From 33074cfab3e35f1387612e6b2bdd56189d3fcd78 Mon Sep 17 00:00:00 2001 From: simar7 <1254783+simar7@users.noreply.github.com> Date: Sun, 19 Mar 2023 06:46:06 -0700 Subject: [PATCH] chore(deps): Move compliance types to defsec (#3842) Signed-off-by: Simar --- go.mod | 20 +++++------ go.sum | 34 +++++++++--------- pkg/cloud/aws/commands/run_test.go | 8 +++-- pkg/compliance/report/report.go | 8 +++-- pkg/compliance/report/report_test.go | 12 ++++--- pkg/compliance/spec/compliance.go | 46 ++++-------------------- pkg/compliance/spec/compliance_test.go | 48 ++++++++++++++------------ pkg/flag/report_flags_test.go | 8 +++-- 8 files changed, 81 insertions(+), 103 deletions(-) diff --git a/go.mod b/go.mod index 0f24cccf1541..5bb9848c956e 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/NYTimes/gziphandler v1.1.1 github.com/alicebob/miniredis/v2 v2.23.0 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 - github.com/aquasecurity/defsec v0.84.0 + github.com/aquasecurity/defsec v0.84.1 github.com/aquasecurity/go-dep-parser v0.0.0-20230315140444-2c62bb5726f4 github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798 @@ -67,7 +67,7 @@ require ( github.com/masahiro331/go-vmdk-parser v0.0.0-20221225061455-612096e4bbbd github.com/masahiro331/go-xfs-filesystem v0.0.0-20221225060805-c02764233454 github.com/mitchellh/hashstructure/v2 v2.0.2 - github.com/moby/buildkit v0.10.4 + github.com/moby/buildkit v0.11.4 github.com/open-policy-agent/opa v0.44.1-0.20220927105354-00e835a7cc15 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.1.0-rc2 @@ -78,7 +78,7 @@ require ( github.com/secure-systems-lab/go-securesystemslib v0.4.0 github.com/sigstore/rekor v1.0.1 github.com/sosedoff/gitkit v0.3.0 - github.com/spdx/tools-golang v0.3.0 + github.com/spdx/tools-golang v0.3.1-0.20230104082527-d6f58551be3f github.com/spf13/cast v1.5.0 github.com/spf13/cobra v1.6.1 github.com/spf13/pflag v1.0.5 @@ -196,7 +196,7 @@ require ( github.com/containerd/cgroups v1.0.4 // indirect github.com/containerd/continuity v0.3.0 // indirect github.com/containerd/fifo v1.0.0 // indirect - github.com/containerd/stargz-snapshotter/estargz v0.12.1 // indirect + github.com/containerd/stargz-snapshotter/estargz v0.13.0 // indirect github.com/containerd/ttrpc v1.1.0 // indirect github.com/containerd/typeurl v1.0.2 // indirect github.com/cyphar/filepath-securejoin v0.2.3 // indirect @@ -204,7 +204,7 @@ require ( github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect github.com/dimchansky/utfbom v1.1.1 // indirect github.com/dlclark/regexp2 v1.4.0 // indirect - github.com/docker/cli v20.10.21+incompatible // indirect + github.com/docker/cli v23.0.0-rc.1+incompatible // indirect github.com/docker/distribution v2.8.1+incompatible // indirect github.com/docker/docker-credential-helpers v0.7.0 // indirect github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect @@ -236,7 +236,7 @@ require ( github.com/gofrs/uuid v4.0.0+incompatible // indirect github.com/gogo/googleapis v1.4.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang-jwt/jwt/v4 v4.2.0 // indirect + github.com/golang-jwt/jwt/v4 v4.4.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/google/btree v1.0.1 // indirect github.com/google/gnostic v0.5.7-v3refs // indirect @@ -265,7 +265,7 @@ require ( github.com/json-iterator/go v1.1.12 // indirect github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect - github.com/klauspost/compress v1.15.11 // indirect + github.com/klauspost/compress v1.15.12 // indirect github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect github.com/liamg/iamgo v0.0.9 // indirect @@ -289,9 +289,9 @@ require ( github.com/moby/locker v1.0.1 // indirect github.com/moby/patternmatcher v0.5.0 // indirect github.com/moby/spdystream v0.2.0 // indirect - github.com/moby/sys/mountinfo v0.6.0 // indirect + github.com/moby/sys/mountinfo v0.6.2 // indirect github.com/moby/sys/sequential v0.5.0 // indirect - github.com/moby/sys/signal v0.6.0 // indirect + github.com/moby/sys/signal v0.7.0 // indirect github.com/moby/term v0.0.0-20221205130635-1aeaba878587 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect @@ -302,7 +302,7 @@ require ( github.com/olekukonko/tablewriter v0.0.5 // indirect github.com/opencontainers/runc v1.1.3 // indirect github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 // indirect - github.com/opencontainers/selinux v1.10.1 // indirect + github.com/opencontainers/selinux v1.10.2 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect github.com/owenrumney/squealer v1.1.1 // indirect github.com/pelletier/go-toml/v2 v2.0.6 // indirect diff --git a/go.sum b/go.sum index 4ac976329eed..596f09c2e13e 100644 --- a/go.sum +++ b/go.sum @@ -312,8 +312,8 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30xLN2sUZcMXl50hg+PJCIDdJgIvIbVcKqLJ/ZrtM= github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8= -github.com/aquasecurity/defsec v0.84.0 h1:31HunilGj3xcgze5AqB7dtdiYwMXzXzDXEqYwx/OUhg= -github.com/aquasecurity/defsec v0.84.0/go.mod h1:qrD/P88T3puVWDAHM/daPfgvJaVzBprdmROxtRpCT4A= +github.com/aquasecurity/defsec v0.84.1 h1:YwhQprDEy4ZN/c7aDV57O5UkxOusHwtfeENI7wm4/L8= +github.com/aquasecurity/defsec v0.84.1/go.mod h1:AywB8D+RX4X8p2luSlz4ha3w9+q2kuTHtTvJLNxaYjI= github.com/aquasecurity/go-dep-parser v0.0.0-20230315140444-2c62bb5726f4 h1:L9ogxesMkRaH3ct2bn2whA6nEJU7ZUMcaKjGDU9TwX8= github.com/aquasecurity/go-dep-parser v0.0.0-20230315140444-2c62bb5726f4/go.mod h1:sG02b+zain+8EkcKAVnggE1X1+OrXRjkTzUmFNk7/Lc= github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM= @@ -624,8 +624,8 @@ github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oM github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= github.com/containerd/stargz-snapshotter/estargz v0.4.1/go.mod h1:x7Q9dg9QYb4+ELgxmo4gBUeJB0tl5dqH1Sdz0nJU1QM= github.com/containerd/stargz-snapshotter/estargz v0.7.0/go.mod h1:83VWDqHnurTKliEB0YvWMiCfLDwv4Cjj1X9Vk98GJZw= -github.com/containerd/stargz-snapshotter/estargz v0.12.1 h1:+7nYmHJb0tEkcRaAW+MHqoKaJYZmkikupxCqVtmPuY0= -github.com/containerd/stargz-snapshotter/estargz v0.12.1/go.mod h1:12VUuCq3qPq4y8yUW+l5w3+oXV3cx2Po3KSe/SmPGqw= +github.com/containerd/stargz-snapshotter/estargz v0.13.0 h1:fD7AwuVV+B40p0d9qVkH/Au1qhp8hn/HWJHIYjpEcfw= +github.com/containerd/stargz-snapshotter/estargz v0.13.0/go.mod h1:m+9VaGJGlhCnrcEUod8mYumTmRgblwd3rC5UCEh2Yp0= github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c/go.mod h1:LPm1u0xBw8r8NOKoOdNMeVHSawSsltak+Ihv+etqsE8= @@ -701,8 +701,8 @@ github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55k github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/cli v20.10.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/cli v20.10.21+incompatible h1:qVkgyYUnOLQ98LtXBrwd/duVqPT2X4SHndOuGsfwyhU= -github.com/docker/cli v20.10.21+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v23.0.0-rc.1+incompatible h1:Vl3pcUK4/LFAD56Ys3BrqgAtuwpWd/IO3amuSL0ZbP0= +github.com/docker/cli v23.0.0-rc.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY= github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= @@ -926,8 +926,9 @@ github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= -github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU= github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= +github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQAYs= +github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ= @@ -1186,8 +1187,9 @@ github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdY github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.13.0/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= -github.com/klauspost/compress v1.15.11 h1:Lcadnb3RKGin4FYM/orgq0qde+nc15E5Cbqg4B9Sx9c= github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= +github.com/klauspost/compress v1.15.12 h1:YClS/PImqYbn+UILDnqxQCZ3RehC9N318SU3kElDUEM= +github.com/klauspost/compress v1.15.12/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f h1:GvCU5GXhHq+7LeOzx/haG7HSIZokl3/0GkoUFzsRJjg= github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f/go.mod h1:q59u9px8b7UTj0nIjEjvmTWekazka6xIt6Uogz5Dm+8= github.com/knqyf263/go-deb-version v0.0.0-20230223133812-3ed183d23422 h1:PPPlUUqPP6fLudIK4n0l0VU4KT2cQGnheW9x8pNiCHI= @@ -1338,8 +1340,8 @@ github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQ github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/moby/buildkit v0.10.4 h1:FvC+buO8isGpUFZ1abdSLdGHZVqg9sqI4BbFL8tlzP4= -github.com/moby/buildkit v0.10.4/go.mod h1:Yajz9vt1Zw5q9Pp4pdb3TCSUXJBIroIQGQ3TTs/sLug= +github.com/moby/buildkit v0.11.4 h1:mleVHr+n7HUD65QNUkgkT3d8muTzhYUoHE9FM3Ej05s= +github.com/moby/buildkit v0.11.4/go.mod h1:P5Qi041LvCfhkfYBHry+Rwoo3Wi6H971J2ggE+PcIoo= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo= @@ -1349,12 +1351,12 @@ github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0Gq github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= -github.com/moby/sys/mountinfo v0.6.0 h1:gUDhXQx58YNrpHlK4nSL+7y2pxFZkUcXqzFDKWdC0Oo= -github.com/moby/sys/mountinfo v0.6.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= +github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= +github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc= github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo= -github.com/moby/sys/signal v0.6.0 h1:aDpY94H8VlhTGa9sNYUFCFsMZIUh5wm0B6XkIoJj/iY= -github.com/moby/sys/signal v0.6.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg= +github.com/moby/sys/signal v0.7.0 h1:25RW3d5TnQEoKvRbEKUGay6DCQ46IxAVTT9CUMgmsSI= +github.com/moby/sys/signal v0.7.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg= github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ= github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo= github.com/moby/term v0.0.0-20221205130635-1aeaba878587 h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA= @@ -1438,8 +1440,8 @@ github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqi github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo= github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8= github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= -github.com/opencontainers/selinux v1.10.1 h1:09LIPVRP3uuZGQvgR+SgMSNBd1Eb3vlRbGqQpoHsF8w= -github.com/opencontainers/selinux v1.10.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= +github.com/opencontainers/selinux v1.10.2 h1:NFy2xCsjn7+WspbfZkUd5zyVeisV7VFbPSP96+8/ha4= +github.com/opencontainers/selinux v1.10.2/go.mod h1:cARutUbaUrlRClyvxOICCgKixCs6L05aUsohzA3EkHQ= github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= diff --git a/pkg/cloud/aws/commands/run_test.go b/pkg/cloud/aws/commands/run_test.go index b5a81ef9a995..738be63ecd78 100644 --- a/pkg/cloud/aws/commands/run_test.go +++ b/pkg/cloud/aws/commands/run_test.go @@ -8,6 +8,8 @@ import ( "testing" "time" + defsecTypes "github.com/aquasecurity/defsec/pkg/types" + dbTypes "github.com/aquasecurity/trivy-db/pkg/types" "github.com/aquasecurity/trivy/pkg/compliance/spec" "github.com/aquasecurity/trivy/pkg/flag" @@ -649,18 +651,18 @@ deny[res] { }, ReportOptions: flag.ReportOptions{ Compliance: spec.ComplianceSpec{ - Spec: spec.Spec{ + Spec: defsecTypes.Spec{ // TODO: refactor defsec so that the parsed spec can be passed ID: "@testdata/example-spec.yaml", Title: "my-custom-spec", Description: "My fancy spec", Version: "1.2", - Controls: []spec.Control{ + Controls: []defsecTypes.Control{ { ID: "1.1", Name: "Unencrypted S3 bucket", Description: "S3 Buckets should be encrypted to protect the data that is stored within them if access is compromised.", - Checks: []spec.SpecCheck{ + Checks: []defsecTypes.SpecCheck{ {ID: "AVD-AWS-0088"}, }, Severity: "HIGH", diff --git a/pkg/compliance/report/report.go b/pkg/compliance/report/report.go index 185182c32acb..09c2090591b7 100644 --- a/pkg/compliance/report/report.go +++ b/pkg/compliance/report/report.go @@ -3,6 +3,8 @@ package report import ( "io" + defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "golang.org/x/xerrors" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" @@ -40,7 +42,7 @@ type ControlCheckResult struct { ID string Name string Description string - DefaultStatus spec.ControlStatus `json:",omitempty"` + DefaultStatus defsecTypes.ControlStatus `json:",omitempty"` Severity string Results types.Results } @@ -94,7 +96,7 @@ func (r ComplianceReport) empty() bool { } // buildControlCheckResults create compliance results data -func buildControlCheckResults(checksMap map[string]types.Results, controls []spec.Control) []*ControlCheckResult { +func buildControlCheckResults(checksMap map[string]types.Results, controls []defsecTypes.Control) []*ControlCheckResult { complianceResults := make([]*ControlCheckResult, 0) for _, control := range controls { var results types.Results @@ -114,7 +116,7 @@ func buildControlCheckResults(checksMap map[string]types.Results, controls []spe } // buildComplianceReportResults create compliance results data -func buildComplianceReportResults(checksMap map[string]types.Results, spec spec.Spec) *ComplianceReport { +func buildComplianceReportResults(checksMap map[string]types.Results, spec defsecTypes.Spec) *ComplianceReport { controlCheckResult := buildControlCheckResults(checksMap, spec.Controls) return &ComplianceReport{ ID: spec.ID, diff --git a/pkg/compliance/report/report_test.go b/pkg/compliance/report/report_test.go index b1b4cc9b6afa..cbb33fd1d186 100644 --- a/pkg/compliance/report/report_test.go +++ b/pkg/compliance/report/report_test.go @@ -4,6 +4,8 @@ import ( "fmt" "testing" + defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/stretchr/testify/assert" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" @@ -97,7 +99,7 @@ func TestBuildComplianceReport(t *testing.T) { }, }, cs: spec.ComplianceSpec{ - Spec: spec.Spec{ + Spec: defsecTypes.Spec{ ID: "1234", Title: "NSA", Description: "National Security Agency - Kubernetes Hardening Guidance", @@ -105,13 +107,13 @@ func TestBuildComplianceReport(t *testing.T) { RelatedResources: []string{ "https://example.com", }, - Controls: []spec.Control{ + Controls: []defsecTypes.Control{ { ID: "1.0", Name: "Non-root containers", Description: "Check that container is not running as root", Severity: "MEDIUM", - Checks: []spec.SpecCheck{ + Checks: []defsecTypes.SpecCheck{ {ID: "AVD-KSV-0001"}, }, }, @@ -120,7 +122,7 @@ func TestBuildComplianceReport(t *testing.T) { Name: "Immutable container file systems", Description: "Check that container root file system is immutable", Severity: "LOW", - Checks: []spec.SpecCheck{ + Checks: []defsecTypes.SpecCheck{ {ID: "AVD-KSV-0002"}, }, }, @@ -129,7 +131,7 @@ func TestBuildComplianceReport(t *testing.T) { Name: "tzdata - new upstream version", Description: "Bad tzdata package", Severity: "CRITICAL", - Checks: []spec.SpecCheck{ + Checks: []defsecTypes.SpecCheck{ {ID: "DLA-2424-1"}, }, }, diff --git a/pkg/compliance/spec/compliance.go b/pkg/compliance/spec/compliance.go index 63a94021790f..e715d65346d2 100644 --- a/pkg/compliance/spec/compliance.go +++ b/pkg/compliance/spec/compliance.go @@ -5,6 +5,8 @@ import ( "os" "strings" + defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "golang.org/x/exp/maps" "golang.org/x/xerrors" "gopkg.in/yaml.v3" @@ -17,49 +19,13 @@ type Severity string // ComplianceSpec represent the compliance specification type ComplianceSpec struct { - Spec Spec `yaml:"spec"` -} - -type Spec struct { - ID string `yaml:"id"` - Title string `yaml:"title"` - Description string `yaml:"description"` - Version string `yaml:"version"` - RelatedResources []string `yaml:"relatedResources"` - Controls []Control `yaml:"controls"` -} - -// Control represent the cps controls data and mapping checks -type Control struct { - ID string `yaml:"id"` - Name string `yaml:"name"` - Description string `yaml:"description,omitempty"` - Checks []SpecCheck `yaml:"checks"` - Severity Severity `yaml:"severity"` - DefaultStatus ControlStatus `yaml:"defaultStatus,omitempty"` + Spec defsecTypes.Spec `yaml:"spec"` } -// SpecCheck represent the scanner who perform the control check -type SpecCheck struct { - ID string `yaml:"id"` -} - -// ControlCheck provides the result of conducting a single audit step. -type ControlCheck struct { - ID string `yaml:"id"` - Name string `yaml:"name"` - Description string `yaml:"description,omitempty"` - PassTotal int `yaml:"passTotal"` - FailTotal int `yaml:"failTotal"` - Severity Severity `yaml:"severity"` -} - -type ControlStatus string - const ( - FailStatus ControlStatus = "FAIL" - PassStatus ControlStatus = "PASS" - WarnStatus ControlStatus = "WARN" + FailStatus defsecTypes.ControlStatus = "FAIL" + PassStatus defsecTypes.ControlStatus = "PASS" + WarnStatus defsecTypes.ControlStatus = "WARN" ) // Scanners reads spec control and determines the scanners by check ID prefix diff --git a/pkg/compliance/spec/compliance_test.go b/pkg/compliance/spec/compliance_test.go index 44c256e00897..23914251df51 100644 --- a/pkg/compliance/spec/compliance_test.go +++ b/pkg/compliance/spec/compliance_test.go @@ -5,6 +5,8 @@ import ( "sort" "testing" + defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/stretchr/testify/assert" "github.com/aquasecurity/trivy/pkg/compliance/spec" @@ -14,13 +16,13 @@ import ( func TestComplianceSpec_Scanners(t *testing.T) { tests := []struct { name string - spec spec.Spec + spec defsecTypes.Spec want types.Scanners wantErr assert.ErrorAssertionFunc }{ { name: "get config scanner type by check id prefix", - spec: spec.Spec{ + spec: defsecTypes.Spec{ ID: "1234", Title: "NSA", Description: "National Security Agency - Kubernetes Hardening Guidance", @@ -28,12 +30,12 @@ func TestComplianceSpec_Scanners(t *testing.T) { "https://example.com", }, Version: "1.0", - Controls: []spec.Control{ + Controls: []defsecTypes.Control{ { Name: "Non-root containers", Description: "Check that container is not running as root", ID: "1.0", - Checks: []spec.SpecCheck{ + Checks: []defsecTypes.SpecCheck{ {ID: "AVD-KSV012"}, }, }, @@ -41,7 +43,7 @@ func TestComplianceSpec_Scanners(t *testing.T) { Name: "Check that encryption resource has been set", Description: "Control checks whether encryption resource has been set", ID: "1.1", - Checks: []spec.SpecCheck{ + Checks: []defsecTypes.SpecCheck{ {ID: "AVD-1.2.31"}, {ID: "AVD-1.2.32"}, }, @@ -53,7 +55,7 @@ func TestComplianceSpec_Scanners(t *testing.T) { }, { name: "get config and vuln scanners types by check id prefix", - spec: spec.Spec{ + spec: defsecTypes.Spec{ ID: "1234", Title: "NSA", Description: "National Security Agency - Kubernetes Hardening Guidance", @@ -61,12 +63,12 @@ func TestComplianceSpec_Scanners(t *testing.T) { "https://example.com", }, Version: "1.0", - Controls: []spec.Control{ + Controls: []defsecTypes.Control{ { Name: "Non-root containers", Description: "Check that container is not running as root", ID: "1.0", - Checks: []spec.SpecCheck{ + Checks: []defsecTypes.SpecCheck{ {ID: "AVD-KSV012"}, }, }, @@ -74,7 +76,7 @@ func TestComplianceSpec_Scanners(t *testing.T) { Name: "Check that encryption resource has been set", Description: "Control checks whether encryption resource has been set", ID: "1.1", - Checks: []spec.SpecCheck{ + Checks: []defsecTypes.SpecCheck{ {ID: "AVD-1.2.31"}, {ID: "AVD-1.2.32"}, }, @@ -83,7 +85,7 @@ func TestComplianceSpec_Scanners(t *testing.T) { Name: "Ensure no critical vulnerabilities", Description: "Control checks whether critical vulnerabilities are not found", ID: "7.0", - Checks: []spec.SpecCheck{ + Checks: []defsecTypes.SpecCheck{ {ID: "CVE-9999-9999"}, }, }, @@ -97,7 +99,7 @@ func TestComplianceSpec_Scanners(t *testing.T) { }, { name: "unknown prefix", - spec: spec.Spec{ + spec: defsecTypes.Spec{ ID: "1234", Title: "NSA", Description: "National Security Agency - Kubernetes Hardening Guidance", @@ -105,11 +107,11 @@ func TestComplianceSpec_Scanners(t *testing.T) { "https://example.com", }, Version: "1.0", - Controls: []spec.Control{ + Controls: []defsecTypes.Control{ { Name: "Unknown", ID: "1.0", - Checks: []spec.SpecCheck{ + Checks: []defsecTypes.SpecCheck{ {ID: "UNKNOWN-001"}, }, }, @@ -138,12 +140,12 @@ func TestComplianceSpec_Scanners(t *testing.T) { func TestComplianceSpec_CheckIDs(t *testing.T) { tests := []struct { name string - spec spec.Spec + spec defsecTypes.Spec want map[types.Scanner][]string }{ { name: "get config scanner type by check id prefix", - spec: spec.Spec{ + spec: defsecTypes.Spec{ ID: "1234", Title: "NSA", Description: "National Security Agency - Kubernetes Hardening Guidance", @@ -151,12 +153,12 @@ func TestComplianceSpec_CheckIDs(t *testing.T) { "https://example.com", }, Version: "1.0", - Controls: []spec.Control{ + Controls: []defsecTypes.Control{ { Name: "Non-root containers", Description: "Check that container is not running as root", ID: "1.0", - Checks: []spec.SpecCheck{ + Checks: []defsecTypes.SpecCheck{ {ID: "AVD-KSV012"}, }, }, @@ -164,7 +166,7 @@ func TestComplianceSpec_CheckIDs(t *testing.T) { Name: "Check that encryption resource has been set", Description: "Control checks whether encryption resource has been set", ID: "1.1", - Checks: []spec.SpecCheck{ + Checks: []defsecTypes.SpecCheck{ {ID: "AVD-1.2.31"}, {ID: "AVD-1.2.32"}, }, @@ -181,7 +183,7 @@ func TestComplianceSpec_CheckIDs(t *testing.T) { }, { name: "get config and vuln scanners types by check id prefix", - spec: spec.Spec{ + spec: defsecTypes.Spec{ ID: "1234", Title: "NSA", Description: "National Security Agency - Kubernetes Hardening Guidance", @@ -189,12 +191,12 @@ func TestComplianceSpec_CheckIDs(t *testing.T) { "https://example.com", }, Version: "1.0", - Controls: []spec.Control{ + Controls: []defsecTypes.Control{ { Name: "Non-root containers", Description: "Check that container is not running as root", ID: "1.0", - Checks: []spec.SpecCheck{ + Checks: []defsecTypes.SpecCheck{ {ID: "AVD-KSV012"}, }, }, @@ -202,7 +204,7 @@ func TestComplianceSpec_CheckIDs(t *testing.T) { Name: "Check that encryption resource has been set", Description: "Control checks whether encryption resource has been set", ID: "1.1", - Checks: []spec.SpecCheck{ + Checks: []defsecTypes.SpecCheck{ {ID: "AVD-1.2.31"}, {ID: "AVD-1.2.32"}, }, @@ -211,7 +213,7 @@ func TestComplianceSpec_CheckIDs(t *testing.T) { Name: "Ensure no critical vulnerabilities", Description: "Control checks whether critical vulnerabilities are not found", ID: "7.0", - Checks: []spec.SpecCheck{ + Checks: []defsecTypes.SpecCheck{ {ID: "CVE-9999-9999"}, }, }, diff --git a/pkg/flag/report_flags_test.go b/pkg/flag/report_flags_test.go index 17397f453da9..e2fbab4ab984 100644 --- a/pkg/flag/report_flags_test.go +++ b/pkg/flag/report_flags_test.go @@ -4,6 +4,8 @@ import ( "os" "testing" + defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/spf13/viper" "github.com/stretchr/testify/assert" "go.uber.org/zap" @@ -182,17 +184,17 @@ func TestReportFlagGroup_ToOptions(t *testing.T) { want: flag.ReportOptions{ Output: os.Stdout, Compliance: spec.ComplianceSpec{ - Spec: spec.Spec{ + Spec: defsecTypes.Spec{ ID: "0001", Title: "my-custom-spec", Description: "My fancy spec", Version: "1.2", - Controls: []spec.Control{ + Controls: []defsecTypes.Control{ { ID: "1.1", Name: "Unencrypted S3 bucket", Description: "S3 Buckets should be encrypted to protect the data that is stored within them if access is compromised.", - Checks: []spec.SpecCheck{ + Checks: []defsecTypes.SpecCheck{ {ID: "AVD-AWS-0088"}, }, Severity: "HIGH",