Merge branch 'master' into liamg-aws-cis-1.4

aquasecurity · Aug 24, 2022 · 35dc630 · 35dc630
2 parents 9b37b97 + 1e5198e
commit 35dc630
Show file tree

Hide file tree

Showing 707 changed files with 8,677 additions and 7,408 deletions.
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -2,7 +2,7 @@
 name: Bug report
 about: Create a report to help us improve
 title: 'bug: '
-labels: bug
+labels: ["bug", "needs-triage"]
 assignees: ''
 ---
 **Describe the bug**

diff --git a/Makefile b/Makefile
@@ -45,9 +45,10 @@ id:
 
 .PHONY: update-aws-deps
 update-aws-deps:
-	@grep aws-sdk-go-v2 go.mod | grep -v '// indirect' | awk '{print $1}' | xargs -I {} go get {}
+	@grep aws-sdk-go-v2 go.mod | grep -v '// indirect' | sed 's/^[\t\s]*//g' | sed 's/\s.*//g' | xargs go get
 	@go mod tidy
 
 .PHONY: adapter-lint
 adapter-lint:
 	go run ./cmd/adapter-lint/main.go ./internal/adapters/...
+	go run ./cmd/adapter-lint/main.go ./pkg/providers/...
diff --git a/avd_docs/aws/ec2/AVD-AWS-0164/CloudFormation.md b/avd_docs/aws/ec2/AVD-AWS-0164/CloudFormation.md
@@ -0,0 +1,14 @@
+
+Set the instance to not be publicly accessible
+
+```yaml
+---
+Resources:
+  GoodExample:
+    Properties:
+      VpcId: vpc-123456
+    Type: AWS::EC2::Subnet
+
+```
+
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0164/Terraform.md b/avd_docs/aws/ec2/AVD-AWS-0164/Terraform.md
@@ -0,0 +1,14 @@
+
+Set the instance to not be publicly accessible
+
+```hcl
+ resource "aws_subnet" "good_example" {
+	vpc_id                  = "vpc-123456"
+	map_public_ip_on_launch = false
+ }
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet#map_public_ip_on_launch
+
diff --git a/avd_docs/aws/ec2/AVD-AWS-0164/docs.md b/avd_docs/aws/ec2/AVD-AWS-0164/docs.md
@@ -0,0 +1,13 @@
+
+You should limit the provision of public IP addresses for resources. Resources should not be exposed on the public internet, but should have access limited to consumers required for the function of your application.
+
+### Impact
+The instance is publicly accessible
+
+<!-- DO NOT CHANGE -->
+{{ remediationActions }}
+
+### Links
+- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html#concepts-public-addresses
+
+
diff --git a/avd_docs/github/branch_protections/AVD-GIT-0004/Terraform.md b/avd_docs/github/branch_protections/AVD-GIT-0004/Terraform.md
@@ -0,0 +1,14 @@
+
+Require signed commits for a repository
+
+```hcl
+resource "github_branch_protection" "good_example" {
+  repository_id = "example"
+  pattern       = "main"
+
+  require_signed_commits = true
+}
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/integrations/github/latest/docs/resources/branch_protection#require_signed_commits
diff --git a/avd_docs/github/branch_protections/AVD-GIT-0004/docs.md b/avd_docs/github/branch_protections/AVD-GIT-0004/docs.md
@@ -0,0 +1,19 @@
+
+GitHub branch protection should be set to require signed commits.
+
+You can do this by setting the <code>require_signed_commits</code> attribute to 'true'.
+
+### Impact
+Commits may not be verified and signed as coming from a trusted developer
+
+<!-- DO NOT CHANGE -->
+{{ remediationActions }}
+
+### Links
+- https://registry.terraform.io/providers/integrations/github/latest/docs/resources/branch_protection#require_signed_commits
+
+- https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification
+
+- https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches#require-signed-commits
+
+
diff --git a/cmd/defsec/main.go b/cmd/defsec/main.go
@@ -35,14 +35,6 @@ func main() {
 		panic(err)
 	}
 
-	// Execute the API scanners //TODO do we even want this here?
-	apiScanResults, err := s.Scan(context.TODO())
-	if err != nil {
-		panic(err)
-	}
-
-	results = append(results, apiScanResults...)
-
 	if err := formatters.New().WithBaseDir(abs).AsSARIF().Build().Output(results); err != nil {
 		panic(err)
 	}

diff --git a/go.mod b/go.mod
@@ -8,43 +8,44 @@ require (
 	github.com/alecthomas/chroma v0.10.0
 	github.com/apparentlymart/go-cidr v1.1.0
 	github.com/aquasecurity/go-mock-aws v0.0.0-20220726154943-99847deb62b0
-	github.com/aws/aws-sdk-go-v2 v1.16.8
-	github.com/aws/aws-sdk-go-v2/config v1.15.15
-	github.com/aws/aws-sdk-go-v2/credentials v1.12.10
-	github.com/aws/aws-sdk-go-v2/service/apigateway v1.15.11
-	github.com/aws/aws-sdk-go-v2/service/apigatewayv2 v1.12.9
-	github.com/aws/aws-sdk-go-v2/service/athena v1.18.1
-	github.com/aws/aws-sdk-go-v2/service/cloudfront v1.18.5
-	github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.16.5
-	github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.19.1
-	github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.15.11
-	github.com/aws/aws-sdk-go-v2/service/codebuild v1.19.9
-	github.com/aws/aws-sdk-go-v2/service/docdb v1.19.1
-	github.com/aws/aws-sdk-go-v2/service/dynamodb v1.15.10
-	github.com/aws/aws-sdk-go-v2/service/ec2 v1.51.1
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.17.9
-	github.com/aws/aws-sdk-go-v2/service/ecs v1.18.12
-	github.com/aws/aws-sdk-go-v2/service/efs v1.17.7
-	github.com/aws/aws-sdk-go-v2/service/eks v1.21.5
-	github.com/aws/aws-sdk-go-v2/service/elasticache v1.22.1
-	github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.18.9
-	github.com/aws/aws-sdk-go-v2/service/elasticsearchservice v1.16.1
-	github.com/aws/aws-sdk-go-v2/service/emr v1.20.2
-	github.com/aws/aws-sdk-go-v2/service/iam v1.18.10
-	github.com/aws/aws-sdk-go-v2/service/kafka v1.17.10
-	github.com/aws/aws-sdk-go-v2/service/kinesis v1.15.10
-	github.com/aws/aws-sdk-go-v2/service/kms v1.18.1
-	github.com/aws/aws-sdk-go-v2/service/lambda v1.23.5
-	github.com/aws/aws-sdk-go-v2/service/mq v1.13.5
-	github.com/aws/aws-sdk-go-v2/service/neptune v1.17.3
-	github.com/aws/aws-sdk-go-v2/service/rds v1.23.2
-	github.com/aws/aws-sdk-go-v2/service/redshift v1.26.1
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.27.2
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.15.14
-	github.com/aws/aws-sdk-go-v2/service/sns v1.17.10
-	github.com/aws/aws-sdk-go-v2/service/sqs v1.19.1
-	github.com/aws/aws-sdk-go-v2/service/sts v1.16.10
-	github.com/aws/aws-sdk-go-v2/service/workspaces v1.22.0
+	github.com/aws/aws-sdk-go v1.44.77
+	github.com/aws/aws-sdk-go-v2 v1.16.11
+	github.com/aws/aws-sdk-go-v2/config v1.17.0
+	github.com/aws/aws-sdk-go-v2/credentials v1.12.13
+	github.com/aws/aws-sdk-go-v2/service/apigateway v1.15.14
+	github.com/aws/aws-sdk-go-v2/service/apigatewayv2 v1.12.12
+	github.com/aws/aws-sdk-go-v2/service/athena v1.18.4
+	github.com/aws/aws-sdk-go-v2/service/cloudfront v1.18.8
+	github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.16.8
+	github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.20.1
+	github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.15.14
+	github.com/aws/aws-sdk-go-v2/service/codebuild v1.19.12
+	github.com/aws/aws-sdk-go-v2/service/docdb v1.19.4
+	github.com/aws/aws-sdk-go-v2/service/dynamodb v1.15.13
+	github.com/aws/aws-sdk-go-v2/service/ec2 v1.52.1
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.17.12
+	github.com/aws/aws-sdk-go-v2/service/ecs v1.18.15
+	github.com/aws/aws-sdk-go-v2/service/efs v1.17.10
+	github.com/aws/aws-sdk-go-v2/service/eks v1.21.8
+	github.com/aws/aws-sdk-go-v2/service/elasticache v1.22.4
+	github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.18.12
+	github.com/aws/aws-sdk-go-v2/service/elasticsearchservice v1.16.4
+	github.com/aws/aws-sdk-go-v2/service/emr v1.20.5
+	github.com/aws/aws-sdk-go-v2/service/iam v1.18.13
+	github.com/aws/aws-sdk-go-v2/service/kafka v1.17.13
+	github.com/aws/aws-sdk-go-v2/service/kinesis v1.15.13
+	github.com/aws/aws-sdk-go-v2/service/kms v1.18.4
+	github.com/aws/aws-sdk-go-v2/service/lambda v1.23.8
+	github.com/aws/aws-sdk-go-v2/service/mq v1.13.8
+	github.com/aws/aws-sdk-go-v2/service/neptune v1.17.6
+	github.com/aws/aws-sdk-go-v2/service/rds v1.23.6
+	github.com/aws/aws-sdk-go-v2/service/redshift v1.26.4
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.27.5
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.15.17
+	github.com/aws/aws-sdk-go-v2/service/sns v1.17.13
+	github.com/aws/aws-sdk-go-v2/service/sqs v1.19.4
+	github.com/aws/aws-sdk-go-v2/service/sts v1.16.13
+	github.com/aws/aws-sdk-go-v2/service/workspaces v1.22.3
 	github.com/bmatcuk/doublestar v1.3.4
 	github.com/google/uuid v1.3.0
 	github.com/hashicorp/go-getter v1.6.2
@@ -57,18 +58,18 @@ require (
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/moby/buildkit v0.10.3
 	github.com/olekukonko/tablewriter v0.0.5
-	github.com/open-policy-agent/opa v0.41.0
+	github.com/open-policy-agent/opa v0.43.0
 	github.com/owenrumney/go-sarif/v2 v2.1.2
 	github.com/owenrumney/squealer v1.0.1-0.20220510063705-c0be93f0edea
 	github.com/sirupsen/logrus v1.9.0
 	github.com/stretchr/testify v1.8.0
 	github.com/zclconf/go-cty v1.10.0
 	github.com/zclconf/go-cty-yaml v1.0.2
-	golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167
+	golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e
 	golang.org/x/text v0.3.7
-	golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717
+	golang.org/x/tools v0.1.10
 	gopkg.in/yaml.v3 v3.0.1
-	helm.sh/helm/v3 v3.9.0
+	helm.sh/helm/v3 v3.9.3
 )
 
 require (
@@ -79,7 +80,7 @@ require (
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.1.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
-	github.com/Masterminds/squirrel v1.5.2 // indirect
+	github.com/Masterminds/squirrel v1.5.3 // indirect
 	github.com/Microsoft/go-winio v0.5.2 // indirect
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 // indirect
@@ -90,37 +91,36 @@ require (
 	github.com/agnivade/levenshtein v1.0.1 // indirect
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect
-	github.com/aws/aws-sdk-go v1.44.48 // indirect
-	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.3 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.9 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.15 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.9 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.16 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.10 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.9 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.9 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.9 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.11.13 // indirect
-	github.com/aws/smithy-go v1.12.0 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.4 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.12 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.18 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.12 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.19 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.9 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.13 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.13.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.11.16 // indirect
+	github.com/aws/smithy-go v1.12.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5 // indirect
-	github.com/containerd/containerd v1.6.4 // indirect
+	github.com/containerd/containerd v1.6.6 // indirect
 	github.com/containerd/typeurl v1.0.2 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.3 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dlclark/regexp2 v1.4.0 // indirect
-	github.com/docker/cli v20.10.13+incompatible // indirect
+	github.com/docker/cli v20.10.17+incompatible // indirect
 	github.com/docker/distribution v2.8.1+incompatible // indirect
 	github.com/docker/docker v20.10.17+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.6.4 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.4.0 // indirect
-	github.com/emicklei/go-restful v2.9.5+incompatible // indirect
+	github.com/emicklei/go-restful/v3 v3.8.0 // indirect
 	github.com/emirpasic/gods v1.12.0 // indirect
 	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
@@ -156,7 +156,7 @@ require (
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
-	github.com/jmoiron/sqlx v1.3.4 // indirect
+	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 // indirect
@@ -165,7 +165,7 @@ require (
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
-	github.com/lib/pq v1.10.4 // indirect
+	github.com/lib/pq v1.10.6 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/mailru/easyjson v0.7.6 // indirect
 	github.com/mattn/go-colorable v0.1.12 // indirect
@@ -184,13 +184,12 @@ require (
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/onsi/gomega v1.18.1 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_golang v1.12.1 // indirect
+	github.com/prometheus/client_golang v1.12.2 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect
 	github.com/prometheus/common v0.32.1 // indirect
 	github.com/prometheus/procfs v0.7.3 // indirect
@@ -200,10 +199,10 @@ require (
 	github.com/sergi/go-diff v1.1.0 // indirect
 	github.com/shopspring/decimal v1.2.0 // indirect
 	github.com/spf13/cast v1.4.1 // indirect
-	github.com/spf13/cobra v1.4.0 // indirect
+	github.com/spf13/cobra v1.5.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/ulikunitz/xz v0.5.8 // indirect
-	github.com/vektah/gqlparser/v2 v2.4.4 // indirect
+	github.com/vektah/gqlparser/v2 v2.4.6 // indirect
 	github.com/xanzy/ssh-agent v0.3.0 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
@@ -215,31 +214,31 @@ require (
 	golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect
 	golang.org/x/net v0.0.0-20220412020605-290c469a71a5 // indirect
 	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
-	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
+	golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f // indirect
 	golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 // indirect
 	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
 	golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect
 	golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f // indirect
 	google.golang.org/api v0.62.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368 // indirect
-	google.golang.org/grpc v1.47.0 // indirect
+	google.golang.org/grpc v1.48.0 // indirect
 	google.golang.org/protobuf v1.28.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	k8s.io/api v0.24.0 // indirect
-	k8s.io/apiextensions-apiserver v0.24.0 // indirect
-	k8s.io/apimachinery v0.24.0 // indirect
-	k8s.io/apiserver v0.24.0 // indirect
-	k8s.io/cli-runtime v0.24.0 // indirect
-	k8s.io/client-go v0.24.0 // indirect
-	k8s.io/component-base v0.24.0 // indirect
+	k8s.io/api v0.24.2 // indirect
+	k8s.io/apiextensions-apiserver v0.24.2 // indirect
+	k8s.io/apimachinery v0.24.2 // indirect
+	k8s.io/apiserver v0.24.2 // indirect
+	k8s.io/cli-runtime v0.24.2 // indirect
+	k8s.io/client-go v0.24.2 // indirect
+	k8s.io/component-base v0.24.2 // indirect
 	k8s.io/klog/v2 v2.60.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42 // indirect
-	k8s.io/kubectl v0.24.0 // indirect
+	k8s.io/kube-openapi v0.0.0-20220627174259-011e075b9cb8 // indirect
+	k8s.io/kubectl v0.24.2 // indirect
 	k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect
-	oras.land/oras-go v1.1.1 // indirect
+	oras.land/oras-go v1.2.0 // indirect
 	sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
 	sigs.k8s.io/kustomize/api v0.11.4 // indirect
 	sigs.k8s.io/kustomize/kyaml v0.13.6 // indirect
@@ -250,4 +249,6 @@ require (
 // See https://github.com/moby/moby/issues/42939#issuecomment-1114255529
 replace github.com/docker/docker => github.com/docker/docker v20.10.3-0.20220224222438-c78f6963a1c0+incompatible
 
+replace oras.land/oras-go => oras.land/oras-go v1.1.1
+
 replace github.com/elgohr/go-localstack => github.com/aquasecurity/go-localstack v0.0.0-20220706080605-1ec0e9b8753c