diff --git a/cmd/mcpserver/mcpserver.go b/cmd/mcpserver/mcpserver.go index 7f77d0c0..17c98eb3 100644 --- a/cmd/mcpserver/mcpserver.go +++ b/cmd/mcpserver/mcpserver.go @@ -233,9 +233,10 @@ func (ksServer *KubescapeMcpserver) CallTool(name string, arguments map[string]i // Get workload-level manifests labelSelector := "" - if level == "workload" { + switch level { + case "workload": labelSelector = "kubescape.io/context=filtered" - } else if level == "image" { + case "image": labelSelector = "kubescape.io/context=non-filtered" } @@ -480,7 +481,7 @@ func mcpServerEntrypoint() error { // Start the server if err := server.ServeStdio(s); err != nil { - return fmt.Errorf("Server error: %v\n", err) + return fmt.Errorf("server error: %v", err) } return nil } diff --git a/cmd/operator/operator.go b/cmd/operator/operator.go index 7334a659..aa1e4f36 100644 --- a/cmd/operator/operator.go +++ b/cmd/operator/operator.go @@ -14,7 +14,7 @@ const ( ) var operatorExamples = fmt.Sprintf(` - + # Trigger a configuration scan %[1]s operator scan configurations @@ -34,16 +34,16 @@ func GetOperatorCmd(ks meta.IKubescape) *cobra.Command { Args: func(cmd *cobra.Command, args []string) error { operatorInfo.Subcommands = append(operatorInfo.Subcommands, "operator") if len(args) < 2 { - return errors.New("For the operator sub-command, you need to provide at least one additional sub-command. Refer to the examples above.") + return errors.New("for the operator sub-command, you need to provide at least one additional sub-command. Refer to the examples above") } return nil }, RunE: func(cmd *cobra.Command, args []string) error { if len(args) < 2 { - return errors.New("For the operator sub-command, you need to provide at least one additional sub-command. Refer to the examples above.") + return errors.New("for the operator sub-command, you need to provide at least one additional sub-command. Refer to the examples above") } if args[0] != scanSubCommand { - return errors.New(fmt.Sprintf("For the operator sub-command, only %s is supported. Refer to the examples above.", scanSubCommand)) + return fmt.Errorf("for the operator sub-command, only %s is supported. Refer to the examples above", scanSubCommand) } return nil }, diff --git a/cmd/operator/operator_test.go b/cmd/operator/operator_test.go index 396ea280..c4af54ca 100644 --- a/cmd/operator/operator_test.go +++ b/cmd/operator/operator_test.go @@ -21,7 +21,7 @@ func TestGetOperatorCmd(t *testing.T) { assert.Equal(t, operatorExamples, cmd.Example) err := cmd.Args(&cobra.Command{}, []string{}) - expectedErrorMessage := "For the operator sub-command, you need to provide at least one additional sub-command. Refer to the examples above." + expectedErrorMessage := "for the operator sub-command, you need to provide at least one additional sub-command. Refer to the examples above" assert.Equal(t, expectedErrorMessage, err.Error()) err = cmd.Args(&cobra.Command{}, []string{"scan", "configurations"}) @@ -37,6 +37,6 @@ func TestGetOperatorCmd(t *testing.T) { assert.Equal(t, expectedErrorMessage, err.Error()) err = cmd.RunE(&cobra.Command{}, []string{"random-subcommand", "random-config"}) - expectedErrorMessage = "For the operator sub-command, only " + scanSubCommand + " is supported. Refer to the examples above." + expectedErrorMessage = "for the operator sub-command, only " + scanSubCommand + " is supported. Refer to the examples above" assert.Equal(t, expectedErrorMessage, err.Error()) } diff --git a/cmd/operator/scan.go b/cmd/operator/scan.go index f925c08a..100e3b91 100644 --- a/cmd/operator/scan.go +++ b/cmd/operator/scan.go @@ -32,7 +32,7 @@ func getOperatorScanCmd(ks meta.IKubescape, operatorInfo cautils.OperatorInfo) * return errors.New("for operator scan sub command, you must pass at least 1 more sub commands, see above examples") } if (args[0] != vulnerabilitiesSubCommand) && (args[0] != configurationsSubCommand) { - return errors.New(fmt.Sprintf("For the operator sub-command, only %s and %s are supported. Refer to the examples above.", vulnerabilitiesSubCommand, configurationsSubCommand)) + return fmt.Errorf("for the operator sub-command, only %s and %s are supported. Refer to the examples above", vulnerabilitiesSubCommand, configurationsSubCommand) } return nil }, diff --git a/cmd/operator/scan_test.go b/cmd/operator/scan_test.go index ec0b1aae..407d22f5 100644 --- a/cmd/operator/scan_test.go +++ b/cmd/operator/scan_test.go @@ -41,6 +41,6 @@ func TestGetOperatorScanCmd(t *testing.T) { assert.Nil(t, err) err = cmd.RunE(&cobra.Command{}, []string{"random"}) - expectedErrorMessage = "For the operator sub-command, only " + vulnerabilitiesSubCommand + " and " + configurationsSubCommand + " are supported. Refer to the examples above." + expectedErrorMessage = "for the operator sub-command, only " + vulnerabilitiesSubCommand + " and " + configurationsSubCommand + " are supported. Refer to the examples above" assert.Equal(t, expectedErrorMessage, err.Error()) } diff --git a/cmd/scan/validators_test.go b/cmd/scan/validators_test.go index be66e4b8..3bfeb440 100644 --- a/cmd/scan/validators_test.go +++ b/cmd/scan/validators_test.go @@ -35,7 +35,7 @@ func Test_validateControlScanInfo(t *testing.T) { t.Run( tc.Description, func(t *testing.T) { - var want error = tc.Want + var want = tc.Want got := validateControlScanInfo(tc.ScanInfo) @@ -85,7 +85,7 @@ func Test_validateFrameworkScanInfo(t *testing.T) { t.Run( tc.Description, func(t *testing.T) { - var want error = tc.Want + var want = tc.Want got := validateFrameworkScanInfo(tc.ScanInfo) diff --git a/cmd/shared/image_scan_test.go b/cmd/shared/image_scan_test.go index 2842e626..3ddc0837 100644 --- a/cmd/shared/image_scan_test.go +++ b/cmd/shared/image_scan_test.go @@ -50,7 +50,7 @@ func TestValidateImageScanInfo(t *testing.T) { t.Run( tc.Description, func(t *testing.T) { - var want error = tc.Want + var want = tc.Want got := ValidateImageScanInfo(tc.ScanInfo) diff --git a/core/cautils/customerloader.go b/core/cautils/customerloader.go index f7d0e2b2..4fce34da 100644 --- a/core/cautils/customerloader.go +++ b/core/cautils/customerloader.go @@ -521,9 +521,3 @@ func GetTenantConfig(accountID, accessKey, clusterName, customClusterName string } // firstNonEmpty returns the first non-empty string -func firstNonEmpty(s1, s2 string) string { - if s1 != "" { - return s1 - } - return s2 -} diff --git a/core/cautils/fileutils.go b/core/cautils/fileutils.go index 94d05d2d..fc1c030b 100644 --- a/core/cautils/fileutils.go +++ b/core/cautils/fileutils.go @@ -322,7 +322,7 @@ func glob(root, pattern string, onlyDirectories bool) ([]string, error) { return nil } fileFormat := getFileFormat(path) - if !(fileFormat == JSON_FILE_FORMAT || fileFormat == YAML_FILE_FORMAT) { + if fileFormat != JSON_FILE_FORMAT && fileFormat != YAML_FILE_FORMAT { return nil } if matched, err := filepath.Match(pattern, filepath.Base(path)); err != nil { diff --git a/core/cautils/getter/getpoliciesutils_test.go b/core/cautils/getter/getpoliciesutils_test.go index bc98fb0a..4e2f2dcc 100644 --- a/core/cautils/getter/getpoliciesutils_test.go +++ b/core/cautils/getter/getpoliciesutils_test.go @@ -1,7 +1,7 @@ package getter import ( - "io/ioutil" + "io" "net/http" "os" "path/filepath" @@ -102,7 +102,7 @@ func TestHttpRespToString_NilResponse(t *testing.T) { func TestHttpRespToString_ValidResponse(t *testing.T) { resp := &http.Response{ - Body: ioutil.NopCloser(strings.NewReader("test response")), + Body: io.NopCloser(strings.NewReader("test response")), Status: "200 OK", StatusCode: 200, } @@ -114,7 +114,7 @@ func TestHttpRespToString_ValidResponse(t *testing.T) { // Returns an error with status and reason when unable to read response body. func TestHttpRespToString_ReadError(t *testing.T) { resp := &http.Response{ - Body: ioutil.NopCloser(strings.NewReader("test response")), + Body: io.NopCloser(strings.NewReader("test response")), } resp.Body.Close() result, err := httpRespToString(resp) @@ -125,7 +125,7 @@ func TestHttpRespToString_ReadError(t *testing.T) { // Returns an error with status and reason when unable to read response body. func TestHttpRespToString_ErrorCodeLessThan200(t *testing.T) { resp := &http.Response{ - Body: ioutil.NopCloser(strings.NewReader("test response")), + Body: io.NopCloser(strings.NewReader("test response")), StatusCode: 100, } resp.Body.Close() diff --git a/core/cautils/getter/kscloudapi_test.go b/core/cautils/getter/kscloudapi_test.go index 71745a01..474b52dd 100644 --- a/core/cautils/getter/kscloudapi_test.go +++ b/core/cautils/getter/kscloudapi_test.go @@ -5,7 +5,6 @@ import ( "io" "net/http" "net/http/httptest" - "os" "strings" "sync" "testing" @@ -25,10 +24,6 @@ const ( var ( globalMx sync.Mutex // a mutex to avoid data races on package globals while testing - - testOptions = []v1.KSCloudOption{ - v1.WithTrace(os.Getenv("DEBUG_TEST") != ""), - } ) func TestGlobalKSCloudAPIConnector(t *testing.T) { @@ -113,8 +108,6 @@ func mockAPIServer(t testing.TB) *testServer { defer func() { _ = r.Body.Close() }() _, _ = io.Copy(w, r.Body) - return - }) return server diff --git a/core/cautils/getter/loadpolicy.go b/core/cautils/getter/loadpolicy.go index e4887a34..268002b2 100644 --- a/core/cautils/getter/loadpolicy.go +++ b/core/cautils/getter/loadpolicy.go @@ -226,7 +226,7 @@ func (lp *LoadPolicy) GetControlsInputs(_ /* clusterName */ string) (map[string] buf, err := os.ReadFile(filePath) if err != nil { formattedError := fmt.Errorf( - `Error opening %s file, "controls-config" will be downloaded from ARMO management portal`, + `error opening %s file, "controls-config" will be downloaded from ARMO management portal`, fileName, ) @@ -236,7 +236,7 @@ func (lp *LoadPolicy) GetControlsInputs(_ /* clusterName */ string) (map[string] controlInputs := make(map[string][]string, 100) // from armotypes.Settings.PostureControlInputs if err = json.Unmarshal(buf, &controlInputs); err != nil { formattedError := fmt.Errorf( - `Error reading %s file, %v, "controls-config" will be downloaded from ARMO management portal`, + `error reading %s file, %v, "controls-config" will be downloaded from ARMO management portal`, fileName, err, ) diff --git a/core/cautils/kustomizedirectory_test.go b/core/cautils/kustomizedirectory_test.go index 3acb31de..732dbefb 100644 --- a/core/cautils/kustomizedirectory_test.go +++ b/core/cautils/kustomizedirectory_test.go @@ -54,7 +54,7 @@ func TestGetKustomizeDirectoryName(t *testing.T) { t.Run(tt.name, func(t *testing.T) { tempFile := filepath.Join(tt.args.path, "kustomization.yaml") if tt.createKustomization { - _ = os.WriteFile(tempFile, []byte(""), 0644) + _ = os.WriteFile(tempFile, []byte(""), 0600) } if got := getKustomizeDirectoryName(tt.args.path); got != tt.want { t.Errorf("GetKustomizeDirectoryName() = %v, want %v", got, tt.want) diff --git a/core/cautils/operartorscaninfo_test.go b/core/cautils/operartorscaninfo_test.go index bba9f77a..2819d3b9 100644 --- a/core/cautils/operartorscaninfo_test.go +++ b/core/cautils/operartorscaninfo_test.go @@ -81,7 +81,7 @@ func Test_GetRequestPayload(t *testing.T) { for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { - result := tc.OperatorScanInfo.GetRequestPayload() + result := tc.GetRequestPayload() assert.Equal(t, tc.result, result) }) } @@ -136,8 +136,8 @@ func Test_ValidatePayload(t *testing.T) { for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { - payload := tc.OperatorScanInfo.GetRequestPayload() - result := tc.OperatorScanInfo.ValidatePayload(payload) + payload := tc.GetRequestPayload() + result := tc.ValidatePayload(payload) assert.Equal(t, tc.result, result) }) } diff --git a/core/cautils/parseFile.go b/core/cautils/parseFile.go index 03b3ad1a..ba590341 100644 --- a/core/cautils/parseFile.go +++ b/core/cautils/parseFile.go @@ -170,7 +170,6 @@ func getInfoFromOne(output string, lastNumber int, isMapType bool) (value string if isMapType { lineNumber = lineNumber - 1 } - lastNumber = lineNumber // save to structure } else { lineNumber = lastNumber diff --git a/core/cautils/portforwarder.go b/core/cautils/portforwarder.go index e14fe7d3..65a508cc 100644 --- a/core/cautils/portforwarder.go +++ b/core/cautils/portforwarder.go @@ -78,7 +78,7 @@ func (p *portForward) StopPortForwarder() { func (p *portForward) StartPortForwarder() error { go func() { - p.PortForwarder.ForwardPorts() + p.ForwardPorts() }() p.waitForPortForwardReadiness() diff --git a/core/cautils/portforwarder_test.go b/core/cautils/portforwarder_test.go index e5247634..056ad297 100644 --- a/core/cautils/portforwarder_test.go +++ b/core/cautils/portforwarder_test.go @@ -64,7 +64,7 @@ func Test_CreatePortForwarder(t *testing.T) { for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { k8sClient := k8sinterface.KubernetesApi{ - KubernetesClient: fake.NewSimpleClientset(), + KubernetesClient: fake.NewClientset(), K8SConfig: &rest.Config{ Host: "any", }, @@ -105,7 +105,7 @@ func Test_GetPortForwardLocalhost(t *testing.T) { for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { k8sClient := k8sinterface.KubernetesApi{ - KubernetesClient: fake.NewSimpleClientset(), + KubernetesClient: fake.NewClientset(), K8SConfig: &rest.Config{ Host: "any", }, diff --git a/core/core/clusterconnector.go b/core/core/clusterconnector.go index 1e27b11e..818034b5 100644 --- a/core/core/clusterconnector.go +++ b/core/core/clusterconnector.go @@ -36,7 +36,7 @@ func getOperatorPod(k8sClient *k8sinterface.KubernetesApi, ns string) (*v1.Pod, return nil, err } if len(pods.Items) != 1 { - return nil, errors.New("Could not find the Kubescape Operator chart, please validate that the Kubescape Operator helm chart is installed and running -> https://github.com/kubescape/helm-charts") + return nil, errors.New("could not find the Kubescape Operator chart, please validate that the Kubescape Operator helm chart is installed and running -> https://github.com/kubescape/helm-charts") } return &pods.Items[0], nil @@ -90,8 +90,8 @@ func (a *OperatorAdapter) httpPostOperatorScanRequest(body apis.Commands) (strin } func (a *OperatorAdapter) OperatorScan() (string, error) { - payload := a.OperatorScanInfo.GetRequestPayload() - if err := a.OperatorScanInfo.ValidatePayload(payload); err != nil { + payload := a.GetRequestPayload() + if err := a.ValidatePayload(payload); err != nil { return "", err } res, err := a.httpPostOperatorScanRequest(*payload) diff --git a/core/core/clusterconnector_test.go b/core/core/clusterconnector_test.go index e58ee2fb..805e92ea 100644 --- a/core/core/clusterconnector_test.go +++ b/core/core/clusterconnector_test.go @@ -23,13 +23,13 @@ func Test_getOperatorPod(t *testing.T) { name: "test error no operator exist", createOperatorPod: false, createAnotherOperatorPodWithSameLabel: false, - expectedError: fmt.Errorf("Could not find the Kubescape Operator chart, please validate that the Kubescape Operator helm chart is installed and running -> https://github.com/kubescape/helm-charts"), + expectedError: fmt.Errorf("could not find the Kubescape Operator chart, please validate that the Kubescape Operator helm chart is installed and running -> https://github.com/kubescape/helm-charts"), }, { name: "test error several operators exist", createOperatorPod: true, createAnotherOperatorPodWithSameLabel: true, - expectedError: fmt.Errorf("Could not find the Kubescape Operator chart, please validate that the Kubescape Operator helm chart is installed and running -> https://github.com/kubescape/helm-charts"), + expectedError: fmt.Errorf("could not find the Kubescape Operator chart, please validate that the Kubescape Operator helm chart is installed and running -> https://github.com/kubescape/helm-charts"), }, { name: "test no error", @@ -42,7 +42,7 @@ func Test_getOperatorPod(t *testing.T) { for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { k8sClient := k8sinterface.KubernetesApi{ - KubernetesClient: fake.NewSimpleClientset(), + KubernetesClient: fake.NewClientset(), Context: context.TODO(), } diff --git a/core/core/fix.go b/core/core/fix.go index e8c39804..7d0b45b8 100644 --- a/core/core/fix.go +++ b/core/core/fix.go @@ -48,7 +48,7 @@ func (ks *Kubescape) Fix(fixInfo *metav1.FixInfo) error { for _, err := range errors { logger.L().Ctx(ks.Context()).Warning(err.Error()) } - return fmt.Errorf("Failed to fix some resources, check the logs for more details") + return fmt.Errorf("failed to fix some resources, check the logs for more details") } return nil @@ -64,9 +64,10 @@ func userConfirmed() bool { } input = strings.ToLower(input) - if input == "y" || input == "yes" { + switch input { + case "y", "yes": return true - } else if input == "n" || input == "no" { + case "n", "no": return false } } diff --git a/core/core/initutils.go b/core/core/initutils.go index f9348ab3..eb3da6ad 100644 --- a/core/core/initutils.go +++ b/core/core/initutils.go @@ -82,7 +82,7 @@ func getReporter(ctx context.Context, tenantConfig cautils.ITenantConfig, report } func getResourceHandler(ctx context.Context, scanInfo *cautils.ScanInfo, tenantConfig cautils.ITenantConfig, k8s *k8sinterface.KubernetesApi, hostSensorHandler hostsensorutils.IHostSensor) resourcehandler.IResourceHandler { - ctx, span := otel.Tracer("").Start(ctx, "getResourceHandler") + _, span := otel.Tracer("").Start(ctx, "getResourceHandler") defer span.End() if len(scanInfo.InputPatterns) > 0 || k8s == nil { diff --git a/core/core/list.go b/core/core/list.go index 72c664c4..a00415f8 100644 --- a/core/core/list.go +++ b/core/core/list.go @@ -48,7 +48,7 @@ func (ks *Kubescape) List(listPolicies *metav1.ListPolicies) error { if listFormatFunction, ok := listFormatFunc[listPolicies.Format]; ok { listFormatFunction(ks.Context(), listPolicies.Target, policies) } else { - return fmt.Errorf("Invalid format \"%s\", Supported formats: 'pretty-print'/'json' ", listPolicies.Format) + return fmt.Errorf("invalid format \"%s\", supported formats: 'pretty-print'/'json' ", listPolicies.Format) } return nil @@ -168,7 +168,7 @@ func generateControlRows(policies []string) []table.Row { docs := cautils.GetControlLink(id) - currentRow := table.Row{id, control, docs, strings.Replace(framework, " ", "\n", -1)} + currentRow := table.Row{id, control, docs, strings.ReplaceAll(framework, " ", "\n")} rows = append(rows, currentRow) } @@ -188,7 +188,7 @@ func generatePolicyRows(policies []string) []table.Row { func shortFormatControlRows(controlRows []table.Row) []table.Row { rows := make([]table.Row, 0, len(controlRows)) for _, controlRow := range controlRows { - rows = append(rows, table.Row{fmt.Sprintf("Control ID"+strings.Repeat(" ", 3)+": %+v\nControl Name"+strings.Repeat(" ", 1)+": %+v\nDocs"+strings.Repeat(" ", 9)+": %+v\nFrameworks"+strings.Repeat(" ", 3)+": %+v", controlRow[0], controlRow[1], controlRow[2], strings.Replace(controlRow[3].(string), "\n", " ", -1))}) + rows = append(rows, table.Row{fmt.Sprintf("Control ID"+strings.Repeat(" ", 3)+": %+v\nControl Name"+strings.Repeat(" ", 1)+": %+v\nDocs"+strings.Repeat(" ", 9)+": %+v\nFrameworks"+strings.Repeat(" ", 3)+": %+v", controlRow[0], controlRow[1], controlRow[2], strings.ReplaceAll(controlRow[3].(string), "\n", " "))}) } return rows } diff --git a/core/core/patch.go b/core/core/patch.go index 3c87d45f..9b7d1409 100644 --- a/core/core/patch.go +++ b/core/core/patch.go @@ -313,7 +313,7 @@ func patchWithContext(ctx context.Context, buildkitAddr, image, reportFile, patc return res, nil }, buildChannel) - return nil + return err } func getOSType(ctx context.Context, osreleaseBytes []byte) (string, error) { diff --git a/core/core/scan.go b/core/core/scan.go index 9275dfe2..be74a4fa 100644 --- a/core/core/scan.go +++ b/core/core/scan.go @@ -145,14 +145,14 @@ func (ks *Kubescape) Scan(scanInfo *cautils.ScanInfo) (*resultshandling.ResultsH } // set policy getter only after setting the customerGUID - scanInfo.Getters.PolicyGetter = getPolicyGetter(ctxInit, scanInfo.UseFrom, interfaces.tenantConfig.GetAccountID(), scanInfo.FrameworkScan, downloadReleasedPolicy) - scanInfo.Getters.ControlsInputsGetter = getConfigInputsGetter(ctxInit, scanInfo.ControlsInputs, interfaces.tenantConfig.GetAccountID(), downloadReleasedPolicy) - scanInfo.Getters.ExceptionsGetter = getExceptionsGetter(ctxInit, scanInfo.UseExceptions, interfaces.tenantConfig.GetAccountID(), downloadReleasedPolicy) - scanInfo.Getters.AttackTracksGetter = getAttackTracksGetter(ctxInit, scanInfo.AttackTracks, interfaces.tenantConfig.GetAccountID(), downloadReleasedPolicy) + scanInfo.PolicyGetter = getPolicyGetter(ctxInit, scanInfo.UseFrom, interfaces.tenantConfig.GetAccountID(), scanInfo.FrameworkScan, downloadReleasedPolicy) + scanInfo.ControlsInputsGetter = getConfigInputsGetter(ctxInit, scanInfo.ControlsInputs, interfaces.tenantConfig.GetAccountID(), downloadReleasedPolicy) + scanInfo.ExceptionsGetter = getExceptionsGetter(ctxInit, scanInfo.UseExceptions, interfaces.tenantConfig.GetAccountID(), downloadReleasedPolicy) + scanInfo.AttackTracksGetter = getAttackTracksGetter(ctxInit, scanInfo.AttackTracks, interfaces.tenantConfig.GetAccountID(), downloadReleasedPolicy) // TODO - list supported frameworks/controls if scanInfo.ScanAll { - scanInfo.SetPolicyIdentifiers(listFrameworksNames(scanInfo.Getters.PolicyGetter), apisv1.KindFramework) + scanInfo.SetPolicyIdentifiers(listFrameworksNames(scanInfo.PolicyGetter), apisv1.KindFramework) } // remove host scanner components @@ -200,7 +200,7 @@ func (ks *Kubescape) Scan(scanInfo *cautils.ScanInfo) (*resultshandling.ResultsH // ======================== prioritization =================== if scanInfo.PrintAttackTree || isPrioritizationScanType(scanInfo.ScanType) { _, spanPrioritization := otel.Tracer("").Start(ctxOpa, "prioritization") - if priotizationHandler, err := resourcesprioritization.NewResourcesPrioritizationHandler(ctxOpa, scanInfo.Getters.AttackTracksGetter, scanInfo.PrintAttackTree); err != nil { + if priotizationHandler, err := resourcesprioritization.NewResourcesPrioritizationHandler(ctxOpa, scanInfo.AttackTracksGetter, scanInfo.PrintAttackTree); err != nil { logger.L().Ctx(ks.Context()).Warning("failed to get attack tracks, this may affect the scanning results", helpers.Error(err)) } else if err := priotizationHandler.PrioritizeResources(scanData); err != nil { return resultsHandling, fmt.Errorf("%w", err) diff --git a/core/pkg/containerscan/containerscan_mock.go b/core/pkg/containerscan/containerscan_mock.go index 52352206..78f8d925 100644 --- a/core/pkg/containerscan/containerscan_mock.go +++ b/core/pkg/containerscan/containerscan_mock.go @@ -46,8 +46,6 @@ var hash = []rune("abcdef0123456789") var nums = []rune("0123456789") func randSeq(n int, bank []rune) string { - rand.Seed(time.Now().UnixNano()) - b := make([]rune, n) for i := range b { b[i] = bank[rand.Intn(len(bank))] //nolint:gosec diff --git a/core/pkg/containerscan/rawdatastrucutres.go b/core/pkg/containerscan/rawdatastrucutres.go index 3dc21256..f5a62a43 100644 --- a/core/pkg/containerscan/rawdatastrucutres.go +++ b/core/pkg/containerscan/rawdatastrucutres.go @@ -88,6 +88,6 @@ type PkgFiles []PackageFile func (v *ScanResultReport) AsFNVHash() string { hasher := fnv.New64a() - hasher.Write([]byte(fmt.Sprintf("%v", *v))) + fmt.Fprintf(hasher, "%v", *v) return fmt.Sprintf("%v", hasher.Sum64()) } diff --git a/core/pkg/fixhandler/fixhandler.go b/core/pkg/fixhandler/fixhandler.go index c61712c6..2b8cf7f3 100644 --- a/core/pkg/fixhandler/fixhandler.go +++ b/core/pkg/fixhandler/fixhandler.go @@ -209,7 +209,7 @@ func (h *FixHandler) ApplyChanges(ctx context.Context, resourcesToFix []Resource fixedYamlString, err := ApplyFixToContent(ctx, fileAsString, yamlExpression) if err != nil { - errors = append(errors, fmt.Errorf("Failed to fix file %s: %w ", filepath, err)) + errors = append(errors, fmt.Errorf("failed to fix file %s: %w ", filepath, err)) continue } else { updatedFiles[filepath] = true @@ -344,7 +344,7 @@ func GetFileString(filepath string) (string, error) { bytes, err := os.ReadFile(filepath) if err != nil { - return "", fmt.Errorf("Error reading file %s", filepath) + return "", fmt.Errorf("error reading file %s", filepath) } return string(bytes), nil @@ -354,7 +354,7 @@ func writeFixesToFile(filepath, content string) error { err := os.WriteFile(filepath, []byte(content), 0644) //nolint:gosec if err != nil { - return fmt.Errorf("Error writing fixes to file: %w", err) + return fmt.Errorf("error writing fixes to file: %w", err) } return nil diff --git a/core/pkg/fixhandler/yamlhandler.go b/core/pkg/fixhandler/yamlhandler.go index 4b7fb3d7..44cde43b 100644 --- a/core/pkg/fixhandler/yamlhandler.go +++ b/core/pkg/fixhandler/yamlhandler.go @@ -26,7 +26,7 @@ func decodeDocumentRoots(yamlAsString string) ([]yaml.Node, error) { break } if err != nil { - return nil, fmt.Errorf("Cannot Decode File as YAML") + return nil, fmt.Errorf("cannot decode file as YAML") } @@ -55,7 +55,7 @@ func getFixedNodes(ctx context.Context, yamlAsString, yamlExpression string) ([] fixedCandidateNodes, err := allAtOnceEvaluator.EvaluateCandidateNodes(yamlExpression, allDocuments) if err != nil { - return nil, fmt.Errorf("Error fixing YAML, %w", err) + return nil, fmt.Errorf("error fixing YAML, %w", err) } fixedNodes := make([]yaml.Node, 0) diff --git a/core/pkg/fixhandler/yamlhelper.go b/core/pkg/fixhandler/yamlhelper.go index c8ac919c..55c7c05b 100644 --- a/core/pkg/fixhandler/yamlhelper.go +++ b/core/pkg/fixhandler/yamlhelper.go @@ -86,7 +86,7 @@ func adjustFixedListLines(originalList, fixedList *[]nodeInfo) { func enocodeIntoYaml(parentNode *yaml.Node, nodeList *[]nodeInfo, tracker int) (string, error) { if tracker < 0 || tracker >= len(*nodeList) { - return "", fmt.Errorf("Index out of range for nodeList: tracker=%d, length=%d", tracker, len(*nodeList)) + return "", fmt.Errorf("index out of range for nodeList: tracker=%d, length=%d", tracker, len(*nodeList)) } content := make([]*yaml.Node, 0) @@ -112,11 +112,11 @@ func enocodeIntoYaml(parentNode *yaml.Node, nodeList *[]nodeInfo, tracker int) ( errorEncoding := encoder.Encode(parentForContent) if errorEncoding != nil { - return "", fmt.Errorf("Error debugging node, %v", errorEncoding.Error()) + return "", fmt.Errorf("error debugging node, %v", errorEncoding.Error()) } errorClosingEncoder := encoder.Close() if errorClosingEncoder != nil { - return "", fmt.Errorf("Error closing encoder: %v", errorClosingEncoder.Error()) + return "", fmt.Errorf("error closing encoder: %v", errorClosingEncoder.Error()) } return fmt.Sprintf(`%v`, buf.String()), nil } @@ -216,7 +216,7 @@ func getLastLineOfResource(linesSlice *[]string, currentLine int) (int, error) { } } - return 0, fmt.Errorf("Provided line is greater than the length of YAML file") + return 0, fmt.Errorf("provided line is greater than the length of YAML file") } func getNodeLine(nodeList *[]nodeInfo, tracker int) int { @@ -300,7 +300,7 @@ func isEmptyLineOrComment(lineContent string) bool { func readDocuments(ctx context.Context, reader io.Reader, decoder yqlib.Decoder) (*list.List, error) { err := decoder.Init(reader) if err != nil { - return nil, fmt.Errorf("Error Initializing the decoder, %w", err) + return nil, fmt.Errorf("error initializing the decoder, %w", err) } inputList := list.New() @@ -316,7 +316,7 @@ func readDocuments(ctx context.Context, reader io.Reader, decoder yqlib.Decoder) } return inputList, nil } else if errorReading != nil { - return nil, fmt.Errorf("Error Decoding YAML file, %w", errorReading) + return nil, fmt.Errorf("error decoding yaml file, %w", errorReading) } candidateNode.Document = currentIndex diff --git a/core/pkg/fixhandler/yamlhelper_test.go b/core/pkg/fixhandler/yamlhelper_test.go index 3728a7e7..cbafc36d 100644 --- a/core/pkg/fixhandler/yamlhelper_test.go +++ b/core/pkg/fixhandler/yamlhelper_test.go @@ -434,9 +434,9 @@ func TestRemoveOutOfRangeLines(t *testing.T) { func TestShouldCalculateTotalNumberOfChildrenAndAddToCurrentTracker(t *testing.T) { node := &yaml.Node{ Content: []*yaml.Node{ - &yaml.Node{}, - &yaml.Node{}, - &yaml.Node{}, + {}, + {}, + {}, }, } currentTracker := 5 diff --git a/core/pkg/hostsensorutils/json.go b/core/pkg/hostsensorutils/json.go index d35b4cab..1b800d3e 100644 --- a/core/pkg/hostsensorutils/json.go +++ b/core/pkg/hostsensorutils/json.go @@ -1,15 +1 @@ package hostsensorutils - -import ( - jsoniter "github.com/json-iterator/go" -) - -var ( - json jsoniter.API -) - -func init() { - // NOTE(fredbi): attention, this configuration rounds floats down to 6 digits - // For finer-grained config, see: https://pkg.go.dev/github.com/json-iterator/go#section-readme - json = jsoniter.ConfigFastest -} diff --git a/core/pkg/hostsensorutils/kubernetes_mock_test.go b/core/pkg/hostsensorutils/kubernetes_mock_test.go index b862a4bf..82295ad3 100644 --- a/core/pkg/hostsensorutils/kubernetes_mock_test.go +++ b/core/pkg/hostsensorutils/kubernetes_mock_test.go @@ -490,98 +490,3 @@ func (w *watchMock) Stop() { func (w *watchMock) ResultChan() <-chan watch.Event { return w.eventChan } - -func mockNode1() v1.Node { - return v1.Node{ - TypeMeta: metav1.TypeMeta{ - Kind: "Node", - APIVersion: "v1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: "node1", - }, - // TODO: fill in some mock data - } -} - -func mockPod1() v1.Pod { - return v1.Pod{ - TypeMeta: metav1.TypeMeta{ - Kind: "Pod", - APIVersion: "v1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: "pod1", - }, - Status: v1.PodStatus{ - Phase: v1.PodRunning, - ContainerStatuses: []v1.ContainerStatus{ - { - Name: "container1", - Ready: true, - }, - }, - }, - } -} - -func mockPod2() v1.Pod { - return v1.Pod{ - TypeMeta: metav1.TypeMeta{ - Kind: "Pod", - APIVersion: "v1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: "pod2", - }, - Status: v1.PodStatus{ - Phase: v1.PodRunning, - ContainerStatuses: []v1.ContainerStatus{ - { - Name: "container2", - Ready: true, - }, - }, - }, - } -} - -func mockResponsesNoCloudProvider() map[RestURL][]byte { - responses := mockResponses() - responses[RestURL{"http", "pod1", "7888", "/cloudProviderInfo"}] = []byte("{}\n") - responses[RestURL{"http", "pod2", "7888", "/cloudProviderInfo"}] = []byte("{}\n") - - return responses -} - -// mockResponses test scenario (values retrieved from a real minikube cluster) -func mockResponses() map[RestURL][]byte { - return map[RestURL][]byte{ - {"http", "pod1", "7888", "/version"}: []byte(`"v1.0.45"`), - {"http", "pod2", "7888", "/version"}: []byte(`"v1.0.45"`), - {"http", "pod1", "7888", "/kubeletConfigurations"}: []byte("apiVersion: kubelet.config.k8s.io/v1beta1\nauthentication:\n anonymous:\n enabled: false\n webhook:\n cacheTTL: 0s\n enabled: true\n x509:\n clientCAFile: /var/lib/minikube/certs/ca.crt\nauthorization:\n mode: Webhook\n webhook:\n cacheAuthorizedTTL: 0s\n cacheUnauthorizedTTL: 0s\ncgroupDriver: systemd\nclusterDNS:\n- 10.96.0.10\nclusterDomain: cluster.local\ncpuManagerReconcilePeriod: 0s\nevictionHard:\n imagefs.available: 0%\n nodefs.available: 0%\n nodefs.inodesFree: 0%\nevictionPressureTransitionPeriod: 0s\nfailSwapOn: false\nfileCheckFrequency: 0s\nhealthzBindAddress: 127.0.0.1\nhealthzPort: 10248\nhttpCheckFrequency: 0s\nimageGCHighThresholdPercent: 100\nimageMinimumGCAge: 0s\nkind: KubeletConfiguration\nlogging: {}\nmemorySwap: {}\nnodeStatusReportFrequency: 0s\nnodeStatusUpdateFrequency: 0s\nresolvConf: /run/systemd/resolve/resolv.conf\nrotateCertificates: true\nruntimeRequestTimeout: 0s\nshutdownGracePeriod: 0s\nshutdownGracePeriodCriticalPods: 0s\nstaticPodPath: /etc/kubernetes/manifests\nstreamingConnectionIdleTimeout: 0s\nsyncFrequency: 0s\nvolumeStatsAggPeriod: 0s\n"), - {"http", "pod2", "7888", "/kubeletConfigurations"}: []byte("apiVersion: kubelet.config.k8s.io/v1beta1\nauthentication:\n anonymous:\n enabled: false\n webhook:\n cacheTTL: 0s\n enabled: true\n x509:\n clientCAFile: /var/lib/minikube/certs/ca.crt\nauthorization:\n mode: Webhook\n webhook:\n cacheAuthorizedTTL: 0s\n cacheUnauthorizedTTL: 0s\ncgroupDriver: systemd\nclusterDNS:\n- 10.96.0.10\nclusterDomain: cluster.local\ncpuManagerReconcilePeriod: 0s\nevictionHard:\n imagefs.available: 0%\n nodefs.available: 0%\n nodefs.inodesFree: 0%\nevictionPressureTransitionPeriod: 0s\nfailSwapOn: false\nfileCheckFrequency: 0s\nhealthzBindAddress: 127.0.0.1\nhealthzPort: 10248\nhttpCheckFrequency: 0s\nimageGCHighThresholdPercent: 100\nimageMinimumGCAge: 0s\nkind: KubeletConfiguration\nlogging: {}\nmemorySwap: {}\nnodeStatusReportFrequency: 0s\nnodeStatusUpdateFrequency: 0s\nresolvConf: /run/systemd/resolve/resolv.conf\nrotateCertificates: true\nruntimeRequestTimeout: 0s\nshutdownGracePeriod: 0s\nshutdownGracePeriodCriticalPods: 0s\nstaticPodPath: /etc/kubernetes/manifests\nstreamingConnectionIdleTimeout: 0s\nsyncFrequency: 0s\nvolumeStatsAggPeriod: 0s\n"), - {"http", "pod1", "7888", "/kubeletCommandLine"}: []byte("/var/lib/minikube/binaries/v1.22.3/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --config=/var/lib/kubelet/config.yaml --container-runtime=docker --hostname-override=minikube --kubeconfig=/etc/kubernetes/kubelet.conf --node-ip=192.168.59.101 "), - {"http", "pod2", "7888", "/kubeletCommandLine"}: []byte("/var/lib/minikube/binaries/v1.22.3/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --config=/var/lib/kubelet/config.yaml --container-runtime=docker --hostname-override=minikube --kubeconfig=/etc/kubernetes/kubelet.conf --node-ip=192.168.59.101 "), - {"http", "pod1", "7888", "/osRelease"}: []byte("NAME=Buildroot\nVERSION=2021.02.4-dirty\nID=buildroot\nVERSION_ID=2021.02.4\nPRETTY_NAME=\"Buildroot 2021.02.4\"\n"), - {"http", "pod2", "7888", "/osRelease"}: []byte("NAME=Buildroot\nVERSION=2021.02.4-dirty\nID=buildroot\nVERSION_ID=2021.02.4\nPRETTY_NAME=\"Buildroot 2021.02.4\"\n"), - {"http", "pod1", "7888", "/kernelVersion"}: []byte("Linux version 4.19.202 (jenkins@debian10-agent-1) (gcc version 9.4.0 (Buildroot 2021.02.4-dirty)) #1 SMP Wed Oct 27 22:52:27 UTC 2021\n"), - {"http", "pod2", "7888", "/kernelVersion"}: []byte("Linux version 4.19.202 (jenkins@debian10-agent-1) (gcc version 9.4.0 (Buildroot 2021.02.4-dirty)) #1 SMP Wed Oct 27 22:52:27 UTC 2021\n"), - {"http", "pod1", "7888", "/linuxSecurityHardening"}: []byte("{\"appArmor\":\"unloaded\",\"seLinux\":\"not found\"}\n"), - {"http", "pod2", "7888", "/linuxSecurityHardening"}: []byte("{\"appArmor\":\"unloaded\",\"seLinux\":\"not found\"}\n"), - {"http", "pod1", "7888", "/openedPorts"}: []byte("{\"tcpPorts\":[{\"Transport\":\"\",\"LocalAddress\":\"::\",\"LocalPort\":7888,\"RemoteAddress\":\"::\",\"RemotePort\":0,\"PID\":0,\"Name\":\"\"}],\"udpPorts\":[],\"icmpPorts\":[]}\n"), - {"http", "pod2", "7888", "/openedPorts"}: []byte("{\"tcpPorts\":[{\"Transport\":\"\",\"LocalAddress\":\"::\",\"LocalPort\":7888,\"RemoteAddress\":\"::\",\"RemotePort\":0,\"PID\":0,\"Name\":\"\"}],\"udpPorts\":[],\"icmpPorts\":[]}\n"), - {"http", "pod1", "7888", "/LinuxKernelVariables"}: []byte("[{\"key\":\"acct\",\"value\":\"4\\t2\\t30\\n\",\"source\":\"/proc/sys/kernel/acct\"},{\"key\":\"acpi_video_flags\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/acpi_video_flags\"},{\"key\":\"auto_msgmni\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/auto_msgmni\"},{\"key\":\"bootloader_type\",\"value\":\"48\\n\",\"source\":\"/proc/sys/kernel/bootloader_type\"},{\"key\":\"bootloader_version\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/bootloader_version\"},{\"key\":\"cad_pid\",\"value\":\"1\\n\",\"source\":\"/proc/sys/kernel/cad_pid\"},{\"key\":\"cap_last_cap\",\"value\":\"37\\n\",\"source\":\"/proc/sys/kernel/cap_last_cap\"},{\"key\":\"core_pattern\",\"value\":\"core\\n\",\"source\":\"/proc/sys/kernel/core_pattern\"},{\"key\":\"core_pipe_limit\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/core_pipe_limit\"},{\"key\":\"core_uses_pid\",\"value\":\"1\\n\",\"source\":\"/proc/sys/kernel/core_uses_pid\"},{\"key\":\"ctrl-alt-del\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/ctrl-alt-del\"},{\"key\":\"dmesg_restrict\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/dmesg_restrict\"},{\"key\":\"domainname\",\"value\":\"(none)\\n\",\"source\":\"/proc/sys/kernel/domainname\"},{\"key\":\"ftrace_dump_on_oops\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/ftrace_dump_on_oops\"},{\"key\":\"ftrace_enabled\",\"value\":\"1\\n\",\"source\":\"/proc/sys/kernel/ftrace_enabled\"},{\"key\":\"hostname\",\"value\":\"host-scanner-kwcqd\\n\",\"source\":\"/proc/sys/kernel/hostname\"},{\"key\":\"hotplug\",\"value\":\"/sbin/hotplug\\n\",\"source\":\"/proc/sys/kernel/hotplug\"},{\"key\":\"io_delay_type\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/io_delay_type\"},{\"key\":\"kexec_load_disabled\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/kexec_load_disabled\"},{\"key\":\"gc_delay\",\"value\":\"300\\n\",\"source\":\"/proc/sys/kernel/keys/gc_delay\"},{\"key\":\"maxbytes\",\"value\":\"20000\\n\",\"source\":\"/proc/sys/kernel/keys/maxbytes\"},{\"key\":\"maxkeys\",\"value\":\"200\\n\",\"source\":\"/proc/sys/kernel/keys/maxkeys\"},{\"key\":\"root_maxbytes\",\"value\":\"25000000\\n\",\"source\":\"/proc/sys/kernel/keys/root_maxbytes\"},{\"key\":\"root_maxkeys\",\"value\":\"1000000\\n\",\"source\":\"/proc/sys/kernel/keys/root_maxkeys\"},{\"key\":\"kptr_restrict\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/kptr_restrict\"},{\"key\":\"max_lock_depth\",\"value\":\"1024\\n\",\"source\":\"/proc/sys/kernel/max_lock_depth\"},{\"key\":\"modprobe\",\"value\":\"/sbin/modprobe\\n\",\"source\":\"/proc/sys/kernel/modprobe\"},{\"key\":\"modules_disabled\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/modules_disabled\"},{\"key\":\"msgmax\",\"value\":\"8192\\n\",\"source\":\"/proc/sys/kernel/msgmax\"},{\"key\":\"msgmnb\",\"value\":\"16384\\n\",\"source\":\"/proc/sys/kernel/msgmnb\"},{\"key\":\"msgmni\",\"value\":\"32000\\n\",\"source\":\"/proc/sys/kernel/msgmni\"},{\"key\":\"ngroups_max\",\"value\":\"65536\\n\",\"source\":\"/proc/sys/kernel/ngroups_max\"},{\"key\":\"osrelease\",\"value\":\"4.19.202\\n\",\"source\":\"/proc/sys/kernel/osrelease\"},{\"key\":\"ostype\",\"value\":\"Linux\\n\",\"source\":\"/proc/sys/kernel/ostype\"},{\"key\":\"overflowgid\",\"value\":\"65534\\n\",\"source\":\"/proc/sys/kernel/overflowgid\"},{\"key\":\"overflowuid\",\"value\":\"65534\\n\",\"source\":\"/proc/sys/kernel/overflowuid\"},{\"key\":\"panic\",\"value\":\"10\\n\",\"source\":\"/proc/sys/kernel/panic\"},{\"key\":\"panic_on_io_nmi\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/panic_on_io_nmi\"},{\"key\":\"panic_on_oops\",\"value\":\"1\\n\",\"source\":\"/proc/sys/kernel/panic_on_oops\"},{\"key\":\"panic_on_rcu_stall\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/panic_on_rcu_stall\"},{\"key\":\"panic_on_stackoverflow\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/panic_on_stackoverflow\"},{\"key\":\"panic_on_unrecovered_nmi\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/panic_on_unrecovered_nmi\"},{\"key\":\"panic_on_warn\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/panic_on_warn\"},{\"key\":\"perf_cpu_time_max_percent\",\"value\":\"25\\n\",\"source\":\"/proc/sys/kernel/perf_cpu_time_max_percent\"},{\"key\":\"perf_event_max_contexts_per_stack\",\"value\":\"8\\n\",\"source\":\"/proc/sys/kernel/perf_event_max_contexts_per_stack\"},{\"key\":\"perf_event_max_sample_rate\",\"value\":\"100000\\n\",\"source\":\"/proc/sys/kernel/perf_event_max_sample_rate\"},{\"key\":\"perf_event_max_stack\",\"value\":\"127\\n\",\"source\":\"/proc/sys/kernel/perf_event_max_stack\"},{\"key\":\"perf_event_mlock_kb\",\"value\":\"516\\n\",\"source\":\"/proc/sys/kernel/perf_event_mlock_kb\"},{\"key\":\"perf_event_paranoid\",\"value\":\"2\\n\",\"source\":\"/proc/sys/kernel/perf_event_paranoid\"},{\"key\":\"pid_max\",\"value\":\"4194304\\n\",\"source\":\"/proc/sys/kernel/pid_max\"},{\"key\":\"poweroff_cmd\",\"value\":\"/sbin/poweroff\\n\",\"source\":\"/proc/sys/kernel/poweroff_cmd\"},{\"key\":\"print-fatal-signals\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/print-fatal-signals\"},{\"key\":\"printk\",\"value\":\"3\\t4\\t1\\t7\\n\",\"source\":\"/proc/sys/kernel/printk\"},{\"key\":\"printk_delay\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/printk_delay\"},{\"key\":\"printk_devkmsg\",\"value\":\"on\\n\",\"source\":\"/proc/sys/kernel/printk_devkmsg\"},{\"key\":\"printk_ratelimit\",\"value\":\"5\\n\",\"source\":\"/proc/sys/kernel/printk_ratelimit\"},{\"key\":\"printk_ratelimit_burst\",\"value\":\"10\\n\",\"source\":\"/proc/sys/kernel/printk_ratelimit_burst\"},{\"key\":\"max\",\"value\":\"4096\\n\",\"source\":\"/proc/sys/kernel/pty/max\"},{\"key\":\"nr\",\"value\":\"1\\n\",\"source\":\"/proc/sys/kernel/pty/nr\"},{\"key\":\"reserve\",\"value\":\"1024\\n\",\"source\":\"/proc/sys/kernel/pty/reserve\"},{\"key\":\"boot_id\",\"value\":\"7fbec4c7-1230-422f-95ce-5528cd1c54c4\\n\",\"source\":\"/proc/sys/kernel/random/boot_id\"},{\"key\":\"entropy_avail\",\"value\":\"3794\\n\",\"source\":\"/proc/sys/kernel/random/entropy_avail\"},{\"key\":\"poolsize\",\"value\":\"4096\\n\",\"source\":\"/proc/sys/kernel/random/poolsize\"},{\"key\":\"read_wakeup_threshold\",\"value\":\"64\\n\",\"source\":\"/proc/sys/kernel/random/read_wakeup_threshold\"},{\"key\":\"urandom_min_reseed_secs\",\"value\":\"60\\n\",\"source\":\"/proc/sys/kernel/random/urandom_min_reseed_secs\"},{\"key\":\"uuid\",\"value\":\"2889254b-e006-4e53-86b0-3155dc2361b9\\n\",\"source\":\"/proc/sys/kernel/random/uuid\"},{\"key\":\"write_wakeup_threshold\",\"value\":\"896\\n\",\"source\":\"/proc/sys/kernel/random/write_wakeup_threshold\"},{\"key\":\"randomize_va_space\",\"value\":\"2\\n\",\"source\":\"/proc/sys/kernel/randomize_va_space\"},{\"key\":\"real-root-dev\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/real-root-dev\"},{\"key\":\"sched_cfs_bandwidth_slice_us\",\"value\":\"5000\\n\",\"source\":\"/proc/sys/kernel/sched_cfs_bandwidth_slice_us\"},{\"key\":\"sched_child_runs_first\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/sched_child_runs_first\"},{\"key\":\"sched_rr_timeslice_ms\",\"value\":\"100\\n\",\"source\":\"/proc/sys/kernel/sched_rr_timeslice_ms\"},{\"key\":\"sched_rt_period_us\",\"value\":\"1000000\\n\",\"source\":\"/proc/sys/kernel/sched_rt_period_us\"},{\"key\":\"sched_rt_runtime_us\",\"value\":\"950000\\n\",\"source\":\"/proc/sys/kernel/sched_rt_runtime_us\"},{\"key\":\"actions_avail\",\"value\":\"kill_process kill_thread trap errno trace log allow\\n\",\"source\":\"/proc/sys/kernel/seccomp/actions_avail\"},{\"key\":\"actions_logged\",\"value\":\"kill_process kill_thread trap errno trace log\\n\",\"source\":\"/proc/sys/kernel/seccomp/actions_logged\"},{\"key\":\"sem\",\"value\":\"32000\\t1024000000\\t500\\t32000\\n\",\"source\":\"/proc/sys/kernel/sem\"},{\"key\":\"sg-big-buff\",\"value\":\"32768\\n\",\"source\":\"/proc/sys/kernel/sg-big-buff\"},{\"key\":\"shm_rmid_forced\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/shm_rmid_forced\"},{\"key\":\"shmall\",\"value\":\"18446744073692774399\\n\",\"source\":\"/proc/sys/kernel/shmall\"},{\"key\":\"shmmax\",\"value\":\"18446744073692774399\\n\",\"source\":\"/proc/sys/kernel/shmmax\"},{\"key\":\"shmmni\",\"value\":\"4096\\n\",\"source\":\"/proc/sys/kernel/shmmni\"},{\"key\":\"sysctl_writes_strict\",\"value\":\"1\\n\",\"source\":\"/proc/sys/kernel/sysctl_writes_strict\"},{\"key\":\"sysrq\",\"value\":\"16\\n\",\"source\":\"/proc/sys/kernel/sysrq\"},{\"key\":\"tainted\",\"value\":\"4096\\n\",\"source\":\"/proc/sys/kernel/tainted\"},{\"key\":\"threads-max\",\"value\":\"62033\\n\",\"source\":\"/proc/sys/kernel/threads-max\"},{\"key\":\"timer_migration\",\"value\":\"1\\n\",\"source\":\"/proc/sys/kernel/timer_migration\"},{\"key\":\"traceoff_on_warning\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/traceoff_on_warning\"},{\"key\":\"tracepoint_printk\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/tracepoint_printk\"},{\"key\":\"unknown_nmi_panic\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/unknown_nmi_panic\"},{\"key\":\"unprivileged_bpf_disabled\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/unprivileged_bpf_disabled\"},{\"key\":\"bset\",\"value\":\"4294967295\\t63\\n\",\"source\":\"/proc/sys/kernel/usermodehelper/bset\"},{\"key\":\"inheritable\",\"value\":\"4294967295\\t63\\n\",\"source\":\"/proc/sys/kernel/usermodehelper/inheritable\"},{\"key\":\"version\",\"value\":\"#1 SMP Wed Oct 27 22:52:27 UTC 2021\\n\",\"source\":\"/proc/sys/kernel/version\"}]\n"), - {"http", "pod2", "7888", "/LinuxKernelVariables"}: []byte("[{\"key\":\"acct\",\"value\":\"4\\t2\\t30\\n\",\"source\":\"/proc/sys/kernel/acct\"},{\"key\":\"acpi_video_flags\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/acpi_video_flags\"},{\"key\":\"auto_msgmni\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/auto_msgmni\"},{\"key\":\"bootloader_type\",\"value\":\"48\\n\",\"source\":\"/proc/sys/kernel/bootloader_type\"},{\"key\":\"bootloader_version\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/bootloader_version\"},{\"key\":\"cad_pid\",\"value\":\"1\\n\",\"source\":\"/proc/sys/kernel/cad_pid\"},{\"key\":\"cap_last_cap\",\"value\":\"37\\n\",\"source\":\"/proc/sys/kernel/cap_last_cap\"},{\"key\":\"core_pattern\",\"value\":\"core\\n\",\"source\":\"/proc/sys/kernel/core_pattern\"},{\"key\":\"core_pipe_limit\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/core_pipe_limit\"},{\"key\":\"core_uses_pid\",\"value\":\"1\\n\",\"source\":\"/proc/sys/kernel/core_uses_pid\"},{\"key\":\"ctrl-alt-del\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/ctrl-alt-del\"},{\"key\":\"dmesg_restrict\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/dmesg_restrict\"},{\"key\":\"domainname\",\"value\":\"(none)\\n\",\"source\":\"/proc/sys/kernel/domainname\"},{\"key\":\"ftrace_dump_on_oops\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/ftrace_dump_on_oops\"},{\"key\":\"ftrace_enabled\",\"value\":\"1\\n\",\"source\":\"/proc/sys/kernel/ftrace_enabled\"},{\"key\":\"hostname\",\"value\":\"host-scanner-kwcqd\\n\",\"source\":\"/proc/sys/kernel/hostname\"},{\"key\":\"hotplug\",\"value\":\"/sbin/hotplug\\n\",\"source\":\"/proc/sys/kernel/hotplug\"},{\"key\":\"io_delay_type\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/io_delay_type\"},{\"key\":\"kexec_load_disabled\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/kexec_load_disabled\"},{\"key\":\"gc_delay\",\"value\":\"300\\n\",\"source\":\"/proc/sys/kernel/keys/gc_delay\"},{\"key\":\"maxbytes\",\"value\":\"20000\\n\",\"source\":\"/proc/sys/kernel/keys/maxbytes\"},{\"key\":\"maxkeys\",\"value\":\"200\\n\",\"source\":\"/proc/sys/kernel/keys/maxkeys\"},{\"key\":\"root_maxbytes\",\"value\":\"25000000\\n\",\"source\":\"/proc/sys/kernel/keys/root_maxbytes\"},{\"key\":\"root_maxkeys\",\"value\":\"1000000\\n\",\"source\":\"/proc/sys/kernel/keys/root_maxkeys\"},{\"key\":\"kptr_restrict\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/kptr_restrict\"},{\"key\":\"max_lock_depth\",\"value\":\"1024\\n\",\"source\":\"/proc/sys/kernel/max_lock_depth\"},{\"key\":\"modprobe\",\"value\":\"/sbin/modprobe\\n\",\"source\":\"/proc/sys/kernel/modprobe\"},{\"key\":\"modules_disabled\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/modules_disabled\"},{\"key\":\"msgmax\",\"value\":\"8192\\n\",\"source\":\"/proc/sys/kernel/msgmax\"},{\"key\":\"msgmnb\",\"value\":\"16384\\n\",\"source\":\"/proc/sys/kernel/msgmnb\"},{\"key\":\"msgmni\",\"value\":\"32000\\n\",\"source\":\"/proc/sys/kernel/msgmni\"},{\"key\":\"ngroups_max\",\"value\":\"65536\\n\",\"source\":\"/proc/sys/kernel/ngroups_max\"},{\"key\":\"osrelease\",\"value\":\"4.19.202\\n\",\"source\":\"/proc/sys/kernel/osrelease\"},{\"key\":\"ostype\",\"value\":\"Linux\\n\",\"source\":\"/proc/sys/kernel/ostype\"},{\"key\":\"overflowgid\",\"value\":\"65534\\n\",\"source\":\"/proc/sys/kernel/overflowgid\"},{\"key\":\"overflowuid\",\"value\":\"65534\\n\",\"source\":\"/proc/sys/kernel/overflowuid\"},{\"key\":\"panic\",\"value\":\"10\\n\",\"source\":\"/proc/sys/kernel/panic\"},{\"key\":\"panic_on_io_nmi\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/panic_on_io_nmi\"},{\"key\":\"panic_on_oops\",\"value\":\"1\\n\",\"source\":\"/proc/sys/kernel/panic_on_oops\"},{\"key\":\"panic_on_rcu_stall\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/panic_on_rcu_stall\"},{\"key\":\"panic_on_stackoverflow\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/panic_on_stackoverflow\"},{\"key\":\"panic_on_unrecovered_nmi\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/panic_on_unrecovered_nmi\"},{\"key\":\"panic_on_warn\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/panic_on_warn\"},{\"key\":\"perf_cpu_time_max_percent\",\"value\":\"25\\n\",\"source\":\"/proc/sys/kernel/perf_cpu_time_max_percent\"},{\"key\":\"perf_event_max_contexts_per_stack\",\"value\":\"8\\n\",\"source\":\"/proc/sys/kernel/perf_event_max_contexts_per_stack\"},{\"key\":\"perf_event_max_sample_rate\",\"value\":\"100000\\n\",\"source\":\"/proc/sys/kernel/perf_event_max_sample_rate\"},{\"key\":\"perf_event_max_stack\",\"value\":\"127\\n\",\"source\":\"/proc/sys/kernel/perf_event_max_stack\"},{\"key\":\"perf_event_mlock_kb\",\"value\":\"516\\n\",\"source\":\"/proc/sys/kernel/perf_event_mlock_kb\"},{\"key\":\"perf_event_paranoid\",\"value\":\"2\\n\",\"source\":\"/proc/sys/kernel/perf_event_paranoid\"},{\"key\":\"pid_max\",\"value\":\"4194304\\n\",\"source\":\"/proc/sys/kernel/pid_max\"},{\"key\":\"poweroff_cmd\",\"value\":\"/sbin/poweroff\\n\",\"source\":\"/proc/sys/kernel/poweroff_cmd\"},{\"key\":\"print-fatal-signals\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/print-fatal-signals\"},{\"key\":\"printk\",\"value\":\"3\\t4\\t1\\t7\\n\",\"source\":\"/proc/sys/kernel/printk\"},{\"key\":\"printk_delay\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/printk_delay\"},{\"key\":\"printk_devkmsg\",\"value\":\"on\\n\",\"source\":\"/proc/sys/kernel/printk_devkmsg\"},{\"key\":\"printk_ratelimit\",\"value\":\"5\\n\",\"source\":\"/proc/sys/kernel/printk_ratelimit\"},{\"key\":\"printk_ratelimit_burst\",\"value\":\"10\\n\",\"source\":\"/proc/sys/kernel/printk_ratelimit_burst\"},{\"key\":\"max\",\"value\":\"4096\\n\",\"source\":\"/proc/sys/kernel/pty/max\"},{\"key\":\"nr\",\"value\":\"1\\n\",\"source\":\"/proc/sys/kernel/pty/nr\"},{\"key\":\"reserve\",\"value\":\"1024\\n\",\"source\":\"/proc/sys/kernel/pty/reserve\"},{\"key\":\"boot_id\",\"value\":\"7fbec4c7-1230-422f-95ce-5528cd1c54c4\\n\",\"source\":\"/proc/sys/kernel/random/boot_id\"},{\"key\":\"entropy_avail\",\"value\":\"3794\\n\",\"source\":\"/proc/sys/kernel/random/entropy_avail\"},{\"key\":\"poolsize\",\"value\":\"4096\\n\",\"source\":\"/proc/sys/kernel/random/poolsize\"},{\"key\":\"read_wakeup_threshold\",\"value\":\"64\\n\",\"source\":\"/proc/sys/kernel/random/read_wakeup_threshold\"},{\"key\":\"urandom_min_reseed_secs\",\"value\":\"60\\n\",\"source\":\"/proc/sys/kernel/random/urandom_min_reseed_secs\"},{\"key\":\"uuid\",\"value\":\"2889254b-e006-4e53-86b0-3155dc2361b9\\n\",\"source\":\"/proc/sys/kernel/random/uuid\"},{\"key\":\"write_wakeup_threshold\",\"value\":\"896\\n\",\"source\":\"/proc/sys/kernel/random/write_wakeup_threshold\"},{\"key\":\"randomize_va_space\",\"value\":\"2\\n\",\"source\":\"/proc/sys/kernel/randomize_va_space\"},{\"key\":\"real-root-dev\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/real-root-dev\"},{\"key\":\"sched_cfs_bandwidth_slice_us\",\"value\":\"5000\\n\",\"source\":\"/proc/sys/kernel/sched_cfs_bandwidth_slice_us\"},{\"key\":\"sched_child_runs_first\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/sched_child_runs_first\"},{\"key\":\"sched_rr_timeslice_ms\",\"value\":\"100\\n\",\"source\":\"/proc/sys/kernel/sched_rr_timeslice_ms\"},{\"key\":\"sched_rt_period_us\",\"value\":\"1000000\\n\",\"source\":\"/proc/sys/kernel/sched_rt_period_us\"},{\"key\":\"sched_rt_runtime_us\",\"value\":\"950000\\n\",\"source\":\"/proc/sys/kernel/sched_rt_runtime_us\"},{\"key\":\"actions_avail\",\"value\":\"kill_process kill_thread trap errno trace log allow\\n\",\"source\":\"/proc/sys/kernel/seccomp/actions_avail\"},{\"key\":\"actions_logged\",\"value\":\"kill_process kill_thread trap errno trace log\\n\",\"source\":\"/proc/sys/kernel/seccomp/actions_logged\"},{\"key\":\"sem\",\"value\":\"32000\\t1024000000\\t500\\t32000\\n\",\"source\":\"/proc/sys/kernel/sem\"},{\"key\":\"sg-big-buff\",\"value\":\"32768\\n\",\"source\":\"/proc/sys/kernel/sg-big-buff\"},{\"key\":\"shm_rmid_forced\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/shm_rmid_forced\"},{\"key\":\"shmall\",\"value\":\"18446744073692774399\\n\",\"source\":\"/proc/sys/kernel/shmall\"},{\"key\":\"shmmax\",\"value\":\"18446744073692774399\\n\",\"source\":\"/proc/sys/kernel/shmmax\"},{\"key\":\"shmmni\",\"value\":\"4096\\n\",\"source\":\"/proc/sys/kernel/shmmni\"},{\"key\":\"sysctl_writes_strict\",\"value\":\"1\\n\",\"source\":\"/proc/sys/kernel/sysctl_writes_strict\"},{\"key\":\"sysrq\",\"value\":\"16\\n\",\"source\":\"/proc/sys/kernel/sysrq\"},{\"key\":\"tainted\",\"value\":\"4096\\n\",\"source\":\"/proc/sys/kernel/tainted\"},{\"key\":\"threads-max\",\"value\":\"62033\\n\",\"source\":\"/proc/sys/kernel/threads-max\"},{\"key\":\"timer_migration\",\"value\":\"1\\n\",\"source\":\"/proc/sys/kernel/timer_migration\"},{\"key\":\"traceoff_on_warning\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/traceoff_on_warning\"},{\"key\":\"tracepoint_printk\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/tracepoint_printk\"},{\"key\":\"unknown_nmi_panic\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/unknown_nmi_panic\"},{\"key\":\"unprivileged_bpf_disabled\",\"value\":\"0\\n\",\"source\":\"/proc/sys/kernel/unprivileged_bpf_disabled\"},{\"key\":\"bset\",\"value\":\"4294967295\\t63\\n\",\"source\":\"/proc/sys/kernel/usermodehelper/bset\"},{\"key\":\"inheritable\",\"value\":\"4294967295\\t63\\n\",\"source\":\"/proc/sys/kernel/usermodehelper/inheritable\"},{\"key\":\"version\",\"value\":\"#1 SMP Wed Oct 27 22:52:27 UTC 2021\\n\",\"source\":\"/proc/sys/kernel/version\"}]\n"), - {"http", "pod1", "7888", "/kubeletInfo"}: []byte("{\"serviceFiles\":[{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf\",\"permissions\":420}],\"configFile\":{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/var/lib/kubelet/config.yaml\",\"content\":\"YXBpVmVyc2lvbjoga3ViZWxldC5jb25maWcuazhzLmlvL3YxYmV0YTEKYXV0aGVudGljYXRpb246CiAgYW5vbnltb3VzOgogICAgZW5hYmxlZDogZmFsc2UKICB3ZWJob29rOgogICAgY2FjaGVUVEw6IDBzCiAgICBlbmFibGVkOiB0cnVlCiAgeDUwOToKICAgIGNsaWVudENBRmlsZTogL3Zhci9saWIvbWluaWt1YmUvY2VydHMvY2EuY3J0CmF1dGhvcml6YXRpb246CiAgbW9kZTogV2ViaG9vawogIHdlYmhvb2s6CiAgICBjYWNoZUF1dGhvcml6ZWRUVEw6IDBzCiAgICBjYWNoZVVuYXV0aG9yaXplZFRUTDogMHMKY2dyb3VwRHJpdmVyOiBzeXN0ZW1kCmNsdXN0ZXJETlM6Ci0gMTAuOTYuMC4xMApjbHVzdGVyRG9tYWluOiBjbHVzdGVyLmxvY2FsCmNwdU1hbmFnZXJSZWNvbmNpbGVQZXJpb2Q6IDBzCmV2aWN0aW9uSGFyZDoKICBpbWFnZWZzLmF2YWlsYWJsZTogMCUKICBub2RlZnMuYXZhaWxhYmxlOiAwJQogIG5vZGVmcy5pbm9kZXNGcmVlOiAwJQpldmljdGlvblByZXNzdXJlVHJhbnNpdGlvblBlcmlvZDogMHMKZmFpbFN3YXBPbjogZmFsc2UKZmlsZUNoZWNrRnJlcXVlbmN5OiAwcwpoZWFsdGh6QmluZEFkZHJlc3M6IDEyNy4wLjAuMQpoZWFsdGh6UG9ydDogMTAyNDgKaHR0cENoZWNrRnJlcXVlbmN5OiAwcwppbWFnZUdDSGlnaFRocmVzaG9sZFBlcmNlbnQ6IDEwMAppbWFnZU1pbmltdW1HQ0FnZTogMHMKa2luZDogS3ViZWxldENvbmZpZ3VyYXRpb24KbG9nZ2luZzoge30KbWVtb3J5U3dhcDoge30Kbm9kZVN0YXR1c1JlcG9ydEZyZXF1ZW5jeTogMHMKbm9kZVN0YXR1c1VwZGF0ZUZyZXF1ZW5jeTogMHMKcmVzb2x2Q29uZjogL3J1bi9zeXN0ZW1kL3Jlc29sdmUvcmVzb2x2LmNvbmYKcm90YXRlQ2VydGlmaWNhdGVzOiB0cnVlCnJ1bnRpbWVSZXF1ZXN0VGltZW91dDogMHMKc2h1dGRvd25HcmFjZVBlcmlvZDogMHMKc2h1dGRvd25HcmFjZVBlcmlvZENyaXRpY2FsUG9kczogMHMKc3RhdGljUG9kUGF0aDogL2V0Yy9rdWJlcm5ldGVzL21hbmlmZXN0cwpzdHJlYW1pbmdDb25uZWN0aW9uSWRsZVRpbWVvdXQ6IDBzCnN5bmNGcmVxdWVuY3k6IDBzCnZvbHVtZVN0YXRzQWdnUGVyaW9kOiAwcwo=\",\"permissions\":420},\"kubeConfigFile\":{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/etc/kubernetes/kubelet.conf\",\"content\":\"YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIGNlcnRpZmljYXRlLWF1dGhvcml0eS1kYXRhOiBMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VSQ2FrTkRRV1UyWjBGM1NVSkJaMGxDUVZSQlRrSm5hM0ZvYTJsSE9YY3dRa0ZSYzBaQlJFRldUVkpOZDBWUldVUldVVkZFUlhkd2RHRlhOWEFLWVROV2FWcFZUa0pOUWpSWVJGUkplRTFFVFhsT2VrVXhUa1JSZUU1c2IxaEVWRTE0VFVSTmVVNXFSVEZPUkZGNFRteHZkMFpVUlZSTlFrVkhRVEZWUlFwQmVFMUxZbGRzZFdGWGRERlpiVlpFVVZSRFEwRlRTWGRFVVZsS1MyOWFTV2gyWTA1QlVVVkNRbEZCUkdkblJWQkJSRU5EUVZGdlEyZG5SVUpCVEZWSUNuVkNjamtyTWpJNGVGWldhVFZETUdoSFRHeFVlbE5EYXpjemJXOXNkbEZ1WXpGV1lpdHFNRmxtZUVjcmMwdDRXRFZvWVhGRFlVVlRObTVpU1ZaSWJsZ0tSVEI2Y0U5V2QybFdTR1JDUnpRNWNqVlNVQzlPVmpFclVVbG9lRkpPTlN0SE5raHJWbVpJVDFCcVJEZE5iVWRZYldSeGNWUnhXbU16ZG5JeVJYRk9Rd3B6VTFSTmJqYzVaR014TWs1RFRuTkVSM1l5ZUZKWFZuSmlkazlwTTNobmQzSXhiWGQyZDBoUGQyWnBXRGRLV1M5R2VFdHFkVGhYYmpFd1lrb3dVRk12Q25JeVJtdDNWRU5aUjJKQ1ZFNXdRblp1U25ka1lTdDZaWEJ4Y213MWEwaFVSemswVVRSbGRtNDRkRk4yZDBkeGQwaEthMHR2ZHpCM1FYRnlhV1ZPV1c0S2RFWTJZVFJtUzJOb1RpODRaRzF6Tmk5a2VsVmFUbWxhVFdObVNHWnRNekIxUW5jMGNUUkJVekI1ZFdsM1JHSnFRVVIzV1VRclRVeFdZbWwxU20xQldncEhkMVkxU0ZaeE9ISnFhMVZFVjNZcmVHUXdRMEYzUlVGQllVNW9UVVk0ZDBSbldVUldVakJRUVZGSUwwSkJVVVJCWjB0clRVSXdSMEV4VldSS1VWRlhDazFDVVVkRFEzTkhRVkZWUmtKM1RVTkNaMmR5UW1kRlJrSlJZMFJCVkVGUVFtZE9Wa2hTVFVKQlpqaEZRbFJCUkVGUlNDOU5RakJIUVRGVlpFUm5VVmNLUWtKU2JqWjBSemdyYUUxb2EwWnViSEZvUjIxb05EaHFlbkZHV2tkNlFVNUNaMnR4YUd0cFJ6bDNNRUpCVVhOR1FVRlBRMEZSUlVGcFV6WXpSbmR1UmdwYVFXbEJOM1paUVVGSWFHbzRWMHRJYzJwbVMxRkdhWHBRTlV4d2VXZFhlWE01VUVkTE9YbFVNMjlQVEdoT1lrRndjblpLUkhaREwweFVNakJwVkdzM0NtdDNTVlZxU1dsNU5XNW1VMEY1U1d4a1lXZENiRFYwWmpCdWEyVlZXVnBETjB3dldWZG1WazFqZDNjMWFsUkhlRWRVTjJaNlNsSmxkVXBTVXpCV2VHa0tjbk0xWmpCWU5GTm5UWEJMYzBzNVNIaEJabXBtVVhaMEwyWjJNRUk1U0RSSVExWnFlR0ZJUjBwWlQxQkRLMjFHVWtOTlJrdHNTSFF2VFVsR1RHaG9jd29yUWxadkszaE9WbHB4U2xGVmNWQm1PRzByTlUxVU55dGxOekZqWkRGc1dtazRTRXRzVldvelZuQXlNekJpUW0xVkwyOVBORlZaWlRaYWVrUm9Oa0ZHQ21oSFVrVkNjSGt2YW1Gb2ExaFRNa3M1TVcxNVV6SnZTVWRsYW1Wc1NsZEVla05GV0dKTlQyaHZPVkJxWkU5amRWTlRNR3A1U1RadVQyMUNjWFJ6TDJNS2RITlNlSEEwTDNVMFpsbGpiMUU5UFFvdExTMHRMVVZPUkNCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2c9PQogICAgc2VydmVyOiBodHRwczovL2NvbnRyb2wtcGxhbmUubWluaWt1YmUuaW50ZXJuYWw6ODQ0MwogIG5hbWU6IG1rCmNvbnRleHRzOgotIGNvbnRleHQ6CiAgICBjbHVzdGVyOiBtawogICAgdXNlcjogc3lzdGVtOm5vZGU6bWluaWt1YmUKICBuYW1lOiBzeXN0ZW06bm9kZTptaW5pa3ViZUBtawpjdXJyZW50LWNvbnRleHQ6IHN5c3RlbTpub2RlOm1pbmlrdWJlQG1rCmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogc3lzdGVtOm5vZGU6bWluaWt1YmUKICB1c2VyOgogICAgY2xpZW50LWNlcnRpZmljYXRlOiAvdmFyL2xpYi9rdWJlbGV0L3BraS9rdWJlbGV0LWNsaWVudC1jdXJyZW50LnBlbQogICAgY2xpZW50LWtleTogL3Zhci9saWIva3ViZWxldC9wa2kva3ViZWxldC1jbGllbnQtY3VycmVudC5wZW0K\",\"permissions\":384},\"clientCAFile\":{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/var/lib/minikube/certs/ca.crt\",\"permissions\":420},\"cmdLine\":\"/var/lib/minikube/binaries/v1.22.3/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --config=/var/lib/kubelet/config.yaml --container-runtime=docker --hostname-override=minikube --kubeconfig=/etc/kubernetes/kubelet.conf --node-ip=192.168.59.101 \"}\n"), - {"http", "pod2", "7888", "/kubeletInfo"}: []byte("{\"serviceFiles\":[{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/etc/systemd/system/kubelet.service.d/10-kubeadm.conf\",\"permissions\":420}],\"configFile\":{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/var/lib/kubelet/config.yaml\",\"content\":\"YXBpVmVyc2lvbjoga3ViZWxldC5jb25maWcuazhzLmlvL3YxYmV0YTEKYXV0aGVudGljYXRpb246CiAgYW5vbnltb3VzOgogICAgZW5hYmxlZDogZmFsc2UKICB3ZWJob29rOgogICAgY2FjaGVUVEw6IDBzCiAgICBlbmFibGVkOiB0cnVlCiAgeDUwOToKICAgIGNsaWVudENBRmlsZTogL3Zhci9saWIvbWluaWt1YmUvY2VydHMvY2EuY3J0CmF1dGhvcml6YXRpb246CiAgbW9kZTogV2ViaG9vawogIHdlYmhvb2s6CiAgICBjYWNoZUF1dGhvcml6ZWRUVEw6IDBzCiAgICBjYWNoZVVuYXV0aG9yaXplZFRUTDogMHMKY2dyb3VwRHJpdmVyOiBzeXN0ZW1kCmNsdXN0ZXJETlM6Ci0gMTAuOTYuMC4xMApjbHVzdGVyRG9tYWluOiBjbHVzdGVyLmxvY2FsCmNwdU1hbmFnZXJSZWNvbmNpbGVQZXJpb2Q6IDBzCmV2aWN0aW9uSGFyZDoKICBpbWFnZWZzLmF2YWlsYWJsZTogMCUKICBub2RlZnMuYXZhaWxhYmxlOiAwJQogIG5vZGVmcy5pbm9kZXNGcmVlOiAwJQpldmljdGlvblByZXNzdXJlVHJhbnNpdGlvblBlcmlvZDogMHMKZmFpbFN3YXBPbjogZmFsc2UKZmlsZUNoZWNrRnJlcXVlbmN5OiAwcwpoZWFsdGh6QmluZEFkZHJlc3M6IDEyNy4wLjAuMQpoZWFsdGh6UG9ydDogMTAyNDgKaHR0cENoZWNrRnJlcXVlbmN5OiAwcwppbWFnZUdDSGlnaFRocmVzaG9sZFBlcmNlbnQ6IDEwMAppbWFnZU1pbmltdW1HQ0FnZTogMHMKa2luZDogS3ViZWxldENvbmZpZ3VyYXRpb24KbG9nZ2luZzoge30KbWVtb3J5U3dhcDoge30Kbm9kZVN0YXR1c1JlcG9ydEZyZXF1ZW5jeTogMHMKbm9kZVN0YXR1c1VwZGF0ZUZyZXF1ZW5jeTogMHMKcmVzb2x2Q29uZjogL3J1bi9zeXN0ZW1kL3Jlc29sdmUvcmVzb2x2LmNvbmYKcm90YXRlQ2VydGlmaWNhdGVzOiB0cnVlCnJ1bnRpbWVSZXF1ZXN0VGltZW91dDogMHMKc2h1dGRvd25HcmFjZVBlcmlvZDogMHMKc2h1dGRvd25HcmFjZVBlcmlvZENyaXRpY2FsUG9kczogMHMKc3RhdGljUG9kUGF0aDogL2V0Yy9rdWJlcm5ldGVzL21hbmlmZXN0cwpzdHJlYW1pbmdDb25uZWN0aW9uSWRsZVRpbWVvdXQ6IDBzCnN5bmNGcmVxdWVuY3k6IDBzCnZvbHVtZVN0YXRzQWdnUGVyaW9kOiAwcwo=\",\"permissions\":420},\"kubeConfigFile\":{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/etc/kubernetes/kubelet.conf\",\"content\":\"YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIGNlcnRpZmljYXRlLWF1dGhvcml0eS1kYXRhOiBMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VSQ2FrTkRRV1UyWjBGM1NVSkJaMGxDUVZSQlRrSm5hM0ZvYTJsSE9YY3dRa0ZSYzBaQlJFRldUVkpOZDBWUldVUldVVkZFUlhkd2RHRlhOWEFLWVROV2FWcFZUa0pOUWpSWVJGUkplRTFFVFhsT2VrVXhUa1JSZUU1c2IxaEVWRTE0VFVSTmVVNXFSVEZPUkZGNFRteHZkMFpVUlZSTlFrVkhRVEZWUlFwQmVFMUxZbGRzZFdGWGRERlpiVlpFVVZSRFEwRlRTWGRFVVZsS1MyOWFTV2gyWTA1QlVVVkNRbEZCUkdkblJWQkJSRU5EUVZGdlEyZG5SVUpCVEZWSUNuVkNjamtyTWpJNGVGWldhVFZETUdoSFRHeFVlbE5EYXpjemJXOXNkbEZ1WXpGV1lpdHFNRmxtZUVjcmMwdDRXRFZvWVhGRFlVVlRObTVpU1ZaSWJsZ0tSVEI2Y0U5V2QybFdTR1JDUnpRNWNqVlNVQzlPVmpFclVVbG9lRkpPTlN0SE5raHJWbVpJVDFCcVJEZE5iVWRZYldSeGNWUnhXbU16ZG5JeVJYRk9Rd3B6VTFSTmJqYzVaR014TWs1RFRuTkVSM1l5ZUZKWFZuSmlkazlwTTNobmQzSXhiWGQyZDBoUGQyWnBXRGRLV1M5R2VFdHFkVGhYYmpFd1lrb3dVRk12Q25JeVJtdDNWRU5aUjJKQ1ZFNXdRblp1U25ka1lTdDZaWEJ4Y213MWEwaFVSemswVVRSbGRtNDRkRk4yZDBkeGQwaEthMHR2ZHpCM1FYRnlhV1ZPV1c0S2RFWTJZVFJtUzJOb1RpODRaRzF6Tmk5a2VsVmFUbWxhVFdObVNHWnRNekIxUW5jMGNUUkJVekI1ZFdsM1JHSnFRVVIzV1VRclRVeFdZbWwxU20xQldncEhkMVkxU0ZaeE9ISnFhMVZFVjNZcmVHUXdRMEYzUlVGQllVNW9UVVk0ZDBSbldVUldVakJRUVZGSUwwSkJVVVJCWjB0clRVSXdSMEV4VldSS1VWRlhDazFDVVVkRFEzTkhRVkZWUmtKM1RVTkNaMmR5UW1kRlJrSlJZMFJCVkVGUVFtZE9Wa2hTVFVKQlpqaEZRbFJCUkVGUlNDOU5RakJIUVRGVlpFUm5VVmNLUWtKU2JqWjBSemdyYUUxb2EwWnViSEZvUjIxb05EaHFlbkZHV2tkNlFVNUNaMnR4YUd0cFJ6bDNNRUpCVVhOR1FVRlBRMEZSUlVGcFV6WXpSbmR1UmdwYVFXbEJOM1paUVVGSWFHbzRWMHRJYzJwbVMxRkdhWHBRTlV4d2VXZFhlWE01VUVkTE9YbFVNMjlQVEdoT1lrRndjblpLUkhaREwweFVNakJwVkdzM0NtdDNTVlZxU1dsNU5XNW1VMEY1U1d4a1lXZENiRFYwWmpCdWEyVlZXVnBETjB3dldWZG1WazFqZDNjMWFsUkhlRWRVTjJaNlNsSmxkVXBTVXpCV2VHa0tjbk0xWmpCWU5GTm5UWEJMYzBzNVNIaEJabXBtVVhaMEwyWjJNRUk1U0RSSVExWnFlR0ZJUjBwWlQxQkRLMjFHVWtOTlJrdHNTSFF2VFVsR1RHaG9jd29yUWxadkszaE9WbHB4U2xGVmNWQm1PRzByTlUxVU55dGxOekZqWkRGc1dtazRTRXRzVldvelZuQXlNekJpUW0xVkwyOVBORlZaWlRaYWVrUm9Oa0ZHQ21oSFVrVkNjSGt2YW1Gb2ExaFRNa3M1TVcxNVV6SnZTVWRsYW1Wc1NsZEVla05GV0dKTlQyaHZPVkJxWkU5amRWTlRNR3A1U1RadVQyMUNjWFJ6TDJNS2RITlNlSEEwTDNVMFpsbGpiMUU5UFFvdExTMHRMVVZPUkNCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2c9PQogICAgc2VydmVyOiBodHRwczovL2NvbnRyb2wtcGxhbmUubWluaWt1YmUuaW50ZXJuYWw6ODQ0MwogIG5hbWU6IG1rCmNvbnRleHRzOgotIGNvbnRleHQ6CiAgICBjbHVzdGVyOiBtawogICAgdXNlcjogc3lzdGVtOm5vZGU6bWluaWt1YmUKICBuYW1lOiBzeXN0ZW06bm9kZTptaW5pa3ViZUBtawpjdXJyZW50LWNvbnRleHQ6IHN5c3RlbTpub2RlOm1pbmlrdWJlQG1rCmtpbmQ6IENvbmZpZwpwcmVmZXJlbmNlczoge30KdXNlcnM6Ci0gbmFtZTogc3lzdGVtOm5vZGU6bWluaWt1YmUKICB1c2VyOgogICAgY2xpZW50LWNlcnRpZmljYXRlOiAvdmFyL2xpYi9rdWJlbGV0L3BraS9rdWJlbGV0LWNsaWVudC1jdXJyZW50LnBlbQogICAgY2xpZW50LWtleTogL3Zhci9saWIva3ViZWxldC9wa2kva3ViZWxldC1jbGllbnQtY3VycmVudC5wZW0K\",\"permissions\":384},\"clientCAFile\":{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/var/lib/minikube/certs/ca.crt\",\"permissions\":420},\"cmdLine\":\"/var/lib/minikube/binaries/v1.22.3/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --config=/var/lib/kubelet/config.yaml --container-runtime=docker --hostname-override=minikube --kubeconfig=/etc/kubernetes/kubelet.conf --node-ip=192.168.59.101 \"}\n"), - {"http", "pod1", "7888", "/kubeProxyInfo"}: []byte("{\"cmdLine\":\"/usr/local/bin/kube-proxy --config=/var/lib/kube-proxy/config.conf --hostname-override=minikube \"}\n"), - {"http", "pod2", "7888", "/kubeProxyInfo"}: []byte("{\"cmdLine\":\"/usr/local/bin/kube-proxy --config=/var/lib/kube-proxy/config.conf --hostname-override=minikube \"}\n"), - {"http", "pod1", "7888", "/cloudProviderInfo"}: []byte("{\"providerID\": \"foo\"}\n"), - {"http", "pod2", "7888", "/cloudProviderInfo"}: []byte("{\"providerID\": \"foo\"}\n"), - {"http", "pod1", "7888", "/controlPlaneInfo"}: []byte("{\"APIServerInfo\":{\"specsFile\":{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/etc/kubernetes/manifests/kube-apiserver.yaml\",\"permissions\":384},\"cmdLine\":\"kube-apiserver --advertise-address=192.168.59.101 --allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/var/lib/minikube/certs/ca.crt --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota --enable-bootstrap-token-auth=true --etcd-cafile=/var/lib/minikube/certs/etcd/ca.crt --etcd-certfile=/var/lib/minikube/certs/apiserver-etcd-client.crt --etcd-keyfile=/var/lib/minikube/certs/apiserver-etcd-client.key --etcd-servers=https://127.0.0.1:2379 --kubelet-client-certificate=/var/lib/minikube/certs/apiserver-kubelet-client.crt --kubelet-client-key=/var/lib/minikube/certs/apiserver-kubelet-client.key --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --proxy-client-cert-file=/var/lib/minikube/certs/front-proxy-client.crt --proxy-client-key-file=/var/lib/minikube/certs/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/var/lib/minikube/certs/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=8443 --service-account-issuer=https://kubernetes.default.svc.cluster.local --service-account-key-file=/var/lib/minikube/certs/sa.pub --service-account-signing-key-file=/var/lib/minikube/certs/sa.key --service-cluster-ip-range=10.96.0.0/12 --tls-cert-file=/var/lib/minikube/certs/apiserver.crt --tls-private-key-file=/var/lib/minikube/certs/apiserver.key \"},\"controllerManagerInfo\":{\"specsFile\":{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/etc/kubernetes/manifests/kube-controller-manager.yaml\",\"permissions\":384},\"configFile\":{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/etc/kubernetes/controller-manager.conf\",\"permissions\":384},\"cmdLine\":\"kube-controller-manager --allocate-node-cidrs=true --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf --bind-address=127.0.0.1 --client-ca-file=/var/lib/minikube/certs/ca.crt --cluster-cidr=10.244.0.0/16 --cluster-name=mk --cluster-signing-cert-file=/var/lib/minikube/certs/ca.crt --cluster-signing-key-file=/var/lib/minikube/certs/ca.key --controllers=*,bootstrapsigner,tokencleaner --kubeconfig=/etc/kubernetes/controller-manager.conf --leader-elect=false --port=0 --requestheader-client-ca-file=/var/lib/minikube/certs/front-proxy-ca.crt --root-ca-file=/var/lib/minikube/certs/ca.crt --service-account-private-key-file=/var/lib/minikube/certs/sa.key --service-cluster-ip-range=10.96.0.0/12 --use-service-account-credentials=true \"},\"schedulerInfo\":{\"specsFile\":{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/etc/kubernetes/manifests/kube-scheduler.yaml\",\"permissions\":384},\"configFile\":{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/etc/kubernetes/scheduler.conf\",\"permissions\":384},\"cmdLine\":\"kube-scheduler --authentication-kubeconfig=/etc/kubernetes/scheduler.conf --authorization-kubeconfig=/etc/kubernetes/scheduler.conf --bind-address=127.0.0.1 --kubeconfig=/etc/kubernetes/scheduler.conf --leader-elect=false --port=0 \"},\"etcdConfigFile\":{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/etc/kubernetes/manifests/etcd.yaml\",\"permissions\":384},\"etcdDataDir\":{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/var/lib/minikube/etcd\",\"permissions\":448},\"adminConfigFile\":{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/etc/kubernetes/admin.conf\",\"permissions\":384}}\n"), - {"http", "pod2", "7888", "/controlPlaneInfo"}: []byte("{\"APIServerInfo\":{\"specsFile\":{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/etc/kubernetes/manifests/kube-apiserver.yaml\",\"permissions\":384},\"cmdLine\":\"kube-apiserver --advertise-address=192.168.59.101 --allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/var/lib/minikube/certs/ca.crt --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota --enable-bootstrap-token-auth=true --etcd-cafile=/var/lib/minikube/certs/etcd/ca.crt --etcd-certfile=/var/lib/minikube/certs/apiserver-etcd-client.crt --etcd-keyfile=/var/lib/minikube/certs/apiserver-etcd-client.key --etcd-servers=https://127.0.0.1:2379 --kubelet-client-certificate=/var/lib/minikube/certs/apiserver-kubelet-client.crt --kubelet-client-key=/var/lib/minikube/certs/apiserver-kubelet-client.key --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --proxy-client-cert-file=/var/lib/minikube/certs/front-proxy-client.crt --proxy-client-key-file=/var/lib/minikube/certs/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/var/lib/minikube/certs/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=8443 --service-account-issuer=https://kubernetes.default.svc.cluster.local --service-account-key-file=/var/lib/minikube/certs/sa.pub --service-account-signing-key-file=/var/lib/minikube/certs/sa.key --service-cluster-ip-range=10.96.0.0/12 --tls-cert-file=/var/lib/minikube/certs/apiserver.crt --tls-private-key-file=/var/lib/minikube/certs/apiserver.key \"},\"controllerManagerInfo\":{\"specsFile\":{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/etc/kubernetes/manifests/kube-controller-manager.yaml\",\"permissions\":384},\"configFile\":{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/etc/kubernetes/controller-manager.conf\",\"permissions\":384},\"cmdLine\":\"kube-controller-manager --allocate-node-cidrs=true --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf --bind-address=127.0.0.1 --client-ca-file=/var/lib/minikube/certs/ca.crt --cluster-cidr=10.244.0.0/16 --cluster-name=mk --cluster-signing-cert-file=/var/lib/minikube/certs/ca.crt --cluster-signing-key-file=/var/lib/minikube/certs/ca.key --controllers=*,bootstrapsigner,tokencleaner --kubeconfig=/etc/kubernetes/controller-manager.conf --leader-elect=false --port=0 --requestheader-client-ca-file=/var/lib/minikube/certs/front-proxy-ca.crt --root-ca-file=/var/lib/minikube/certs/ca.crt --service-account-private-key-file=/var/lib/minikube/certs/sa.key --service-cluster-ip-range=10.96.0.0/12 --use-service-account-credentials=true \"},\"schedulerInfo\":{\"specsFile\":{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/etc/kubernetes/manifests/kube-scheduler.yaml\",\"permissions\":384},\"configFile\":{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/etc/kubernetes/scheduler.conf\",\"permissions\":384},\"cmdLine\":\"kube-scheduler --authentication-kubeconfig=/etc/kubernetes/scheduler.conf --authorization-kubeconfig=/etc/kubernetes/scheduler.conf --bind-address=127.0.0.1 --kubeconfig=/etc/kubernetes/scheduler.conf --leader-elect=false --port=0 \"},\"etcdConfigFile\":{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/etc/kubernetes/manifests/etcd.yaml\",\"permissions\":384},\"etcdDataDir\":{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/var/lib/minikube/etcd\",\"permissions\":448},\"adminConfigFile\":{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/etc/kubernetes/admin.conf\",\"permissions\":384}}\n"), - {"http", "pod1", "7888", "/CNIInfo"}: []byte("{\"CNIConfigFiles\":[{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/etc/cni/net.d\",\"permissions\":493},{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/etc/cni/net.d/.keep\",\"permissions\":420},{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/etc/cni/net.d/87-podman-bridge.conflist\",\"permissions\":420}]}\n"), - {"http", "pod2", "7888", "/CNIInfo"}: []byte("{\"CNIConfigFiles\":[{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/etc/cni/net.d\",\"permissions\":493},{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/etc/cni/net.d/.keep\",\"permissions\":420},{\"ownership\":{\"uid\":0,\"gid\":0,\"username\":\"root\",\"groupname\":\"root\"},\"path\":\"/etc/cni/net.d/87-podman-bridge.conflist\",\"permissions\":420}]}\n"), - } -} diff --git a/core/pkg/hostsensorutils/logging_messages.go b/core/pkg/hostsensorutils/logging_messages.go deleted file mode 100644 index dd3f0a1a..00000000 --- a/core/pkg/hostsensorutils/logging_messages.go +++ /dev/null @@ -1,10 +0,0 @@ -package hostsensorutils - -// messages used for warnings -var ( - failedToGetData = "failed to get data" - failedToTeardownNamespace = "failed to teardown Namespace" - oneHostSensorPodIsUnabledToSchedule = "One host-sensor pod is unable to schedule on node. We will fail to collect the data from this node" - failedToWatchOverDaemonSetPods = "failed to watch over DaemonSet pods" - failedToValidateHostSensorPodStatus = "failed to validate host-scanner pods status" -) diff --git a/core/pkg/opaprocessor/processorhandler.go b/core/pkg/opaprocessor/processorhandler.go index 4ded494f..fe28a0a6 100644 --- a/core/pkg/opaprocessor/processorhandler.go +++ b/core/pkg/opaprocessor/processorhandler.go @@ -63,12 +63,12 @@ func NewOPAProcessor(sessionObj *cautils.OPASessionObj, regoDependenciesData *re func (opap *OPAProcessor) ProcessRulesListener(ctx context.Context, progressListener IJobProgressNotificationClient) error { scanningScope := cautils.GetScanningScope(opap.Metadata.ContextMetadata) - opap.OPASessionObj.AllPolicies = convertFrameworksToPolicies(opap.Policies, opap.ExcludedRules, scanningScope) + opap.AllPolicies = convertFrameworksToPolicies(opap.Policies, opap.ExcludedRules, scanningScope) - ConvertFrameworksToSummaryDetails(&opap.Report.SummaryDetails, opap.Policies, opap.OPASessionObj.AllPolicies) + ConvertFrameworksToSummaryDetails(&opap.Report.SummaryDetails, opap.Policies, opap.AllPolicies) // process - if err := opap.Process(ctx, opap.OPASessionObj.AllPolicies, progressListener); err != nil { + if err := opap.Process(ctx, opap.AllPolicies, progressListener); err != nil { logger.L().Ctx(ctx).Warning(err.Error()) // Return error? } @@ -126,7 +126,7 @@ func (opap *OPAProcessor) Process(ctx context.Context, policies *cautils.Policie } func (opap *OPAProcessor) loggerStartScanning() { - targetScan := opap.OPASessionObj.Metadata.ScanMetadata.ScanningTarget + targetScan := opap.Metadata.ScanMetadata.ScanningTarget if reporthandlingv2.Cluster == targetScan { logger.L().Start("Scanning", helpers.String(targetScan.String(), opap.clusterName)) } else { @@ -135,7 +135,7 @@ func (opap *OPAProcessor) loggerStartScanning() { } func (opap *OPAProcessor) loggerDoneScanning() { - targetScan := opap.OPASessionObj.Metadata.ScanMetadata.ScanningTarget + targetScan := opap.Metadata.ScanMetadata.ScanningTarget if reporthandlingv2.Cluster == targetScan { logger.L().StopSuccess("Done scanning", helpers.String(targetScan.String(), opap.clusterName)) } else { @@ -405,7 +405,7 @@ func (opap *OPAProcessor) makeRegoDeps(configInputs []reporthandling.ControlConf } dataControlInputs := map[string]string{ - "cloudProvider": opap.OPASessionObj.Report.ClusterCloudProvider, + "cloudProvider": opap.Report.ClusterCloudProvider, } return resources.RegoDependenciesData{ diff --git a/core/pkg/opaprocessor/processorhandler_test.go b/core/pkg/opaprocessor/processorhandler_test.go index 64bb9170..d6381794 100644 --- a/core/pkg/opaprocessor/processorhandler_test.go +++ b/core/pkg/opaprocessor/processorhandler_test.go @@ -64,6 +64,12 @@ func unzipAllResourcesTestDataAndSetVar(zipFilePath, destFilePath string) error } _, err = io.Copy(dstFile, fileInArchive) //nolint:gosec + if err != nil { + dstFile.Close() + fileInArchive.Close() + archive.Close() + return err + } dstFile.Close() fileInArchive.Close() @@ -165,12 +171,12 @@ func BenchmarkProcess(b *testing.B) { go monitorHeapSpace(&maxHeap, quitChan) // test - opap.Process(context.Background(), opap.OPASessionObj.AllPolicies, nil) + opap.Process(context.Background(), opap.AllPolicies, nil) // teardown quitChan <- true - b.Log(fmt.Sprintf("%s_max_heap_space_gb: %.2f", testName, float64(maxHeap)/(1024*1024*1024))) - b.Log(fmt.Sprintf("%s_execution_time_sec: %f", testName, b.Elapsed().Seconds())) + b.Logf("%s_max_heap_space_gb: %.2f", testName, float64(maxHeap)/(1024*1024*1024)) + b.Logf("%s_execution_time_sec: %f", testName, b.Elapsed().Seconds()) }) } } diff --git a/core/pkg/opaprocessor/utils.go b/core/pkg/opaprocessor/utils.go index 4e8e3869..f24f4397 100644 --- a/core/pkg/opaprocessor/utils.go +++ b/core/pkg/opaprocessor/utils.go @@ -77,7 +77,7 @@ var cosignVerifySignatureDefinition = func(bctx rego.BuiltinContext, a, b *ast.T return nil, fmt.Errorf("invalid parameter type: %v", err) } // Replace double backslashes with single backslashes - bbStr := strings.Replace(string(bStr), "\\n", "\n", -1) + bbStr := strings.ReplaceAll(string(bStr), "\\n", "\n") result, err := verify(string(aStr), bbStr) if err != nil { // Do not change this log from debug level. We might find a lot of images without signature diff --git a/core/pkg/resourcehandler/handlepullresources_test.go b/core/pkg/resourcehandler/handlepullresources_test.go index 2738631e..676f12d9 100644 --- a/core/pkg/resourcehandler/handlepullresources_test.go +++ b/core/pkg/resourcehandler/handlepullresources_test.go @@ -3,7 +3,6 @@ package resourcehandler import ( "context" _ "embed" - "encoding/json" "testing" "github.com/kubescape/k8s-interface/k8sinterface" @@ -16,21 +15,8 @@ import ( "k8s.io/client-go/dynamic/fake" fakeclientset "k8s.io/client-go/kubernetes/fake" "k8s.io/client-go/rest" - clientcmdapi "k8s.io/client-go/tools/clientcmd/api" ) -var ( - //go:embed testdata/kubeconfig_mock.json - kubeConfigMock string -) - -func getKubeConfigMock() *clientcmdapi.Config { - kubeConfig := clientcmdapi.Config{} - if err := json.Unmarshal([]byte(kubeConfigMock), &kubeConfig); err != nil { - panic(err) - } - return &kubeConfig -} func Test_getCloudMetadata(t *testing.T) { tests := []struct { @@ -73,7 +59,7 @@ func Test_getCloudMetadata(t *testing.T) { // https://github.com/kubescape/kubescape/pull/1004 // Cluster named .*eks.* config without a cloudconfig panics whereas we just want to scan a file func getResourceHandlerMock() *K8sResourceHandler { - client := fakeclientset.NewSimpleClientset() + client := fakeclientset.NewClientset() fakeDiscovery := client.Discovery() k8s := &k8sinterface.KubernetesApi{ diff --git a/core/pkg/resourcehandler/handlerpullresources.go b/core/pkg/resourcehandler/handlerpullresources.go index 831426b4..a8e1fbd0 100644 --- a/core/pkg/resourcehandler/handlerpullresources.go +++ b/core/pkg/resourcehandler/handlerpullresources.go @@ -35,7 +35,7 @@ func CollectResources(ctx context.Context, rsrcHandler IResourceHandler, opaSess opaSessionObj.ExternalResources = externalResources opaSessionObj.ExcludedRules = excludedRulesMap - if (opaSessionObj.K8SResources == nil || len(opaSessionObj.K8SResources) == 0) && (opaSessionObj.ExternalResources == nil || len(opaSessionObj.ExternalResources) == 0) || len(opaSessionObj.AllResources) == 0 { + if len(opaSessionObj.K8SResources) == 0 && len(opaSessionObj.ExternalResources) == 0 || len(opaSessionObj.AllResources) == 0 { return fmt.Errorf("no resources found to scan") } diff --git a/core/pkg/resourcehandler/repositoryscanner.go b/core/pkg/resourcehandler/repositoryscanner.go index a78d78a8..53e16cfd 100644 --- a/core/pkg/resourcehandler/repositoryscanner.go +++ b/core/pkg/resourcehandler/repositoryscanner.go @@ -3,13 +3,13 @@ package resourcehandler import ( "encoding/json" "fmt" + "io" "net/http" "os" "path/filepath" "strings" giturls "github.com/chainguard-dev/git-urls" - "github.com/kubescape/kubescape/v3/core/cautils/getter" "k8s.io/utils/strings/slices" ) @@ -167,7 +167,7 @@ func (g *GitHubRepository) setBranch(branchOptional string) error { if g.branch != "" { return nil } - body, err := getter.HttpGetter(&http.Client{}, g.defaultBranchAPI(), g.getHeaders()) + body, err := httpGet(&http.Client{}, g.defaultBranchAPI(), g.getHeaders()) if err != nil { return err } @@ -193,12 +193,27 @@ func (g *GitHubRepository) getHeaders() map[string]string { } return map[string]string{"Authorization": fmt.Sprintf("token %s", g.token)} } +func httpGet(client *http.Client, url string, headers map[string]string) ([]byte, error) { + req, err := http.NewRequest(http.MethodGet, url, nil) + if err != nil { + return nil, err + } + for k, v := range headers { + req.Header.Set(k, v) + } + resp, err := client.Do(req) + if err != nil { + return nil, err + } + defer resp.Body.Close() + return io.ReadAll(resp.Body) +} func (g *GitHubRepository) setTree() error { if g.isFile { return nil } - body, err := getter.HttpGetter(&http.Client{}, g.treeAPI(), g.getHeaders()) + body, err := httpGet(&http.Client{}, g.treeAPI(), g.getHeaders()) if err != nil { return err } diff --git a/core/pkg/resourcehandler/resourcehandlerutils.go b/core/pkg/resourcehandler/resourcehandlerutils.go index 4da958f5..2a484567 100644 --- a/core/pkg/resourcehandler/resourcehandlerutils.go +++ b/core/pkg/resourcehandler/resourcehandlerutils.go @@ -138,7 +138,7 @@ func updateQueryableResourcesMapFromRuleMatchObject(match *reporthandling.RuleMa } queryableResource.AddFieldSelector(globalFieldSelector) - if match.FieldSelector == nil || len(match.FieldSelector) == 0 { + if len(match.FieldSelector) == 0 { queryableResources.Add(queryableResource) continue } diff --git a/core/pkg/resultshandling/locationresolver/locationresolver_test.go b/core/pkg/resultshandling/locationresolver/locationresolver_test.go index f1e7c2bb..6b659c85 100644 --- a/core/pkg/resultshandling/locationresolver/locationresolver_test.go +++ b/core/pkg/resultshandling/locationresolver/locationresolver_test.go @@ -37,7 +37,7 @@ func TestResolveLocation(t *testing.T) { resolver, _ := NewFixPathLocationResolver(yamlFilePath) - for fixPath, _ := range fixPathToExpectedLineAndColumn { + for fixPath := range fixPathToExpectedLineAndColumn { location, err := resolver.ResolveLocation(fixPath, 100000) assert.Contains(t, err.Error(), "node index [100000] out of range ") assert.Empty(t, location) diff --git a/core/pkg/resultshandling/printer/v2/jsonprinter.go b/core/pkg/resultshandling/printer/v2/jsonprinter.go index 5e0a54ec..4ea14f76 100644 --- a/core/pkg/resultshandling/printer/v2/jsonprinter.go +++ b/core/pkg/resultshandling/printer/v2/jsonprinter.go @@ -126,6 +126,9 @@ func printConfigurationsScanning(opaSessionObj *cautils.OPASessionObj, imageScan reportWithSeverity := ConvertToPostureReportWithSeverityAndLabels(finalizedReport, opaSessionObj.LabelsToCopy, opaSessionObj.AllResources) r, err := json.Marshal(reportWithSeverity) + if err != nil { + return err + } _, err = jp.writer.Write(r) return err diff --git a/core/pkg/resultshandling/printer/v2/jsonprinter_test.go b/core/pkg/resultshandling/printer/v2/jsonprinter_test.go index 9fbf85b6..f8551453 100644 --- a/core/pkg/resultshandling/printer/v2/jsonprinter_test.go +++ b/core/pkg/resultshandling/printer/v2/jsonprinter_test.go @@ -1,7 +1,7 @@ package printer import ( - "io/ioutil" + "io" "os" "testing" @@ -79,7 +79,7 @@ func TestScore_Json(t *testing.T) { // Read the contents of the temporary file f.Seek(0, 0) - got, err := ioutil.ReadAll(f) + got, err := io.ReadAll(f) if err != nil { panic(err) } @@ -169,22 +169,22 @@ func TestConvertToPackageScores(t *testing.T) { func TestConvertToReportSummary(t *testing.T) { input := map[string]*imageprinter.SeveritySummary{ - "High": &imageprinter.SeveritySummary{ + "High": { NumberOfCVEs: 10, NumberOfFixableCVEs: 5, }, - "Medium": &imageprinter.SeveritySummary{ + "Medium": { NumberOfCVEs: 5, NumberOfFixableCVEs: 2, }, } want := map[string]*reportsummary.SeveritySummary{ - "High": &reportsummary.SeveritySummary{ + "High": { NumberOfCVEs: 10, NumberOfFixableCVEs: 5, }, - "Medium": &reportsummary.SeveritySummary{ + "Medium": { NumberOfCVEs: 5, NumberOfFixableCVEs: 2, }, diff --git a/core/pkg/resultshandling/printer/v2/pdf.go b/core/pkg/resultshandling/printer/v2/pdf.go index 6a5fb41c..7015827c 100644 --- a/core/pkg/resultshandling/printer/v2/pdf.go +++ b/core/pkg/resultshandling/printer/v2/pdf.go @@ -125,11 +125,12 @@ func (pp *PdfPrinter) getTableObjects(summaryDetails *reportsummary.SummaryDetai } func getSeverityColor(severity string) *props.Color { - if severity == "Critical" { + switch severity { + case "Critical": return &props.Color{Red: 255, Green: 0, Blue: 0} - } else if severity == "High" { + case "High": return &props.Color{Red: 0, Green: 0, Blue: 255} - } else if severity == "Medium" { + case "Medium": return &props.Color{Red: 252, Green: 186, Blue: 3} } return &props.BlackColor diff --git a/core/pkg/resultshandling/printer/v2/pdf_test.go b/core/pkg/resultshandling/printer/v2/pdf_test.go index b6d2e1d7..6f0787bf 100644 --- a/core/pkg/resultshandling/printer/v2/pdf_test.go +++ b/core/pkg/resultshandling/printer/v2/pdf_test.go @@ -2,7 +2,7 @@ package printer import ( "context" - "io/ioutil" + "io" "os" "testing" @@ -76,7 +76,7 @@ func TestScore_Pdf(t *testing.T) { // Read the contents of the temporary file f.Seek(0, 0) - got, err := ioutil.ReadAll(f) + got, err := io.ReadAll(f) if err != nil { panic(err) } diff --git a/core/pkg/resultshandling/printer/v2/prettyprinter.go b/core/pkg/resultshandling/printer/v2/prettyprinter.go index 3ec091bf..82f54efc 100644 --- a/core/pkg/resultshandling/printer/v2/prettyprinter.go +++ b/core/pkg/resultshandling/printer/v2/prettyprinter.go @@ -24,11 +24,6 @@ import ( "k8s.io/utils/strings/slices" ) -const ( - prettyPrinterOutputFile = "report" - clusterScanningScopeInformationLink = "https://github.com/kubescape/regolibrary/tree/master#add-a-framework" -) - var _ printer.IPrinter = &PrettyPrinter{} type PrettyPrinter struct { @@ -157,12 +152,13 @@ func (pp *PrettyPrinter) printOverview(opaSessionObj *cautils.OPASessionObj, pri } func (pp *PrettyPrinter) printHeader(opaSessionObj *cautils.OPASessionObj) { - if pp.scanType == cautils.ScanTypeCluster { + switch pp.scanType { + case cautils.ScanTypeCluster: cautils.InfoDisplay(pp.writer, fmt.Sprintf("\nSecurity posture overview for cluster: '%s'\n\n", pp.clusterName)) cautils.SimpleDisplay(pp.writer, "In this overview, Kubescape shows you a summary of your cluster security posture, including the number of users who can perform administrative actions. For each result greater than 0, you should evaluate its need, and then define an exception to allow it. This baseline can be used to detect drift in future.\n\n") - } else if pp.scanType == cautils.ScanTypeRepo { + case cautils.ScanTypeRepo: cautils.InfoDisplay(pp.writer, fmt.Sprintf("\nSecurity posture overview for repo: '%s'\n\n", strings.Join(pp.inputPatterns, ", "))) - } else if pp.scanType == cautils.ScanTypeWorkload { + case cautils.ScanTypeWorkload: cautils.InfoDisplay(pp.writer, "Workload security posture overview for:\n") ns := opaSessionObj.SingleResourceScan.GetNamespace() var rows []table.Row diff --git a/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/configurationprinter/categorytable.go b/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/configurationprinter/categorytable.go index 89f5878d..ca37d5e9 100644 --- a/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/configurationprinter/categorytable.go +++ b/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/configurationprinter/categorytable.go @@ -67,11 +67,11 @@ func generateCategoryStatusRow(controlSummary reportsummary.IControlSummary) tab rows[0] = utils.GetStatusIcon(controlSummary.GetStatus().Status()) - rows[1] = controlSummary.GetName() - if len(controlSummary.GetName()) > 50 { - rows[1] = controlSummary.GetName()[:50] + "..." + name := controlSummary.GetName() + if len(name) > 50 { + rows[1] = name[:50] + "..." //nolint:gosec // Safe: rows has length 3, accessing index 1 } else { - rows[1] = controlSummary.GetName() + rows[1] = name //nolint:gosec // Safe: rows has length 3, accessing index 1 } rows[2] = getDocsForControl(controlSummary) diff --git a/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/configurationprinter/reposcan.go b/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/configurationprinter/reposcan.go index e38215f6..f4582454 100644 --- a/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/configurationprinter/reposcan.go +++ b/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/configurationprinter/reposcan.go @@ -8,7 +8,6 @@ import ( "github.com/jedib0t/go-pretty/v6/table" "github.com/jwalton/gchalk" "github.com/kubescape/kubescape/v3/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/utils" - "github.com/kubescape/opa-utils/reporthandling" "github.com/kubescape/opa-utils/reporthandling/apis" "github.com/kubescape/opa-utils/reporthandling/results/v1/reportsummary" ) @@ -102,19 +101,6 @@ func (rp *RepoPrinter) generateCountingCategoryRow(controlSummary reportsummary. return rows } -func (rp *RepoPrinter) getWorkloadScanCommand(ns, kind, name string, source reporthandling.Source) string { - cmd := fmt.Sprintf("$ kubescape scan workload %s/%s/%s", ns, kind, name) - if ns == "" { - cmd = fmt.Sprintf("$ kubescape scan workload %s/%s", kind, name) - } - if source.FileType == "Helm" { - return fmt.Sprintf("%s --chart-path=%s", cmd, source.RelativePath) - - } else { - return fmt.Sprintf("%s --file-path=%s", cmd, source.RelativePath) - } -} - func (rp *RepoPrinter) generateTableNextSteps(controlSummary reportsummary.IControlSummary, inputPatterns []string) string { return fmt.Sprintf("$ kubescape scan control %s %s -v", controlSummary.GetID(), strings.Join(inputPatterns, ",")) } diff --git a/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/configurationprinter/summarytable.go b/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/configurationprinter/summarytable.go index a57e919b..515bc2de 100644 --- a/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/configurationprinter/summarytable.go +++ b/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/configurationprinter/summarytable.go @@ -72,9 +72,9 @@ func GenerateRow(controlSummary reportsummary.IControlSummary, infoToPrintInfo [ row[summaryColumnSeverity] = GetSeverityColumn(controlSummary) if len(controlSummary.GetName()) > 50 { - row[summaryColumnName] = controlSummary.GetName()[:50] + "..." + row[summaryColumnName] = controlSummary.GetName()[:50] + "..." //nolint:gosec // Safe: row has length _summaryRowLen (5), accessing index 1 } else { - row[summaryColumnName] = controlSummary.GetName() + row[summaryColumnName] = controlSummary.GetName() //nolint:gosec // Safe: row has length _summaryRowLen (5), accessing index 1 } row[summaryColumnCounterFailed] = fmt.Sprintf("%d", controlSummary.NumberOfResources().Failed()) row[summaryColumnCounterAll] = fmt.Sprintf("%d", controlSummary.NumberOfResources().All()) diff --git a/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/utils/utils_test.go b/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/utils/utils_test.go index bb8646ea..449fb7e3 100644 --- a/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/utils/utils_test.go +++ b/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/utils/utils_test.go @@ -1,7 +1,7 @@ package utils import ( - "io/ioutil" + "io" "os" "testing" @@ -127,7 +127,7 @@ func TestPrintInfo(t *testing.T) { { name: "Critical info", infoToPrintInfo: []InfoStars{ - InfoStars{ + { Stars: "5", Info: "Critical Info", }, @@ -137,11 +137,11 @@ func TestPrintInfo(t *testing.T) { { name: "Medium and high info", infoToPrintInfo: []InfoStars{ - InfoStars{ + { Stars: "3", Info: "Medium Info", }, - InfoStars{ + { Stars: "4", Info: "High Info", }, @@ -151,11 +151,11 @@ func TestPrintInfo(t *testing.T) { { name: "Negligible and low info", infoToPrintInfo: []InfoStars{ - InfoStars{ + { Stars: "1", Info: "Negligible Info", }, - InfoStars{ + { Stars: "2", Info: "Low Info", }, @@ -184,7 +184,7 @@ func TestPrintInfo(t *testing.T) { // Read the contents of the temporary file f.Seek(0, 0) - got, err := ioutil.ReadAll(f) + got, err := io.ReadAll(f) if err != nil { panic(err) } diff --git a/core/pkg/resultshandling/printer/v2/prettyprinter/utils.go b/core/pkg/resultshandling/printer/v2/prettyprinter/utils.go index 0bcb0793..dce6d438 100644 --- a/core/pkg/resultshandling/printer/v2/prettyprinter/utils.go +++ b/core/pkg/resultshandling/printer/v2/prettyprinter/utils.go @@ -136,7 +136,7 @@ func filterCVEsBySeverities(cves []imageprinter.CVE, severities []string) []imag // getSortPackageScores returns a slice of package names sorted by score func getSortPackageScores(pkgScores map[string]*imageprinter.PackageScore) []string { sortedSlice := make([]string, 0, len(pkgScores)) - for pkgName, _ := range pkgScores { + for pkgName := range pkgScores { sortedSlice = append(sortedSlice, pkgName) } @@ -203,8 +203,6 @@ func printTopComponents(writer *os.File, summary imageprinter.ImageScanSummary) } cautils.SimpleDisplay(writer, "\n") - - return } func printImageScanningSummary(writer *os.File, summary imageprinter.ImageScanSummary, verboseMode bool) { diff --git a/core/pkg/resultshandling/printer/v2/resourcetable.go b/core/pkg/resultshandling/printer/v2/resourcetable.go index 92507d5c..80adfc76 100644 --- a/core/pkg/resultshandling/printer/v2/resourcetable.go +++ b/core/pkg/resultshandling/printer/v2/resourcetable.go @@ -122,7 +122,7 @@ func generateResourceHeader(short bool) table.Row { func shortFormatResource(resourceRows []table.Row) []table.Row { rows := make([]table.Row, len(resourceRows)) for i, resourceRow := range resourceRows { - rows[i] = table.Row{fmt.Sprintf("Severity"+strings.Repeat(" ", 13)+": %+v\nControl Name"+strings.Repeat(" ", 9)+": %+v\nDocs"+strings.Repeat(" ", 17)+": %+v\nAssisted Remediation"+strings.Repeat(" ", 1)+": %+v", resourceRow[resourceColumnSeverity], resourceRow[resourceColumnName], resourceRow[resourceColumnURL], strings.Replace(resourceRow[resourceColumnPath].(string), "\n", "\n"+strings.Repeat(" ", 23), -1))} + rows[i] = table.Row{fmt.Sprintf("Severity"+strings.Repeat(" ", 13)+": %+v\nControl Name"+strings.Repeat(" ", 9)+": %+v\nDocs"+strings.Repeat(" ", 17)+": %+v\nAssisted Remediation"+strings.Repeat(" ", 1)+": %+v", resourceRow[resourceColumnSeverity], resourceRow[resourceColumnName], resourceRow[resourceColumnURL], strings.ReplaceAll(resourceRow[resourceColumnPath].(string), "\n", "\n"+strings.Repeat(" ", 23)))} } return rows } diff --git a/core/pkg/resultshandling/printer/v2/sarifprinter.go b/core/pkg/resultshandling/printer/v2/sarifprinter.go index 0bedb548..22dfae81 100644 --- a/core/pkg/resultshandling/printer/v2/sarifprinter.go +++ b/core/pkg/resultshandling/printer/v2/sarifprinter.go @@ -152,7 +152,7 @@ func (sp *SARIFPrinter) printImageScan(ctx context.Context, scanResults cautils. return err } - return os.WriteFile(sp.writer.Name(), updatedSarifReport, os.ModePerm) + return os.WriteFile(sp.writer.Name(), updatedSarifReport, 0644) //nolint:gosec // Read-only report output, acceptable permissions } func (sp *SARIFPrinter) PrintNextSteps() { @@ -519,7 +519,7 @@ func formReplaceFixedYamlString(node cautils.MappingNode, fileAsString string, l yamlLines[location.Line] = yamlLines[location.Line] + " # This is the suggested modification, the value for " + fixPath + " is " + fixValue + "\n" } else { replacedLine := "# This is the suggested modification\n" + yamlLines[location.Line] - newLine := strings.Replace(replacedLine, replcaedValue, fixValue, -1) + newLine := strings.ReplaceAll(replacedLine, replcaedValue, fixValue) yamlLines[location.Line] = newLine } fixedYamlString := strings.Join(yamlLines, "\n") diff --git a/pkg/imagescan/imagescan_test.go b/pkg/imagescan/imagescan_test.go index ec8c122e..ff7d54e0 100644 --- a/pkg/imagescan/imagescan_test.go +++ b/pkg/imagescan/imagescan_test.go @@ -135,7 +135,7 @@ func TestGetProviderConfig(t *testing.T) { t.Run(tt.name, func(t *testing.T) { providerConfig := getProviderConfig(tt.creds) assert.NotNil(t, providerConfig) - assert.Equal(t, true, providerConfig.SynthesisConfig.GenerateMissingCPEs) + assert.Equal(t, true, providerConfig.GenerateMissingCPEs) }) } }