diff --git a/cli/reporter/cnquery_report.pb.go b/cli/reporter/cnquery_report.pb.go index 5a2b766c56..ce35415c86 100644 --- a/cli/reporter/cnquery_report.pb.go +++ b/cli/reporter/cnquery_report.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.33.0 +// protoc-gen-go v1.34.1 // protoc v5.26.1 // source: cnquery_report.proto diff --git a/explorer/cnquery_explorer.pb.go b/explorer/cnquery_explorer.pb.go index 1075104861..80cb91e5a3 100644 --- a/explorer/cnquery_explorer.pb.go +++ b/explorer/cnquery_explorer.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.33.0 +// protoc-gen-go v1.34.1 // protoc v5.26.1 // source: cnquery_explorer.proto diff --git a/explorer/resources/cnquery_resources_explorer.pb.go b/explorer/resources/cnquery_resources_explorer.pb.go index 000b213cc7..c00be565c0 100644 --- a/explorer/resources/cnquery_resources_explorer.pb.go +++ b/explorer/resources/cnquery_resources_explorer.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.33.0 +// protoc-gen-go v1.34.1 // protoc v5.26.1 // source: cnquery_resources_explorer.proto diff --git a/explorer/scan/cnquery_explorer_scan.pb.go b/explorer/scan/cnquery_explorer_scan.pb.go index 3de59b101b..bf06486231 100644 --- a/explorer/scan/cnquery_explorer_scan.pb.go +++ b/explorer/scan/cnquery_explorer_scan.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.33.0 +// protoc-gen-go v1.34.1 // protoc v5.26.1 // source: cnquery_explorer_scan.proto diff --git a/llx/llx.pb.go b/llx/llx.pb.go index c35b74a0be..32c727abff 100644 --- a/llx/llx.pb.go +++ b/llx/llx.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.33.0 +// protoc-gen-go v1.34.1 // protoc v5.26.1 // source: llx.proto diff --git a/providers-sdk/v1/inventory/inventory.pb.go b/providers-sdk/v1/inventory/inventory.pb.go index bd37815cc5..74f64e4de3 100644 --- a/providers-sdk/v1/inventory/inventory.pb.go +++ b/providers-sdk/v1/inventory/inventory.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.33.0 +// protoc-gen-go v1.34.1 // protoc v5.26.1 // source: inventory.proto diff --git a/providers-sdk/v1/plugin/plugin.pb.go b/providers-sdk/v1/plugin/plugin.pb.go index c76bd3461d..fd56e87c84 100644 --- a/providers-sdk/v1/plugin/plugin.pb.go +++ b/providers-sdk/v1/plugin/plugin.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.33.0 +// protoc-gen-go v1.34.1 // protoc v5.26.1 // source: plugin.proto diff --git a/providers-sdk/v1/resources/resources.pb.go b/providers-sdk/v1/resources/resources.pb.go index 163c4bb87c..172a059b33 100644 --- a/providers-sdk/v1/resources/resources.pb.go +++ b/providers-sdk/v1/resources/resources.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.33.0 +// protoc-gen-go v1.34.1 // protoc v5.26.1 // source: resources.proto diff --git a/providers-sdk/v1/upstream/health/errors.pb.go b/providers-sdk/v1/upstream/health/errors.pb.go index 1eb5974e79..d6a42dece6 100644 --- a/providers-sdk/v1/upstream/health/errors.pb.go +++ b/providers-sdk/v1/upstream/health/errors.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.33.0 +// protoc-gen-go v1.34.1 // protoc v5.26.1 // source: errors.proto diff --git a/providers-sdk/v1/upstream/health/health.pb.go b/providers-sdk/v1/upstream/health/health.pb.go index 99d2890d44..1b0128f2cb 100644 --- a/providers-sdk/v1/upstream/health/health.pb.go +++ b/providers-sdk/v1/upstream/health/health.pb.go @@ -17,7 +17,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.33.0 +// protoc-gen-go v1.34.1 // protoc v5.26.1 // source: health.proto diff --git a/providers-sdk/v1/upstream/mvd/cvss/cvss.pb.go b/providers-sdk/v1/upstream/mvd/cvss/cvss.pb.go index 7f6dd96a67..03b116f735 100644 --- a/providers-sdk/v1/upstream/mvd/cvss/cvss.pb.go +++ b/providers-sdk/v1/upstream/mvd/cvss/cvss.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.33.0 +// protoc-gen-go v1.34.1 // protoc v5.26.1 // source: cvss.proto diff --git a/providers-sdk/v1/upstream/mvd/mvd.pb.go b/providers-sdk/v1/upstream/mvd/mvd.pb.go index 48ceba7db3..d645a347ca 100644 --- a/providers-sdk/v1/upstream/mvd/mvd.pb.go +++ b/providers-sdk/v1/upstream/mvd/mvd.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.33.0 +// protoc-gen-go v1.34.1 // protoc v5.26.1 // source: mvd.proto diff --git a/providers-sdk/v1/upstream/upstream.pb.go b/providers-sdk/v1/upstream/upstream.pb.go index 421451ef09..b26ce62f3d 100644 --- a/providers-sdk/v1/upstream/upstream.pb.go +++ b/providers-sdk/v1/upstream/upstream.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.33.0 +// protoc-gen-go v1.34.1 // protoc v5.26.1 // source: upstream.proto diff --git a/providers-sdk/v1/vault/vault.pb.go b/providers-sdk/v1/vault/vault.pb.go index 1b7d820e77..93ccb2689c 100644 --- a/providers-sdk/v1/vault/vault.pb.go +++ b/providers-sdk/v1/vault/vault.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.33.0 +// protoc-gen-go v1.34.1 // protoc v5.26.1 // source: vault.proto diff --git a/providers/azure/resources/azure.lr.manifest.yaml b/providers/azure/resources/azure.lr.manifest.yaml index a40cbc7b02..d045d8ec3a 100644 --- a/providers/azure/resources/azure.lr.manifest.yaml +++ b/providers/azure/resources/azure.lr.manifest.yaml @@ -9,11 +9,9 @@ resources: name: - azure azure.subscription: - refs: - - title: Subscriptions, licenses, accounts, and tenants for Microsoft's cloud offerings - url: https://learn.microsoft.com/en-us/microsoft-365/enterprise/subscriptions-licenses-accounts-and-tenants-for-microsoft-cloud-offerings docs: - desc: Use the `azure.subscription` resource to assess the configuration of Azure subscriptions. + desc: Use the `azure.subscription` resource to assess the configuration of Azure + subscriptions. fields: advisor: {} aks: {} @@ -45,12 +43,17 @@ resources: platform: name: - azure + refs: + - title: Subscriptions, licenses, accounts, and tenants for Microsoft's cloud + offerings + url: https://learn.microsoft.com/en-us/microsoft-365/enterprise/subscriptions-licenses-accounts-and-tenants-for-microsoft-cloud-offerings snippets: - query: "azure.subscription {\n subscriptionId \n managedByTenants\n}\n" title: Return the subscription ID and a list of tenants that manage the subscription azure.subscription.advisor: docs: - desc: Use the `azure.subscription.advisor` resource to retrieve scoring and recommendations from Microsoft Azure Advisor. + desc: Use the `azure.subscription.advisor` resource to retrieve scoring and + recommendations from Microsoft Azure Advisor. fields: recommendations: {} subscriptionId: {} @@ -197,11 +200,6 @@ resources: - query: "azure.subscription.aks.clusters {\n id \n createdAt \n powerState \n}\n" title: Return the ID, date and time created, and current power state of clusters azure.subscription.aksService: - refs: - - title: What is Azure Kubernetes Service (AKS)? - url: https://learn.microsoft.com/en-us/azure/aks/what-is-aks - - title: Azure Kubernetes Service (AKS) documentation - url: https://learn.microsoft.com/en-us/azure/aks/ fields: clusters: {} subscriptionId: {} @@ -210,12 +208,12 @@ resources: platform: name: - azure - azure.subscription.aksService.cluster: refs: - title: What is Azure Kubernetes Service (AKS)? url: https://learn.microsoft.com/en-us/azure/aks/what-is-aks - title: Azure Kubernetes Service (AKS) documentation url: https://learn.microsoft.com/en-us/azure/aks/ + azure.subscription.aksService.cluster: fields: addonProfiles: {} agentPoolProfiles: {} @@ -242,6 +240,11 @@ resources: platform: name: - azure + refs: + - title: What is Azure Kubernetes Service (AKS)? + url: https://learn.microsoft.com/en-us/azure/aks/what-is-aks + - title: Azure Kubernetes Service (AKS) documentation + url: https://learn.microsoft.com/en-us/azure/aks/ azure.subscription.authorization: fields: roleDefinitions: {} diff --git a/providers/os/resources/docker_file.go b/providers/os/resources/docker_file.go index 330ec002e9..693c1bc69b 100644 --- a/providers/os/resources/docker_file.go +++ b/providers/os/resources/docker_file.go @@ -190,6 +190,7 @@ func (p *mqlDockerFile) stage2resource(stage instructions.Stage) (*mqlDockerFile var unsupported []string var entrypointRaw *instructions.EntrypointCommand var cmdRaw *instructions.CmdCommand + var userRaw *instructions.UserCommand for i := range stage.Commands { switch v := stage.Commands[i].(type) { case *instructions.EnvCommand: @@ -200,6 +201,9 @@ func (p *mqlDockerFile) stage2resource(stage instructions.Stage) (*mqlDockerFile for _, kv := range v.Labels { labels[kv.Key] = kv.Value } + case *instructions.UserCommand: + userRaw = v + case *instructions.RunCommand: script := strings.Join(v.ShellDependantCmdLine.CmdLine, "\n") runResource, err := CreateResource(p.MqlRuntime, "docker.file.run", map[string]*llx.RawData{ @@ -324,6 +328,30 @@ func (p *mqlDockerFile) stage2resource(stage instructions.Stage) (*mqlDockerFile args["cmd"] = llx.NilData } + if userRaw != nil { + arr := strings.Split(userRaw.User, ":") + var user string + var group string + if len(arr) != 0 && arr[0] != "" { + user = arr[0] + } + + if len(arr) > 1 && arr[1] != "" { + group = arr[1] + } + userResource, err := CreateResource(p.MqlRuntime, "docker.file.user", map[string]*llx.RawData{ + "__id": llx.StringData(p.locationID(userRaw.Location())), + "user": llx.StringData(user), + "group": llx.StringData(group), + }) + if err != nil { + return nil, err + } + args["user"] = llx.ResourceData(userResource, "docker.file.user") + } else { + args["user"] = llx.NilData + } + rawStage, err := CreateResource(p.MqlRuntime, "docker.file.stage", args) if err != nil { return nil, err diff --git a/providers/os/resources/docker_file_test.go b/providers/os/resources/docker_file_test.go index 914c867689..8bc4cb08d3 100644 --- a/providers/os/resources/docker_file_test.go +++ b/providers/os/resources/docker_file_test.go @@ -12,70 +12,197 @@ import ( ) func TestParseDockerfile(t *testing.T) { - dockerfile := ` + cases := []struct { + purpose string + subjectDockerFile string + + expectedLabels map[string]interface{} + expectedEnv map[string]interface{} + expectedFromImage string + expectedFromTag string + expectedUser plugin.TValue[*mqlDockerFileUser] + expectedCmd plugin.TValue[*mqlDockerFileRun] + expectedEntrypoint plugin.TValue[*mqlDockerFileRun] + expectedRunStruct []plugin.TValue[*mqlDockerFileRun] + expectedCopyStruct []plugin.TValue[*mqlDockerFileCopy] + expectedAddStruct []plugin.TValue[*mqlDockerFileAdd] + expectedExposeStructArr []plugin.TValue[*mqlDockerFileExpose] + }{ + { + purpose: "minimal instructions with CMD", + subjectDockerFile: ` +FROM alpine +CMD ["/bin/sh", "-c", "echo 'Hola'"] +`, + expectedLabels: map[string]interface{}{}, + expectedEnv: map[string]interface{}{}, + expectedFromImage: "alpine", + expectedCmd: plugin.TValue[*mqlDockerFileRun]{ + Data: &mqlDockerFileRun{ + Script: plugin.TValue[string]{Data: "/bin/sh\n-c\necho 'Hola'"}, + }, + }, + }, + { + purpose: "without CMD but with ENTRYPOINT", + subjectDockerFile: ` +FROM debian:stable +ENTRYPOINT ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"] +`, + expectedLabels: map[string]interface{}{}, + expectedEnv: map[string]interface{}{}, + expectedFromImage: "debian", + expectedFromTag: "stable", + expectedEntrypoint: plugin.TValue[*mqlDockerFileRun]{ + Data: &mqlDockerFileRun{ + Script: plugin.TValue[string]{Data: "/usr/sbin/apache2ctl\n-D\nFOREGROUND"}, + }, + }, + }, + { + purpose: "with all instructions", + subjectDockerFile: ` FROM alpine:3.14 ENV foo=bar LABEL a=b RUN apk add --no-cache curl LABEL c=d +USER 1001:1001 CMD ["curl", "http://example.com"] ENTRYPOINT ["sh"] EXPOSE 80/udp EXPOSE 8080 COPY /foo /bar ADD /foo-add /bar-add -` +`, + expectedLabels: map[string]interface{}{ + "a": "b", + "c": "d", + }, + expectedEnv: map[string]interface{}{ + "foo": "bar", + }, + expectedFromImage: "alpine", + expectedFromTag: "3.14", + expectedUser: plugin.TValue[*mqlDockerFileUser]{ + Data: &mqlDockerFileUser{ + User: plugin.TValue[string]{Data: "1001"}, + Group: plugin.TValue[string]{Data: "1001"}, + }, + }, + expectedEntrypoint: plugin.TValue[*mqlDockerFileRun]{ + Data: &mqlDockerFileRun{ + Script: plugin.TValue[string]{Data: "sh"}, + }, + }, + expectedCmd: plugin.TValue[*mqlDockerFileRun]{ + Data: &mqlDockerFileRun{ + Script: plugin.TValue[string]{Data: "curl\nhttp://example.com"}, + }, + }, + expectedCopyStruct: []plugin.TValue[*mqlDockerFileCopy]{ + {Data: &mqlDockerFileCopy{ + Src: plugin.TValue[[]interface{}]{ + Data: []interface{}{"/foo"}}, + Dst: plugin.TValue[string]{ + Data: "/bar"}, + }}, + }, + expectedRunStruct: []plugin.TValue[*mqlDockerFileRun]{ + {Data: &mqlDockerFileRun{ + Script: plugin.TValue[string]{ + Data: "apk add --no-cache curl"}, + }}, + }, + expectedAddStruct: []plugin.TValue[*mqlDockerFileAdd]{ + {Data: &mqlDockerFileAdd{ + Src: plugin.TValue[[]interface{}]{ + Data: []interface{}{"/foo-add"}}, + Dst: plugin.TValue[string]{ + Data: "/bar-add"}, + }}, + }, + expectedExposeStructArr: []plugin.TValue[*mqlDockerFileExpose]{ + {Data: &mqlDockerFileExpose{ + Port: plugin.TValue[int64]{Data: int64(80)}, + Protocol: plugin.TValue[string]{Data: "udp"}, + }}, + {Data: &mqlDockerFileExpose{ + Port: plugin.TValue[int64]{Data: int64(8080)}, + Protocol: plugin.TValue[string]{Data: "tcp"}, // this is the default + }}, + }, + }, + } - r := &plugin.Runtime{Resources: &syncx.Map[plugin.Resource]{}} + for _, kase := range cases { + t.Run(kase.purpose, func(t *testing.T) { + r := &plugin.Runtime{Resources: &syncx.Map[plugin.Resource]{}} - file := &mqlFile{ - Content: plugin.TValue[string]{Data: dockerfile, State: plugin.StateIsSet}, - Path: plugin.TValue[string]{Data: "Dockerfile", State: plugin.StateIsSet}, - MqlRuntime: r, - } - dockerFile := mqlDockerFile{ - File: plugin.TValue[*mqlFile]{Data: file, State: plugin.StateIsSet}, - MqlRuntime: r, - } - err := dockerFile.parse(file) + file := &mqlFile{ + Content: plugin.TValue[string]{Data: kase.subjectDockerFile, State: plugin.StateIsSet}, + Path: plugin.TValue[string]{Data: "Dockerfile", State: plugin.StateIsSet}, + MqlRuntime: r, + } + dockerFile := mqlDockerFile{ + File: plugin.TValue[*mqlFile]{Data: file, State: plugin.StateIsSet}, + MqlRuntime: r, + } - require.NoError(t, err) + require.NoError(t, dockerFile.parse(file)) - s := dockerFile.Stages.Data[0].(*mqlDockerFileStage) - expectedLabels := map[string]interface{}{ - "a": "b", - "c": "d", - } - expectedEnv := map[string]interface{}{ - "foo": "bar", - } - require.Equal(t, "alpine", s.From.Data.Image.Data) - require.Equal(t, "3.14", s.From.Data.Tag.Data) - require.Equal(t, expectedLabels, s.Labels.Data) - require.Equal(t, expectedEnv, s.Env.Data) + actualMqlDockerFileStage := dockerFile.Stages.Data[0].(*mqlDockerFileStage) - copy := s.Copy.Data[0].(*mqlDockerFileCopy) - require.Equal(t, []interface{}{"/foo"}, copy.Src.Data) - require.Equal(t, "/bar", copy.Dst.Data) + require.Equal(t, kase.expectedLabels, actualMqlDockerFileStage.Labels.Data) + require.Equal(t, kase.expectedEnv, actualMqlDockerFileStage.Env.Data) + require.Equal(t, kase.expectedFromImage, actualMqlDockerFileStage.From.Data.Image.Data) + require.Equal(t, kase.expectedFromTag, actualMqlDockerFileStage.From.Data.Tag.Data) - run := s.Run.Data[0].(*mqlDockerFileRun) - require.Equal(t, "apk add --no-cache curl", run.Script.Data) + if kase.expectedCmd.Data == nil { + require.Nil(t, actualMqlDockerFileStage.Cmd.Data) + } else { + require.Equal(t, kase.expectedCmd.Data.Script.Data, actualMqlDockerFileStage.Cmd.Data.Script.Data) + } - require.Equal(t, "curl\nhttp://example.com", s.Cmd.Data.Script.Data) - require.Equal(t, "sh", s.Entrypoint.Data.Script.Data) + if kase.expectedUser.Data == nil { + require.Nil(t, actualMqlDockerFileStage.User.Data) + } else { + require.Equal(t, kase.expectedUser.Data.User.Data, actualMqlDockerFileStage.User.Data.User.Data) + require.Equal(t, kase.expectedUser.Data.Group.Data, actualMqlDockerFileStage.User.Data.Group.Data) + } - exposes := []*mqlDockerFileExpose{ - s.Expose.Data[0].(*mqlDockerFileExpose), - s.Expose.Data[1].(*mqlDockerFileExpose), - } + if kase.expectedEntrypoint.Data == nil { + require.Nil(t, actualMqlDockerFileStage.Entrypoint.Data) + } else { + require.Equal(t, kase.expectedEntrypoint.Data.Script.Data, actualMqlDockerFileStage.Entrypoint.Data.Script.Data) + } + + require.Equal(t, len(kase.expectedCopyStruct), len(actualMqlDockerFileStage.Copy.Data)) + for i, cpy := range actualMqlDockerFileStage.Copy.Data { + actualCopy := cpy.(*mqlDockerFileCopy) + require.Equal(t, kase.expectedCopyStruct[i].Data.Src.Data, actualCopy.Src.Data) + require.Equal(t, kase.expectedCopyStruct[i].Data.Dst.Data, actualCopy.Dst.Data) + } - require.Equal(t, int64(80), exposes[0].Port.Data) - require.Equal(t, "udp", exposes[0].Protocol.Data) - require.Equal(t, int64(8080), exposes[1].Port.Data) - // verify default protocol if not specified - require.Equal(t, "tcp", exposes[1].Protocol.Data) + require.Equal(t, len(kase.expectedRunStruct), len(actualMqlDockerFileStage.Run.Data)) + for i, run := range actualMqlDockerFileStage.Run.Data { + actualRun := run.(*mqlDockerFileRun) + require.Equal(t, kase.expectedRunStruct[i].Data.Script.Data, actualRun.Script.Data) + } - add := s.Add.Data[0].(*mqlDockerFileAdd) - require.Equal(t, []interface{}{"/foo-add"}, add.Src.Data) - require.Equal(t, "/bar-add", add.Dst.Data) + require.Equal(t, len(kase.expectedAddStruct), len(actualMqlDockerFileStage.Add.Data)) + for i, cpy := range actualMqlDockerFileStage.Add.Data { + actualAdd := cpy.(*mqlDockerFileAdd) + require.Equal(t, kase.expectedAddStruct[i].Data.Src.Data, actualAdd.Src.Data) + require.Equal(t, kase.expectedAddStruct[i].Data.Dst.Data, actualAdd.Dst.Data) + } + + require.Equal(t, len(kase.expectedExposeStructArr), len(actualMqlDockerFileStage.Expose.Data)) + for i, expose := range actualMqlDockerFileStage.Expose.Data { + actualExpose := expose.(*mqlDockerFileExpose) + require.Equal(t, kase.expectedExposeStructArr[i].Data.Port.Data, actualExpose.Port.Data) + require.Equal(t, kase.expectedExposeStructArr[i].Data.Protocol.Data, actualExpose.Protocol.Data) + } + }) + } } diff --git a/providers/os/resources/os.lr b/providers/os/resources/os.lr index b37f4a53cf..62b366f6c0 100644 --- a/providers/os/resources/os.lr +++ b/providers/os/resources/os.lr @@ -782,6 +782,8 @@ docker.file.stage @defaults("from.name") { run []docker.file.run // CMD instructions in this Dockerfile cmd docker.file.run + // USER instruction in this Dockerfile + user docker.file.user // ENTRYPOINT instructions in this Dockerfile entrypoint docker.file.run // ADD instructions in this Dockerfile @@ -792,6 +794,14 @@ docker.file.stage @defaults("from.name") { expose []docker.file.expose } +// Dockerfile USER instructions +docker.file.user @defaults("user") { + // Set the user name or UID + user string + // Set the user group or GID (optional) + group string +} + // Dockerfile EXPOSE instruction docker.file.expose @defaults("port protocol") { // Port that is exposed @@ -1572,4 +1582,4 @@ windows.security.health { uac dict // Security Center service information securityCenterService dict -} \ No newline at end of file +} diff --git a/providers/os/resources/os.lr.go b/providers/os/resources/os.lr.go index 0294adc79a..4f3e4ed38e 100644 --- a/providers/os/resources/os.lr.go +++ b/providers/os/resources/os.lr.go @@ -254,6 +254,10 @@ func init() { // to override args, implement: initDockerFileStage(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) Create: createDockerFileStage, }, + "docker.file.user": { + // to override args, implement: initDockerFileUser(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) + Create: createDockerFileUser, + }, "docker.file.expose": { // to override args, implement: initDockerFileExpose(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) Create: createDockerFileExpose, @@ -1322,6 +1326,9 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{ "docker.file.stage.cmd": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlDockerFileStage).GetCmd()).ToDataRes(types.Resource("docker.file.run")) }, + "docker.file.stage.user": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlDockerFileStage).GetUser()).ToDataRes(types.Resource("docker.file.user")) + }, "docker.file.stage.entrypoint": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlDockerFileStage).GetEntrypoint()).ToDataRes(types.Resource("docker.file.run")) }, @@ -1334,6 +1341,12 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{ "docker.file.stage.expose": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlDockerFileStage).GetExpose()).ToDataRes(types.Array(types.Resource("docker.file.expose"))) }, + "docker.file.user.user": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlDockerFileUser).GetUser()).ToDataRes(types.String) + }, + "docker.file.user.group": func(r plugin.Resource) *plugin.DataRes { + return (r.(*mqlDockerFileUser).GetGroup()).ToDataRes(types.String) + }, "docker.file.expose.port": func(r plugin.Resource) *plugin.DataRes { return (r.(*mqlDockerFileExpose).GetPort()).ToDataRes(types.Int) }, @@ -3481,6 +3494,10 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool { r.(*mqlDockerFileStage).Cmd, ok = plugin.RawToTValue[*mqlDockerFileRun](v.Value, v.Error) return }, + "docker.file.stage.user": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlDockerFileStage).User, ok = plugin.RawToTValue[*mqlDockerFileUser](v.Value, v.Error) + return + }, "docker.file.stage.entrypoint": func(r plugin.Resource, v *llx.RawData) (ok bool) { r.(*mqlDockerFileStage).Entrypoint, ok = plugin.RawToTValue[*mqlDockerFileRun](v.Value, v.Error) return @@ -3497,6 +3514,18 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool { r.(*mqlDockerFileStage).Expose, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error) return }, + "docker.file.user.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlDockerFileUser).__id, ok = v.Value.(string) + return + }, + "docker.file.user.user": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlDockerFileUser).User, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, + "docker.file.user.group": func(r plugin.Resource, v *llx.RawData) (ok bool) { + r.(*mqlDockerFileUser).Group, ok = plugin.RawToTValue[string](v.Value, v.Error) + return + }, "docker.file.expose.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) { r.(*mqlDockerFileExpose).__id, ok = v.Value.(string) return @@ -9510,6 +9539,7 @@ type mqlDockerFileStage struct { Labels plugin.TValue[map[string]interface{}] Run plugin.TValue[[]interface{}] Cmd plugin.TValue[*mqlDockerFileRun] + User plugin.TValue[*mqlDockerFileUser] Entrypoint plugin.TValue[*mqlDockerFileRun] Add plugin.TValue[[]interface{}] Copy plugin.TValue[[]interface{}] @@ -9572,6 +9602,10 @@ func (c *mqlDockerFileStage) GetCmd() *plugin.TValue[*mqlDockerFileRun] { return &c.Cmd } +func (c *mqlDockerFileStage) GetUser() *plugin.TValue[*mqlDockerFileUser] { + return &c.User +} + func (c *mqlDockerFileStage) GetEntrypoint() *plugin.TValue[*mqlDockerFileRun] { return &c.Entrypoint } @@ -9588,6 +9622,55 @@ func (c *mqlDockerFileStage) GetExpose() *plugin.TValue[[]interface{}] { return &c.Expose } +// mqlDockerFileUser for the docker.file.user resource +type mqlDockerFileUser struct { + MqlRuntime *plugin.Runtime + __id string + // optional: if you define mqlDockerFileUserInternal it will be used here + User plugin.TValue[string] + Group plugin.TValue[string] +} + +// createDockerFileUser creates a new instance of this resource +func createDockerFileUser(runtime *plugin.Runtime, args map[string]*llx.RawData) (plugin.Resource, error) { + res := &mqlDockerFileUser{ + MqlRuntime: runtime, + } + + err := SetAllData(res, args) + if err != nil { + return res, err + } + + // to override __id implement: id() (string, error) + + if runtime.HasRecording { + args, err = runtime.ResourceFromRecording("docker.file.user", res.__id) + if err != nil || args == nil { + return res, err + } + return res, SetAllData(res, args) + } + + return res, nil +} + +func (c *mqlDockerFileUser) MqlName() string { + return "docker.file.user" +} + +func (c *mqlDockerFileUser) MqlID() string { + return c.__id +} + +func (c *mqlDockerFileUser) GetUser() *plugin.TValue[string] { + return &c.User +} + +func (c *mqlDockerFileUser) GetGroup() *plugin.TValue[string] { + return &c.Group +} + // mqlDockerFileExpose for the docker.file.expose resource type mqlDockerFileExpose struct { MqlRuntime *plugin.Runtime diff --git a/providers/os/resources/os.lr.manifest.yaml b/providers/os/resources/os.lr.manifest.yaml index 3a136054aa..668235fe6a 100644 --- a/providers/os/resources/os.lr.manifest.yaml +++ b/providers/os/resources/os.lr.manifest.yaml @@ -200,15 +200,20 @@ resources: expose: {} file: {} from: {} - labels: - min_mondoo_version: 9.0.0 + labels: {} run: {} + user: {} min_mondoo_version: 9.0.0 refs: - title: Dockerfile Reference url: https://docs.docker.com/reference/dockerfile/ - title: Multi-stage builds url: https://docs.docker.com/build/building/multi-stage/ + docker.file.user: + fields: + group: {} + user: {} + min_mondoo_version: 9.0.0 docker.image: fields: id: {} diff --git a/sbom/sbom.pb.go b/sbom/sbom.pb.go index 948bd502d6..3862b38087 100644 --- a/sbom/sbom.pb.go +++ b/sbom/sbom.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.33.0 +// protoc-gen-go v1.34.1 // protoc v5.26.1 // source: sbom.proto diff --git a/shared/proto/cnquery.pb.go b/shared/proto/cnquery.pb.go index 107df39e2c..778148167a 100644 --- a/shared/proto/cnquery.pb.go +++ b/shared/proto/cnquery.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.33.0 +// protoc-gen-go v1.34.1 // protoc v5.26.1 // source: cnquery.proto