mirror of
https://github.com/kubescape/kubescape.git
synced 2026-04-15 06:58:11 +00:00
72f9c6d81b
* Fix issue for scanning list obj * Fix go mod in httphandler pkg * Broken links fix in roadmap.md Planning, backlog, and wishlist links were not taking to the required section. * override infoMap only if it's not nil * improved icon of kubescape in readme * Support scanning several files * gramatical improvements * docs(readme): Star → star * Fix issues according to review * Handle with issues caused by updating opa-utils * Fix scanning ListObj following reviews * Update core/pkg/resourcehandler/filesloader.go Co-authored-by: Vlad Klokun <vladklokun@users.noreply.github.com> * Update completion.go * Added fixed control input * update go.mod * Print chart name log when fail to generate * Change formatting to %s * Added resource prioritization information, raw resource will be sent on the result object * Merging typo fixes from master (#772) * greetings * Update aws.sh simplified the comment * typo: In the title and h1 element Their was a typo in index.html file. * punctuation changes * docs : added gitpod badge in readme.md * fixed typos * some grammar mistake is corrected inPULL_REQUEST_TEMPLATE.md file * Updated README.md file Added link to CONTRIBUTING.md file in a line in README. * Added link to code of conduct file I have added link to the code of conduct file and fixed some problems in the Readme file. * Fixed readme * Added alpine tag Adding alpine tag instead of latest and removing repeating commands * roadmap.md file is modified * Automatically Close "Typo" labelled Issue * build.py is modified * modified PR template * Fixed some typos in feature_request.md "." at the end of the headings were missing and all the text were in same line. Now this gives a clear and concise view of the texts. * fixed the typo in docs/index.html Found and fixed typo in the 'alt' attribute of img tag * Update PULL_REQUEST_TEMPLATE.md Co-authored-by: Krishna Agarwal <dmkrishna.agarwal@gmail.com> Co-authored-by: Saswata Senapati <74651639+saswat16@users.noreply.github.com> Co-authored-by: Rahul Singh <110548934+rahuldhirendersingh@users.noreply.github.com> Co-authored-by: deepuyadav004 <deepuyadavze@gmail.com> Co-authored-by: kartik <97971066+kartikgajjar7@users.noreply.github.com> Co-authored-by: Rounak-28 <95576871+Rounak-28@users.noreply.github.com> Co-authored-by: pwnb0y <vickykr07@yahoo.com> Co-authored-by: Ben Hirschberg <59160382+slashben@users.noreply.github.com> Co-authored-by: Saptarshi Sarkar <saptarshi.programmer@gmail.com> Co-authored-by: Rahul Surwade <93492791+RahulSurwade08@users.noreply.github.com> Co-authored-by: Suhas Gumma <43647369+suhasgumma@users.noreply.github.com> Co-authored-by: Kamal Nayan <95926324+legendarykamal@users.noreply.github.com> Co-authored-by: TarangVerma <90996971+TarangVerma@users.noreply.github.com> Co-authored-by: avikittu <65793296+avikittu@users.noreply.github.com> * update logger version (#773) * Fixed: Kubescape fails to authenticate remote private Github repo (#721) * grammar error fixer in CONTRIBUTING.md * scanning private git repository is available * giturl to gitapi * NO TOKEN error functionality added * Used GetToken method of giturl.IGitAPPI for auth Co-authored-by: satyam kale <satyamkale271@gmail.com> Co-authored-by: Ben Hirschberg <59160382+slashben@users.noreply.github.com> * bump opa-utils to 181 * Option to force enable color output (closes #560) (#767) * Option to force enable color output (closes #560) (cherry picked from commit 4f951781ee8dd6bb451ac7d159787f47e4b07379) * Update go.mod * Update host scanner image (#774) * update logger version * update scanner image Co-authored-by: Moshe-Rappaport-CA <moshep@armosec.io> Co-authored-by: Moshe Rappaport <89577611+Moshe-Rappaport-CA@users.noreply.github.com> Co-authored-by: Om Raut <33827410+om2137@users.noreply.github.com> Co-authored-by: Kamal Nayan <95926324+legendarykamal@users.noreply.github.com> Co-authored-by: Vlad Klokun <vladklokun@users.noreply.github.com> Co-authored-by: Chirag Arora <84070677+Chirag8023@users.noreply.github.com> Co-authored-by: shm12 <shmuelb@armosec.io> Co-authored-by: Amir Malka <amirm@armosec.io> Co-authored-by: Krishna Agarwal <dmkrishna.agarwal@gmail.com> Co-authored-by: Saswata Senapati <74651639+saswat16@users.noreply.github.com> Co-authored-by: Rahul Singh <110548934+rahuldhirendersingh@users.noreply.github.com> Co-authored-by: deepuyadav004 <deepuyadavze@gmail.com> Co-authored-by: kartik <97971066+kartikgajjar7@users.noreply.github.com> Co-authored-by: Rounak-28 <95576871+Rounak-28@users.noreply.github.com> Co-authored-by: pwnb0y <vickykr07@yahoo.com> Co-authored-by: Ben Hirschberg <59160382+slashben@users.noreply.github.com> Co-authored-by: Saptarshi Sarkar <saptarshi.programmer@gmail.com> Co-authored-by: Rahul Surwade <93492791+RahulSurwade08@users.noreply.github.com> Co-authored-by: Suhas Gumma <43647369+suhasgumma@users.noreply.github.com> Co-authored-by: TarangVerma <90996971+TarangVerma@users.noreply.github.com> Co-authored-by: avikittu <65793296+avikittu@users.noreply.github.com> Co-authored-by: satyam kale <satyamkale271@gmail.com> Co-authored-by: Aditya Pratap Singh <adityapratapsingh51@gmail.com>
205 lines
6.0 KiB
Go
205 lines
6.0 KiB
Go
package resourcehandler
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"path/filepath"
|
|
|
|
"github.com/armosec/armoapi-go/armotypes"
|
|
"github.com/kubescape/k8s-interface/workloadinterface"
|
|
"github.com/kubescape/opa-utils/reporthandling"
|
|
"k8s.io/apimachinery/pkg/version"
|
|
|
|
logger "github.com/kubescape/go-logger"
|
|
"github.com/kubescape/go-logger/helpers"
|
|
"github.com/kubescape/k8s-interface/k8sinterface"
|
|
"github.com/kubescape/kubescape/v2/core/cautils"
|
|
)
|
|
|
|
// FileResourceHandler handle resources from files and URLs
|
|
type FileResourceHandler struct {
|
|
inputPatterns []string
|
|
registryAdaptors *RegistryAdaptors
|
|
}
|
|
|
|
func NewFileResourceHandler(inputPatterns []string, registryAdaptors *RegistryAdaptors) *FileResourceHandler {
|
|
k8sinterface.InitializeMapResourcesMock() // initialize the resource map
|
|
return &FileResourceHandler{
|
|
inputPatterns: inputPatterns,
|
|
registryAdaptors: registryAdaptors,
|
|
}
|
|
}
|
|
|
|
func (fileHandler *FileResourceHandler) GetResources(sessionObj *cautils.OPASessionObj, designator *armotypes.PortalDesignator) (*cautils.K8SResources, map[string]workloadinterface.IMetadata, *cautils.KSResources, error) {
|
|
|
|
//
|
|
// build resources map
|
|
// map resources based on framework required resources: map["/group/version/kind"][]<k8s workloads ids>
|
|
k8sResources := setK8sResourceMap(sessionObj.Policies)
|
|
allResources := map[string]workloadinterface.IMetadata{}
|
|
ksResources := &cautils.KSResources{}
|
|
|
|
if len(fileHandler.inputPatterns) == 0 {
|
|
return nil, nil, nil, fmt.Errorf("missing input")
|
|
}
|
|
|
|
logger.L().Info("Accessing local objects")
|
|
cautils.StartSpinner()
|
|
|
|
for path := range fileHandler.inputPatterns {
|
|
workloadIDToSource, workloads, err := getResourcesFromPath(fileHandler.inputPatterns[path])
|
|
if err != nil {
|
|
return nil, allResources, nil, err
|
|
}
|
|
if len(workloads) == 0 {
|
|
logger.L().Debug("path ignored because contains only a non-kubernetes file", helpers.String("path", fileHandler.inputPatterns[path]))
|
|
}
|
|
|
|
for k, v := range workloadIDToSource {
|
|
sessionObj.ResourceSource[k] = v
|
|
}
|
|
|
|
// map all resources: map["/apiVersion/version/kind"][]<k8s workloads>
|
|
mappedResources := mapResources(workloads)
|
|
|
|
// save only relevant resources
|
|
for i := range mappedResources {
|
|
if _, ok := (*k8sResources)[i]; ok {
|
|
ids := []string{}
|
|
for j := range mappedResources[i] {
|
|
ids = append(ids, mappedResources[i][j].GetID())
|
|
allResources[mappedResources[i][j].GetID()] = mappedResources[i][j]
|
|
}
|
|
(*k8sResources)[i] = append((*k8sResources)[i], ids...)
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
if err := fileHandler.registryAdaptors.collectImagesVulnerabilities(k8sResources, allResources, ksResources); err != nil {
|
|
logger.L().Warning("failed to collect images vulnerabilities", helpers.Error(err))
|
|
}
|
|
|
|
cautils.StopSpinner()
|
|
logger.L().Success("Done accessing local objects")
|
|
|
|
return k8sResources, allResources, ksResources, nil
|
|
}
|
|
|
|
func getResourcesFromPath(path string) (map[string]reporthandling.Source, []workloadinterface.IMetadata, error) {
|
|
workloadIDToSource := make(map[string]reporthandling.Source, 0)
|
|
workloads := []workloadinterface.IMetadata{}
|
|
|
|
clonedRepo, err := cloneGitRepo(&path)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
if clonedRepo != "" {
|
|
defer os.RemoveAll(clonedRepo)
|
|
}
|
|
|
|
// Get repo root
|
|
repoRoot := ""
|
|
gitRepo, err := cautils.NewLocalGitRepository(path)
|
|
if err == nil && gitRepo != nil {
|
|
repoRoot, _ = gitRepo.GetRootDir()
|
|
}
|
|
|
|
// load resource from local file system
|
|
sourceToWorkloads := cautils.LoadResourcesFromFiles(path, repoRoot)
|
|
|
|
// update workloads and workloadIDToSource
|
|
for source, ws := range sourceToWorkloads {
|
|
workloads = append(workloads, ws...)
|
|
|
|
relSource, err := filepath.Rel(repoRoot, source)
|
|
if err == nil {
|
|
source = relSource
|
|
}
|
|
|
|
var filetype string
|
|
if cautils.IsYaml(source) {
|
|
filetype = reporthandling.SourceTypeYaml
|
|
} else if cautils.IsJson(source) {
|
|
filetype = reporthandling.SourceTypeJson
|
|
} else {
|
|
continue
|
|
}
|
|
|
|
var lastCommit reporthandling.LastCommit
|
|
if gitRepo != nil {
|
|
commitInfo, _ := gitRepo.GetFileLastCommit(source)
|
|
if commitInfo != nil {
|
|
lastCommit = reporthandling.LastCommit{
|
|
Hash: commitInfo.SHA,
|
|
Date: commitInfo.Author.Date,
|
|
CommitterName: commitInfo.Author.Name,
|
|
CommitterEmail: commitInfo.Author.Email,
|
|
Message: commitInfo.Message,
|
|
}
|
|
}
|
|
}
|
|
|
|
workloadSource := reporthandling.Source{
|
|
RelativePath: source,
|
|
FileType: filetype,
|
|
LastCommit: lastCommit,
|
|
}
|
|
|
|
for i := range ws {
|
|
workloadIDToSource[ws[i].GetID()] = workloadSource
|
|
}
|
|
}
|
|
|
|
if len(workloads) == 0 {
|
|
logger.L().Debug("files found in local storage", helpers.Int("files", len(sourceToWorkloads)), helpers.Int("workloads", len(workloads)))
|
|
}
|
|
|
|
// load resources from helm charts
|
|
helmSourceToWorkloads, helmSourceToChartName := cautils.LoadResourcesFromHelmCharts(path)
|
|
for source, ws := range helmSourceToWorkloads {
|
|
workloads = append(workloads, ws...)
|
|
helmChartName := helmSourceToChartName[source]
|
|
|
|
relSource, err := filepath.Rel(repoRoot, source)
|
|
if err == nil {
|
|
source = relSource
|
|
}
|
|
|
|
var lastCommit reporthandling.LastCommit
|
|
if gitRepo != nil {
|
|
commitInfo, _ := gitRepo.GetFileLastCommit(source)
|
|
if commitInfo != nil {
|
|
lastCommit = reporthandling.LastCommit{
|
|
Hash: commitInfo.SHA,
|
|
Date: commitInfo.Author.Date,
|
|
CommitterName: commitInfo.Author.Name,
|
|
CommitterEmail: commitInfo.Author.Email,
|
|
Message: commitInfo.Message,
|
|
}
|
|
}
|
|
}
|
|
|
|
workloadSource := reporthandling.Source{
|
|
RelativePath: source,
|
|
FileType: reporthandling.SourceTypeHelmChart,
|
|
HelmChartName: helmChartName,
|
|
LastCommit: lastCommit,
|
|
}
|
|
|
|
for i := range ws {
|
|
workloadIDToSource[ws[i].GetID()] = workloadSource
|
|
}
|
|
}
|
|
|
|
if len(helmSourceToWorkloads) > 0 {
|
|
logger.L().Debug("helm templates found in local storage", helpers.Int("helmTemplates", len(helmSourceToWorkloads)), helpers.Int("workloads", len(workloads)))
|
|
}
|
|
|
|
return workloadIDToSource, workloads, nil
|
|
}
|
|
|
|
func (fileHandler *FileResourceHandler) GetClusterAPIServerInfo() *version.Info {
|
|
return nil
|
|
}
|