes.NewTestMetadata(), - Encrypted: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Encrypted: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/aws/ec2/autoscaling.go b/pkg/iac/adapters/terraform/aws/ec2/autoscaling.go index 88bff3e066b8..7974506e6460 100644 --- a/pkg/iac/adapters/terraform/aws/ec2/autoscaling.go +++ b/pkg/iac/adapters/terraform/aws/ec2/autoscaling.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptLaunchTemplates(modules terraform.Modules) (templates []ec2.LaunchTemplate) { @@ -38,10 +38,10 @@ func adaptLaunchConfigurations(modules terraform.Modules) []ec2.LaunchConfigurat launchConfig := adaptLaunchConfiguration(resource) for _, resource := range module.GetResourcesByType("aws_ebs_encryption_by_default") { if resource.GetAttribute("enabled").NotEqual(false) { - launchConfig.RootBlockDevice.Encrypted = defsecTypes.BoolDefault(true, resource.GetMetadata()) + launchConfig.RootBlockDevice.Encrypted = iacTypes.BoolDefault(true, resource.GetMetadata()) for i := 0; i < len(launchConfig.EBSBlockDevices); i++ { ebs := launchConfig.EBSBlockDevices[i] - ebs.Encrypted = defsecTypes.BoolDefault(true, resource.GetMetadata()) + ebs.Encrypted = iacTypes.BoolDefault(true, resource.GetMetadata()) } } } @@ -54,15 +54,15 @@ func adaptLaunchConfigurations(modules terraform.Modules) []ec2.LaunchConfigurat func adaptLaunchConfiguration(resource *terraform.Block) ec2.LaunchConfiguration { launchConfig := ec2.LaunchConfiguration{ Metadata: resource.GetMetadata(), - Name: defsecTypes.StringDefault("", resource.GetMetadata()), + Name: iacTypes.StringDefault("", resource.GetMetadata()), AssociatePublicIP: resource.GetAttribute("associate_public_ip_address").AsBoolValueOrDefault(false, resource), RootBlockDevice: &ec2.BlockDevice{ Metadata: resource.GetMetadata(), - Encrypted: defsecTypes.BoolDefault(false, resource.GetMetadata()), + Encrypted: iacTypes.BoolDefault(false, resource.GetMetadata()), }, EBSBlockDevices: nil, MetadataOptions: getMetadataOptions(resource), - UserData: defsecTypes.StringDefault("", resource.GetMetadata()), + UserData: iacTypes.StringDefault("", resource.GetMetadata()), } //#nosec G101 -- False positive @@ -92,7 +92,7 @@ func adaptLaunchConfiguration(resource *terraform.Block) ec2.LaunchConfiguration } else if userDataBase64Attr := resource.GetAttribute("user_data_base64"); userDataBase64Attr.IsString() { encoded, err := base64.StdEncoding.DecodeString(userDataBase64Attr.Value().AsString()) if err == nil { - launchConfig.UserData = defsecTypes.String(string(encoded), userDataBase64Attr.GetMetadata()) + launchConfig.UserData = iacTypes.String(string(encoded), userDataBase64Attr.GetMetadata()) } } @@ -102,8 +102,8 @@ func adaptLaunchConfiguration(resource *terraform.Block) ec2.LaunchConfiguration func getMetadataOptions(b *terraform.Block) ec2.MetadataOptions { options := ec2.MetadataOptions{ Metadata: b.GetMetadata(), - HttpTokens: defsecTypes.StringDefault("", b.GetMetadata()), - HttpEndpoint: defsecTypes.StringDefault("", b.GetMetadata()), + HttpTokens: iacTypes.StringDefault("", b.GetMetadata()), + HttpEndpoint: iacTypes.StringDefault("", b.GetMetadata()), } if metadataOptions := b.GetBlock("metadata_options"); metadataOptions.IsNotNil() { diff --git a/pkg/iac/adapters/terraform/aws/ec2/autoscaling_test.go b/pkg/iac/adapters/terraform/aws/ec2/autoscaling_test.go index 218dede5c9ef..a6437340aad4 100644 --- a/pkg/iac/adapters/terraform/aws/ec2/autoscaling_test.go +++ b/pkg/iac/adapters/terraform/aws/ec2/autoscaling_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" @@ -40,23 +40,23 @@ func Test_AdaptAutoscaling(t *testing.T) { expected: ec2.EC2{ LaunchConfigurations: []ec2.LaunchConfiguration{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("web_config", defsecTypes.NewTestMetadata()), - AssociatePublicIP: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - UserData: defsecTypes.String("export EDITOR=vimacs", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("web_config", iacTypes.NewTestMetadata()), + AssociatePublicIP: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + UserData: iacTypes.String("export EDITOR=vimacs", iacTypes.NewTestMetadata()), MetadataOptions: ec2.MetadataOptions{ - Metadata: defsecTypes.NewTestMetadata(), - HttpTokens: defsecTypes.String("", defsecTypes.NewTestMetadata()), - HttpEndpoint: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + HttpTokens: iacTypes.String("", iacTypes.NewTestMetadata()), + HttpEndpoint: iacTypes.String("", iacTypes.NewTestMetadata()), }, RootBlockDevice: &ec2.BlockDevice{ - Metadata: defsecTypes.NewTestMetadata(), - Encrypted: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Encrypted: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, EBSBlockDevices: []*ec2.BlockDevice{ { - Metadata: defsecTypes.NewTestMetadata(), - Encrypted: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Encrypted: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, }, @@ -87,21 +87,21 @@ export AWS_DEFAULT_REGION=us-west-2 expected: ec2.EC2{ LaunchConfigurations: []ec2.LaunchConfiguration{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("web_config", defsecTypes.NewTestMetadata()), - AssociatePublicIP: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - UserData: defsecTypes.String(`export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("web_config", iacTypes.NewTestMetadata()), + AssociatePublicIP: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + UserData: iacTypes.String(`export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY export AWS_DEFAULT_REGION=us-west-2 -`, defsecTypes.NewTestMetadata()), +`, iacTypes.NewTestMetadata()), MetadataOptions: ec2.MetadataOptions{ - Metadata: defsecTypes.NewTestMetadata(), - HttpTokens: defsecTypes.String("", defsecTypes.NewTestMetadata()), - HttpEndpoint: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + HttpTokens: iacTypes.String("", iacTypes.NewTestMetadata()), + HttpEndpoint: iacTypes.String("", iacTypes.NewTestMetadata()), }, RootBlockDevice: &ec2.BlockDevice{ - Metadata: defsecTypes.NewTestMetadata(), - Encrypted: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Encrypted: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, }, @@ -124,14 +124,14 @@ export AWS_DEFAULT_REGION=us-west-2 expected: ec2.EC2{ LaunchTemplates: []ec2.LaunchTemplate{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Instance: ec2.Instance{ - Metadata: defsecTypes.NewTestMetadata(), - UserData: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + UserData: iacTypes.String("", iacTypes.NewTestMetadata()), MetadataOptions: ec2.MetadataOptions{ - Metadata: defsecTypes.NewTestMetadata(), - HttpTokens: defsecTypes.String("required", defsecTypes.NewTestMetadata()), - HttpEndpoint: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + HttpTokens: iacTypes.String("required", iacTypes.NewTestMetadata()), + HttpEndpoint: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/aws/ec2/subnet_test.go b/pkg/iac/adapters/terraform/aws/ec2/subnet_test.go index b25b5b99ccf9..cbc080d939dc 100644 --- a/pkg/iac/adapters/terraform/aws/ec2/subnet_test.go +++ b/pkg/iac/adapters/terraform/aws/ec2/subnet_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" @@ -28,8 +28,8 @@ func Test_adaptSubnet(t *testing.T) { } `, expected: ec2.Subnet{ - Metadata: defsecTypes.NewTestMetadata(), - MapPublicIpOnLaunch: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + MapPublicIpOnLaunch: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, { @@ -41,8 +41,8 @@ func Test_adaptSubnet(t *testing.T) { } `, expected: ec2.Subnet{ - Metadata: defsecTypes.NewTestMetadata(), - MapPublicIpOnLaunch: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + MapPublicIpOnLaunch: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, { @@ -53,8 +53,8 @@ func Test_adaptSubnet(t *testing.T) { } `, expected: ec2.Subnet{ - Metadata: defsecTypes.NewTestMetadata(), - MapPublicIpOnLaunch: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + MapPublicIpOnLaunch: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, } diff --git a/pkg/iac/adapters/terraform/aws/ec2/volume_test.go b/pkg/iac/adapters/terraform/aws/ec2/volume_test.go index 173885696935..e7d260eae3e4 100644 --- a/pkg/iac/adapters/terraform/aws/ec2/volume_test.go +++ b/pkg/iac/adapters/terraform/aws/ec2/volume_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" @@ -32,11 +32,11 @@ func Test_adaptVolume(t *testing.T) { } `, expected: ec2.Volume{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Encryption: ec2.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("aws_kms_key.ebs_encryption", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("aws_kms_key.ebs_encryption", iacTypes.NewTestMetadata()), }, }, }, @@ -49,11 +49,11 @@ func Test_adaptVolume(t *testing.T) { } `, expected: ec2.Volume{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Encryption: ec2.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("string-key", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("string-key", iacTypes.NewTestMetadata()), }, }, }, @@ -64,11 +64,11 @@ func Test_adaptVolume(t *testing.T) { } `, expected: ec2.Volume{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Encryption: ec2.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/aws/ec2/vpc.go b/pkg/iac/adapters/terraform/aws/ec2/vpc.go index 39792b0cbc61..440de4619e74 100644 --- a/pkg/iac/adapters/terraform/aws/ec2/vpc.go +++ b/pkg/iac/adapters/terraform/aws/ec2/vpc.go @@ -3,7 +3,7 @@ package ec2 import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type naclAdapter struct { @@ -48,10 +48,10 @@ func adaptVPC(modules terraform.Modules, block *terraform.Block, def bool) ec2.V } return ec2.VPC{ Metadata: block.GetMetadata(), - ID: defsecTypes.StringUnresolvable(block.GetMetadata()), - IsDefault: defsecTypes.Bool(def, block.GetMetadata()), + ID: iacTypes.StringUnresolvable(block.GetMetadata()), + IsDefault: iacTypes.Bool(def, block.GetMetadata()), SecurityGroups: nil, - FlowLogsEnabled: defsecTypes.BoolDefault(hasFlowLogs, block.GetMetadata()), + FlowLogsEnabled: iacTypes.BoolDefault(hasFlowLogs, block.GetMetadata()), } } @@ -63,12 +63,12 @@ func (a *sgAdapter) adaptSecurityGroups(modules terraform.Modules) []ec2.Securit orphanResources := modules.GetResourceByIDs(a.sgRuleIDs.Orphans()...) if len(orphanResources) > 0 { orphanage := ec2.SecurityGroup{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - Description: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + Description: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), IngressRules: nil, EgressRules: nil, - IsDefault: defsecTypes.BoolUnresolvable(defsecTypes.NewUnmanagedMetadata()), - VPCID: defsecTypes.StringUnresolvable(defsecTypes.NewUnmanagedMetadata()), + IsDefault: iacTypes.BoolUnresolvable(iacTypes.NewUnmanagedMetadata()), + VPCID: iacTypes.StringUnresolvable(iacTypes.NewUnmanagedMetadata()), } for _, sgRule := range orphanResources { if sgRule.GetAttribute("type").Equals("ingress") { @@ -94,9 +94,9 @@ func (a *naclAdapter) adaptNetworkACLs(modules terraform.Modules) []ec2.NetworkA orphanResources := modules.GetResourceByIDs(a.naclRuleIDs.Orphans()...) if len(orphanResources) > 0 { orphanage := ec2.NetworkACL{ - Metadata: defsecTypes.NewUnmanagedMetadata(), + Metadata: iacTypes.NewUnmanagedMetadata(), Rules: nil, - IsDefaultRule: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + IsDefaultRule: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), } for _, naclRule := range orphanResources { orphanage.Rules = append(orphanage.Rules, adaptNetworkACLRule(naclRule)) @@ -139,7 +139,7 @@ func (a *sgAdapter) adaptSecurityGroup(resource *terraform.Block, module terrafo Description: descriptionVal, IngressRules: ingressRules, EgressRules: egressRules, - IsDefault: defsecTypes.Bool(false, defsecTypes.NewUnmanagedMetadata()), + IsDefault: iacTypes.Bool(false, iacTypes.NewUnmanagedMetadata()), VPCID: resource.GetAttribute("vpc_id").AsStringValueOrDefault("", resource), } } @@ -148,7 +148,7 @@ func adaptSGRule(resource *terraform.Block, modules terraform.Modules) ec2.Secur ruleDescAttr := resource.GetAttribute("description") ruleDescVal := ruleDescAttr.AsStringValueOrDefault("", resource) - var cidrs []defsecTypes.StringValue + var cidrs []iacTypes.StringValue cidrBlocks := resource.GetAttribute("cidr_blocks") ipv6cidrBlocks := resource.GetAttribute("ipv6_cidr_blocks") @@ -188,20 +188,20 @@ func (a *naclAdapter) adaptNetworkACL(resource *terraform.Block, module *terrafo return ec2.NetworkACL{ Metadata: resource.GetMetadata(), Rules: networkRules, - IsDefaultRule: defsecTypes.BoolDefault(false, resource.GetMetadata()), + IsDefaultRule: iacTypes.BoolDefault(false, resource.GetMetadata()), } } func adaptNetworkACLRule(resource *terraform.Block) ec2.NetworkACLRule { - var cidrs []defsecTypes.StringValue + var cidrs []iacTypes.StringValue - typeVal := defsecTypes.StringDefault("ingress", resource.GetMetadata()) + typeVal := iacTypes.StringDefault("ingress", resource.GetMetadata()) egressAtrr := resource.GetAttribute("egress") if egressAtrr.IsTrue() { - typeVal = defsecTypes.String("egress", egressAtrr.GetMetadata()) + typeVal = iacTypes.String("egress", egressAtrr.GetMetadata()) } else if egressAtrr.IsNotNil() { - typeVal = defsecTypes.String("ingress", egressAtrr.GetMetadata()) + typeVal = iacTypes.String("ingress", egressAtrr.GetMetadata()) } actionAttr := resource.GetAttribute("rule_action") diff --git a/pkg/iac/adapters/terraform/aws/ec2/vpc_test.go b/pkg/iac/adapters/terraform/aws/ec2/vpc_test.go index 122c20a937ab..ab372f8f1084 100644 --- a/pkg/iac/adapters/terraform/aws/ec2/vpc_test.go +++ b/pkg/iac/adapters/terraform/aws/ec2/vpc_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" @@ -77,50 +77,50 @@ func Test_AdaptVPC(t *testing.T) { expected: ec2.EC2{ VPCs: []ec2.VPC{ { - Metadata: defsecTypes.NewTestMetadata(), - IsDefault: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - ID: defsecTypes.String("", defsecTypes.NewTestMetadata()), - FlowLogsEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + IsDefault: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + ID: iacTypes.String("", iacTypes.NewTestMetadata()), + FlowLogsEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, { - Metadata: defsecTypes.NewTestMetadata(), - IsDefault: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - ID: defsecTypes.String("", defsecTypes.NewTestMetadata()), - FlowLogsEnabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + IsDefault: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + ID: iacTypes.String("", iacTypes.NewTestMetadata()), + FlowLogsEnabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, SecurityGroups: []ec2.SecurityGroup{ { - Metadata: defsecTypes.NewTestMetadata(), - Description: defsecTypes.String("Allow inbound HTTP traffic", defsecTypes.NewTestMetadata()), - IsDefault: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - VPCID: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Description: iacTypes.String("Allow inbound HTTP traffic", iacTypes.NewTestMetadata()), + IsDefault: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + VPCID: iacTypes.String("", iacTypes.NewTestMetadata()), IngressRules: []ec2.SecurityGroupRule{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), - Description: defsecTypes.String("Rule #1", defsecTypes.NewTestMetadata()), - CIDRs: []defsecTypes.StringValue{ - defsecTypes.String("4.5.6.7/32", defsecTypes.NewTestMetadata()), + Description: iacTypes.String("Rule #1", iacTypes.NewTestMetadata()), + CIDRs: []iacTypes.StringValue{ + iacTypes.String("4.5.6.7/32", iacTypes.NewTestMetadata()), }, }, { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), - Description: defsecTypes.String("Rule #2", defsecTypes.NewTestMetadata()), - CIDRs: []defsecTypes.StringValue{ - defsecTypes.String("1.2.3.4/32", defsecTypes.NewTestMetadata()), - defsecTypes.String("4.5.6.7/32", defsecTypes.NewTestMetadata()), + Description: iacTypes.String("Rule #2", iacTypes.NewTestMetadata()), + CIDRs: []iacTypes.StringValue{ + iacTypes.String("1.2.3.4/32", iacTypes.NewTestMetadata()), + iacTypes.String("4.5.6.7/32", iacTypes.NewTestMetadata()), }, }, }, EgressRules: []ec2.SecurityGroupRule{ { - Metadata: defsecTypes.NewTestMetadata(), - Description: defsecTypes.String("", defsecTypes.NewTestMetadata()), - CIDRs: []defsecTypes.StringValue{ - defsecTypes.String("1.2.3.4/32", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Description: iacTypes.String("", iacTypes.NewTestMetadata()), + CIDRs: []iacTypes.StringValue{ + iacTypes.String("1.2.3.4/32", iacTypes.NewTestMetadata()), }, }, }, @@ -128,19 +128,19 @@ func Test_AdaptVPC(t *testing.T) { }, NetworkACLs: []ec2.NetworkACL{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Rules: []ec2.NetworkACLRule{ { - Metadata: defsecTypes.NewTestMetadata(), - Type: defsecTypes.String("ingress", defsecTypes.NewTestMetadata()), - Action: defsecTypes.String("allow", defsecTypes.NewTestMetadata()), - Protocol: defsecTypes.String("tcp", defsecTypes.NewTestMetadata()), - CIDRs: []defsecTypes.StringValue{ - defsecTypes.String("10.0.0.0/16", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Type: iacTypes.String("ingress", iacTypes.NewTestMetadata()), + Action: iacTypes.String("allow", iacTypes.NewTestMetadata()), + Protocol: iacTypes.String("tcp", iacTypes.NewTestMetadata()), + CIDRs: []iacTypes.StringValue{ + iacTypes.String("10.0.0.0/16", iacTypes.NewTestMetadata()), }, }, }, - IsDefaultRule: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + IsDefaultRule: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, @@ -162,37 +162,37 @@ func Test_AdaptVPC(t *testing.T) { expected: ec2.EC2{ SecurityGroups: []ec2.SecurityGroup{ { - Metadata: defsecTypes.NewTestMetadata(), - Description: defsecTypes.String("Managed by Terraform", defsecTypes.NewTestMetadata()), - IsDefault: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - VPCID: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Description: iacTypes.String("Managed by Terraform", iacTypes.NewTestMetadata()), + IsDefault: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + VPCID: iacTypes.String("", iacTypes.NewTestMetadata()), IngressRules: []ec2.SecurityGroupRule{ { - Metadata: defsecTypes.NewTestMetadata(), - Description: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Description: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, EgressRules: []ec2.SecurityGroupRule{ { - Metadata: defsecTypes.NewTestMetadata(), - Description: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Description: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, }, }, NetworkACLs: []ec2.NetworkACL{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Rules: []ec2.NetworkACLRule{ { - Metadata: defsecTypes.NewTestMetadata(), - Type: defsecTypes.String("ingress", defsecTypes.NewTestMetadata()), - Action: defsecTypes.String("", defsecTypes.NewTestMetadata()), - Protocol: defsecTypes.String("-1", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Type: iacTypes.String("ingress", iacTypes.NewTestMetadata()), + Action: iacTypes.String("", iacTypes.NewTestMetadata()), + Protocol: iacTypes.String("-1", iacTypes.NewTestMetadata()), }, }, - IsDefaultRule: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + IsDefaultRule: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, @@ -214,10 +214,10 @@ resource "aws_flow_log" "this" { expected: ec2.EC2{ VPCs: []ec2.VPC{ { - Metadata: defsecTypes.NewTestMetadata(), - IsDefault: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - ID: defsecTypes.String("", defsecTypes.NewTestMetadata()), - FlowLogsEnabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + IsDefault: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + ID: iacTypes.String("", iacTypes.NewTestMetadata()), + FlowLogsEnabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/aws/ecr/adapt.go b/pkg/iac/adapters/terraform/aws/ecr/adapt.go index 6459d4335633..57d5686dc7f7 100644 --- a/pkg/iac/adapters/terraform/aws/ecr/adapt.go +++ b/pkg/iac/adapters/terraform/aws/ecr/adapt.go @@ -7,7 +7,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ecr" iamp "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) ecr.ECR { @@ -31,14 +31,14 @@ func adaptRepository(resource *terraform.Block, module *terraform.Module, module Metadata: resource.GetMetadata(), ImageScanning: ecr.ImageScanning{ Metadata: resource.GetMetadata(), - ScanOnPush: defsecTypes.BoolDefault(false, resource.GetMetadata()), + ScanOnPush: iacTypes.BoolDefault(false, resource.GetMetadata()), }, - ImageTagsImmutable: defsecTypes.BoolDefault(false, resource.GetMetadata()), + ImageTagsImmutable: iacTypes.BoolDefault(false, resource.GetMetadata()), Policies: nil, Encryption: ecr.Encryption{ Metadata: resource.GetMetadata(), - Type: defsecTypes.StringDefault("AES256", resource.GetMetadata()), - KMSKeyID: defsecTypes.StringDefault("", resource.GetMetadata()), + Type: iacTypes.StringDefault("AES256", resource.GetMetadata()), + KMSKeyID: iacTypes.StringDefault("", resource.GetMetadata()), }, } @@ -50,9 +50,9 @@ func adaptRepository(resource *terraform.Block, module *terraform.Module, module mutabilityAttr := resource.GetAttribute("image_tag_mutability") if mutabilityAttr.Equals("IMMUTABLE") { - repo.ImageTagsImmutable = defsecTypes.Bool(true, mutabilityAttr.GetMetadata()) + repo.ImageTagsImmutable = iacTypes.Bool(true, mutabilityAttr.GetMetadata()) } else if mutabilityAttr.Equals("MUTABLE") { - repo.ImageTagsImmutable = defsecTypes.Bool(false, mutabilityAttr.GetMetadata()) + repo.ImageTagsImmutable = iacTypes.Bool(false, mutabilityAttr.GetMetadata()) } policyBlocks := module.GetReferencingResources(resource, "aws_ecr_repository_policy", "repository") @@ -69,12 +69,12 @@ func adaptRepository(resource *terraform.Block, module *terraform.Module, module policy := iamp.Policy{ Metadata: policyRes.GetMetadata(), - Name: defsecTypes.StringDefault("", policyRes.GetMetadata()), + Name: iacTypes.StringDefault("", policyRes.GetMetadata()), Document: iamp.Document{ Parsed: *parsed, Metadata: policyAttr.GetMetadata(), }, - Builtin: defsecTypes.Bool(false, policyRes.GetMetadata()), + Builtin: iacTypes.Bool(false, policyRes.GetMetadata()), } repo.Policies = append(repo.Policies, policy) @@ -82,13 +82,13 @@ func adaptRepository(resource *terraform.Block, module *terraform.Module, module if doc, err := iam.ConvertTerraformDocument(modules, dataBlock); err == nil { policy := iamp.Policy{ Metadata: policyRes.GetMetadata(), - Name: defsecTypes.StringDefault("", policyRes.GetMetadata()), + Name: iacTypes.StringDefault("", policyRes.GetMetadata()), Document: iamp.Document{ Parsed: doc.Document, Metadata: doc.Source.GetMetadata(), IsOffset: true, }, - Builtin: defsecTypes.Bool(false, policyRes.GetMetadata()), + Builtin: iacTypes.Bool(false, policyRes.GetMetadata()), } repo.Policies = append(repo.Policies, policy) } @@ -105,7 +105,7 @@ func adaptRepository(resource *terraform.Block, module *terraform.Module, module repo.Encryption.KMSKeyID = kmsKeyAttr.AsStringValueOrDefault("", encryptBlock) if kmsKeyAttr.IsResourceBlockReference("aws_kms_key") { if keyBlock, err := module.GetReferencedBlock(kmsKeyAttr, encryptBlock); err == nil { - repo.Encryption.KMSKeyID = defsecTypes.String(keyBlock.FullName(), keyBlock.GetMetadata()) + repo.Encryption.KMSKeyID = iacTypes.String(keyBlock.FullName(), keyBlock.GetMetadata()) } } } diff --git a/pkg/iac/adapters/terraform/aws/ecr/adapt_test.go b/pkg/iac/adapters/terraform/aws/ecr/adapt_test.go index 4270e406bea7..746adf8eacad 100644 --- a/pkg/iac/adapters/terraform/aws/ecr/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/ecr/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ecr" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" @@ -76,21 +76,21 @@ func Test_adaptRepository(t *testing.T) { } `, expected: ecr.Repository{ - Metadata: defsecTypes.NewTestMetadata(), - ImageTagsImmutable: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ImageTagsImmutable: iacTypes.Bool(false, iacTypes.NewTestMetadata()), ImageScanning: ecr.ImageScanning{ - Metadata: defsecTypes.NewTestMetadata(), - ScanOnPush: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ScanOnPush: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, Encryption: ecr.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - Type: defsecTypes.String("KMS", defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("aws_kms_key.ecr_kms", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Type: iacTypes.String("KMS", iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("aws_kms_key.ecr_kms", iacTypes.NewTestMetadata()), }, Policies: []iam.Policy{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.StringDefault("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.StringDefault("", iacTypes.NewTestMetadata()), Document: func() iam.Document { builder := iamgo.NewPolicyBuilder() @@ -120,10 +120,10 @@ func Test_adaptRepository(t *testing.T) { return iam.Document{ Parsed: builder.Build(), - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), } }(), - Builtin: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Builtin: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, @@ -135,16 +135,16 @@ func Test_adaptRepository(t *testing.T) { } `, expected: ecr.Repository{ - Metadata: defsecTypes.NewTestMetadata(), - ImageTagsImmutable: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ImageTagsImmutable: iacTypes.Bool(false, iacTypes.NewTestMetadata()), ImageScanning: ecr.ImageScanning{ - Metadata: defsecTypes.NewTestMetadata(), - ScanOnPush: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ScanOnPush: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, Encryption: ecr.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - Type: defsecTypes.String("AES256", defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Type: iacTypes.String("AES256", iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/aws/ecs/adapt_test.go b/pkg/iac/adapters/terraform/aws/ecs/adapt_test.go index b3b6358f0361..d7c0033cefba 100644 --- a/pkg/iac/adapters/terraform/aws/ecs/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/ecs/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ecs" @@ -32,8 +32,8 @@ func Test_adaptClusterSettings(t *testing.T) { } `, expected: ecs.ClusterSettings{ - Metadata: defsecTypes.NewTestMetadata(), - ContainerInsightsEnabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ContainerInsightsEnabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, { @@ -49,8 +49,8 @@ func Test_adaptClusterSettings(t *testing.T) { } `, expected: ecs.ClusterSettings{ - Metadata: defsecTypes.NewTestMetadata(), - ContainerInsightsEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ContainerInsightsEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, { @@ -60,8 +60,8 @@ func Test_adaptClusterSettings(t *testing.T) { } `, expected: ecs.ClusterSettings{ - Metadata: defsecTypes.NewTestMetadata(), - ContainerInsightsEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ContainerInsightsEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, } @@ -111,25 +111,25 @@ func Test_adaptTaskDefinitionResource(t *testing.T) { } `, expected: ecs.TaskDefinition{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Volumes: []ecs.Volume{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), EFSVolumeConfiguration: ecs.EFSVolumeConfiguration{ - Metadata: defsecTypes.NewTestMetadata(), - TransitEncryptionEnabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + TransitEncryptionEnabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, }, ContainerDefinitions: []ecs.ContainerDefinition{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("my_service", defsecTypes.NewTestMetadata()), - Image: defsecTypes.String("my_image", defsecTypes.NewTestMetadata()), - CPU: defsecTypes.Int(2, defsecTypes.NewTestMetadata()), - Memory: defsecTypes.Int(256, defsecTypes.NewTestMetadata()), - Essential: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - Privileged: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("my_service", iacTypes.NewTestMetadata()), + Image: iacTypes.String("my_image", iacTypes.NewTestMetadata()), + CPU: iacTypes.Int(2, iacTypes.NewTestMetadata()), + Memory: iacTypes.Int(256, iacTypes.NewTestMetadata()), + Essential: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + Privileged: iacTypes.Bool(false, iacTypes.NewTestMetadata()), Environment: []ecs.EnvVar{ { Name: "ENVIRONMENT", @@ -153,14 +153,14 @@ func Test_adaptTaskDefinitionResource(t *testing.T) { } `, expected: ecs.TaskDefinition{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Volumes: []ecs.Volume{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), EFSVolumeConfiguration: ecs.EFSVolumeConfiguration{ - Metadata: defsecTypes.NewTestMetadata(), - TransitEncryptionEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + TransitEncryptionEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/aws/efs/adapt_test.go b/pkg/iac/adapters/terraform/aws/efs/adapt_test.go index bf80b7f448d6..b5516fe97771 100644 --- a/pkg/iac/adapters/terraform/aws/efs/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/efs/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/efs" @@ -29,8 +29,8 @@ func Test_adaptFileSystem(t *testing.T) { } `, expected: efs.FileSystem{ - Metadata: defsecTypes.NewTestMetadata(), - Encrypted: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Encrypted: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, { @@ -40,8 +40,8 @@ func Test_adaptFileSystem(t *testing.T) { } `, expected: efs.FileSystem{ - Metadata: defsecTypes.NewTestMetadata(), - Encrypted: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Encrypted: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, } diff --git a/pkg/iac/adapters/terraform/aws/eks/adapt.go b/pkg/iac/adapters/terraform/aws/eks/adapt.go index 4eb84b5b64ca..6af6d5871e7a 100644 --- a/pkg/iac/adapters/terraform/aws/eks/adapt.go +++ b/pkg/iac/adapters/terraform/aws/eks/adapt.go @@ -3,7 +3,7 @@ package eks import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/eks" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) eks.EKS { @@ -28,18 +28,18 @@ func adaptCluster(resource *terraform.Block) eks.Cluster { Metadata: resource.GetMetadata(), Logging: eks.Logging{ Metadata: resource.GetMetadata(), - API: defsecTypes.BoolDefault(false, resource.GetMetadata()), - Audit: defsecTypes.BoolDefault(false, resource.GetMetadata()), - Authenticator: defsecTypes.BoolDefault(false, resource.GetMetadata()), - ControllerManager: defsecTypes.BoolDefault(false, resource.GetMetadata()), - Scheduler: defsecTypes.BoolDefault(false, resource.GetMetadata()), + API: iacTypes.BoolDefault(false, resource.GetMetadata()), + Audit: iacTypes.BoolDefault(false, resource.GetMetadata()), + Authenticator: iacTypes.BoolDefault(false, resource.GetMetadata()), + ControllerManager: iacTypes.BoolDefault(false, resource.GetMetadata()), + Scheduler: iacTypes.BoolDefault(false, resource.GetMetadata()), }, Encryption: eks.Encryption{ Metadata: resource.GetMetadata(), - Secrets: defsecTypes.BoolDefault(false, resource.GetMetadata()), - KMSKeyID: defsecTypes.StringDefault("", resource.GetMetadata()), + Secrets: iacTypes.BoolDefault(false, resource.GetMetadata()), + KMSKeyID: iacTypes.StringDefault("", resource.GetMetadata()), }, - PublicAccessEnabled: defsecTypes.BoolDefault(true, resource.GetMetadata()), + PublicAccessEnabled: iacTypes.BoolDefault(true, resource.GetMetadata()), PublicAccessCIDRs: nil, } @@ -48,15 +48,15 @@ func adaptCluster(resource *terraform.Block) eks.Cluster { for _, logType := range logTypesAttr.AsStringValues() { switch logType.Value() { case "api": - cluster.Logging.API = defsecTypes.Bool(true, logTypesAttr.GetMetadata()) + cluster.Logging.API = iacTypes.Bool(true, logTypesAttr.GetMetadata()) case "audit": - cluster.Logging.Audit = defsecTypes.Bool(true, logTypesAttr.GetMetadata()) + cluster.Logging.Audit = iacTypes.Bool(true, logTypesAttr.GetMetadata()) case "authenticator": - cluster.Logging.Authenticator = defsecTypes.Bool(true, logTypesAttr.GetMetadata()) + cluster.Logging.Authenticator = iacTypes.Bool(true, logTypesAttr.GetMetadata()) case "controllerManager": - cluster.Logging.ControllerManager = defsecTypes.Bool(true, logTypesAttr.GetMetadata()) + cluster.Logging.ControllerManager = iacTypes.Bool(true, logTypesAttr.GetMetadata()) case "scheduler": - cluster.Logging.Scheduler = defsecTypes.Bool(true, logTypesAttr.GetMetadata()) + cluster.Logging.Scheduler = iacTypes.Bool(true, logTypesAttr.GetMetadata()) } } } @@ -65,7 +65,7 @@ func adaptCluster(resource *terraform.Block) eks.Cluster { cluster.Encryption.Metadata = encryptBlock.GetMetadata() resourcesAttr := encryptBlock.GetAttribute("resources") if resourcesAttr.Contains("secrets") { - cluster.Encryption.Secrets = defsecTypes.Bool(true, resourcesAttr.GetMetadata()) + cluster.Encryption.Secrets = iacTypes.Bool(true, resourcesAttr.GetMetadata()) } if providerBlock := encryptBlock.GetBlock("provider"); providerBlock.IsNotNil() { keyArnAttr := providerBlock.GetAttribute("key_arn") @@ -83,7 +83,7 @@ func adaptCluster(resource *terraform.Block) eks.Cluster { cluster.PublicAccessCIDRs = append(cluster.PublicAccessCIDRs, cidr) } if len(cidrList) == 0 { - cluster.PublicAccessCIDRs = append(cluster.PublicAccessCIDRs, defsecTypes.StringDefault("0.0.0.0/0", vpcBlock.GetMetadata())) + cluster.PublicAccessCIDRs = append(cluster.PublicAccessCIDRs, iacTypes.StringDefault("0.0.0.0/0", vpcBlock.GetMetadata())) } } diff --git a/pkg/iac/adapters/terraform/aws/eks/adapt_test.go b/pkg/iac/adapters/terraform/aws/eks/adapt_test.go index 90093fb001f6..7b466d4a5e0c 100644 --- a/pkg/iac/adapters/terraform/aws/eks/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/eks/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/eks" @@ -41,23 +41,23 @@ func Test_adaptCluster(t *testing.T) { } `, expected: eks.Cluster{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Logging: eks.Logging{ - Metadata: defsecTypes.NewTestMetadata(), - API: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - Authenticator: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - Audit: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - Scheduler: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - ControllerManager: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + API: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + Authenticator: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + Audit: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + Scheduler: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + ControllerManager: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, Encryption: eks.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - Secrets: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("key-arn", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Secrets: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("key-arn", iacTypes.NewTestMetadata()), }, - PublicAccessEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - PublicAccessCIDRs: []defsecTypes.StringValue{ - defsecTypes.String("10.2.0.0/8", defsecTypes.NewTestMetadata()), + PublicAccessEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + PublicAccessCIDRs: []iacTypes.StringValue{ + iacTypes.String("10.2.0.0/8", iacTypes.NewTestMetadata()), }, }, }, @@ -68,21 +68,21 @@ func Test_adaptCluster(t *testing.T) { } `, expected: eks.Cluster{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Logging: eks.Logging{ - Metadata: defsecTypes.NewTestMetadata(), - API: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - Authenticator: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - Audit: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - Scheduler: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - ControllerManager: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + API: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + Authenticator: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + Audit: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + Scheduler: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + ControllerManager: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, Encryption: eks.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - Secrets: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Secrets: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("", iacTypes.NewTestMetadata()), }, - PublicAccessEnabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + PublicAccessEnabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), PublicAccessCIDRs: nil, }, }, diff --git a/pkg/iac/adapters/terraform/aws/elasticache/adapt_test.go b/pkg/iac/adapters/terraform/aws/elasticache/adapt_test.go index f7e9cf9351f9..62ee9a6bac08 100644 --- a/pkg/iac/adapters/terraform/aws/elasticache/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/elasticache/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elasticache" @@ -35,10 +35,10 @@ func Test_adaptCluster(t *testing.T) { } `, expected: elasticache.Cluster{ - Metadata: defsecTypes.NewTestMetadata(), - Engine: defsecTypes.String("redis", defsecTypes.NewTestMetadata()), - NodeType: defsecTypes.String("cache.m4.large", defsecTypes.NewTestMetadata()), - SnapshotRetentionLimit: defsecTypes.Int(5, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Engine: iacTypes.String("redis", iacTypes.NewTestMetadata()), + NodeType: iacTypes.String("cache.m4.large", iacTypes.NewTestMetadata()), + SnapshotRetentionLimit: iacTypes.Int(5, iacTypes.NewTestMetadata()), }, }, { @@ -47,10 +47,10 @@ func Test_adaptCluster(t *testing.T) { resource "aws_elasticache_cluster" "example" { }`, expected: elasticache.Cluster{ - Metadata: defsecTypes.NewTestMetadata(), - Engine: defsecTypes.String("", defsecTypes.NewTestMetadata()), - NodeType: defsecTypes.String("", defsecTypes.NewTestMetadata()), - SnapshotRetentionLimit: defsecTypes.Int(0, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Engine: iacTypes.String("", iacTypes.NewTestMetadata()), + NodeType: iacTypes.String("", iacTypes.NewTestMetadata()), + SnapshotRetentionLimit: iacTypes.Int(0, iacTypes.NewTestMetadata()), }, }, } @@ -81,9 +81,9 @@ func Test_adaptReplicationGroup(t *testing.T) { } `, expected: elasticache.ReplicationGroup{ - Metadata: defsecTypes.NewTestMetadata(), - TransitEncryptionEnabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - AtRestEncryptionEnabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + TransitEncryptionEnabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + AtRestEncryptionEnabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, { @@ -93,9 +93,9 @@ func Test_adaptReplicationGroup(t *testing.T) { } `, expected: elasticache.ReplicationGroup{ - Metadata: defsecTypes.NewTestMetadata(), - TransitEncryptionEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - AtRestEncryptionEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + TransitEncryptionEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + AtRestEncryptionEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, } @@ -129,8 +129,8 @@ func Test_adaptSecurityGroup(t *testing.T) { } `, expected: elasticache.SecurityGroup{ - Metadata: defsecTypes.NewTestMetadata(), - Description: defsecTypes.String("something", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Description: iacTypes.String("something", iacTypes.NewTestMetadata()), }, }, { @@ -145,8 +145,8 @@ func Test_adaptSecurityGroup(t *testing.T) { } `, expected: elasticache.SecurityGroup{ - Metadata: defsecTypes.NewTestMetadata(), - Description: defsecTypes.String("Managed by Terraform", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Description: iacTypes.String("Managed by Terraform", iacTypes.NewTestMetadata()), }, }, } diff --git a/pkg/iac/adapters/terraform/aws/elasticsearch/adapt.go b/pkg/iac/adapters/terraform/aws/elasticsearch/adapt.go index 27885e1b58cc..8649e64c9fdc 100644 --- a/pkg/iac/adapters/terraform/aws/elasticsearch/adapt.go +++ b/pkg/iac/adapters/terraform/aws/elasticsearch/adapt.go @@ -3,7 +3,7 @@ package elasticsearch import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elasticsearch" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) elasticsearch.Elasticsearch { @@ -25,35 +25,35 @@ func adaptDomains(modules terraform.Modules) []elasticsearch.Domain { func adaptDomain(resource *terraform.Block) elasticsearch.Domain { domain := elasticsearch.Domain{ Metadata: resource.GetMetadata(), - DomainName: defsecTypes.StringDefault("", resource.GetMetadata()), + DomainName: iacTypes.StringDefault("", resource.GetMetadata()), AccessPolicies: resource.GetAttribute("access_policies").AsStringValueOrDefault("", resource), VpcId: resource.GetAttribute("vpc_options.0.vpc_id").AsStringValueOrDefault("", resource), - DedicatedMasterEnabled: defsecTypes.Bool(false, resource.GetMetadata()), + DedicatedMasterEnabled: iacTypes.Bool(false, resource.GetMetadata()), LogPublishing: elasticsearch.LogPublishing{ Metadata: resource.GetMetadata(), - AuditEnabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), - CloudWatchLogGroupArn: defsecTypes.String("", resource.GetMetadata()), + AuditEnabled: iacTypes.BoolDefault(false, resource.GetMetadata()), + CloudWatchLogGroupArn: iacTypes.String("", resource.GetMetadata()), }, TransitEncryption: elasticsearch.TransitEncryption{ Metadata: resource.GetMetadata(), - Enabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), + Enabled: iacTypes.BoolDefault(false, resource.GetMetadata()), }, AtRestEncryption: elasticsearch.AtRestEncryption{ Metadata: resource.GetMetadata(), - Enabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), - KmsKeyId: defsecTypes.String("", resource.GetMetadata()), + Enabled: iacTypes.BoolDefault(false, resource.GetMetadata()), + KmsKeyId: iacTypes.String("", resource.GetMetadata()), }, Endpoint: elasticsearch.Endpoint{ Metadata: resource.GetMetadata(), - EnforceHTTPS: defsecTypes.BoolDefault(false, resource.GetMetadata()), - TLSPolicy: defsecTypes.StringDefault("", resource.GetMetadata()), + EnforceHTTPS: iacTypes.BoolDefault(false, resource.GetMetadata()), + TLSPolicy: iacTypes.StringDefault("", resource.GetMetadata()), }, ServiceSoftwareOptions: elasticsearch.ServiceSoftwareOptions{ Metadata: resource.GetMetadata(), - CurrentVersion: defsecTypes.String("", resource.GetMetadata()), - NewVersion: defsecTypes.String("", resource.GetMetadata()), - UpdateAvailable: defsecTypes.Bool(false, resource.GetMetadata()), - UpdateStatus: defsecTypes.String("", resource.GetMetadata()), + CurrentVersion: iacTypes.String("", resource.GetMetadata()), + NewVersion: iacTypes.String("", resource.GetMetadata()), + UpdateAvailable: iacTypes.Bool(false, resource.GetMetadata()), + UpdateStatus: iacTypes.String("", resource.GetMetadata()), }, } diff --git a/pkg/iac/adapters/terraform/aws/elasticsearch/adapt_test.go b/pkg/iac/adapters/terraform/aws/elasticsearch/adapt_test.go index c4212454742d..83e7f87d9ae5 100644 --- a/pkg/iac/adapters/terraform/aws/elasticsearch/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/elasticsearch/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elasticsearch" @@ -46,24 +46,24 @@ func Test_adaptDomain(t *testing.T) { } `, expected: elasticsearch.Domain{ - Metadata: defsecTypes.NewTestMetadata(), - DomainName: defsecTypes.String("domain-foo", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + DomainName: iacTypes.String("domain-foo", iacTypes.NewTestMetadata()), LogPublishing: elasticsearch.LogPublishing{ - Metadata: defsecTypes.NewTestMetadata(), - AuditEnabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + AuditEnabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, TransitEncryption: elasticsearch.TransitEncryption{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, AtRestEncryption: elasticsearch.AtRestEncryption{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, Endpoint: elasticsearch.Endpoint{ - Metadata: defsecTypes.NewTestMetadata(), - EnforceHTTPS: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - TLSPolicy: defsecTypes.String("Policy-Min-TLS-1-2-2019-07", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnforceHTTPS: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + TLSPolicy: iacTypes.String("Policy-Min-TLS-1-2-2019-07", iacTypes.NewTestMetadata()), }, }, }, @@ -74,24 +74,24 @@ func Test_adaptDomain(t *testing.T) { } `, expected: elasticsearch.Domain{ - Metadata: defsecTypes.NewTestMetadata(), - DomainName: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + DomainName: iacTypes.String("", iacTypes.NewTestMetadata()), LogPublishing: elasticsearch.LogPublishing{ - Metadata: defsecTypes.NewTestMetadata(), - AuditEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + AuditEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, TransitEncryption: elasticsearch.TransitEncryption{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, AtRestEncryption: elasticsearch.AtRestEncryption{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, Endpoint: elasticsearch.Endpoint{ - Metadata: defsecTypes.NewTestMetadata(), - EnforceHTTPS: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - TLSPolicy: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnforceHTTPS: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + TLSPolicy: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/aws/elb/adapt.go b/pkg/iac/adapters/terraform/aws/elb/adapt.go index c41c1bfc6a7a..2cf5ec95efe5 100644 --- a/pkg/iac/adapters/terraform/aws/elb/adapt.go +++ b/pkg/iac/adapters/terraform/aws/elb/adapt.go @@ -3,7 +3,7 @@ package elb import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elb" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) elb.ELB { @@ -36,10 +36,10 @@ func (a *adapter) adaptLoadBalancers(modules terraform.Modules) []elb.LoadBalanc orphanResources := modules.GetResourceByIDs(a.listenerIDs.Orphans()...) if len(orphanResources) > 0 { orphanage := elb.LoadBalancer{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - Type: defsecTypes.StringDefault(elb.TypeApplication, defsecTypes.NewUnmanagedMetadata()), - DropInvalidHeaderFields: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - Internal: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + Type: iacTypes.StringDefault(elb.TypeApplication, iacTypes.NewUnmanagedMetadata()), + DropInvalidHeaderFields: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + Internal: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), Listeners: nil, } for _, listenerResource := range orphanResources { @@ -85,8 +85,8 @@ func (a *adapter) adaptClassicLoadBalancer(resource *terraform.Block, module ter return elb.LoadBalancer{ Metadata: resource.GetMetadata(), - Type: defsecTypes.String("classic", resource.GetMetadata()), - DropInvalidHeaderFields: defsecTypes.BoolDefault(false, resource.GetMetadata()), + Type: iacTypes.String("classic", resource.GetMetadata()), + DropInvalidHeaderFields: iacTypes.BoolDefault(false, resource.GetMetadata()), Internal: internalVal, Listeners: nil, } @@ -95,8 +95,8 @@ func (a *adapter) adaptClassicLoadBalancer(resource *terraform.Block, module ter func adaptListener(listenerBlock *terraform.Block, typeVal string) elb.Listener { listener := elb.Listener{ Metadata: listenerBlock.GetMetadata(), - Protocol: defsecTypes.StringDefault("", listenerBlock.GetMetadata()), - TLSPolicy: defsecTypes.StringDefault("", listenerBlock.GetMetadata()), + Protocol: iacTypes.StringDefault("", listenerBlock.GetMetadata()), + TLSPolicy: iacTypes.StringDefault("", listenerBlock.GetMetadata()), DefaultActions: nil, } diff --git a/pkg/iac/adapters/terraform/aws/elb/adapt_test.go b/pkg/iac/adapters/terraform/aws/elb/adapt_test.go index 601201fb8abd..b938ce563106 100644 --- a/pkg/iac/adapters/terraform/aws/elb/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/elb/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elb" @@ -49,19 +49,19 @@ func Test_Adapt(t *testing.T) { expected: elb.ELB{ LoadBalancers: []elb.LoadBalancer{ { - Metadata: defsecTypes.NewTestMetadata(), - Type: defsecTypes.String("application", defsecTypes.NewTestMetadata()), - DropInvalidHeaderFields: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - Internal: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Type: iacTypes.String("application", iacTypes.NewTestMetadata()), + DropInvalidHeaderFields: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + Internal: iacTypes.Bool(true, iacTypes.NewTestMetadata()), Listeners: []elb.Listener{ { - Metadata: defsecTypes.NewTestMetadata(), - Protocol: defsecTypes.String("HTTPS", defsecTypes.NewTestMetadata()), - TLSPolicy: defsecTypes.String("ELBSecurityPolicy-TLS-1-1-2017-01", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Protocol: iacTypes.String("HTTPS", iacTypes.NewTestMetadata()), + TLSPolicy: iacTypes.String("ELBSecurityPolicy-TLS-1-1-2017-01", iacTypes.NewTestMetadata()), DefaultActions: []elb.Action{ { - Metadata: defsecTypes.NewTestMetadata(), - Type: defsecTypes.String("forward", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Type: iacTypes.String("forward", iacTypes.NewTestMetadata()), }, }, }, @@ -79,10 +79,10 @@ func Test_Adapt(t *testing.T) { expected: elb.ELB{ LoadBalancers: []elb.LoadBalancer{ { - Metadata: defsecTypes.NewTestMetadata(), - Type: defsecTypes.String("application", defsecTypes.NewTestMetadata()), - DropInvalidHeaderFields: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - Internal: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Type: iacTypes.String("application", iacTypes.NewTestMetadata()), + DropInvalidHeaderFields: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + Internal: iacTypes.Bool(false, iacTypes.NewTestMetadata()), Listeners: nil, }, }, diff --git a/pkg/iac/adapters/terraform/aws/emr/adapt_test.go b/pkg/iac/adapters/terraform/aws/emr/adapt_test.go index fb57edb67daf..5b0e43f4186a 100644 --- a/pkg/iac/adapters/terraform/aws/emr/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/emr/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/emr" "github.com/stretchr/testify/assert" @@ -42,9 +42,9 @@ func Test_adaptSecurityConfiguration(t *testing.T) { EOF }`, expected: emr.SecurityConfiguration{ - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.StringExplicit("emrsc_test", defsecTypes.NewTestMetadata()), - Configuration: defsecTypes.String( + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.StringExplicit("emrsc_test", iacTypes.NewTestMetadata()), + Configuration: iacTypes.String( ` { "EncryptionConfiguration": { "AtRestEncryptionConfiguration": { @@ -60,7 +60,7 @@ func Test_adaptSecurityConfiguration(t *testing.T) { "EnableAtRestEncryption": true } } -`, defsecTypes.NewTestMetadata()), +`, iacTypes.NewTestMetadata()), }, }, } diff --git a/pkg/iac/adapters/terraform/aws/iam/groups_test.go b/pkg/iac/adapters/terraform/aws/iam/groups_test.go index 759eec4df4d7..f522130b30d2 100644 --- a/pkg/iac/adapters/terraform/aws/iam/groups_test.go +++ b/pkg/iac/adapters/terraform/aws/iam/groups_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" ) @@ -47,12 +47,12 @@ func Test_adaptGroups(t *testing.T) { `, expected: []iam.Group{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("developers", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("developers", iacTypes.NewTestMetadata()), Policies: []iam.Policy{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("my_developer_policy", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("my_developer_policy", iacTypes.NewTestMetadata()), Document: defaultPolicyDocuemnt(false), }, }, @@ -90,12 +90,12 @@ resource "aws_iam_group_policy_attachment" "test-attach" { `, expected: []iam.Group{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("test-group", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("test-group", iacTypes.NewTestMetadata()), Policies: []iam.Policy{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("test-policy", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("test-policy", iacTypes.NewTestMetadata()), Document: defaultPolicyDocuemnt(false), }, }, diff --git a/pkg/iac/adapters/terraform/aws/iam/passwords.go b/pkg/iac/adapters/terraform/aws/iam/passwords.go index d3f4783dc105..cc8e2513a4b2 100644 --- a/pkg/iac/adapters/terraform/aws/iam/passwords.go +++ b/pkg/iac/adapters/terraform/aws/iam/passwords.go @@ -5,20 +5,20 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptPasswordPolicy(modules terraform.Modules) iam.PasswordPolicy { policy := iam.PasswordPolicy{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - ReusePreventionCount: defsecTypes.IntDefault(0, defsecTypes.NewUnmanagedMetadata()), - RequireLowercase: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - RequireUppercase: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - RequireNumbers: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - RequireSymbols: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - MaxAgeDays: defsecTypes.IntDefault(math.MaxInt, defsecTypes.NewUnmanagedMetadata()), - MinimumLength: defsecTypes.IntDefault(0, defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + ReusePreventionCount: iacTypes.IntDefault(0, iacTypes.NewUnmanagedMetadata()), + RequireLowercase: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + RequireUppercase: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + RequireNumbers: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + RequireSymbols: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + MaxAgeDays: iacTypes.IntDefault(math.MaxInt, iacTypes.NewUnmanagedMetadata()), + MinimumLength: iacTypes.IntDefault(0, iacTypes.NewUnmanagedMetadata()), } passwordPolicies := modules.GetResourcesByType("aws_iam_account_password_policy") @@ -32,42 +32,42 @@ func adaptPasswordPolicy(modules terraform.Modules) iam.PasswordPolicy { policy.Metadata = policyBlock.GetMetadata() if attr := policyBlock.GetAttribute("require_lowercase_characters"); attr.IsNotNil() { - policy.RequireLowercase = defsecTypes.BoolExplicit(attr.IsTrue(), attr.GetMetadata()) + policy.RequireLowercase = iacTypes.BoolExplicit(attr.IsTrue(), attr.GetMetadata()) } else { - policy.RequireLowercase = defsecTypes.BoolDefault(false, policyBlock.GetMetadata()) + policy.RequireLowercase = iacTypes.BoolDefault(false, policyBlock.GetMetadata()) } if attr := policyBlock.GetAttribute("require_uppercase_characters"); attr.IsNotNil() { - policy.RequireUppercase = defsecTypes.BoolExplicit(attr.IsTrue(), attr.GetMetadata()) + policy.RequireUppercase = iacTypes.BoolExplicit(attr.IsTrue(), attr.GetMetadata()) } else { - policy.RequireUppercase = defsecTypes.BoolDefault(false, policyBlock.GetMetadata()) + policy.RequireUppercase = iacTypes.BoolDefault(false, policyBlock.GetMetadata()) } if attr := policyBlock.GetAttribute("require_numbers"); attr.IsNotNil() { - policy.RequireNumbers = defsecTypes.BoolExplicit(attr.IsTrue(), attr.GetMetadata()) + policy.RequireNumbers = iacTypes.BoolExplicit(attr.IsTrue(), attr.GetMetadata()) } else { - policy.RequireNumbers = defsecTypes.BoolDefault(false, policyBlock.GetMetadata()) + policy.RequireNumbers = iacTypes.BoolDefault(false, policyBlock.GetMetadata()) } if attr := policyBlock.GetAttribute("require_symbols"); attr.IsNotNil() { - policy.RequireSymbols = defsecTypes.BoolExplicit(attr.IsTrue(), attr.GetMetadata()) + policy.RequireSymbols = iacTypes.BoolExplicit(attr.IsTrue(), attr.GetMetadata()) } else { - policy.RequireSymbols = defsecTypes.BoolDefault(false, policyBlock.GetMetadata()) + policy.RequireSymbols = iacTypes.BoolDefault(false, policyBlock.GetMetadata()) } if attr := policyBlock.GetAttribute("password_reuse_prevention"); attr.IsNumber() { value := attr.AsNumber() - policy.ReusePreventionCount = defsecTypes.IntExplicit(int(value), attr.GetMetadata()) + policy.ReusePreventionCount = iacTypes.IntExplicit(int(value), attr.GetMetadata()) } else { - policy.ReusePreventionCount = defsecTypes.IntDefault(0, policyBlock.GetMetadata()) + policy.ReusePreventionCount = iacTypes.IntDefault(0, policyBlock.GetMetadata()) } if attr := policyBlock.GetAttribute("max_password_age"); attr.IsNumber() { value := attr.AsNumber() - policy.MaxAgeDays = defsecTypes.IntExplicit(int(value), attr.GetMetadata()) + policy.MaxAgeDays = iacTypes.IntExplicit(int(value), attr.GetMetadata()) } else { - policy.MaxAgeDays = defsecTypes.IntDefault(math.MaxInt, policyBlock.GetMetadata()) + policy.MaxAgeDays = iacTypes.IntDefault(math.MaxInt, policyBlock.GetMetadata()) } if attr := policyBlock.GetAttribute("minimum_password_length"); attr.IsNumber() { value := attr.AsNumber() - policy.MinimumLength = defsecTypes.IntExplicit(int(value), attr.GetMetadata()) + policy.MinimumLength = iacTypes.IntExplicit(int(value), attr.GetMetadata()) } else { - policy.MinimumLength = defsecTypes.IntDefault(0, policyBlock.GetMetadata()) + policy.MinimumLength = iacTypes.IntDefault(0, policyBlock.GetMetadata()) } return policy diff --git a/pkg/iac/adapters/terraform/aws/iam/passwords_test.go b/pkg/iac/adapters/terraform/aws/iam/passwords_test.go index 263bdaad75f5..ca94ce305147 100644 --- a/pkg/iac/adapters/terraform/aws/iam/passwords_test.go +++ b/pkg/iac/adapters/terraform/aws/iam/passwords_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" ) @@ -31,14 +31,14 @@ func Test_adaptPasswordPolicy(t *testing.T) { } `, expected: iam.PasswordPolicy{ - Metadata: defsecTypes.NewTestMetadata(), - ReusePreventionCount: defsecTypes.Int(3, defsecTypes.NewTestMetadata()), - RequireLowercase: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - RequireUppercase: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - RequireNumbers: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - RequireSymbols: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - MaxAgeDays: defsecTypes.Int(90, defsecTypes.NewTestMetadata()), - MinimumLength: defsecTypes.Int(8, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ReusePreventionCount: iacTypes.Int(3, iacTypes.NewTestMetadata()), + RequireLowercase: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + RequireUppercase: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + RequireNumbers: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + RequireSymbols: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + MaxAgeDays: iacTypes.Int(90, iacTypes.NewTestMetadata()), + MinimumLength: iacTypes.Int(8, iacTypes.NewTestMetadata()), }, }, } diff --git a/pkg/iac/adapters/terraform/aws/iam/policies.go b/pkg/iac/adapters/terraform/aws/iam/policies.go index a68bb7126ad8..94b132eddf90 100644 --- a/pkg/iac/adapters/terraform/aws/iam/policies.go +++ b/pkg/iac/adapters/terraform/aws/iam/policies.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func parsePolicy(policyBlock *terraform.Block, modules terraform.Modules) (iam.Policy, error) { @@ -13,12 +13,12 @@ func parsePolicy(policyBlock *terraform.Block, modules terraform.Modules) (iam.P Metadata: policyBlock.GetMetadata(), Name: policyBlock.GetAttribute("name").AsStringValueOrDefault("", policyBlock), Document: iam.Document{ - Metadata: defsecTypes.NewUnmanagedMetadata(), + Metadata: iacTypes.NewUnmanagedMetadata(), Parsed: iamgo.Document{}, IsOffset: false, HasRefs: false, }, - Builtin: defsecTypes.Bool(false, policyBlock.GetMetadata()), + Builtin: iacTypes.Bool(false, policyBlock.GetMetadata()), } var err error doc, err := ParsePolicyFromAttr(policyBlock.GetAttribute("policy"), policyBlock, modules) diff --git a/pkg/iac/adapters/terraform/aws/iam/policies_test.go b/pkg/iac/adapters/terraform/aws/iam/policies_test.go index 0d0411bc7a6d..5e70f4da8bec 100644 --- a/pkg/iac/adapters/terraform/aws/iam/policies_test.go +++ b/pkg/iac/adapters/terraform/aws/iam/policies_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" "github.com/liamg/iamgo" @@ -25,7 +25,7 @@ func defaultPolicyDocuemnt(offset bool) iam.Document { return iam.Document{ Parsed: builder.Build(), - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), IsOffset: offset, HasRefs: false, } @@ -59,10 +59,10 @@ func Test_adaptPolicies(t *testing.T) { `, expected: []iam.Policy{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("test", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("test", iacTypes.NewTestMetadata()), Document: defaultPolicyDocuemnt(false), - Builtin: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Builtin: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, @@ -95,11 +95,11 @@ resource "aws_iam_policy" "this" { `, expected: []iam.Policy{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("test-0", defsecTypes.NewTestMetadata()), - Builtin: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("test-0", iacTypes.NewTestMetadata()), + Builtin: iacTypes.Bool(false, iacTypes.NewTestMetadata()), Document: iam.Document{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), IsOffset: true, HasRefs: false, Parsed: func() iamgo.Document { @@ -146,11 +146,11 @@ resource "aws_iam_policy" "this" { }`, expected: []iam.Policy{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("test-sqs1", defsecTypes.NewTestMetadata()), - Builtin: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("test-sqs1", iacTypes.NewTestMetadata()), + Builtin: iacTypes.Bool(false, iacTypes.NewTestMetadata()), Document: iam.Document{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), IsOffset: true, HasRefs: false, Parsed: func() iamgo.Document { diff --git a/pkg/iac/adapters/terraform/aws/iam/roles_test.go b/pkg/iac/adapters/terraform/aws/iam/roles_test.go index 733501f1f931..bd7058f74efa 100644 --- a/pkg/iac/adapters/terraform/aws/iam/roles_test.go +++ b/pkg/iac/adapters/terraform/aws/iam/roles_test.go @@ -7,7 +7,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Test_adaptRoles(t *testing.T) { @@ -53,12 +53,12 @@ data "aws_iam_policy_document" "policy" { `, expected: []iam.Role{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("test_role", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("test_role", iacTypes.NewTestMetadata()), Policies: []iam.Policy{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("test_policy", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("test_policy", iacTypes.NewTestMetadata()), Document: defaultPolicyDocuemnt(true), }, }, @@ -95,12 +95,12 @@ resource "aws_iam_role_policy_attachment" "test-attach" { `, expected: []iam.Role{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("test-role", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("test-role", iacTypes.NewTestMetadata()), Policies: []iam.Policy{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("test-policy", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("test-policy", iacTypes.NewTestMetadata()), Document: defaultPolicyDocuemnt(true), }, }, @@ -131,12 +131,12 @@ resource "aws_iam_role" "example" { `, expected: []iam.Role{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("test-role", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("test-role", iacTypes.NewTestMetadata()), Policies: []iam.Policy{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("my_inline_policy", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("my_inline_policy", iacTypes.NewTestMetadata()), Document: defaultPolicyDocuemnt(false), }, }, @@ -181,23 +181,23 @@ resource "aws_iam_role_policy_attachment" "this" { `, expected: []iam.Role{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("test-role1", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("test-role1", iacTypes.NewTestMetadata()), Policies: []iam.Policy{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("test-role1-policy", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("test-role1-policy", iacTypes.NewTestMetadata()), Document: defaultPolicyDocuemnt(true), }, }, }, { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("test-role2", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("test-role2", iacTypes.NewTestMetadata()), Policies: []iam.Policy{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("test-role2-policy", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("test-role2-policy", iacTypes.NewTestMetadata()), Document: defaultPolicyDocuemnt(true), }, }, diff --git a/pkg/iac/adapters/terraform/aws/iam/users.go b/pkg/iac/adapters/terraform/aws/iam/users.go index 81b8f8350e82..ec311d21c5c0 100644 --- a/pkg/iac/adapters/terraform/aws/iam/users.go +++ b/pkg/iac/adapters/terraform/aws/iam/users.go @@ -3,7 +3,7 @@ package iam import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptUsers(modules terraform.Modules) []iam.User { @@ -13,7 +13,7 @@ func adaptUsers(modules terraform.Modules) []iam.User { user := iam.User{ Metadata: userBlock.GetMetadata(), Name: userBlock.GetAttribute("name").AsStringValueOrDefault("", userBlock), - LastAccess: defsecTypes.TimeUnresolvable(userBlock.GetMetadata()), + LastAccess: iacTypes.TimeUnresolvable(userBlock.GetMetadata()), } if policy, ok := applyForDependentResource( @@ -42,15 +42,15 @@ func adaptUsers(modules terraform.Modules) []iam.User { func adaptAccessKey(block *terraform.Block) iam.AccessKey { - active := defsecTypes.BoolDefault(true, block.GetMetadata()) + active := iacTypes.BoolDefault(true, block.GetMetadata()) if activeAttr := block.GetAttribute("status"); activeAttr.IsString() { - active = defsecTypes.Bool(activeAttr.Equals("Active"), activeAttr.GetMetadata()) + active = iacTypes.Bool(activeAttr.Equals("Active"), activeAttr.GetMetadata()) } return iam.AccessKey{ Metadata: block.GetMetadata(), - AccessKeyId: defsecTypes.StringUnresolvable(block.GetMetadata()), - CreationDate: defsecTypes.TimeUnresolvable(block.GetMetadata()), - LastAccess: defsecTypes.TimeUnresolvable(block.GetMetadata()), + AccessKeyId: iacTypes.StringUnresolvable(block.GetMetadata()), + CreationDate: iacTypes.TimeUnresolvable(block.GetMetadata()), + LastAccess: iacTypes.TimeUnresolvable(block.GetMetadata()), Active: active, } } diff --git a/pkg/iac/adapters/terraform/aws/iam/users_test.go b/pkg/iac/adapters/terraform/aws/iam/users_test.go index 8e7cd4fa93fe..be79d1d644d6 100644 --- a/pkg/iac/adapters/terraform/aws/iam/users_test.go +++ b/pkg/iac/adapters/terraform/aws/iam/users_test.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Test_adaptUsers(t *testing.T) { @@ -44,15 +44,15 @@ resource "aws_iam_user_policy" "policy" { `, expected: []iam.User{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("loadbalancer", defsecTypes.NewTestMetadata()), - LastAccess: defsecTypes.TimeUnresolvable(defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("loadbalancer", iacTypes.NewTestMetadata()), + LastAccess: iacTypes.TimeUnresolvable(iacTypes.NewTestMetadata()), Policies: []iam.Policy{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("test", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("test", iacTypes.NewTestMetadata()), Document: defaultPolicyDocuemnt(false), - Builtin: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Builtin: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, @@ -89,15 +89,15 @@ resource "aws_iam_user_policy_attachment" "test-attach" { `, expected: []iam.User{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("test-user", defsecTypes.NewTestMetadata()), - LastAccess: defsecTypes.TimeUnresolvable(defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("test-user", iacTypes.NewTestMetadata()), + LastAccess: iacTypes.TimeUnresolvable(iacTypes.NewTestMetadata()), Policies: []iam.Policy{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("test-policy", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("test-policy", iacTypes.NewTestMetadata()), Document: defaultPolicyDocuemnt(false), - Builtin: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Builtin: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, @@ -119,14 +119,14 @@ resource "aws_iam_user" "lb" { `, expected: []iam.User{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("loadbalafncer", defsecTypes.NewTestMetadata()), - LastAccess: defsecTypes.TimeUnresolvable(defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("loadbalafncer", iacTypes.NewTestMetadata()), + LastAccess: iacTypes.TimeUnresolvable(iacTypes.NewTestMetadata()), Policies: nil, AccessKeys: []iam.AccessKey{ { - Metadata: defsecTypes.NewTestMetadata(), - Active: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Active: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, }, @@ -147,14 +147,14 @@ resource "aws_iam_user" "lb" { `, expected: []iam.User{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("loadbalafncer", defsecTypes.NewTestMetadata()), - LastAccess: defsecTypes.TimeUnresolvable(defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("loadbalafncer", iacTypes.NewTestMetadata()), + LastAccess: iacTypes.TimeUnresolvable(iacTypes.NewTestMetadata()), Policies: nil, AccessKeys: []iam.AccessKey{ { - Metadata: defsecTypes.NewTestMetadata(), - Active: defsecTypes.BoolDefault(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Active: iacTypes.BoolDefault(true, iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/aws/kinesis/adapt_test.go b/pkg/iac/adapters/terraform/aws/kinesis/adapt_test.go index ee13327de543..c1138d2f7748 100644 --- a/pkg/iac/adapters/terraform/aws/kinesis/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/kinesis/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/kinesis" @@ -28,11 +28,11 @@ func Test_adaptStream(t *testing.T) { } `, expected: kinesis.Stream{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Encryption: kinesis.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - Type: defsecTypes.String("KMS", defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("my/special/key", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Type: iacTypes.String("KMS", iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("my/special/key", iacTypes.NewTestMetadata()), }, }, }, @@ -43,11 +43,11 @@ func Test_adaptStream(t *testing.T) { } `, expected: kinesis.Stream{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Encryption: kinesis.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - Type: defsecTypes.String("NONE", defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Type: iacTypes.String("NONE", iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/aws/kms/adapt_test.go b/pkg/iac/adapters/terraform/aws/kms/adapt_test.go index 4b466e8310ef..721d0ee19d66 100644 --- a/pkg/iac/adapters/terraform/aws/kms/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/kms/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/kms" @@ -28,8 +28,8 @@ func Test_adaptKey(t *testing.T) { } `, expected: kms.Key{ - Usage: defsecTypes.String(kms.KeyUsageSignAndVerify, defsecTypes.NewTestMetadata()), - RotationEnabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Usage: iacTypes.String(kms.KeyUsageSignAndVerify, iacTypes.NewTestMetadata()), + RotationEnabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, { @@ -39,8 +39,8 @@ func Test_adaptKey(t *testing.T) { } `, expected: kms.Key{ - Usage: defsecTypes.String("ENCRYPT_DECRYPT", defsecTypes.NewTestMetadata()), - RotationEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Usage: iacTypes.String("ENCRYPT_DECRYPT", iacTypes.NewTestMetadata()), + RotationEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, } diff --git a/pkg/iac/adapters/terraform/aws/lambda/adapt.go b/pkg/iac/adapters/terraform/aws/lambda/adapt.go index b6766f67f2c4..3a28107d2197 100644 --- a/pkg/iac/adapters/terraform/aws/lambda/adapt.go +++ b/pkg/iac/adapters/terraform/aws/lambda/adapt.go @@ -3,7 +3,7 @@ package lambda import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/lambda" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) lambda.Lambda { @@ -34,10 +34,10 @@ func (a *adapter) adaptFunctions(modules terraform.Modules) []lambda.Function { if len(orphanResources) > 0 { orphanage := lambda.Function{ - Metadata: defsecTypes.NewUnmanagedMetadata(), + Metadata: iacTypes.NewUnmanagedMetadata(), Tracing: lambda.Tracing{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - Mode: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + Mode: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), }, Permissions: nil, } @@ -78,7 +78,7 @@ func (a *adapter) adaptTracing(function *terraform.Block) lambda.Tracing { return lambda.Tracing{ Metadata: function.GetMetadata(), - Mode: defsecTypes.StringDefault("", function.GetMetadata()), + Mode: iacTypes.StringDefault("", function.GetMetadata()), } } @@ -87,7 +87,7 @@ func (a *adapter) adaptPermission(permission *terraform.Block) lambda.Permission sourceARN := sourceARNAttr.AsStringValueOrDefault("", permission) if len(sourceARNAttr.AllReferences()) > 0 { - sourceARN = defsecTypes.String(sourceARNAttr.AllReferences()[0].NameLabel(), sourceARNAttr.GetMetadata()) + sourceARN = iacTypes.String(sourceARNAttr.AllReferences()[0].NameLabel(), sourceARNAttr.GetMetadata()) } return lambda.Permission{ diff --git a/pkg/iac/adapters/terraform/aws/lambda/adapt_test.go b/pkg/iac/adapters/terraform/aws/lambda/adapt_test.go index c38b1209ff70..8ec555c7d90f 100644 --- a/pkg/iac/adapters/terraform/aws/lambda/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/lambda/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/lambda" "github.com/stretchr/testify/assert" @@ -43,16 +43,16 @@ func Test_Adapt(t *testing.T) { expected: lambda.Lambda{ Functions: []lambda.Function{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Tracing: lambda.Tracing{ - Metadata: defsecTypes.NewTestMetadata(), - Mode: defsecTypes.String("Passthrough", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Mode: iacTypes.String("Passthrough", iacTypes.NewTestMetadata()), }, Permissions: []lambda.Permission{ { - Metadata: defsecTypes.NewTestMetadata(), - Principal: defsecTypes.String("sns.amazonaws.com", defsecTypes.NewTestMetadata()), - SourceARN: defsecTypes.String("default", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Principal: iacTypes.String("sns.amazonaws.com", iacTypes.NewTestMetadata()), + SourceARN: iacTypes.String("default", iacTypes.NewTestMetadata()), }, }, }, @@ -73,23 +73,23 @@ func Test_Adapt(t *testing.T) { expected: lambda.Lambda{ Functions: []lambda.Function{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Tracing: lambda.Tracing{ - Metadata: defsecTypes.NewTestMetadata(), - Mode: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Mode: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Tracing: lambda.Tracing{ - Metadata: defsecTypes.NewTestMetadata(), - Mode: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Mode: iacTypes.String("", iacTypes.NewTestMetadata()), }, Permissions: []lambda.Permission{ { - Metadata: defsecTypes.NewTestMetadata(), - Principal: defsecTypes.String("", defsecTypes.NewTestMetadata()), - SourceARN: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Principal: iacTypes.String("", iacTypes.NewTestMetadata()), + SourceARN: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/aws/mq/adapt_test.go b/pkg/iac/adapters/terraform/aws/mq/adapt_test.go index 5eefdf03dcd4..fe8d77432b62 100644 --- a/pkg/iac/adapters/terraform/aws/mq/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/mq/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/mq" @@ -31,12 +31,12 @@ func Test_adaptBroker(t *testing.T) { } `, expected: mq.Broker{ - Metadata: defsecTypes.NewTestMetadata(), - PublicAccess: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + PublicAccess: iacTypes.Bool(false, iacTypes.NewTestMetadata()), Logging: mq.Logging{ - Metadata: defsecTypes.NewTestMetadata(), - General: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - Audit: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + General: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + Audit: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, }, @@ -52,12 +52,12 @@ func Test_adaptBroker(t *testing.T) { } `, expected: mq.Broker{ - Metadata: defsecTypes.NewTestMetadata(), - PublicAccess: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + PublicAccess: iacTypes.Bool(true, iacTypes.NewTestMetadata()), Logging: mq.Logging{ - Metadata: defsecTypes.NewTestMetadata(), - General: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - Audit: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + General: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + Audit: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, @@ -68,12 +68,12 @@ func Test_adaptBroker(t *testing.T) { } `, expected: mq.Broker{ - Metadata: defsecTypes.NewTestMetadata(), - PublicAccess: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + PublicAccess: iacTypes.Bool(false, iacTypes.NewTestMetadata()), Logging: mq.Logging{ - Metadata: defsecTypes.NewTestMetadata(), - General: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - Audit: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + General: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + Audit: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/aws/msk/adapt.go b/pkg/iac/adapters/terraform/aws/msk/adapt.go index 72a720362860..520b68b2a06c 100644 --- a/pkg/iac/adapters/terraform/aws/msk/adapt.go +++ b/pkg/iac/adapters/terraform/aws/msk/adapt.go @@ -3,7 +3,7 @@ package msk import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/msk" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) msk.MSK { @@ -27,12 +27,12 @@ func adaptCluster(resource *terraform.Block) msk.Cluster { Metadata: resource.GetMetadata(), EncryptionInTransit: msk.EncryptionInTransit{ Metadata: resource.GetMetadata(), - ClientBroker: defsecTypes.StringDefault("TLS_PLAINTEXT", resource.GetMetadata()), + ClientBroker: iacTypes.StringDefault("TLS_PLAINTEXT", resource.GetMetadata()), }, EncryptionAtRest: msk.EncryptionAtRest{ Metadata: resource.GetMetadata(), - KMSKeyARN: defsecTypes.StringDefault("", resource.GetMetadata()), - Enabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), + KMSKeyARN: iacTypes.StringDefault("", resource.GetMetadata()), + Enabled: iacTypes.BoolDefault(false, resource.GetMetadata()), }, Logging: msk.Logging{ Metadata: resource.GetMetadata(), @@ -40,15 +40,15 @@ func adaptCluster(resource *terraform.Block) msk.Cluster { Metadata: resource.GetMetadata(), S3: msk.S3Logging{ Metadata: resource.GetMetadata(), - Enabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), + Enabled: iacTypes.BoolDefault(false, resource.GetMetadata()), }, Cloudwatch: msk.CloudwatchLogging{ Metadata: resource.GetMetadata(), - Enabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), + Enabled: iacTypes.BoolDefault(false, resource.GetMetadata()), }, Firehose: msk.FirehoseLogging{ Metadata: resource.GetMetadata(), - Enabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), + Enabled: iacTypes.BoolDefault(false, resource.GetMetadata()), }, }, }, @@ -65,7 +65,7 @@ func adaptCluster(resource *terraform.Block) msk.Cluster { if encryptionAtRestAttr := encryptBlock.GetAttribute("encryption_at_rest_kms_key_arn"); encryptionAtRestAttr.IsNotNil() { cluster.EncryptionAtRest.Metadata = encryptionAtRestAttr.GetMetadata() cluster.EncryptionAtRest.KMSKeyARN = encryptionAtRestAttr.AsStringValueOrDefault("", encryptBlock) - cluster.EncryptionAtRest.Enabled = defsecTypes.Bool(true, encryptionAtRestAttr.GetMetadata()) + cluster.EncryptionAtRest.Enabled = iacTypes.Bool(true, encryptionAtRestAttr.GetMetadata()) } } diff --git a/pkg/iac/adapters/terraform/aws/msk/adapt_test.go b/pkg/iac/adapters/terraform/aws/msk/adapt_test.go index f6a323ed79a7..dae131487b4f 100644 --- a/pkg/iac/adapters/terraform/aws/msk/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/msk/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/msk" @@ -53,31 +53,31 @@ func Test_adaptCluster(t *testing.T) { } `, expected: msk.Cluster{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), EncryptionInTransit: msk.EncryptionInTransit{ - Metadata: defsecTypes.NewTestMetadata(), - ClientBroker: defsecTypes.String("TLS", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ClientBroker: iacTypes.String("TLS", iacTypes.NewTestMetadata()), }, EncryptionAtRest: msk.EncryptionAtRest{ - Metadata: defsecTypes.NewTestMetadata(), - KMSKeyARN: defsecTypes.String("foo-bar-key", defsecTypes.NewTestMetadata()), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + KMSKeyARN: iacTypes.String("foo-bar-key", iacTypes.NewTestMetadata()), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, Logging: msk.Logging{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Broker: msk.BrokerLogging{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), S3: msk.S3Logging{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, Cloudwatch: msk.CloudwatchLogging{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, Firehose: msk.FirehoseLogging{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, }, @@ -90,26 +90,26 @@ func Test_adaptCluster(t *testing.T) { } `, expected: msk.Cluster{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), EncryptionInTransit: msk.EncryptionInTransit{ - Metadata: defsecTypes.NewTestMetadata(), - ClientBroker: defsecTypes.String("TLS_PLAINTEXT", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ClientBroker: iacTypes.String("TLS_PLAINTEXT", iacTypes.NewTestMetadata()), }, Logging: msk.Logging{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Broker: msk.BrokerLogging{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), S3: msk.S3Logging{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, Cloudwatch: msk.CloudwatchLogging{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, Firehose: msk.FirehoseLogging{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/aws/neptune/adapt.go b/pkg/iac/adapters/terraform/aws/neptune/adapt.go index 7f619a89028c..2dc3e344b110 100644 --- a/pkg/iac/adapters/terraform/aws/neptune/adapt.go +++ b/pkg/iac/adapters/terraform/aws/neptune/adapt.go @@ -3,7 +3,7 @@ package neptune import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/neptune" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) neptune.Neptune { @@ -27,16 +27,16 @@ func adaptCluster(resource *terraform.Block) neptune.Cluster { Metadata: resource.GetMetadata(), Logging: neptune.Logging{ Metadata: resource.GetMetadata(), - Audit: defsecTypes.BoolDefault(false, resource.GetMetadata()), + Audit: iacTypes.BoolDefault(false, resource.GetMetadata()), }, - StorageEncrypted: defsecTypes.BoolDefault(false, resource.GetMetadata()), - KMSKeyID: defsecTypes.StringDefault("", resource.GetMetadata()), + StorageEncrypted: iacTypes.BoolDefault(false, resource.GetMetadata()), + KMSKeyID: iacTypes.StringDefault("", resource.GetMetadata()), } if enableLogExportsAttr := resource.GetAttribute("enable_cloudwatch_logs_exports"); enableLogExportsAttr.IsNotNil() { cluster.Logging.Metadata = enableLogExportsAttr.GetMetadata() if enableLogExportsAttr.Contains("audit") { - cluster.Logging.Audit = defsecTypes.Bool(true, enableLogExportsAttr.GetMetadata()) + cluster.Logging.Audit = iacTypes.Bool(true, enableLogExportsAttr.GetMetadata()) } } diff --git a/pkg/iac/adapters/terraform/aws/neptune/adapt_test.go b/pkg/iac/adapters/terraform/aws/neptune/adapt_test.go index 28c0ef6c46fc..5ad4f3de82ad 100644 --- a/pkg/iac/adapters/terraform/aws/neptune/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/neptune/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/neptune" @@ -29,13 +29,13 @@ func Test_adaptCluster(t *testing.T) { } `, expected: neptune.Cluster{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Logging: neptune.Logging{ - Metadata: defsecTypes.NewTestMetadata(), - Audit: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Audit: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, - StorageEncrypted: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("kms-key", defsecTypes.NewTestMetadata()), + StorageEncrypted: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("kms-key", iacTypes.NewTestMetadata()), }, }, { @@ -45,13 +45,13 @@ func Test_adaptCluster(t *testing.T) { } `, expected: neptune.Cluster{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Logging: neptune.Logging{ - Metadata: defsecTypes.NewTestMetadata(), - Audit: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Audit: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, - StorageEncrypted: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("", defsecTypes.NewTestMetadata()), + StorageEncrypted: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, } diff --git a/pkg/iac/adapters/terraform/aws/rds/adapt.go b/pkg/iac/adapters/terraform/aws/rds/adapt.go index cfbd86516d0e..d99821c23950 100644 --- a/pkg/iac/adapters/terraform/aws/rds/adapt.go +++ b/pkg/iac/adapters/terraform/aws/rds/adapt.go @@ -3,7 +3,7 @@ package rds import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/rds" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) rds.RDS { @@ -55,24 +55,24 @@ func getClusters(modules terraform.Modules) (clusters []rds.Cluster) { if len(orphanResources) > 0 { orphanage := rds.Cluster{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - BackupRetentionPeriodDays: defsecTypes.IntDefault(1, defsecTypes.NewUnmanagedMetadata()), - ReplicationSourceARN: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + BackupRetentionPeriodDays: iacTypes.IntDefault(1, iacTypes.NewUnmanagedMetadata()), + ReplicationSourceARN: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), PerformanceInsights: rds.PerformanceInsights{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - Enabled: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - KMSKeyID: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + Enabled: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + KMSKeyID: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), }, Instances: nil, Encryption: rds.Encryption{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - EncryptStorage: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - KMSKeyID: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + EncryptStorage: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + KMSKeyID: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), }, - PublicAccess: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - Engine: defsecTypes.StringUnresolvable(defsecTypes.NewUnmanagedMetadata()), - LatestRestorableTime: defsecTypes.TimeUnresolvable(defsecTypes.NewUnmanagedMetadata()), - DeletionProtection: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + PublicAccess: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + Engine: iacTypes.StringUnresolvable(iacTypes.NewUnmanagedMetadata()), + LatestRestorableTime: iacTypes.TimeUnresolvable(iacTypes.NewUnmanagedMetadata()), + DeletionProtection: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), } for _, orphan := range orphanResources { orphanage.Instances = append(orphanage.Instances, adaptClusterInstance(orphan, modules)) @@ -99,7 +99,7 @@ func adaptClusterInstance(resource *terraform.Block, modules terraform.Modules) if clusterIdAttr.IsResourceBlockReference("aws_rds_cluster") { if referenced, err := modules.GetReferencedBlock(clusterIdAttr, resource); err == nil { - clusterId = defsecTypes.String(referenced.FullName(), referenced.GetMetadata()) + clusterId = iacTypes.String(referenced.FullName(), referenced.GetMetadata()) } } @@ -117,7 +117,7 @@ func adaptClassicDBSecurityGroup(resource *terraform.Block) rds.DBSecurityGroup func adaptInstance(resource *terraform.Block, modules terraform.Modules) rds.Instance { - var ReadReplicaDBInstanceIdentifiers []defsecTypes.StringValue + var ReadReplicaDBInstanceIdentifiers []iacTypes.StringValue rrdiAttr := resource.GetAttribute("replicate_source_db") for _, rrdi := range rrdiAttr.AsStringValues() { ReadReplicaDBInstanceIdentifiers = append(ReadReplicaDBInstanceIdentifiers, rrdi) @@ -132,7 +132,7 @@ func adaptInstance(resource *terraform.Block, modules terraform.Modules) rds.Ins }) } - var EnabledCloudwatchLogsExports []defsecTypes.StringValue + var EnabledCloudwatchLogsExports []iacTypes.StringValue ecweAttr := resource.GetAttribute("enabled_cloudwatch_logs_exports") for _, ecwe := range ecweAttr.AsStringValues() { EnabledCloudwatchLogsExports = append(EnabledCloudwatchLogsExports, ecwe) @@ -148,7 +148,7 @@ func adaptInstance(resource *terraform.Block, modules terraform.Modules) rds.Ins return rds.Instance{ Metadata: resource.GetMetadata(), BackupRetentionPeriodDays: resource.GetAttribute("backup_retention_period").AsIntValueOrDefault(0, resource), - ReplicationSourceARN: defsecTypes.StringExplicit(replicaSourceValue, resource.GetMetadata()), + ReplicationSourceARN: iacTypes.StringExplicit(replicaSourceValue, resource.GetMetadata()), PerformanceInsights: adaptPerformanceInsights(resource), Encryption: adaptEncryption(resource), PublicAccess: resource.GetAttribute("publicly_accessible").AsBoolValueOrDefault(false, resource), @@ -162,7 +162,7 @@ func adaptInstance(resource *terraform.Block, modules terraform.Modules) rds.Ins AutoMinorVersionUpgrade: resource.GetAttribute("auto_minor_version_upgrade").AsBoolValueOrDefault(false, resource), MultiAZ: resource.GetAttribute("multi_az").AsBoolValueOrDefault(false, resource), PubliclyAccessible: resource.GetAttribute("publicly_accessible").AsBoolValueOrDefault(false, resource), - LatestRestorableTime: defsecTypes.TimeUnresolvable(resource.GetMetadata()), + LatestRestorableTime: iacTypes.TimeUnresolvable(resource.GetMetadata()), ReadReplicaDBInstanceIdentifiers: ReadReplicaDBInstanceIdentifiers, TagList: TagList, EnabledCloudwatchLogsExports: EnabledCloudwatchLogsExports, @@ -177,8 +177,8 @@ func adaptDBParameterGroups(resource *terraform.Block, modules terraform.Modules Parameters = append(Parameters, rds.Parameters{ Metadata: paramres.GetMetadata(), - ParameterName: defsecTypes.StringDefault("", paramres.GetMetadata()), - ParameterValue: defsecTypes.StringDefault("", paramres.GetMetadata()), + ParameterName: iacTypes.StringDefault("", paramres.GetMetadata()), + ParameterValue: iacTypes.StringDefault("", paramres.GetMetadata()), }) } @@ -221,9 +221,9 @@ func adaptCluster(resource *terraform.Block, modules terraform.Modules) (rds.Clu PerformanceInsights: adaptPerformanceInsights(resource), Instances: clusterInstances, Encryption: adaptEncryption(resource), - PublicAccess: defsecTypes.Bool(public, resource.GetMetadata()), + PublicAccess: iacTypes.Bool(public, resource.GetMetadata()), Engine: resource.GetAttribute("engine").AsStringValueOrDefault(rds.EngineAurora, resource), - LatestRestorableTime: defsecTypes.TimeUnresolvable(resource.GetMetadata()), + LatestRestorableTime: iacTypes.TimeUnresolvable(resource.GetMetadata()), AvailabilityZones: resource.GetAttribute("availability_zones").AsStringValueSliceOrEmpty(), DeletionProtection: resource.GetAttribute("deletion_protection").AsBoolValueOrDefault(false, resource), }, ids diff --git a/pkg/iac/adapters/terraform/aws/rds/adapt_test.go b/pkg/iac/adapters/terraform/aws/rds/adapt_test.go index dbe2a5a52527..3776e4c4ad48 100644 --- a/pkg/iac/adapters/terraform/aws/rds/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/rds/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/rds" "github.com/stretchr/testify/assert" @@ -58,76 +58,76 @@ func Test_Adapt(t *testing.T) { expected: rds.RDS{ Instances: []rds.Instance{ { - Metadata: defsecTypes.NewTestMetadata(), - BackupRetentionPeriodDays: defsecTypes.Int(5, defsecTypes.NewTestMetadata()), - ReplicationSourceARN: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + BackupRetentionPeriodDays: iacTypes.Int(5, iacTypes.NewTestMetadata()), + ReplicationSourceARN: iacTypes.String("", iacTypes.NewTestMetadata()), PerformanceInsights: rds.PerformanceInsights{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("performance_key_1", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("performance_key_1", iacTypes.NewTestMetadata()), }, Encryption: rds.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - EncryptStorage: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("kms_key_2", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EncryptStorage: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("kms_key_2", iacTypes.NewTestMetadata()), }, - PublicAccess: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - Engine: defsecTypes.String(rds.EngineAurora, defsecTypes.NewTestMetadata()), - StorageEncrypted: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + PublicAccess: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + Engine: iacTypes.String(rds.EngineAurora, iacTypes.NewTestMetadata()), + StorageEncrypted: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, Clusters: []rds.Cluster{ { - Metadata: defsecTypes.NewTestMetadata(), - BackupRetentionPeriodDays: defsecTypes.Int(7, defsecTypes.NewTestMetadata()), - ReplicationSourceARN: defsecTypes.String("arn-of-a-source-db-cluster", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + BackupRetentionPeriodDays: iacTypes.Int(7, iacTypes.NewTestMetadata()), + ReplicationSourceARN: iacTypes.String("arn-of-a-source-db-cluster", iacTypes.NewTestMetadata()), PerformanceInsights: rds.PerformanceInsights{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("", iacTypes.NewTestMetadata()), }, Encryption: rds.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - EncryptStorage: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("kms_key_1", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EncryptStorage: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("kms_key_1", iacTypes.NewTestMetadata()), }, Instances: []rds.ClusterInstance{ { Instance: rds.Instance{ - Metadata: defsecTypes.NewTestMetadata(), - BackupRetentionPeriodDays: defsecTypes.Int(0, defsecTypes.NewTestMetadata()), - ReplicationSourceARN: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + BackupRetentionPeriodDays: iacTypes.Int(0, iacTypes.NewTestMetadata()), + ReplicationSourceARN: iacTypes.String("", iacTypes.NewTestMetadata()), PerformanceInsights: rds.PerformanceInsights{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("performance_key_0", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("performance_key_0", iacTypes.NewTestMetadata()), }, Encryption: rds.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - EncryptStorage: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("kms_key_0", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EncryptStorage: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("kms_key_0", iacTypes.NewTestMetadata()), }, - PublicAccess: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - Engine: defsecTypes.String(rds.EngineAurora, defsecTypes.NewTestMetadata()), - StorageEncrypted: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + PublicAccess: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + Engine: iacTypes.String(rds.EngineAurora, iacTypes.NewTestMetadata()), + StorageEncrypted: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, - ClusterIdentifier: defsecTypes.String("aws_rds_cluster.example", defsecTypes.NewTestMetadata()), + ClusterIdentifier: iacTypes.String("aws_rds_cluster.example", iacTypes.NewTestMetadata()), }, }, - PublicAccess: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - Engine: defsecTypes.String(rds.EngineAuroraMysql, defsecTypes.NewTestMetadata()), - AvailabilityZones: defsecTypes.StringValueList{ - defsecTypes.String("us-west-2a", defsecTypes.NewTestMetadata()), - defsecTypes.String("us-west-2b", defsecTypes.NewTestMetadata()), - defsecTypes.String("us-west-2c", defsecTypes.NewTestMetadata()), + PublicAccess: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + Engine: iacTypes.String(rds.EngineAuroraMysql, iacTypes.NewTestMetadata()), + AvailabilityZones: iacTypes.StringValueList{ + iacTypes.String("us-west-2a", iacTypes.NewTestMetadata()), + iacTypes.String("us-west-2b", iacTypes.NewTestMetadata()), + iacTypes.String("us-west-2c", iacTypes.NewTestMetadata()), }, - DeletionProtection: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + DeletionProtection: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, Classic: rds.Classic{ DBSecurityGroups: []rds.DBSecurityGroup{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), }, }, }, @@ -157,23 +157,23 @@ func Test_adaptInstance(t *testing.T) { } `, expected: rds.Instance{ - Metadata: defsecTypes.NewTestMetadata(), - BackupRetentionPeriodDays: defsecTypes.Int(0, defsecTypes.NewTestMetadata()), - ReplicationSourceARN: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + BackupRetentionPeriodDays: iacTypes.Int(0, iacTypes.NewTestMetadata()), + ReplicationSourceARN: iacTypes.String("", iacTypes.NewTestMetadata()), PerformanceInsights: rds.PerformanceInsights{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("", iacTypes.NewTestMetadata()), }, Encryption: rds.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - EncryptStorage: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EncryptStorage: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("", iacTypes.NewTestMetadata()), }, - PublicAccess: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - Engine: defsecTypes.String(rds.EngineAurora, defsecTypes.NewTestMetadata()), - StorageEncrypted: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - IAMAuthEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + PublicAccess: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + Engine: iacTypes.String(rds.EngineAurora, iacTypes.NewTestMetadata()), + StorageEncrypted: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + IAMAuthEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, } @@ -200,21 +200,21 @@ func Test_adaptCluster(t *testing.T) { } `, expected: rds.Cluster{ - Metadata: defsecTypes.NewTestMetadata(), - BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.NewTestMetadata()), - ReplicationSourceARN: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + BackupRetentionPeriodDays: iacTypes.Int(1, iacTypes.NewTestMetadata()), + ReplicationSourceARN: iacTypes.String("", iacTypes.NewTestMetadata()), PerformanceInsights: rds.PerformanceInsights{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("", iacTypes.NewTestMetadata()), }, Encryption: rds.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - EncryptStorage: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EncryptStorage: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("", iacTypes.NewTestMetadata()), }, - PublicAccess: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - Engine: defsecTypes.String(rds.EngineAurora, defsecTypes.NewTestMetadata()), + PublicAccess: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + Engine: iacTypes.String(rds.EngineAurora, iacTypes.NewTestMetadata()), }, }, } diff --git a/pkg/iac/adapters/terraform/aws/redshift/adapt.go b/pkg/iac/adapters/terraform/aws/redshift/adapt.go index 33d124abad9b..37ede1a821ab 100644 --- a/pkg/iac/adapters/terraform/aws/redshift/adapt.go +++ b/pkg/iac/adapters/terraform/aws/redshift/adapt.go @@ -3,7 +3,7 @@ package redshift import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/redshift" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) redshift.Redshift { @@ -55,20 +55,20 @@ func adaptCluster(resource *terraform.Block, module *terraform.Module) redshift. MasterUsername: resource.GetAttribute("master_username").AsStringValueOrDefault("", resource), NumberOfNodes: resource.GetAttribute("number_of_nodes").AsIntValueOrDefault(1, resource), PubliclyAccessible: resource.GetAttribute("publicly_accessible").AsBoolValueOrDefault(true, resource), - LoggingEnabled: defsecTypes.Bool(false, resource.GetMetadata()), - AutomatedSnapshotRetentionPeriod: defsecTypes.Int(0, resource.GetMetadata()), + LoggingEnabled: iacTypes.Bool(false, resource.GetMetadata()), + AutomatedSnapshotRetentionPeriod: iacTypes.Int(0, resource.GetMetadata()), AllowVersionUpgrade: resource.GetAttribute("allow_version_upgrade").AsBoolValueOrDefault(true, resource), - VpcId: defsecTypes.String("", resource.GetMetadata()), + VpcId: iacTypes.String("", resource.GetMetadata()), Encryption: redshift.Encryption{ Metadata: resource.GetMetadata(), - Enabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), - KMSKeyID: defsecTypes.StringDefault("", resource.GetMetadata()), + Enabled: iacTypes.BoolDefault(false, resource.GetMetadata()), + KMSKeyID: iacTypes.StringDefault("", resource.GetMetadata()), }, EndPoint: redshift.EndPoint{ Metadata: resource.GetMetadata(), Port: resource.GetAttribute("port").AsIntValueOrDefault(5439, resource), }, - SubnetGroupName: defsecTypes.StringDefault("", resource.GetMetadata()), + SubnetGroupName: iacTypes.StringDefault("", resource.GetMetadata()), } encryptedAttr := resource.GetAttribute("encrypted") @@ -87,7 +87,7 @@ func adaptCluster(resource *terraform.Block, module *terraform.Module) redshift. cluster.Encryption.KMSKeyID = KMSKeyIDAttr.AsStringValueOrDefault("", resource) if KMSKeyIDAttr.IsResourceBlockReference("aws_kms_key") { if kmsKeyBlock, err := module.GetReferencedBlock(KMSKeyIDAttr, resource); err == nil { - cluster.Encryption.KMSKeyID = defsecTypes.String(kmsKeyBlock.FullName(), kmsKeyBlock.GetMetadata()) + cluster.Encryption.KMSKeyID = iacTypes.String(kmsKeyBlock.FullName(), kmsKeyBlock.GetMetadata()) } } diff --git a/pkg/iac/adapters/terraform/aws/redshift/adapt_test.go b/pkg/iac/adapters/terraform/aws/redshift/adapt_test.go index c3e966ac5c12..e52db1c2256b 100644 --- a/pkg/iac/adapters/terraform/aws/redshift/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/redshift/adapt_test.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/redshift" "github.com/stretchr/testify/assert" @@ -45,27 +45,27 @@ func Test_Adapt(t *testing.T) { expected: redshift.Redshift{ Clusters: []redshift.Cluster{ { - Metadata: defsecTypes.NewTestMetadata(), - ClusterIdentifier: defsecTypes.String("tf-redshift-cluster", defsecTypes.NewTestMetadata()), - PubliclyAccessible: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - NumberOfNodes: defsecTypes.Int(1, defsecTypes.NewTestMetadata()), - AllowVersionUpgrade: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ClusterIdentifier: iacTypes.String("tf-redshift-cluster", iacTypes.NewTestMetadata()), + PubliclyAccessible: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + NumberOfNodes: iacTypes.Int(1, iacTypes.NewTestMetadata()), + AllowVersionUpgrade: iacTypes.Bool(false, iacTypes.NewTestMetadata()), EndPoint: redshift.EndPoint{ - Metadata: defsecTypes.NewTestMetadata(), - Port: defsecTypes.Int(5440, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Port: iacTypes.Int(5440, iacTypes.NewTestMetadata()), }, Encryption: redshift.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("aws_kms_key.redshift", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("aws_kms_key.redshift", iacTypes.NewTestMetadata()), }, - SubnetGroupName: defsecTypes.String("redshift_subnet", defsecTypes.NewTestMetadata()), + SubnetGroupName: iacTypes.String("redshift_subnet", iacTypes.NewTestMetadata()), }, }, SecurityGroups: []redshift.SecurityGroup{ { - Metadata: defsecTypes.NewTestMetadata(), - Description: defsecTypes.String("some description", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Description: iacTypes.String("some description", iacTypes.NewTestMetadata()), }, }, }, @@ -103,21 +103,21 @@ func Test_adaptCluster(t *testing.T) { } `, expected: redshift.Cluster{ - Metadata: defsecTypes.NewTestMetadata(), - ClusterIdentifier: defsecTypes.String("tf-redshift-cluster", defsecTypes.NewTestMetadata()), - PubliclyAccessible: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - NumberOfNodes: defsecTypes.Int(1, defsecTypes.NewTestMetadata()), - AllowVersionUpgrade: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ClusterIdentifier: iacTypes.String("tf-redshift-cluster", iacTypes.NewTestMetadata()), + PubliclyAccessible: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + NumberOfNodes: iacTypes.Int(1, iacTypes.NewTestMetadata()), + AllowVersionUpgrade: iacTypes.Bool(false, iacTypes.NewTestMetadata()), EndPoint: redshift.EndPoint{ - Metadata: defsecTypes.NewTestMetadata(), - Port: defsecTypes.Int(5440, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Port: iacTypes.Int(5440, iacTypes.NewTestMetadata()), }, Encryption: redshift.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("key-id", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("key-id", iacTypes.NewTestMetadata()), }, - SubnetGroupName: defsecTypes.String("redshift_subnet", defsecTypes.NewTestMetadata()), + SubnetGroupName: iacTypes.String("redshift_subnet", iacTypes.NewTestMetadata()), }, }, { @@ -127,21 +127,21 @@ func Test_adaptCluster(t *testing.T) { } `, expected: redshift.Cluster{ - Metadata: defsecTypes.NewTestMetadata(), - ClusterIdentifier: defsecTypes.String("", defsecTypes.NewTestMetadata()), - PubliclyAccessible: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - NumberOfNodes: defsecTypes.Int(1, defsecTypes.NewTestMetadata()), - AllowVersionUpgrade: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ClusterIdentifier: iacTypes.String("", iacTypes.NewTestMetadata()), + PubliclyAccessible: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + NumberOfNodes: iacTypes.Int(1, iacTypes.NewTestMetadata()), + AllowVersionUpgrade: iacTypes.Bool(true, iacTypes.NewTestMetadata()), EndPoint: redshift.EndPoint{ - Metadata: defsecTypes.NewTestMetadata(), - Port: defsecTypes.Int(5439, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Port: iacTypes.Int(5439, iacTypes.NewTestMetadata()), }, Encryption: redshift.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("", iacTypes.NewTestMetadata()), }, - SubnetGroupName: defsecTypes.String("", defsecTypes.NewTestMetadata()), + SubnetGroupName: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, } @@ -168,8 +168,8 @@ resource "" "example" { } `, expected: redshift.SecurityGroup{ - Metadata: defsecTypes.NewTestMetadata(), - Description: defsecTypes.String("Managed by Terraform", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Description: iacTypes.String("Managed by Terraform", iacTypes.NewTestMetadata()), }, }, } diff --git a/pkg/iac/adapters/terraform/aws/s3/adapt_test.go b/pkg/iac/adapters/terraform/aws/s3/adapt_test.go index 3f92767bd855..1d347d3520fe 100644 --- a/pkg/iac/adapters/terraform/aws/s3/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/s3/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/s3" @@ -199,19 +199,19 @@ func Test_Adapt(t *testing.T) { expected: s3.S3{ Buckets: []s3.Bucket{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("bucket", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("bucket", iacTypes.NewTestMetadata()), PublicAccessBlock: &s3.PublicAccessBlock{ - Metadata: defsecTypes.NewTestMetadata(), - BlockPublicACLs: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - BlockPublicPolicy: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - IgnorePublicACLs: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - RestrictPublicBuckets: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + BlockPublicACLs: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + BlockPublicPolicy: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + IgnorePublicACLs: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + RestrictPublicBuckets: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, BucketPolicies: []iam.Policy{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("", iacTypes.NewTestMetadata()), Document: func() iam.Document { builder := iamgo.NewPolicyBuilder() @@ -225,31 +225,31 @@ func Test_Adapt(t *testing.T) { return iam.Document{ Parsed: builder.Build(), - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), IsOffset: true, HasRefs: false, } }(), - Builtin: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Builtin: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, Encryption: s3.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - Algorithm: defsecTypes.String("aws:kms", defsecTypes.NewTestMetadata()), - KMSKeyId: defsecTypes.String("string-key", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + Algorithm: iacTypes.String("aws:kms", iacTypes.NewTestMetadata()), + KMSKeyId: iacTypes.String("string-key", iacTypes.NewTestMetadata()), }, Versioning: s3.Versioning{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - MFADelete: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + MFADelete: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, Logging: s3.Logging{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - TargetBucket: defsecTypes.String("aws_s3_bucket.example", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + TargetBucket: iacTypes.String("aws_s3_bucket.example", iacTypes.NewTestMetadata()), }, - ACL: defsecTypes.String("private", defsecTypes.NewTestMetadata()), + ACL: iacTypes.String("private", iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/aws/s3/bucket.go b/pkg/iac/adapters/terraform/aws/s3/bucket.go index e89f8b567597..ae5b2ddb2f4d 100644 --- a/pkg/iac/adapters/terraform/aws/s3/bucket.go +++ b/pkg/iac/adapters/terraform/aws/s3/bucket.go @@ -3,7 +3,7 @@ package s3 import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/s3" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type adapter struct { @@ -53,9 +53,9 @@ func getEncryption(block *terraform.Block, a *adapter) s3.Encryption { } return s3.Encryption{ Metadata: block.GetMetadata(), - Enabled: defsecTypes.BoolDefault(false, block.GetMetadata()), - KMSKeyId: defsecTypes.StringDefault("", block.GetMetadata()), - Algorithm: defsecTypes.StringDefault("", block.GetMetadata()), + Enabled: iacTypes.BoolDefault(false, block.GetMetadata()), + KMSKeyId: iacTypes.StringDefault("", block.GetMetadata()), + Algorithm: iacTypes.StringDefault("", block.GetMetadata()), } } @@ -66,14 +66,14 @@ func newS3Encryption(root, sseConfgihuration *terraform.Block) s3.Encryption { Algorithm: terraform.MapNestedAttribute( sseConfgihuration, "rule.apply_server_side_encryption_by_default.sse_algorithm", - func(attr *terraform.Attribute, parent *terraform.Block) defsecTypes.StringValue { + func(attr *terraform.Attribute, parent *terraform.Block) iacTypes.StringValue { return attr.AsStringValueOrDefault("", parent) }, ), KMSKeyId: terraform.MapNestedAttribute( sseConfgihuration, "rule.apply_server_side_encryption_by_default.kms_master_key_id", - func(attr *terraform.Attribute, parent *terraform.Block) defsecTypes.StringValue { + func(attr *terraform.Attribute, parent *terraform.Block) iacTypes.StringValue { return attr.AsStringValueOrDefault("", parent) }, ), @@ -83,8 +83,8 @@ func newS3Encryption(root, sseConfgihuration *terraform.Block) s3.Encryption { func getVersioning(block *terraform.Block, a *adapter) s3.Versioning { versioning := s3.Versioning{ Metadata: block.GetMetadata(), - Enabled: defsecTypes.BoolDefault(false, block.GetMetadata()), - MFADelete: defsecTypes.BoolDefault(false, block.GetMetadata()), + Enabled: iacTypes.BoolDefault(false, block.GetMetadata()), + MFADelete: iacTypes.BoolDefault(false, block.GetMetadata()), } if lockBlock := block.GetBlock("object_lock_configuration"); lockBlock != nil { if enabled := isObjeckLockEnabled(lockBlock); enabled != nil { @@ -96,7 +96,7 @@ func getVersioning(block *terraform.Block, a *adapter) s3.Versioning { versioning.MFADelete = vBlock.GetAttribute("mfa_delete").AsBoolValueOrDefault(false, vBlock) } - if enabled, ok := applyForBucketRelatedResource(a, block, "aws_s3_bucket_object_lock_configuration", func(resource *terraform.Block) *defsecTypes.BoolValue { + if enabled, ok := applyForBucketRelatedResource(a, block, "aws_s3_bucket_object_lock_configuration", func(resource *terraform.Block) *iacTypes.BoolValue { if block.GetAttribute("object_lock_enabled").IsTrue() { return isObjeckLockEnabled(resource) } @@ -111,14 +111,14 @@ func getVersioning(block *terraform.Block, a *adapter) s3.Versioning { return versioning } -func isObjeckLockEnabled(resource *terraform.Block) *defsecTypes.BoolValue { - var val defsecTypes.BoolValue +func isObjeckLockEnabled(resource *terraform.Block) *iacTypes.BoolValue { + var val iacTypes.BoolValue attr := resource.GetAttribute("object_lock_enabled") switch { case attr.IsNil(): // enabled by default - val = defsecTypes.BoolDefault(true, resource.GetMetadata()) + val = iacTypes.BoolDefault(true, resource.GetMetadata()) case attr.Equals("Enabled"): - val = defsecTypes.Bool(true, attr.GetMetadata()) + val = iacTypes.Bool(true, attr.GetMetadata()) } return &val } @@ -127,15 +127,15 @@ func isObjeckLockEnabled(resource *terraform.Block) *defsecTypes.BoolValue { func getVersioningFromResource(block *terraform.Block) s3.Versioning { versioning := s3.Versioning{ Metadata: block.GetMetadata(), - Enabled: defsecTypes.BoolDefault(false, block.GetMetadata()), - MFADelete: defsecTypes.BoolDefault(false, block.GetMetadata()), + Enabled: iacTypes.BoolDefault(false, block.GetMetadata()), + MFADelete: iacTypes.BoolDefault(false, block.GetMetadata()), } if config := block.GetBlock("versioning_configuration"); config != nil { if status := config.GetAttribute("status"); status.IsNotNil() { - versioning.Enabled = defsecTypes.Bool(status.Equals("Enabled", terraform.IgnoreCase), status.GetMetadata()) + versioning.Enabled = iacTypes.Bool(status.Equals("Enabled", terraform.IgnoreCase), status.GetMetadata()) } if mfa := config.GetAttribute("mfa_delete"); mfa.IsNotNil() { - versioning.MFADelete = defsecTypes.Bool(mfa.Equals("Enabled", terraform.IgnoreCase), mfa.GetMetadata()) + versioning.MFADelete = iacTypes.Bool(mfa.Equals("Enabled", terraform.IgnoreCase), mfa.GetMetadata()) } } return versioning @@ -145,11 +145,11 @@ func getLogging(block *terraform.Block, a *adapter) s3.Logging { if loggingBlock := block.GetBlock("logging"); loggingBlock.IsNotNil() { targetBucket := loggingBlock.GetAttribute("target_bucket").AsStringValueOrDefault("", loggingBlock) if referencedBlock, err := a.modules.GetReferencedBlock(loggingBlock.GetAttribute("target_bucket"), loggingBlock); err == nil { - targetBucket = defsecTypes.String(referencedBlock.FullName(), loggingBlock.GetAttribute("target_bucket").GetMetadata()) + targetBucket = iacTypes.String(referencedBlock.FullName(), loggingBlock.GetAttribute("target_bucket").GetMetadata()) } return s3.Logging{ Metadata: loggingBlock.GetMetadata(), - Enabled: defsecTypes.Bool(true, loggingBlock.GetMetadata()), + Enabled: iacTypes.Bool(true, loggingBlock.GetMetadata()), TargetBucket: targetBucket, } } @@ -157,7 +157,7 @@ func getLogging(block *terraform.Block, a *adapter) s3.Logging { if val, ok := applyForBucketRelatedResource(a, block, "aws_s3_bucket_logging", func(resource *terraform.Block) s3.Logging { targetBucket := resource.GetAttribute("target-bucket").AsStringValueOrDefault("", resource) if referencedBlock, err := a.modules.GetReferencedBlock(resource.GetAttribute("target_bucket"), resource); err == nil { - targetBucket = defsecTypes.String(referencedBlock.FullName(), resource.GetAttribute("target_bucket").GetMetadata()) + targetBucket = iacTypes.String(referencedBlock.FullName(), resource.GetAttribute("target_bucket").GetMetadata()) } return s3.Logging{ Metadata: resource.GetMetadata(), @@ -170,34 +170,34 @@ func getLogging(block *terraform.Block, a *adapter) s3.Logging { return s3.Logging{ Metadata: block.GetMetadata(), - Enabled: defsecTypes.Bool(false, block.GetMetadata()), - TargetBucket: defsecTypes.StringDefault("", block.GetMetadata()), + Enabled: iacTypes.Bool(false, block.GetMetadata()), + TargetBucket: iacTypes.StringDefault("", block.GetMetadata()), } } -func getBucketAcl(block *terraform.Block, a *adapter) defsecTypes.StringValue { +func getBucketAcl(block *terraform.Block, a *adapter) iacTypes.StringValue { aclAttr := block.GetAttribute("acl") if aclAttr.IsString() { return aclAttr.AsStringValueOrDefault("private", block) } - if val, ok := applyForBucketRelatedResource(a, block, "aws_s3_bucket_acl", func(resource *terraform.Block) defsecTypes.StringValue { + if val, ok := applyForBucketRelatedResource(a, block, "aws_s3_bucket_acl", func(resource *terraform.Block) iacTypes.StringValue { return resource.GetAttribute("acl").AsStringValueOrDefault("private", resource) }); ok { return val } - return defsecTypes.StringDefault("private", block.GetMetadata()) + return iacTypes.StringDefault("private", block.GetMetadata()) } -func isEncrypted(sseConfgihuration *terraform.Block) defsecTypes.BoolValue { +func isEncrypted(sseConfgihuration *terraform.Block) iacTypes.BoolValue { return terraform.MapNestedAttribute( sseConfgihuration, "rule.apply_server_side_encryption_by_default.sse_algorithm", - func(attr *terraform.Attribute, parent *terraform.Block) defsecTypes.BoolValue { + func(attr *terraform.Attribute, parent *terraform.Block) iacTypes.BoolValue { if attr.IsNil() { - return defsecTypes.BoolDefault(false, parent.GetMetadata()) + return iacTypes.BoolDefault(false, parent.GetMetadata()) } - return defsecTypes.Bool( + return iacTypes.Bool( true, attr.GetMetadata(), ) @@ -205,17 +205,17 @@ func isEncrypted(sseConfgihuration *terraform.Block) defsecTypes.BoolValue { ) } -func hasLogging(b *terraform.Block) defsecTypes.BoolValue { +func hasLogging(b *terraform.Block) iacTypes.BoolValue { if loggingBlock := b.GetBlock("logging"); loggingBlock.IsNotNil() { if targetAttr := loggingBlock.GetAttribute("target_bucket"); targetAttr.IsNotNil() && targetAttr.IsNotEmpty() { - return defsecTypes.Bool(true, targetAttr.GetMetadata()) + return iacTypes.Bool(true, targetAttr.GetMetadata()) } - return defsecTypes.BoolDefault(false, loggingBlock.GetMetadata()) + return iacTypes.BoolDefault(false, loggingBlock.GetMetadata()) } if targetBucket := b.GetAttribute("target_bucket"); targetBucket.IsNotNil() { - return defsecTypes.Bool(true, targetBucket.GetMetadata()) + return iacTypes.Bool(true, targetBucket.GetMetadata()) } - return defsecTypes.BoolDefault(false, b.GetMetadata()) + return iacTypes.BoolDefault(false, b.GetMetadata()) } func getLifecycle(b *terraform.Block, a *adapter) []s3.Rules { @@ -252,8 +252,8 @@ func getObject(b *terraform.Block, a *adapter) []s3.Contents { return object } -func getAccelerateStatus(b *terraform.Block, a *adapter) defsecTypes.StringValue { - var status defsecTypes.StringValue +func getAccelerateStatus(b *terraform.Block, a *adapter) iacTypes.StringValue { + var status iacTypes.StringValue for _, r := range a.modules.GetReferencingResources(b, " aws_s3_bucket_accelerate_configuration", "bucket") { status = r.GetAttribute("status").AsStringValueOrDefault("Enabled", r) } diff --git a/pkg/iac/adapters/terraform/aws/s3/policies.go b/pkg/iac/adapters/terraform/aws/s3/policies.go index 42385cabd5ae..3c8804957d0c 100644 --- a/pkg/iac/adapters/terraform/aws/s3/policies.go +++ b/pkg/iac/adapters/terraform/aws/s3/policies.go @@ -3,7 +3,7 @@ package s3 import ( iamAdapter "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/aws/iam" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func (a *adapter) adaptBucketPolicies() { @@ -21,9 +21,9 @@ func (a *adapter) adaptBucketPolicies() { policy := iam.Policy{ Metadata: policyAttr.GetMetadata(), - Name: defsecTypes.StringDefault("", b.GetMetadata()), + Name: iacTypes.StringDefault("", b.GetMetadata()), Document: *doc, - Builtin: defsecTypes.Bool(false, b.GetMetadata()), + Builtin: iacTypes.Bool(false, b.GetMetadata()), } var bucketName string diff --git a/pkg/iac/adapters/terraform/aws/sns/adapt_test.go b/pkg/iac/adapters/terraform/aws/sns/adapt_test.go index b541dfb2452c..caae71b2dc17 100644 --- a/pkg/iac/adapters/terraform/aws/sns/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/sns/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sns" @@ -27,11 +27,11 @@ func Test_adaptTopic(t *testing.T) { } `, expected: sns.Topic{ - Metadata: defsecTypes.NewTestMetadata(), - ARN: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ARN: iacTypes.String("", iacTypes.NewTestMetadata()), Encryption: sns.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - KMSKeyID: defsecTypes.String("/blah", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + KMSKeyID: iacTypes.String("/blah", iacTypes.NewTestMetadata()), }, }, }, @@ -42,11 +42,11 @@ func Test_adaptTopic(t *testing.T) { } `, expected: sns.Topic{ - Metadata: defsecTypes.NewTestMetadata(), - ARN: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ARN: iacTypes.String("", iacTypes.NewTestMetadata()), Encryption: sns.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - KMSKeyID: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + KMSKeyID: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/aws/sqs/adapt.go b/pkg/iac/adapters/terraform/aws/sqs/adapt.go index 251c8ec4db00..432bda06eda2 100644 --- a/pkg/iac/adapters/terraform/aws/sqs/adapt.go +++ b/pkg/iac/adapters/terraform/aws/sqs/adapt.go @@ -8,7 +8,7 @@ import ( iamp "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sqs" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) sqs.SQS { @@ -34,11 +34,11 @@ func (a *adapter) adaptQueues() []sqs.Queue { policy := iamp.Policy{ Metadata: policyBlock.GetMetadata(), - Name: defsecTypes.StringDefault("", policyBlock.GetMetadata()), + Name: iacTypes.StringDefault("", policyBlock.GetMetadata()), Document: iamp.Document{ Metadata: policyBlock.GetMetadata(), }, - Builtin: defsecTypes.Bool(false, policyBlock.GetMetadata()), + Builtin: iacTypes.Bool(false, policyBlock.GetMetadata()), } if attr := policyBlock.GetAttribute("policy"); attr.IsString() { dataBlock, err := a.modules.GetBlockById(attr.Value().AsString()) @@ -76,12 +76,12 @@ func (a *adapter) adaptQueues() []sqs.Queue { } a.queues[uuid.NewString()] = sqs.Queue{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - QueueURL: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + QueueURL: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), Encryption: sqs.Encryption{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - ManagedEncryption: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - KMSKeyID: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + ManagedEncryption: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + KMSKeyID: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), }, Policies: []iamp.Policy{policy}, } @@ -107,11 +107,11 @@ func (a *adapter) adaptQueue(resource *terraform.Block) { if err != nil { policy := iamp.Policy{ Metadata: attr.GetMetadata(), - Name: defsecTypes.StringDefault("", attr.GetMetadata()), + Name: iacTypes.StringDefault("", attr.GetMetadata()), Document: iamp.Document{ Metadata: attr.GetMetadata(), }, - Builtin: defsecTypes.Bool(false, attr.GetMetadata()), + Builtin: iacTypes.Bool(false, attr.GetMetadata()), } parsed, err := iamgo.ParseString(attr.Value().AsString()) if err == nil { @@ -124,14 +124,14 @@ func (a *adapter) adaptQueue(resource *terraform.Block) { if doc, err := iam.ConvertTerraformDocument(a.modules, dataBlock); err == nil { policy := iamp.Policy{ Metadata: attr.GetMetadata(), - Name: defsecTypes.StringDefault("", attr.GetMetadata()), + Name: iacTypes.StringDefault("", attr.GetMetadata()), Document: iamp.Document{ Metadata: doc.Source.GetMetadata(), Parsed: doc.Document, IsOffset: true, HasRefs: false, }, - Builtin: defsecTypes.Bool(false, attr.GetMetadata()), + Builtin: iacTypes.Bool(false, attr.GetMetadata()), } policies = append(policies, policy) } @@ -142,12 +142,12 @@ func (a *adapter) adaptQueue(resource *terraform.Block) { if doc, err := iam.ConvertTerraformDocument(a.modules, refBlock); err == nil { policy := iamp.Policy{ Metadata: doc.Source.GetMetadata(), - Name: defsecTypes.StringDefault("", doc.Source.GetMetadata()), + Name: iacTypes.StringDefault("", doc.Source.GetMetadata()), Document: iamp.Document{ Metadata: doc.Source.GetMetadata(), Parsed: doc.Document, }, - Builtin: defsecTypes.Bool(false, refBlock.GetMetadata()), + Builtin: iacTypes.Bool(false, refBlock.GetMetadata()), } policies = append(policies, policy) } @@ -156,7 +156,7 @@ func (a *adapter) adaptQueue(resource *terraform.Block) { a.queues[resource.ID()] = sqs.Queue{ Metadata: resource.GetMetadata(), - QueueURL: defsecTypes.StringDefault("", resource.GetMetadata()), + QueueURL: iacTypes.StringDefault("", resource.GetMetadata()), Encryption: sqs.Encryption{ Metadata: resource.GetMetadata(), ManagedEncryption: managedEncryption.AsBoolValueOrDefault(false, resource), diff --git a/pkg/iac/adapters/terraform/aws/sqs/adapt_test.go b/pkg/iac/adapters/terraform/aws/sqs/adapt_test.go index 84042f890159..dc95257d258e 100644 --- a/pkg/iac/adapters/terraform/aws/sqs/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/sqs/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sqs" @@ -40,12 +40,12 @@ func Test_Adapt(t *testing.T) { expected: sqs.SQS{ Queues: []sqs.Queue{ { - Metadata: defsecTypes.NewTestMetadata(), - QueueURL: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + QueueURL: iacTypes.String("", iacTypes.NewTestMetadata()), Encryption: sqs.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - ManagedEncryption: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ManagedEncryption: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("", iacTypes.NewTestMetadata()), }, Policies: func() []iam.Policy { sb := iamgo.NewStatementBuilder() @@ -59,13 +59,13 @@ func Test_Adapt(t *testing.T) { return []iam.Policy{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.StringDefault("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.StringDefault("", iacTypes.NewTestMetadata()), Document: iam.Document{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Parsed: builder.Build(), }, - Builtin: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Builtin: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, } }(), @@ -82,12 +82,12 @@ func Test_Adapt(t *testing.T) { expected: sqs.SQS{ Queues: []sqs.Queue{ { - Metadata: defsecTypes.NewTestMetadata(), - QueueURL: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + QueueURL: iacTypes.String("", iacTypes.NewTestMetadata()), Encryption: sqs.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - ManagedEncryption: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - KMSKeyID: defsecTypes.String("/blah", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ManagedEncryption: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + KMSKeyID: iacTypes.String("/blah", iacTypes.NewTestMetadata()), }, Policies: nil, }, diff --git a/pkg/iac/adapters/terraform/aws/ssm/adapt_test.go b/pkg/iac/adapters/terraform/aws/ssm/adapt_test.go index a5437c6a2e12..67afec8a3941 100644 --- a/pkg/iac/adapters/terraform/aws/ssm/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/ssm/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ssm" @@ -34,8 +34,8 @@ func Test_Adapt(t *testing.T) { expected: ssm.SSM{ Secrets: []ssm.Secret{ { - Metadata: defsecTypes.NewTestMetadata(), - KMSKeyID: defsecTypes.String("aws_kms_key.secrets", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + KMSKeyID: iacTypes.String("aws_kms_key.secrets", iacTypes.NewTestMetadata()), }, }, }, @@ -51,8 +51,8 @@ func Test_Adapt(t *testing.T) { expected: ssm.SSM{ Secrets: []ssm.Secret{ { - Metadata: defsecTypes.NewTestMetadata(), - KMSKeyID: defsecTypes.String("key_id", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + KMSKeyID: iacTypes.String("key_id", iacTypes.NewTestMetadata()), }, }, }, @@ -66,8 +66,8 @@ func Test_Adapt(t *testing.T) { expected: ssm.SSM{ Secrets: []ssm.Secret{ { - Metadata: defsecTypes.NewTestMetadata(), - KMSKeyID: defsecTypes.String("alias/aws/secretsmanager", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + KMSKeyID: iacTypes.String("alias/aws/secretsmanager", iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/aws/workspaces/adapt_test.go b/pkg/iac/adapters/terraform/aws/workspaces/adapt_test.go index a8a31d692c2e..457960128947 100644 --- a/pkg/iac/adapters/terraform/aws/workspaces/adapt_test.go +++ b/pkg/iac/adapters/terraform/aws/workspaces/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/workspaces" @@ -28,19 +28,19 @@ func Test_adaptWorkspace(t *testing.T) { } `, expected: workspaces.WorkSpace{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), RootVolume: workspaces.Volume{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Encryption: workspaces.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, UserVolume: workspaces.Volume{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Encryption: workspaces.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, }, @@ -52,19 +52,19 @@ func Test_adaptWorkspace(t *testing.T) { } `, expected: workspaces.WorkSpace{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), RootVolume: workspaces.Volume{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Encryption: workspaces.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, UserVolume: workspaces.Volume{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Encryption: workspaces.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/azure/appservice/adapt.go b/pkg/iac/adapters/terraform/azure/appservice/adapt.go index d8bd59b81a70..3ff7223cb29f 100644 --- a/pkg/iac/adapters/terraform/azure/appservice/adapt.go +++ b/pkg/iac/adapters/terraform/azure/appservice/adapt.go @@ -3,7 +3,7 @@ package appservice import ( "github.com/aquasecurity/trivy/pkg/iac/providers/azure/appservice" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) appservice.AppService { @@ -40,22 +40,22 @@ func adaptService(resource *terraform.Block) appservice.Service { enableClientCertVal := enableClientCertAttr.AsBoolValueOrDefault(false, resource) identityBlock := resource.GetBlock("identity") - typeVal := defsecTypes.String("", resource.GetMetadata()) + typeVal := iacTypes.String("", resource.GetMetadata()) if identityBlock.IsNotNil() { typeAttr := identityBlock.GetAttribute("type") typeVal = typeAttr.AsStringValueOrDefault("", identityBlock) } authBlock := resource.GetBlock("auth_settings") - enabledVal := defsecTypes.Bool(false, resource.GetMetadata()) + enabledVal := iacTypes.Bool(false, resource.GetMetadata()) if authBlock.IsNotNil() { enabledAttr := authBlock.GetAttribute("enabled") enabledVal = enabledAttr.AsBoolValueOrDefault(false, authBlock) } siteBlock := resource.GetBlock("site_config") - enableHTTP2Val := defsecTypes.Bool(false, resource.GetMetadata()) - minTLSVersionVal := defsecTypes.String("1.2", resource.GetMetadata()) + enableHTTP2Val := iacTypes.Bool(false, resource.GetMetadata()) + minTLSVersionVal := iacTypes.String("1.2", resource.GetMetadata()) if siteBlock.IsNotNil() { enableHTTP2Attr := siteBlock.GetAttribute("http2_enabled") enableHTTP2Val = enableHTTP2Attr.AsBoolValueOrDefault(false, siteBlock) @@ -67,15 +67,15 @@ func adaptService(resource *terraform.Block) appservice.Service { return appservice.Service{ Metadata: resource.GetMetadata(), EnableClientCert: enableClientCertVal, - Identity: struct{ Type defsecTypes.StringValue }{ + Identity: struct{ Type iacTypes.StringValue }{ Type: typeVal, }, - Authentication: struct{ Enabled defsecTypes.BoolValue }{ + Authentication: struct{ Enabled iacTypes.BoolValue }{ Enabled: enabledVal, }, Site: struct { - EnableHTTP2 defsecTypes.BoolValue - MinimumTLSVersion defsecTypes.StringValue + EnableHTTP2 iacTypes.BoolValue + MinimumTLSVersion iacTypes.StringValue }{ EnableHTTP2: enableHTTP2Val, MinimumTLSVersion: minTLSVersionVal, diff --git a/pkg/iac/adapters/terraform/azure/appservice/adapt_test.go b/pkg/iac/adapters/terraform/azure/appservice/adapt_test.go index b04bfc95f73a..94b6b7f13b77 100644 --- a/pkg/iac/adapters/terraform/azure/appservice/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/appservice/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/azure/appservice" @@ -41,20 +41,20 @@ func Test_adaptService(t *testing.T) { } `, expected: appservice.Service{ - Metadata: defsecTypes.NewTestMetadata(), - EnableClientCert: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - Identity: struct{ Type defsecTypes.StringValue }{ - Type: defsecTypes.String("UserAssigned", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnableClientCert: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + Identity: struct{ Type iacTypes.StringValue }{ + Type: iacTypes.String("UserAssigned", iacTypes.NewTestMetadata()), }, - Authentication: struct{ Enabled defsecTypes.BoolValue }{ - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Authentication: struct{ Enabled iacTypes.BoolValue }{ + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, Site: struct { - EnableHTTP2 defsecTypes.BoolValue - MinimumTLSVersion defsecTypes.StringValue + EnableHTTP2 iacTypes.BoolValue + MinimumTLSVersion iacTypes.StringValue }{ - EnableHTTP2: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - MinimumTLSVersion: defsecTypes.String("1.0", defsecTypes.NewTestMetadata()), + EnableHTTP2: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + MinimumTLSVersion: iacTypes.String("1.0", iacTypes.NewTestMetadata()), }, }, }, @@ -65,20 +65,20 @@ func Test_adaptService(t *testing.T) { } `, expected: appservice.Service{ - Metadata: defsecTypes.NewTestMetadata(), - EnableClientCert: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - Identity: struct{ Type defsecTypes.StringValue }{ - Type: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnableClientCert: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + Identity: struct{ Type iacTypes.StringValue }{ + Type: iacTypes.String("", iacTypes.NewTestMetadata()), }, - Authentication: struct{ Enabled defsecTypes.BoolValue }{ - Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Authentication: struct{ Enabled iacTypes.BoolValue }{ + Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, Site: struct { - EnableHTTP2 defsecTypes.BoolValue - MinimumTLSVersion defsecTypes.StringValue + EnableHTTP2 iacTypes.BoolValue + MinimumTLSVersion iacTypes.StringValue }{ - EnableHTTP2: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - MinimumTLSVersion: defsecTypes.String("1.2", defsecTypes.NewTestMetadata()), + EnableHTTP2: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + MinimumTLSVersion: iacTypes.String("1.2", iacTypes.NewTestMetadata()), }, }, }, @@ -108,8 +108,8 @@ func Test_adaptFunctionApp(t *testing.T) { } `, expected: appservice.FunctionApp{ - Metadata: defsecTypes.NewTestMetadata(), - HTTPSOnly: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + HTTPSOnly: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, { @@ -119,8 +119,8 @@ func Test_adaptFunctionApp(t *testing.T) { } `, expected: appservice.FunctionApp{ - Metadata: defsecTypes.NewTestMetadata(), - HTTPSOnly: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + HTTPSOnly: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, } diff --git a/pkg/iac/adapters/terraform/azure/authorization/adapt_test.go b/pkg/iac/adapters/terraform/azure/authorization/adapt_test.go index 926159374a86..f1e211ec4f5f 100644 --- a/pkg/iac/adapters/terraform/azure/authorization/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/authorization/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/azure/authorization" @@ -36,17 +36,17 @@ func Test_adaptRoleDefinition(t *testing.T) { } `, expected: authorization.RoleDefinition{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Permissions: []authorization.Permission{ { - Metadata: defsecTypes.NewTestMetadata(), - Actions: []defsecTypes.StringValue{ - defsecTypes.String("*", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Actions: []iacTypes.StringValue{ + iacTypes.String("*", iacTypes.NewTestMetadata()), }, }, }, - AssignableScopes: []defsecTypes.StringValue{ - defsecTypes.StringUnresolvable(defsecTypes.NewTestMetadata()), + AssignableScopes: []iacTypes.StringValue{ + iacTypes.StringUnresolvable(iacTypes.NewTestMetadata()), }, }, }, @@ -67,14 +67,14 @@ func Test_adaptRoleDefinition(t *testing.T) { } `, expected: authorization.RoleDefinition{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Permissions: []authorization.Permission{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), }, }, - AssignableScopes: []defsecTypes.StringValue{ - defsecTypes.String("/", defsecTypes.NewTestMetadata()), + AssignableScopes: []iacTypes.StringValue{ + iacTypes.String("/", iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/azure/compute/adapt.go b/pkg/iac/adapters/terraform/azure/compute/adapt.go index 2fc39665d5ea..1d6f1b8a5add 100644 --- a/pkg/iac/adapters/terraform/azure/compute/adapt.go +++ b/pkg/iac/adapters/terraform/azure/compute/adapt.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/azure/compute" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) const AzureVirtualMachine = "azurerm_virtual_machine" @@ -54,7 +54,7 @@ func adaptManagedDisk(resource *terraform.Block) compute.ManagedDisk { Encryption: compute.Encryption{ Metadata: resource.GetMetadata(), // encryption is enabled by default - https://github.com/hashicorp/terraform-provider-azurerm/blob/baf55926fe813011003ee4fb0e8e6134fcfcca87/internal/services/compute/managed_disk_resource.go#L288 - Enabled: defsecTypes.BoolDefault(true, resource.GetMetadata()), + Enabled: iacTypes.BoolDefault(true, resource.GetMetadata()), }, } @@ -77,13 +77,13 @@ func adaptLinuxVM(resource *terraform.Block) compute.LinuxVirtualMachine { } } customDataAttr := workingBlock.GetAttribute("custom_data") - customDataVal := defsecTypes.StringDefault("", workingBlock.GetMetadata()) + customDataVal := iacTypes.StringDefault("", workingBlock.GetMetadata()) if customDataAttr.IsResolvable() && customDataAttr.IsString() { encoded, err := base64.StdEncoding.DecodeString(customDataAttr.Value().AsString()) if err != nil { encoded = []byte(customDataAttr.Value().AsString()) } - customDataVal = defsecTypes.String(string(encoded), customDataAttr.GetMetadata()) + customDataVal = iacTypes.String(string(encoded), customDataAttr.GetMetadata()) } if resource.TypeLabel() == AzureVirtualMachine { @@ -115,14 +115,14 @@ func adaptWindowsVM(resource *terraform.Block) compute.WindowsVirtualMachine { } customDataAttr := workingBlock.GetAttribute("custom_data") - customDataVal := defsecTypes.StringDefault("", workingBlock.GetMetadata()) + customDataVal := iacTypes.StringDefault("", workingBlock.GetMetadata()) if customDataAttr.IsResolvable() && customDataAttr.IsString() { encoded, err := base64.StdEncoding.DecodeString(customDataAttr.Value().AsString()) if err != nil { encoded = []byte(customDataAttr.Value().AsString()) } - customDataVal = defsecTypes.String(string(encoded), customDataAttr.GetMetadata()) + customDataVal = iacTypes.String(string(encoded), customDataAttr.GetMetadata()) } return compute.WindowsVirtualMachine{ diff --git a/pkg/iac/adapters/terraform/azure/compute/adapt_test.go b/pkg/iac/adapters/terraform/azure/compute/adapt_test.go index 358e8862aad6..141b81ffecd6 100644 --- a/pkg/iac/adapters/terraform/azure/compute/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/compute/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/azure/compute" @@ -28,10 +28,10 @@ resource "azurerm_managed_disk" "example" { } }`, expected: compute.ManagedDisk{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Encryption: compute.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, @@ -41,10 +41,10 @@ resource "azurerm_managed_disk" "example" { resource "azurerm_managed_disk" "example" { }`, expected: compute.ManagedDisk{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Encryption: compute.Encryption{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, }, @@ -85,14 +85,14 @@ resource "azurerm_virtual_machine" "example" { } `, expected: compute.LinuxVirtualMachine{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), VirtualMachine: compute.VirtualMachine{ - Metadata: defsecTypes.NewTestMetadata(), - CustomData: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + CustomData: iacTypes.String("", iacTypes.NewTestMetadata()), }, OSProfileLinuxConfig: compute.OSProfileLinuxConfig{ - Metadata: defsecTypes.NewTestMetadata(), - DisablePasswordAuthentication: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + DisablePasswordAuthentication: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, }, @@ -111,16 +111,16 @@ export DATABASE_PASSWORD=\"SomeSortOfPassword\" } }`, expected: compute.LinuxVirtualMachine{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), VirtualMachine: compute.VirtualMachine{ - Metadata: defsecTypes.NewTestMetadata(), - CustomData: defsecTypes.String( + Metadata: iacTypes.NewTestMetadata(), + CustomData: iacTypes.String( `export DATABASE_PASSWORD=\"SomeSortOfPassword\" -`, defsecTypes.NewTestMetadata()), +`, iacTypes.NewTestMetadata()), }, OSProfileLinuxConfig: compute.OSProfileLinuxConfig{ - Metadata: defsecTypes.NewTestMetadata(), - DisablePasswordAuthentication: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + DisablePasswordAuthentication: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, @@ -155,11 +155,11 @@ export DATABASE_PASSWORD=\"SomeSortOfPassword\" } }`, expected: compute.WindowsVirtualMachine{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), VirtualMachine: compute.VirtualMachine{ - Metadata: defsecTypes.NewTestMetadata(), - CustomData: defsecTypes.String(`export DATABASE_PASSWORD=\"SomeSortOfPassword\" -`, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + CustomData: iacTypes.String(`export DATABASE_PASSWORD=\"SomeSortOfPassword\" +`, iacTypes.NewTestMetadata()), }, }, }, @@ -173,11 +173,11 @@ export GREETING="Hello there" EOF }`, expected: compute.WindowsVirtualMachine{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), VirtualMachine: compute.VirtualMachine{ - Metadata: defsecTypes.NewTestMetadata(), - CustomData: defsecTypes.String(`export GREETING="Hello there" -`, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + CustomData: iacTypes.String(`export GREETING="Hello there" +`, iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/azure/container/adapt.go b/pkg/iac/adapters/terraform/azure/container/adapt.go index 53d82a347b86..2a14c7a1759a 100644 --- a/pkg/iac/adapters/terraform/azure/container/adapt.go +++ b/pkg/iac/adapters/terraform/azure/container/adapt.go @@ -3,7 +3,7 @@ package container import ( "github.com/aquasecurity/trivy/pkg/iac/providers/azure/container" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) container.Container { @@ -29,19 +29,19 @@ func adaptCluster(resource *terraform.Block) container.KubernetesCluster { Metadata: resource.GetMetadata(), NetworkProfile: container.NetworkProfile{ Metadata: resource.GetMetadata(), - NetworkPolicy: defsecTypes.StringDefault("", resource.GetMetadata()), + NetworkPolicy: iacTypes.StringDefault("", resource.GetMetadata()), }, - EnablePrivateCluster: defsecTypes.BoolDefault(false, resource.GetMetadata()), + EnablePrivateCluster: iacTypes.BoolDefault(false, resource.GetMetadata()), APIServerAuthorizedIPRanges: nil, RoleBasedAccessControl: container.RoleBasedAccessControl{ Metadata: resource.GetMetadata(), - Enabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), + Enabled: iacTypes.BoolDefault(false, resource.GetMetadata()), }, AddonProfile: container.AddonProfile{ Metadata: resource.GetMetadata(), OMSAgent: container.OMSAgent{ Metadata: resource.GetMetadata(), - Enabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), + Enabled: iacTypes.BoolDefault(false, resource.GetMetadata()), }, }, } @@ -75,7 +75,7 @@ func adaptCluster(resource *terraform.Block) container.KubernetesCluster { // >= azurerm 2.97.0 if omsAgentBlock := resource.GetBlock("oms_agent"); omsAgentBlock.IsNotNil() { cluster.AddonProfile.OMSAgent.Metadata = omsAgentBlock.GetMetadata() - cluster.AddonProfile.OMSAgent.Enabled = defsecTypes.Bool(true, omsAgentBlock.GetMetadata()) + cluster.AddonProfile.OMSAgent.Enabled = iacTypes.Bool(true, omsAgentBlock.GetMetadata()) } // azurerm < 2.99.0 diff --git a/pkg/iac/adapters/terraform/azure/container/adapt_test.go b/pkg/iac/adapters/terraform/azure/container/adapt_test.go index 9b4e647c3353..13d8c712a621 100644 --- a/pkg/iac/adapters/terraform/azure/container/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/container/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/azure/container" @@ -49,25 +49,25 @@ func Test_adaptCluster(t *testing.T) { } `, expected: container.KubernetesCluster{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), NetworkProfile: container.NetworkProfile{ - Metadata: defsecTypes.NewTestMetadata(), - NetworkPolicy: defsecTypes.String("calico", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + NetworkPolicy: iacTypes.String("calico", iacTypes.NewTestMetadata()), }, - EnablePrivateCluster: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - APIServerAuthorizedIPRanges: []defsecTypes.StringValue{ - defsecTypes.String("1.2.3.4/32", defsecTypes.NewTestMetadata()), + EnablePrivateCluster: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + APIServerAuthorizedIPRanges: []iacTypes.StringValue{ + iacTypes.String("1.2.3.4/32", iacTypes.NewTestMetadata()), }, AddonProfile: container.AddonProfile{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), OMSAgent: container.OMSAgent{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, RoleBasedAccessControl: container.RoleBasedAccessControl{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, }, @@ -79,22 +79,22 @@ func Test_adaptCluster(t *testing.T) { } `, expected: container.KubernetesCluster{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), NetworkProfile: container.NetworkProfile{ - Metadata: defsecTypes.NewTestMetadata(), - NetworkPolicy: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + NetworkPolicy: iacTypes.String("", iacTypes.NewTestMetadata()), }, - EnablePrivateCluster: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + EnablePrivateCluster: iacTypes.Bool(false, iacTypes.NewTestMetadata()), AddonProfile: container.AddonProfile{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), OMSAgent: container.OMSAgent{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, RoleBasedAccessControl: container.RoleBasedAccessControl{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, }, @@ -105,22 +105,22 @@ func Test_adaptCluster(t *testing.T) { } `, expected: container.KubernetesCluster{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), NetworkProfile: container.NetworkProfile{ - Metadata: defsecTypes.NewTestMetadata(), - NetworkPolicy: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + NetworkPolicy: iacTypes.String("", iacTypes.NewTestMetadata()), }, - EnablePrivateCluster: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + EnablePrivateCluster: iacTypes.Bool(false, iacTypes.NewTestMetadata()), AddonProfile: container.AddonProfile{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), OMSAgent: container.OMSAgent{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, RoleBasedAccessControl: container.RoleBasedAccessControl{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, @@ -136,22 +136,22 @@ resource "azurerm_kubernetes_cluster" "misreporting_example" { } `, expected: container.KubernetesCluster{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), NetworkProfile: container.NetworkProfile{ - Metadata: defsecTypes.NewTestMetadata(), - NetworkPolicy: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + NetworkPolicy: iacTypes.String("", iacTypes.NewTestMetadata()), }, - EnablePrivateCluster: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + EnablePrivateCluster: iacTypes.Bool(false, iacTypes.NewTestMetadata()), AddonProfile: container.AddonProfile{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), OMSAgent: container.OMSAgent{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, RoleBasedAccessControl: container.RoleBasedAccessControl{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/azure/database/adapt.go b/pkg/iac/adapters/terraform/azure/database/adapt.go index 024e59fd7f82..ea39949dff72 100644 --- a/pkg/iac/adapters/terraform/azure/database/adapt.go +++ b/pkg/iac/adapters/terraform/azure/database/adapt.go @@ -3,7 +3,7 @@ package database import ( "github.com/aquasecurity/trivy/pkg/iac/providers/azure/database" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) database.Database { @@ -67,12 +67,12 @@ func (a *mssqlAdapter) adaptMSSQLServers(modules terraform.Modules) []database.M if len(orphanResources) > 0 { orphanage := database.MSSQLServer{ - Metadata: defsecTypes.NewUnmanagedMetadata(), + Metadata: iacTypes.NewUnmanagedMetadata(), Server: database.Server{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - EnableSSLEnforcement: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - MinimumTLSVersion: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), - EnablePublicNetworkAccess: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + EnableSSLEnforcement: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + MinimumTLSVersion: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + EnablePublicNetworkAccess: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), FirewallRules: nil, }, ExtendedAuditingPolicies: nil, @@ -89,12 +89,12 @@ func (a *mssqlAdapter) adaptMSSQLServers(modules terraform.Modules) []database.M if len(orphanResources) > 0 { orphanage := database.MSSQLServer{ - Metadata: defsecTypes.NewUnmanagedMetadata(), + Metadata: iacTypes.NewUnmanagedMetadata(), Server: database.Server{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - EnableSSLEnforcement: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - MinimumTLSVersion: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), - EnablePublicNetworkAccess: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + EnableSSLEnforcement: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + MinimumTLSVersion: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + EnablePublicNetworkAccess: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), FirewallRules: nil, }, } @@ -109,7 +109,7 @@ func (a *mssqlAdapter) adaptMSSQLServers(modules terraform.Modules) []database.M if len(orphanResources) > 0 { orphanage := database.MSSQLServer{ - Metadata: defsecTypes.NewUnmanagedMetadata(), + Metadata: iacTypes.NewUnmanagedMetadata(), } for _, policy := range orphanResources { orphanage.FirewallRules = append(orphanage.FirewallRules, adaptFirewallRule(policy)) @@ -132,12 +132,12 @@ func (a *mysqlAdapter) adaptMySQLServers(modules terraform.Modules) []database.M if len(orphanResources) > 0 { orphanage := database.MySQLServer{ - Metadata: defsecTypes.NewUnmanagedMetadata(), + Metadata: iacTypes.NewUnmanagedMetadata(), Server: database.Server{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - EnableSSLEnforcement: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - MinimumTLSVersion: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), - EnablePublicNetworkAccess: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + EnableSSLEnforcement: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + MinimumTLSVersion: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + EnablePublicNetworkAccess: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), FirewallRules: nil, }, } @@ -163,12 +163,12 @@ func (a *mariaDBAdapter) adaptMariaDBServers(modules terraform.Modules) []databa if len(orphanResources) > 0 { orphanage := database.MariaDBServer{ - Metadata: defsecTypes.NewUnmanagedMetadata(), + Metadata: iacTypes.NewUnmanagedMetadata(), Server: database.Server{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - EnableSSLEnforcement: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - MinimumTLSVersion: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), - EnablePublicNetworkAccess: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + EnableSSLEnforcement: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + MinimumTLSVersion: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + EnablePublicNetworkAccess: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), FirewallRules: nil, }, } @@ -194,19 +194,19 @@ func (a *postgresqlAdapter) adaptPostgreSQLServers(modules terraform.Modules) [] if len(orphanResources) > 0 { orphanage := database.PostgreSQLServer{ - Metadata: defsecTypes.NewUnmanagedMetadata(), + Metadata: iacTypes.NewUnmanagedMetadata(), Server: database.Server{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - EnableSSLEnforcement: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - MinimumTLSVersion: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), - EnablePublicNetworkAccess: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + EnableSSLEnforcement: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + MinimumTLSVersion: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + EnablePublicNetworkAccess: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), FirewallRules: nil, }, Config: database.PostgresSQLConfig{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - LogCheckpoints: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - ConnectionThrottling: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - LogConnections: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + LogCheckpoints: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + ConnectionThrottling: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + LogConnections: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), }, } for _, policy := range orphanResources { @@ -220,9 +220,9 @@ func (a *postgresqlAdapter) adaptPostgreSQLServers(modules terraform.Modules) [] } func (a *mssqlAdapter) adaptMSSQLServer(resource *terraform.Block, module *terraform.Module) database.MSSQLServer { - minTLSVersionVal := defsecTypes.StringDefault("", resource.GetMetadata()) - publicAccessVal := defsecTypes.BoolDefault(true, resource.GetMetadata()) - enableSSLEnforcementVal := defsecTypes.BoolDefault(false, resource.GetMetadata()) + minTLSVersionVal := iacTypes.StringDefault("", resource.GetMetadata()) + publicAccessVal := iacTypes.BoolDefault(true, resource.GetMetadata()) + enableSSLEnforcementVal := iacTypes.BoolDefault(false, resource.GetMetadata()) var auditingPolicies []database.ExtendedAuditingPolicy var alertPolicies []database.SecurityAlertPolicy @@ -330,7 +330,7 @@ func (a *mariaDBAdapter) adaptMariaDBServer(resource *terraform.Block, module *t Server: database.Server{ Metadata: resource.GetMetadata(), EnableSSLEnforcement: enableSSLEnforcementVal, - MinimumTLSVersion: defsecTypes.StringDefault("", resource.GetMetadata()), + MinimumTLSVersion: iacTypes.StringDefault("", resource.GetMetadata()), EnablePublicNetworkAccess: publicAccessVal, FirewallRules: firewallRules, }, @@ -374,9 +374,9 @@ func (a *postgresqlAdapter) adaptPostgreSQLServer(resource *terraform.Block, mod func adaptPostgreSQLConfig(resource *terraform.Block, configBlocks []*terraform.Block) database.PostgresSQLConfig { config := database.PostgresSQLConfig{ Metadata: resource.GetMetadata(), - LogCheckpoints: defsecTypes.BoolDefault(false, resource.GetMetadata()), - ConnectionThrottling: defsecTypes.BoolDefault(false, resource.GetMetadata()), - LogConnections: defsecTypes.BoolDefault(false, resource.GetMetadata()), + LogCheckpoints: iacTypes.BoolDefault(false, resource.GetMetadata()), + ConnectionThrottling: iacTypes.BoolDefault(false, resource.GetMetadata()), + LogConnections: iacTypes.BoolDefault(false, resource.GetMetadata()), } for _, configBlock := range configBlocks { @@ -385,13 +385,13 @@ func adaptPostgreSQLConfig(resource *terraform.Block, configBlocks []*terraform. valAttr := configBlock.GetAttribute("value") if nameAttr.Equals("log_checkpoints") { - config.LogCheckpoints = defsecTypes.Bool(valAttr.Equals("on"), valAttr.GetMetadata()) + config.LogCheckpoints = iacTypes.Bool(valAttr.Equals("on"), valAttr.GetMetadata()) } if nameAttr.Equals("connection_throttling") { - config.ConnectionThrottling = defsecTypes.Bool(valAttr.Equals("on"), valAttr.GetMetadata()) + config.ConnectionThrottling = iacTypes.Bool(valAttr.Equals("on"), valAttr.GetMetadata()) } if nameAttr.Equals("log_connections") { - config.LogConnections = defsecTypes.Bool(valAttr.Equals("on"), valAttr.GetMetadata()) + config.LogConnections = iacTypes.Bool(valAttr.Equals("on"), valAttr.GetMetadata()) } } diff --git a/pkg/iac/adapters/terraform/azure/database/adapt_test.go b/pkg/iac/adapters/terraform/azure/database/adapt_test.go index cf617e2c249a..9616659b30e3 100644 --- a/pkg/iac/adapters/terraform/azure/database/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/database/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/azure/database" "github.com/stretchr/testify/assert" @@ -61,25 +61,25 @@ func Test_Adapt(t *testing.T) { expected: database.Database{ PostgreSQLServers: []database.PostgreSQLServer{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Server: database.Server{ - Metadata: defsecTypes.NewTestMetadata(), - EnableSSLEnforcement: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - MinimumTLSVersion: defsecTypes.String("TLS1_2", defsecTypes.NewTestMetadata()), - EnablePublicNetworkAccess: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnableSSLEnforcement: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + MinimumTLSVersion: iacTypes.String("TLS1_2", iacTypes.NewTestMetadata()), + EnablePublicNetworkAccess: iacTypes.Bool(true, iacTypes.NewTestMetadata()), FirewallRules: []database.FirewallRule{ { - Metadata: defsecTypes.NewTestMetadata(), - StartIP: defsecTypes.String("40.112.8.12", defsecTypes.NewTestMetadata()), - EndIP: defsecTypes.String("40.112.8.12", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + StartIP: iacTypes.String("40.112.8.12", iacTypes.NewTestMetadata()), + EndIP: iacTypes.String("40.112.8.12", iacTypes.NewTestMetadata()), }, }, }, Config: database.PostgresSQLConfig{ - Metadata: defsecTypes.NewTestMetadata(), - LogConnections: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - LogCheckpoints: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - ConnectionThrottling: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + LogConnections: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + LogCheckpoints: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + ConnectionThrottling: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, }, @@ -107,17 +107,17 @@ func Test_Adapt(t *testing.T) { expected: database.Database{ MariaDBServers: []database.MariaDBServer{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Server: database.Server{ - Metadata: defsecTypes.NewTestMetadata(), - EnableSSLEnforcement: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - MinimumTLSVersion: defsecTypes.String("", defsecTypes.NewTestMetadata()), - EnablePublicNetworkAccess: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnableSSLEnforcement: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + MinimumTLSVersion: iacTypes.String("", iacTypes.NewTestMetadata()), + EnablePublicNetworkAccess: iacTypes.Bool(false, iacTypes.NewTestMetadata()), FirewallRules: []database.FirewallRule{ { - Metadata: defsecTypes.NewTestMetadata(), - StartIP: defsecTypes.String("40.112.0.0", defsecTypes.NewTestMetadata()), - EndIP: defsecTypes.String("40.112.255.255", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + StartIP: iacTypes.String("40.112.0.0", iacTypes.NewTestMetadata()), + EndIP: iacTypes.String("40.112.255.255", iacTypes.NewTestMetadata()), }, }, }, @@ -143,17 +143,17 @@ func Test_Adapt(t *testing.T) { expected: database.Database{ MySQLServers: []database.MySQLServer{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Server: database.Server{ - Metadata: defsecTypes.NewTestMetadata(), - EnableSSLEnforcement: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - MinimumTLSVersion: defsecTypes.String("TLS1_2", defsecTypes.NewTestMetadata()), - EnablePublicNetworkAccess: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnableSSLEnforcement: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + MinimumTLSVersion: iacTypes.String("TLS1_2", iacTypes.NewTestMetadata()), + EnablePublicNetworkAccess: iacTypes.Bool(true, iacTypes.NewTestMetadata()), FirewallRules: []database.FirewallRule{ { - Metadata: defsecTypes.NewTestMetadata(), - StartIP: defsecTypes.String("40.112.8.12", defsecTypes.NewTestMetadata()), - EndIP: defsecTypes.String("40.112.8.12", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + StartIP: iacTypes.String("40.112.8.12", iacTypes.NewTestMetadata()), + EndIP: iacTypes.String("40.112.8.12", iacTypes.NewTestMetadata()), }, }, }, @@ -198,37 +198,37 @@ func Test_Adapt(t *testing.T) { expected: database.Database{ MSSQLServers: []database.MSSQLServer{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Server: database.Server{ - Metadata: defsecTypes.NewTestMetadata(), - MinimumTLSVersion: defsecTypes.String("1.2", defsecTypes.NewTestMetadata()), - EnablePublicNetworkAccess: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - EnableSSLEnforcement: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + MinimumTLSVersion: iacTypes.String("1.2", iacTypes.NewTestMetadata()), + EnablePublicNetworkAccess: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + EnableSSLEnforcement: iacTypes.Bool(false, iacTypes.NewTestMetadata()), FirewallRules: []database.FirewallRule{ { - Metadata: defsecTypes.NewTestMetadata(), - StartIP: defsecTypes.String("10.0.17.62", defsecTypes.NewTestMetadata()), - EndIP: defsecTypes.String("10.0.17.62", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + StartIP: iacTypes.String("10.0.17.62", iacTypes.NewTestMetadata()), + EndIP: iacTypes.String("10.0.17.62", iacTypes.NewTestMetadata()), }, }, }, ExtendedAuditingPolicies: []database.ExtendedAuditingPolicy{ { - Metadata: defsecTypes.NewTestMetadata(), - RetentionInDays: defsecTypes.Int(6, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + RetentionInDays: iacTypes.Int(6, iacTypes.NewTestMetadata()), }, }, SecurityAlertPolicies: []database.SecurityAlertPolicy{ { - Metadata: defsecTypes.NewTestMetadata(), - EmailAddresses: []defsecTypes.StringValue{ - defsecTypes.String("example@example.com", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EmailAddresses: []iacTypes.StringValue{ + iacTypes.String("example@example.com", iacTypes.NewTestMetadata()), }, - DisabledAlerts: []defsecTypes.StringValue{ - defsecTypes.String("Sql_Injection", defsecTypes.NewTestMetadata()), - defsecTypes.String("Data_Exfiltration", defsecTypes.NewTestMetadata()), + DisabledAlerts: []iacTypes.StringValue{ + iacTypes.String("Sql_Injection", iacTypes.NewTestMetadata()), + iacTypes.String("Data_Exfiltration", iacTypes.NewTestMetadata()), }, - EmailAccountAdmins: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + EmailAccountAdmins: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/azure/datafactory/adapt_test.go b/pkg/iac/adapters/terraform/azure/datafactory/adapt_test.go index 019de8339d30..cefe5709d42e 100644 --- a/pkg/iac/adapters/terraform/azure/datafactory/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/datafactory/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/azure/datafactory" @@ -30,8 +30,8 @@ func Test_adaptFactory(t *testing.T) { } `, expected: datafactory.Factory{ - Metadata: defsecTypes.NewTestMetadata(), - EnablePublicNetwork: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnablePublicNetwork: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, { @@ -42,8 +42,8 @@ func Test_adaptFactory(t *testing.T) { } `, expected: datafactory.Factory{ - Metadata: defsecTypes.NewTestMetadata(), - EnablePublicNetwork: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnablePublicNetwork: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, } diff --git a/pkg/iac/adapters/terraform/azure/datalake/adapt_test.go b/pkg/iac/adapters/terraform/azure/datalake/adapt_test.go index b9c5eece050d..c1ca5410384f 100644 --- a/pkg/iac/adapters/terraform/azure/datalake/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/datalake/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/azure/datalake" @@ -27,8 +27,8 @@ func Test_adaptStore(t *testing.T) { } `, expected: datalake.Store{ - Metadata: defsecTypes.NewTestMetadata(), - EnableEncryption: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnableEncryption: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, { @@ -39,8 +39,8 @@ func Test_adaptStore(t *testing.T) { } `, expected: datalake.Store{ - Metadata: defsecTypes.NewTestMetadata(), - EnableEncryption: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnableEncryption: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, { @@ -50,8 +50,8 @@ func Test_adaptStore(t *testing.T) { } `, expected: datalake.Store{ - Metadata: defsecTypes.NewTestMetadata(), - EnableEncryption: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnableEncryption: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, } diff --git a/pkg/iac/adapters/terraform/azure/keyvault/adapt.go b/pkg/iac/adapters/terraform/azure/keyvault/adapt.go index 7c9b1f49631d..87461bfbeedc 100644 --- a/pkg/iac/adapters/terraform/azure/keyvault/adapt.go +++ b/pkg/iac/adapters/terraform/azure/keyvault/adapt.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/azure/keyvault" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) keyvault.KeyVault { @@ -38,14 +38,14 @@ func (a *adapter) adaptVaults(modules terraform.Modules) []keyvault.Vault { if len(orphanResources) > 0 { orphanage := keyvault.Vault{ - Metadata: defsecTypes.NewUnmanagedMetadata(), + Metadata: iacTypes.NewUnmanagedMetadata(), Secrets: nil, Keys: nil, - EnablePurgeProtection: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - SoftDeleteRetentionDays: defsecTypes.IntDefault(0, defsecTypes.NewUnmanagedMetadata()), + EnablePurgeProtection: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + SoftDeleteRetentionDays: iacTypes.IntDefault(0, iacTypes.NewUnmanagedMetadata()), NetworkACLs: keyvault.NetworkACLs{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - DefaultAction: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + DefaultAction: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), }, } for _, secretResource := range orphanResources { @@ -58,14 +58,14 @@ func (a *adapter) adaptVaults(modules terraform.Modules) []keyvault.Vault { if len(orphanResources) > 0 { orphanage := keyvault.Vault{ - Metadata: defsecTypes.NewUnmanagedMetadata(), + Metadata: iacTypes.NewUnmanagedMetadata(), Secrets: nil, Keys: nil, - EnablePurgeProtection: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - SoftDeleteRetentionDays: defsecTypes.IntDefault(0, defsecTypes.NewUnmanagedMetadata()), + EnablePurgeProtection: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + SoftDeleteRetentionDays: iacTypes.IntDefault(0, iacTypes.NewUnmanagedMetadata()), NetworkACLs: keyvault.NetworkACLs{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - DefaultAction: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + DefaultAction: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), }, } for _, secretResource := range orphanResources { @@ -81,7 +81,7 @@ func (a *adapter) adaptVault(resource *terraform.Block, module *terraform.Module var keys []keyvault.Key var secrets []keyvault.Secret - defaultActionVal := defsecTypes.StringDefault("", resource.GetMetadata()) + defaultActionVal := iacTypes.StringDefault("", resource.GetMetadata()) secretBlocks := module.GetReferencingResources(resource, "azurerm_key_vault_secret", "key_vault_id") for _, secretBlock := range secretBlocks { @@ -101,7 +101,7 @@ func (a *adapter) adaptVault(resource *terraform.Block, module *terraform.Module softDeleteRetentionDaysAttr := resource.GetAttribute("soft_delete_retention_days") softDeleteRetentionDaysVal := softDeleteRetentionDaysAttr.AsIntValueOrDefault(0, resource) - aclMetadata := defsecTypes.NewUnmanagedMetadata() + aclMetadata := iacTypes.NewUnmanagedMetadata() if aclBlock := resource.GetBlock("network_acls"); aclBlock.IsNotNil() { aclMetadata = aclBlock.GetMetadata() defaultActionAttr := aclBlock.GetAttribute("default_action") @@ -140,17 +140,17 @@ func adaptKey(resource *terraform.Block) keyvault.Key { } } -func resolveExpiryDate(resource *terraform.Block) defsecTypes.TimeValue { +func resolveExpiryDate(resource *terraform.Block) iacTypes.TimeValue { expiryDateAttr := resource.GetAttribute("expiration_date") - expiryDateVal := defsecTypes.TimeDefault(time.Time{}, resource.GetMetadata()) + expiryDateVal := iacTypes.TimeDefault(time.Time{}, resource.GetMetadata()) if expiryDateAttr.IsString() { expiryDateString := expiryDateAttr.Value().AsString() if expiryDate, err := time.Parse(time.RFC3339, expiryDateString); err == nil { - expiryDateVal = defsecTypes.Time(expiryDate, expiryDateAttr.GetMetadata()) + expiryDateVal = iacTypes.Time(expiryDate, expiryDateAttr.GetMetadata()) } } else if expiryDateAttr.IsNotNil() { - expiryDateVal = defsecTypes.TimeUnresolvable(expiryDateAttr.GetMetadata()) + expiryDateVal = iacTypes.TimeUnresolvable(expiryDateAttr.GetMetadata()) } return expiryDateVal diff --git a/pkg/iac/adapters/terraform/azure/keyvault/adapt_test.go b/pkg/iac/adapters/terraform/azure/keyvault/adapt_test.go index 26045e573e6c..b21d25b12c70 100644 --- a/pkg/iac/adapters/terraform/azure/keyvault/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/keyvault/adapt_test.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/azure/keyvault" @@ -38,12 +38,12 @@ func Test_Adapt(t *testing.T) { expected: keyvault.KeyVault{ Vaults: []keyvault.Vault{ { - Metadata: defsecTypes.NewTestMetadata(), - EnablePurgeProtection: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - SoftDeleteRetentionDays: defsecTypes.Int(7, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnablePurgeProtection: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + SoftDeleteRetentionDays: iacTypes.Int(7, iacTypes.NewTestMetadata()), NetworkACLs: keyvault.NetworkACLs{ - Metadata: defsecTypes.NewTestMetadata(), - DefaultAction: defsecTypes.String("Deny", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + DefaultAction: iacTypes.String("Deny", iacTypes.NewTestMetadata()), }, }, }, @@ -58,12 +58,12 @@ func Test_Adapt(t *testing.T) { expected: keyvault.KeyVault{ Vaults: []keyvault.Vault{ { - Metadata: defsecTypes.NewTestMetadata(), - EnablePurgeProtection: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - SoftDeleteRetentionDays: defsecTypes.Int(0, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnablePurgeProtection: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + SoftDeleteRetentionDays: iacTypes.Int(0, iacTypes.NewTestMetadata()), NetworkACLs: keyvault.NetworkACLs{ - Metadata: defsecTypes.NewTestMetadata(), - DefaultAction: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + DefaultAction: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, }, @@ -93,9 +93,9 @@ func Test_adaptSecret(t *testing.T) { } `, expected: keyvault.Secret{ - Metadata: defsecTypes.NewTestMetadata(), - ContentType: defsecTypes.String("", defsecTypes.NewTestMetadata()), - ExpiryDate: defsecTypes.Time(time.Time{}, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ContentType: iacTypes.String("", iacTypes.NewTestMetadata()), + ExpiryDate: iacTypes.Time(time.Time{}, iacTypes.NewTestMetadata()), }, }, { @@ -107,12 +107,12 @@ func Test_adaptSecret(t *testing.T) { } `, expected: keyvault.Secret{ - Metadata: defsecTypes.NewTestMetadata(), - ContentType: defsecTypes.String("password", defsecTypes.NewTestMetadata()), - ExpiryDate: defsecTypes.Time(func(timeVal string) time.Time { + Metadata: iacTypes.NewTestMetadata(), + ContentType: iacTypes.String("password", iacTypes.NewTestMetadata()), + ExpiryDate: iacTypes.Time(func(timeVal string) time.Time { parsed, _ := time.Parse(time.RFC3339, timeVal) return parsed - }("1982-12-31T00:00:00Z"), defsecTypes.NewTestMetadata())}, + }("1982-12-31T00:00:00Z"), iacTypes.NewTestMetadata())}, }, } @@ -140,11 +140,11 @@ func Test_adaptKey(t *testing.T) { } `, expected: keyvault.Key{ - Metadata: defsecTypes.NewTestMetadata(), - ExpiryDate: defsecTypes.Time(func(timeVal string) time.Time { + Metadata: iacTypes.NewTestMetadata(), + ExpiryDate: iacTypes.Time(func(timeVal string) time.Time { parsed, _ := time.Parse(time.RFC3339, timeVal) return parsed - }("1982-12-31T00:00:00Z"), defsecTypes.NewTestMetadata()), + }("1982-12-31T00:00:00Z"), iacTypes.NewTestMetadata()), }, }, { @@ -154,8 +154,8 @@ func Test_adaptKey(t *testing.T) { } `, expected: keyvault.Key{ - Metadata: defsecTypes.NewTestMetadata(), - ExpiryDate: defsecTypes.Time(time.Time{}, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ExpiryDate: iacTypes.Time(time.Time{}, iacTypes.NewTestMetadata()), }, }, { @@ -198,8 +198,8 @@ resource "azurerm_key_vault_key" "this" { } `, expected: keyvault.Key{ - Metadata: defsecTypes.NewTestMetadata(), - ExpiryDate: defsecTypes.TimeUnresolvable(defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ExpiryDate: iacTypes.TimeUnresolvable(iacTypes.NewTestMetadata()), }, }, } diff --git a/pkg/iac/adapters/terraform/azure/monitor/adapt.go b/pkg/iac/adapters/terraform/azure/monitor/adapt.go index 52371de59af1..a622bcdeaf41 100644 --- a/pkg/iac/adapters/terraform/azure/monitor/adapt.go +++ b/pkg/iac/adapters/terraform/azure/monitor/adapt.go @@ -3,7 +3,7 @@ package monitor import ( "github.com/aquasecurity/trivy/pkg/iac/providers/azure/monitor" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) monitor.Monitor { @@ -29,8 +29,8 @@ func adaptLogProfile(resource *terraform.Block) monitor.LogProfile { Metadata: resource.GetMetadata(), RetentionPolicy: monitor.RetentionPolicy{ Metadata: resource.GetMetadata(), - Enabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), - Days: defsecTypes.IntDefault(0, resource.GetMetadata()), + Enabled: iacTypes.BoolDefault(false, resource.GetMetadata()), + Days: iacTypes.IntDefault(0, resource.GetMetadata()), }, Categories: nil, Locations: nil, diff --git a/pkg/iac/adapters/terraform/azure/monitor/adapt_test.go b/pkg/iac/adapters/terraform/azure/monitor/adapt_test.go index 3b5d52e6b329..a0cf262fca7c 100644 --- a/pkg/iac/adapters/terraform/azure/monitor/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/monitor/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/azure/monitor" @@ -42,21 +42,21 @@ func Test_adaptLogProfile(t *testing.T) { } `, expected: monitor.LogProfile{ - Metadata: defsecTypes.NewTestMetadata(), - Categories: []defsecTypes.StringValue{ - defsecTypes.String("Action", defsecTypes.NewTestMetadata()), - defsecTypes.String("Delete", defsecTypes.NewTestMetadata()), - defsecTypes.String("Write", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Categories: []iacTypes.StringValue{ + iacTypes.String("Action", iacTypes.NewTestMetadata()), + iacTypes.String("Delete", iacTypes.NewTestMetadata()), + iacTypes.String("Write", iacTypes.NewTestMetadata()), }, RetentionPolicy: monitor.RetentionPolicy{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - Days: defsecTypes.Int(365, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + Days: iacTypes.Int(365, iacTypes.NewTestMetadata()), }, - Locations: []defsecTypes.StringValue{ - defsecTypes.String("eastus", defsecTypes.NewTestMetadata()), - defsecTypes.String("eastus2", defsecTypes.NewTestMetadata()), - defsecTypes.String("southcentralus", defsecTypes.NewTestMetadata()), + Locations: []iacTypes.StringValue{ + iacTypes.String("eastus", iacTypes.NewTestMetadata()), + iacTypes.String("eastus2", iacTypes.NewTestMetadata()), + iacTypes.String("southcentralus", iacTypes.NewTestMetadata()), }, }, }, @@ -67,11 +67,11 @@ func Test_adaptLogProfile(t *testing.T) { } `, expected: monitor.LogProfile{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), RetentionPolicy: monitor.RetentionPolicy{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - Days: defsecTypes.Int(0, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + Days: iacTypes.Int(0, iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/azure/network/adapt.go b/pkg/iac/adapters/terraform/azure/network/adapt.go index e49bbeeca5a0..b2866cd9100a 100644 --- a/pkg/iac/adapters/terraform/azure/network/adapt.go +++ b/pkg/iac/adapters/terraform/azure/network/adapt.go @@ -8,7 +8,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/azure/network" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) network.Network { @@ -50,7 +50,7 @@ func (a *adapter) adaptSecurityGroups() []network.SecurityGroup { } a.groups[uuid.NewString()] = network.SecurityGroup{ - Metadata: defsecTypes.NewUnmanagedMetadata(), + Metadata: iacTypes.NewUnmanagedMetadata(), Rules: []network.SecurityGroupRule{rule}, } } @@ -89,8 +89,8 @@ func (a *adapter) adaptSGRule(ruleBlock *terraform.Block) network.SecurityGroupR rule := network.SecurityGroupRule{ Metadata: ruleBlock.GetMetadata(), - Outbound: defsecTypes.BoolDefault(false, ruleBlock.GetMetadata()), - Allow: defsecTypes.BoolDefault(true, ruleBlock.GetMetadata()), + Outbound: iacTypes.BoolDefault(false, ruleBlock.GetMetadata()), + Allow: iacTypes.BoolDefault(true, ruleBlock.GetMetadata()), SourceAddresses: nil, SourcePorts: nil, DestinationAddresses: nil, @@ -100,16 +100,16 @@ func (a *adapter) adaptSGRule(ruleBlock *terraform.Block) network.SecurityGroupR accessAttr := ruleBlock.GetAttribute("access") if accessAttr.Equals("Allow") { - rule.Allow = defsecTypes.Bool(true, accessAttr.GetMetadata()) + rule.Allow = iacTypes.Bool(true, accessAttr.GetMetadata()) } else if accessAttr.Equals("Deny") { - rule.Allow = defsecTypes.Bool(false, accessAttr.GetMetadata()) + rule.Allow = iacTypes.Bool(false, accessAttr.GetMetadata()) } directionAttr := ruleBlock.GetAttribute("direction") if directionAttr.Equals("Inbound") { - rule.Outbound = defsecTypes.Bool(false, directionAttr.GetMetadata()) + rule.Outbound = iacTypes.Bool(false, directionAttr.GetMetadata()) } else if directionAttr.Equals("Outbound") { - rule.Outbound = defsecTypes.Bool(true, directionAttr.GetMetadata()) + rule.Outbound = iacTypes.Bool(true, directionAttr.GetMetadata()) } a.adaptSource(ruleBlock, &rule) @@ -166,7 +166,7 @@ func (a *adapter) adaptDestination(ruleBlock *terraform.Block, rule *network.Sec } } -func expandRange(r string, m defsecTypes.Metadata) network.PortRange { +func expandRange(r string, m iacTypes.Metadata) network.PortRange { start := 0 end := 65535 switch { @@ -199,8 +199,8 @@ func adaptWatcherLog(resource *terraform.Block) network.NetworkWatcherFlowLog { Metadata: resource.GetMetadata(), RetentionPolicy: network.RetentionPolicy{ Metadata: resource.GetMetadata(), - Enabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), - Days: defsecTypes.IntDefault(0, resource.GetMetadata()), + Enabled: iacTypes.BoolDefault(false, resource.GetMetadata()), + Days: iacTypes.IntDefault(0, resource.GetMetadata()), }, } diff --git a/pkg/iac/adapters/terraform/azure/network/adapt_test.go b/pkg/iac/adapters/terraform/azure/network/adapt_test.go index 531ae0dafbac..a6abf380145c 100644 --- a/pkg/iac/adapters/terraform/azure/network/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/network/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/azure/network" "github.com/stretchr/testify/assert" @@ -50,44 +50,44 @@ func Test_Adapt(t *testing.T) { expected: network.Network{ SecurityGroups: []network.SecurityGroup{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Rules: []network.SecurityGroupRule{ { - Metadata: defsecTypes.NewTestMetadata(), - Outbound: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - Allow: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - SourceAddresses: []defsecTypes.StringValue{ - defsecTypes.String("4.53.160.75", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Outbound: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + Allow: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + SourceAddresses: []iacTypes.StringValue{ + iacTypes.String("4.53.160.75", iacTypes.NewTestMetadata()), }, - DestinationAddresses: []defsecTypes.StringValue{ - defsecTypes.String("*", defsecTypes.NewTestMetadata()), + DestinationAddresses: []iacTypes.StringValue{ + iacTypes.String("*", iacTypes.NewTestMetadata()), }, SourcePorts: []network.PortRange{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Start: 0, End: 65535, }, }, DestinationPorts: []network.PortRange{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Start: 3389, End: 3389, }, }, - Protocol: defsecTypes.String("TCP", defsecTypes.NewTestMetadata()), + Protocol: iacTypes.String("TCP", iacTypes.NewTestMetadata()), }, }, }, }, NetworkWatcherFlowLogs: []network.NetworkWatcherFlowLog{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), RetentionPolicy: network.RetentionPolicy{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - Days: defsecTypes.Int(7, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + Days: iacTypes.Int(7, iacTypes.NewTestMetadata()), }, }, }, @@ -105,13 +105,13 @@ func Test_Adapt(t *testing.T) { expected: network.Network{ SecurityGroups: []network.SecurityGroup{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Rules: []network.SecurityGroupRule{ { - Metadata: defsecTypes.NewTestMetadata(), - Outbound: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - Allow: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - Protocol: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Outbound: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + Allow: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + Protocol: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, }, @@ -146,11 +146,11 @@ func Test_adaptWatcherLog(t *testing.T) { } `, expected: network.NetworkWatcherFlowLog{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), RetentionPolicy: network.RetentionPolicy{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - Days: defsecTypes.Int(90, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + Days: iacTypes.Int(90, iacTypes.NewTestMetadata()), }, }, }, @@ -163,11 +163,11 @@ func Test_adaptWatcherLog(t *testing.T) { } `, expected: network.NetworkWatcherFlowLog{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), RetentionPolicy: network.RetentionPolicy{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - Days: defsecTypes.Int(0, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + Days: iacTypes.Int(0, iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/azure/securitycenter/adapt_test.go b/pkg/iac/adapters/terraform/azure/securitycenter/adapt_test.go index cfe5af3411c9..3b61ebecf0b9 100644 --- a/pkg/iac/adapters/terraform/azure/securitycenter/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/securitycenter/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/azure/securitycenter" @@ -28,9 +28,9 @@ func Test_adaptContact(t *testing.T) { } `, expected: securitycenter.Contact{ - Metadata: defsecTypes.NewTestMetadata(), - EnableAlertNotifications: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - Phone: defsecTypes.String("+1-555-555-5555", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnableAlertNotifications: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + Phone: iacTypes.String("+1-555-555-5555", iacTypes.NewTestMetadata()), }, }, { @@ -40,9 +40,9 @@ func Test_adaptContact(t *testing.T) { } `, expected: securitycenter.Contact{ - Metadata: defsecTypes.NewTestMetadata(), - EnableAlertNotifications: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - Phone: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnableAlertNotifications: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + Phone: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, } @@ -69,8 +69,8 @@ func Test_adaptSubscription(t *testing.T) { tier = "Free" }`, expected: securitycenter.SubscriptionPricing{ - Metadata: defsecTypes.NewTestMetadata(), - Tier: defsecTypes.String("Free", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Tier: iacTypes.String("Free", iacTypes.NewTestMetadata()), }, }, { @@ -79,8 +79,8 @@ func Test_adaptSubscription(t *testing.T) { resource "azurerm_security_center_subscription_pricing" "example" { }`, expected: securitycenter.SubscriptionPricing{ - Metadata: defsecTypes.NewTestMetadata(), - Tier: defsecTypes.String("Free", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Tier: iacTypes.String("Free", iacTypes.NewTestMetadata()), }, }, { @@ -90,8 +90,8 @@ func Test_adaptSubscription(t *testing.T) { tier = "Standard" }`, expected: securitycenter.SubscriptionPricing{ - Metadata: defsecTypes.NewTestMetadata(), - Tier: defsecTypes.String("Standard", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Tier: iacTypes.String("Standard", iacTypes.NewTestMetadata()), }, }, } diff --git a/pkg/iac/adapters/terraform/azure/storage/adapt.go b/pkg/iac/adapters/terraform/azure/storage/adapt.go index 78eff47b72fc..edc5f0029be7 100644 --- a/pkg/iac/adapters/terraform/azure/storage/adapt.go +++ b/pkg/iac/adapters/terraform/azure/storage/adapt.go @@ -3,22 +3,22 @@ package storage import ( "github.com/aquasecurity/trivy/pkg/iac/providers/azure/storage" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) storage.Storage { accounts, containers, networkRules := adaptAccounts(modules) orphanAccount := storage.Account{ - Metadata: defsecTypes.NewUnmanagedMetadata(), + Metadata: iacTypes.NewUnmanagedMetadata(), NetworkRules: adaptOrphanNetworkRules(modules, networkRules), - EnforceHTTPS: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + EnforceHTTPS: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), Containers: adaptOrphanContainers(modules, containers), QueueProperties: storage.QueueProperties{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - EnableLogging: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + EnableLogging: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), }, - MinimumTLSVersion: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), + MinimumTLSVersion: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), } accounts = append(accounts, orphanAccount) @@ -100,13 +100,13 @@ func adaptAccount(resource *terraform.Block) storage.Account { account := storage.Account{ Metadata: resource.GetMetadata(), NetworkRules: nil, - EnforceHTTPS: defsecTypes.BoolDefault(true, resource.GetMetadata()), + EnforceHTTPS: iacTypes.BoolDefault(true, resource.GetMetadata()), Containers: nil, QueueProperties: storage.QueueProperties{ Metadata: resource.GetMetadata(), - EnableLogging: defsecTypes.BoolDefault(false, resource.GetMetadata()), + EnableLogging: iacTypes.BoolDefault(false, resource.GetMetadata()), }, - MinimumTLSVersion: defsecTypes.StringDefault("TLS1_2", resource.GetMetadata()), + MinimumTLSVersion: iacTypes.StringDefault("TLS1_2", resource.GetMetadata()), } networkRulesBlocks := resource.GetBlocks("network_rules") @@ -122,7 +122,7 @@ func adaptAccount(resource *terraform.Block) storage.Account { account.QueueProperties.Metadata = queuePropertiesBlock.GetMetadata() loggingBlock := queuePropertiesBlock.GetBlock("logging") if loggingBlock.IsNotNil() { - account.QueueProperties.EnableLogging = defsecTypes.Bool(true, loggingBlock.GetMetadata()) + account.QueueProperties.EnableLogging = iacTypes.Bool(true, loggingBlock.GetMetadata()) } } @@ -133,12 +133,12 @@ func adaptAccount(resource *terraform.Block) storage.Account { func adaptContainer(resource *terraform.Block) storage.Container { accessTypeAttr := resource.GetAttribute("container_access_type") - publicAccess := defsecTypes.StringDefault(storage.PublicAccessOff, resource.GetMetadata()) + publicAccess := iacTypes.StringDefault(storage.PublicAccessOff, resource.GetMetadata()) if accessTypeAttr.Equals("blob") { - publicAccess = defsecTypes.String(storage.PublicAccessBlob, accessTypeAttr.GetMetadata()) + publicAccess = iacTypes.String(storage.PublicAccessBlob, accessTypeAttr.GetMetadata()) } else if accessTypeAttr.Equals("container") { - publicAccess = defsecTypes.String(storage.PublicAccessContainer, accessTypeAttr.GetMetadata()) + publicAccess = iacTypes.String(storage.PublicAccessContainer, accessTypeAttr.GetMetadata()) } return storage.Container{ @@ -148,15 +148,15 @@ func adaptContainer(resource *terraform.Block) storage.Container { } func adaptNetworkRule(resource *terraform.Block) storage.NetworkRule { - var allowByDefault defsecTypes.BoolValue - var bypass []defsecTypes.StringValue + var allowByDefault iacTypes.BoolValue + var bypass []iacTypes.StringValue defaultActionAttr := resource.GetAttribute("default_action") if defaultActionAttr.IsNotNil() { - allowByDefault = defsecTypes.Bool(defaultActionAttr.Equals("Allow", terraform.IgnoreCase), defaultActionAttr.GetMetadata()) + allowByDefault = iacTypes.Bool(defaultActionAttr.Equals("Allow", terraform.IgnoreCase), defaultActionAttr.GetMetadata()) } else { - allowByDefault = defsecTypes.BoolDefault(false, resource.GetMetadata()) + allowByDefault = iacTypes.BoolDefault(false, resource.GetMetadata()) } if resource.HasChild("bypass") { diff --git a/pkg/iac/adapters/terraform/azure/storage/adapt_test.go b/pkg/iac/adapters/terraform/azure/storage/adapt_test.go index 6f1c080e6e98..3b13c3c4df35 100644 --- a/pkg/iac/adapters/terraform/azure/storage/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/storage/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/azure/storage" "github.com/stretchr/testify/assert" @@ -65,45 +65,45 @@ func Test_Adapt(t *testing.T) { Accounts: []storage.Account{ { - Metadata: defsecTypes.NewTestMetadata(), - EnforceHTTPS: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - MinimumTLSVersion: defsecTypes.String("TLS1_2", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnforceHTTPS: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + MinimumTLSVersion: iacTypes.String("TLS1_2", iacTypes.NewTestMetadata()), NetworkRules: []storage.NetworkRule{ { - Metadata: defsecTypes.NewTestMetadata(), - Bypass: []defsecTypes.StringValue{ - defsecTypes.String("Metrics", defsecTypes.NewTestMetadata()), - defsecTypes.String("AzureServices", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Bypass: []iacTypes.StringValue{ + iacTypes.String("Metrics", iacTypes.NewTestMetadata()), + iacTypes.String("AzureServices", iacTypes.NewTestMetadata()), }, - AllowByDefault: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + AllowByDefault: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, { - Metadata: defsecTypes.NewTestMetadata(), - Bypass: []defsecTypes.StringValue{ - defsecTypes.String("Metrics", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Bypass: []iacTypes.StringValue{ + iacTypes.String("Metrics", iacTypes.NewTestMetadata()), }, - AllowByDefault: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + AllowByDefault: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, QueueProperties: storage.QueueProperties{ - Metadata: defsecTypes.NewTestMetadata(), - EnableLogging: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnableLogging: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, Containers: []storage.Container{ { - Metadata: defsecTypes.NewTestMetadata(), - PublicAccess: defsecTypes.String("blob", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + PublicAccess: iacTypes.String("blob", iacTypes.NewTestMetadata()), }, }, }, { - Metadata: defsecTypes.NewUnmanagedMetadata(), - EnforceHTTPS: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + EnforceHTTPS: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), QueueProperties: storage.QueueProperties{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - EnableLogging: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + EnableLogging: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), }, - MinimumTLSVersion: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), + MinimumTLSVersion: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), }, }, }, @@ -123,26 +123,26 @@ func Test_Adapt(t *testing.T) { expected: storage.Storage{ Accounts: []storage.Account{ { - Metadata: defsecTypes.NewUnmanagedMetadata(), - EnforceHTTPS: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + EnforceHTTPS: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), NetworkRules: []storage.NetworkRule{ { - Metadata: defsecTypes.NewTestMetadata(), - Bypass: []defsecTypes.StringValue{ - defsecTypes.String("Metrics", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Bypass: []iacTypes.StringValue{ + iacTypes.String("Metrics", iacTypes.NewTestMetadata()), }, - AllowByDefault: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + AllowByDefault: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, QueueProperties: storage.QueueProperties{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - EnableLogging: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + EnableLogging: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), }, - MinimumTLSVersion: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), + MinimumTLSVersion: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), Containers: []storage.Container{ { - Metadata: defsecTypes.NewTestMetadata(), - PublicAccess: defsecTypes.String("blob", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + PublicAccess: iacTypes.String("blob", iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/azure/synapse/adapt_test.go b/pkg/iac/adapters/terraform/azure/synapse/adapt_test.go index e466f32dd443..79062878e092 100644 --- a/pkg/iac/adapters/terraform/azure/synapse/adapt_test.go +++ b/pkg/iac/adapters/terraform/azure/synapse/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/azure/synapse" @@ -27,8 +27,8 @@ func Test_adaptWorkspace(t *testing.T) { } `, expected: synapse.Workspace{ - Metadata: defsecTypes.NewTestMetadata(), - EnableManagedVirtualNetwork: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnableManagedVirtualNetwork: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, { @@ -39,8 +39,8 @@ func Test_adaptWorkspace(t *testing.T) { } `, expected: synapse.Workspace{ - Metadata: defsecTypes.NewTestMetadata(), - EnableManagedVirtualNetwork: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnableManagedVirtualNetwork: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, { @@ -50,8 +50,8 @@ func Test_adaptWorkspace(t *testing.T) { } `, expected: synapse.Workspace{ - Metadata: defsecTypes.NewTestMetadata(), - EnableManagedVirtualNetwork: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnableManagedVirtualNetwork: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, } diff --git a/pkg/iac/adapters/terraform/cloudstack/compute/adapt_test.go b/pkg/iac/adapters/terraform/cloudstack/compute/adapt_test.go index f8d1a097bfcd..14576c13bbf8 100644 --- a/pkg/iac/adapters/terraform/cloudstack/compute/adapt_test.go +++ b/pkg/iac/adapters/terraform/cloudstack/compute/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/cloudstack/compute" @@ -30,9 +30,9 @@ export DATABASE_PASSWORD=\"SomeSortOfPassword\" } `, expected: compute.Instance{ - Metadata: defsecTypes.NewTestMetadata(), - UserData: defsecTypes.String(`export DATABASE_PASSWORD=\"SomeSortOfPassword\" -`, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + UserData: iacTypes.String(`export DATABASE_PASSWORD=\"SomeSortOfPassword\" +`, iacTypes.NewTestMetadata()), }, }, { @@ -44,8 +44,8 @@ export DATABASE_PASSWORD=\"SomeSortOfPassword\" } `, expected: compute.Instance{ - Metadata: defsecTypes.NewTestMetadata(), - UserData: defsecTypes.String(`export DATABASE_PASSWORD="SomeSortOfPassword"`, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + UserData: iacTypes.String(`export DATABASE_PASSWORD="SomeSortOfPassword"`, iacTypes.NewTestMetadata()), }, }, { @@ -55,8 +55,8 @@ export DATABASE_PASSWORD=\"SomeSortOfPassword\" } `, expected: compute.Instance{ - Metadata: defsecTypes.NewTestMetadata(), - UserData: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + UserData: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, } diff --git a/pkg/iac/adapters/terraform/digitalocean/compute/adapt_test.go b/pkg/iac/adapters/terraform/digitalocean/compute/adapt_test.go index b1d5db57bfad..e4c81deaaa9b 100644 --- a/pkg/iac/adapters/terraform/digitalocean/compute/adapt_test.go +++ b/pkg/iac/adapters/terraform/digitalocean/compute/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/digitalocean/compute" "github.com/stretchr/testify/assert" @@ -31,9 +31,9 @@ func Test_adaptDroplets(t *testing.T) { `, expected: []compute.Droplet{ { - Metadata: defsecTypes.NewTestMetadata(), - SSHKeys: []defsecTypes.StringValue{ - defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + SSHKeys: []iacTypes.StringValue{ + iacTypes.String("", iacTypes.NewTestMetadata()), }, }, }, @@ -51,9 +51,9 @@ func Test_adaptDroplets(t *testing.T) { `, expected: []compute.Droplet{ { - Metadata: defsecTypes.NewTestMetadata(), - SSHKeys: []defsecTypes.StringValue{ - defsecTypes.String("my-ssh-key", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + SSHKeys: []iacTypes.StringValue{ + iacTypes.String("my-ssh-key", iacTypes.NewTestMetadata()), }, }, }, @@ -66,7 +66,7 @@ func Test_adaptDroplets(t *testing.T) { `, expected: []compute.Droplet{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), }, }, }, @@ -108,21 +108,21 @@ func Test_adaptFirewalls(t *testing.T) { `, expected: []compute.Firewall{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), OutboundRules: []compute.OutboundFirewallRule{ { - Metadata: defsecTypes.NewTestMetadata(), - DestinationAddresses: []defsecTypes.StringValue{ - defsecTypes.String("192.168.1.0/24", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + DestinationAddresses: []iacTypes.StringValue{ + iacTypes.String("192.168.1.0/24", iacTypes.NewTestMetadata()), }, }, }, InboundRules: []compute.InboundFirewallRule{ { - Metadata: defsecTypes.NewTestMetadata(), - SourceAddresses: []defsecTypes.StringValue{ - defsecTypes.String("192.168.1.0/24", defsecTypes.NewTestMetadata()), - defsecTypes.String("fc00::/7", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + SourceAddresses: []iacTypes.StringValue{ + iacTypes.String("192.168.1.0/24", iacTypes.NewTestMetadata()), + iacTypes.String("fc00::/7", iacTypes.NewTestMetadata()), }, }, }, @@ -137,7 +137,7 @@ func Test_adaptFirewalls(t *testing.T) { `, expected: []compute.Firewall{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), OutboundRules: []compute.OutboundFirewallRule(nil), InboundRules: []compute.InboundFirewallRule(nil), }, @@ -178,12 +178,12 @@ func Test_adaptLoadBalancers(t *testing.T) { `, expected: []compute.LoadBalancer{ { - Metadata: defsecTypes.NewTestMetadata(), - RedirectHttpToHttps: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + RedirectHttpToHttps: iacTypes.Bool(true, iacTypes.NewTestMetadata()), ForwardingRules: []compute.ForwardingRule{ { - Metadata: defsecTypes.NewTestMetadata(), - EntryProtocol: defsecTypes.String("https", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EntryProtocol: iacTypes.String("https", iacTypes.NewTestMetadata()), }, }, }, @@ -197,7 +197,7 @@ func Test_adaptLoadBalancers(t *testing.T) { `, expected: []compute.LoadBalancer{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), ForwardingRules: nil, }, }, @@ -232,9 +232,9 @@ func Test_adaptKubernetesClusters(t *testing.T) { `, expected: []compute.KubernetesCluster{ { - Metadata: defsecTypes.NewTestMetadata(), - SurgeUpgrade: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - AutoUpgrade: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + SurgeUpgrade: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + AutoUpgrade: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, }, @@ -246,9 +246,9 @@ func Test_adaptKubernetesClusters(t *testing.T) { `, expected: []compute.KubernetesCluster{ { - Metadata: defsecTypes.NewTestMetadata(), - SurgeUpgrade: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - AutoUpgrade: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + SurgeUpgrade: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + AutoUpgrade: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/digitalocean/spaces/adapt.go b/pkg/iac/adapters/terraform/digitalocean/spaces/adapt.go index adb7dd7c931f..46d1f25fa386 100644 --- a/pkg/iac/adapters/terraform/digitalocean/spaces/adapt.go +++ b/pkg/iac/adapters/terraform/digitalocean/spaces/adapt.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/digitalocean/spaces" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) spaces.Spaces { @@ -28,7 +28,7 @@ func adaptBuckets(modules terraform.Modules) []spaces.Bucket { ForceDestroy: block.GetAttribute("force_destroy").AsBoolValueOrDefault(false, block), Versioning: spaces.Versioning{ Metadata: block.GetMetadata(), - Enabled: defsecTypes.BoolDefault(false, block.GetMetadata()), + Enabled: iacTypes.BoolDefault(false, block.GetMetadata()), }, } @@ -69,16 +69,16 @@ func adaptBuckets(modules terraform.Modules) []spaces.Bucket { } } bucketMap[uuid.NewString()] = spaces.Bucket{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - Name: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + Name: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), Objects: []spaces.Object{ object, }, - ACL: defsecTypes.StringDefault("private", defsecTypes.NewUnmanagedMetadata()), - ForceDestroy: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + ACL: iacTypes.StringDefault("private", iacTypes.NewUnmanagedMetadata()), + ForceDestroy: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), Versioning: spaces.Versioning{ Metadata: block.GetMetadata(), - Enabled: defsecTypes.BoolDefault(false, block.GetMetadata()), + Enabled: iacTypes.BoolDefault(false, block.GetMetadata()), }, } } diff --git a/pkg/iac/adapters/terraform/digitalocean/spaces/adapt_test.go b/pkg/iac/adapters/terraform/digitalocean/spaces/adapt_test.go index 623117c51661..bbe85a321505 100644 --- a/pkg/iac/adapters/terraform/digitalocean/spaces/adapt_test.go +++ b/pkg/iac/adapters/terraform/digitalocean/spaces/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/digitalocean/spaces" @@ -41,19 +41,19 @@ func Test_adaptBuckets(t *testing.T) { `, expected: []spaces.Bucket{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("public_space", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("public_space", iacTypes.NewTestMetadata()), Objects: []spaces.Object{ { - Metadata: defsecTypes.NewTestMetadata(), - ACL: defsecTypes.String("private", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ACL: iacTypes.String("private", iacTypes.NewTestMetadata()), }, }, - ACL: defsecTypes.String("private", defsecTypes.NewTestMetadata()), - ForceDestroy: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + ACL: iacTypes.String("private", iacTypes.NewTestMetadata()), + ForceDestroy: iacTypes.Bool(true, iacTypes.NewTestMetadata()), Versioning: spaces.Versioning{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, }, @@ -67,14 +67,14 @@ func Test_adaptBuckets(t *testing.T) { `, expected: []spaces.Bucket{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("", iacTypes.NewTestMetadata()), Objects: nil, - ACL: defsecTypes.String("public-read", defsecTypes.NewTestMetadata()), - ForceDestroy: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + ACL: iacTypes.String("public-read", iacTypes.NewTestMetadata()), + ForceDestroy: iacTypes.Bool(false, iacTypes.NewTestMetadata()), Versioning: spaces.Versioning{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/github/secrets/adapt_test.go b/pkg/iac/adapters/terraform/github/secrets/adapt_test.go index 30693158277a..61f49de8220a 100644 --- a/pkg/iac/adapters/terraform/github/secrets/adapt_test.go +++ b/pkg/iac/adapters/terraform/github/secrets/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/github" ) @@ -24,12 +24,12 @@ resource "github_actions_environment_secret" "example" { `, expected: []github.EnvironmentSecret{ { - Metadata: defsecTypes.NewTestMetadata(), - Environment: defsecTypes.String("", defsecTypes.NewTestMetadata()), - SecretName: defsecTypes.String("", defsecTypes.NewTestMetadata()), - PlainTextValue: defsecTypes.String("", defsecTypes.NewTestMetadata()), - EncryptedValue: defsecTypes.String("", defsecTypes.NewTestMetadata()), - Repository: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Environment: iacTypes.String("", iacTypes.NewTestMetadata()), + SecretName: iacTypes.String("", iacTypes.NewTestMetadata()), + PlainTextValue: iacTypes.String("", iacTypes.NewTestMetadata()), + EncryptedValue: iacTypes.String("", iacTypes.NewTestMetadata()), + Repository: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, }, @@ -46,12 +46,12 @@ resource "github_actions_environment_secret" "example" { `, expected: []github.EnvironmentSecret{ { - Metadata: defsecTypes.NewTestMetadata(), - SecretName: defsecTypes.String("a", defsecTypes.NewTestMetadata()), - PlainTextValue: defsecTypes.String("b", defsecTypes.NewTestMetadata()), - Environment: defsecTypes.String("c", defsecTypes.NewTestMetadata()), - EncryptedValue: defsecTypes.String("d", defsecTypes.NewTestMetadata()), - Repository: defsecTypes.String("e", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + SecretName: iacTypes.String("a", iacTypes.NewTestMetadata()), + PlainTextValue: iacTypes.String("b", iacTypes.NewTestMetadata()), + Environment: iacTypes.String("c", iacTypes.NewTestMetadata()), + EncryptedValue: iacTypes.String("d", iacTypes.NewTestMetadata()), + Repository: iacTypes.String("e", iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/google/bigquery/adapt_test.go b/pkg/iac/adapters/terraform/google/bigquery/adapt_test.go index bba83013088f..55d1b2ffa8c4 100644 --- a/pkg/iac/adapters/terraform/google/bigquery/adapt_test.go +++ b/pkg/iac/adapters/terraform/google/bigquery/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/google/bigquery" @@ -37,20 +37,20 @@ func Test_Adapt(t *testing.T) { expected: bigquery.BigQuery{ Datasets: []bigquery.Dataset{ { - Metadata: defsecTypes.NewTestMetadata(), - ID: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ID: iacTypes.String("", iacTypes.NewTestMetadata()), AccessGrants: []bigquery.AccessGrant{ { - Metadata: defsecTypes.NewTestMetadata(), - Role: defsecTypes.String("OWNER", defsecTypes.NewTestMetadata()), - Domain: defsecTypes.String("", defsecTypes.NewTestMetadata()), - SpecialGroup: defsecTypes.String(bigquery.SpecialGroupAllAuthenticatedUsers, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Role: iacTypes.String("OWNER", iacTypes.NewTestMetadata()), + Domain: iacTypes.String("", iacTypes.NewTestMetadata()), + SpecialGroup: iacTypes.String(bigquery.SpecialGroupAllAuthenticatedUsers, iacTypes.NewTestMetadata()), }, { - Metadata: defsecTypes.NewTestMetadata(), - Role: defsecTypes.String("READER", defsecTypes.NewTestMetadata()), - Domain: defsecTypes.String("hashicorp.com", defsecTypes.NewTestMetadata()), - SpecialGroup: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Role: iacTypes.String("READER", iacTypes.NewTestMetadata()), + Domain: iacTypes.String("hashicorp.com", iacTypes.NewTestMetadata()), + SpecialGroup: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, }, @@ -67,8 +67,8 @@ func Test_Adapt(t *testing.T) { expected: bigquery.BigQuery{ Datasets: []bigquery.Dataset{ { - Metadata: defsecTypes.NewTestMetadata(), - ID: defsecTypes.String("example_dataset", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ID: iacTypes.String("example_dataset", iacTypes.NewTestMetadata()), }, }, }, @@ -84,14 +84,14 @@ func Test_Adapt(t *testing.T) { expected: bigquery.BigQuery{ Datasets: []bigquery.Dataset{ { - Metadata: defsecTypes.NewTestMetadata(), - ID: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ID: iacTypes.String("", iacTypes.NewTestMetadata()), AccessGrants: []bigquery.AccessGrant{ { - Metadata: defsecTypes.NewTestMetadata(), - Role: defsecTypes.String("", defsecTypes.NewTestMetadata()), - Domain: defsecTypes.String("", defsecTypes.NewTestMetadata()), - SpecialGroup: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Role: iacTypes.String("", iacTypes.NewTestMetadata()), + Domain: iacTypes.String("", iacTypes.NewTestMetadata()), + SpecialGroup: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/google/compute/disks.go b/pkg/iac/adapters/terraform/google/compute/disks.go index ada59876de6b..e9b2874a8130 100644 --- a/pkg/iac/adapters/terraform/google/compute/disks.go +++ b/pkg/iac/adapters/terraform/google/compute/disks.go @@ -3,7 +3,7 @@ package compute import ( "github.com/aquasecurity/trivy/pkg/iac/providers/google/compute" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptDisks(modules terraform.Modules) (disks []compute.Disk) { @@ -14,8 +14,8 @@ func adaptDisks(modules terraform.Modules) (disks []compute.Disk) { Name: diskBlock.GetAttribute("name").AsStringValueOrDefault("", diskBlock), Encryption: compute.DiskEncryption{ Metadata: diskBlock.GetMetadata(), - RawKey: defsecTypes.BytesDefault(nil, diskBlock.GetMetadata()), - KMSKeyLink: defsecTypes.StringDefault("", diskBlock.GetMetadata()), + RawKey: iacTypes.BytesDefault(nil, diskBlock.GetMetadata()), + KMSKeyLink: iacTypes.StringDefault("", diskBlock.GetMetadata()), }, } if encBlock := diskBlock.GetBlock("disk_encryption_key"); encBlock.IsNotNil() { @@ -25,7 +25,7 @@ func adaptDisks(modules terraform.Modules) (disks []compute.Disk) { if kmsKeyAttr.IsResourceBlockReference("google_kms_crypto_key") { if kmsKeyBlock, err := modules.GetReferencedBlock(kmsKeyAttr, encBlock); err == nil { - disk.Encryption.KMSKeyLink = defsecTypes.String(kmsKeyBlock.FullName(), kmsKeyAttr.GetMetadata()) + disk.Encryption.KMSKeyLink = iacTypes.String(kmsKeyBlock.FullName(), kmsKeyAttr.GetMetadata()) } } diff --git a/pkg/iac/adapters/terraform/google/compute/disks_test.go b/pkg/iac/adapters/terraform/google/compute/disks_test.go index e454536227a6..0036e11a0163 100644 --- a/pkg/iac/adapters/terraform/google/compute/disks_test.go +++ b/pkg/iac/adapters/terraform/google/compute/disks_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/google/compute" ) @@ -37,20 +37,20 @@ func Test_adaptDisks(t *testing.T) { `, expected: []compute.Disk{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("disk #1", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("disk #1", iacTypes.NewTestMetadata()), Encryption: compute.DiskEncryption{ - Metadata: defsecTypes.NewTestMetadata(), - KMSKeyLink: defsecTypes.String("something", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + KMSKeyLink: iacTypes.String("something", iacTypes.NewTestMetadata()), }, }, { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("disk #2", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("disk #2", iacTypes.NewTestMetadata()), Encryption: compute.DiskEncryption{ - Metadata: defsecTypes.NewTestMetadata(), - KMSKeyLink: defsecTypes.String("", defsecTypes.NewTestMetadata()), - RawKey: defsecTypes.Bytes([]byte("b2ggbm8gdGhpcyBpcyBiYWQ"), defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + KMSKeyLink: iacTypes.String("", iacTypes.NewTestMetadata()), + RawKey: iacTypes.Bytes([]byte("b2ggbm8gdGhpcyBpcyBiYWQ"), iacTypes.NewTestMetadata()), }, }, }, @@ -71,11 +71,11 @@ func Test_adaptDisks(t *testing.T) { }`, expected: []compute.Disk{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("disk #3", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("disk #3", iacTypes.NewTestMetadata()), Encryption: compute.DiskEncryption{ - Metadata: defsecTypes.NewTestMetadata(), - KMSKeyLink: defsecTypes.String("google_kms_crypto_key.my_crypto_key", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + KMSKeyLink: iacTypes.String("google_kms_crypto_key.my_crypto_key", iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/google/compute/instances.go b/pkg/iac/adapters/terraform/google/compute/instances.go index 4794071e5bdd..96115db9bd9f 100644 --- a/pkg/iac/adapters/terraform/google/compute/instances.go +++ b/pkg/iac/adapters/terraform/google/compute/instances.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/google/compute" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptInstances(modules terraform.Modules) (instances []compute.Instance) { @@ -17,20 +17,20 @@ func adaptInstances(modules terraform.Modules) (instances []compute.Instance) { Name: instanceBlock.GetAttribute("name").AsStringValueOrDefault("", instanceBlock), ShieldedVM: compute.ShieldedVMConfig{ Metadata: instanceBlock.GetMetadata(), - SecureBootEnabled: defsecTypes.BoolDefault(false, instanceBlock.GetMetadata()), - IntegrityMonitoringEnabled: defsecTypes.BoolDefault(false, instanceBlock.GetMetadata()), - VTPMEnabled: defsecTypes.BoolDefault(false, instanceBlock.GetMetadata()), + SecureBootEnabled: iacTypes.BoolDefault(false, instanceBlock.GetMetadata()), + IntegrityMonitoringEnabled: iacTypes.BoolDefault(false, instanceBlock.GetMetadata()), + VTPMEnabled: iacTypes.BoolDefault(false, instanceBlock.GetMetadata()), }, ServiceAccount: compute.ServiceAccount{ Metadata: instanceBlock.GetMetadata(), - Email: defsecTypes.StringDefault("", instanceBlock.GetMetadata()), - IsDefault: defsecTypes.BoolDefault(false, instanceBlock.GetMetadata()), + Email: iacTypes.StringDefault("", instanceBlock.GetMetadata()), + IsDefault: iacTypes.BoolDefault(false, instanceBlock.GetMetadata()), Scopes: nil, }, CanIPForward: instanceBlock.GetAttribute("can_ip_forward").AsBoolValueOrDefault(false, instanceBlock), - OSLoginEnabled: defsecTypes.BoolDefault(true, instanceBlock.GetMetadata()), - EnableProjectSSHKeyBlocking: defsecTypes.BoolDefault(false, instanceBlock.GetMetadata()), - EnableSerialPort: defsecTypes.BoolDefault(false, instanceBlock.GetMetadata()), + OSLoginEnabled: iacTypes.BoolDefault(true, instanceBlock.GetMetadata()), + EnableProjectSSHKeyBlocking: iacTypes.BoolDefault(false, instanceBlock.GetMetadata()), + EnableSerialPort: iacTypes.BoolDefault(false, instanceBlock.GetMetadata()), NetworkInterfaces: nil, BootDisks: nil, AttachedDisks: nil, @@ -42,11 +42,11 @@ func adaptInstances(modules terraform.Modules) (instances []compute.Instance) { Metadata: networkInterfaceBlock.GetMetadata(), Network: nil, SubNetwork: nil, - HasPublicIP: defsecTypes.BoolDefault(false, networkInterfaceBlock.GetMetadata()), - NATIP: defsecTypes.StringDefault("", networkInterfaceBlock.GetMetadata()), + HasPublicIP: iacTypes.BoolDefault(false, networkInterfaceBlock.GetMetadata()), + NATIP: iacTypes.StringDefault("", networkInterfaceBlock.GetMetadata()), } if accessConfigBlock := networkInterfaceBlock.GetBlock("access_config"); accessConfigBlock.IsNotNil() { - ni.HasPublicIP = defsecTypes.Bool(true, accessConfigBlock.GetMetadata()) + ni.HasPublicIP = iacTypes.Bool(true, accessConfigBlock.GetMetadata()) } instance.NetworkInterfaces = append(instance.NetworkInterfaces, ni) } @@ -62,13 +62,13 @@ func adaptInstances(modules terraform.Modules) (instances []compute.Instance) { // metadata if metadataAttr := instanceBlock.GetAttribute("metadata"); metadataAttr.IsNotNil() { if val := metadataAttr.MapValue("enable-oslogin"); val.Type() == cty.Bool { - instance.OSLoginEnabled = defsecTypes.BoolExplicit(val.True(), metadataAttr.GetMetadata()) + instance.OSLoginEnabled = iacTypes.BoolExplicit(val.True(), metadataAttr.GetMetadata()) } if val := metadataAttr.MapValue("block-project-ssh-keys"); val.Type() == cty.Bool { - instance.EnableProjectSSHKeyBlocking = defsecTypes.BoolExplicit(val.True(), metadataAttr.GetMetadata()) + instance.EnableProjectSSHKeyBlocking = iacTypes.BoolExplicit(val.True(), metadataAttr.GetMetadata()) } if val := metadataAttr.MapValue("serial-port-enable"); val.Type() == cty.Bool { - instance.EnableSerialPort = defsecTypes.BoolExplicit(val.True(), metadataAttr.GetMetadata()) + instance.EnableSerialPort = iacTypes.BoolExplicit(val.True(), metadataAttr.GetMetadata()) } } @@ -103,12 +103,12 @@ func adaptInstances(modules terraform.Modules) (instances []compute.Instance) { instance.ServiceAccount.Email = emailAttr.AsStringValueOrDefault("", serviceAccountBlock) if instance.ServiceAccount.Email.IsEmpty() || instance.ServiceAccount.Email.EndsWith("-compute@developer.gserviceaccount.com") { - instance.ServiceAccount.IsDefault = defsecTypes.Bool(true, serviceAccountBlock.GetMetadata()) + instance.ServiceAccount.IsDefault = iacTypes.Bool(true, serviceAccountBlock.GetMetadata()) } if emailAttr.IsResourceBlockReference("google_service_account") { if accBlock, err := modules.GetReferencedBlock(emailAttr, instanceBlock); err == nil { - instance.ServiceAccount.IsDefault = defsecTypes.Bool(false, serviceAccountBlock.GetMetadata()) + instance.ServiceAccount.IsDefault = iacTypes.Bool(false, serviceAccountBlock.GetMetadata()) instance.ServiceAccount.Email = accBlock.GetAttribute("email").AsStringValueOrDefault("", accBlock) } } diff --git a/pkg/iac/adapters/terraform/google/compute/instances_test.go b/pkg/iac/adapters/terraform/google/compute/instances_test.go index e004eff3cc1c..5f1105df742f 100644 --- a/pkg/iac/adapters/terraform/google/compute/instances_test.go +++ b/pkg/iac/adapters/terraform/google/compute/instances_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/google/compute" ) @@ -58,41 +58,41 @@ func Test_adaptInstances(t *testing.T) { `, expected: []compute.Instance{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("test", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("test", iacTypes.NewTestMetadata()), NetworkInterfaces: []compute.NetworkInterface{ { - Metadata: defsecTypes.NewTestMetadata(), - HasPublicIP: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - NATIP: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + HasPublicIP: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + NATIP: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, ShieldedVM: compute.ShieldedVMConfig{ - Metadata: defsecTypes.NewTestMetadata(), - SecureBootEnabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - IntegrityMonitoringEnabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - VTPMEnabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + SecureBootEnabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + IntegrityMonitoringEnabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + VTPMEnabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, ServiceAccount: compute.ServiceAccount{ - Metadata: defsecTypes.NewTestMetadata(), - Email: defsecTypes.String("", defsecTypes.NewTestMetadata()), - Scopes: []defsecTypes.StringValue{ - defsecTypes.String("cloud-platform", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Email: iacTypes.String("", iacTypes.NewTestMetadata()), + Scopes: []iacTypes.StringValue{ + iacTypes.String("cloud-platform", iacTypes.NewTestMetadata()), }, - IsDefault: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + IsDefault: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, - CanIPForward: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - OSLoginEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - EnableProjectSSHKeyBlocking: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - EnableSerialPort: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + CanIPForward: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + OSLoginEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + EnableProjectSSHKeyBlocking: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + EnableSerialPort: iacTypes.Bool(true, iacTypes.NewTestMetadata()), BootDisks: []compute.Disk{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("boot-disk", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("boot-disk", iacTypes.NewTestMetadata()), Encryption: compute.DiskEncryption{ - Metadata: defsecTypes.NewTestMetadata(), - KMSKeyLink: defsecTypes.String("something", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + KMSKeyLink: iacTypes.String("something", iacTypes.NewTestMetadata()), }, }, }, @@ -107,23 +107,23 @@ func Test_adaptInstances(t *testing.T) { `, expected: []compute.Instance{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("", iacTypes.NewTestMetadata()), ShieldedVM: compute.ShieldedVMConfig{ - Metadata: defsecTypes.NewTestMetadata(), - SecureBootEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - IntegrityMonitoringEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - VTPMEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + SecureBootEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + IntegrityMonitoringEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + VTPMEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, ServiceAccount: compute.ServiceAccount{ - Metadata: defsecTypes.NewTestMetadata(), - Email: defsecTypes.String("", defsecTypes.NewTestMetadata()), - IsDefault: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Email: iacTypes.String("", iacTypes.NewTestMetadata()), + IsDefault: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, - CanIPForward: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - OSLoginEnabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - EnableProjectSSHKeyBlocking: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - EnableSerialPort: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + CanIPForward: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + OSLoginEnabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + EnableProjectSSHKeyBlocking: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + EnableSerialPort: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, @@ -136,23 +136,23 @@ func Test_adaptInstances(t *testing.T) { `, expected: []compute.Instance{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("", iacTypes.NewTestMetadata()), ShieldedVM: compute.ShieldedVMConfig{ - Metadata: defsecTypes.NewTestMetadata(), - SecureBootEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - IntegrityMonitoringEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - VTPMEnabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + SecureBootEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + IntegrityMonitoringEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + VTPMEnabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, ServiceAccount: compute.ServiceAccount{ - Metadata: defsecTypes.NewTestMetadata(), - Email: defsecTypes.String("", defsecTypes.NewTestMetadata()), - IsDefault: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Email: iacTypes.String("", iacTypes.NewTestMetadata()), + IsDefault: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, - CanIPForward: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - OSLoginEnabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - EnableProjectSSHKeyBlocking: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - EnableSerialPort: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + CanIPForward: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + OSLoginEnabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + EnableProjectSSHKeyBlocking: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + EnableSerialPort: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/google/compute/metadata.go b/pkg/iac/adapters/terraform/google/compute/metadata.go index a38c6b04beb0..0a0891d2bbf5 100644 --- a/pkg/iac/adapters/terraform/google/compute/metadata.go +++ b/pkg/iac/adapters/terraform/google/compute/metadata.go @@ -5,21 +5,21 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/google/compute" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptProjectMetadata(modules terraform.Modules) compute.ProjectMetadata { metadata := compute.ProjectMetadata{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - EnableOSLogin: defsecTypes.BoolUnresolvable( - defsecTypes.NewUnmanagedMetadata(), + Metadata: iacTypes.NewUnmanagedMetadata(), + EnableOSLogin: iacTypes.BoolUnresolvable( + iacTypes.NewUnmanagedMetadata(), ), } for _, metadataBlock := range modules.GetResourcesByType("google_compute_project_metadata") { metadata.Metadata = metadataBlock.GetMetadata() if metadataAttr := metadataBlock.GetAttribute("metadata"); metadataAttr.IsNotNil() { if val := metadataAttr.MapValue("enable-oslogin"); val.Type() == cty.Bool { - metadata.EnableOSLogin = defsecTypes.BoolExplicit(val.True(), metadataAttr.GetMetadata()) + metadata.EnableOSLogin = iacTypes.BoolExplicit(val.True(), metadataAttr.GetMetadata()) } } } diff --git a/pkg/iac/adapters/terraform/google/compute/metadata_test.go b/pkg/iac/adapters/terraform/google/compute/metadata_test.go index 02ee526f2712..9a3b38abedac 100644 --- a/pkg/iac/adapters/terraform/google/compute/metadata_test.go +++ b/pkg/iac/adapters/terraform/google/compute/metadata_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/google/compute" ) @@ -26,8 +26,8 @@ func Test_adaptProjectMetadata(t *testing.T) { } `, expected: compute.ProjectMetadata{ - Metadata: defsecTypes.NewTestMetadata(), - EnableOSLogin: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnableOSLogin: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, { @@ -39,8 +39,8 @@ func Test_adaptProjectMetadata(t *testing.T) { } `, expected: compute.ProjectMetadata{ - Metadata: defsecTypes.NewTestMetadata(), - EnableOSLogin: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnableOSLogin: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, } diff --git a/pkg/iac/adapters/terraform/google/compute/networks.go b/pkg/iac/adapters/terraform/google/compute/networks.go index 6f7ac6f124a3..ea3c9cb97a5f 100644 --- a/pkg/iac/adapters/terraform/google/compute/networks.go +++ b/pkg/iac/adapters/terraform/google/compute/networks.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/google/compute" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) const ( @@ -32,12 +32,12 @@ func adaptNetworks(modules terraform.Modules) (networks []compute.Network) { Metadata: subnetworkBlock.GetMetadata(), Name: subnetworkBlock.GetAttribute("name").AsStringValueOrDefault("", subnetworkBlock), Purpose: subnetworkBlock.GetAttribute("purpose").AsStringValueOrDefault(defaultSubnetPurpose, subnetworkBlock), - EnableFlowLogs: defsecTypes.BoolDefault(false, subnetworkBlock.GetMetadata()), + EnableFlowLogs: iacTypes.BoolDefault(false, subnetworkBlock.GetMetadata()), } // logging if logConfigBlock := subnetworkBlock.GetBlock("log_config"); logConfigBlock.IsNotNil() { - subnetwork.EnableFlowLogs = defsecTypes.BoolExplicit(true, logConfigBlock.GetMetadata()) + subnetwork.EnableFlowLogs = iacTypes.BoolExplicit(true, logConfigBlock.GetMetadata()) } nwAttr := subnetworkBlock.GetAttribute("network") @@ -52,7 +52,7 @@ func adaptNetworks(modules terraform.Modules) (networks []compute.Network) { } placeholder := compute.Network{ - Metadata: defsecTypes.NewUnmanagedMetadata(), + Metadata: iacTypes.NewUnmanagedMetadata(), Firewall: nil, Subnetworks: nil, } @@ -90,7 +90,7 @@ func adaptNetworks(modules terraform.Modules) (networks []compute.Network) { } placeholder := compute.Network{ - Metadata: defsecTypes.NewUnmanagedMetadata(), + Metadata: iacTypes.NewUnmanagedMetadata(), Firewall: nil, Subnetworks: nil, } @@ -105,15 +105,15 @@ func adaptNetworks(modules terraform.Modules) (networks []compute.Network) { return networks } -func expandRange(ports string, attr *terraform.Attribute) []defsecTypes.IntValue { +func expandRange(ports string, attr *terraform.Attribute) []iacTypes.IntValue { ports = strings.ReplaceAll(ports, " ", "") if !strings.Contains(ports, "-") { i, err := strconv.Atoi(ports) if err != nil { return nil } - return []defsecTypes.IntValue{ - defsecTypes.Int(i, attr.GetMetadata()), + return []iacTypes.IntValue{ + iacTypes.Int(i, attr.GetMetadata()), } } parts := strings.Split(ports, "-") @@ -128,9 +128,9 @@ func expandRange(ports string, attr *terraform.Attribute) []defsecTypes.IntValue if err != nil { return nil } - var output []defsecTypes.IntValue + var output []iacTypes.IntValue for i := start; i <= end; i++ { - output = append(output, defsecTypes.Int(i, attr.GetMetadata())) + output = append(output, iacTypes.Int(i, attr.GetMetadata())) } return output } @@ -139,7 +139,7 @@ func adaptFirewallRule(firewall *compute.Firewall, firewallBlock, ruleBlock *ter protocolAttr := ruleBlock.GetAttribute("protocol") portsAttr := ruleBlock.GetAttribute("ports") - var ports []defsecTypes.IntValue + var ports []iacTypes.IntValue rawPorts := portsAttr.AsStringValues() for _, portStr := range rawPorts { ports = append(ports, expandRange(portStr.Value(), portsAttr)...) @@ -150,8 +150,8 @@ func adaptFirewallRule(firewall *compute.Firewall, firewallBlock, ruleBlock *ter rule := compute.FirewallRule{ Metadata: firewallBlock.GetMetadata(), - Enforced: defsecTypes.BoolDefault(true, firewallBlock.GetMetadata()), - IsAllow: defsecTypes.Bool(allow, ruleBlock.GetMetadata()), + Enforced: iacTypes.BoolDefault(true, firewallBlock.GetMetadata()), + IsAllow: iacTypes.Bool(allow, ruleBlock.GetMetadata()), Protocol: protocolAttr.AsStringValueOrDefault("tcp", ruleBlock), Ports: ports, } @@ -159,20 +159,20 @@ func adaptFirewallRule(firewall *compute.Firewall, firewallBlock, ruleBlock *ter disabledAttr := firewallBlock.GetAttribute("disabled") switch { case disabledAttr.IsNil(): - rule.Enforced = defsecTypes.BoolDefault(true, firewallBlock.GetMetadata()) + rule.Enforced = iacTypes.BoolDefault(true, firewallBlock.GetMetadata()) case disabledAttr.IsTrue(): - rule.Enforced = defsecTypes.Bool(false, disabledAttr.GetMetadata()) + rule.Enforced = iacTypes.Bool(false, disabledAttr.GetMetadata()) default: - rule.Enforced = defsecTypes.Bool(true, disabledAttr.GetMetadata()) + rule.Enforced = iacTypes.Bool(true, disabledAttr.GetMetadata()) } if isEgress { - var destinations []defsecTypes.StringValue + var destinations []iacTypes.StringValue if destinationAttr := firewallBlock.GetAttribute("destination_ranges"); destinationAttr.IsNotNil() { destinations = append(destinations, destinationAttr.AsStringValues()...) } if len(destinations) == 0 { - destinations = append(destinations, defsecTypes.StringDefault("0.0.0.0/0", firewallBlock.GetMetadata())) + destinations = append(destinations, iacTypes.StringDefault("0.0.0.0/0", firewallBlock.GetMetadata())) } firewall.EgressRules = append(firewall.EgressRules, compute.EgressRule{ Metadata: firewallBlock.GetMetadata(), @@ -180,12 +180,12 @@ func adaptFirewallRule(firewall *compute.Firewall, firewallBlock, ruleBlock *ter DestinationRanges: destinations, }) } else { - var sources []defsecTypes.StringValue + var sources []iacTypes.StringValue if sourceAttr := firewallBlock.GetAttribute("source_ranges"); sourceAttr.IsNotNil() { sources = append(sources, sourceAttr.AsStringValues()...) } if len(sources) == 0 { - sources = append(sources, defsecTypes.StringDefault("0.0.0.0/0", firewallBlock.GetMetadata())) + sources = append(sources, iacTypes.StringDefault("0.0.0.0/0", firewallBlock.GetMetadata())) } firewall.IngressRules = append(firewall.IngressRules, compute.IngressRule{ Metadata: firewallBlock.GetMetadata(), diff --git a/pkg/iac/adapters/terraform/google/compute/networks_test.go b/pkg/iac/adapters/terraform/google/compute/networks_test.go index 522e52eb2206..1a40a597dcf3 100644 --- a/pkg/iac/adapters/terraform/google/compute/networks_test.go +++ b/pkg/iac/adapters/terraform/google/compute/networks_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/google/compute" ) @@ -46,35 +46,35 @@ func Test_adaptNetworks(t *testing.T) { `, expected: []compute.Network{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Firewall: &compute.Firewall{ - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("my-firewall-rule", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("my-firewall-rule", iacTypes.NewTestMetadata()), IngressRules: []compute.IngressRule{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), FirewallRule: compute.FirewallRule{ - Metadata: defsecTypes.NewTestMetadata(), - IsAllow: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - Protocol: defsecTypes.String("icmp", defsecTypes.NewTestMetadata()), - Enforced: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - Ports: []defsecTypes.IntValue{ - defsecTypes.Int(80, defsecTypes.NewTestMetadata()), - defsecTypes.Int(8080, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + IsAllow: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + Protocol: iacTypes.String("icmp", iacTypes.NewTestMetadata()), + Enforced: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + Ports: []iacTypes.IntValue{ + iacTypes.Int(80, iacTypes.NewTestMetadata()), + iacTypes.Int(8080, iacTypes.NewTestMetadata()), }, }, - SourceRanges: []defsecTypes.StringValue{ - defsecTypes.String("1.2.3.4/32", defsecTypes.NewTestMetadata()), + SourceRanges: []iacTypes.StringValue{ + iacTypes.String("1.2.3.4/32", iacTypes.NewTestMetadata()), }, }, }, }, Subnetworks: []compute.SubNetwork{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("test-subnetwork", defsecTypes.NewTestMetadata()), - EnableFlowLogs: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - Purpose: defsecTypes.StringDefault("PRIVATE_RFC_1918", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("test-subnetwork", iacTypes.NewTestMetadata()), + EnableFlowLogs: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + Purpose: iacTypes.StringDefault("PRIVATE_RFC_1918", iacTypes.NewTestMetadata()), }, }, }, @@ -97,17 +97,17 @@ func Test_adaptNetworks(t *testing.T) { `, expected: []compute.Network{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Firewall: &compute.Firewall{ - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("", iacTypes.NewTestMetadata()), }, Subnetworks: []compute.SubNetwork{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("", defsecTypes.NewTestMetadata()), - EnableFlowLogs: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - Purpose: defsecTypes.String("REGIONAL_MANAGED_PROXY", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("", iacTypes.NewTestMetadata()), + EnableFlowLogs: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + Purpose: iacTypes.String("REGIONAL_MANAGED_PROXY", iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/google/compute/ssl_test.go b/pkg/iac/adapters/terraform/google/compute/ssl_test.go index aaa687136e4c..30cecdba34f3 100644 --- a/pkg/iac/adapters/terraform/google/compute/ssl_test.go +++ b/pkg/iac/adapters/terraform/google/compute/ssl_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/google/compute" ) @@ -27,10 +27,10 @@ func Test_adaptSSLPolicies(t *testing.T) { `, expected: []compute.SSLPolicy{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("production-ssl-policy", defsecTypes.NewTestMetadata()), - Profile: defsecTypes.String("MODERN", defsecTypes.NewTestMetadata()), - MinimumTLSVersion: defsecTypes.String("TLS_1_2", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("production-ssl-policy", iacTypes.NewTestMetadata()), + Profile: iacTypes.String("MODERN", iacTypes.NewTestMetadata()), + MinimumTLSVersion: iacTypes.String("TLS_1_2", iacTypes.NewTestMetadata()), }, }, }, @@ -42,10 +42,10 @@ func Test_adaptSSLPolicies(t *testing.T) { `, expected: []compute.SSLPolicy{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("", defsecTypes.NewTestMetadata()), - Profile: defsecTypes.String("", defsecTypes.NewTestMetadata()), - MinimumTLSVersion: defsecTypes.String("TLS_1_0", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("", iacTypes.NewTestMetadata()), + Profile: iacTypes.String("", iacTypes.NewTestMetadata()), + MinimumTLSVersion: iacTypes.String("TLS_1_0", iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/google/dns/adapt.go b/pkg/iac/adapters/terraform/google/dns/adapt.go index fcc485f765b0..d01ac23d2aa2 100644 --- a/pkg/iac/adapters/terraform/google/dns/adapt.go +++ b/pkg/iac/adapters/terraform/google/dns/adapt.go @@ -3,7 +3,7 @@ package dns import ( "github.com/aquasecurity/trivy/pkg/iac/providers/google/dns" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) dns.DNS { @@ -36,7 +36,7 @@ func adaptDNSSec(b *terraform.Block) dns.DNSSec { if DNSSecBlock.IsNil() { return dns.DNSSec{ Metadata: b.GetMetadata(), - Enabled: defsecTypes.BoolDefault(false, b.GetMetadata()), + Enabled: iacTypes.BoolDefault(false, b.GetMetadata()), } } @@ -44,7 +44,7 @@ func adaptDNSSec(b *terraform.Block) dns.DNSSec { DNSSec := dns.DNSSec{ Metadata: DNSSecBlock.GetMetadata(), - Enabled: defsecTypes.Bool(stateAttr.Equals("on"), stateAttr.GetMetadata()), + Enabled: iacTypes.Bool(stateAttr.Equals("on"), stateAttr.GetMetadata()), DefaultKeySpecs: adaptKeySpecs(DNSSecBlock), } diff --git a/pkg/iac/adapters/terraform/google/dns/adapt_test.go b/pkg/iac/adapters/terraform/google/dns/adapt_test.go index d1712b1cfbe8..60974fb01df1 100644 --- a/pkg/iac/adapters/terraform/google/dns/adapt_test.go +++ b/pkg/iac/adapters/terraform/google/dns/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/google/dns" @@ -45,20 +45,20 @@ resource "google_dns_managed_zone" "example" { expected: dns.DNS{ ManagedZones: []dns.ManagedZone{ { - Metadata: defsecTypes.NewTestMetadata(), - Visibility: defsecTypes.String("public", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Visibility: iacTypes.String("public", iacTypes.NewTestMetadata()), DNSSec: dns.DNSSec{ - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), DefaultKeySpecs: []dns.KeySpecs{ { - Metadata: defsecTypes.NewTestMetadata(), - Algorithm: defsecTypes.String("rsasha1", defsecTypes.NewTestMetadata()), - KeyType: defsecTypes.String("keySigning", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Algorithm: iacTypes.String("rsasha1", iacTypes.NewTestMetadata()), + KeyType: iacTypes.String("keySigning", iacTypes.NewTestMetadata()), }, { - Metadata: defsecTypes.NewTestMetadata(), - Algorithm: defsecTypes.String("rsasha1", defsecTypes.NewTestMetadata()), - KeyType: defsecTypes.String("zoneSigning", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Algorithm: iacTypes.String("rsasha1", iacTypes.NewTestMetadata()), + KeyType: iacTypes.String("zoneSigning", iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/google/gke/adapt.go b/pkg/iac/adapters/terraform/google/gke/adapt.go index 95ad22064911..ded8f1d193a5 100644 --- a/pkg/iac/adapters/terraform/google/gke/adapt.go +++ b/pkg/iac/adapters/terraform/google/gke/adapt.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/google/gke" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) gke.GKE { @@ -53,54 +53,54 @@ func (a *adapter) adaptCluster(resource *terraform.Block, module *terraform.Modu NodePools: nil, IPAllocationPolicy: gke.IPAllocationPolicy{ Metadata: resource.GetMetadata(), - Enabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), + Enabled: iacTypes.BoolDefault(false, resource.GetMetadata()), }, MasterAuthorizedNetworks: gke.MasterAuthorizedNetworks{ Metadata: resource.GetMetadata(), - Enabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), - CIDRs: []defsecTypes.StringValue{}, + Enabled: iacTypes.BoolDefault(false, resource.GetMetadata()), + CIDRs: []iacTypes.StringValue{}, }, NetworkPolicy: gke.NetworkPolicy{ Metadata: resource.GetMetadata(), - Enabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), + Enabled: iacTypes.BoolDefault(false, resource.GetMetadata()), }, DatapathProvider: resource.GetAttribute("datapath_provider"). AsStringValueOrDefault("DATAPATH_PROVIDER_UNSPECIFIED", resource), PrivateCluster: gke.PrivateCluster{ Metadata: resource.GetMetadata(), - EnablePrivateNodes: defsecTypes.BoolDefault(false, resource.GetMetadata()), + EnablePrivateNodes: iacTypes.BoolDefault(false, resource.GetMetadata()), }, - LoggingService: defsecTypes.StringDefault("logging.googleapis.com/kubernetes", resource.GetMetadata()), - MonitoringService: defsecTypes.StringDefault("monitoring.googleapis.com/kubernetes", resource.GetMetadata()), + LoggingService: iacTypes.StringDefault("logging.googleapis.com/kubernetes", resource.GetMetadata()), + MonitoringService: iacTypes.StringDefault("monitoring.googleapis.com/kubernetes", resource.GetMetadata()), MasterAuth: gke.MasterAuth{ Metadata: resource.GetMetadata(), ClientCertificate: gke.ClientCertificate{ Metadata: resource.GetMetadata(), - IssueCertificate: defsecTypes.BoolDefault(false, resource.GetMetadata()), + IssueCertificate: iacTypes.BoolDefault(false, resource.GetMetadata()), }, - Username: defsecTypes.StringDefault("", resource.GetMetadata()), - Password: defsecTypes.StringDefault("", resource.GetMetadata()), + Username: iacTypes.StringDefault("", resource.GetMetadata()), + Password: iacTypes.StringDefault("", resource.GetMetadata()), }, NodeConfig: gke.NodeConfig{ Metadata: resource.GetMetadata(), - ImageType: defsecTypes.StringDefault("", resource.GetMetadata()), + ImageType: iacTypes.StringDefault("", resource.GetMetadata()), WorkloadMetadataConfig: gke.WorkloadMetadataConfig{ Metadata: resource.GetMetadata(), - NodeMetadata: defsecTypes.StringDefault("", resource.GetMetadata()), + NodeMetadata: iacTypes.StringDefault("", resource.GetMetadata()), }, - ServiceAccount: defsecTypes.StringDefault("", resource.GetMetadata()), - EnableLegacyEndpoints: defsecTypes.BoolDefault(true, resource.GetMetadata()), + ServiceAccount: iacTypes.StringDefault("", resource.GetMetadata()), + EnableLegacyEndpoints: iacTypes.BoolDefault(true, resource.GetMetadata()), }, - EnableShieldedNodes: defsecTypes.BoolDefault(true, resource.GetMetadata()), - EnableLegacyABAC: defsecTypes.BoolDefault(false, resource.GetMetadata()), - ResourceLabels: defsecTypes.MapDefault(make(map[string]string), resource.GetMetadata()), - RemoveDefaultNodePool: defsecTypes.BoolDefault(false, resource.GetMetadata()), - EnableAutpilot: defsecTypes.BoolDefault(false, resource.GetMetadata()), + EnableShieldedNodes: iacTypes.BoolDefault(true, resource.GetMetadata()), + EnableLegacyABAC: iacTypes.BoolDefault(false, resource.GetMetadata()), + ResourceLabels: iacTypes.MapDefault(make(map[string]string), resource.GetMetadata()), + RemoveDefaultNodePool: iacTypes.BoolDefault(false, resource.GetMetadata()), + EnableAutpilot: iacTypes.BoolDefault(false, resource.GetMetadata()), } if allocBlock := resource.GetBlock("ip_allocation_policy"); allocBlock.IsNotNil() { cluster.IPAllocationPolicy.Metadata = allocBlock.GetMetadata() - cluster.IPAllocationPolicy.Enabled = defsecTypes.Bool(true, allocBlock.GetMetadata()) + cluster.IPAllocationPolicy.Enabled = iacTypes.Bool(true, allocBlock.GetMetadata()) } if blocks := resource.GetBlocks("master_authorized_networks_config"); len(blocks) > 0 { @@ -161,19 +161,19 @@ func (a *adapter) adaptNodePools() { func (a *adapter) adaptNodePool(resource *terraform.Block) { nodeConfig := gke.NodeConfig{ Metadata: resource.GetMetadata(), - ImageType: defsecTypes.StringDefault("", resource.GetMetadata()), + ImageType: iacTypes.StringDefault("", resource.GetMetadata()), WorkloadMetadataConfig: gke.WorkloadMetadataConfig{ Metadata: resource.GetMetadata(), - NodeMetadata: defsecTypes.StringDefault("", resource.GetMetadata()), + NodeMetadata: iacTypes.StringDefault("", resource.GetMetadata()), }, - ServiceAccount: defsecTypes.StringDefault("", resource.GetMetadata()), - EnableLegacyEndpoints: defsecTypes.BoolDefault(true, resource.GetMetadata()), + ServiceAccount: iacTypes.StringDefault("", resource.GetMetadata()), + EnableLegacyEndpoints: iacTypes.BoolDefault(true, resource.GetMetadata()), } management := gke.Management{ Metadata: resource.GetMetadata(), - EnableAutoRepair: defsecTypes.BoolDefault(false, resource.GetMetadata()), - EnableAutoUpgrade: defsecTypes.BoolDefault(false, resource.GetMetadata()), + EnableAutoRepair: iacTypes.BoolDefault(false, resource.GetMetadata()), + EnableAutoUpgrade: iacTypes.BoolDefault(false, resource.GetMetadata()), } if resource.HasChild("management") { @@ -209,51 +209,51 @@ func (a *adapter) adaptNodePool(resource *terraform.Block) { // we didn't find a cluster to put the nodepool in, so create a placeholder a.clusterMap[uuid.NewString()] = gke.Cluster{ - Metadata: defsecTypes.NewUnmanagedMetadata(), + Metadata: iacTypes.NewUnmanagedMetadata(), NodePools: []gke.NodePool{nodePool}, IPAllocationPolicy: gke.IPAllocationPolicy{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - Enabled: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + Enabled: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), }, MasterAuthorizedNetworks: gke.MasterAuthorizedNetworks{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - Enabled: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + Enabled: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), CIDRs: nil, }, NetworkPolicy: gke.NetworkPolicy{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - Enabled: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + Enabled: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), }, PrivateCluster: gke.PrivateCluster{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - EnablePrivateNodes: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + EnablePrivateNodes: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), }, - LoggingService: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), - MonitoringService: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), + LoggingService: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + MonitoringService: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), MasterAuth: gke.MasterAuth{ - Metadata: defsecTypes.NewUnmanagedMetadata(), + Metadata: iacTypes.NewUnmanagedMetadata(), ClientCertificate: gke.ClientCertificate{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - IssueCertificate: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + IssueCertificate: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), }, - Username: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), - Password: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), + Username: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + Password: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), }, NodeConfig: gke.NodeConfig{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - ImageType: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + ImageType: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), WorkloadMetadataConfig: gke.WorkloadMetadataConfig{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - NodeMetadata: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + NodeMetadata: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), }, - ServiceAccount: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), - EnableLegacyEndpoints: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + ServiceAccount: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + EnableLegacyEndpoints: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), }, - EnableShieldedNodes: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - EnableLegacyABAC: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - ResourceLabels: defsecTypes.MapDefault(nil, defsecTypes.NewUnmanagedMetadata()), - RemoveDefaultNodePool: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), - EnableAutpilot: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + EnableShieldedNodes: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + EnableLegacyABAC: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + ResourceLabels: iacTypes.MapDefault(nil, iacTypes.NewUnmanagedMetadata()), + RemoveDefaultNodePool: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), + EnableAutpilot: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), } } @@ -264,16 +264,16 @@ func adaptNodeConfig(resource *terraform.Block) gke.NodeConfig { ImageType: resource.GetAttribute("image_type").AsStringValueOrDefault("", resource), WorkloadMetadataConfig: gke.WorkloadMetadataConfig{ Metadata: resource.GetMetadata(), - NodeMetadata: defsecTypes.StringDefault("UNSPECIFIED", resource.GetMetadata()), + NodeMetadata: iacTypes.StringDefault("UNSPECIFIED", resource.GetMetadata()), }, ServiceAccount: resource.GetAttribute("service_account").AsStringValueOrDefault("", resource), - EnableLegacyEndpoints: defsecTypes.BoolDefault(true, resource.GetMetadata()), + EnableLegacyEndpoints: iacTypes.BoolDefault(true, resource.GetMetadata()), } if metadata := resource.GetAttribute("metadata"); metadata.IsNotNil() { legacyMetadata := metadata.MapValue("disable-legacy-endpoints") if legacyMetadata.IsWhollyKnown() && legacyMetadata.Type() == cty.Bool { - config.EnableLegacyEndpoints = defsecTypes.Bool(legacyMetadata.False(), metadata.GetMetadata()) + config.EnableLegacyEndpoints = iacTypes.Bool(legacyMetadata.False(), metadata.GetMetadata()) } } @@ -293,7 +293,7 @@ func adaptNodeConfig(resource *terraform.Block) gke.NodeConfig { func adaptMasterAuth(resource *terraform.Block) gke.MasterAuth { clientCert := gke.ClientCertificate{ Metadata: resource.GetMetadata(), - IssueCertificate: defsecTypes.BoolDefault(false, resource.GetMetadata()), + IssueCertificate: iacTypes.BoolDefault(false, resource.GetMetadata()), } if resource.HasChild("client_certificate_config") { @@ -314,7 +314,7 @@ func adaptMasterAuth(resource *terraform.Block) gke.MasterAuth { } func adaptMasterAuthNetworksAsBlocks(parent *terraform.Block, blocks terraform.Blocks) gke.MasterAuthorizedNetworks { - var cidrs []defsecTypes.StringValue + var cidrs []iacTypes.StringValue for _, block := range blocks { for _, cidrBlock := range block.GetBlocks("cidr_blocks") { if cidrAttr := cidrBlock.GetAttribute("cidr_block"); cidrAttr.IsNotNil() { @@ -322,7 +322,7 @@ func adaptMasterAuthNetworksAsBlocks(parent *terraform.Block, blocks terraform.B } } } - enabled := defsecTypes.Bool(true, blocks[0].GetMetadata()) + enabled := iacTypes.Bool(true, blocks[0].GetMetadata()) return gke.MasterAuthorizedNetworks{ Metadata: blocks[0].GetMetadata(), Enabled: enabled, diff --git a/pkg/iac/adapters/terraform/google/gke/adapt_test.go b/pkg/iac/adapters/terraform/google/gke/adapt_test.go index 870616d67610..f45cdc24b2fb 100644 --- a/pkg/iac/adapters/terraform/google/gke/adapt_test.go +++ b/pkg/iac/adapters/terraform/google/gke/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/google/gke" "github.com/stretchr/testify/assert" @@ -102,75 +102,75 @@ resource "google_container_node_pool" "primary_preemptible_nodes" { expected: gke.GKE{ Clusters: []gke.Cluster{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), NodeConfig: gke.NodeConfig{ - Metadata: defsecTypes.NewTestMetadata(), - ImageType: defsecTypes.String("COS_CONTAINERD", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ImageType: iacTypes.String("COS_CONTAINERD", iacTypes.NewTestMetadata()), WorkloadMetadataConfig: gke.WorkloadMetadataConfig{ - Metadata: defsecTypes.NewTestMetadata(), - NodeMetadata: defsecTypes.String("GCE_METADATA", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + NodeMetadata: iacTypes.String("GCE_METADATA", iacTypes.NewTestMetadata()), }, - ServiceAccount: defsecTypes.String("", defsecTypes.NewTestMetadata()), - EnableLegacyEndpoints: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + ServiceAccount: iacTypes.String("", iacTypes.NewTestMetadata()), + EnableLegacyEndpoints: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, NodePools: []gke.NodePool{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Management: gke.Management{ - Metadata: defsecTypes.NewTestMetadata(), - EnableAutoRepair: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - EnableAutoUpgrade: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnableAutoRepair: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + EnableAutoUpgrade: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, NodeConfig: gke.NodeConfig{ - Metadata: defsecTypes.NewTestMetadata(), - ImageType: defsecTypes.String("COS_CONTAINERD", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ImageType: iacTypes.String("COS_CONTAINERD", iacTypes.NewTestMetadata()), WorkloadMetadataConfig: gke.WorkloadMetadataConfig{ - Metadata: defsecTypes.NewTestMetadata(), - NodeMetadata: defsecTypes.String("GCE_METADATA", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + NodeMetadata: iacTypes.String("GCE_METADATA", iacTypes.NewTestMetadata()), }, - ServiceAccount: defsecTypes.String("", defsecTypes.NewTestMetadata()), - EnableLegacyEndpoints: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + ServiceAccount: iacTypes.String("", iacTypes.NewTestMetadata()), + EnableLegacyEndpoints: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, IPAllocationPolicy: gke.IPAllocationPolicy{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, MasterAuthorizedNetworks: gke.MasterAuthorizedNetworks{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - CIDRs: []defsecTypes.StringValue{ - defsecTypes.String("10.10.128.0/24", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + CIDRs: []iacTypes.StringValue{ + iacTypes.String("10.10.128.0/24", iacTypes.NewTestMetadata()), }, }, NetworkPolicy: gke.NetworkPolicy{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, - DatapathProvider: defsecTypes.String("ADVANCED_DATAPATH", defsecTypes.NewTestMetadata()), + DatapathProvider: iacTypes.String("ADVANCED_DATAPATH", iacTypes.NewTestMetadata()), PrivateCluster: gke.PrivateCluster{ - Metadata: defsecTypes.NewTestMetadata(), - EnablePrivateNodes: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnablePrivateNodes: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, - LoggingService: defsecTypes.String("logging.googleapis.com/kubernetes", defsecTypes.NewTestMetadata()), - MonitoringService: defsecTypes.String("monitoring.googleapis.com/kubernetes", defsecTypes.NewTestMetadata()), + LoggingService: iacTypes.String("logging.googleapis.com/kubernetes", iacTypes.NewTestMetadata()), + MonitoringService: iacTypes.String("monitoring.googleapis.com/kubernetes", iacTypes.NewTestMetadata()), MasterAuth: gke.MasterAuth{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), ClientCertificate: gke.ClientCertificate{ - Metadata: defsecTypes.NewTestMetadata(), - IssueCertificate: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + IssueCertificate: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, - Username: defsecTypes.String("", defsecTypes.NewTestMetadata()), - Password: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Username: iacTypes.String("", iacTypes.NewTestMetadata()), + Password: iacTypes.String("", iacTypes.NewTestMetadata()), }, - EnableShieldedNodes: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - EnableLegacyABAC: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - ResourceLabels: defsecTypes.Map(map[string]string{ + EnableShieldedNodes: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + EnableLegacyABAC: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + ResourceLabels: iacTypes.Map(map[string]string{ "env": "staging", - }, defsecTypes.NewTestMetadata()), - RemoveDefaultNodePool: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - EnableAutpilot: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + }, iacTypes.NewTestMetadata()), + RemoveDefaultNodePool: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + EnableAutpilot: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, }, @@ -194,51 +194,51 @@ resource "google_container_cluster" "example" { expected: gke.GKE{ Clusters: []gke.Cluster{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), NodeConfig: gke.NodeConfig{ - Metadata: defsecTypes.NewTestMetadata(), - ImageType: defsecTypes.String("COS", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + ImageType: iacTypes.String("COS", iacTypes.NewTestMetadata()), WorkloadMetadataConfig: gke.WorkloadMetadataConfig{ - Metadata: defsecTypes.NewTestMetadata(), - NodeMetadata: defsecTypes.String("GCE_METADATA", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + NodeMetadata: iacTypes.String("GCE_METADATA", iacTypes.NewTestMetadata()), }, - ServiceAccount: defsecTypes.String("service-account", defsecTypes.NewTestMetadata()), - EnableLegacyEndpoints: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + ServiceAccount: iacTypes.String("service-account", iacTypes.NewTestMetadata()), + EnableLegacyEndpoints: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, IPAllocationPolicy: gke.IPAllocationPolicy{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, MasterAuthorizedNetworks: gke.MasterAuthorizedNetworks{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - CIDRs: []defsecTypes.StringValue{}, + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + CIDRs: []iacTypes.StringValue{}, }, NetworkPolicy: gke.NetworkPolicy{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, - DatapathProvider: defsecTypes.StringDefault("DATAPATH_PROVIDER_UNSPECIFIED", defsecTypes.NewTestMetadata()), + DatapathProvider: iacTypes.StringDefault("DATAPATH_PROVIDER_UNSPECIFIED", iacTypes.NewTestMetadata()), PrivateCluster: gke.PrivateCluster{ - Metadata: defsecTypes.NewTestMetadata(), - EnablePrivateNodes: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + EnablePrivateNodes: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, - LoggingService: defsecTypes.String("logging.googleapis.com/kubernetes", defsecTypes.NewTestMetadata()), - MonitoringService: defsecTypes.String("monitoring.googleapis.com/kubernetes", defsecTypes.NewTestMetadata()), + LoggingService: iacTypes.String("logging.googleapis.com/kubernetes", iacTypes.NewTestMetadata()), + MonitoringService: iacTypes.String("monitoring.googleapis.com/kubernetes", iacTypes.NewTestMetadata()), MasterAuth: gke.MasterAuth{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), ClientCertificate: gke.ClientCertificate{ - Metadata: defsecTypes.NewTestMetadata(), - IssueCertificate: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + IssueCertificate: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, - Username: defsecTypes.String("", defsecTypes.NewTestMetadata()), - Password: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Username: iacTypes.String("", iacTypes.NewTestMetadata()), + Password: iacTypes.String("", iacTypes.NewTestMetadata()), }, - EnableShieldedNodes: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - EnableLegacyABAC: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - ResourceLabels: defsecTypes.Map(map[string]string{}, defsecTypes.NewTestMetadata()), - RemoveDefaultNodePool: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + EnableShieldedNodes: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + EnableLegacyABAC: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + ResourceLabels: iacTypes.Map(map[string]string{}, iacTypes.NewTestMetadata()), + RemoveDefaultNodePool: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/google/iam/adapt_test.go b/pkg/iac/adapters/terraform/google/iam/adapt_test.go index f1e5a193ebf7..8297d83a5335 100644 --- a/pkg/iac/adapters/terraform/google/iam/adapt_test.go +++ b/pkg/iac/adapters/terraform/google/iam/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/google/iam" "github.com/stretchr/testify/assert" @@ -75,64 +75,64 @@ func Test_Adapt(t *testing.T) { expected: iam.IAM{ Organizations: []iam.Organization{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Projects: []iam.Project{ { - Metadata: defsecTypes.NewTestMetadata(), - AutoCreateNetwork: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + AutoCreateNetwork: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, Folders: []iam.Folder{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Members: []iam.Member{ { - Metadata: defsecTypes.NewTestMetadata(), - Member: defsecTypes.String("user:alice@gmail.com", defsecTypes.NewTestMetadata()), - Role: defsecTypes.String("roles/editor", defsecTypes.NewTestMetadata()), - DefaultServiceAccount: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Member: iacTypes.String("user:alice@gmail.com", iacTypes.NewTestMetadata()), + Role: iacTypes.String("roles/editor", iacTypes.NewTestMetadata()), + DefaultServiceAccount: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, Bindings: []iam.Binding{ { - Metadata: defsecTypes.NewTestMetadata(), - Members: []defsecTypes.StringValue{ - defsecTypes.String("user:not-alice@gmail.com", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Members: []iacTypes.StringValue{ + iacTypes.String("user:not-alice@gmail.com", iacTypes.NewTestMetadata()), }, - Role: defsecTypes.String("roles/nothing", defsecTypes.NewTestMetadata()), - IncludesDefaultServiceAccount: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Role: iacTypes.String("roles/nothing", iacTypes.NewTestMetadata()), + IncludesDefaultServiceAccount: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, }, Members: []iam.Member{ { - Metadata: defsecTypes.NewTestMetadata(), - Member: defsecTypes.String("user:member@gmail.com", defsecTypes.NewTestMetadata()), - Role: defsecTypes.String("roles/whatever", defsecTypes.NewTestMetadata()), - DefaultServiceAccount: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Member: iacTypes.String("user:member@gmail.com", iacTypes.NewTestMetadata()), + Role: iacTypes.String("roles/whatever", iacTypes.NewTestMetadata()), + DefaultServiceAccount: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, Bindings: []iam.Binding{ { - Metadata: defsecTypes.NewTestMetadata(), - Members: []defsecTypes.StringValue{ - defsecTypes.String("user:member_2@gmail.com", defsecTypes.NewTestMetadata())}, - Role: defsecTypes.String("roles/browser", defsecTypes.NewTestMetadata()), - IncludesDefaultServiceAccount: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Members: []iacTypes.StringValue{ + iacTypes.String("user:member_2@gmail.com", iacTypes.NewTestMetadata())}, + Role: iacTypes.String("roles/browser", iacTypes.NewTestMetadata()), + IncludesDefaultServiceAccount: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, }, }, WorkloadIdentityPoolProviders: []iam.WorkloadIdentityPoolProvider{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), - WorkloadIdentityPoolId: defsecTypes.String("example-pool", defsecTypes.NewTestMetadata()), - WorkloadIdentityPoolProviderId: defsecTypes.String("example-provider", defsecTypes.NewTestMetadata()), - AttributeCondition: defsecTypes.String("assertion.repository_owner=='your-github-organization'", defsecTypes.NewTestMetadata()), + WorkloadIdentityPoolId: iacTypes.String("example-pool", iacTypes.NewTestMetadata()), + WorkloadIdentityPoolProviderId: iacTypes.String("example-provider", iacTypes.NewTestMetadata()), + AttributeCondition: iacTypes.String("assertion.repository_owner=='your-github-organization'", iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/google/iam/convert.go b/pkg/iac/adapters/terraform/google/iam/convert.go index 380ebaa3c177..0bf31b41b223 100644 --- a/pkg/iac/adapters/terraform/google/iam/convert.go +++ b/pkg/iac/adapters/terraform/google/iam/convert.go @@ -3,7 +3,7 @@ package iam import ( "github.com/aquasecurity/trivy/pkg/iac/providers/google/iam" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func ParsePolicyBlock(block *terraform.Block) []iam.Binding { @@ -13,12 +13,12 @@ func ParsePolicyBlock(block *terraform.Block) []iam.Binding { Metadata: bindingBlock.GetMetadata(), Members: nil, Role: bindingBlock.GetAttribute("role").AsStringValueOrDefault("", bindingBlock), - IncludesDefaultServiceAccount: defsecTypes.BoolDefault(false, bindingBlock.GetMetadata()), + IncludesDefaultServiceAccount: iacTypes.BoolDefault(false, bindingBlock.GetMetadata()), } membersAttr := bindingBlock.GetAttribute("members") members := membersAttr.AsStringValues().AsStrings() for _, member := range members { - binding.Members = append(binding.Members, defsecTypes.String(member, membersAttr.GetMetadata())) + binding.Members = append(binding.Members, iacTypes.String(member, membersAttr.GetMetadata())) } bindings = append(bindings, binding) } diff --git a/pkg/iac/adapters/terraform/google/iam/project_iam.go b/pkg/iac/adapters/terraform/google/iam/project_iam.go index 14a3765bc5b9..a3f670ee3be3 100644 --- a/pkg/iac/adapters/terraform/google/iam/project_iam.go +++ b/pkg/iac/adapters/terraform/google/iam/project_iam.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/google/iam" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) // see https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_project_iam @@ -26,13 +26,13 @@ func AdaptMember(iamBlock *terraform.Block, modules terraform.Modules) iam.Membe Metadata: iamBlock.GetMetadata(), Member: iamBlock.GetAttribute("member").AsStringValueOrDefault("", iamBlock), Role: iamBlock.GetAttribute("role").AsStringValueOrDefault("", iamBlock), - DefaultServiceAccount: defsecTypes.BoolDefault(false, iamBlock.GetMetadata()), + DefaultServiceAccount: iacTypes.BoolDefault(false, iamBlock.GetMetadata()), } memberAttr := iamBlock.GetAttribute("member") if referencedBlock, err := modules.GetReferencedBlock(memberAttr, iamBlock); err == nil { if strings.HasSuffix(referencedBlock.TypeLabel(), "_default_service_account") { - member.DefaultServiceAccount = defsecTypes.Bool(true, memberAttr.GetMetadata()) + member.DefaultServiceAccount = iacTypes.Bool(true, memberAttr.GetMetadata()) } } @@ -110,8 +110,8 @@ func (a *adapter) adaptProjectMembers() { a.projects = append(a.projects, parentedProject{ project: iam.Project{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - AutoCreateNetwork: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + AutoCreateNetwork: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), Members: []iam.Member{member}, Bindings: nil, }, @@ -129,16 +129,16 @@ func AdaptBinding(iamBlock *terraform.Block, modules terraform.Modules) iam.Bind Metadata: iamBlock.GetMetadata(), Members: nil, Role: iamBlock.GetAttribute("role").AsStringValueOrDefault("", iamBlock), - IncludesDefaultServiceAccount: defsecTypes.BoolDefault(false, iamBlock.GetMetadata()), + IncludesDefaultServiceAccount: iacTypes.BoolDefault(false, iamBlock.GetMetadata()), } membersAttr := iamBlock.GetAttribute("members") members := membersAttr.AsStringValues().AsStrings() for _, member := range members { - binding.Members = append(binding.Members, defsecTypes.String(member, membersAttr.GetMetadata())) + binding.Members = append(binding.Members, iacTypes.String(member, membersAttr.GetMetadata())) } if referencedBlock, err := modules.GetReferencedBlock(membersAttr, iamBlock); err == nil { if strings.HasSuffix(referencedBlock.TypeLabel(), "_default_service_account") { - binding.IncludesDefaultServiceAccount = defsecTypes.Bool(true, membersAttr.GetMetadata()) + binding.IncludesDefaultServiceAccount = iacTypes.Bool(true, membersAttr.GetMetadata()) } } return binding @@ -209,8 +209,8 @@ func (a *adapter) adaptProjectDataBindings() { // we didn't find the project - add an unmanaged one a.projects = append(a.projects, parentedProject{ project: iam.Project{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - AutoCreateNetwork: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + AutoCreateNetwork: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), Members: nil, Bindings: bindings, }, @@ -276,8 +276,8 @@ func (a *adapter) adaptProjectBindings() { } a.projects = append(a.projects, parentedProject{ project: iam.Project{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - AutoCreateNetwork: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + AutoCreateNetwork: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), Members: nil, Bindings: []iam.Binding{binding}, }, diff --git a/pkg/iac/adapters/terraform/google/iam/project_iam_test.go b/pkg/iac/adapters/terraform/google/iam/project_iam_test.go index 9ed880c3bc09..fc2803c2dc4a 100644 --- a/pkg/iac/adapters/terraform/google/iam/project_iam_test.go +++ b/pkg/iac/adapters/terraform/google/iam/project_iam_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/google/iam" ) @@ -28,11 +28,11 @@ func Test_AdaptBinding(t *testing.T) { ] }`, expected: iam.Binding{ - Metadata: defsecTypes.NewTestMetadata(), - Members: []defsecTypes.StringValue{ - defsecTypes.String("user:alice@gmail.com", defsecTypes.NewTestMetadata())}, - Role: defsecTypes.String("roles/browser", defsecTypes.NewTestMetadata()), - IncludesDefaultServiceAccount: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Members: []iacTypes.StringValue{ + iacTypes.String("user:alice@gmail.com", iacTypes.NewTestMetadata())}, + Role: iacTypes.String("roles/browser", iacTypes.NewTestMetadata()), + IncludesDefaultServiceAccount: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, { @@ -41,9 +41,9 @@ func Test_AdaptBinding(t *testing.T) { resource "google_organization_iam_binding" "binding" { }`, expected: iam.Binding{ - Metadata: defsecTypes.NewTestMetadata(), - Role: defsecTypes.String("", defsecTypes.NewTestMetadata()), - IncludesDefaultServiceAccount: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Role: iacTypes.String("", iacTypes.NewTestMetadata()), + IncludesDefaultServiceAccount: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, } diff --git a/pkg/iac/adapters/terraform/google/kms/adapt_test.go b/pkg/iac/adapters/terraform/google/kms/adapt_test.go index bc1fcc9d82f6..c6025dc86f1e 100644 --- a/pkg/iac/adapters/terraform/google/kms/adapt_test.go +++ b/pkg/iac/adapters/terraform/google/kms/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/google/kms" @@ -34,11 +34,11 @@ func Test_adaptKeyRings(t *testing.T) { `, expected: []kms.KeyRing{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Keys: []kms.Key{ { - Metadata: defsecTypes.NewTestMetadata(), - RotationPeriodSeconds: defsecTypes.Int(7776000, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + RotationPeriodSeconds: iacTypes.Int(7776000, iacTypes.NewTestMetadata()), }, }, }, @@ -54,7 +54,7 @@ func Test_adaptKeyRings(t *testing.T) { `, expected: []kms.KeyRing{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), }, }, }, @@ -72,11 +72,11 @@ func Test_adaptKeyRings(t *testing.T) { `, expected: []kms.KeyRing{ { - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Keys: []kms.Key{ { - Metadata: defsecTypes.NewTestMetadata(), - RotationPeriodSeconds: defsecTypes.Int(-1, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + RotationPeriodSeconds: iacTypes.Int(-1, iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/google/sql/adapt.go b/pkg/iac/adapters/terraform/google/sql/adapt.go index 6f16bcb38dd8..6418942384d4 100644 --- a/pkg/iac/adapters/terraform/google/sql/adapt.go +++ b/pkg/iac/adapters/terraform/google/sql/adapt.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/google/sql" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) sql.SQL { @@ -29,37 +29,37 @@ func adaptInstance(resource *terraform.Block) sql.DatabaseInstance { instance := sql.DatabaseInstance{ Metadata: resource.GetMetadata(), DatabaseVersion: resource.GetAttribute("database_version").AsStringValueOrDefault("", resource), - IsReplica: defsecTypes.BoolDefault(false, resource.GetMetadata()), + IsReplica: iacTypes.BoolDefault(false, resource.GetMetadata()), Settings: sql.Settings{ Metadata: resource.GetMetadata(), Flags: sql.Flags{ Metadata: resource.GetMetadata(), - LogTempFileSize: defsecTypes.IntDefault(-1, resource.GetMetadata()), - LocalInFile: defsecTypes.BoolDefault(false, resource.GetMetadata()), - ContainedDatabaseAuthentication: defsecTypes.BoolDefault(true, resource.GetMetadata()), - CrossDBOwnershipChaining: defsecTypes.BoolDefault(true, resource.GetMetadata()), - LogCheckpoints: defsecTypes.BoolDefault(false, resource.GetMetadata()), - LogConnections: defsecTypes.BoolDefault(false, resource.GetMetadata()), - LogDisconnections: defsecTypes.BoolDefault(false, resource.GetMetadata()), - LogLockWaits: defsecTypes.BoolDefault(false, resource.GetMetadata()), - LogMinMessages: defsecTypes.StringDefault("", resource.GetMetadata()), - LogMinDurationStatement: defsecTypes.IntDefault(-1, resource.GetMetadata()), + LogTempFileSize: iacTypes.IntDefault(-1, resource.GetMetadata()), + LocalInFile: iacTypes.BoolDefault(false, resource.GetMetadata()), + ContainedDatabaseAuthentication: iacTypes.BoolDefault(true, resource.GetMetadata()), + CrossDBOwnershipChaining: iacTypes.BoolDefault(true, resource.GetMetadata()), + LogCheckpoints: iacTypes.BoolDefault(false, resource.GetMetadata()), + LogConnections: iacTypes.BoolDefault(false, resource.GetMetadata()), + LogDisconnections: iacTypes.BoolDefault(false, resource.GetMetadata()), + LogLockWaits: iacTypes.BoolDefault(false, resource.GetMetadata()), + LogMinMessages: iacTypes.StringDefault("", resource.GetMetadata()), + LogMinDurationStatement: iacTypes.IntDefault(-1, resource.GetMetadata()), }, Backups: sql.Backups{ Metadata: resource.GetMetadata(), - Enabled: defsecTypes.BoolDefault(false, resource.GetMetadata()), + Enabled: iacTypes.BoolDefault(false, resource.GetMetadata()), }, IPConfiguration: sql.IPConfiguration{ Metadata: resource.GetMetadata(), - RequireTLS: defsecTypes.BoolDefault(false, resource.GetMetadata()), - EnableIPv4: defsecTypes.BoolDefault(true, resource.GetMetadata()), + RequireTLS: iacTypes.BoolDefault(false, resource.GetMetadata()), + EnableIPv4: iacTypes.BoolDefault(true, resource.GetMetadata()), AuthorizedNetworks: nil, }, }, } if attr := resource.GetAttribute("master_instance_name"); attr.IsNotNil() { - instance.IsReplica = defsecTypes.Bool(true, attr.GetMetadata()) + instance.IsReplica = iacTypes.Bool(true, attr.GetMetadata()) } if settingsBlock := resource.GetBlock("settings"); settingsBlock.IsNotNil() { @@ -93,36 +93,36 @@ func adaptFlags(resources terraform.Blocks, flags *sql.Flags) { switch nameAttr.Value().AsString() { case "log_temp_files": if logTempInt, err := strconv.Atoi(valueAttr.Value().AsString()); err == nil { - flags.LogTempFileSize = defsecTypes.Int(logTempInt, nameAttr.GetMetadata()) + flags.LogTempFileSize = iacTypes.Int(logTempInt, nameAttr.GetMetadata()) } case "log_min_messages": flags.LogMinMessages = valueAttr.AsStringValueOrDefault("", resource) case "log_min_duration_statement": if logMinDS, err := strconv.Atoi(valueAttr.Value().AsString()); err == nil { - flags.LogMinDurationStatement = defsecTypes.Int(logMinDS, nameAttr.GetMetadata()) + flags.LogMinDurationStatement = iacTypes.Int(logMinDS, nameAttr.GetMetadata()) } case "local_infile": - flags.LocalInFile = defsecTypes.Bool(valueAttr.Equals("on"), valueAttr.GetMetadata()) + flags.LocalInFile = iacTypes.Bool(valueAttr.Equals("on"), valueAttr.GetMetadata()) case "log_checkpoints": - flags.LogCheckpoints = defsecTypes.Bool(valueAttr.Equals("on"), valueAttr.GetMetadata()) + flags.LogCheckpoints = iacTypes.Bool(valueAttr.Equals("on"), valueAttr.GetMetadata()) case "log_connections": - flags.LogConnections = defsecTypes.Bool(valueAttr.Equals("on"), valueAttr.GetMetadata()) + flags.LogConnections = iacTypes.Bool(valueAttr.Equals("on"), valueAttr.GetMetadata()) case "log_disconnections": - flags.LogDisconnections = defsecTypes.Bool(valueAttr.Equals("on"), valueAttr.GetMetadata()) + flags.LogDisconnections = iacTypes.Bool(valueAttr.Equals("on"), valueAttr.GetMetadata()) case "log_lock_waits": - flags.LogLockWaits = defsecTypes.Bool(valueAttr.Equals("on"), valueAttr.GetMetadata()) + flags.LogLockWaits = iacTypes.Bool(valueAttr.Equals("on"), valueAttr.GetMetadata()) case "contained database authentication": - flags.ContainedDatabaseAuthentication = defsecTypes.Bool(valueAttr.Equals("on"), valueAttr.GetMetadata()) + flags.ContainedDatabaseAuthentication = iacTypes.Bool(valueAttr.Equals("on"), valueAttr.GetMetadata()) case "cross db ownership chaining": - flags.CrossDBOwnershipChaining = defsecTypes.Bool(valueAttr.Equals("on"), valueAttr.GetMetadata()) + flags.CrossDBOwnershipChaining = iacTypes.Bool(valueAttr.Equals("on"), valueAttr.GetMetadata()) } } } func adaptIPConfig(resource *terraform.Block) sql.IPConfiguration { var authorizedNetworks []struct { - Name defsecTypes.StringValue - CIDR defsecTypes.StringValue + Name iacTypes.StringValue + CIDR iacTypes.StringValue } tlsRequiredAttr := resource.GetAttribute("require_ssl") @@ -137,8 +137,8 @@ func adaptIPConfig(resource *terraform.Block) sql.IPConfiguration { cidrVal := authBlock.GetAttribute("value").AsStringValueOrDefault("", authBlock) authorizedNetworks = append(authorizedNetworks, struct { - Name defsecTypes.StringValue - CIDR defsecTypes.StringValue + Name iacTypes.StringValue + CIDR iacTypes.StringValue }{ Name: nameVal, CIDR: cidrVal, diff --git a/pkg/iac/adapters/terraform/google/sql/adapt_test.go b/pkg/iac/adapters/terraform/google/sql/adapt_test.go index ad5d0347f049..a31f649ffe99 100644 --- a/pkg/iac/adapters/terraform/google/sql/adapt_test.go +++ b/pkg/iac/adapters/terraform/google/sql/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/google/sql" @@ -42,39 +42,39 @@ func Test_Adapt(t *testing.T) { expected: sql.SQL{ Instances: []sql.DatabaseInstance{ { - Metadata: defsecTypes.NewTestMetadata(), - IsReplica: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - DatabaseVersion: defsecTypes.String("POSTGRES_12", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + IsReplica: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + DatabaseVersion: iacTypes.String("POSTGRES_12", iacTypes.NewTestMetadata()), Settings: sql.Settings{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Backups: sql.Backups{ - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, Flags: sql.Flags{ - Metadata: defsecTypes.NewTestMetadata(), - LogMinDurationStatement: defsecTypes.Int(-1, defsecTypes.NewTestMetadata()), - ContainedDatabaseAuthentication: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - CrossDBOwnershipChaining: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - LocalInFile: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - LogCheckpoints: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - LogConnections: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - LogDisconnections: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - LogLockWaits: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - LogMinMessages: defsecTypes.String("", defsecTypes.NewTestMetadata()), - LogTempFileSize: defsecTypes.Int(-1, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + LogMinDurationStatement: iacTypes.Int(-1, iacTypes.NewTestMetadata()), + ContainedDatabaseAuthentication: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + CrossDBOwnershipChaining: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + LocalInFile: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + LogCheckpoints: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + LogConnections: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + LogDisconnections: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + LogLockWaits: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + LogMinMessages: iacTypes.String("", iacTypes.NewTestMetadata()), + LogTempFileSize: iacTypes.Int(-1, iacTypes.NewTestMetadata()), }, IPConfiguration: sql.IPConfiguration{ - Metadata: defsecTypes.NewTestMetadata(), - RequireTLS: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - EnableIPv4: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + RequireTLS: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + EnableIPv4: iacTypes.Bool(false, iacTypes.NewTestMetadata()), AuthorizedNetworks: []struct { - Name defsecTypes.StringValue - CIDR defsecTypes.StringValue + Name iacTypes.StringValue + CIDR iacTypes.StringValue }{ { - Name: defsecTypes.String("internal", defsecTypes.NewTestMetadata()), - CIDR: defsecTypes.String("108.12.12.0/24", defsecTypes.NewTestMetadata()), + Name: iacTypes.String("internal", iacTypes.NewTestMetadata()), + CIDR: iacTypes.String("108.12.12.0/24", iacTypes.NewTestMetadata()), }, }, }, @@ -145,28 +145,28 @@ resource "google_sql_database_instance" "backup_source_instance" { `, expected: []sql.DatabaseInstance{ { - Metadata: defsecTypes.NewTestMetadata(), - DatabaseVersion: defsecTypes.String("POSTGRES_11", defsecTypes.NewTestMetadata()), - IsReplica: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + DatabaseVersion: iacTypes.String("POSTGRES_11", iacTypes.NewTestMetadata()), + IsReplica: iacTypes.Bool(false, iacTypes.NewTestMetadata()), Settings: sql.Settings{ Backups: sql.Backups{ - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, Flags: sql.Flags{ - LogConnections: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - LogTempFileSize: defsecTypes.Int(0, defsecTypes.NewTestMetadata()), - LogCheckpoints: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - LogDisconnections: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - LogLockWaits: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - ContainedDatabaseAuthentication: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - CrossDBOwnershipChaining: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - LocalInFile: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - LogMinDurationStatement: defsecTypes.Int(-1, defsecTypes.NewTestMetadata()), - LogMinMessages: defsecTypes.String("", defsecTypes.NewTestMetadata()), + LogConnections: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + LogTempFileSize: iacTypes.Int(0, iacTypes.NewTestMetadata()), + LogCheckpoints: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + LogDisconnections: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + LogLockWaits: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + ContainedDatabaseAuthentication: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + CrossDBOwnershipChaining: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + LocalInFile: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + LogMinDurationStatement: iacTypes.Int(-1, iacTypes.NewTestMetadata()), + LogMinMessages: iacTypes.String("", iacTypes.NewTestMetadata()), }, IPConfiguration: sql.IPConfiguration{ - EnableIPv4: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), - RequireTLS: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + EnableIPv4: iacTypes.Bool(false, iacTypes.NewTestMetadata()), + RequireTLS: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/google/storage/adapt.go b/pkg/iac/adapters/terraform/google/storage/adapt.go index 6e987718ff81..9fe918030151 100644 --- a/pkg/iac/adapters/terraform/google/storage/adapt.go +++ b/pkg/iac/adapters/terraform/google/storage/adapt.go @@ -3,7 +3,7 @@ package storage import ( "github.com/aquasecurity/trivy/pkg/iac/providers/google/storage" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Adapt(modules terraform.Modules) storage.Storage { @@ -36,10 +36,10 @@ func (a *adapter) adaptBuckets() []storage.Bucket { } orphanage := storage.Bucket{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - Name: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), - Location: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), - EnableUniformBucketLevelAccess: defsecTypes.BoolDefault(false, defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + Name: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + Location: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + EnableUniformBucketLevelAccess: iacTypes.BoolDefault(false, iacTypes.NewUnmanagedMetadata()), Members: nil, Bindings: nil, } @@ -87,7 +87,7 @@ func (a *adapter) adaptBucketResource(resourceBlock *terraform.Block) storage.Bu Bindings: nil, Encryption: storage.BucketEncryption{ Metadata: resourceBlock.GetMetadata(), - DefaultKMSKeyName: defsecTypes.StringDefault("", resourceBlock.GetMetadata()), + DefaultKMSKeyName: iacTypes.StringDefault("", resourceBlock.GetMetadata()), }, } diff --git a/pkg/iac/adapters/terraform/google/storage/adapt_test.go b/pkg/iac/adapters/terraform/google/storage/adapt_test.go index c5f914fd2851..fe7a82e62f9c 100644 --- a/pkg/iac/adapters/terraform/google/storage/adapt_test.go +++ b/pkg/iac/adapters/terraform/google/storage/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/google/iam" "github.com/aquasecurity/trivy/pkg/iac/providers/google/storage" @@ -48,31 +48,31 @@ func Test_Adapt(t *testing.T) { expected: storage.Storage{ Buckets: []storage.Bucket{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("image-store.com", defsecTypes.NewTestMetadata()), - Location: defsecTypes.String("EU", defsecTypes.NewTestMetadata()), - EnableUniformBucketLevelAccess: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("image-store.com", iacTypes.NewTestMetadata()), + Location: iacTypes.String("EU", iacTypes.NewTestMetadata()), + EnableUniformBucketLevelAccess: iacTypes.Bool(true, iacTypes.NewTestMetadata()), Bindings: []iam.Binding{ { - Metadata: defsecTypes.NewTestMetadata(), - Members: []defsecTypes.StringValue{ - defsecTypes.String("group:test@example.com", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Members: []iacTypes.StringValue{ + iacTypes.String("group:test@example.com", iacTypes.NewTestMetadata()), }, - Role: defsecTypes.String("roles/storage.admin #1", defsecTypes.NewTestMetadata()), - IncludesDefaultServiceAccount: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Role: iacTypes.String("roles/storage.admin #1", iacTypes.NewTestMetadata()), + IncludesDefaultServiceAccount: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, Members: []iam.Member{ { - Metadata: defsecTypes.NewTestMetadata(), - Member: defsecTypes.String("serviceAccount:test@example.com", defsecTypes.NewTestMetadata()), - Role: defsecTypes.String("roles/storage.admin #2", defsecTypes.NewTestMetadata()), - DefaultServiceAccount: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Member: iacTypes.String("serviceAccount:test@example.com", iacTypes.NewTestMetadata()), + Role: iacTypes.String("roles/storage.admin #2", iacTypes.NewTestMetadata()), + DefaultServiceAccount: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, Encryption: storage.BucketEncryption{ - Metadata: defsecTypes.NewTestMetadata(), - DefaultKMSKeyName: defsecTypes.String("default-kms-key-name", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + DefaultKMSKeyName: iacTypes.String("default-kms-key-name", iacTypes.NewTestMetadata()), }, }, }, @@ -94,28 +94,28 @@ func Test_Adapt(t *testing.T) { expected: storage.Storage{ Buckets: []storage.Bucket{ { - Metadata: defsecTypes.NewTestMetadata(), - Name: defsecTypes.String("", defsecTypes.NewTestMetadata()), - Location: defsecTypes.String("", defsecTypes.NewTestMetadata()), - EnableUniformBucketLevelAccess: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Name: iacTypes.String("", iacTypes.NewTestMetadata()), + Location: iacTypes.String("", iacTypes.NewTestMetadata()), + EnableUniformBucketLevelAccess: iacTypes.Bool(false, iacTypes.NewTestMetadata()), Bindings: []iam.Binding{ { - Metadata: defsecTypes.NewTestMetadata(), - Role: defsecTypes.String("", defsecTypes.NewTestMetadata()), - IncludesDefaultServiceAccount: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Role: iacTypes.String("", iacTypes.NewTestMetadata()), + IncludesDefaultServiceAccount: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, Members: []iam.Member{ { - Metadata: defsecTypes.NewTestMetadata(), - Member: defsecTypes.String("", defsecTypes.NewTestMetadata()), - Role: defsecTypes.String("", defsecTypes.NewTestMetadata()), - DefaultServiceAccount: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Member: iacTypes.String("", iacTypes.NewTestMetadata()), + Role: iacTypes.String("", iacTypes.NewTestMetadata()), + DefaultServiceAccount: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, Encryption: storage.BucketEncryption{ - Metadata: defsecTypes.NewTestMetadata(), - DefaultKMSKeyName: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + DefaultKMSKeyName: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/nifcloud/computing/instance_test.go b/pkg/iac/adapters/terraform/nifcloud/computing/instance_test.go index 477eb6f72923..8055681c1353 100644 --- a/pkg/iac/adapters/terraform/nifcloud/computing/instance_test.go +++ b/pkg/iac/adapters/terraform/nifcloud/computing/instance_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/computing" ) @@ -27,12 +27,12 @@ func Test_adaptInstances(t *testing.T) { } `, expected: []computing.Instance{{ - Metadata: defsecTypes.NewTestMetadata(), - SecurityGroup: defsecTypes.String("example-security-group", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + SecurityGroup: iacTypes.String("example-security-group", iacTypes.NewTestMetadata()), NetworkInterfaces: []computing.NetworkInterface{ { - Metadata: defsecTypes.NewTestMetadata(), - NetworkID: defsecTypes.String("net-COMMON_PRIVATE", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + NetworkID: iacTypes.String("net-COMMON_PRIVATE", iacTypes.NewTestMetadata()), }, }, }}, @@ -47,12 +47,12 @@ func Test_adaptInstances(t *testing.T) { `, expected: []computing.Instance{{ - Metadata: defsecTypes.NewTestMetadata(), - SecurityGroup: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + SecurityGroup: iacTypes.String("", iacTypes.NewTestMetadata()), NetworkInterfaces: []computing.NetworkInterface{ { - Metadata: defsecTypes.NewTestMetadata(), - NetworkID: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + NetworkID: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, }}, diff --git a/pkg/iac/adapters/terraform/nifcloud/computing/security_group.go b/pkg/iac/adapters/terraform/nifcloud/computing/security_group.go index 21fb8cb6c37f..38699a6f2555 100644 --- a/pkg/iac/adapters/terraform/nifcloud/computing/security_group.go +++ b/pkg/iac/adapters/terraform/nifcloud/computing/security_group.go @@ -3,7 +3,7 @@ package computing import ( "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/computing" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type sgAdapter struct { @@ -18,8 +18,8 @@ func (a *sgAdapter) adaptSecurityGroups(modules terraform.Modules) []computing.S orphanResources := modules.GetResourceByIDs(a.sgRuleIDs.Orphans()...) if len(orphanResources) > 0 { orphanage := computing.SecurityGroup{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - Description: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + Description: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), IngressRules: nil, } for _, sgRule := range orphanResources { diff --git a/pkg/iac/adapters/terraform/nifcloud/computing/security_group_test.go b/pkg/iac/adapters/terraform/nifcloud/computing/security_group_test.go index bf5f705e423c..250f99a96fdc 100644 --- a/pkg/iac/adapters/terraform/nifcloud/computing/security_group_test.go +++ b/pkg/iac/adapters/terraform/nifcloud/computing/security_group_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/computing" ) @@ -35,13 +35,13 @@ func Test_adaptSecurityGroups(t *testing.T) { } `, expected: []computing.SecurityGroup{{ - Metadata: defsecTypes.NewTestMetadata(), - Description: defsecTypes.String("memo", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Description: iacTypes.String("memo", iacTypes.NewTestMetadata()), IngressRules: []computing.SecurityGroupRule{ { - Metadata: defsecTypes.NewTestMetadata(), - CIDR: defsecTypes.String("1.2.3.4/32", defsecTypes.NewTestMetadata()), - Description: defsecTypes.String("memo", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + CIDR: iacTypes.String("1.2.3.4/32", iacTypes.NewTestMetadata()), + Description: iacTypes.String("memo", iacTypes.NewTestMetadata()), }, }, }}, @@ -60,13 +60,13 @@ func Test_adaptSecurityGroups(t *testing.T) { `, expected: []computing.SecurityGroup{{ - Metadata: defsecTypes.NewTestMetadata(), - Description: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Description: iacTypes.String("", iacTypes.NewTestMetadata()), IngressRules: []computing.SecurityGroupRule{ { - Metadata: defsecTypes.NewTestMetadata(), - CIDR: defsecTypes.String("", defsecTypes.NewTestMetadata()), - Description: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + CIDR: iacTypes.String("", iacTypes.NewTestMetadata()), + Description: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, }}, diff --git a/pkg/iac/adapters/terraform/nifcloud/dns/record_test.go b/pkg/iac/adapters/terraform/nifcloud/dns/record_test.go index ef4b172b0f19..75fd1c8d06bc 100644 --- a/pkg/iac/adapters/terraform/nifcloud/dns/record_test.go +++ b/pkg/iac/adapters/terraform/nifcloud/dns/record_test.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/dns" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Test_adaptRecords(t *testing.T) { @@ -24,9 +24,9 @@ func Test_adaptRecords(t *testing.T) { } `, expected: []dns.Record{{ - Metadata: defsecTypes.NewTestMetadata(), - Type: defsecTypes.String("A", defsecTypes.NewTestMetadata()), - Record: defsecTypes.String("example-record", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Type: iacTypes.String("A", iacTypes.NewTestMetadata()), + Record: iacTypes.String("example-record", iacTypes.NewTestMetadata()), }}, }, { @@ -37,9 +37,9 @@ func Test_adaptRecords(t *testing.T) { `, expected: []dns.Record{{ - Metadata: defsecTypes.NewTestMetadata(), - Type: defsecTypes.String("", defsecTypes.NewTestMetadata()), - Record: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Type: iacTypes.String("", iacTypes.NewTestMetadata()), + Record: iacTypes.String("", iacTypes.NewTestMetadata()), }}, }, } diff --git a/pkg/iac/adapters/terraform/nifcloud/nas/nas_instance_test.go b/pkg/iac/adapters/terraform/nifcloud/nas/nas_instance_test.go index abbd7918ee41..29e52ea65037 100644 --- a/pkg/iac/adapters/terraform/nifcloud/nas/nas_instance_test.go +++ b/pkg/iac/adapters/terraform/nifcloud/nas/nas_instance_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/nas" ) @@ -24,8 +24,8 @@ func Test_adaptNASInstances(t *testing.T) { } `, expected: []nas.NASInstance{{ - Metadata: defsecTypes.NewTestMetadata(), - NetworkID: defsecTypes.String("example-network", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + NetworkID: iacTypes.String("example-network", iacTypes.NewTestMetadata()), }}, }, { @@ -36,8 +36,8 @@ func Test_adaptNASInstances(t *testing.T) { `, expected: []nas.NASInstance{{ - Metadata: defsecTypes.NewTestMetadata(), - NetworkID: defsecTypes.String("net-COMMON_PRIVATE", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + NetworkID: iacTypes.String("net-COMMON_PRIVATE", iacTypes.NewTestMetadata()), }}, }, } diff --git a/pkg/iac/adapters/terraform/nifcloud/nas/nas_security_group.go b/pkg/iac/adapters/terraform/nifcloud/nas/nas_security_group.go index 0e97e1109304..468cbddce309 100644 --- a/pkg/iac/adapters/terraform/nifcloud/nas/nas_security_group.go +++ b/pkg/iac/adapters/terraform/nifcloud/nas/nas_security_group.go @@ -3,7 +3,7 @@ package nas import ( "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/nas" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptNASSecurityGroups(modules terraform.Modules) []nas.NASSecurityGroup { @@ -16,7 +16,7 @@ func adaptNASSecurityGroups(modules terraform.Modules) []nas.NASSecurityGroup { } func adaptNASSecurityGroup(resource *terraform.Block) nas.NASSecurityGroup { - var cidrs []defsecTypes.StringValue + var cidrs []iacTypes.StringValue for _, rule := range resource.GetBlocks("rule") { cidrs = append(cidrs, rule.GetAttribute("cidr_ip").AsStringValueOrDefault("", resource)) diff --git a/pkg/iac/adapters/terraform/nifcloud/nas/nas_security_group_test.go b/pkg/iac/adapters/terraform/nifcloud/nas/nas_security_group_test.go index 91510fb6b872..786aec2fa6d6 100644 --- a/pkg/iac/adapters/terraform/nifcloud/nas/nas_security_group_test.go +++ b/pkg/iac/adapters/terraform/nifcloud/nas/nas_security_group_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/nas" ) @@ -28,10 +28,10 @@ func Test_adaptNASSecurityGroups(t *testing.T) { } `, expected: []nas.NASSecurityGroup{{ - Metadata: defsecTypes.NewTestMetadata(), - Description: defsecTypes.String("memo", defsecTypes.NewTestMetadata()), - CIDRs: []defsecTypes.StringValue{ - defsecTypes.String("0.0.0.0/0", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Description: iacTypes.String("memo", iacTypes.NewTestMetadata()), + CIDRs: []iacTypes.StringValue{ + iacTypes.String("0.0.0.0/0", iacTypes.NewTestMetadata()), }, }}, }, @@ -45,10 +45,10 @@ func Test_adaptNASSecurityGroups(t *testing.T) { `, expected: []nas.NASSecurityGroup{{ - Metadata: defsecTypes.NewTestMetadata(), - Description: defsecTypes.String("", defsecTypes.NewTestMetadata()), - CIDRs: []defsecTypes.StringValue{ - defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Description: iacTypes.String("", iacTypes.NewTestMetadata()), + CIDRs: []iacTypes.StringValue{ + iacTypes.String("", iacTypes.NewTestMetadata()), }, }}, }, diff --git a/pkg/iac/adapters/terraform/nifcloud/network/elastic_load_balancer_test.go b/pkg/iac/adapters/terraform/nifcloud/network/elastic_load_balancer_test.go index b5a4496f38cf..252396e387e0 100644 --- a/pkg/iac/adapters/terraform/nifcloud/network/elastic_load_balancer_test.go +++ b/pkg/iac/adapters/terraform/nifcloud/network/elastic_load_balancer_test.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/network" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Test_adaptElasticLoadBalancers(t *testing.T) { @@ -33,22 +33,22 @@ func Test_adaptElasticLoadBalancers(t *testing.T) { } `, expected: []network.ElasticLoadBalancer{{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), NetworkInterfaces: []network.NetworkInterface{ { - Metadata: defsecTypes.NewTestMetadata(), - NetworkID: defsecTypes.String("net-COMMON_PRIVATE", defsecTypes.NewTestMetadata()), - IsVipNetwork: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + NetworkID: iacTypes.String("net-COMMON_PRIVATE", iacTypes.NewTestMetadata()), + IsVipNetwork: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }, }, Listeners: []network.ElasticLoadBalancerListener{ { - Metadata: defsecTypes.NewTestMetadata(), - Protocol: defsecTypes.String("HTTP", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Protocol: iacTypes.String("HTTP", iacTypes.NewTestMetadata()), }, { - Metadata: defsecTypes.NewTestMetadata(), - Protocol: defsecTypes.String("HTTPS", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Protocol: iacTypes.String("HTTPS", iacTypes.NewTestMetadata()), }, }, }}, @@ -63,16 +63,16 @@ func Test_adaptElasticLoadBalancers(t *testing.T) { `, expected: []network.ElasticLoadBalancer{{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), NetworkInterfaces: []network.NetworkInterface{ { - Metadata: defsecTypes.NewTestMetadata(), - NetworkID: defsecTypes.String("", defsecTypes.NewTestMetadata()), - IsVipNetwork: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + NetworkID: iacTypes.String("", iacTypes.NewTestMetadata()), + IsVipNetwork: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }, }, Listeners: []network.ElasticLoadBalancerListener{{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), }}, }}, }, diff --git a/pkg/iac/adapters/terraform/nifcloud/network/load_balancer.go b/pkg/iac/adapters/terraform/nifcloud/network/load_balancer.go index 3113e2cc56eb..d137f799756d 100644 --- a/pkg/iac/adapters/terraform/nifcloud/network/load_balancer.go +++ b/pkg/iac/adapters/terraform/nifcloud/network/load_balancer.go @@ -3,7 +3,7 @@ package network import ( "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/network" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptLoadBalancers(modules terraform.Modules) []network.LoadBalancer { @@ -31,21 +31,21 @@ func adaptLoadBalancer(resource *terraform.Block, modules terraform.Modules) net } func adaptListener(resource *terraform.Block) network.LoadBalancerListener { - protocolVal := defsecTypes.String("", resource.GetMetadata()) - policyVal := defsecTypes.String("", resource.GetMetadata()) + protocolVal := iacTypes.String("", resource.GetMetadata()) + policyVal := iacTypes.String("", resource.GetMetadata()) portAttr := resource.GetAttribute("load_balancer_port") if portAttr.IsNotNil() && portAttr.IsNumber() { port := portAttr.AsNumber() switch port { case 21: - protocolVal = defsecTypes.String("FTP", portAttr.GetMetadata()) + protocolVal = iacTypes.String("FTP", portAttr.GetMetadata()) case 80: - protocolVal = defsecTypes.String("HTTP", portAttr.GetMetadata()) + protocolVal = iacTypes.String("HTTP", portAttr.GetMetadata()) case 443: - protocolVal = defsecTypes.String("HTTPS", portAttr.GetMetadata()) + protocolVal = iacTypes.String("HTTPS", portAttr.GetMetadata()) default: - protocolVal = defsecTypes.String("custom", portAttr.GetMetadata()) + protocolVal = iacTypes.String("custom", portAttr.GetMetadata()) } } diff --git a/pkg/iac/adapters/terraform/nifcloud/network/load_balancer_test.go b/pkg/iac/adapters/terraform/nifcloud/network/load_balancer_test.go index 623528e4724f..b94b0e43353d 100644 --- a/pkg/iac/adapters/terraform/nifcloud/network/load_balancer_test.go +++ b/pkg/iac/adapters/terraform/nifcloud/network/load_balancer_test.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/network" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Test_adaptLoadBalancers(t *testing.T) { @@ -32,17 +32,17 @@ func Test_adaptLoadBalancers(t *testing.T) { `, expected: []network.LoadBalancer{{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Listeners: []network.LoadBalancerListener{ { - Metadata: defsecTypes.NewTestMetadata(), - TLSPolicy: defsecTypes.String("example-ssl-policy-id", defsecTypes.NewTestMetadata()), - Protocol: defsecTypes.String("HTTP", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + TLSPolicy: iacTypes.String("example-ssl-policy-id", iacTypes.NewTestMetadata()), + Protocol: iacTypes.String("HTTP", iacTypes.NewTestMetadata()), }, { - Metadata: defsecTypes.NewTestMetadata(), - TLSPolicy: defsecTypes.String("example-ssl-policy-name", defsecTypes.NewTestMetadata()), - Protocol: defsecTypes.String("HTTPS", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + TLSPolicy: iacTypes.String("example-ssl-policy-name", iacTypes.NewTestMetadata()), + Protocol: iacTypes.String("HTTPS", iacTypes.NewTestMetadata()), }, }, }}, @@ -55,9 +55,9 @@ func Test_adaptLoadBalancers(t *testing.T) { `, expected: []network.LoadBalancer{{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), Listeners: []network.LoadBalancerListener{{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: iacTypes.NewTestMetadata(), }}, }}, }, diff --git a/pkg/iac/adapters/terraform/nifcloud/network/router_test.go b/pkg/iac/adapters/terraform/nifcloud/network/router_test.go index bdfa52200588..e60c554917f6 100644 --- a/pkg/iac/adapters/terraform/nifcloud/network/router_test.go +++ b/pkg/iac/adapters/terraform/nifcloud/network/router_test.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/network" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Test_adaptRouters(t *testing.T) { @@ -26,12 +26,12 @@ func Test_adaptRouters(t *testing.T) { } `, expected: []network.Router{{ - Metadata: defsecTypes.NewTestMetadata(), - SecurityGroup: defsecTypes.String("example-security-group", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + SecurityGroup: iacTypes.String("example-security-group", iacTypes.NewTestMetadata()), NetworkInterfaces: []network.NetworkInterface{ { - Metadata: defsecTypes.NewTestMetadata(), - NetworkID: defsecTypes.String("net-COMMON_PRIVATE", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + NetworkID: iacTypes.String("net-COMMON_PRIVATE", iacTypes.NewTestMetadata()), }, }, }}, @@ -46,12 +46,12 @@ func Test_adaptRouters(t *testing.T) { `, expected: []network.Router{{ - Metadata: defsecTypes.NewTestMetadata(), - SecurityGroup: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + SecurityGroup: iacTypes.String("", iacTypes.NewTestMetadata()), NetworkInterfaces: []network.NetworkInterface{ { - Metadata: defsecTypes.NewTestMetadata(), - NetworkID: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + NetworkID: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, }}, diff --git a/pkg/iac/adapters/terraform/nifcloud/network/vpn_gateway_test.go b/pkg/iac/adapters/terraform/nifcloud/network/vpn_gateway_test.go index f949da00eaa0..b9499c078518 100644 --- a/pkg/iac/adapters/terraform/nifcloud/network/vpn_gateway_test.go +++ b/pkg/iac/adapters/terraform/nifcloud/network/vpn_gateway_test.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/network" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func Test_adaptVpnGateways(t *testing.T) { @@ -23,8 +23,8 @@ func Test_adaptVpnGateways(t *testing.T) { } `, expected: []network.VpnGateway{{ - Metadata: defsecTypes.NewTestMetadata(), - SecurityGroup: defsecTypes.String("example-security-group", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + SecurityGroup: iacTypes.String("example-security-group", iacTypes.NewTestMetadata()), }}, }, { @@ -35,8 +35,8 @@ func Test_adaptVpnGateways(t *testing.T) { `, expected: []network.VpnGateway{{ - Metadata: defsecTypes.NewTestMetadata(), - SecurityGroup: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + SecurityGroup: iacTypes.String("", iacTypes.NewTestMetadata()), }}, }, } diff --git a/pkg/iac/adapters/terraform/nifcloud/rdb/db_instance_test.go b/pkg/iac/adapters/terraform/nifcloud/rdb/db_instance_test.go index aec5edea71d8..de09fe59e4e8 100644 --- a/pkg/iac/adapters/terraform/nifcloud/rdb/db_instance_test.go +++ b/pkg/iac/adapters/terraform/nifcloud/rdb/db_instance_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/rdb" ) @@ -28,12 +28,12 @@ func Test_adaptDBInstances(t *testing.T) { } `, expected: []rdb.DBInstance{{ - Metadata: defsecTypes.NewTestMetadata(), - BackupRetentionPeriodDays: defsecTypes.Int(2, defsecTypes.NewTestMetadata()), - Engine: defsecTypes.String("MySQL", defsecTypes.NewTestMetadata()), - EngineVersion: defsecTypes.String("5.7.15", defsecTypes.NewTestMetadata()), - NetworkID: defsecTypes.String("example-network", defsecTypes.NewTestMetadata()), - PublicAccess: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + BackupRetentionPeriodDays: iacTypes.Int(2, iacTypes.NewTestMetadata()), + Engine: iacTypes.String("MySQL", iacTypes.NewTestMetadata()), + EngineVersion: iacTypes.String("5.7.15", iacTypes.NewTestMetadata()), + NetworkID: iacTypes.String("example-network", iacTypes.NewTestMetadata()), + PublicAccess: iacTypes.Bool(false, iacTypes.NewTestMetadata()), }}, }, { @@ -44,12 +44,12 @@ func Test_adaptDBInstances(t *testing.T) { `, expected: []rdb.DBInstance{{ - Metadata: defsecTypes.NewTestMetadata(), - BackupRetentionPeriodDays: defsecTypes.Int(0, defsecTypes.NewTestMetadata()), - Engine: defsecTypes.String("", defsecTypes.NewTestMetadata()), - EngineVersion: defsecTypes.String("", defsecTypes.NewTestMetadata()), - NetworkID: defsecTypes.String("net-COMMON_PRIVATE", defsecTypes.NewTestMetadata()), - PublicAccess: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + BackupRetentionPeriodDays: iacTypes.Int(0, iacTypes.NewTestMetadata()), + Engine: iacTypes.String("", iacTypes.NewTestMetadata()), + EngineVersion: iacTypes.String("", iacTypes.NewTestMetadata()), + NetworkID: iacTypes.String("net-COMMON_PRIVATE", iacTypes.NewTestMetadata()), + PublicAccess: iacTypes.Bool(true, iacTypes.NewTestMetadata()), }}, }, } diff --git a/pkg/iac/adapters/terraform/nifcloud/rdb/db_security_group.go b/pkg/iac/adapters/terraform/nifcloud/rdb/db_security_group.go index 74992a52cde0..e78d95ea0e3f 100644 --- a/pkg/iac/adapters/terraform/nifcloud/rdb/db_security_group.go +++ b/pkg/iac/adapters/terraform/nifcloud/rdb/db_security_group.go @@ -3,7 +3,7 @@ package rdb import ( "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/rdb" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptDBSecurityGroups(modules terraform.Modules) []rdb.DBSecurityGroup { @@ -16,7 +16,7 @@ func adaptDBSecurityGroups(modules terraform.Modules) []rdb.DBSecurityGroup { } func adaptDBSecurityGroup(resource *terraform.Block) rdb.DBSecurityGroup { - var cidrs []defsecTypes.StringValue + var cidrs []iacTypes.StringValue for _, rule := range resource.GetBlocks("rule") { cidrs = append(cidrs, rule.GetAttribute("cidr_ip").AsStringValueOrDefault("", resource)) diff --git a/pkg/iac/adapters/terraform/nifcloud/rdb/db_security_group_test.go b/pkg/iac/adapters/terraform/nifcloud/rdb/db_security_group_test.go index 5f4d2291f63f..ab4fc34f1384 100644 --- a/pkg/iac/adapters/terraform/nifcloud/rdb/db_security_group_test.go +++ b/pkg/iac/adapters/terraform/nifcloud/rdb/db_security_group_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/rdb" ) @@ -28,10 +28,10 @@ func Test_adaptDBSecurityGroups(t *testing.T) { } `, expected: []rdb.DBSecurityGroup{{ - Metadata: defsecTypes.NewTestMetadata(), - Description: defsecTypes.String("memo", defsecTypes.NewTestMetadata()), - CIDRs: []defsecTypes.StringValue{ - defsecTypes.String("0.0.0.0/0", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Description: iacTypes.String("memo", iacTypes.NewTestMetadata()), + CIDRs: []iacTypes.StringValue{ + iacTypes.String("0.0.0.0/0", iacTypes.NewTestMetadata()), }, }}, }, @@ -45,10 +45,10 @@ func Test_adaptDBSecurityGroups(t *testing.T) { `, expected: []rdb.DBSecurityGroup{{ - Metadata: defsecTypes.NewTestMetadata(), - Description: defsecTypes.String("", defsecTypes.NewTestMetadata()), - CIDRs: []defsecTypes.StringValue{ - defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Description: iacTypes.String("", iacTypes.NewTestMetadata()), + CIDRs: []iacTypes.StringValue{ + iacTypes.String("", iacTypes.NewTestMetadata()), }, }}, }, diff --git a/pkg/iac/adapters/terraform/nifcloud/sslcertificate/server_certificate.go b/pkg/iac/adapters/terraform/nifcloud/sslcertificate/server_certificate.go index 372815cf9648..7c08d0d78ca3 100644 --- a/pkg/iac/adapters/terraform/nifcloud/sslcertificate/server_certificate.go +++ b/pkg/iac/adapters/terraform/nifcloud/sslcertificate/server_certificate.go @@ -6,7 +6,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/sslcertificate" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptServerCertificates(modules terraform.Modules) []sslcertificate.ServerCertificate { @@ -20,15 +20,15 @@ func adaptServerCertificates(modules terraform.Modules) []sslcertificate.ServerC func adaptServerCertificate(resource *terraform.Block) sslcertificate.ServerCertificate { certificateAttr := resource.GetAttribute("certificate") - expiryDateVal := defsecTypes.TimeUnresolvable(resource.GetMetadata()) + expiryDateVal := iacTypes.TimeUnresolvable(resource.GetMetadata()) if certificateAttr.IsNotNil() { - expiryDateVal = defsecTypes.TimeUnresolvable(certificateAttr.GetMetadata()) + expiryDateVal = iacTypes.TimeUnresolvable(certificateAttr.GetMetadata()) if certificateAttr.IsString() { certificateString := certificateAttr.Value().AsString() if block, _ := pem.Decode([]byte(certificateString)); block != nil { if cert, err := x509.ParseCertificate(block.Bytes); err == nil { - expiryDateVal = defsecTypes.Time(cert.NotAfter, certificateAttr.GetMetadata()) + expiryDateVal = iacTypes.Time(cert.NotAfter, certificateAttr.GetMetadata()) } } } diff --git a/pkg/iac/adapters/terraform/nifcloud/sslcertificate/server_certificate_test.go b/pkg/iac/adapters/terraform/nifcloud/sslcertificate/server_certificate_test.go index 53987d3a3149..1b9006034ce2 100644 --- a/pkg/iac/adapters/terraform/nifcloud/sslcertificate/server_certificate_test.go +++ b/pkg/iac/adapters/terraform/nifcloud/sslcertificate/server_certificate_test.go @@ -7,7 +7,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" "github.com/aquasecurity/trivy/pkg/iac/providers/nifcloud/sslcertificate" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) const certificate = ` @@ -39,11 +39,11 @@ func Test_adaptServerCertificates(t *testing.T) { } `, expected: []sslcertificate.ServerCertificate{{ - Metadata: defsecTypes.NewTestMetadata(), - Expiration: defsecTypes.Time(func(timeVal string) time.Time { + Metadata: iacTypes.NewTestMetadata(), + Expiration: iacTypes.Time(func(timeVal string) time.Time { parsed, _ := time.Parse(time.RFC3339, timeVal) return parsed - }("2015-09-12T21:52:02Z"), defsecTypes.NewTestMetadata()), + }("2015-09-12T21:52:02Z"), iacTypes.NewTestMetadata()), }}, }, { @@ -54,8 +54,8 @@ func Test_adaptServerCertificates(t *testing.T) { `, expected: []sslcertificate.ServerCertificate{{ - Metadata: defsecTypes.NewTestMetadata(), - Expiration: defsecTypes.Time(time.Time{}, defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Expiration: iacTypes.Time(time.Time{}, iacTypes.NewTestMetadata()), }}, }, } diff --git a/pkg/iac/adapters/terraform/openstack/adapt_test.go b/pkg/iac/adapters/terraform/openstack/adapt_test.go index 10616df1bfe3..0f04b570ff86 100644 --- a/pkg/iac/adapters/terraform/openstack/adapt_test.go +++ b/pkg/iac/adapters/terraform/openstack/adapt_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/internal/testutil" "github.com/aquasecurity/trivy/pkg/iac/adapters/terraform/tftestutil" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/openstack" @@ -30,8 +30,8 @@ func TestFields(t *testing.T) { Compute: openstack.Compute{ Instances: []openstack.Instance{ { - Metadata: defsecTypes.NewTestMetadata(), - AdminPassword: defsecTypes.String("N0tSoS3cretP4ssw0rd", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + AdminPassword: iacTypes.String("N0tSoS3cretP4ssw0rd", iacTypes.NewTestMetadata()), }, }, }, @@ -46,8 +46,8 @@ func TestFields(t *testing.T) { Compute: openstack.Compute{ Instances: []openstack.Instance{ { - Metadata: defsecTypes.NewTestMetadata(), - AdminPassword: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + AdminPassword: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, }, @@ -69,12 +69,12 @@ func TestFields(t *testing.T) { Firewall: openstack.Firewall{ AllowRules: []openstack.FirewallRule{ { - Metadata: defsecTypes.NewTestMetadata(), - Enabled: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), - Destination: defsecTypes.String("10.10.10.1", defsecTypes.NewTestMetadata()), - Source: defsecTypes.String("10.10.10.2", defsecTypes.NewTestMetadata()), - DestinationPort: defsecTypes.String("22", defsecTypes.NewTestMetadata()), - SourcePort: defsecTypes.String("", defsecTypes.NewTestMetadata()), + Metadata: iacTypes.NewTestMetadata(), + Enabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()), + Destination: iacTypes.String("10.10.10.1", iacTypes.NewTestMetadata()), + Source: iacTypes.String("10.10.10.2", iacTypes.NewTestMetadata()), + DestinationPort: iacTypes.String("22", iacTypes.NewTestMetadata()), + SourcePort: iacTypes.String("", iacTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/iac/adapters/terraform/openstack/networking.go b/pkg/iac/adapters/terraform/openstack/networking.go index e99ff4c5bd14..ab7578f635a6 100644 --- a/pkg/iac/adapters/terraform/openstack/networking.go +++ b/pkg/iac/adapters/terraform/openstack/networking.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/openstack" "github.com/aquasecurity/trivy/pkg/iac/terraform" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func adaptNetworking(modules terraform.Modules) openstack.Networking { @@ -29,8 +29,8 @@ func adaptSecurityGroups(modules terraform.Modules) []openstack.SecurityGroup { for _, ruleBlock := range modules.GetResourcesByType("openstack_networking_secgroup_rule_v2") { rule := openstack.SecurityGroupRule{ Metadata: ruleBlock.GetMetadata(), - IsIngress: defsecTypes.Bool(true, ruleBlock.GetMetadata()), - EtherType: defsecTypes.IntDefault(4, ruleBlock.GetMetadata()), + IsIngress: iacTypes.Bool(true, ruleBlock.GetMetadata()), + EtherType: iacTypes.IntDefault(4, ruleBlock.GetMetadata()), Protocol: ruleBlock.GetAttribute("protocol").AsStringValueOrDefault("tcp", ruleBlock), PortMin: ruleBlock.GetAttribute("port_range_min").AsIntValueOrDefault(0, ruleBlock), PortMax: ruleBlock.GetAttribute("port_range_max").AsIntValueOrDefault(0, ruleBlock), @@ -39,16 +39,16 @@ func adaptSecurityGroups(modules terraform.Modules) []openstack.SecurityGroup { switch etherType := ruleBlock.GetAttribute("ethertype"); { case etherType.Equals("IPv4"): - rule.EtherType = defsecTypes.Int(4, etherType.GetMetadata()) + rule.EtherType = iacTypes.Int(4, etherType.GetMetadata()) case etherType.Equals("IPv6"): - rule.EtherType = defsecTypes.Int(6, etherType.GetMetadata()) + rule.EtherType = iacTypes.Int(6, etherType.GetMetadata()) } switch direction := ruleBlock.GetAttribute("direction"); { case direction.Equals("egress"): - rule.IsIngress = defsecTypes.Bool(false, direction.GetMetadata()) + rule.IsIngress = iacTypes.Bool(false, direction.GetMetadata()) case direction.Equals("ingress"): - rule.IsIngress = defsecTypes.Bool(true, direction.GetMetadata()) + rule.IsIngress = iacTypes.Bool(true, direction.GetMetadata()) } groupID := ruleBlock.GetAttribute("security_group_id") @@ -61,9 +61,9 @@ func adaptSecurityGroups(modules terraform.Modules) []openstack.SecurityGroup { } group := openstack.SecurityGroup{ - Metadata: defsecTypes.NewUnmanagedMetadata(), - Name: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), - Description: defsecTypes.StringDefault("", defsecTypes.NewUnmanagedMetadata()), + Metadata: iacTypes.NewUnmanagedMetadata(), + Name: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), + Description: iacTypes.StringDefault("", iacTypes.NewUnmanagedMetadata()), Rules: []openstack.SecurityGroupRule{rule}, } groupMap[uuid.NewString()] = group diff --git a/pkg/iac/providers/aws/apigateway/v1/apigateway.go b/pkg/iac/providers/aws/apigateway/v1/apigateway.go index 50687e6ae4ff..626d91d513b7 100755 --- a/pkg/iac/providers/aws/apigateway/v1/apigateway.go +++ b/pkg/iac/providers/aws/apigateway/v1/apigateway.go @@ -1,7 +1,7 @@ package v1 import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type APIGateway struct { @@ -10,35 +10,35 @@ type APIGateway struct { } type API struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue Stages []Stage Resources []Resource } type Stage struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue AccessLogging AccessLogging - XRayTracingEnabled defsecTypes.BoolValue + XRayTracingEnabled iacTypes.BoolValue RESTMethodSettings []RESTMethodSettings } type Resource struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Methods []Method } type AccessLogging struct { - Metadata defsecTypes.Metadata - CloudwatchLogGroupARN defsecTypes.StringValue + Metadata iacTypes.Metadata + CloudwatchLogGroupARN iacTypes.StringValue } type RESTMethodSettings struct { - Metadata defsecTypes.Metadata - Method defsecTypes.StringValue - CacheDataEncrypted defsecTypes.BoolValue - CacheEnabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + Method iacTypes.StringValue + CacheDataEncrypted iacTypes.BoolValue + CacheEnabled iacTypes.BoolValue } const ( @@ -49,14 +49,14 @@ const ( ) type Method struct { - Metadata defsecTypes.Metadata - HTTPMethod defsecTypes.StringValue - AuthorizationType defsecTypes.StringValue - APIKeyRequired defsecTypes.BoolValue + Metadata iacTypes.Metadata + HTTPMethod iacTypes.StringValue + AuthorizationType iacTypes.StringValue + APIKeyRequired iacTypes.BoolValue } type DomainName struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue - SecurityPolicy defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue + SecurityPolicy iacTypes.StringValue } diff --git a/pkg/iac/providers/aws/apigateway/v2/apigateway.go b/pkg/iac/providers/aws/apigateway/v2/apigateway.go index 44a6ab8d45af..5a87e8ffbca7 100755 --- a/pkg/iac/providers/aws/apigateway/v2/apigateway.go +++ b/pkg/iac/providers/aws/apigateway/v2/apigateway.go @@ -1,7 +1,7 @@ package v2 import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type APIGateway struct { @@ -17,25 +17,25 @@ const ( ) type API struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue - ProtocolType defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue + ProtocolType iacTypes.StringValue Stages []Stage } type Stage struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue AccessLogging AccessLogging } type AccessLogging struct { - Metadata defsecTypes.Metadata - CloudwatchLogGroupARN defsecTypes.StringValue + Metadata iacTypes.Metadata + CloudwatchLogGroupARN iacTypes.StringValue } type DomainName struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue - SecurityPolicy defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue + SecurityPolicy iacTypes.StringValue } diff --git a/pkg/iac/providers/aws/athena/athena.go b/pkg/iac/providers/aws/athena/athena.go index 80eb56332e54..537a4b63d6b0 100755 --- a/pkg/iac/providers/aws/athena/athena.go +++ b/pkg/iac/providers/aws/athena/athena.go @@ -1,7 +1,7 @@ package athena import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Athena struct { @@ -10,16 +10,16 @@ type Athena struct { } type Database struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue Encryption EncryptionConfiguration } type Workgroup struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue Encryption EncryptionConfiguration - EnforceConfiguration defsecTypes.BoolValue + EnforceConfiguration iacTypes.BoolValue } const ( @@ -30,6 +30,6 @@ const ( ) type EncryptionConfiguration struct { - Metadata defsecTypes.Metadata - Type defsecTypes.StringValue + Metadata iacTypes.Metadata + Type iacTypes.StringValue } diff --git a/pkg/iac/providers/aws/cloudfront/cloudfront.go b/pkg/iac/providers/aws/cloudfront/cloudfront.go index 806ec20cc5be..0c4914e4c3bb 100755 --- a/pkg/iac/providers/aws/cloudfront/cloudfront.go +++ b/pkg/iac/providers/aws/cloudfront/cloudfront.go @@ -1,7 +1,7 @@ package cloudfront import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Cloudfront struct { @@ -9,8 +9,8 @@ type Cloudfront struct { } type Distribution struct { - Metadata defsecTypes.Metadata - WAFID defsecTypes.StringValue + Metadata iacTypes.Metadata + WAFID iacTypes.StringValue Logging Logging DefaultCacheBehaviour CacheBehaviour OrdererCacheBehaviours []CacheBehaviour @@ -18,13 +18,13 @@ type Distribution struct { } type Logging struct { - Metadata defsecTypes.Metadata - Bucket defsecTypes.StringValue + Metadata iacTypes.Metadata + Bucket iacTypes.StringValue } type CacheBehaviour struct { - Metadata defsecTypes.Metadata - ViewerProtocolPolicy defsecTypes.StringValue + Metadata iacTypes.Metadata + ViewerProtocolPolicy iacTypes.StringValue } const ( @@ -38,8 +38,8 @@ const ( ) type ViewerCertificate struct { - Metadata defsecTypes.Metadata - CloudfrontDefaultCertificate defsecTypes.BoolValue - SSLSupportMethod defsecTypes.StringValue - MinimumProtocolVersion defsecTypes.StringValue + Metadata iacTypes.Metadata + CloudfrontDefaultCertificate iacTypes.BoolValue + SSLSupportMethod iacTypes.StringValue + MinimumProtocolVersion iacTypes.StringValue } diff --git a/pkg/iac/providers/aws/cloudtrail/cloudtrail.go b/pkg/iac/providers/aws/cloudtrail/cloudtrail.go index defb29605955..8e5da87e7c89 100755 --- a/pkg/iac/providers/aws/cloudtrail/cloudtrail.go +++ b/pkg/iac/providers/aws/cloudtrail/cloudtrail.go @@ -1,7 +1,7 @@ package cloudtrail import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type CloudTrail struct { @@ -18,25 +18,25 @@ func (c CloudTrail) MultiRegionTrails() (multiRegionTrails []Trail) { } type Trail struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue - EnableLogFileValidation defsecTypes.BoolValue - IsMultiRegion defsecTypes.BoolValue - KMSKeyID defsecTypes.StringValue - CloudWatchLogsLogGroupArn defsecTypes.StringValue - IsLogging defsecTypes.BoolValue - BucketName defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue + EnableLogFileValidation iacTypes.BoolValue + IsMultiRegion iacTypes.BoolValue + KMSKeyID iacTypes.StringValue + CloudWatchLogsLogGroupArn iacTypes.StringValue + IsLogging iacTypes.BoolValue + BucketName iacTypes.StringValue EventSelectors []EventSelector } type EventSelector struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata DataResources []DataResource - ReadWriteType defsecTypes.StringValue // ReadOnly, WriteOnly, All. Default value is All for TF. + ReadWriteType iacTypes.StringValue // ReadOnly, WriteOnly, All. Default value is All for TF. } type DataResource struct { - Metadata defsecTypes.Metadata - Type defsecTypes.StringValue // You can specify only the following value: "AWS::S3::Object", "AWS::Lambda::Function" and "AWS::DynamoDB::Table". - Values []defsecTypes.StringValue // List of ARNs/partial ARNs - e.g. arn:aws:s3:::/ for all objects in a bucket, arn:aws:s3:::/key for specific objects + Metadata iacTypes.Metadata + Type iacTypes.StringValue // You can specify only the following value: "AWS::S3::Object", "AWS::Lambda::Function" and "AWS::DynamoDB::Table". + Values []iacTypes.StringValue // List of ARNs/partial ARNs - e.g. arn:aws:s3:::/ for all objects in a bucket, arn:aws:s3:::/key for specific objects } diff --git a/pkg/iac/providers/aws/cloudwatch/cloudwatch.go b/pkg/iac/providers/aws/cloudwatch/cloudwatch.go index 664c031dccb7..630ed84e64ef 100755 --- a/pkg/iac/providers/aws/cloudwatch/cloudwatch.go +++ b/pkg/iac/providers/aws/cloudwatch/cloudwatch.go @@ -1,7 +1,7 @@ package cloudwatch import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type CloudWatch struct { @@ -28,36 +28,36 @@ func (w CloudWatch) GetAlarmByMetricName(metricName string) (alarm *Alarm) { } type Alarm struct { - Metadata defsecTypes.Metadata - AlarmName defsecTypes.StringValue - MetricName defsecTypes.StringValue + Metadata iacTypes.Metadata + AlarmName iacTypes.StringValue + MetricName iacTypes.StringValue Dimensions []AlarmDimension Metrics []MetricDataQuery } type AlarmDimension struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue - Value defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue + Value iacTypes.StringValue } type MetricFilter struct { - Metadata defsecTypes.Metadata - FilterName defsecTypes.StringValue - FilterPattern defsecTypes.StringValue + Metadata iacTypes.Metadata + FilterName iacTypes.StringValue + FilterPattern iacTypes.StringValue } type MetricDataQuery struct { - Metadata defsecTypes.Metadata - Expression defsecTypes.StringValue - ID defsecTypes.StringValue + Metadata iacTypes.Metadata + Expression iacTypes.StringValue + ID iacTypes.StringValue } type LogGroup struct { - Metadata defsecTypes.Metadata - Arn defsecTypes.StringValue - Name defsecTypes.StringValue - KMSKeyID defsecTypes.StringValue - RetentionInDays defsecTypes.IntValue + Metadata iacTypes.Metadata + Arn iacTypes.StringValue + Name iacTypes.StringValue + KMSKeyID iacTypes.StringValue + RetentionInDays iacTypes.IntValue MetricFilters []MetricFilter } diff --git a/pkg/iac/providers/aws/codebuild/codebuild.go b/pkg/iac/providers/aws/codebuild/codebuild.go index 000dc644beaf..34115ce40cd5 100755 --- a/pkg/iac/providers/aws/codebuild/codebuild.go +++ b/pkg/iac/providers/aws/codebuild/codebuild.go @@ -1,7 +1,7 @@ package codebuild import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type CodeBuild struct { @@ -9,12 +9,12 @@ type CodeBuild struct { } type Project struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata ArtifactSettings ArtifactSettings SecondaryArtifactSettings []ArtifactSettings } type ArtifactSettings struct { - Metadata defsecTypes.Metadata - EncryptionEnabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + EncryptionEnabled iacTypes.BoolValue } diff --git a/pkg/iac/providers/aws/config/config.go b/pkg/iac/providers/aws/config/config.go index cd35213477b5..ef18539f3bfa 100755 --- a/pkg/iac/providers/aws/config/config.go +++ b/pkg/iac/providers/aws/config/config.go @@ -1,7 +1,7 @@ package config import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Config struct { @@ -9,6 +9,6 @@ type Config struct { } type ConfigurationAggregrator struct { - Metadata defsecTypes.Metadata - SourceAllRegions defsecTypes.BoolValue + Metadata iacTypes.Metadata + SourceAllRegions iacTypes.BoolValue } diff --git a/pkg/iac/providers/aws/documentdb/documentdb.go b/pkg/iac/providers/aws/documentdb/documentdb.go index 1c2aeacc1e4f..c1bdc0a73854 100755 --- a/pkg/iac/providers/aws/documentdb/documentdb.go +++ b/pkg/iac/providers/aws/documentdb/documentdb.go @@ -1,7 +1,7 @@ package documentdb import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type DocumentDB struct { @@ -14,16 +14,16 @@ const ( ) type Cluster struct { - Metadata defsecTypes.Metadata - Identifier defsecTypes.StringValue - EnabledLogExports []defsecTypes.StringValue - BackupRetentionPeriod defsecTypes.IntValue + Metadata iacTypes.Metadata + Identifier iacTypes.StringValue + EnabledLogExports []iacTypes.StringValue + BackupRetentionPeriod iacTypes.IntValue Instances []Instance - StorageEncrypted defsecTypes.BoolValue - KMSKeyID defsecTypes.StringValue + StorageEncrypted iacTypes.BoolValue + KMSKeyID iacTypes.StringValue } type Instance struct { - Metadata defsecTypes.Metadata - KMSKeyID defsecTypes.StringValue + Metadata iacTypes.Metadata + KMSKeyID iacTypes.StringValue } diff --git a/pkg/iac/providers/aws/dynamodb/dynamodb.go b/pkg/iac/providers/aws/dynamodb/dynamodb.go index ef25f205d79a..eef0d5d532c0 100755 --- a/pkg/iac/providers/aws/dynamodb/dynamodb.go +++ b/pkg/iac/providers/aws/dynamodb/dynamodb.go @@ -1,7 +1,7 @@ package dynamodb import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type DynamoDB struct { @@ -10,21 +10,21 @@ type DynamoDB struct { } type DAXCluster struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata ServerSideEncryption ServerSideEncryption - PointInTimeRecovery defsecTypes.BoolValue + PointInTimeRecovery iacTypes.BoolValue } type Table struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata ServerSideEncryption ServerSideEncryption - PointInTimeRecovery defsecTypes.BoolValue + PointInTimeRecovery iacTypes.BoolValue } type ServerSideEncryption struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue - KMSKeyID defsecTypes.StringValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue + KMSKeyID iacTypes.StringValue } const DefaultKMSKeyID = "alias/aws/dynamodb" diff --git a/pkg/iac/providers/aws/ec2/instance.go b/pkg/iac/providers/aws/ec2/instance.go index 86ec15c2316c..09ecede5592b 100644 --- a/pkg/iac/providers/aws/ec2/instance.go +++ b/pkg/iac/providers/aws/ec2/instance.go @@ -3,38 +3,38 @@ package ec2 import ( "github.com/owenrumney/squealer/pkg/squealer" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Instance struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata MetadataOptions MetadataOptions - UserData defsecTypes.StringValue + UserData iacTypes.StringValue SecurityGroups []SecurityGroup RootBlockDevice *BlockDevice EBSBlockDevices []*BlockDevice } type BlockDevice struct { - Metadata defsecTypes.Metadata - Encrypted defsecTypes.BoolValue + Metadata iacTypes.Metadata + Encrypted iacTypes.BoolValue } type MetadataOptions struct { - Metadata defsecTypes.Metadata - HttpTokens defsecTypes.StringValue - HttpEndpoint defsecTypes.StringValue + Metadata iacTypes.Metadata + HttpTokens iacTypes.StringValue + HttpEndpoint iacTypes.StringValue } -func NewInstance(metadata defsecTypes.Metadata) *Instance { +func NewInstance(metadata iacTypes.Metadata) *Instance { return &Instance{ Metadata: metadata, MetadataOptions: MetadataOptions{ Metadata: metadata, - HttpTokens: defsecTypes.StringDefault("optional", metadata), - HttpEndpoint: defsecTypes.StringDefault("enabled", metadata), + HttpTokens: iacTypes.StringDefault("optional", metadata), + HttpEndpoint: iacTypes.StringDefault("enabled", metadata), }, - UserData: defsecTypes.StringDefault("", metadata), + UserData: iacTypes.StringDefault("", metadata), SecurityGroups: []SecurityGroup{}, RootBlockDevice: nil, EBSBlockDevices: nil, diff --git a/pkg/iac/providers/aws/ec2/launch.go b/pkg/iac/providers/aws/ec2/launch.go index d4d724cbb082..9b7c4c711e01 100644 --- a/pkg/iac/providers/aws/ec2/launch.go +++ b/pkg/iac/providers/aws/ec2/launch.go @@ -1,22 +1,22 @@ package ec2 import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type LaunchConfiguration struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue - AssociatePublicIP defsecTypes.BoolValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue + AssociatePublicIP iacTypes.BoolValue RootBlockDevice *BlockDevice EBSBlockDevices []*BlockDevice MetadataOptions MetadataOptions - UserData defsecTypes.StringValue + UserData iacTypes.StringValue } type LaunchTemplate struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue Instance } diff --git a/pkg/iac/providers/aws/ec2/subnet.go b/pkg/iac/providers/aws/ec2/subnet.go index 0def21e96152..18f605011e07 100644 --- a/pkg/iac/providers/aws/ec2/subnet.go +++ b/pkg/iac/providers/aws/ec2/subnet.go @@ -1,10 +1,10 @@ package ec2 import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Subnet struct { - Metadata defsecTypes.Metadata - MapPublicIpOnLaunch defsecTypes.BoolValue + Metadata iacTypes.Metadata + MapPublicIpOnLaunch iacTypes.BoolValue } diff --git a/pkg/iac/providers/aws/ec2/volume.go b/pkg/iac/providers/aws/ec2/volume.go index adaaff89e340..3258a3ee6c5a 100644 --- a/pkg/iac/providers/aws/ec2/volume.go +++ b/pkg/iac/providers/aws/ec2/volume.go @@ -1,16 +1,16 @@ package ec2 import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Volume struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Encryption Encryption } type Encryption struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue - KMSKeyID defsecTypes.StringValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue + KMSKeyID iacTypes.StringValue } diff --git a/pkg/iac/providers/aws/ec2/vpc.go b/pkg/iac/providers/aws/ec2/vpc.go index 0d78e9774fde..bce7fb4de2a8 100644 --- a/pkg/iac/providers/aws/ec2/vpc.go +++ b/pkg/iac/providers/aws/ec2/vpc.go @@ -1,36 +1,36 @@ package ec2 import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type NetworkACL struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Rules []NetworkACLRule - IsDefaultRule defsecTypes.BoolValue + IsDefaultRule iacTypes.BoolValue } type SecurityGroup struct { - Metadata defsecTypes.Metadata - IsDefault defsecTypes.BoolValue - Description defsecTypes.StringValue + Metadata iacTypes.Metadata + IsDefault iacTypes.BoolValue + Description iacTypes.StringValue IngressRules []SecurityGroupRule EgressRules []SecurityGroupRule - VPCID defsecTypes.StringValue + VPCID iacTypes.StringValue } type SecurityGroupRule struct { - Metadata defsecTypes.Metadata - Description defsecTypes.StringValue - CIDRs []defsecTypes.StringValue + Metadata iacTypes.Metadata + Description iacTypes.StringValue + CIDRs []iacTypes.StringValue } type VPC struct { - Metadata defsecTypes.Metadata - ID defsecTypes.StringValue - IsDefault defsecTypes.BoolValue + Metadata iacTypes.Metadata + ID iacTypes.StringValue + IsDefault iacTypes.BoolValue SecurityGroups []SecurityGroup - FlowLogsEnabled defsecTypes.BoolValue + FlowLogsEnabled iacTypes.BoolValue } const ( @@ -44,9 +44,9 @@ const ( ) type NetworkACLRule struct { - Metadata defsecTypes.Metadata - Type defsecTypes.StringValue - Action defsecTypes.StringValue - Protocol defsecTypes.StringValue - CIDRs []defsecTypes.StringValue + Metadata iacTypes.Metadata + Type iacTypes.StringValue + Action iacTypes.StringValue + Protocol iacTypes.StringValue + CIDRs []iacTypes.StringValue } diff --git a/pkg/iac/providers/aws/ecr/ecr.go b/pkg/iac/providers/aws/ecr/ecr.go index f1416794b20a..053b7f13dace 100755 --- a/pkg/iac/providers/aws/ecr/ecr.go +++ b/pkg/iac/providers/aws/ecr/ecr.go @@ -2,7 +2,7 @@ package ecr import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type ECR struct { @@ -10,16 +10,16 @@ type ECR struct { } type Repository struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata ImageScanning ImageScanning - ImageTagsImmutable defsecTypes.BoolValue + ImageTagsImmutable iacTypes.BoolValue Policies []iam.Policy Encryption Encryption } type ImageScanning struct { - Metadata defsecTypes.Metadata - ScanOnPush defsecTypes.BoolValue + Metadata iacTypes.Metadata + ScanOnPush iacTypes.BoolValue } const ( @@ -28,7 +28,7 @@ const ( ) type Encryption struct { - Metadata defsecTypes.Metadata - Type defsecTypes.StringValue - KMSKeyID defsecTypes.StringValue + Metadata iacTypes.Metadata + Type iacTypes.StringValue + KMSKeyID iacTypes.StringValue } diff --git a/pkg/iac/providers/aws/ecs/ecs.go b/pkg/iac/providers/aws/ecs/ecs.go index b52c8de16956..181c4a2ac90a 100755 --- a/pkg/iac/providers/aws/ecs/ecs.go +++ b/pkg/iac/providers/aws/ecs/ecs.go @@ -3,7 +3,7 @@ package ecs import ( "encoding/json" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type ECS struct { @@ -12,22 +12,22 @@ type ECS struct { } type Cluster struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Settings ClusterSettings } type ClusterSettings struct { - Metadata defsecTypes.Metadata - ContainerInsightsEnabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + ContainerInsightsEnabled iacTypes.BoolValue } type TaskDefinition struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Volumes []Volume ContainerDefinitions []ContainerDefinition } -func CreateDefinitionsFromString(metadata defsecTypes.Metadata, str string) ([]ContainerDefinition, error) { +func CreateDefinitionsFromString(metadata iacTypes.Metadata, str string) ([]ContainerDefinition, error) { var containerDefinitionsJSON []containerDefinitionJSON if err := json.Unmarshal([]byte(str), &containerDefinitionsJSON); err != nil { return nil, err @@ -61,12 +61,12 @@ type portMappingJSON struct { HostPort int `json:"hostPort"` } -func (j containerDefinitionJSON) convert(metadata defsecTypes.Metadata) ContainerDefinition { +func (j containerDefinitionJSON) convert(metadata iacTypes.Metadata) ContainerDefinition { var mappings []PortMapping for _, jMapping := range j.PortMappings { mappings = append(mappings, PortMapping{ - ContainerPort: defsecTypes.Int(jMapping.ContainerPort, metadata), - HostPort: defsecTypes.Int(jMapping.HostPort, metadata), + ContainerPort: iacTypes.Int(jMapping.ContainerPort, metadata), + HostPort: iacTypes.Int(jMapping.HostPort, metadata), }) } var envVars []EnvVar @@ -75,27 +75,27 @@ func (j containerDefinitionJSON) convert(metadata defsecTypes.Metadata) Containe } return ContainerDefinition{ Metadata: metadata, - Name: defsecTypes.String(j.Name, metadata), - Image: defsecTypes.String(j.Image, metadata), - CPU: defsecTypes.Int(j.CPU, metadata), - Memory: defsecTypes.Int(j.Memory, metadata), - Essential: defsecTypes.Bool(j.Essential, metadata), + Name: iacTypes.String(j.Name, metadata), + Image: iacTypes.String(j.Image, metadata), + CPU: iacTypes.Int(j.CPU, metadata), + Memory: iacTypes.Int(j.Memory, metadata), + Essential: iacTypes.Bool(j.Essential, metadata), PortMappings: mappings, Environment: envVars, - Privileged: defsecTypes.Bool(j.Privileged, metadata), + Privileged: iacTypes.Bool(j.Privileged, metadata), } } type ContainerDefinition struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue - Image defsecTypes.StringValue - CPU defsecTypes.IntValue - Memory defsecTypes.IntValue - Essential defsecTypes.BoolValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue + Image iacTypes.StringValue + CPU iacTypes.IntValue + Memory iacTypes.IntValue + Essential iacTypes.BoolValue PortMappings []PortMapping Environment []EnvVar - Privileged defsecTypes.BoolValue + Privileged iacTypes.BoolValue } type EnvVar struct { @@ -104,16 +104,16 @@ type EnvVar struct { } type PortMapping struct { - ContainerPort defsecTypes.IntValue - HostPort defsecTypes.IntValue + ContainerPort iacTypes.IntValue + HostPort iacTypes.IntValue } type Volume struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata EFSVolumeConfiguration EFSVolumeConfiguration } type EFSVolumeConfiguration struct { - Metadata defsecTypes.Metadata - TransitEncryptionEnabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + TransitEncryptionEnabled iacTypes.BoolValue } diff --git a/pkg/iac/providers/aws/efs/efs.go b/pkg/iac/providers/aws/efs/efs.go index 70821fc1572a..4e9765b7d500 100755 --- a/pkg/iac/providers/aws/efs/efs.go +++ b/pkg/iac/providers/aws/efs/efs.go @@ -1,7 +1,7 @@ package efs import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type EFS struct { @@ -9,6 +9,6 @@ type EFS struct { } type FileSystem struct { - Metadata defsecTypes.Metadata - Encrypted defsecTypes.BoolValue + Metadata iacTypes.Metadata + Encrypted iacTypes.BoolValue } diff --git a/pkg/iac/providers/aws/eks/eks.go b/pkg/iac/providers/aws/eks/eks.go index db4156058459..9eab8b563f65 100755 --- a/pkg/iac/providers/aws/eks/eks.go +++ b/pkg/iac/providers/aws/eks/eks.go @@ -1,7 +1,7 @@ package eks import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type EKS struct { @@ -9,24 +9,24 @@ type EKS struct { } type Cluster struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Logging Logging Encryption Encryption - PublicAccessEnabled defsecTypes.BoolValue - PublicAccessCIDRs []defsecTypes.StringValue + PublicAccessEnabled iacTypes.BoolValue + PublicAccessCIDRs []iacTypes.StringValue } type Logging struct { - Metadata defsecTypes.Metadata - API defsecTypes.BoolValue - Audit defsecTypes.BoolValue - Authenticator defsecTypes.BoolValue - ControllerManager defsecTypes.BoolValue - Scheduler defsecTypes.BoolValue + Metadata iacTypes.Metadata + API iacTypes.BoolValue + Audit iacTypes.BoolValue + Authenticator iacTypes.BoolValue + ControllerManager iacTypes.BoolValue + Scheduler iacTypes.BoolValue } type Encryption struct { - Metadata defsecTypes.Metadata - Secrets defsecTypes.BoolValue - KMSKeyID defsecTypes.StringValue + Metadata iacTypes.Metadata + Secrets iacTypes.BoolValue + KMSKeyID iacTypes.StringValue } diff --git a/pkg/iac/providers/aws/elasticache/elasticache.go b/pkg/iac/providers/aws/elasticache/elasticache.go index 37220fbf1e00..4069601b3193 100755 --- a/pkg/iac/providers/aws/elasticache/elasticache.go +++ b/pkg/iac/providers/aws/elasticache/elasticache.go @@ -1,7 +1,7 @@ package elasticache import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type ElastiCache struct { @@ -11,19 +11,19 @@ type ElastiCache struct { } type Cluster struct { - Metadata defsecTypes.Metadata - Engine defsecTypes.StringValue - NodeType defsecTypes.StringValue - SnapshotRetentionLimit defsecTypes.IntValue // days + Metadata iacTypes.Metadata + Engine iacTypes.StringValue + NodeType iacTypes.StringValue + SnapshotRetentionLimit iacTypes.IntValue // days } type ReplicationGroup struct { - Metadata defsecTypes.Metadata - TransitEncryptionEnabled defsecTypes.BoolValue - AtRestEncryptionEnabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + TransitEncryptionEnabled iacTypes.BoolValue + AtRestEncryptionEnabled iacTypes.BoolValue } type SecurityGroup struct { - Metadata defsecTypes.Metadata - Description defsecTypes.StringValue + Metadata iacTypes.Metadata + Description iacTypes.StringValue } diff --git a/pkg/iac/providers/aws/elasticsearch/elasticsearch.go b/pkg/iac/providers/aws/elasticsearch/elasticsearch.go index d31c30894d03..4f3cb0583681 100755 --- a/pkg/iac/providers/aws/elasticsearch/elasticsearch.go +++ b/pkg/iac/providers/aws/elasticsearch/elasticsearch.go @@ -1,7 +1,7 @@ package elasticsearch import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Elasticsearch struct { @@ -9,11 +9,11 @@ type Elasticsearch struct { } type Domain struct { - Metadata defsecTypes.Metadata - DomainName defsecTypes.StringValue - AccessPolicies defsecTypes.StringValue - DedicatedMasterEnabled defsecTypes.BoolValue - VpcId defsecTypes.StringValue + Metadata iacTypes.Metadata + DomainName iacTypes.StringValue + AccessPolicies iacTypes.StringValue + DedicatedMasterEnabled iacTypes.BoolValue + VpcId iacTypes.StringValue LogPublishing LogPublishing TransitEncryption TransitEncryption AtRestEncryption AtRestEncryption @@ -22,32 +22,32 @@ type Domain struct { } type ServiceSoftwareOptions struct { - Metadata defsecTypes.Metadata - CurrentVersion defsecTypes.StringValue - NewVersion defsecTypes.StringValue - UpdateAvailable defsecTypes.BoolValue - UpdateStatus defsecTypes.StringValue + Metadata iacTypes.Metadata + CurrentVersion iacTypes.StringValue + NewVersion iacTypes.StringValue + UpdateAvailable iacTypes.BoolValue + UpdateStatus iacTypes.StringValue } type Endpoint struct { - Metadata defsecTypes.Metadata - EnforceHTTPS defsecTypes.BoolValue - TLSPolicy defsecTypes.StringValue + Metadata iacTypes.Metadata + EnforceHTTPS iacTypes.BoolValue + TLSPolicy iacTypes.StringValue } type LogPublishing struct { - Metadata defsecTypes.Metadata - AuditEnabled defsecTypes.BoolValue - CloudWatchLogGroupArn defsecTypes.StringValue + Metadata iacTypes.Metadata + AuditEnabled iacTypes.BoolValue + CloudWatchLogGroupArn iacTypes.StringValue } type TransitEncryption struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue } type AtRestEncryption struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue - KmsKeyId defsecTypes.StringValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue + KmsKeyId iacTypes.StringValue } diff --git a/pkg/iac/providers/aws/elb/elb.go b/pkg/iac/providers/aws/elb/elb.go index c1c7e5ae85cc..04803fd26380 100755 --- a/pkg/iac/providers/aws/elb/elb.go +++ b/pkg/iac/providers/aws/elb/elb.go @@ -1,7 +1,7 @@ package elb import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type ELB struct { @@ -16,21 +16,21 @@ const ( ) type LoadBalancer struct { - Metadata defsecTypes.Metadata - Type defsecTypes.StringValue - DropInvalidHeaderFields defsecTypes.BoolValue - Internal defsecTypes.BoolValue + Metadata iacTypes.Metadata + Type iacTypes.StringValue + DropInvalidHeaderFields iacTypes.BoolValue + Internal iacTypes.BoolValue Listeners []Listener } type Listener struct { - Metadata defsecTypes.Metadata - Protocol defsecTypes.StringValue - TLSPolicy defsecTypes.StringValue + Metadata iacTypes.Metadata + Protocol iacTypes.StringValue + TLSPolicy iacTypes.StringValue DefaultActions []Action } type Action struct { - Metadata defsecTypes.Metadata - Type defsecTypes.StringValue + Metadata iacTypes.Metadata + Type iacTypes.StringValue } diff --git a/pkg/iac/providers/aws/emr/emr.go b/pkg/iac/providers/aws/emr/emr.go index bb8c88eaebcc..1d00618a0345 100644 --- a/pkg/iac/providers/aws/emr/emr.go +++ b/pkg/iac/providers/aws/emr/emr.go @@ -1,7 +1,7 @@ package emr import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type EMR struct { @@ -10,19 +10,19 @@ type EMR struct { } type Cluster struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Settings ClusterSettings } type ClusterSettings struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue - ReleaseLabel defsecTypes.StringValue - ServiceRole defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue + ReleaseLabel iacTypes.StringValue + ServiceRole iacTypes.StringValue } type SecurityConfiguration struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue - Configuration defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue + Configuration iacTypes.StringValue } diff --git a/pkg/iac/providers/aws/iam/iam.go b/pkg/iac/providers/aws/iam/iam.go index ea8ff34d3384..f12a5eae845f 100644 --- a/pkg/iac/providers/aws/iam/iam.go +++ b/pkg/iac/providers/aws/iam/iam.go @@ -3,7 +3,7 @@ package iam import ( "github.com/liamg/iamgo" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type IAM struct { @@ -16,19 +16,19 @@ type IAM struct { } type ServerCertificate struct { - Metadata defsecTypes.Metadata - Expiration defsecTypes.TimeValue + Metadata iacTypes.Metadata + Expiration iacTypes.TimeValue } type Policy struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue Document Document - Builtin defsecTypes.BoolValue + Builtin iacTypes.BoolValue } type Document struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Parsed iamgo.Document IsOffset bool HasRefs bool @@ -45,7 +45,7 @@ func (d Document) ToRego() interface{} { "explicit": m.IsExplicit(), "value": string(doc), "sourceprefix": m.Range().GetSourcePrefix(), - "fskey": defsecTypes.CreateFSKey(m.Range().GetFS()), + "fskey": iacTypes.CreateFSKey(m.Range().GetFS()), "resource": m.Reference(), } @@ -57,20 +57,20 @@ func (d Document) ToRego() interface{} { } type Group struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue Users []User Policies []Policy } type User struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue Groups []Group Policies []Policy AccessKeys []AccessKey MFADevices []MFADevice - LastAccess defsecTypes.TimeValue + LastAccess iacTypes.TimeValue } func (u *User) HasLoggedIn() bool { @@ -78,25 +78,25 @@ func (u *User) HasLoggedIn() bool { } type MFADevice struct { - Metadata defsecTypes.Metadata - IsVirtual defsecTypes.BoolValue + Metadata iacTypes.Metadata + IsVirtual iacTypes.BoolValue } type AccessKey struct { - Metadata defsecTypes.Metadata - AccessKeyId defsecTypes.StringValue - Active defsecTypes.BoolValue - CreationDate defsecTypes.TimeValue - LastAccess defsecTypes.TimeValue + Metadata iacTypes.Metadata + AccessKeyId iacTypes.StringValue + Active iacTypes.BoolValue + CreationDate iacTypes.TimeValue + LastAccess iacTypes.TimeValue } type Role struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue Policies []Policy } -func (d Document) MetadataFromIamGo(r ...iamgo.Range) defsecTypes.Metadata { +func (d Document) MetadataFromIamGo(r ...iamgo.Range) iacTypes.Metadata { m := d.Metadata if d.HasRefs { return m @@ -107,14 +107,14 @@ func (d Document) MetadataFromIamGo(r ...iamgo.Range) defsecTypes.Metadata { start = newRange.GetStartLine() } for _, rng := range r { - newRange := defsecTypes.NewRange( + newRange := iacTypes.NewRange( newRange.GetLocalFilename(), start+rng.StartLine, start+rng.EndLine, newRange.GetSourcePrefix(), newRange.GetFS(), ) - m = defsecTypes.NewMetadata(newRange, m.Reference()).WithParent(m) + m = iacTypes.NewMetadata(newRange, m.Reference()).WithParent(m) } return m } diff --git a/pkg/iac/providers/aws/iam/passwords.go b/pkg/iac/providers/aws/iam/passwords.go index f18cbb826b4c..09632ba029e1 100755 --- a/pkg/iac/providers/aws/iam/passwords.go +++ b/pkg/iac/providers/aws/iam/passwords.go @@ -1,16 +1,16 @@ package iam import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type PasswordPolicy struct { - Metadata defsecTypes.Metadata - ReusePreventionCount defsecTypes.IntValue - RequireLowercase defsecTypes.BoolValue - RequireUppercase defsecTypes.BoolValue - RequireNumbers defsecTypes.BoolValue - RequireSymbols defsecTypes.BoolValue - MaxAgeDays defsecTypes.IntValue - MinimumLength defsecTypes.IntValue + Metadata iacTypes.Metadata + ReusePreventionCount iacTypes.IntValue + RequireLowercase iacTypes.BoolValue + RequireUppercase iacTypes.BoolValue + RequireNumbers iacTypes.BoolValue + RequireSymbols iacTypes.BoolValue + MaxAgeDays iacTypes.IntValue + MinimumLength iacTypes.IntValue } diff --git a/pkg/iac/providers/aws/kinesis/kinesis.go b/pkg/iac/providers/aws/kinesis/kinesis.go index cf7a48799f80..53e6c9d75f02 100755 --- a/pkg/iac/providers/aws/kinesis/kinesis.go +++ b/pkg/iac/providers/aws/kinesis/kinesis.go @@ -1,7 +1,7 @@ package kinesis import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Kinesis struct { @@ -9,7 +9,7 @@ type Kinesis struct { } type Stream struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Encryption Encryption } @@ -18,7 +18,7 @@ const ( ) type Encryption struct { - Metadata defsecTypes.Metadata - Type defsecTypes.StringValue - KMSKeyID defsecTypes.StringValue + Metadata iacTypes.Metadata + Type iacTypes.StringValue + KMSKeyID iacTypes.StringValue } diff --git a/pkg/iac/providers/aws/kms/kms.go b/pkg/iac/providers/aws/kms/kms.go index 45889b8caec9..a0ef986fd086 100755 --- a/pkg/iac/providers/aws/kms/kms.go +++ b/pkg/iac/providers/aws/kms/kms.go @@ -1,7 +1,7 @@ package kms import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type KMS struct { @@ -13,7 +13,7 @@ const ( ) type Key struct { - Metadata defsecTypes.Metadata - Usage defsecTypes.StringValue - RotationEnabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + Usage iacTypes.StringValue + RotationEnabled iacTypes.BoolValue } diff --git a/pkg/iac/providers/aws/lambda/lambda.go b/pkg/iac/providers/aws/lambda/lambda.go index 475ceb9bc648..1d4bb483747d 100755 --- a/pkg/iac/providers/aws/lambda/lambda.go +++ b/pkg/iac/providers/aws/lambda/lambda.go @@ -1,7 +1,7 @@ package lambda import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Lambda struct { @@ -9,7 +9,7 @@ type Lambda struct { } type Function struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Tracing Tracing Permissions []Permission } @@ -20,12 +20,12 @@ const ( ) type Tracing struct { - Metadata defsecTypes.Metadata - Mode defsecTypes.StringValue + Metadata iacTypes.Metadata + Mode iacTypes.StringValue } type Permission struct { - Metadata defsecTypes.Metadata - Principal defsecTypes.StringValue - SourceARN defsecTypes.StringValue + Metadata iacTypes.Metadata + Principal iacTypes.StringValue + SourceARN iacTypes.StringValue } diff --git a/pkg/iac/providers/aws/mq/mq.go b/pkg/iac/providers/aws/mq/mq.go index 552f6ebf91a4..a0e383de6dc4 100755 --- a/pkg/iac/providers/aws/mq/mq.go +++ b/pkg/iac/providers/aws/mq/mq.go @@ -1,7 +1,7 @@ package mq import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type MQ struct { @@ -9,13 +9,13 @@ type MQ struct { } type Broker struct { - Metadata defsecTypes.Metadata - PublicAccess defsecTypes.BoolValue + Metadata iacTypes.Metadata + PublicAccess iacTypes.BoolValue Logging Logging } type Logging struct { - Metadata defsecTypes.Metadata - General defsecTypes.BoolValue - Audit defsecTypes.BoolValue + Metadata iacTypes.Metadata + General iacTypes.BoolValue + Audit iacTypes.BoolValue } diff --git a/pkg/iac/providers/aws/msk/msk.go b/pkg/iac/providers/aws/msk/msk.go index d70efbe863b1..25d398167ef3 100755 --- a/pkg/iac/providers/aws/msk/msk.go +++ b/pkg/iac/providers/aws/msk/msk.go @@ -1,7 +1,7 @@ package msk import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type MSK struct { @@ -9,7 +9,7 @@ type MSK struct { } type Cluster struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata EncryptionInTransit EncryptionInTransit EncryptionAtRest EncryptionAtRest Logging Logging @@ -22,39 +22,39 @@ const ( ) type EncryptionInTransit struct { - Metadata defsecTypes.Metadata - ClientBroker defsecTypes.StringValue + Metadata iacTypes.Metadata + ClientBroker iacTypes.StringValue } type EncryptionAtRest struct { - Metadata defsecTypes.Metadata - KMSKeyARN defsecTypes.StringValue - Enabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + KMSKeyARN iacTypes.StringValue + Enabled iacTypes.BoolValue } type Logging struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Broker BrokerLogging } type BrokerLogging struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata S3 S3Logging Cloudwatch CloudwatchLogging Firehose FirehoseLogging } type S3Logging struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue } type CloudwatchLogging struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue } type FirehoseLogging struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue } diff --git a/pkg/iac/providers/aws/neptune/neptune.go b/pkg/iac/providers/aws/neptune/neptune.go index d7b69f169309..15966afe4d47 100755 --- a/pkg/iac/providers/aws/neptune/neptune.go +++ b/pkg/iac/providers/aws/neptune/neptune.go @@ -1,7 +1,7 @@ package neptune import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Neptune struct { @@ -9,13 +9,13 @@ type Neptune struct { } type Cluster struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Logging Logging - StorageEncrypted defsecTypes.BoolValue - KMSKeyID defsecTypes.StringValue + StorageEncrypted iacTypes.BoolValue + KMSKeyID iacTypes.StringValue } type Logging struct { - Metadata defsecTypes.Metadata - Audit defsecTypes.BoolValue + Metadata iacTypes.Metadata + Audit iacTypes.BoolValue } diff --git a/pkg/iac/providers/aws/rds/rds.go b/pkg/iac/providers/aws/rds/rds.go index dcc41cde5dcc..d5a55b188e63 100755 --- a/pkg/iac/providers/aws/rds/rds.go +++ b/pkg/iac/providers/aws/rds/rds.go @@ -1,7 +1,7 @@ package rds import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type RDS struct { @@ -13,69 +13,69 @@ type RDS struct { } type Instance struct { - Metadata defsecTypes.Metadata - BackupRetentionPeriodDays defsecTypes.IntValue - ReplicationSourceARN defsecTypes.StringValue + Metadata iacTypes.Metadata + BackupRetentionPeriodDays iacTypes.IntValue + ReplicationSourceARN iacTypes.StringValue PerformanceInsights PerformanceInsights Encryption Encryption - PublicAccess defsecTypes.BoolValue - Engine defsecTypes.StringValue - IAMAuthEnabled defsecTypes.BoolValue - DeletionProtection defsecTypes.BoolValue - DBInstanceArn defsecTypes.StringValue - StorageEncrypted defsecTypes.BoolValue - DBInstanceIdentifier defsecTypes.StringValue + PublicAccess iacTypes.BoolValue + Engine iacTypes.StringValue + IAMAuthEnabled iacTypes.BoolValue + DeletionProtection iacTypes.BoolValue + DBInstanceArn iacTypes.StringValue + StorageEncrypted iacTypes.BoolValue + DBInstanceIdentifier iacTypes.StringValue DBParameterGroups []DBParameterGroupsList TagList []TagList - EnabledCloudwatchLogsExports []defsecTypes.StringValue - EngineVersion defsecTypes.StringValue - AutoMinorVersionUpgrade defsecTypes.BoolValue - MultiAZ defsecTypes.BoolValue - PubliclyAccessible defsecTypes.BoolValue - LatestRestorableTime defsecTypes.TimeValue - ReadReplicaDBInstanceIdentifiers []defsecTypes.StringValue + EnabledCloudwatchLogsExports []iacTypes.StringValue + EngineVersion iacTypes.StringValue + AutoMinorVersionUpgrade iacTypes.BoolValue + MultiAZ iacTypes.BoolValue + PubliclyAccessible iacTypes.BoolValue + LatestRestorableTime iacTypes.TimeValue + ReadReplicaDBInstanceIdentifiers []iacTypes.StringValue } type Cluster struct { - Metadata defsecTypes.Metadata - BackupRetentionPeriodDays defsecTypes.IntValue - ReplicationSourceARN defsecTypes.StringValue + Metadata iacTypes.Metadata + BackupRetentionPeriodDays iacTypes.IntValue + ReplicationSourceARN iacTypes.StringValue PerformanceInsights PerformanceInsights Instances []ClusterInstance Encryption Encryption - PublicAccess defsecTypes.BoolValue - Engine defsecTypes.StringValue - LatestRestorableTime defsecTypes.TimeValue - AvailabilityZones []defsecTypes.StringValue - DeletionProtection defsecTypes.BoolValue - SkipFinalSnapshot defsecTypes.BoolValue + PublicAccess iacTypes.BoolValue + Engine iacTypes.StringValue + LatestRestorableTime iacTypes.TimeValue + AvailabilityZones []iacTypes.StringValue + DeletionProtection iacTypes.BoolValue + SkipFinalSnapshot iacTypes.BoolValue } type Snapshots struct { - Metadata defsecTypes.Metadata - DBSnapshotIdentifier defsecTypes.StringValue - DBSnapshotArn defsecTypes.StringValue - Encrypted defsecTypes.BoolValue - KmsKeyId defsecTypes.StringValue + Metadata iacTypes.Metadata + DBSnapshotIdentifier iacTypes.StringValue + DBSnapshotArn iacTypes.StringValue + Encrypted iacTypes.BoolValue + KmsKeyId iacTypes.StringValue SnapshotAttributes []DBSnapshotAttributes } type Parameters struct { - Metadata defsecTypes.Metadata - ParameterName defsecTypes.StringValue - ParameterValue defsecTypes.StringValue + Metadata iacTypes.Metadata + ParameterName iacTypes.StringValue + ParameterValue iacTypes.StringValue } type ParameterGroups struct { - Metadata defsecTypes.Metadata - DBParameterGroupName defsecTypes.StringValue - DBParameterGroupFamily defsecTypes.StringValue + Metadata iacTypes.Metadata + DBParameterGroupName iacTypes.StringValue + DBParameterGroupFamily iacTypes.StringValue Parameters []Parameters } type DBSnapshotAttributes struct { - Metadata defsecTypes.Metadata - AttributeValues []defsecTypes.StringValue + Metadata iacTypes.Metadata + AttributeValues []iacTypes.StringValue } const ( @@ -100,28 +100,28 @@ const ( ) type Encryption struct { - Metadata defsecTypes.Metadata - EncryptStorage defsecTypes.BoolValue - KMSKeyID defsecTypes.StringValue + Metadata iacTypes.Metadata + EncryptStorage iacTypes.BoolValue + KMSKeyID iacTypes.StringValue } type ClusterInstance struct { Instance - ClusterIdentifier defsecTypes.StringValue + ClusterIdentifier iacTypes.StringValue } type PerformanceInsights struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue - KMSKeyID defsecTypes.StringValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue + KMSKeyID iacTypes.StringValue } type DBParameterGroupsList struct { - Metadata defsecTypes.Metadata - DBParameterGroupName defsecTypes.StringValue - KMSKeyID defsecTypes.StringValue + Metadata iacTypes.Metadata + DBParameterGroupName iacTypes.StringValue + KMSKeyID iacTypes.StringValue } type TagList struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata } diff --git a/pkg/iac/providers/aws/redshift/redshift.go b/pkg/iac/providers/aws/redshift/redshift.go index b57753309e75..cdafaa290525 100755 --- a/pkg/iac/providers/aws/redshift/redshift.go +++ b/pkg/iac/providers/aws/redshift/redshift.go @@ -1,7 +1,7 @@ package redshift import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Redshift struct { @@ -12,44 +12,44 @@ type Redshift struct { } type SecurityGroup struct { - Metadata defsecTypes.Metadata - Description defsecTypes.StringValue + Metadata iacTypes.Metadata + Description iacTypes.StringValue } type ReservedNode struct { - Metadata defsecTypes.Metadata - NodeType defsecTypes.StringValue + Metadata iacTypes.Metadata + NodeType iacTypes.StringValue } type ClusterParameter struct { - Metadata defsecTypes.Metadata - ParameterName defsecTypes.StringValue - ParameterValue defsecTypes.StringValue + Metadata iacTypes.Metadata + ParameterName iacTypes.StringValue + ParameterValue iacTypes.StringValue } type Cluster struct { - Metadata defsecTypes.Metadata - ClusterIdentifier defsecTypes.StringValue - NodeType defsecTypes.StringValue - VpcId defsecTypes.StringValue - NumberOfNodes defsecTypes.IntValue - PubliclyAccessible defsecTypes.BoolValue - AllowVersionUpgrade defsecTypes.BoolValue - MasterUsername defsecTypes.StringValue - AutomatedSnapshotRetentionPeriod defsecTypes.IntValue - LoggingEnabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + ClusterIdentifier iacTypes.StringValue + NodeType iacTypes.StringValue + VpcId iacTypes.StringValue + NumberOfNodes iacTypes.IntValue + PubliclyAccessible iacTypes.BoolValue + AllowVersionUpgrade iacTypes.BoolValue + MasterUsername iacTypes.StringValue + AutomatedSnapshotRetentionPeriod iacTypes.IntValue + LoggingEnabled iacTypes.BoolValue EndPoint EndPoint Encryption Encryption - SubnetGroupName defsecTypes.StringValue + SubnetGroupName iacTypes.StringValue } type EndPoint struct { - Metadata defsecTypes.Metadata - Port defsecTypes.IntValue + Metadata iacTypes.Metadata + Port iacTypes.IntValue } type Encryption struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue - KMSKeyID defsecTypes.StringValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue + KMSKeyID iacTypes.StringValue } diff --git a/pkg/iac/providers/aws/s3/bucket.go b/pkg/iac/providers/aws/s3/bucket.go index acd669af87a1..e884bbd4a7ff 100755 --- a/pkg/iac/providers/aws/s3/bucket.go +++ b/pkg/iac/providers/aws/s3/bucket.go @@ -2,20 +2,20 @@ package s3 import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Bucket struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue PublicAccessBlock *PublicAccessBlock BucketPolicies []iam.Policy Encryption Encryption Versioning Versioning Logging Logging - ACL defsecTypes.StringValue - BucketLocation defsecTypes.StringValue - AccelerateConfigurationStatus defsecTypes.StringValue + ACL iacTypes.StringValue + BucketLocation iacTypes.StringValue + AccelerateConfigurationStatus iacTypes.StringValue LifecycleConfiguration []Rules Objects []Contents Website *Website @@ -35,33 +35,33 @@ func (b *Bucket) HasPublicExposureACL() bool { } type Logging struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue - TargetBucket defsecTypes.StringValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue + TargetBucket iacTypes.StringValue } type Versioning struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue - MFADelete defsecTypes.BoolValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue + MFADelete iacTypes.BoolValue } type Encryption struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue - Algorithm defsecTypes.StringValue - KMSKeyId defsecTypes.StringValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue + Algorithm iacTypes.StringValue + KMSKeyId iacTypes.StringValue } type Rules struct { - Metadata defsecTypes.Metadata - Status defsecTypes.StringValue + Metadata iacTypes.Metadata + Status iacTypes.StringValue } type Contents struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata } type Website struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata } diff --git a/pkg/iac/providers/aws/s3/bucket_public_access_block.go b/pkg/iac/providers/aws/s3/bucket_public_access_block.go index f0d1a19e6f5b..573cf6a1c0f7 100755 --- a/pkg/iac/providers/aws/s3/bucket_public_access_block.go +++ b/pkg/iac/providers/aws/s3/bucket_public_access_block.go @@ -1,23 +1,23 @@ package s3 import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type PublicAccessBlock struct { - Metadata defsecTypes.Metadata - BlockPublicACLs defsecTypes.BoolValue - BlockPublicPolicy defsecTypes.BoolValue - IgnorePublicACLs defsecTypes.BoolValue - RestrictPublicBuckets defsecTypes.BoolValue + Metadata iacTypes.Metadata + BlockPublicACLs iacTypes.BoolValue + BlockPublicPolicy iacTypes.BoolValue + IgnorePublicACLs iacTypes.BoolValue + RestrictPublicBuckets iacTypes.BoolValue } -func NewPublicAccessBlock(metadata defsecTypes.Metadata) PublicAccessBlock { +func NewPublicAccessBlock(metadata iacTypes.Metadata) PublicAccessBlock { return PublicAccessBlock{ Metadata: metadata, - BlockPublicPolicy: defsecTypes.BoolDefault(false, metadata), - BlockPublicACLs: defsecTypes.BoolDefault(false, metadata), - IgnorePublicACLs: defsecTypes.BoolDefault(false, metadata), - RestrictPublicBuckets: defsecTypes.BoolDefault(false, metadata), + BlockPublicPolicy: iacTypes.BoolDefault(false, metadata), + BlockPublicACLs: iacTypes.BoolDefault(false, metadata), + IgnorePublicACLs: iacTypes.BoolDefault(false, metadata), + RestrictPublicBuckets: iacTypes.BoolDefault(false, metadata), } } diff --git a/pkg/iac/providers/aws/sam/api.go b/pkg/iac/providers/aws/sam/api.go index 101ff9c82aec..ba716f3e4d92 100644 --- a/pkg/iac/providers/aws/sam/api.go +++ b/pkg/iac/providers/aws/sam/api.go @@ -1,38 +1,38 @@ package sam import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type API struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue - TracingEnabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue + TracingEnabled iacTypes.BoolValue DomainConfiguration DomainConfiguration AccessLogging AccessLogging RESTMethodSettings RESTMethodSettings } type ApiAuth struct { - Metadata defsecTypes.Metadata - ApiKeyRequired defsecTypes.BoolValue + Metadata iacTypes.Metadata + ApiKeyRequired iacTypes.BoolValue } type AccessLogging struct { - Metadata defsecTypes.Metadata - CloudwatchLogGroupARN defsecTypes.StringValue + Metadata iacTypes.Metadata + CloudwatchLogGroupARN iacTypes.StringValue } type DomainConfiguration struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue - SecurityPolicy defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue + SecurityPolicy iacTypes.StringValue } type RESTMethodSettings struct { - Metadata defsecTypes.Metadata - CacheDataEncrypted defsecTypes.BoolValue - LoggingEnabled defsecTypes.BoolValue - DataTraceEnabled defsecTypes.BoolValue - MetricsEnabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + CacheDataEncrypted iacTypes.BoolValue + LoggingEnabled iacTypes.BoolValue + DataTraceEnabled iacTypes.BoolValue + MetricsEnabled iacTypes.BoolValue } diff --git a/pkg/iac/providers/aws/sam/application.go b/pkg/iac/providers/aws/sam/application.go index cbb72d1e5f28..99fb7b7cac5b 100644 --- a/pkg/iac/providers/aws/sam/application.go +++ b/pkg/iac/providers/aws/sam/application.go @@ -1,17 +1,17 @@ package sam import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Application struct { - Metadata defsecTypes.Metadata - LocationPath defsecTypes.StringValue + Metadata iacTypes.Metadata + LocationPath iacTypes.StringValue Location Location } type Location struct { - Metadata defsecTypes.Metadata - ApplicationID defsecTypes.StringValue - SemanticVersion defsecTypes.StringValue + Metadata iacTypes.Metadata + ApplicationID iacTypes.StringValue + SemanticVersion iacTypes.StringValue } diff --git a/pkg/iac/providers/aws/sam/function.go b/pkg/iac/providers/aws/sam/function.go index 9b96c28a4702..5fb47afd2b66 100644 --- a/pkg/iac/providers/aws/sam/function.go +++ b/pkg/iac/providers/aws/sam/function.go @@ -2,14 +2,14 @@ package sam import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Function struct { - Metadata defsecTypes.Metadata - FunctionName defsecTypes.StringValue - Tracing defsecTypes.StringValue - ManagedPolicies []defsecTypes.StringValue + Metadata iacTypes.Metadata + FunctionName iacTypes.StringValue + Tracing iacTypes.StringValue + ManagedPolicies []iacTypes.StringValue Policies []iam.Policy } @@ -19,7 +19,7 @@ const ( ) type Permission struct { - Metadata defsecTypes.Metadata - Principal defsecTypes.StringValue - SourceARN defsecTypes.StringValue + Metadata iacTypes.Metadata + Principal iacTypes.StringValue + SourceARN iacTypes.StringValue } diff --git a/pkg/iac/providers/aws/sam/http_api.go b/pkg/iac/providers/aws/sam/http_api.go index da7d23b371ac..eb1b488bc1bb 100644 --- a/pkg/iac/providers/aws/sam/http_api.go +++ b/pkg/iac/providers/aws/sam/http_api.go @@ -1,20 +1,20 @@ package sam import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type HttpAPI struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue AccessLogging AccessLogging DefaultRouteSettings RouteSettings DomainConfiguration DomainConfiguration } type RouteSettings struct { - Metadata defsecTypes.Metadata - LoggingEnabled defsecTypes.BoolValue - DataTraceEnabled defsecTypes.BoolValue - DetailedMetricsEnabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + LoggingEnabled iacTypes.BoolValue + DataTraceEnabled iacTypes.BoolValue + DetailedMetricsEnabled iacTypes.BoolValue } diff --git a/pkg/iac/providers/aws/sam/state_machine.go b/pkg/iac/providers/aws/sam/state_machine.go index 9b37e188da19..caee979436de 100644 --- a/pkg/iac/providers/aws/sam/state_machine.go +++ b/pkg/iac/providers/aws/sam/state_machine.go @@ -2,24 +2,24 @@ package sam import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type StateMachine struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue LoggingConfiguration LoggingConfiguration - ManagedPolicies []defsecTypes.StringValue + ManagedPolicies []iacTypes.StringValue Policies []iam.Policy Tracing TracingConfiguration } type LoggingConfiguration struct { - Metadata defsecTypes.Metadata - LoggingEnabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + LoggingEnabled iacTypes.BoolValue } type TracingConfiguration struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue } diff --git a/pkg/iac/providers/aws/sam/table.go b/pkg/iac/providers/aws/sam/table.go index b35cea5816ff..33179771ee66 100644 --- a/pkg/iac/providers/aws/sam/table.go +++ b/pkg/iac/providers/aws/sam/table.go @@ -1,18 +1,18 @@ package sam import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type SimpleTable struct { - Metadata defsecTypes.Metadata - TableName defsecTypes.StringValue + Metadata iacTypes.Metadata + TableName iacTypes.StringValue SSESpecification SSESpecification } type SSESpecification struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata - Enabled defsecTypes.BoolValue - KMSMasterKeyID defsecTypes.StringValue + Enabled iacTypes.BoolValue + KMSMasterKeyID iacTypes.StringValue } diff --git a/pkg/iac/providers/aws/sns/sns.go b/pkg/iac/providers/aws/sns/sns.go index c33949a19b86..49c2d370d56f 100755 --- a/pkg/iac/providers/aws/sns/sns.go +++ b/pkg/iac/providers/aws/sns/sns.go @@ -1,31 +1,31 @@ package sns import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type SNS struct { Topics []Topic } -func NewTopic(arn string, metadata defsecTypes.Metadata) *Topic { +func NewTopic(arn string, metadata iacTypes.Metadata) *Topic { return &Topic{ Metadata: metadata, - ARN: defsecTypes.String(arn, metadata), + ARN: iacTypes.String(arn, metadata), Encryption: Encryption{ Metadata: metadata, - KMSKeyID: defsecTypes.StringDefault("", metadata), + KMSKeyID: iacTypes.StringDefault("", metadata), }, } } type Topic struct { - Metadata defsecTypes.Metadata - ARN defsecTypes.StringValue + Metadata iacTypes.Metadata + ARN iacTypes.StringValue Encryption Encryption } type Encryption struct { - Metadata defsecTypes.Metadata - KMSKeyID defsecTypes.StringValue + Metadata iacTypes.Metadata + KMSKeyID iacTypes.StringValue } diff --git a/pkg/iac/providers/aws/sqs/sqs.go b/pkg/iac/providers/aws/sqs/sqs.go index a429b5384280..edafcb888a22 100755 --- a/pkg/iac/providers/aws/sqs/sqs.go +++ b/pkg/iac/providers/aws/sqs/sqs.go @@ -2,7 +2,7 @@ package sqs import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type SQS struct { @@ -10,14 +10,14 @@ type SQS struct { } type Queue struct { - Metadata defsecTypes.Metadata - QueueURL defsecTypes.StringValue + Metadata iacTypes.Metadata + QueueURL iacTypes.StringValue Encryption Encryption Policies []iam.Policy } type Encryption struct { - Metadata defsecTypes.Metadata - KMSKeyID defsecTypes.StringValue - ManagedEncryption defsecTypes.BoolValue + Metadata iacTypes.Metadata + KMSKeyID iacTypes.StringValue + ManagedEncryption iacTypes.BoolValue } diff --git a/pkg/iac/providers/aws/ssm/ssm.go b/pkg/iac/providers/aws/ssm/ssm.go index a4e5ef1e35ef..725e099f2b8d 100755 --- a/pkg/iac/providers/aws/ssm/ssm.go +++ b/pkg/iac/providers/aws/ssm/ssm.go @@ -1,7 +1,7 @@ package ssm import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type SSM struct { @@ -9,8 +9,8 @@ type SSM struct { } type Secret struct { - Metadata defsecTypes.Metadata - KMSKeyID defsecTypes.StringValue + Metadata iacTypes.Metadata + KMSKeyID iacTypes.StringValue } const DefaultKMSKeyID = "alias/aws/secretsmanager" diff --git a/pkg/iac/providers/aws/workspaces/workspaces.go b/pkg/iac/providers/aws/workspaces/workspaces.go index 3f63a60da15a..beaf56eef645 100755 --- a/pkg/iac/providers/aws/workspaces/workspaces.go +++ b/pkg/iac/providers/aws/workspaces/workspaces.go @@ -1,7 +1,7 @@ package workspaces import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type WorkSpaces struct { @@ -9,17 +9,17 @@ type WorkSpaces struct { } type WorkSpace struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata RootVolume Volume UserVolume Volume } type Volume struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Encryption Encryption } type Encryption struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue } diff --git a/pkg/iac/providers/azure/appservice/appservice.go b/pkg/iac/providers/azure/appservice/appservice.go index 30eef770ab4f..990adf98183a 100755 --- a/pkg/iac/providers/azure/appservice/appservice.go +++ b/pkg/iac/providers/azure/appservice/appservice.go @@ -1,7 +1,7 @@ package appservice import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type AppService struct { @@ -10,21 +10,21 @@ type AppService struct { } type Service struct { - Metadata defsecTypes.Metadata - EnableClientCert defsecTypes.BoolValue + Metadata iacTypes.Metadata + EnableClientCert iacTypes.BoolValue Identity struct { - Type defsecTypes.StringValue + Type iacTypes.StringValue } Authentication struct { - Enabled defsecTypes.BoolValue + Enabled iacTypes.BoolValue } Site struct { - EnableHTTP2 defsecTypes.BoolValue - MinimumTLSVersion defsecTypes.StringValue + EnableHTTP2 iacTypes.BoolValue + MinimumTLSVersion iacTypes.StringValue } } type FunctionApp struct { - Metadata defsecTypes.Metadata - HTTPSOnly defsecTypes.BoolValue + Metadata iacTypes.Metadata + HTTPSOnly iacTypes.BoolValue } diff --git a/pkg/iac/providers/azure/authorization/authorization.go b/pkg/iac/providers/azure/authorization/authorization.go index 2959fc01a6e3..fee924724d3c 100755 --- a/pkg/iac/providers/azure/authorization/authorization.go +++ b/pkg/iac/providers/azure/authorization/authorization.go @@ -1,7 +1,7 @@ package authorization import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Authorization struct { @@ -9,12 +9,12 @@ type Authorization struct { } type RoleDefinition struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Permissions []Permission - AssignableScopes []defsecTypes.StringValue + AssignableScopes []iacTypes.StringValue } type Permission struct { - Metadata defsecTypes.Metadata - Actions []defsecTypes.StringValue + Metadata iacTypes.Metadata + Actions []iacTypes.StringValue } diff --git a/pkg/iac/providers/azure/compute/compute.go b/pkg/iac/providers/azure/compute/compute.go index db7f6f964e89..d45105985afa 100755 --- a/pkg/iac/providers/azure/compute/compute.go +++ b/pkg/iac/providers/azure/compute/compute.go @@ -1,7 +1,7 @@ package compute import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Compute struct { @@ -11,32 +11,32 @@ type Compute struct { } type VirtualMachine struct { - Metadata defsecTypes.Metadata - CustomData defsecTypes.StringValue // NOT base64 encoded + Metadata iacTypes.Metadata + CustomData iacTypes.StringValue // NOT base64 encoded } type LinuxVirtualMachine struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata VirtualMachine OSProfileLinuxConfig OSProfileLinuxConfig } type WindowsVirtualMachine struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata VirtualMachine } type OSProfileLinuxConfig struct { - Metadata defsecTypes.Metadata - DisablePasswordAuthentication defsecTypes.BoolValue + Metadata iacTypes.Metadata + DisablePasswordAuthentication iacTypes.BoolValue } type ManagedDisk struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Encryption Encryption } type Encryption struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue } diff --git a/pkg/iac/providers/azure/container/container.go b/pkg/iac/providers/azure/container/container.go index 5e996b8778a8..0af940d4ebf7 100755 --- a/pkg/iac/providers/azure/container/container.go +++ b/pkg/iac/providers/azure/container/container.go @@ -1,7 +1,7 @@ package container import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Container struct { @@ -9,30 +9,30 @@ type Container struct { } type KubernetesCluster struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata NetworkProfile NetworkProfile - EnablePrivateCluster defsecTypes.BoolValue - APIServerAuthorizedIPRanges []defsecTypes.StringValue + EnablePrivateCluster iacTypes.BoolValue + APIServerAuthorizedIPRanges []iacTypes.StringValue AddonProfile AddonProfile RoleBasedAccessControl RoleBasedAccessControl } type RoleBasedAccessControl struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue } type AddonProfile struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata OMSAgent OMSAgent } type OMSAgent struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue } type NetworkProfile struct { - Metadata defsecTypes.Metadata - NetworkPolicy defsecTypes.StringValue // "", "calico", "azure" + Metadata iacTypes.Metadata + NetworkPolicy iacTypes.StringValue // "", "calico", "azure" } diff --git a/pkg/iac/providers/azure/database/database.go b/pkg/iac/providers/azure/database/database.go index 08673557a448..34ac63d8f129 100755 --- a/pkg/iac/providers/azure/database/database.go +++ b/pkg/iac/providers/azure/database/database.go @@ -1,7 +1,7 @@ package database import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Database struct { @@ -12,57 +12,57 @@ type Database struct { } type MariaDBServer struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Server } type MySQLServer struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Server } type PostgreSQLServer struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Server Config PostgresSQLConfig } type PostgresSQLConfig struct { - Metadata defsecTypes.Metadata - LogCheckpoints defsecTypes.BoolValue - ConnectionThrottling defsecTypes.BoolValue - LogConnections defsecTypes.BoolValue + Metadata iacTypes.Metadata + LogCheckpoints iacTypes.BoolValue + ConnectionThrottling iacTypes.BoolValue + LogConnections iacTypes.BoolValue } type Server struct { - Metadata defsecTypes.Metadata - EnableSSLEnforcement defsecTypes.BoolValue - MinimumTLSVersion defsecTypes.StringValue - EnablePublicNetworkAccess defsecTypes.BoolValue + Metadata iacTypes.Metadata + EnableSSLEnforcement iacTypes.BoolValue + MinimumTLSVersion iacTypes.StringValue + EnablePublicNetworkAccess iacTypes.BoolValue FirewallRules []FirewallRule } type MSSQLServer struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Server ExtendedAuditingPolicies []ExtendedAuditingPolicy SecurityAlertPolicies []SecurityAlertPolicy } type SecurityAlertPolicy struct { - Metadata defsecTypes.Metadata - EmailAddresses []defsecTypes.StringValue - DisabledAlerts []defsecTypes.StringValue - EmailAccountAdmins defsecTypes.BoolValue + Metadata iacTypes.Metadata + EmailAddresses []iacTypes.StringValue + DisabledAlerts []iacTypes.StringValue + EmailAccountAdmins iacTypes.BoolValue } type ExtendedAuditingPolicy struct { - Metadata defsecTypes.Metadata - RetentionInDays defsecTypes.IntValue + Metadata iacTypes.Metadata + RetentionInDays iacTypes.IntValue } type FirewallRule struct { - Metadata defsecTypes.Metadata - StartIP defsecTypes.StringValue - EndIP defsecTypes.StringValue + Metadata iacTypes.Metadata + StartIP iacTypes.StringValue + EndIP iacTypes.StringValue } diff --git a/pkg/iac/providers/azure/datafactory/datafactory.go b/pkg/iac/providers/azure/datafactory/datafactory.go index 3fa9e15805b7..c8f0e91d010b 100755 --- a/pkg/iac/providers/azure/datafactory/datafactory.go +++ b/pkg/iac/providers/azure/datafactory/datafactory.go @@ -1,7 +1,7 @@ package datafactory import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type DataFactory struct { @@ -9,6 +9,6 @@ type DataFactory struct { } type Factory struct { - Metadata defsecTypes.Metadata - EnablePublicNetwork defsecTypes.BoolValue + Metadata iacTypes.Metadata + EnablePublicNetwork iacTypes.BoolValue } diff --git a/pkg/iac/providers/azure/datalake/datalake.go b/pkg/iac/providers/azure/datalake/datalake.go index 981f1881b015..a36f9a12c94a 100755 --- a/pkg/iac/providers/azure/datalake/datalake.go +++ b/pkg/iac/providers/azure/datalake/datalake.go @@ -1,7 +1,7 @@ package datalake import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type DataLake struct { @@ -9,6 +9,6 @@ type DataLake struct { } type Store struct { - Metadata defsecTypes.Metadata - EnableEncryption defsecTypes.BoolValue + Metadata iacTypes.Metadata + EnableEncryption iacTypes.BoolValue } diff --git a/pkg/iac/providers/azure/keyvault/keyvault.go b/pkg/iac/providers/azure/keyvault/keyvault.go index caf10ed067d2..8c263fa413f2 100755 --- a/pkg/iac/providers/azure/keyvault/keyvault.go +++ b/pkg/iac/providers/azure/keyvault/keyvault.go @@ -1,7 +1,7 @@ package keyvault import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type KeyVault struct { @@ -9,26 +9,26 @@ type KeyVault struct { } type Vault struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Secrets []Secret Keys []Key - EnablePurgeProtection defsecTypes.BoolValue - SoftDeleteRetentionDays defsecTypes.IntValue + EnablePurgeProtection iacTypes.BoolValue + SoftDeleteRetentionDays iacTypes.IntValue NetworkACLs NetworkACLs } type NetworkACLs struct { - Metadata defsecTypes.Metadata - DefaultAction defsecTypes.StringValue + Metadata iacTypes.Metadata + DefaultAction iacTypes.StringValue } type Key struct { - Metadata defsecTypes.Metadata - ExpiryDate defsecTypes.TimeValue + Metadata iacTypes.Metadata + ExpiryDate iacTypes.TimeValue } type Secret struct { - Metadata defsecTypes.Metadata - ContentType defsecTypes.StringValue - ExpiryDate defsecTypes.TimeValue + Metadata iacTypes.Metadata + ContentType iacTypes.StringValue + ExpiryDate iacTypes.TimeValue } diff --git a/pkg/iac/providers/azure/monitor/monitor.go b/pkg/iac/providers/azure/monitor/monitor.go index 3cb14f75990a..e8ba51e40338 100755 --- a/pkg/iac/providers/azure/monitor/monitor.go +++ b/pkg/iac/providers/azure/monitor/monitor.go @@ -1,7 +1,7 @@ package monitor import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Monitor struct { @@ -9,14 +9,14 @@ type Monitor struct { } type LogProfile struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata RetentionPolicy RetentionPolicy - Categories []defsecTypes.StringValue - Locations []defsecTypes.StringValue + Categories []iacTypes.StringValue + Locations []iacTypes.StringValue } type RetentionPolicy struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue - Days defsecTypes.IntValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue + Days iacTypes.IntValue } diff --git a/pkg/iac/providers/azure/network/network.go b/pkg/iac/providers/azure/network/network.go index 07542d8a12e7..71c56b62b465 100755 --- a/pkg/iac/providers/azure/network/network.go +++ b/pkg/iac/providers/azure/network/network.go @@ -1,7 +1,7 @@ package network import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Network struct { @@ -10,23 +10,23 @@ type Network struct { } type SecurityGroup struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Rules []SecurityGroupRule } type SecurityGroupRule struct { - Metadata defsecTypes.Metadata - Outbound defsecTypes.BoolValue - Allow defsecTypes.BoolValue - SourceAddresses []defsecTypes.StringValue + Metadata iacTypes.Metadata + Outbound iacTypes.BoolValue + Allow iacTypes.BoolValue + SourceAddresses []iacTypes.StringValue SourcePorts []PortRange - DestinationAddresses []defsecTypes.StringValue + DestinationAddresses []iacTypes.StringValue DestinationPorts []PortRange - Protocol defsecTypes.StringValue + Protocol iacTypes.StringValue } type PortRange struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Start int End int } @@ -36,12 +36,12 @@ func (r PortRange) Includes(port int) bool { } type NetworkWatcherFlowLog struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata RetentionPolicy RetentionPolicy } type RetentionPolicy struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue - Days defsecTypes.IntValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue + Days iacTypes.IntValue } diff --git a/pkg/iac/providers/azure/securitycenter/securitycenter.go b/pkg/iac/providers/azure/securitycenter/securitycenter.go index 546ae1f5a0a4..49dcd95d1ef0 100755 --- a/pkg/iac/providers/azure/securitycenter/securitycenter.go +++ b/pkg/iac/providers/azure/securitycenter/securitycenter.go @@ -1,7 +1,7 @@ package securitycenter import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type SecurityCenter struct { @@ -10,9 +10,9 @@ type SecurityCenter struct { } type Contact struct { - Metadata defsecTypes.Metadata - EnableAlertNotifications defsecTypes.BoolValue - Phone defsecTypes.StringValue + Metadata iacTypes.Metadata + EnableAlertNotifications iacTypes.BoolValue + Phone iacTypes.StringValue } const ( @@ -21,6 +21,6 @@ const ( ) type SubscriptionPricing struct { - Metadata defsecTypes.Metadata - Tier defsecTypes.StringValue + Metadata iacTypes.Metadata + Tier iacTypes.StringValue } diff --git a/pkg/iac/providers/azure/storage/storage.go b/pkg/iac/providers/azure/storage/storage.go index 1e76edf2eb91..cccc5d55eda1 100755 --- a/pkg/iac/providers/azure/storage/storage.go +++ b/pkg/iac/providers/azure/storage/storage.go @@ -1,7 +1,7 @@ package storage import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Storage struct { @@ -9,29 +9,29 @@ type Storage struct { } type Account struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata NetworkRules []NetworkRule - EnforceHTTPS defsecTypes.BoolValue + EnforceHTTPS iacTypes.BoolValue Containers []Container QueueProperties QueueProperties - MinimumTLSVersion defsecTypes.StringValue + MinimumTLSVersion iacTypes.StringValue Queues []Queue } type Queue struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue } type QueueProperties struct { - Metadata defsecTypes.Metadata - EnableLogging defsecTypes.BoolValue + Metadata iacTypes.Metadata + EnableLogging iacTypes.BoolValue } type NetworkRule struct { - Metadata defsecTypes.Metadata - Bypass []defsecTypes.StringValue - AllowByDefault defsecTypes.BoolValue + Metadata iacTypes.Metadata + Bypass []iacTypes.StringValue + AllowByDefault iacTypes.BoolValue } const ( @@ -41,6 +41,6 @@ const ( ) type Container struct { - Metadata defsecTypes.Metadata - PublicAccess defsecTypes.StringValue + Metadata iacTypes.Metadata + PublicAccess iacTypes.StringValue } diff --git a/pkg/iac/providers/azure/synapse/synapse.go b/pkg/iac/providers/azure/synapse/synapse.go index c219fc7d82a7..dc72175d7106 100755 --- a/pkg/iac/providers/azure/synapse/synapse.go +++ b/pkg/iac/providers/azure/synapse/synapse.go @@ -1,7 +1,7 @@ package synapse import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Synapse struct { @@ -9,6 +9,6 @@ type Synapse struct { } type Workspace struct { - Metadata defsecTypes.Metadata - EnableManagedVirtualNetwork defsecTypes.BoolValue + Metadata iacTypes.Metadata + EnableManagedVirtualNetwork iacTypes.BoolValue } diff --git a/pkg/iac/providers/cloudstack/compute/compute.go b/pkg/iac/providers/cloudstack/compute/compute.go index bc4680c5df4c..cbfa55ba63d4 100755 --- a/pkg/iac/providers/cloudstack/compute/compute.go +++ b/pkg/iac/providers/cloudstack/compute/compute.go @@ -1,7 +1,7 @@ package compute import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Compute struct { @@ -9,6 +9,6 @@ type Compute struct { } type Instance struct { - Metadata defsecTypes.Metadata - UserData defsecTypes.StringValue // not b64 encoded pls + Metadata iacTypes.Metadata + UserData iacTypes.StringValue // not b64 encoded pls } diff --git a/pkg/iac/providers/digitalocean/compute/compute.go b/pkg/iac/providers/digitalocean/compute/compute.go index a46e41290eee..a0b0fe24761a 100755 --- a/pkg/iac/providers/digitalocean/compute/compute.go +++ b/pkg/iac/providers/digitalocean/compute/compute.go @@ -1,7 +1,7 @@ package compute import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Compute struct { @@ -12,39 +12,39 @@ type Compute struct { } type Firewall struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata OutboundRules []OutboundFirewallRule InboundRules []InboundFirewallRule } type KubernetesCluster struct { - Metadata defsecTypes.Metadata - SurgeUpgrade defsecTypes.BoolValue - AutoUpgrade defsecTypes.BoolValue + Metadata iacTypes.Metadata + SurgeUpgrade iacTypes.BoolValue + AutoUpgrade iacTypes.BoolValue } type LoadBalancer struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata ForwardingRules []ForwardingRule - RedirectHttpToHttps defsecTypes.BoolValue + RedirectHttpToHttps iacTypes.BoolValue } type ForwardingRule struct { - Metadata defsecTypes.Metadata - EntryProtocol defsecTypes.StringValue + Metadata iacTypes.Metadata + EntryProtocol iacTypes.StringValue } type OutboundFirewallRule struct { - Metadata defsecTypes.Metadata - DestinationAddresses []defsecTypes.StringValue + Metadata iacTypes.Metadata + DestinationAddresses []iacTypes.StringValue } type InboundFirewallRule struct { - Metadata defsecTypes.Metadata - SourceAddresses []defsecTypes.StringValue + Metadata iacTypes.Metadata + SourceAddresses []iacTypes.StringValue } type Droplet struct { - Metadata defsecTypes.Metadata - SSHKeys []defsecTypes.StringValue + Metadata iacTypes.Metadata + SSHKeys []iacTypes.StringValue } diff --git a/pkg/iac/providers/digitalocean/spaces/spaces.go b/pkg/iac/providers/digitalocean/spaces/spaces.go index f76d64709977..2936e469da12 100755 --- a/pkg/iac/providers/digitalocean/spaces/spaces.go +++ b/pkg/iac/providers/digitalocean/spaces/spaces.go @@ -1,7 +1,7 @@ package spaces import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Spaces struct { @@ -9,20 +9,20 @@ type Spaces struct { } type Bucket struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue Objects []Object - ACL defsecTypes.StringValue - ForceDestroy defsecTypes.BoolValue + ACL iacTypes.StringValue + ForceDestroy iacTypes.BoolValue Versioning Versioning } type Versioning struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue } type Object struct { - Metadata defsecTypes.Metadata - ACL defsecTypes.StringValue + Metadata iacTypes.Metadata + ACL iacTypes.StringValue } diff --git a/pkg/iac/providers/github/actions.go b/pkg/iac/providers/github/actions.go index 6004e8275f56..0b28269e0c80 100644 --- a/pkg/iac/providers/github/actions.go +++ b/pkg/iac/providers/github/actions.go @@ -1,19 +1,19 @@ package github import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Action struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata EnvironmentSecrets []EnvironmentSecret } type EnvironmentSecret struct { - Metadata defsecTypes.Metadata - Repository defsecTypes.StringValue - Environment defsecTypes.StringValue - SecretName defsecTypes.StringValue - PlainTextValue defsecTypes.StringValue - EncryptedValue defsecTypes.StringValue + Metadata iacTypes.Metadata + Repository iacTypes.StringValue + Environment iacTypes.StringValue + SecretName iacTypes.StringValue + PlainTextValue iacTypes.StringValue + EncryptedValue iacTypes.StringValue } diff --git a/pkg/iac/providers/github/branch_protections.go b/pkg/iac/providers/github/branch_protections.go index 1e7c2c2817f6..5d9f59599457 100755 --- a/pkg/iac/providers/github/branch_protections.go +++ b/pkg/iac/providers/github/branch_protections.go @@ -1,12 +1,12 @@ package github import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type BranchProtection struct { - Metadata defsecTypes.Metadata - RequireSignedCommits defsecTypes.BoolValue + Metadata iacTypes.Metadata + RequireSignedCommits iacTypes.BoolValue } func (b BranchProtection) RequiresSignedCommits() bool { diff --git a/pkg/iac/providers/github/repositories.go b/pkg/iac/providers/github/repositories.go index 6d835cab5fa8..0fc4c96080d2 100755 --- a/pkg/iac/providers/github/repositories.go +++ b/pkg/iac/providers/github/repositories.go @@ -1,14 +1,14 @@ package github import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Repository struct { - Metadata defsecTypes.Metadata - Public defsecTypes.BoolValue - VulnerabilityAlerts defsecTypes.BoolValue - Archived defsecTypes.BoolValue + Metadata iacTypes.Metadata + Public iacTypes.BoolValue + VulnerabilityAlerts iacTypes.BoolValue + Archived iacTypes.BoolValue } func (r Repository) IsArchived() bool { diff --git a/pkg/iac/providers/google/bigquery/bigquery.go b/pkg/iac/providers/google/bigquery/bigquery.go index 4a1f9b03fd10..9a9bfb054dde 100755 --- a/pkg/iac/providers/google/bigquery/bigquery.go +++ b/pkg/iac/providers/google/bigquery/bigquery.go @@ -1,7 +1,7 @@ package bigquery import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type BigQuery struct { @@ -9,8 +9,8 @@ type BigQuery struct { } type Dataset struct { - Metadata defsecTypes.Metadata - ID defsecTypes.StringValue + Metadata iacTypes.Metadata + ID iacTypes.StringValue AccessGrants []AccessGrant } @@ -19,8 +19,8 @@ const ( ) type AccessGrant struct { - Metadata defsecTypes.Metadata - Role defsecTypes.StringValue - Domain defsecTypes.StringValue - SpecialGroup defsecTypes.StringValue + Metadata iacTypes.Metadata + Role iacTypes.StringValue + Domain iacTypes.StringValue + SpecialGroup iacTypes.StringValue } diff --git a/pkg/iac/providers/google/compute/disk.go b/pkg/iac/providers/google/compute/disk.go index 1c4adc8e6db1..b636cb135651 100755 --- a/pkg/iac/providers/google/compute/disk.go +++ b/pkg/iac/providers/google/compute/disk.go @@ -1,17 +1,17 @@ package compute import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Disk struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue Encryption DiskEncryption } type DiskEncryption struct { - Metadata defsecTypes.Metadata - RawKey defsecTypes.BytesValue - KMSKeyLink defsecTypes.StringValue + Metadata iacTypes.Metadata + RawKey iacTypes.BytesValue + KMSKeyLink iacTypes.StringValue } diff --git a/pkg/iac/providers/google/compute/firewall.go b/pkg/iac/providers/google/compute/firewall.go index 7d14f6e9e673..c122369d9954 100755 --- a/pkg/iac/providers/google/compute/firewall.go +++ b/pkg/iac/providers/google/compute/firewall.go @@ -1,34 +1,34 @@ package compute import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Firewall struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue IngressRules []IngressRule EgressRules []EgressRule - SourceTags []defsecTypes.StringValue - TargetTags []defsecTypes.StringValue + SourceTags []iacTypes.StringValue + TargetTags []iacTypes.StringValue } type FirewallRule struct { - Metadata defsecTypes.Metadata - Enforced defsecTypes.BoolValue - IsAllow defsecTypes.BoolValue - Protocol defsecTypes.StringValue - Ports []defsecTypes.IntValue + Metadata iacTypes.Metadata + Enforced iacTypes.BoolValue + IsAllow iacTypes.BoolValue + Protocol iacTypes.StringValue + Ports []iacTypes.IntValue } type IngressRule struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata FirewallRule - SourceRanges []defsecTypes.StringValue + SourceRanges []iacTypes.StringValue } type EgressRule struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata FirewallRule - DestinationRanges []defsecTypes.StringValue + DestinationRanges []iacTypes.StringValue } diff --git a/pkg/iac/providers/google/compute/instance.go b/pkg/iac/providers/google/compute/instance.go index 4f036ecea706..d5189945f3b6 100755 --- a/pkg/iac/providers/google/compute/instance.go +++ b/pkg/iac/providers/google/compute/instance.go @@ -1,41 +1,41 @@ package compute import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Instance struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue NetworkInterfaces []NetworkInterface ShieldedVM ShieldedVMConfig ServiceAccount ServiceAccount - CanIPForward defsecTypes.BoolValue - OSLoginEnabled defsecTypes.BoolValue - EnableProjectSSHKeyBlocking defsecTypes.BoolValue - EnableSerialPort defsecTypes.BoolValue + CanIPForward iacTypes.BoolValue + OSLoginEnabled iacTypes.BoolValue + EnableProjectSSHKeyBlocking iacTypes.BoolValue + EnableSerialPort iacTypes.BoolValue BootDisks []Disk AttachedDisks []Disk } type ServiceAccount struct { - Metadata defsecTypes.Metadata - Email defsecTypes.StringValue - IsDefault defsecTypes.BoolValue - Scopes []defsecTypes.StringValue + Metadata iacTypes.Metadata + Email iacTypes.StringValue + IsDefault iacTypes.BoolValue + Scopes []iacTypes.StringValue } type NetworkInterface struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Network *Network SubNetwork *SubNetwork - HasPublicIP defsecTypes.BoolValue - NATIP defsecTypes.StringValue + HasPublicIP iacTypes.BoolValue + NATIP iacTypes.StringValue } type ShieldedVMConfig struct { - Metadata defsecTypes.Metadata - SecureBootEnabled defsecTypes.BoolValue - IntegrityMonitoringEnabled defsecTypes.BoolValue - VTPMEnabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + SecureBootEnabled iacTypes.BoolValue + IntegrityMonitoringEnabled iacTypes.BoolValue + VTPMEnabled iacTypes.BoolValue } diff --git a/pkg/iac/providers/google/compute/metadata.go b/pkg/iac/providers/google/compute/metadata.go index 5ba68fab0eff..9083854ba2af 100755 --- a/pkg/iac/providers/google/compute/metadata.go +++ b/pkg/iac/providers/google/compute/metadata.go @@ -1,10 +1,10 @@ package compute import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type ProjectMetadata struct { - Metadata defsecTypes.Metadata - EnableOSLogin defsecTypes.BoolValue + Metadata iacTypes.Metadata + EnableOSLogin iacTypes.BoolValue } diff --git a/pkg/iac/providers/google/compute/ssl_policy.go b/pkg/iac/providers/google/compute/ssl_policy.go index 7c01b2396f60..38ee07c047f4 100755 --- a/pkg/iac/providers/google/compute/ssl_policy.go +++ b/pkg/iac/providers/google/compute/ssl_policy.go @@ -1,12 +1,12 @@ package compute import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type SSLPolicy struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue - Profile defsecTypes.StringValue - MinimumTLSVersion defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue + Profile iacTypes.StringValue + MinimumTLSVersion iacTypes.StringValue } diff --git a/pkg/iac/providers/google/compute/subnetwork.go b/pkg/iac/providers/google/compute/subnetwork.go index 16501e949218..a0bd03d2a71c 100755 --- a/pkg/iac/providers/google/compute/subnetwork.go +++ b/pkg/iac/providers/google/compute/subnetwork.go @@ -1,12 +1,12 @@ package compute import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type SubNetwork struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue - Purpose defsecTypes.StringValue - EnableFlowLogs defsecTypes.BoolValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue + Purpose iacTypes.StringValue + EnableFlowLogs iacTypes.BoolValue } diff --git a/pkg/iac/providers/google/dns/dns.go b/pkg/iac/providers/google/dns/dns.go index a736743fe437..93bc6fbb02c2 100755 --- a/pkg/iac/providers/google/dns/dns.go +++ b/pkg/iac/providers/google/dns/dns.go @@ -1,7 +1,7 @@ package dns import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type DNS struct { @@ -9,23 +9,23 @@ type DNS struct { } type ManagedZone struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata DNSSec DNSSec - Visibility defsecTypes.StringValue + Visibility iacTypes.StringValue } func (m ManagedZone) IsPrivate() bool { - return m.Visibility.EqualTo("private", defsecTypes.IgnoreCase) + return m.Visibility.EqualTo("private", iacTypes.IgnoreCase) } type DNSSec struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue DefaultKeySpecs []KeySpecs } type KeySpecs struct { - Metadata defsecTypes.Metadata - Algorithm defsecTypes.StringValue - KeyType defsecTypes.StringValue + Metadata iacTypes.Metadata + Algorithm iacTypes.StringValue + KeyType iacTypes.StringValue } diff --git a/pkg/iac/providers/google/gke/gke.go b/pkg/iac/providers/google/gke/gke.go index 18879e3ca842..3fe346f82f6e 100755 --- a/pkg/iac/providers/google/gke/gke.go +++ b/pkg/iac/providers/google/gke/gke.go @@ -1,7 +1,7 @@ package gke import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type GKE struct { @@ -9,78 +9,78 @@ type GKE struct { } type Cluster struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata NodePools []NodePool IPAllocationPolicy IPAllocationPolicy MasterAuthorizedNetworks MasterAuthorizedNetworks NetworkPolicy NetworkPolicy PrivateCluster PrivateCluster - LoggingService defsecTypes.StringValue - MonitoringService defsecTypes.StringValue + LoggingService iacTypes.StringValue + MonitoringService iacTypes.StringValue MasterAuth MasterAuth NodeConfig NodeConfig - EnableShieldedNodes defsecTypes.BoolValue - EnableLegacyABAC defsecTypes.BoolValue - ResourceLabels defsecTypes.MapValue - RemoveDefaultNodePool defsecTypes.BoolValue - EnableAutpilot defsecTypes.BoolValue - DatapathProvider defsecTypes.StringValue + EnableShieldedNodes iacTypes.BoolValue + EnableLegacyABAC iacTypes.BoolValue + ResourceLabels iacTypes.MapValue + RemoveDefaultNodePool iacTypes.BoolValue + EnableAutpilot iacTypes.BoolValue + DatapathProvider iacTypes.StringValue } type NodeConfig struct { - Metadata defsecTypes.Metadata - ImageType defsecTypes.StringValue + Metadata iacTypes.Metadata + ImageType iacTypes.StringValue WorkloadMetadataConfig WorkloadMetadataConfig - ServiceAccount defsecTypes.StringValue - EnableLegacyEndpoints defsecTypes.BoolValue + ServiceAccount iacTypes.StringValue + EnableLegacyEndpoints iacTypes.BoolValue } type WorkloadMetadataConfig struct { - Metadata defsecTypes.Metadata - NodeMetadata defsecTypes.StringValue + Metadata iacTypes.Metadata + NodeMetadata iacTypes.StringValue } type MasterAuth struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata ClientCertificate ClientCertificate - Username defsecTypes.StringValue - Password defsecTypes.StringValue + Username iacTypes.StringValue + Password iacTypes.StringValue } type ClientCertificate struct { - Metadata defsecTypes.Metadata - IssueCertificate defsecTypes.BoolValue + Metadata iacTypes.Metadata + IssueCertificate iacTypes.BoolValue } type PrivateCluster struct { - Metadata defsecTypes.Metadata - EnablePrivateNodes defsecTypes.BoolValue + Metadata iacTypes.Metadata + EnablePrivateNodes iacTypes.BoolValue } type NetworkPolicy struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue } type MasterAuthorizedNetworks struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue - CIDRs []defsecTypes.StringValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue + CIDRs []iacTypes.StringValue } type IPAllocationPolicy struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue } type NodePool struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Management Management NodeConfig NodeConfig } type Management struct { - Metadata defsecTypes.Metadata - EnableAutoRepair defsecTypes.BoolValue - EnableAutoUpgrade defsecTypes.BoolValue + Metadata iacTypes.Metadata + EnableAutoRepair iacTypes.BoolValue + EnableAutoUpgrade iacTypes.BoolValue } diff --git a/pkg/iac/providers/google/iam/iam.go b/pkg/iac/providers/google/iam/iam.go index 936be6f5c6f5..c48192e76b97 100755 --- a/pkg/iac/providers/google/iam/iam.go +++ b/pkg/iac/providers/google/iam/iam.go @@ -1,7 +1,7 @@ package iam import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type IAM struct { @@ -10,7 +10,7 @@ type IAM struct { } type Organization struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Folders []Folder Projects []Project Members []Member @@ -18,7 +18,7 @@ type Organization struct { } type Folder struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Folders []Folder Projects []Project Members []Member @@ -26,31 +26,31 @@ type Folder struct { } type Project struct { - Metadata defsecTypes.Metadata - AutoCreateNetwork defsecTypes.BoolValue + Metadata iacTypes.Metadata + AutoCreateNetwork iacTypes.BoolValue Members []Member Bindings []Binding } type Binding struct { - Metadata defsecTypes.Metadata - Members []defsecTypes.StringValue - Role defsecTypes.StringValue - IncludesDefaultServiceAccount defsecTypes.BoolValue + Metadata iacTypes.Metadata + Members []iacTypes.StringValue + Role iacTypes.StringValue + IncludesDefaultServiceAccount iacTypes.BoolValue } type Member struct { - Metadata defsecTypes.Metadata - Member defsecTypes.StringValue - Role defsecTypes.StringValue - DefaultServiceAccount defsecTypes.BoolValue + Metadata iacTypes.Metadata + Member iacTypes.StringValue + Role iacTypes.StringValue + DefaultServiceAccount iacTypes.BoolValue } type WorkloadIdentityPoolProvider struct { - Metadata defsecTypes.Metadata - WorkloadIdentityPoolId defsecTypes.StringValue - WorkloadIdentityPoolProviderId defsecTypes.StringValue - AttributeCondition defsecTypes.StringValue + Metadata iacTypes.Metadata + WorkloadIdentityPoolId iacTypes.StringValue + WorkloadIdentityPoolProviderId iacTypes.StringValue + AttributeCondition iacTypes.StringValue } func (p *IAM) AllProjects() []Project { diff --git a/pkg/iac/providers/google/kms/kms.go b/pkg/iac/providers/google/kms/kms.go index 5a8568fbbd6c..4247db119e13 100755 --- a/pkg/iac/providers/google/kms/kms.go +++ b/pkg/iac/providers/google/kms/kms.go @@ -1,7 +1,7 @@ package kms import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type KMS struct { @@ -9,11 +9,11 @@ type KMS struct { } type KeyRing struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Keys []Key } type Key struct { - Metadata defsecTypes.Metadata - RotationPeriodSeconds defsecTypes.IntValue + Metadata iacTypes.Metadata + RotationPeriodSeconds iacTypes.IntValue } diff --git a/pkg/iac/providers/google/sql/sql.go b/pkg/iac/providers/google/sql/sql.go index b5a5185f9a62..18778dd1daef 100755 --- a/pkg/iac/providers/google/sql/sql.go +++ b/pkg/iac/providers/google/sql/sql.go @@ -3,7 +3,7 @@ package sql import ( "strings" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type SQL struct { @@ -32,44 +32,44 @@ const ( ) type DatabaseInstance struct { - Metadata defsecTypes.Metadata - DatabaseVersion defsecTypes.StringValue + Metadata iacTypes.Metadata + DatabaseVersion iacTypes.StringValue Settings Settings - IsReplica defsecTypes.BoolValue + IsReplica iacTypes.BoolValue } type Settings struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Flags Flags Backups Backups IPConfiguration IPConfiguration } type Flags struct { - Metadata defsecTypes.Metadata - LogTempFileSize defsecTypes.IntValue - LocalInFile defsecTypes.BoolValue - ContainedDatabaseAuthentication defsecTypes.BoolValue - CrossDBOwnershipChaining defsecTypes.BoolValue - LogCheckpoints defsecTypes.BoolValue - LogConnections defsecTypes.BoolValue - LogDisconnections defsecTypes.BoolValue - LogLockWaits defsecTypes.BoolValue - LogMinMessages defsecTypes.StringValue // FATAL, PANIC, LOG, ERROR, WARN - LogMinDurationStatement defsecTypes.IntValue + Metadata iacTypes.Metadata + LogTempFileSize iacTypes.IntValue + LocalInFile iacTypes.BoolValue + ContainedDatabaseAuthentication iacTypes.BoolValue + CrossDBOwnershipChaining iacTypes.BoolValue + LogCheckpoints iacTypes.BoolValue + LogConnections iacTypes.BoolValue + LogDisconnections iacTypes.BoolValue + LogLockWaits iacTypes.BoolValue + LogMinMessages iacTypes.StringValue // FATAL, PANIC, LOG, ERROR, WARN + LogMinDurationStatement iacTypes.IntValue } type Backups struct { - Metadata defsecTypes.Metadata - Enabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + Enabled iacTypes.BoolValue } type IPConfiguration struct { - Metadata defsecTypes.Metadata - RequireTLS defsecTypes.BoolValue - EnableIPv4 defsecTypes.BoolValue + Metadata iacTypes.Metadata + RequireTLS iacTypes.BoolValue + EnableIPv4 iacTypes.BoolValue AuthorizedNetworks []struct { - Name defsecTypes.StringValue - CIDR defsecTypes.StringValue + Name iacTypes.StringValue + CIDR iacTypes.StringValue } } diff --git a/pkg/iac/providers/google/storage/storage.go b/pkg/iac/providers/google/storage/storage.go index 543c316829f4..7650474b8640 100755 --- a/pkg/iac/providers/google/storage/storage.go +++ b/pkg/iac/providers/google/storage/storage.go @@ -2,7 +2,7 @@ package storage import ( "github.com/aquasecurity/trivy/pkg/iac/providers/google/iam" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Storage struct { @@ -10,16 +10,16 @@ type Storage struct { } type Bucket struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue - Location defsecTypes.StringValue - EnableUniformBucketLevelAccess defsecTypes.BoolValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue + Location iacTypes.StringValue + EnableUniformBucketLevelAccess iacTypes.BoolValue Members []iam.Member Bindings []iam.Binding Encryption BucketEncryption } type BucketEncryption struct { - Metadata defsecTypes.Metadata - DefaultKMSKeyName defsecTypes.StringValue + Metadata iacTypes.Metadata + DefaultKMSKeyName iacTypes.StringValue } diff --git a/pkg/iac/providers/kubernetes/kubernetes.go b/pkg/iac/providers/kubernetes/kubernetes.go index ff48710a6402..cf71291161a1 100755 --- a/pkg/iac/providers/kubernetes/kubernetes.go +++ b/pkg/iac/providers/kubernetes/kubernetes.go @@ -1,7 +1,7 @@ package kubernetes import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Kubernetes struct { @@ -9,30 +9,30 @@ type Kubernetes struct { } type NetworkPolicy struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Spec NetworkPolicySpec } type NetworkPolicySpec struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Egress Egress Ingress Ingress } type Egress struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Ports []Port - DestinationCIDRs []defsecTypes.StringValue + DestinationCIDRs []iacTypes.StringValue } type Ingress struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Ports []Port - SourceCIDRs []defsecTypes.StringValue + SourceCIDRs []iacTypes.StringValue } type Port struct { - Metadata defsecTypes.Metadata - Number defsecTypes.StringValue // e.g. "http" or "80" - Protocol defsecTypes.StringValue + Metadata iacTypes.Metadata + Number iacTypes.StringValue // e.g. "http" or "80" + Protocol iacTypes.StringValue } diff --git a/pkg/iac/providers/nifcloud/computing/instance.go b/pkg/iac/providers/nifcloud/computing/instance.go index 7202e281fdcb..2b729920f37f 100644 --- a/pkg/iac/providers/nifcloud/computing/instance.go +++ b/pkg/iac/providers/nifcloud/computing/instance.go @@ -1,16 +1,16 @@ package computing import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Instance struct { - Metadata defsecTypes.Metadata - SecurityGroup defsecTypes.StringValue + Metadata iacTypes.Metadata + SecurityGroup iacTypes.StringValue NetworkInterfaces []NetworkInterface } type NetworkInterface struct { - Metadata defsecTypes.Metadata - NetworkID defsecTypes.StringValue + Metadata iacTypes.Metadata + NetworkID iacTypes.StringValue } diff --git a/pkg/iac/providers/nifcloud/computing/security_group.go b/pkg/iac/providers/nifcloud/computing/security_group.go index 54aecbe50a48..f707d8a2825a 100644 --- a/pkg/iac/providers/nifcloud/computing/security_group.go +++ b/pkg/iac/providers/nifcloud/computing/security_group.go @@ -1,18 +1,18 @@ package computing import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type SecurityGroup struct { - Metadata defsecTypes.Metadata - Description defsecTypes.StringValue + Metadata iacTypes.Metadata + Description iacTypes.StringValue IngressRules []SecurityGroupRule EgressRules []SecurityGroupRule } type SecurityGroupRule struct { - Metadata defsecTypes.Metadata - Description defsecTypes.StringValue - CIDR defsecTypes.StringValue + Metadata iacTypes.Metadata + Description iacTypes.StringValue + CIDR iacTypes.StringValue } diff --git a/pkg/iac/providers/nifcloud/dns/record.go b/pkg/iac/providers/nifcloud/dns/record.go index fa0cb3d45dc4..44275dfb27d0 100644 --- a/pkg/iac/providers/nifcloud/dns/record.go +++ b/pkg/iac/providers/nifcloud/dns/record.go @@ -1,13 +1,13 @@ package dns import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) const ZoneRegistrationAuthTxt = "nifty-dns-verify=" type Record struct { - Metadata defsecTypes.Metadata - Type defsecTypes.StringValue - Record defsecTypes.StringValue + Metadata iacTypes.Metadata + Type iacTypes.StringValue + Record iacTypes.StringValue } diff --git a/pkg/iac/providers/nifcloud/nas/nas_instance.go b/pkg/iac/providers/nifcloud/nas/nas_instance.go index 894490b4da6b..90567629ba09 100644 --- a/pkg/iac/providers/nifcloud/nas/nas_instance.go +++ b/pkg/iac/providers/nifcloud/nas/nas_instance.go @@ -1,10 +1,10 @@ package nas import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type NASInstance struct { - Metadata defsecTypes.Metadata - NetworkID defsecTypes.StringValue + Metadata iacTypes.Metadata + NetworkID iacTypes.StringValue } diff --git a/pkg/iac/providers/nifcloud/nas/nas_security_group.go b/pkg/iac/providers/nifcloud/nas/nas_security_group.go index b8987b9d5e13..f5351f7ab150 100644 --- a/pkg/iac/providers/nifcloud/nas/nas_security_group.go +++ b/pkg/iac/providers/nifcloud/nas/nas_security_group.go @@ -1,11 +1,11 @@ package nas import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type NASSecurityGroup struct { - Metadata defsecTypes.Metadata - Description defsecTypes.StringValue - CIDRs []defsecTypes.StringValue + Metadata iacTypes.Metadata + Description iacTypes.StringValue + CIDRs []iacTypes.StringValue } diff --git a/pkg/iac/providers/nifcloud/network/elastic_load_balancer.go b/pkg/iac/providers/nifcloud/network/elastic_load_balancer.go index 8a8c85720e18..82d977fcf8fa 100644 --- a/pkg/iac/providers/nifcloud/network/elastic_load_balancer.go +++ b/pkg/iac/providers/nifcloud/network/elastic_load_balancer.go @@ -1,16 +1,16 @@ package network import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type ElasticLoadBalancer struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata NetworkInterfaces []NetworkInterface Listeners []ElasticLoadBalancerListener } type ElasticLoadBalancerListener struct { - Metadata defsecTypes.Metadata - Protocol defsecTypes.StringValue + Metadata iacTypes.Metadata + Protocol iacTypes.StringValue } diff --git a/pkg/iac/providers/nifcloud/network/load_balancer.go b/pkg/iac/providers/nifcloud/network/load_balancer.go index 8027c5a4edf2..860a50614f8a 100644 --- a/pkg/iac/providers/nifcloud/network/load_balancer.go +++ b/pkg/iac/providers/nifcloud/network/load_balancer.go @@ -1,16 +1,16 @@ package network import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type LoadBalancer struct { - Metadata defsecTypes.Metadata + Metadata iacTypes.Metadata Listeners []LoadBalancerListener } type LoadBalancerListener struct { - Metadata defsecTypes.Metadata - Protocol defsecTypes.StringValue - TLSPolicy defsecTypes.StringValue + Metadata iacTypes.Metadata + Protocol iacTypes.StringValue + TLSPolicy iacTypes.StringValue } diff --git a/pkg/iac/providers/nifcloud/network/network.go b/pkg/iac/providers/nifcloud/network/network.go index 30d97a2ebf75..dc337e0a2470 100755 --- a/pkg/iac/providers/nifcloud/network/network.go +++ b/pkg/iac/providers/nifcloud/network/network.go @@ -1,6 +1,6 @@ package network -import defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" +import iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" type Network struct { ElasticLoadBalancers []ElasticLoadBalancer @@ -10,7 +10,7 @@ type Network struct { } type NetworkInterface struct { - Metadata defsecTypes.Metadata - NetworkID defsecTypes.StringValue - IsVipNetwork defsecTypes.BoolValue + Metadata iacTypes.Metadata + NetworkID iacTypes.StringValue + IsVipNetwork iacTypes.BoolValue } diff --git a/pkg/iac/providers/nifcloud/network/router.go b/pkg/iac/providers/nifcloud/network/router.go index 7343979e905a..c26aa9115729 100644 --- a/pkg/iac/providers/nifcloud/network/router.go +++ b/pkg/iac/providers/nifcloud/network/router.go @@ -1,11 +1,11 @@ package network import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Router struct { - Metadata defsecTypes.Metadata - SecurityGroup defsecTypes.StringValue + Metadata iacTypes.Metadata + SecurityGroup iacTypes.StringValue NetworkInterfaces []NetworkInterface } diff --git a/pkg/iac/providers/nifcloud/network/vpn_gateway.go b/pkg/iac/providers/nifcloud/network/vpn_gateway.go index 594e58768423..54ff74aab3d4 100644 --- a/pkg/iac/providers/nifcloud/network/vpn_gateway.go +++ b/pkg/iac/providers/nifcloud/network/vpn_gateway.go @@ -1,10 +1,10 @@ package network import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type VpnGateway struct { - Metadata defsecTypes.Metadata - SecurityGroup defsecTypes.StringValue + Metadata iacTypes.Metadata + SecurityGroup iacTypes.StringValue } diff --git a/pkg/iac/providers/nifcloud/rdb/db_instance.go b/pkg/iac/providers/nifcloud/rdb/db_instance.go index 9b00e11212f4..be888d09210e 100644 --- a/pkg/iac/providers/nifcloud/rdb/db_instance.go +++ b/pkg/iac/providers/nifcloud/rdb/db_instance.go @@ -1,14 +1,14 @@ package rdb import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type DBInstance struct { - Metadata defsecTypes.Metadata - BackupRetentionPeriodDays defsecTypes.IntValue - Engine defsecTypes.StringValue - EngineVersion defsecTypes.StringValue - NetworkID defsecTypes.StringValue - PublicAccess defsecTypes.BoolValue + Metadata iacTypes.Metadata + BackupRetentionPeriodDays iacTypes.IntValue + Engine iacTypes.StringValue + EngineVersion iacTypes.StringValue + NetworkID iacTypes.StringValue + PublicAccess iacTypes.BoolValue } diff --git a/pkg/iac/providers/nifcloud/rdb/db_security_group.go b/pkg/iac/providers/nifcloud/rdb/db_security_group.go index f3e603a4af04..3c9e350e5cad 100644 --- a/pkg/iac/providers/nifcloud/rdb/db_security_group.go +++ b/pkg/iac/providers/nifcloud/rdb/db_security_group.go @@ -1,11 +1,11 @@ package rdb import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type DBSecurityGroup struct { - Metadata defsecTypes.Metadata - Description defsecTypes.StringValue - CIDRs []defsecTypes.StringValue + Metadata iacTypes.Metadata + Description iacTypes.StringValue + CIDRs []iacTypes.StringValue } diff --git a/pkg/iac/providers/nifcloud/sslcertificate/server_certificate.go b/pkg/iac/providers/nifcloud/sslcertificate/server_certificate.go index 1cb9613f6fd4..86dc479851a3 100644 --- a/pkg/iac/providers/nifcloud/sslcertificate/server_certificate.go +++ b/pkg/iac/providers/nifcloud/sslcertificate/server_certificate.go @@ -1,10 +1,10 @@ package sslcertificate import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type ServerCertificate struct { - Metadata defsecTypes.Metadata - Expiration defsecTypes.TimeValue + Metadata iacTypes.Metadata + Expiration iacTypes.TimeValue } diff --git a/pkg/iac/providers/openstack/networking.go b/pkg/iac/providers/openstack/networking.go index c0569358b325..944bc3fe9253 100644 --- a/pkg/iac/providers/openstack/networking.go +++ b/pkg/iac/providers/openstack/networking.go @@ -1,7 +1,7 @@ package openstack import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Networking struct { @@ -9,19 +9,19 @@ type Networking struct { } type SecurityGroup struct { - Metadata defsecTypes.Metadata - Name defsecTypes.StringValue - Description defsecTypes.StringValue + Metadata iacTypes.Metadata + Name iacTypes.StringValue + Description iacTypes.StringValue Rules []SecurityGroupRule } // SecurityGroupRule describes https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/resources/networking_secgroup_rule_v2 type SecurityGroupRule struct { - Metadata defsecTypes.Metadata - IsIngress defsecTypes.BoolValue - EtherType defsecTypes.IntValue // 4 or 6 for ipv4/ipv6 - Protocol defsecTypes.StringValue // e.g. tcp - PortMin defsecTypes.IntValue - PortMax defsecTypes.IntValue - CIDR defsecTypes.StringValue + Metadata iacTypes.Metadata + IsIngress iacTypes.BoolValue + EtherType iacTypes.IntValue // 4 or 6 for ipv4/ipv6 + Protocol iacTypes.StringValue // e.g. tcp + PortMin iacTypes.IntValue + PortMax iacTypes.IntValue + CIDR iacTypes.StringValue } diff --git a/pkg/iac/providers/openstack/openstack.go b/pkg/iac/providers/openstack/openstack.go index cc299a61ae84..04a23f28fcee 100755 --- a/pkg/iac/providers/openstack/openstack.go +++ b/pkg/iac/providers/openstack/openstack.go @@ -1,7 +1,7 @@ package openstack import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type OpenStack struct { @@ -20,15 +20,15 @@ type Firewall struct { } type FirewallRule struct { - Metadata defsecTypes.Metadata - Source defsecTypes.StringValue - Destination defsecTypes.StringValue - SourcePort defsecTypes.StringValue - DestinationPort defsecTypes.StringValue - Enabled defsecTypes.BoolValue + Metadata iacTypes.Metadata + Source iacTypes.StringValue + Destination iacTypes.StringValue + SourcePort iacTypes.StringValue + DestinationPort iacTypes.StringValue + Enabled iacTypes.BoolValue } type Instance struct { - Metadata defsecTypes.Metadata - AdminPassword defsecTypes.StringValue + Metadata iacTypes.Metadata + AdminPassword iacTypes.StringValue } diff --git a/pkg/iac/providers/oracle/oracle.go b/pkg/iac/providers/oracle/oracle.go index e8c558141517..6d6a3ecbdfe5 100755 --- a/pkg/iac/providers/oracle/oracle.go +++ b/pkg/iac/providers/oracle/oracle.go @@ -1,7 +1,7 @@ package oracle import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Oracle struct { @@ -13,6 +13,6 @@ type Compute struct { } type AddressReservation struct { - Metadata defsecTypes.Metadata - Pool defsecTypes.StringValue // e.g. public-pool + Metadata iacTypes.Metadata + Pool iacTypes.StringValue // e.g. public-pool } diff --git a/pkg/iac/rego/metadata.go b/pkg/iac/rego/metadata.go index d345084ecc59..f2a6505910d1 100644 --- a/pkg/iac/rego/metadata.go +++ b/pkg/iac/rego/metadata.go @@ -13,7 +13,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers" "github.com/aquasecurity/trivy/pkg/iac/scan" "github.com/aquasecurity/trivy/pkg/iac/severity" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type StaticMetadata struct { @@ -367,8 +367,8 @@ func (m *MetadataRetriever) queryInputOptions(ctx context.Context, module *ast.M if rawType, ok := selectorMap["type"]; ok { selector.Type = fmt.Sprintf("%s", rawType) // handle backward compatibility for "defsec" source type which is now "cloud" - if selector.Type == string(defsecTypes.SourceDefsec) { - selector.Type = string(defsecTypes.SourceCloud) + if selector.Type == string(iacTypes.SourceDefsec) { + selector.Type = string(iacTypes.SourceCloud) } } if subType, ok := selectorMap["subtypes"].([]interface{}); ok { diff --git a/pkg/iac/rego/result.go b/pkg/iac/rego/result.go index 6ec7ee7157d5..dd2f7629d3a3 100644 --- a/pkg/iac/rego/result.go +++ b/pkg/iac/rego/result.go @@ -8,7 +8,7 @@ import ( "github.com/open-policy-agent/opa/rego" "github.com/aquasecurity/trivy/pkg/iac/scan" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type regoResult struct { @@ -25,16 +25,16 @@ type regoResult struct { Parent *regoResult } -func (r regoResult) GetMetadata() defsecTypes.Metadata { - var m defsecTypes.Metadata +func (r regoResult) GetMetadata() iacTypes.Metadata { + var m iacTypes.Metadata if !r.Managed { - m = defsecTypes.NewUnmanagedMetadata() + m = iacTypes.NewUnmanagedMetadata() } else { - rng := defsecTypes.NewRangeWithFSKey(r.Filepath, r.StartLine, r.EndLine, r.SourcePrefix, r.FSKey, r.FS) + rng := iacTypes.NewRangeWithFSKey(r.Filepath, r.StartLine, r.EndLine, r.SourcePrefix, r.FSKey, r.FS) if r.Explicit { - m = defsecTypes.NewExplicitMetadata(rng, r.Resource) + m = iacTypes.NewExplicitMetadata(rng, r.Resource) } else { - m = defsecTypes.NewMetadata(rng, r.Resource) + m = iacTypes.NewMetadata(rng, r.Resource) } } if r.Parent != nil { diff --git a/pkg/iac/scan/code.go b/pkg/iac/scan/code.go index 7a37b6e0cdb6..5041b23ca2cc 100644 --- a/pkg/iac/scan/code.go +++ b/pkg/iac/scan/code.go @@ -6,7 +6,7 @@ import ( "path/filepath" "strings" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Code struct { @@ -94,7 +94,7 @@ func OptionCodeWithHighlighted(include bool) CodeOption { } } -func validateRange(r defsecTypes.Range) error { +func validateRange(r iacTypes.Range) error { if r.GetStartLine() < 0 || r.GetStartLine() > r.GetEndLine() || r.GetEndLine() < 0 { return fmt.Errorf("invalid range: %s", r.String()) } @@ -153,7 +153,7 @@ func (r *Result) GetCode(opts ...CodeOption) (*Code, error) { var highlightedLines []string if settings.includeHighlighted { - highlightedLines = highlight(defsecTypes.CreateFSKey(innerRange.GetFS()), innerRange.GetLocalFilename(), content, settings.theme) + highlightedLines = highlight(iacTypes.CreateFSKey(innerRange.GetFS()), innerRange.GetLocalFilename(), content, settings.theme) if len(highlightedLines) < len(rawLines) { highlightedLines = rawLines } diff --git a/pkg/iac/scan/code_test.go b/pkg/iac/scan/code_test.go index 3e68d99ad73f..e0591ed23c85 100644 --- a/pkg/iac/scan/code_test.go +++ b/pkg/iac/scan/code_test.go @@ -5,7 +5,7 @@ import ( "strings" "testing" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/stretchr/testify/assert" @@ -238,13 +238,13 @@ func TestResult_GetCode(t *testing.T) { t.Run(test.name, func(t *testing.T) { system := memoryfs.New() require.NoError(t, system.WriteFile(test.filename, []byte(test.source), os.ModePerm)) - meta := defsecTypes.NewMetadata( - defsecTypes.NewRange(test.filename, test.start, test.end, "", system), + meta := iacTypes.NewMetadata( + iacTypes.NewRange(test.filename, test.start, test.end, "", system), "", ) if test.outerStart > 0 { - meta = meta.WithParent(defsecTypes.NewMetadata( - defsecTypes.NewRange(test.filename, test.outerStart, test.outerEnd, "", system), + meta = meta.WithParent(iacTypes.NewMetadata( + iacTypes.NewRange(test.filename, test.outerStart, test.outerEnd, "", system), "", )) } diff --git a/pkg/iac/scan/result.go b/pkg/iac/scan/result.go index 79ef77b10889..861171e2dcc0 100644 --- a/pkg/iac/scan/result.go +++ b/pkg/iac/scan/result.go @@ -8,7 +8,7 @@ import ( "strings" "github.com/aquasecurity/trivy/pkg/iac/severity" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Status uint8 @@ -24,7 +24,7 @@ type Result struct { description string annotation string status Status - metadata defsecTypes.Metadata + metadata iacTypes.Metadata severityOverride *severity.Severity regoNamespace string regoRule string @@ -60,7 +60,7 @@ func (r *Result) OverrideDescription(description string) { r.description = description } -func (r *Result) OverrideMetadata(metadata defsecTypes.Metadata) { +func (r *Result) OverrideMetadata(metadata iacTypes.Metadata) { r.metadata = metadata } @@ -92,11 +92,11 @@ func (r Result) Annotation() string { return r.annotation } -func (r Result) Metadata() defsecTypes.Metadata { +func (r Result) Metadata() iacTypes.Metadata { return r.metadata } -func (r Result) Range() defsecTypes.Range { +func (r Result) Range() iacTypes.Range { return r.metadata.Range() } @@ -104,7 +104,7 @@ func (r Result) Traces() []string { return r.traces } -func (r *Result) AbsolutePath(fsRoot string, metadata defsecTypes.Metadata) string { +func (r *Result) AbsolutePath(fsRoot string, metadata iacTypes.Metadata) string { if strings.HasSuffix(fsRoot, ":") { fsRoot += "/" } @@ -119,7 +119,7 @@ func (r *Result) AbsolutePath(fsRoot string, metadata defsecTypes.Metadata) stri return filepath.Join(fsRoot, rng.GetLocalFilename()) } -func (r *Result) RelativePathTo(fsRoot, to string, metadata defsecTypes.Metadata) string { +func (r *Result) RelativePathTo(fsRoot, to string, metadata iacTypes.Metadata) string { absolute := r.AbsolutePath(fsRoot, metadata) @@ -147,7 +147,7 @@ func (r *Result) RelativePathTo(fsRoot, to string, metadata defsecTypes.Metadata type Results []Result type MetadataProvider interface { - GetMetadata() defsecTypes.Metadata + GetMetadata() iacTypes.Metadata GetRawValue() interface{} } @@ -217,7 +217,7 @@ func (r *Results) AddPassed(source interface{}, descriptions ...string) { *r = append(*r, res) } -func getMetadataFromSource(source interface{}) defsecTypes.Metadata { +func getMetadataFromSource(source interface{}) iacTypes.Metadata { if provider, ok := source.(MetadataProvider); ok { return provider.GetMetadata() } @@ -227,7 +227,7 @@ func getMetadataFromSource(source interface{}) defsecTypes.Metadata { metaValue = metaValue.Elem() } metaVal := metaValue.FieldByName("Metadata") - return metaVal.Interface().(defsecTypes.Metadata) + return metaVal.Interface().(iacTypes.Metadata) } func getAnnotation(source interface{}) string { @@ -275,17 +275,17 @@ func (r *Results) SetSourceAndFilesystem(source string, f fs.FS, logicalSource b } rng := m.Range() - newrng := defsecTypes.NewRange(rng.GetLocalFilename(), rng.GetStartLine(), rng.GetEndLine(), source, f) + newrng := iacTypes.NewRange(rng.GetLocalFilename(), rng.GetStartLine(), rng.GetEndLine(), source, f) if logicalSource { - newrng = defsecTypes.NewRangeWithLogicalSource(rng.GetLocalFilename(), rng.GetStartLine(), rng.GetEndLine(), + newrng = iacTypes.NewRangeWithLogicalSource(rng.GetLocalFilename(), rng.GetStartLine(), rng.GetEndLine(), source, f) } parent := m.Parent() switch { case m.IsExplicit(): - m = defsecTypes.NewExplicitMetadata(newrng, m.Reference()) + m = iacTypes.NewExplicitMetadata(newrng, m.Reference()) default: - m = defsecTypes.NewMetadata(newrng, m.Reference()) + m = iacTypes.NewMetadata(newrng, m.Reference()) } if parent != nil { m.SetParentPtr(parent) diff --git a/pkg/iac/scanners/azure/resolver/resolver.go b/pkg/iac/scanners/azure/resolver/resolver.go index 00b248cc4eef..3794ed20ab64 100644 --- a/pkg/iac/scanners/azure/resolver/resolver.go +++ b/pkg/iac/scanners/azure/resolver/resolver.go @@ -3,7 +3,7 @@ package resolver import ( azure2 "github.com/aquasecurity/trivy/pkg/iac/scanners/azure" "github.com/aquasecurity/trivy/pkg/iac/scanners/azure/expressions" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Resolver interface { @@ -40,7 +40,7 @@ func (r *resolver) ResolveExpression(expression azure2.Value) azure2.Value { return resolved } -func (r *resolver) resolveExpressionString(code string, metadata defsecTypes.Metadata) (azure2.Value, error) { +func (r *resolver) resolveExpressionString(code string, metadata iacTypes.Metadata) (azure2.Value, error) { et, err := expressions.NewExpressionTree(code) if err != nil { return azure2.NullValue, err diff --git a/pkg/iac/scanners/cloudformation/parser/file_context.go b/pkg/iac/scanners/cloudformation/parser/file_context.go index 252e519bf096..4904d13f29d0 100644 --- a/pkg/iac/scanners/cloudformation/parser/file_context.go +++ b/pkg/iac/scanners/cloudformation/parser/file_context.go @@ -1,7 +1,7 @@ package parser import ( - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type SourceFormat string @@ -46,10 +46,10 @@ func (t *FileContext) GetResourcesByType(names ...string) []*Resource { return resources } -func (t *FileContext) Metadata() defsecTypes.Metadata { - rng := defsecTypes.NewRange(t.filepath, 1, len(t.lines), "", nil) +func (t *FileContext) Metadata() iacTypes.Metadata { + rng := iacTypes.NewRange(t.filepath, 1, len(t.lines), "", nil) - return defsecTypes.NewMetadata(rng, NewCFReference("Template", rng).String()) + return iacTypes.NewMetadata(rng, NewCFReference("Template", rng).String()) } func (t *FileContext) OverrideParameters(params map[string]any) { diff --git a/pkg/iac/scanners/cloudformation/parser/property.go b/pkg/iac/scanners/cloudformation/parser/property.go index de377e895f14..3cdbbb36b58a 100644 --- a/pkg/iac/scanners/cloudformation/parser/property.go +++ b/pkg/iac/scanners/cloudformation/parser/property.go @@ -10,7 +10,7 @@ import ( "gopkg.in/yaml.v3" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/cftypes" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type EqualityOptions = int @@ -23,8 +23,8 @@ type Property struct { ctx *FileContext name string comment string - rng defsecTypes.Range - parentRange defsecTypes.Range + rng iacTypes.Range + parentRange iacTypes.Range Inner PropertyInner logicalId string unresolved bool @@ -70,8 +70,8 @@ func (p *Property) setContext(ctx *FileContext) { } } -func (p *Property) setFileAndParentRange(target fs.FS, filepath string, parentRange defsecTypes.Range) { - p.rng = defsecTypes.NewRange(filepath, p.rng.GetStartLine(), p.rng.GetEndLine(), p.rng.GetSourcePrefix(), target) +func (p *Property) setFileAndParentRange(target fs.FS, filepath string, parentRange iacTypes.Range) { + p.rng = iacTypes.NewRange(filepath, p.rng.GetStartLine(), p.rng.GetEndLine(), p.rng.GetSourcePrefix(), target) p.parentRange = parentRange switch p.Type() { @@ -93,14 +93,14 @@ func (p *Property) setFileAndParentRange(target fs.FS, filepath string, parentRa } func (p *Property) UnmarshalYAML(node *yaml.Node) error { - p.rng = defsecTypes.NewRange("", node.Line, calculateEndLine(node), "", nil) + p.rng = iacTypes.NewRange("", node.Line, calculateEndLine(node), "", nil) p.comment = node.LineComment return setPropertyValueFromYaml(node, &p.Inner) } func (p *Property) UnmarshalJSONWithMetadata(node jfather.Node) error { - p.rng = defsecTypes.NewRange("", node.Range().Start.Line, node.Range().End.Line, "", nil) + p.rng = iacTypes.NewRange("", node.Range().Start.Line, node.Range().End.Line, "", nil) return setPropertyValueFromJson(node, &p.Inner) } @@ -108,11 +108,11 @@ func (p *Property) Type() cftypes.CfType { return p.Inner.Type } -func (p *Property) Range() defsecTypes.Range { +func (p *Property) Range() iacTypes.Range { return p.rng } -func (p *Property) Metadata() defsecTypes.Metadata { +func (p *Property) Metadata() iacTypes.Metadata { base := p if p.isFunction() { if resolved, ok := p.resolveValue(); ok { @@ -120,12 +120,12 @@ func (p *Property) Metadata() defsecTypes.Metadata { } } ref := NewCFReferenceWithValue(p.parentRange, *base, p.logicalId) - return defsecTypes.NewMetadata(p.Range(), ref.String()) + return iacTypes.NewMetadata(p.Range(), ref.String()) } -func (p *Property) MetadataWithValue(resolvedValue *Property) defsecTypes.Metadata { +func (p *Property) MetadataWithValue(resolvedValue *Property) iacTypes.Metadata { ref := NewCFReferenceWithValue(p.parentRange, *resolvedValue, p.logicalId) - return defsecTypes.NewMetadata(p.Range(), ref.String()) + return iacTypes.NewMetadata(p.Range(), ref.String()) } func (p *Property) isFunction() bool { @@ -166,14 +166,14 @@ func (p *Property) resolveValue() (*Property, bool) { return p, false } -func (p *Property) GetStringProperty(path string, defaultValue ...string) defsecTypes.StringValue { +func (p *Property) GetStringProperty(path string, defaultValue ...string) iacTypes.StringValue { defVal := "" if len(defaultValue) > 0 { defVal = defaultValue[0] } if p.IsUnresolved() { - return defsecTypes.StringUnresolvable(p.Metadata()) + return iacTypes.StringUnresolvable(p.Metadata()) } prop := p.GetProperty(path) @@ -183,18 +183,18 @@ func (p *Property) GetStringProperty(path string, defaultValue ...string) defsec return prop.AsStringValue() } -func (p *Property) StringDefault(defaultValue string) defsecTypes.StringValue { - return defsecTypes.StringDefault(defaultValue, p.Metadata()) +func (p *Property) StringDefault(defaultValue string) iacTypes.StringValue { + return iacTypes.StringDefault(defaultValue, p.Metadata()) } -func (p *Property) GetBoolProperty(path string, defaultValue ...bool) defsecTypes.BoolValue { +func (p *Property) GetBoolProperty(path string, defaultValue ...bool) iacTypes.BoolValue { defVal := false if len(defaultValue) > 0 { defVal = defaultValue[0] } if p.IsUnresolved() { - return defsecTypes.BoolUnresolvable(p.Metadata()) + return iacTypes.BoolUnresolvable(p.Metadata()) } prop := p.GetProperty(path) @@ -209,14 +209,14 @@ func (p *Property) GetBoolProperty(path string, defaultValue ...bool) defsecType return prop.AsBoolValue() } -func (p *Property) GetIntProperty(path string, defaultValue ...int) defsecTypes.IntValue { +func (p *Property) GetIntProperty(path string, defaultValue ...int) iacTypes.IntValue { defVal := 0 if len(defaultValue) > 0 { defVal = defaultValue[0] } if p.IsUnresolved() { - return defsecTypes.IntUnresolvable(p.Metadata()) + return iacTypes.IntUnresolvable(p.Metadata()) } prop := p.GetProperty(path) @@ -227,12 +227,12 @@ func (p *Property) GetIntProperty(path string, defaultValue ...int) defsecTypes. return prop.AsIntValue() } -func (p *Property) BoolDefault(defaultValue bool) defsecTypes.BoolValue { - return defsecTypes.BoolDefault(defaultValue, p.Metadata()) +func (p *Property) BoolDefault(defaultValue bool) iacTypes.BoolValue { + return iacTypes.BoolDefault(defaultValue, p.Metadata()) } -func (p *Property) IntDefault(defaultValue int) defsecTypes.IntValue { - return defsecTypes.IntDefault(defaultValue, p.Metadata()) +func (p *Property) IntDefault(defaultValue int) iacTypes.IntValue { + return iacTypes.IntDefault(defaultValue, p.Metadata()) } func (p *Property) GetProperty(path string) *Property { @@ -288,38 +288,38 @@ func (p *Property) deriveResolved(propType cftypes.CfType, propValue interface{} } } -func (p *Property) ParentRange() defsecTypes.Range { +func (p *Property) ParentRange() iacTypes.Range { return p.parentRange } -func (p *Property) inferBool(prop *Property, defaultValue bool) defsecTypes.BoolValue { +func (p *Property) inferBool(prop *Property, defaultValue bool) iacTypes.BoolValue { if prop.IsString() { if prop.EqualTo("true", IgnoreCase) { - return defsecTypes.Bool(true, prop.Metadata()) + return iacTypes.Bool(true, prop.Metadata()) } if prop.EqualTo("yes", IgnoreCase) { - return defsecTypes.Bool(true, prop.Metadata()) + return iacTypes.Bool(true, prop.Metadata()) } if prop.EqualTo("1", IgnoreCase) { - return defsecTypes.Bool(true, prop.Metadata()) + return iacTypes.Bool(true, prop.Metadata()) } if prop.EqualTo("false", IgnoreCase) { - return defsecTypes.Bool(false, prop.Metadata()) + return iacTypes.Bool(false, prop.Metadata()) } if prop.EqualTo("no", IgnoreCase) { - return defsecTypes.Bool(false, prop.Metadata()) + return iacTypes.Bool(false, prop.Metadata()) } if prop.EqualTo("0", IgnoreCase) { - return defsecTypes.Bool(false, prop.Metadata()) + return iacTypes.Bool(false, prop.Metadata()) } } if prop.IsInt() { if prop.EqualTo(0) { - return defsecTypes.Bool(false, prop.Metadata()) + return iacTypes.Bool(false, prop.Metadata()) } if prop.EqualTo(1) { - return defsecTypes.Bool(true, prop.Metadata()) + return iacTypes.Bool(true, prop.Metadata()) } } diff --git a/pkg/iac/scanners/cloudformation/parser/property_helpers.go b/pkg/iac/scanners/cloudformation/parser/property_helpers.go index 4e8533d89428..260ea106be79 100644 --- a/pkg/iac/scanners/cloudformation/parser/property_helpers.go +++ b/pkg/iac/scanners/cloudformation/parser/property_helpers.go @@ -5,7 +5,7 @@ import ( "strings" "github.com/aquasecurity/trivy/pkg/iac/scanners/cloudformation/cftypes" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) func (p *Property) IsNil() bool { @@ -92,11 +92,11 @@ func (p *Property) AsString() string { return p.Inner.Value.(string) } -func (p *Property) AsStringValue() defsecTypes.StringValue { +func (p *Property) AsStringValue() iacTypes.StringValue { if p.unresolved { - return defsecTypes.StringUnresolvable(p.Metadata()) + return iacTypes.StringUnresolvable(p.Metadata()) } - return defsecTypes.StringExplicit(p.AsString(), p.Metadata()) + return iacTypes.StringExplicit(p.AsString(), p.Metadata()) } func (p *Property) AsInt() int { @@ -116,11 +116,11 @@ func (p *Property) AsInt() int { return p.Inner.Value.(int) } -func (p *Property) AsIntValue() defsecTypes.IntValue { +func (p *Property) AsIntValue() iacTypes.IntValue { if p.unresolved { - return defsecTypes.IntUnresolvable(p.Metadata()) + return iacTypes.IntUnresolvable(p.Metadata()) } - return defsecTypes.IntExplicit(p.AsInt(), p.Metadata()) + return iacTypes.IntExplicit(p.AsInt(), p.Metadata()) } func (p *Property) AsBool() bool { @@ -136,11 +136,11 @@ func (p *Property) AsBool() bool { return p.Inner.Value.(bool) } -func (p *Property) AsBoolValue() defsecTypes.BoolValue { +func (p *Property) AsBoolValue() iacTypes.BoolValue { if p.unresolved { - return defsecTypes.BoolUnresolvable(p.Metadata()) + return iacTypes.BoolUnresolvable(p.Metadata()) } - return defsecTypes.Bool(p.AsBool(), p.Metadata()) + return iacTypes.Bool(p.AsBool(), p.Metadata()) } func (p *Property) AsMap() map[string]*Property { diff --git a/pkg/iac/scanners/cloudformation/parser/reference.go b/pkg/iac/scanners/cloudformation/parser/reference.go index d5cf5e40e936..59cbf583c8cf 100644 --- a/pkg/iac/scanners/cloudformation/parser/reference.go +++ b/pkg/iac/scanners/cloudformation/parser/reference.go @@ -3,23 +3,23 @@ package parser import ( "fmt" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type CFReference struct { logicalId string - resourceRange defsecTypes.Range + resourceRange iacTypes.Range resolvedValue Property } -func NewCFReference(id string, resourceRange defsecTypes.Range) CFReference { +func NewCFReference(id string, resourceRange iacTypes.Range) CFReference { return CFReference{ logicalId: id, resourceRange: resourceRange, } } -func NewCFReferenceWithValue(resourceRange defsecTypes.Range, resolvedValue Property, logicalId string) CFReference { +func NewCFReferenceWithValue(resourceRange iacTypes.Range, resolvedValue Property, logicalId string) CFReference { return CFReference{ resourceRange: resourceRange, resolvedValue: resolvedValue, @@ -35,15 +35,15 @@ func (cf CFReference) LogicalID() string { return cf.logicalId } -func (cf CFReference) ResourceRange() defsecTypes.Range { +func (cf CFReference) ResourceRange() iacTypes.Range { return cf.resourceRange } -func (cf CFReference) PropertyRange() defsecTypes.Range { +func (cf CFReference) PropertyRange() iacTypes.Range { if cf.resolvedValue.IsNotNil() { return cf.resolvedValue.Range() } - return defsecTypes.Range{} + return iacTypes.Range{} } func (cf CFReference) DisplayValue() string { diff --git a/pkg/iac/scanners/cloudformation/parser/resource.go b/pkg/iac/scanners/cloudformation/parser/resource.go index 7db1bbb7e858..69a864ad7cdf 100644 --- a/pkg/iac/scanners/cloudformation/parser/resource.go +++ b/pkg/iac/scanners/cloudformation/parser/resource.go @@ -7,12 +7,12 @@ import ( "github.com/liamg/jfather" "gopkg.in/yaml.v3" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Resource struct { ctx *FileContext - rng defsecTypes.Range + rng iacTypes.Range id string comment string Inner ResourceInner @@ -38,7 +38,7 @@ func (r *Resource) setId(id string) { } func (r *Resource) setFile(target fs.FS, filepath string) { - r.rng = defsecTypes.NewRange(filepath, r.rng.GetStartLine(), r.rng.GetEndLine(), r.rng.GetSourcePrefix(), target) + r.rng = iacTypes.NewRange(filepath, r.rng.GetStartLine(), r.rng.GetEndLine(), r.rng.GetSourcePrefix(), target) for _, p := range r.Inner.Properties { p.setFileAndParentRange(target, filepath, r.rng) @@ -55,13 +55,13 @@ func (r *Resource) setContext(ctx *FileContext) { } func (r *Resource) UnmarshalYAML(value *yaml.Node) error { - r.rng = defsecTypes.NewRange("", value.Line-1, calculateEndLine(value), "", nil) + r.rng = iacTypes.NewRange("", value.Line-1, calculateEndLine(value), "", nil) r.comment = value.LineComment return value.Decode(&r.Inner) } func (r *Resource) UnmarshalJSONWithMetadata(node jfather.Node) error { - r.rng = defsecTypes.NewRange("", node.Range().Start.Line, node.Range().End.Line, "", nil) + r.rng = iacTypes.NewRange("", node.Range().Start.Line, node.Range().End.Line, "", nil) return node.Decode(&r.Inner) } @@ -73,7 +73,7 @@ func (r *Resource) Type() string { return r.Inner.Type } -func (r *Resource) Range() defsecTypes.Range { +func (r *Resource) Range() iacTypes.Range { return r.rng } @@ -81,8 +81,8 @@ func (r *Resource) SourceFormat() SourceFormat { return r.ctx.SourceFormat } -func (r *Resource) Metadata() defsecTypes.Metadata { - return defsecTypes.NewMetadata(r.Range(), NewCFReference(r.id, r.rng).String()) +func (r *Resource) Metadata() iacTypes.Metadata { + return iacTypes.NewMetadata(r.Range(), NewCFReference(r.id, r.rng).String()) } func (r *Resource) properties() map[string]*Property { @@ -122,7 +122,7 @@ func (r *Resource) GetProperty(path string) *Property { return &Property{} } -func (r *Resource) GetStringProperty(path string, defaultValue ...string) defsecTypes.StringValue { +func (r *Resource) GetStringProperty(path string, defaultValue ...string) iacTypes.StringValue { defVal := "" if len(defaultValue) > 0 { defVal = defaultValue[0] @@ -136,7 +136,7 @@ func (r *Resource) GetStringProperty(path string, defaultValue ...string) defsec return prop.AsStringValue() } -func (r *Resource) GetBoolProperty(path string, defaultValue ...bool) defsecTypes.BoolValue { +func (r *Resource) GetBoolProperty(path string, defaultValue ...bool) iacTypes.BoolValue { defVal := false if len(defaultValue) > 0 { defVal = defaultValue[0] @@ -150,7 +150,7 @@ func (r *Resource) GetBoolProperty(path string, defaultValue ...bool) defsecType return prop.AsBoolValue() } -func (r *Resource) GetIntProperty(path string, defaultValue ...int) defsecTypes.IntValue { +func (r *Resource) GetIntProperty(path string, defaultValue ...int) iacTypes.IntValue { defVal := 0 if len(defaultValue) > 0 { defVal = defaultValue[0] @@ -164,46 +164,46 @@ func (r *Resource) GetIntProperty(path string, defaultValue ...int) defsecTypes. return prop.AsIntValue() } -func (r *Resource) StringDefault(defaultValue string) defsecTypes.StringValue { - return defsecTypes.StringDefault(defaultValue, r.Metadata()) +func (r *Resource) StringDefault(defaultValue string) iacTypes.StringValue { + return iacTypes.StringDefault(defaultValue, r.Metadata()) } -func (r *Resource) BoolDefault(defaultValue bool) defsecTypes.BoolValue { - return defsecTypes.BoolDefault(defaultValue, r.Metadata()) +func (r *Resource) BoolDefault(defaultValue bool) iacTypes.BoolValue { + return iacTypes.BoolDefault(defaultValue, r.Metadata()) } -func (r *Resource) IntDefault(defaultValue int) defsecTypes.IntValue { - return defsecTypes.IntDefault(defaultValue, r.Metadata()) +func (r *Resource) IntDefault(defaultValue int) iacTypes.IntValue { + return iacTypes.IntDefault(defaultValue, r.Metadata()) } -func (r *Resource) inferBool(prop *Property, defaultValue bool) defsecTypes.BoolValue { +func (r *Resource) inferBool(prop *Property, defaultValue bool) iacTypes.BoolValue { if prop.IsString() { if prop.EqualTo("true", IgnoreCase) { - return defsecTypes.Bool(true, prop.Metadata()) + return iacTypes.Bool(true, prop.Metadata()) } if prop.EqualTo("yes", IgnoreCase) { - return defsecTypes.Bool(true, prop.Metadata()) + return iacTypes.Bool(true, prop.Metadata()) } if prop.EqualTo("1", IgnoreCase) { - return defsecTypes.Bool(true, prop.Metadata()) + return iacTypes.Bool(true, prop.Metadata()) } if prop.EqualTo("false", IgnoreCase) { - return defsecTypes.Bool(false, prop.Metadata()) + return iacTypes.Bool(false, prop.Metadata()) } if prop.EqualTo("no", IgnoreCase) { - return defsecTypes.Bool(false, prop.Metadata()) + return iacTypes.Bool(false, prop.Metadata()) } if prop.EqualTo("0", IgnoreCase) { - return defsecTypes.Bool(false, prop.Metadata()) + return iacTypes.Bool(false, prop.Metadata()) } } if prop.IsInt() { if prop.EqualTo(0) { - return defsecTypes.Bool(false, prop.Metadata()) + return iacTypes.Bool(false, prop.Metadata()) } if prop.EqualTo(1) { - return defsecTypes.Bool(true, prop.Metadata()) + return iacTypes.Bool(true, prop.Metadata()) } } diff --git a/pkg/iac/state/merge_test.go b/pkg/iac/state/merge_test.go index 4fab07883500..ff8da78a5ac2 100644 --- a/pkg/iac/state/merge_test.go +++ b/pkg/iac/state/merge_test.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/rds" @@ -28,19 +28,19 @@ func Test_Merging(t *testing.T) { RDS: rds.RDS{ Instances: []rds.Instance{ { - BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), - ReplicationSourceARN: defsecTypes.String("arn:whatever", defsecTypes.Metadata{}), + BackupRetentionPeriodDays: iacTypes.Int(1, iacTypes.Metadata{}), + ReplicationSourceARN: iacTypes.String("arn:whatever", iacTypes.Metadata{}), PerformanceInsights: rds.PerformanceInsights{ - Metadata: defsecTypes.Metadata{}, - Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), - KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + Enabled: iacTypes.Bool(true, iacTypes.Metadata{}), + KMSKeyID: iacTypes.String("keyidhere", iacTypes.Metadata{}), }, Encryption: rds.Encryption{ - Metadata: defsecTypes.Metadata{}, - EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), - KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + EncryptStorage: iacTypes.Bool(true, iacTypes.Metadata{}), + KMSKeyID: iacTypes.String("keyidhere", iacTypes.Metadata{}), }, - PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), + PublicAccess: iacTypes.Bool(true, iacTypes.Metadata{}), }, }, }, @@ -51,19 +51,19 @@ func Test_Merging(t *testing.T) { RDS: rds.RDS{ Instances: []rds.Instance{ { - BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), - ReplicationSourceARN: defsecTypes.String("arn:whatever", defsecTypes.Metadata{}), + BackupRetentionPeriodDays: iacTypes.Int(1, iacTypes.Metadata{}), + ReplicationSourceARN: iacTypes.String("arn:whatever", iacTypes.Metadata{}), PerformanceInsights: rds.PerformanceInsights{ - Metadata: defsecTypes.Metadata{}, - Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), - KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + Enabled: iacTypes.Bool(true, iacTypes.Metadata{}), + KMSKeyID: iacTypes.String("keyidhere", iacTypes.Metadata{}), }, Encryption: rds.Encryption{ - Metadata: defsecTypes.Metadata{}, - EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), - KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + EncryptStorage: iacTypes.Bool(true, iacTypes.Metadata{}), + KMSKeyID: iacTypes.String("keyidhere", iacTypes.Metadata{}), }, - PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), + PublicAccess: iacTypes.Bool(true, iacTypes.Metadata{}), }, }, }, @@ -77,19 +77,19 @@ func Test_Merging(t *testing.T) { RDS: rds.RDS{ Instances: []rds.Instance{ { - BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), - ReplicationSourceARN: defsecTypes.String("arn:whatever", defsecTypes.Metadata{}), + BackupRetentionPeriodDays: iacTypes.Int(1, iacTypes.Metadata{}), + ReplicationSourceARN: iacTypes.String("arn:whatever", iacTypes.Metadata{}), PerformanceInsights: rds.PerformanceInsights{ - Metadata: defsecTypes.Metadata{}, - Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), - KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + Enabled: iacTypes.Bool(true, iacTypes.Metadata{}), + KMSKeyID: iacTypes.String("keyidhere", iacTypes.Metadata{}), }, Encryption: rds.Encryption{ - Metadata: defsecTypes.Metadata{}, - EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), - KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + EncryptStorage: iacTypes.Bool(true, iacTypes.Metadata{}), + KMSKeyID: iacTypes.String("keyidhere", iacTypes.Metadata{}), }, - PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), + PublicAccess: iacTypes.Bool(true, iacTypes.Metadata{}), }, }, }, @@ -100,19 +100,19 @@ func Test_Merging(t *testing.T) { RDS: rds.RDS{ Instances: []rds.Instance{ { - BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), - ReplicationSourceARN: defsecTypes.String("arn:whatever", defsecTypes.Metadata{}), + BackupRetentionPeriodDays: iacTypes.Int(1, iacTypes.Metadata{}), + ReplicationSourceARN: iacTypes.String("arn:whatever", iacTypes.Metadata{}), PerformanceInsights: rds.PerformanceInsights{ - Metadata: defsecTypes.Metadata{}, - Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), - KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + Enabled: iacTypes.Bool(true, iacTypes.Metadata{}), + KMSKeyID: iacTypes.String("keyidhere", iacTypes.Metadata{}), }, Encryption: rds.Encryption{ - Metadata: defsecTypes.Metadata{}, - EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), - KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + EncryptStorage: iacTypes.Bool(true, iacTypes.Metadata{}), + KMSKeyID: iacTypes.String("keyidhere", iacTypes.Metadata{}), }, - PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), + PublicAccess: iacTypes.Bool(true, iacTypes.Metadata{}), }, }, }, @@ -126,19 +126,19 @@ func Test_Merging(t *testing.T) { RDS: rds.RDS{ Instances: []rds.Instance{ { - BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), - ReplicationSourceARN: defsecTypes.String("arn:whatever", defsecTypes.Metadata{}), + BackupRetentionPeriodDays: iacTypes.Int(1, iacTypes.Metadata{}), + ReplicationSourceARN: iacTypes.String("arn:whatever", iacTypes.Metadata{}), PerformanceInsights: rds.PerformanceInsights{ - Metadata: defsecTypes.Metadata{}, - Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), - KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + Enabled: iacTypes.Bool(true, iacTypes.Metadata{}), + KMSKeyID: iacTypes.String("keyidhere", iacTypes.Metadata{}), }, Encryption: rds.Encryption{ - Metadata: defsecTypes.Metadata{}, - EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), - KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + EncryptStorage: iacTypes.Bool(true, iacTypes.Metadata{}), + KMSKeyID: iacTypes.String("keyidhere", iacTypes.Metadata{}), }, - PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), + PublicAccess: iacTypes.Bool(true, iacTypes.Metadata{}), }, }, }, @@ -149,19 +149,19 @@ func Test_Merging(t *testing.T) { RDS: rds.RDS{ Instances: []rds.Instance{ { - BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), - ReplicationSourceARN: defsecTypes.String("arn:whatever:B", defsecTypes.Metadata{}), + BackupRetentionPeriodDays: iacTypes.Int(1, iacTypes.Metadata{}), + ReplicationSourceARN: iacTypes.String("arn:whatever:B", iacTypes.Metadata{}), PerformanceInsights: rds.PerformanceInsights{ - Metadata: defsecTypes.Metadata{}, - Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), - KMSKeyID: defsecTypes.String("keyidhere:B", defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + Enabled: iacTypes.Bool(true, iacTypes.Metadata{}), + KMSKeyID: iacTypes.String("keyidhere:B", iacTypes.Metadata{}), }, Encryption: rds.Encryption{ - Metadata: defsecTypes.Metadata{}, - EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), - KMSKeyID: defsecTypes.String("keyidhere:B", defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + EncryptStorage: iacTypes.Bool(true, iacTypes.Metadata{}), + KMSKeyID: iacTypes.String("keyidhere:B", iacTypes.Metadata{}), }, - PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), + PublicAccess: iacTypes.Bool(true, iacTypes.Metadata{}), }, }, }, @@ -172,19 +172,19 @@ func Test_Merging(t *testing.T) { RDS: rds.RDS{ Instances: []rds.Instance{ { - BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), - ReplicationSourceARN: defsecTypes.String("arn:whatever:B", defsecTypes.Metadata{}), + BackupRetentionPeriodDays: iacTypes.Int(1, iacTypes.Metadata{}), + ReplicationSourceARN: iacTypes.String("arn:whatever:B", iacTypes.Metadata{}), PerformanceInsights: rds.PerformanceInsights{ - Metadata: defsecTypes.Metadata{}, - Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), - KMSKeyID: defsecTypes.String("keyidhere:B", defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + Enabled: iacTypes.Bool(true, iacTypes.Metadata{}), + KMSKeyID: iacTypes.String("keyidhere:B", iacTypes.Metadata{}), }, Encryption: rds.Encryption{ - Metadata: defsecTypes.Metadata{}, - EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), - KMSKeyID: defsecTypes.String("keyidhere:B", defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + EncryptStorage: iacTypes.Bool(true, iacTypes.Metadata{}), + KMSKeyID: iacTypes.String("keyidhere:B", iacTypes.Metadata{}), }, - PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), + PublicAccess: iacTypes.Bool(true, iacTypes.Metadata{}), }, }, }, @@ -198,19 +198,19 @@ func Test_Merging(t *testing.T) { RDS: rds.RDS{ Instances: []rds.Instance{ { - BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), - ReplicationSourceARN: defsecTypes.String("arn:whatever", defsecTypes.Metadata{}), + BackupRetentionPeriodDays: iacTypes.Int(1, iacTypes.Metadata{}), + ReplicationSourceARN: iacTypes.String("arn:whatever", iacTypes.Metadata{}), PerformanceInsights: rds.PerformanceInsights{ - Metadata: defsecTypes.Metadata{}, - Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), - KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + Enabled: iacTypes.Bool(true, iacTypes.Metadata{}), + KMSKeyID: iacTypes.String("keyidhere", iacTypes.Metadata{}), }, Encryption: rds.Encryption{ - Metadata: defsecTypes.Metadata{}, - EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), - KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + EncryptStorage: iacTypes.Bool(true, iacTypes.Metadata{}), + KMSKeyID: iacTypes.String("keyidhere", iacTypes.Metadata{}), }, - PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), + PublicAccess: iacTypes.Bool(true, iacTypes.Metadata{}), }, }, }, @@ -221,39 +221,39 @@ func Test_Merging(t *testing.T) { EC2: ec2.EC2{ Instances: []ec2.Instance{ { - Metadata: defsecTypes.Metadata{}, + Metadata: iacTypes.Metadata{}, MetadataOptions: ec2.MetadataOptions{ - Metadata: defsecTypes.Metadata{}, - HttpTokens: defsecTypes.String("something", defsecTypes.Metadata{}), - HttpEndpoint: defsecTypes.String("something", defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + HttpTokens: iacTypes.String("something", iacTypes.Metadata{}), + HttpEndpoint: iacTypes.String("something", iacTypes.Metadata{}), }, - UserData: defsecTypes.String("something", defsecTypes.Metadata{}), + UserData: iacTypes.String("something", iacTypes.Metadata{}), SecurityGroups: []ec2.SecurityGroup{ { - Metadata: defsecTypes.Metadata{}, - IsDefault: defsecTypes.Bool(true, defsecTypes.Metadata{}), - Description: defsecTypes.String("something", defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + IsDefault: iacTypes.Bool(true, iacTypes.Metadata{}), + Description: iacTypes.String("something", iacTypes.Metadata{}), IngressRules: []ec2.SecurityGroupRule{ { - Metadata: defsecTypes.Metadata{}, - Description: defsecTypes.String("something", defsecTypes.Metadata{}), - CIDRs: []defsecTypes.StringValue{ - defsecTypes.String("something", defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + Description: iacTypes.String("something", iacTypes.Metadata{}), + CIDRs: []iacTypes.StringValue{ + iacTypes.String("something", iacTypes.Metadata{}), }, }, }, EgressRules: nil, - VPCID: defsecTypes.String("something", defsecTypes.Metadata{}), + VPCID: iacTypes.String("something", iacTypes.Metadata{}), }, }, RootBlockDevice: &ec2.BlockDevice{ - Metadata: defsecTypes.Metadata{}, - Encrypted: defsecTypes.Bool(true, defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + Encrypted: iacTypes.Bool(true, iacTypes.Metadata{}), }, EBSBlockDevices: []*ec2.BlockDevice{ { - Metadata: defsecTypes.Metadata{}, - Encrypted: defsecTypes.Bool(true, defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + Encrypted: iacTypes.Bool(true, iacTypes.Metadata{}), }, }, }, @@ -266,39 +266,39 @@ func Test_Merging(t *testing.T) { EC2: ec2.EC2{ Instances: []ec2.Instance{ { - Metadata: defsecTypes.Metadata{}, + Metadata: iacTypes.Metadata{}, MetadataOptions: ec2.MetadataOptions{ - Metadata: defsecTypes.Metadata{}, - HttpTokens: defsecTypes.String("something", defsecTypes.Metadata{}), - HttpEndpoint: defsecTypes.String("something", defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + HttpTokens: iacTypes.String("something", iacTypes.Metadata{}), + HttpEndpoint: iacTypes.String("something", iacTypes.Metadata{}), }, - UserData: defsecTypes.String("something", defsecTypes.Metadata{}), + UserData: iacTypes.String("something", iacTypes.Metadata{}), SecurityGroups: []ec2.SecurityGroup{ { - Metadata: defsecTypes.Metadata{}, - IsDefault: defsecTypes.Bool(true, defsecTypes.Metadata{}), - Description: defsecTypes.String("something", defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + IsDefault: iacTypes.Bool(true, iacTypes.Metadata{}), + Description: iacTypes.String("something", iacTypes.Metadata{}), IngressRules: []ec2.SecurityGroupRule{ { - Metadata: defsecTypes.Metadata{}, - Description: defsecTypes.String("something", defsecTypes.Metadata{}), - CIDRs: []defsecTypes.StringValue{ - defsecTypes.String("something", defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + Description: iacTypes.String("something", iacTypes.Metadata{}), + CIDRs: []iacTypes.StringValue{ + iacTypes.String("something", iacTypes.Metadata{}), }, }, }, EgressRules: nil, - VPCID: defsecTypes.String("something", defsecTypes.Metadata{}), + VPCID: iacTypes.String("something", iacTypes.Metadata{}), }, }, RootBlockDevice: &ec2.BlockDevice{ - Metadata: defsecTypes.Metadata{}, - Encrypted: defsecTypes.Bool(true, defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + Encrypted: iacTypes.Bool(true, iacTypes.Metadata{}), }, EBSBlockDevices: []*ec2.BlockDevice{ { - Metadata: defsecTypes.Metadata{}, - Encrypted: defsecTypes.Bool(true, defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + Encrypted: iacTypes.Bool(true, iacTypes.Metadata{}), }, }, }, @@ -307,19 +307,19 @@ func Test_Merging(t *testing.T) { RDS: rds.RDS{ Instances: []rds.Instance{ { - BackupRetentionPeriodDays: defsecTypes.Int(1, defsecTypes.Metadata{}), - ReplicationSourceARN: defsecTypes.String("arn:whatever", defsecTypes.Metadata{}), + BackupRetentionPeriodDays: iacTypes.Int(1, iacTypes.Metadata{}), + ReplicationSourceARN: iacTypes.String("arn:whatever", iacTypes.Metadata{}), PerformanceInsights: rds.PerformanceInsights{ - Metadata: defsecTypes.Metadata{}, - Enabled: defsecTypes.Bool(true, defsecTypes.Metadata{}), - KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + Enabled: iacTypes.Bool(true, iacTypes.Metadata{}), + KMSKeyID: iacTypes.String("keyidhere", iacTypes.Metadata{}), }, Encryption: rds.Encryption{ - Metadata: defsecTypes.Metadata{}, - EncryptStorage: defsecTypes.Bool(true, defsecTypes.Metadata{}), - KMSKeyID: defsecTypes.String("keyidhere", defsecTypes.Metadata{}), + Metadata: iacTypes.Metadata{}, + EncryptStorage: iacTypes.Bool(true, iacTypes.Metadata{}), + KMSKeyID: iacTypes.String("keyidhere", iacTypes.Metadata{}), }, - PublicAccess: defsecTypes.Bool(true, defsecTypes.Metadata{}), + PublicAccess: iacTypes.Bool(true, iacTypes.Metadata{}), }, }, }, diff --git a/pkg/iac/state/state_test.go b/pkg/iac/state/state_test.go index 6147075fb84d..0b3f3235f6bb 100644 --- a/pkg/iac/state/state_test.go +++ b/pkg/iac/state/state_test.go @@ -6,7 +6,7 @@ import ( "github.com/stretchr/testify/require" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aquasecurity/trivy/pkg/iac/providers/aws" "github.com/aquasecurity/trivy/pkg/iac/providers/aws/s3" @@ -20,12 +20,12 @@ func Test_RegoConversion(t *testing.T) { S3: s3.S3{ Buckets: []s3.Bucket{ { - Metadata: defsecTypes.NewMetadata( - defsecTypes.NewRange("main.tf", 2, 4, "", nil), + Metadata: iacTypes.NewMetadata( + iacTypes.NewRange("main.tf", 2, 4, "", nil), "aws_s3_bucket.example", ), - Name: defsecTypes.String("my-bucket", defsecTypes.NewMetadata( - defsecTypes.NewRange("main.tf", 3, 3, "", nil), + Name: iacTypes.String("my-bucket", iacTypes.NewMetadata( + iacTypes.NewRange("main.tf", 3, 3, "", nil), "aws_s3_bucket.example.bucket", )), }, @@ -73,12 +73,12 @@ func Test_JSONPersistenceOfData(t *testing.T) { S3: s3.S3{ Buckets: []s3.Bucket{ { - Metadata: defsecTypes.NewMetadata( - defsecTypes.NewRange("main.tf", 2, 4, "", nil), + Metadata: iacTypes.NewMetadata( + iacTypes.NewRange("main.tf", 2, 4, "", nil), "aws_s3_bucket.example", ), - Name: defsecTypes.String("my-bucket", defsecTypes.NewMetadata( - defsecTypes.NewRange("main.tf", 3, 3, "", nil), + Name: iacTypes.String("my-bucket", iacTypes.NewMetadata( + iacTypes.NewRange("main.tf", 3, 3, "", nil), "aws_s3_bucket.example.bucket", )), }, diff --git a/pkg/iac/terraform/attribute.go b/pkg/iac/terraform/attribute.go index 8d6e5e6e99e7..24e0ec499352 100644 --- a/pkg/iac/terraform/attribute.go +++ b/pkg/iac/terraform/attribute.go @@ -15,14 +15,14 @@ import ( "github.com/zclconf/go-cty/cty/gocty" "github.com/aquasecurity/trivy/pkg/iac/terraform/context" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Attribute struct { hclAttribute *hcl.Attribute module string ctx *context.Context - metadata defsecTypes.Metadata + metadata iacTypes.Metadata reference Reference } @@ -34,8 +34,8 @@ func (a *Attribute) DecodeVarType() (cty.Type, *typeexpr.Defaults, error) { return t, def, nil } -func NewAttribute(attr *hcl.Attribute, ctx *context.Context, module string, parent defsecTypes.Metadata, parentRef Reference, moduleSource string, moduleFS fs.FS) *Attribute { - rng := defsecTypes.NewRange( +func NewAttribute(attr *hcl.Attribute, ctx *context.Context, module string, parent iacTypes.Metadata, parentRef Reference, moduleSource string, moduleFS fs.FS) *Attribute { + rng := iacTypes.NewRange( attr.Range.Filename, attr.Range.Start.Line, attr.Range.End.Line, @@ -43,7 +43,7 @@ func NewAttribute(attr *hcl.Attribute, ctx *context.Context, module string, pare moduleFS, ) reference := extendReference(parentRef, attr.Name) - metadata := defsecTypes.NewMetadata(rng, reference.String()) + metadata := iacTypes.NewMetadata(rng, reference.String()) return &Attribute{ hclAttribute: attr, ctx: ctx, @@ -53,7 +53,7 @@ func NewAttribute(attr *hcl.Attribute, ctx *context.Context, module string, pare } } -func (a *Attribute) GetMetadata() defsecTypes.Metadata { +func (a *Attribute) GetMetadata() iacTypes.Metadata { return a.metadata } @@ -100,72 +100,72 @@ func (a *Attribute) GetRawValue() interface{} { return nil } -func (a *Attribute) AsBytesValueOrDefault(defaultValue []byte, parent *Block) defsecTypes.BytesValue { +func (a *Attribute) AsBytesValueOrDefault(defaultValue []byte, parent *Block) iacTypes.BytesValue { if a.IsNil() { - return defsecTypes.BytesDefault(defaultValue, parent.GetMetadata()) + return iacTypes.BytesDefault(defaultValue, parent.GetMetadata()) } if a.IsNotResolvable() || !a.IsString() { - return defsecTypes.BytesUnresolvable(a.GetMetadata()) + return iacTypes.BytesUnresolvable(a.GetMetadata()) } - return defsecTypes.BytesExplicit( + return iacTypes.BytesExplicit( []byte(a.Value().AsString()), a.GetMetadata(), ) } -func (a *Attribute) AsStringValueOrDefault(defaultValue string, parent *Block) defsecTypes.StringValue { +func (a *Attribute) AsStringValueOrDefault(defaultValue string, parent *Block) iacTypes.StringValue { if a.IsNil() { - return defsecTypes.StringDefault(defaultValue, parent.GetMetadata()) + return iacTypes.StringDefault(defaultValue, parent.GetMetadata()) } if a.IsNotResolvable() || !a.IsString() { - return defsecTypes.StringUnresolvable(a.GetMetadata()) + return iacTypes.StringUnresolvable(a.GetMetadata()) } - return defsecTypes.StringExplicit( + return iacTypes.StringExplicit( a.Value().AsString(), a.GetMetadata(), ) } -func (a *Attribute) AsStringValueSliceOrEmpty() (stringValues []defsecTypes.StringValue) { +func (a *Attribute) AsStringValueSliceOrEmpty() (stringValues []iacTypes.StringValue) { if a.IsNil() { return stringValues } return a.AsStringValues() } -func (a *Attribute) AsStringValuesOrDefault(parent *Block, defaults ...string) []defsecTypes.StringValue { +func (a *Attribute) AsStringValuesOrDefault(parent *Block, defaults ...string) []iacTypes.StringValue { if a.IsNil() { - res := make(defsecTypes.StringValueList, 0, len(defaults)) + res := make(iacTypes.StringValueList, 0, len(defaults)) for _, def := range defaults { - res = append(res, defsecTypes.StringDefault(def, parent.GetMetadata())) + res = append(res, iacTypes.StringDefault(def, parent.GetMetadata())) } return res } return a.AsStringValues() } -func (a *Attribute) AsBoolValueOrDefault(defaultValue bool, parent *Block) defsecTypes.BoolValue { +func (a *Attribute) AsBoolValueOrDefault(defaultValue bool, parent *Block) iacTypes.BoolValue { if a.IsNil() { - return defsecTypes.BoolDefault(defaultValue, parent.GetMetadata()) + return iacTypes.BoolDefault(defaultValue, parent.GetMetadata()) } if a.IsNotResolvable() || !a.IsBool() { - return defsecTypes.BoolUnresolvable(a.GetMetadata()) + return iacTypes.BoolUnresolvable(a.GetMetadata()) } - return defsecTypes.BoolExplicit( + return iacTypes.BoolExplicit( a.IsTrue(), a.GetMetadata(), ) } -func (a *Attribute) AsIntValueOrDefault(defaultValue int, parent *Block) defsecTypes.IntValue { +func (a *Attribute) AsIntValueOrDefault(defaultValue int, parent *Block) iacTypes.IntValue { if a.IsNil() { - return defsecTypes.IntDefault(defaultValue, parent.GetMetadata()) + return iacTypes.IntDefault(defaultValue, parent.GetMetadata()) } if a.IsNotResolvable() || !a.IsNumber() { - return defsecTypes.IntUnresolvable(a.GetMetadata()) + return iacTypes.IntUnresolvable(a.GetMetadata()) } flt := a.AsNumber() - return defsecTypes.IntExplicit( + return iacTypes.IntExplicit( int(flt), a.GetMetadata(), ) @@ -305,7 +305,7 @@ func (a *Attribute) Name() string { return a.hclAttribute.Name } -func (a *Attribute) AsStringValues() defsecTypes.StringValueList { +func (a *Attribute) AsStringValues() iacTypes.StringValueList { if a == nil { return nil } @@ -313,11 +313,11 @@ func (a *Attribute) AsStringValues() defsecTypes.StringValueList { } // nolint -func (a *Attribute) getStringValues(expr hcl.Expression, ctx *hcl.EvalContext) (results []defsecTypes.StringValue) { +func (a *Attribute) getStringValues(expr hcl.Expression, ctx *hcl.EvalContext) (results []iacTypes.StringValue) { defer func() { if err := recover(); err != nil { - results = []defsecTypes.StringValue{defsecTypes.StringUnresolvable(a.metadata)} + results = []iacTypes.StringValue{iacTypes.StringUnresolvable(a.metadata)} } }() @@ -326,7 +326,7 @@ func (a *Attribute) getStringValues(expr hcl.Expression, ctx *hcl.EvalContext) ( for _, expr := range t.Exprs { val, err := expr.Value(a.ctx.Inner()) if err != nil { - results = append(results, defsecTypes.StringUnresolvable(a.metadata)) + results = append(results, iacTypes.StringUnresolvable(a.metadata)) continue } results = append(results, a.valueToString(val)) @@ -334,7 +334,7 @@ func (a *Attribute) getStringValues(expr hcl.Expression, ctx *hcl.EvalContext) ( case *hclsyntax.FunctionCallExpr, *hclsyntax.ConditionalExpr: subVal, err := t.Value(ctx) if err != nil { - return append(results, defsecTypes.StringUnresolvable(a.metadata)) + return append(results, iacTypes.StringUnresolvable(a.metadata)) } return a.valueToStrings(subVal) case *hclsyntax.LiteralValueExpr: @@ -344,7 +344,7 @@ func (a *Attribute) getStringValues(expr hcl.Expression, ctx *hcl.EvalContext) ( for _, p := range t.Parts { val, err := p.Value(a.ctx.Inner()) if err != nil { - results = append(results, defsecTypes.StringUnresolvable(a.metadata)) + results = append(results, iacTypes.StringUnresolvable(a.metadata)) continue } value := a.valueToString(val) @@ -355,35 +355,35 @@ func (a *Attribute) getStringValues(expr hcl.Expression, ctx *hcl.EvalContext) ( if len(t.Variables()) > 0 { if t.Variables()[0].RootName() == "data" { // we can't resolve data lookups at this time, so make unresolvable - return append(results, defsecTypes.StringUnresolvable(a.metadata)) + return append(results, iacTypes.StringUnresolvable(a.metadata)) } } subVal, err := t.Value(ctx) if err != nil { - return append(results, defsecTypes.StringUnresolvable(a.metadata)) + return append(results, iacTypes.StringUnresolvable(a.metadata)) } return a.valueToStrings(subVal) default: val, err := t.Value(a.ctx.Inner()) if err != nil { - return append(results, defsecTypes.StringUnresolvable(a.metadata)) + return append(results, iacTypes.StringUnresolvable(a.metadata)) } results = a.valueToStrings(val) } return results } -func (a *Attribute) valueToStrings(value cty.Value) (results []defsecTypes.StringValue) { +func (a *Attribute) valueToStrings(value cty.Value) (results []iacTypes.StringValue) { defer func() { if err := recover(); err != nil { - results = []defsecTypes.StringValue{defsecTypes.StringUnresolvable(a.metadata)} + results = []iacTypes.StringValue{iacTypes.StringUnresolvable(a.metadata)} } }() if value.IsNull() { - return []defsecTypes.StringValue{defsecTypes.StringUnresolvable(a.metadata)} + return []iacTypes.StringValue{iacTypes.StringUnresolvable(a.metadata)} } if !value.IsKnown() { - return []defsecTypes.StringValue{defsecTypes.StringUnresolvable(a.metadata)} + return []iacTypes.StringValue{iacTypes.StringUnresolvable(a.metadata)} } if value.Type().IsListType() || value.Type().IsTupleType() || value.Type().IsSetType() { for _, val := range value.AsValueSlice() { @@ -393,14 +393,14 @@ func (a *Attribute) valueToStrings(value cty.Value) (results []defsecTypes.Strin return results } -func (a *Attribute) valueToString(value cty.Value) (result defsecTypes.StringValue) { +func (a *Attribute) valueToString(value cty.Value) (result iacTypes.StringValue) { defer func() { if err := recover(); err != nil { - result = defsecTypes.StringUnresolvable(a.metadata) + result = iacTypes.StringUnresolvable(a.metadata) } }() - result = defsecTypes.StringUnresolvable(a.metadata) + result = iacTypes.StringUnresolvable(a.metadata) if value.IsNull() || !value.IsKnown() { return result @@ -408,7 +408,7 @@ func (a *Attribute) valueToString(value cty.Value) (result defsecTypes.StringVal switch value.Type() { case cty.String: - return defsecTypes.String(value.AsString(), a.metadata) + return iacTypes.String(value.AsString(), a.metadata) default: return result } @@ -821,9 +821,9 @@ func (a *Attribute) MapValue(mapKey string) cty.Value { return cty.NilVal } -func (a *Attribute) AsMapValue() defsecTypes.MapValue { +func (a *Attribute) AsMapValue() iacTypes.MapValue { if a.IsNil() || a.IsNotResolvable() || !a.IsMapOrObject() { - return defsecTypes.MapValue{} + return iacTypes.MapValue{} } values := make(map[string]string) @@ -833,7 +833,7 @@ func (a *Attribute) AsMapValue() defsecTypes.MapValue { } }) - return defsecTypes.Map(values, a.GetMetadata()) + return iacTypes.Map(values, a.GetMetadata()) } func (a *Attribute) LessThan(checkValue interface{}) bool { diff --git a/pkg/iac/terraform/block.go b/pkg/iac/terraform/block.go index d69b28ee5317..bfab10bf316c 100644 --- a/pkg/iac/terraform/block.go +++ b/pkg/iac/terraform/block.go @@ -12,7 +12,7 @@ import ( "github.com/zclconf/go-cty/cty/gocty" "github.com/aquasecurity/trivy/pkg/iac/terraform/context" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Block struct { @@ -25,7 +25,7 @@ type Block struct { cloneIndex int childBlocks []*Block attributes []*Attribute - metadata defsecTypes.Metadata + metadata iacTypes.Metadata moduleSource string moduleFS fs.FS reference Reference @@ -49,7 +49,7 @@ func NewBlock(hclBlock *hcl.Block, ctx *context.Context, moduleBlock *Block, par if moduleBlock != nil { moduleName = moduleBlock.FullName() } - rng := defsecTypes.NewRange( + rng := iacTypes.NewRange( r.Filename, r.Start.Line, r.End.Line, @@ -76,7 +76,7 @@ func NewBlock(hclBlock *hcl.Block, ctx *context.Context, moduleBlock *Block, par ref.SetKey(key) } - metadata := defsecTypes.NewMetadata(rng, ref.String()) + metadata := iacTypes.NewMetadata(rng, ref.String()) if parentBlock != nil { metadata = metadata.WithParent(parentBlock.metadata) @@ -128,7 +128,7 @@ func (b *Block) Reference() Reference { return b.reference } -func (b *Block) GetMetadata() defsecTypes.Metadata { +func (b *Block) GetMetadata() iacTypes.Metadata { return b.metadata } diff --git a/pkg/iac/terraform/ignore.go b/pkg/iac/terraform/ignore.go index 6db39914c885..e52fbf202be5 100644 --- a/pkg/iac/terraform/ignore.go +++ b/pkg/iac/terraform/ignore.go @@ -6,11 +6,11 @@ import ( "github.com/zclconf/go-cty/cty" - defsecTypes "github.com/aquasecurity/trivy/pkg/iac/types" + iacTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) type Ignore struct { - Range defsecTypes.Range + Range iacTypes.Range RuleID string Expiry *time.Time Workspace string @@ -20,7 +20,7 @@ type Ignore struct { type Ignores []Ignore -func (ignores Ignores) Covering(modules Modules, m defsecTypes.Metadata, workspace string, ids ...string) *Ignore { +func (ignores Ignores) Covering(modules Modules, m iacTypes.Metadata, workspace string, ids ...string) *Ignore { for _, ignore := range ignores { if ignore.Covering(modules, m, workspace, ids...) { return &ignore @@ -29,7 +29,7 @@ func (ignores Ignores) Covering(modules Modules, m defsecTypes.Metadata, workspa return nil } -func (ignore Ignore) Covering(modules Modules, m defsecTypes.Metadata, workspace string, ids ...string) bool { +func (ignore Ignore) Covering(modules Modules, m iacTypes.Metadata, workspace string, ids ...string) bool { if ignore.Expiry != nil && time.Now().After(*ignore.Expiry) { return false } @@ -62,7 +62,7 @@ func (ignore Ignore) Covering(modules Modules, m defsecTypes.Metadata, workspace } -func (ignore Ignore) MatchParams(modules Modules, blockMetadata *defsecTypes.Metadata) bool { +func (ignore Ignore) MatchParams(modules Modules, blockMetadata *iacTypes.Metadata) bool { if len(ignore.Params) == 0 { return true } diff --git a/pkg/misconf/scanner.go b/pkg/misconf/scanner.go index cb4970a1bd86..3a4bb5311758 100644 --- a/pkg/misconf/scanner.go +++ b/pkg/misconf/scanner.go @@ -33,7 +33,7 @@ import ( _ "embed" ) -var enabledDefsecTypes = map[detection.FileType]types.ConfigType{ +var enablediacTypes = map[detection.FileType]types.ConfigType{ detection.FileTypeAzureARM: types.AzureARM, detection.FileTypeCloudFormation: types.CloudFormation, detection.FileTypeTerraform: types.Terraform, @@ -154,7 +154,7 @@ func (s *Scanner) Scan(ctx context.Context, fsys fs.FS) ([]types.Misconfiguratio return nil, xerrors.Errorf("scan config error: %w", err) } - configType := enabledDefsecTypes[s.fileType] + configType := enablediacTypes[s.fileType] misconfs := ResultsToMisconf(configType, s.scanner.Name(), results) // Sort misconfigurations From 8edad8957d88fb010b0b483f08f0e9893893cb7f Mon Sep 17 00:00:00 2001 From: Simar Date: Fri, 16 Feb 2024 00:54:29 -0700 Subject: [PATCH 13/13] update a few more defsec related refs with iac --- pkg/cloud/aws/commands/run_test.go | 1 - pkg/fanal/secret/builtin-rules.go | 8 ++++---- pkg/policy/policy.go | 2 +- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/pkg/cloud/aws/commands/run_test.go b/pkg/cloud/aws/commands/run_test.go index 069ec53751a1..feacdcc5a762 100644 --- a/pkg/cloud/aws/commands/run_test.go +++ b/pkg/cloud/aws/commands/run_test.go @@ -1004,7 +1004,6 @@ deny { ReportOptions: flag.ReportOptions{ Compliance: spec.ComplianceSpec{ Spec: iacTypes.Spec{ - // TODO: refactor defsec so that the parsed spec can be passed ID: "@testdata/example-spec.yaml", Title: "my-custom-spec", Description: "My fancy spec", diff --git a/pkg/fanal/secret/builtin-rules.go b/pkg/fanal/secret/builtin-rules.go index 6b102fbbed92..ef0347c49064 100644 --- a/pkg/fanal/secret/builtin-rules.go +++ b/pkg/fanal/secret/builtin-rules.go @@ -6,7 +6,7 @@ import ( "github.com/samber/lo" "github.com/aquasecurity/trivy/pkg/fanal/types" - defsecRules "github.com/aquasecurity/trivy/pkg/iac/rules" + iacRules "github.com/aquasecurity/trivy/pkg/iac/rules" ) var ( @@ -82,9 +82,9 @@ const ( ) // This function is exported for trivy-plugin-aqua purposes only -func GetSecretRulesMetadata() []defsecRules.Check { - return lo.Map(builtinRules, func(rule Rule, i int) defsecRules.Check { - return defsecRules.Check{ +func GetSecretRulesMetadata() []iacRules.Check { + return lo.Map(builtinRules, func(rule Rule, i int) iacRules.Check { + return iacRules.Check{ Name: rule.ID, Description: rule.Title, } diff --git a/pkg/policy/policy.go b/pkg/policy/policy.go index a312753e823d..b5b6792953ca 100644 --- a/pkg/policy/policy.go +++ b/pkg/policy/policy.go @@ -18,7 +18,7 @@ import ( ) const ( - BundleVersion = 0 // Latest released MAJOR version for defsec + BundleVersion = 0 // Latest released MAJOR version for trivy-policies BundleRepository = "ghcr.io/aquasecurity/trivy-policies" policyMediaType = "application/vnd.cncf.openpolicyagent.layer.v1.tar+gzip" updateInterval = 24 * time.Hour