diff --git a/go.mod b/go.mod index 005abf6..e797d76 100644 --- a/go.mod +++ b/go.mod @@ -1,14 +1,14 @@ module github.com/aquasecurity/trivy-aws -go 1.20 +go 1.21 require ( - github.com/aquasecurity/defsec v0.94.1 github.com/aquasecurity/go-mock-aws v0.0.0-20240109054747-49e4b5da33cb - github.com/aws/aws-sdk-go v1.45.15 + github.com/aquasecurity/trivy v0.49.2-0.20240216090457-32a02a95dd06 + github.com/aws/aws-sdk-go v1.49.21 github.com/aws/aws-sdk-go-v2 v1.24.1 - github.com/aws/aws-sdk-go-v2/config v1.26.2 - github.com/aws/aws-sdk-go-v2/credentials v1.16.13 + github.com/aws/aws-sdk-go-v2/config v1.26.6 + github.com/aws/aws-sdk-go-v2/credentials v1.16.16 github.com/aws/aws-sdk-go-v2/service/accessanalyzer v1.26.7 github.com/aws/aws-sdk-go-v2/service/apigateway v1.21.6 github.com/aws/aws-sdk-go-v2/service/apigatewayv2 v1.18.6 @@ -38,13 +38,14 @@ require ( github.com/aws/aws-sdk-go-v2/service/neptune v1.28.1 github.com/aws/aws-sdk-go-v2/service/rds v1.66.1 github.com/aws/aws-sdk-go-v2/service/redshift v1.39.7 - github.com/aws/aws-sdk-go-v2/service/s3 v1.47.7 + github.com/aws/aws-sdk-go-v2/service/s3 v1.48.1 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.26.0 github.com/aws/aws-sdk-go-v2/service/sns v1.26.6 github.com/aws/aws-sdk-go-v2/service/sqs v1.29.6 - github.com/aws/aws-sdk-go-v2/service/sts v1.26.6 + github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 github.com/aws/aws-sdk-go-v2/service/workspaces v1.35.6 github.com/liamg/iamgo v0.0.9 + github.com/liamg/memoryfs v1.6.0 github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.8.4 ) @@ -53,70 +54,69 @@ require ( dario.cat/mergo v1.0.0 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect github.com/OneOfOne/xxhash v1.2.8 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect + github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/agnivade/levenshtein v1.1.1 // indirect github.com/alecthomas/chroma v0.10.0 // indirect github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect - github.com/aquasecurity/trivy-policies v0.8.0 // indirect + github.com/aquasecurity/trivy-policies v0.9.1-0.20240212232053-c450017d5624 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.4 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.2.9 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.2.10 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.2.9 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.2.10 // indirect github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.8.11 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.16.9 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.16.10 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect github.com/aws/smithy-go v1.19.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/cloudflare/circl v1.3.7 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect - github.com/davecgh/go-spew v1.1.1 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect + github.com/distribution/reference v0.5.0 // indirect github.com/dlclark/regexp2 v1.4.0 // indirect - github.com/docker/distribution v2.8.2+incompatible // indirect - github.com/docker/docker v24.0.7+incompatible // indirect - github.com/docker/go-connections v0.4.0 // indirect + github.com/docker/docker v25.0.2+incompatible // indirect + github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-units v0.5.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect + github.com/felixge/httpsnoop v1.0.4 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.5.0 // indirect github.com/go-git/go-git/v5 v5.11.0 // indirect github.com/go-ini/ini v1.67.0 // indirect - github.com/go-logr/logr v1.3.0 // indirect + github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect - github.com/google/uuid v1.5.0 // indirect + github.com/google/uuid v1.6.0 // indirect github.com/gorilla/mux v1.8.1 // indirect github.com/hashicorp/hcl/v2 v2.19.1 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/liamg/jfather v0.0.7 // indirect - github.com/liamg/memoryfs v1.6.0 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect + github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect - github.com/open-policy-agent/opa v0.60.0 // indirect + github.com/open-policy-agent/opa v0.61.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.1.0-rc5 // indirect + github.com/opencontainers/image-spec v1.1.0-rc6 // indirect github.com/owenrumney/squealer v1.2.1 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/prometheus/client_golang v1.16.0 // indirect - github.com/prometheus/client_model v0.4.0 // indirect - github.com/prometheus/common v0.44.0 // indirect - github.com/prometheus/procfs v0.10.1 // indirect + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect + github.com/prometheus/client_golang v1.18.0 // indirect + github.com/prometheus/client_model v0.5.0 // indirect + github.com/prometheus/common v0.45.0 // indirect + github.com/prometheus/procfs v0.12.0 // indirect github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect github.com/sergi/go-diff v1.3.1 // indirect github.com/skeema/knownhosts v1.2.1 // indirect @@ -126,17 +126,20 @@ require ( github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/yashtewari/glob-intersection v0.2.0 // indirect github.com/zclconf/go-cty v1.13.0 // indirect - go.opentelemetry.io/otel v1.21.0 // indirect - go.opentelemetry.io/otel/metric v1.21.0 // indirect - go.opentelemetry.io/otel/sdk v1.21.0 // indirect - go.opentelemetry.io/otel/trace v1.21.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect + go.opentelemetry.io/otel v1.23.1 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.23.1 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.23.1 // indirect + go.opentelemetry.io/otel/metric v1.23.1 // indirect + go.opentelemetry.io/otel/sdk v1.23.1 // indirect + go.opentelemetry.io/otel/trace v1.23.1 // indirect golang.org/x/crypto v0.18.0 // indirect - golang.org/x/mod v0.13.0 // indirect + golang.org/x/mod v0.14.0 // indirect golang.org/x/net v0.20.0 // indirect golang.org/x/sys v0.16.0 // indirect golang.org/x/text v0.14.0 // indirect - golang.org/x/tools v0.13.0 // indirect - google.golang.org/protobuf v1.31.0 // indirect + golang.org/x/tools v0.16.1 // indirect + google.golang.org/protobuf v1.32.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index 1eb11d1..7b9f3bf 100644 --- a/go.sum +++ b/go.sum @@ -1,13 +1,14 @@ dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= +github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8= github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= -github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 h1:kkhsdkhsCvIsutKu5zLMgWtgh9YxGCNAw8Ad8hjwfYg= -github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= +github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE= +github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8= @@ -15,39 +16,41 @@ github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVb github.com/alecthomas/chroma v0.10.0 h1:7XDcGkCQopCNKjZHfYrNLraA+M7e0fMiJ/Mfikbfjek= github.com/alecthomas/chroma v0.10.0/go.mod h1:jtJATyUxlIORhUOFNA9NZDWGAQ8wpxQQqNSB4rjA/1s= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= +github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw= github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= -github.com/aquasecurity/defsec v0.94.1 h1:lk44bfUltm0f0Dw4DbO3Ka9d/bf3N8cWclSdHXMyKF4= -github.com/aquasecurity/defsec v0.94.1/go.mod h1:wiX9BX0SOG0ZWjVIPYGPl46fyO3Gu8lJnk4rmhFR7IA= github.com/aquasecurity/go-mock-aws v0.0.0-20240109054747-49e4b5da33cb h1:dNxUB2bSbiLGNYcXkbBKrrfuY96+dXhA9FahEFZ4THQ= github.com/aquasecurity/go-mock-aws v0.0.0-20240109054747-49e4b5da33cb/go.mod h1:iytBd25FZt3N6g+vGnNPO7BfgkV7HCEfIHyg8K/ldUw= -github.com/aquasecurity/trivy-policies v0.8.0 h1:LvmIdw/DfTF72Lc8L+CKLYzfb5BFYzLBGFFR95PKC74= -github.com/aquasecurity/trivy-policies v0.8.0/go.mod h1:qF/t59pgK/0JTV6tXaeA3Iw3opzoMgzGCDcTDBmqb30= +github.com/aquasecurity/trivy v0.49.2-0.20240216090457-32a02a95dd06 h1:RnZSIJBTAUO6zapl+a5n9ONzs9nAr4T4/5xDUxG3rWw= +github.com/aquasecurity/trivy v0.49.2-0.20240216090457-32a02a95dd06/go.mod h1:ofCvz0G7EAUKbVPwVQhlqQJ9Emv3rjakDkJARom4gxY= +github.com/aquasecurity/trivy-policies v0.9.1-0.20240212232053-c450017d5624 h1:OKJa4JRaB54tY3XxrUA5waEPuI+AsNMoz7PR5rkDQj0= +github.com/aquasecurity/trivy-policies v0.9.1-0.20240212232053-c450017d5624/go.mod h1:AHMSfZ86npbvCMRxrGFw51PIfl60FRwXWgrvxWy7EU0= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= -github.com/aws/aws-sdk-go v1.45.15 h1:gYBTVSYuhXdatrLbsPaRgVcc637zzdgThWmsDRwXLOo= -github.com/aws/aws-sdk-go v1.45.15/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= +github.com/aws/aws-sdk-go v1.49.21 h1:Rl8KW6HqkwzhATwvXhyr7vD4JFUMi7oXGAw9SrxxIFY= +github.com/aws/aws-sdk-go v1.49.21/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU= github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.4 h1:OCs21ST2LrepDfD3lwlQiOqIGp6JiEUqG84GzTDoyJs= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.4/go.mod h1:usURWEKSNNAcAZuzRn/9ZYPT8aZQkR7xcCtunK/LkJo= -github.com/aws/aws-sdk-go-v2/config v1.26.2 h1:+RWLEIWQIGgrz2pBPAUoGgNGs1TOyF4Hml7hCnYj2jc= -github.com/aws/aws-sdk-go-v2/config v1.26.2/go.mod h1:l6xqvUxt0Oj7PI/SUXYLNyZ9T/yBPn3YTQcJLLOdtR8= -github.com/aws/aws-sdk-go-v2/credentials v1.16.13 h1:WLABQ4Cp4vXtXfOWOS3MEZKr6AAYUpMczLhgKtAjQ/8= -github.com/aws/aws-sdk-go-v2/credentials v1.16.13/go.mod h1:Qg6x82FXwW0sJHzYruxGiuApNo31UEtJvXVSZAXeWiw= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 h1:w98BT5w+ao1/r5sUuiH6JkVzjowOKeOJRHERyy1vh58= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10/go.mod h1:K2WGI7vUvkIv1HoNbfBA1bvIZ+9kL3YVmWxeKuLQsiw= +github.com/aws/aws-sdk-go-v2/config v1.26.6 h1:Z/7w9bUqlRI0FFQpetVuFYEsjzE3h7fpU6HuGmfPL/o= +github.com/aws/aws-sdk-go-v2/config v1.26.6/go.mod h1:uKU6cnDmYCvJ+pxO9S4cWDb2yWWIH5hra+32hVh1MI4= +github.com/aws/aws-sdk-go-v2/credentials v1.16.16 h1:8q6Rliyv0aUFAVtzaldUEcS+T5gbadPbWdV1WcAddK8= +github.com/aws/aws-sdk-go-v2/credentials v1.16.16/go.mod h1:UHVZrdUsv63hPXFo1H7c5fEneoVo9UXiz36QG1GEPi0= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 h1:c5I5iH+DZcH3xOIMlz3/tCKJDaHFwYEmxvlh2fAcFo8= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11/go.mod h1:cRrYDYAMUohBJUtUnOhydaMHtiK/1NZ0Otc9lIb6O0Y= github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4= github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10/go.mod h1:6UV4SZkVvmODfXKql4LCbaZUpF7HO2BX38FgBf9ZOLw= -github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 h1:GrSw8s0Gs/5zZ0SX+gX4zQjRnRsMJDJ2sLur1gRBhEM= -github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.2.9 h1:ugD6qzjYtB7zM5PN/ZIeaAIyefPaD82G8+SJopgvUpw= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.2.9/go.mod h1:YD0aYBWCrPENpHolhKw2XDlTIWae2GKXT1T4o6N6hiM= +github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 h1:n3GDfwqF2tzEkXlv5cuy4iy7LpKDtqDMcNLfZDu9rls= +github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.2.10 h1:5oE2WzJE56/mVveuDZPJESKlg/00AaS2pY2QZcnxg4M= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.2.10/go.mod h1:FHbKWQtRBYUz4vO5WBWjzMD2by126ny5y/1EoaWoLfI= github.com/aws/aws-sdk-go-v2/service/accessanalyzer v1.26.7 h1:rLdKcienXrk+JFX1+DZg160ebG8lIF2nFvnEZL7dnII= github.com/aws/aws-sdk-go-v2/service/accessanalyzer v1.26.7/go.mod h1:cwqaWBOZXu8pqEE1ZC4Sw2ycZLjwKrRP5tOAJFgCbYc= github.com/aws/aws-sdk-go-v2/service/apigateway v1.21.6 h1:ePPaOVn92r5n8Neecdpy93hDmR0PBH6H6b7VQCE5vKE= @@ -92,14 +95,14 @@ github.com/aws/aws-sdk-go-v2/service/iam v1.28.7 h1:FKPRDYZOO0Eur19vWUL1B40Op0j8 github.com/aws/aws-sdk-go-v2/service/iam v1.28.7/go.mod h1:YzMYyQ7S4twfYzLjwP24G1RAxypozVZeNaG1r2jxRms= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.2.9 h1:/90OR2XbSYfXucBMJ4U14wrjlfleq/0SB6dZDPncgmo= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.2.9/go.mod h1:dN/Of9/fNZet7UrQQ6kTDo/VSwKPIq94vjlU16bRARc= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.2.10 h1:L0ai8WICYHozIKK+OtPzVJBugL7culcuM4E4JOpIEm8= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.2.10/go.mod h1:byqfyxJBshFk0fF9YmK0M0ugIO8OWjzH2T3bPG4eGuA= github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.8.11 h1:e9AVb17H4x5FTE5KWIP5M1Du+9M86pS+Hw0lBUdN8EY= github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.8.11/go.mod h1:B90ZQJa36xo0ph9HsoteI1+r8owgQH/U1QNfqZQkj1Q= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 h1:Nf2sHxjMJR8CSImIVCONRi4g0Su3J+TSTbS7G0pUeMU= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9/go.mod h1:idky4TER38YIjr2cADF1/ugFMKvZV7p//pVeV5LZbF0= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.16.9 h1:iEAeF6YC3l4FzlJPP9H3Ko1TXpdjdqWffxXjp8SY6uk= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.16.9/go.mod h1:kjsXoK23q9Z/tLBrckZLLyvjhZoS+AGrzqzUfEClvMM= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 h1:DBYTXwIGQSGs9w4jKm60F5dmCQ3EEruxdc0MFh+3EY4= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10/go.mod h1:wohMUQiFdzo0NtxbBg0mSRGZ4vL3n0dKjLTINdcIino= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.16.10 h1:KOxnQeWy5sXyS37fdKEvAsGHOr9fa/qvwxfJurR/BzE= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.16.10/go.mod h1:jMx5INQFYFYB3lQD9W0D8Ohgq6Wnl7NYOJ2TQndbulI= github.com/aws/aws-sdk-go-v2/service/kafka v1.28.5 h1:yCkyZDGahaCaAkdpVx8Te05t6eW2FarBLunVC8S23nU= github.com/aws/aws-sdk-go-v2/service/kafka v1.28.5/go.mod h1:/KmX+vXMPJGAB56reo95tnsXa6QPNx6qli4L1AmYb7E= github.com/aws/aws-sdk-go-v2/service/kinesis v1.24.6 h1:FO/aIHk86VePDUh/3Q/A5pnvu45miO1GZB8rIq2BUlA= @@ -116,20 +119,20 @@ github.com/aws/aws-sdk-go-v2/service/rds v1.66.1 h1:TafjIpDW/+l7s+f3EIONaFsNvNfw github.com/aws/aws-sdk-go-v2/service/rds v1.66.1/go.mod h1:MYzRMSdY70kcS8AFg0aHmk/xj6VAe0UfaCCoLrBWPow= github.com/aws/aws-sdk-go-v2/service/redshift v1.39.7 h1:k4WaqQ7LHSGrSftCRXTRLv7WaozXu+fZ1jdisQSR2eU= github.com/aws/aws-sdk-go-v2/service/redshift v1.39.7/go.mod h1:8hU0Ax6q6QA+jrMcWTE0A4YH594MQoWP3EzGO3GH5Dw= -github.com/aws/aws-sdk-go-v2/service/s3 v1.47.7 h1:o0ASbVwUAIrfp/WcCac+6jioZt4Hd8k/1X8u7GJ/QeM= -github.com/aws/aws-sdk-go-v2/service/s3 v1.47.7/go.mod h1:vADO6Jn+Rq4nDtfwNjhgR84qkZwiC6FqCaXdw/kYwjA= +github.com/aws/aws-sdk-go-v2/service/s3 v1.48.1 h1:5XNlsBsEvBZBMO6p82y+sqpWg8j5aBCe+5C2GBFgqBQ= +github.com/aws/aws-sdk-go-v2/service/s3 v1.48.1/go.mod h1:4qXHrG1Ne3VGIMZPCB8OjH/pLFO94sKABIusjh0KWPU= github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.26.0 h1:dPCRgAL4WD9tSMaDglRNGOiAtSTjkwNiUW5GDpWFfHA= github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.26.0/go.mod h1:4Ae1NCLK6ghmjzd45Tc33GgCKhUWD2ORAlULtMO1Cbs= github.com/aws/aws-sdk-go-v2/service/sns v1.26.6 h1:w2YwF8889ardGU3Y0qZbJ4Zzh+Q/QqKZ4kwkK7JFvnI= github.com/aws/aws-sdk-go-v2/service/sns v1.26.6/go.mod h1:IrcbquqMupzndZ20BXxDxjM7XenTRhbwBOetk4+Z5oc= github.com/aws/aws-sdk-go-v2/service/sqs v1.29.6 h1:UdbDTllc7cmusTTMy1dcTrYKRl4utDEsmKh9ZjvhJCc= github.com/aws/aws-sdk-go-v2/service/sqs v1.29.6/go.mod h1:mCUv04gd/7g+/HNzDB4X6dzJuygji0ckvB3Lg/TdG5Y= -github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 h1:ldSFWz9tEHAwHNmjx2Cvy1MjP5/L9kNoR0skc6wyOOM= -github.com/aws/aws-sdk-go-v2/service/sso v1.18.5/go.mod h1:CaFfXLYL376jgbP7VKC96uFcU8Rlavak0UlAwk1Dlhc= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 h1:2k9KmFawS63euAkY4/ixVNsYYwrwnd5fIvgEKkfZFNM= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5/go.mod h1:W+nd4wWDVkSUIox9bacmkBP5NMFQeTJ/xqNabpzSR38= -github.com/aws/aws-sdk-go-v2/service/sts v1.26.6 h1:HJeiuZ2fldpd0WqngyMR6KW7ofkXNLyOaHwEIGm39Cs= -github.com/aws/aws-sdk-go-v2/service/sts v1.26.6/go.mod h1:XX5gh4CB7wAs4KhcF46G6C8a2i7eupU19dcAAE+EydU= +github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 h1:eajuO3nykDPdYicLlP3AGgOyVN3MOlFmZv7WGTuJPow= +github.com/aws/aws-sdk-go-v2/service/sso v1.18.7/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 h1:QPMJf+Jw8E1l7zqhZmMlFw6w1NmfkfiSK8mS4zOx3BA= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8= +github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 h1:NzO4Vrau795RkUdSHKEwiR01FaGzGOH1EETJ+5QHnm0= +github.com/aws/aws-sdk-go-v2/service/sts v1.26.7/go.mod h1:6h2YuIoxaMSCFf5fi1EgZAwdfkGMgDY+DVfa61uLe4U= github.com/aws/aws-sdk-go-v2/service/workspaces v1.35.6 h1:RrpjQ5xJN/AW0PCO7EGhhVsKq7BeNqkx5+h6p3QOeTU= github.com/aws/aws-sdk-go-v2/service/workspaces v1.35.6/go.mod h1:vkYsJdF9sZl/o1eoK8tSSjzAT+R87QjswOGSTZfyO0Y= github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM= @@ -138,76 +141,95 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA= +github.com/bytecodealliance/wasmtime-go/v3 v3.0.2/go.mod h1:RnUjnIXxEJcL6BgCvNyzCCRzZcxCgsZCi+RNlvYor5Q= +github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= +github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= +github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= +github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= +github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dgraph-io/badger/v3 v3.2103.5 h1:ylPa6qzbjYRQMU6jokoj4wzcaweHylt//CH0AKt0akg= +github.com/dgraph-io/badger/v3 v3.2103.5/go.mod h1:4MPiseMeDQ3FNCYwRbbcBOGJLf5jsE0PPFzRiKjtcdw= github.com/dgraph-io/ristretto v0.1.1 h1:6CWw5tJNgpegArSHpNHJKldNeq03FQCwYvfMVWajOK8= +github.com/dgraph-io/ristretto v0.1.1/go.mod h1:S1GPSBCYCIhmVNfcth17y2zZtQT6wzkzgwUve0VDWWA= github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48 h1:fRzb/w+pyskVMQ+UbP35JkH8yB7MYb4q/qhBarqZE6g= github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA= +github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= +github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/dlclark/regexp2 v1.4.0 h1:F1rxgk7p4uKjwIQxBs9oAXe5CqrXlCduYEJvrF4u93E= github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= -github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= -github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM= -github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= -github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= +github.com/docker/docker v25.0.2+incompatible h1:/OaKeauroa10K4Nqavw4zlhcDq/WBcPMc5DbjOGgozY= +github.com/docker/docker v25.0.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= +github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= +github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= +github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU= +github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= +github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= +github.com/foxcpp/go-mockdns v1.0.0/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4= github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY= +github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= +github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= github.com/go-git/go-git/v5 v5.11.0 h1:XIZc1p+8YzypNr34itUfSvYJcv+eYdTnTvOZ2vD3cA4= github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lKqXmCUiUCY= github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A= github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= -github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= +github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68= +github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg= +github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo= +github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= -github.com/google/flatbuffers v1.12.1 h1:MVlul7pQNoDzWRLTw5imwYsl+usrS1TXG2H4jg6ImGw= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/google/flatbuffers v2.0.8+incompatible h1:ivUb1cGomAB101ZM1T0nOiWz9pSrTMoa9+EiY7igmkM= +github.com/google/flatbuffers v2.0.8+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= -github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU= -github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0 h1:Wqo399gCIufwto+VfwCSvsnfGpF/w5E9CNxSwbpD6No= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0/go.mod h1:qmOFXW2epJhM0qSnUUYpldc7gVz2KMQwJ/QYCDIa7XU= github.com/hashicorp/hcl/v2 v2.19.1 h1://i05Jqznmb2EXqa39Nsvyan2o5XyMowW5fnCKW5RPI= github.com/hashicorp/hcl/v2 v2.19.1/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= @@ -220,54 +242,64 @@ github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.16.6 h1:91SKEy4K37vkp255cJ8QesJhjyRO0hn9i9G0GoUwLsk= +github.com/klauspost/compress v1.17.2 h1:RlWWUY/Dr4fL8qk9YG7DTZ7PDgME2V4csBXA8L/ixi4= +github.com/klauspost/compress v1.17.2/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= +github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/liamg/iamgo v0.0.9 h1:tADGm3xVotyRJmuKKaH4+zsBn7LOcvgdpuF3WsSKW3c= github.com/liamg/iamgo v0.0.9/go.mod h1:Kk6ZxBF/GQqG9nnaUjIi6jf+WXNpeOTyhwc6gnguaZQ= github.com/liamg/jfather v0.0.7 h1:Xf78zS263yfT+xr2VSo6+kyAy4ROlCacRqJG7s5jt4k= github.com/liamg/jfather v0.0.7/go.mod h1:xXBGiBoiZ6tmHhfy5Jzw8sugzajwYdi6VosIpB3/cPM= github.com/liamg/memoryfs v1.6.0 h1:jAFec2HI1PgMTem5gR7UT8zi9u4BfG5jorCRlLH06W8= github.com/liamg/memoryfs v1.6.0/go.mod h1:z7mfqXFQS8eSeBBsFjYLlxYRMRyiPktytvYCYTb3BSk= -github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= -github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= -github.com/miekg/dns v1.1.43 h1:JKfpVSCB84vrAmHzyrsxB5NAr5kLoMXZArPSw7Qlgyg= +github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg= +github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= +github.com/miekg/dns v1.1.53 h1:ZBkuHr5dxHtB1caEOlZTLPo7D3L3TWckgUUs/RHfDxw= +github.com/miekg/dns v1.1.53/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= +github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= +github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= -github.com/open-policy-agent/opa v0.60.0 h1:ZPoPt4yeNs5UXCpd/P/btpSyR8CR0wfhVoh9BOwgJNs= -github.com/open-policy-agent/opa v0.60.0/go.mod h1:aD5IK6AiLNYBjNXn7E02++yC8l4Z+bRDvgM6Ss0bBzA= +github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= +github.com/open-policy-agent/opa v0.61.0 h1:nhncQ2CAYtQTV/SMBhDDPsCpCQsUW+zO/1j+T5V7oZg= +github.com/open-policy-agent/opa v0.61.0/go.mod h1:7OUuzJnsS9yHf8lw0ApfcbrnaRG1EkN3J2fuuqi4G/E= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI= -github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= +github.com/opencontainers/image-spec v1.1.0-rc6 h1:XDqvyKsJEbRtATzkgItUqBA7QHk58yxX1Ov9HERHNqU= +github.com/opencontainers/image-spec v1.1.0-rc6/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= github.com/owenrumney/squealer v1.2.1 h1:4ryMMT59aaz8VMsqsD+FDkarADJz0F1dcq2fd0DRR+c= github.com/owenrumney/squealer v1.2.1/go.mod h1:7D0a/+Bouwy504YhaWsBYW73kyklSEq1MNf6zsNoTRg= github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8= -github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= -github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= -github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= -github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= -github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY= -github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg= -github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= +github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= +github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= +github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= +github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM= +github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= +github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= +github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= +github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= @@ -297,18 +329,25 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t github.com/zclconf/go-cty v1.13.0 h1:It5dfKTTZHe9aeppbNOda3mN7Ag7sg6QkBNm6TkyFa0= github.com/zclconf/go-cty v1.13.0/go.mod h1:YKQzy/7pZ7iq2jNFzy5go57xdxdWoLLpaEp4u238AE0= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= +go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 h1:aFJWCqJMNjENlcleuuOkGAPH82y0yULBScfXcIEdS24= -go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc= -go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 h1:cl5P5/GIfFh4t6xyruOgJP5QiA1pw4fYYdv6nc6CBWw= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo= +go.opentelemetry.io/otel v1.23.1 h1:Za4UzOqJYS+MUczKI320AtqZHZb7EqxO00jAHE0jmQY= +go.opentelemetry.io/otel v1.23.1/go.mod h1:Td0134eafDLcTS4y+zQ26GE8u3dEuRBiBCTUIRHaikA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.23.1 h1:o8iWeVFa1BcLtVEV0LzrCxV2/55tB3xLxADr6Kyoey4= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.23.1/go.mod h1:SEVfdK4IoBnbT2FXNM/k8yC08MrfbhWk3U4ljM8B3HE= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 h1:tIqheXEFWAZ7O8A7m+J0aPTmpJN3YQ7qetUAdkkkKpk= -go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4= -go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM= -go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8= -go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E= -go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc= -go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ= -go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0/go.mod h1:nUeKExfxAQVbiVFn32YXpXZZHZ61Cc3s3Rn1pDBGAb0= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.23.1 h1:cfuy3bXmLJS7M1RZmAL6SuhGtKUp2KEsrm00OlAXkq4= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.23.1/go.mod h1:22jr92C6KwlwItJmQzfixzQM3oyyuYLCfHiMY+rpsPU= +go.opentelemetry.io/otel/metric v1.23.1 h1:PQJmqJ9u2QaJLBOELl1cxIdPcpbwzbkjfEyelTl2rlo= +go.opentelemetry.io/otel/metric v1.23.1/go.mod h1:mpG2QPlAfnK8yNhNJAxDZruU9Y1/HubbC+KyH8FaCWI= +go.opentelemetry.io/otel/sdk v1.23.1 h1:O7JmZw0h76if63LQdsBMKQDWNb5oEcOThG9IrxscV+E= +go.opentelemetry.io/otel/sdk v1.23.1/go.mod h1:LzdEVR5am1uKOOwfBWFef2DCi1nu3SA8XQxx2IerWFk= +go.opentelemetry.io/otel/trace v1.23.1 h1:4LrmmEd8AU2rFvU1zegmvqW7+kWarxtNOPyeL6HmYY8= +go.opentelemetry.io/otel/trace v1.23.1/go.mod h1:4IpnpJFwr1mo/6HL8XIPJaE9y0+u1KcVmuW7dwFSVrI= +go.opentelemetry.io/proto/otlp v1.1.0 h1:2Di21piLrCqJ3U3eXGCTPHE9R8Nh+0uglSnOyxikMeI= +go.opentelemetry.io/proto/otlp v1.1.0/go.mod h1:GpBHCBWiqvVLDqmHZsoMM3C5ySeKTC7ej/RNTae6MdY= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -322,8 +361,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY= -golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= +golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -331,19 +370,18 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= +golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -355,7 +393,6 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -364,11 +401,11 @@ golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE= +golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -379,28 +416,32 @@ golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ= -golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= +golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= +golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97 h1:W18sezcAYs+3tDZX4F80yctqa12jcP1PUS2gQu1zTPU= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97 h1:6GQBEOdGkX6MMTLT9V+TjtIRZCw9VPD5Z+yHY9wMgS0= -google.golang.org/grpc v1.60.1 h1:26+wFr+cNqSGFcOXcabYC0lUVJVRa2Sb2ortSK7VrEU= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= -google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 h1:wpZ8pe2x1Q3f2KyT5f8oP/fa9rHAKgFPr/HZdNuS+PQ= +google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 h1:rcS6EyEaoCO52hQDupoSfrxI3R6C2Tq741is7X8OvnM= +google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917/go.mod h1:CmlNWB9lSezaYELKS5Ym1r44VrrbPUa7JTvw+6MbpJ0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 h1:6G8oQ016D88m1xAKljMlBOOGWDZkes4kMhgGFlf8WcQ= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917/go.mod h1:xtjpI3tXFPP051KaWnhvxkiubL/6dJ18vLVf7q2pTOU= +google.golang.org/grpc v1.61.0 h1:TOvOcuXn30kRao+gfcvsebNEa5iZIiLkisYEkf7R7o0= +google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= +google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= +google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/internal/adapters/cloud/adapt.go b/internal/adapters/cloud/adapt.go index 0481ead..428d5d7 100644 --- a/internal/adapters/cloud/adapt.go +++ b/internal/adapters/cloud/adapt.go @@ -3,9 +3,9 @@ package cloud import ( "context" - "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/options" + "github.com/aquasecurity/trivy/pkg/iac/state" ) // Adapt ... diff --git a/internal/adapters/cloud/aws/accessanalyzer/adapt.go b/internal/adapters/cloud/aws/accessanalyzer/adapt.go index 23b7d4f..2bebf96 100644 --- a/internal/adapters/cloud/aws/accessanalyzer/adapt.go +++ b/internal/adapters/cloud/aws/accessanalyzer/adapt.go @@ -3,10 +3,10 @@ package api_gateway import ( "fmt" - "github.com/aquasecurity/defsec/pkg/providers/aws/accessanalyzer" - "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/accessanalyzer" + "github.com/aquasecurity/trivy/pkg/iac/state" + "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aws/aws-sdk-go-v2/aws/arn" api "github.com/aws/aws-sdk-go-v2/service/accessanalyzer" aatypes "github.com/aws/aws-sdk-go-v2/service/accessanalyzer/types" diff --git a/internal/adapters/cloud/aws/adapt.go b/internal/adapters/cloud/aws/adapt.go index 4c7cd6a..4fc74d8 100644 --- a/internal/adapters/cloud/aws/adapt.go +++ b/internal/adapters/cloud/aws/adapt.go @@ -4,17 +4,17 @@ import ( "context" "fmt" - "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy-aws/pkg/concurrency" "github.com/aquasecurity/trivy-aws/pkg/errs" + "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/debug" + "github.com/aquasecurity/trivy/pkg/iac/debug" "github.com/aws/aws-sdk-go-v2/service/sts" - "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/options" "github.com/aquasecurity/trivy-aws/pkg/progress" + "github.com/aquasecurity/trivy/pkg/iac/state" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/aws/arn" "github.com/aws/aws-sdk-go-v2/config" diff --git a/internal/adapters/cloud/aws/api-gateway/adapt.go b/internal/adapters/cloud/aws/api-gateway/adapt.go index 8f618e0..292393c 100644 --- a/internal/adapters/cloud/aws/api-gateway/adapt.go +++ b/internal/adapters/cloud/aws/api-gateway/adapt.go @@ -1,8 +1,8 @@ package api_gateway import ( - "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" + "github.com/aquasecurity/trivy/pkg/iac/state" apiv1 "github.com/aws/aws-sdk-go-v2/service/apigateway" apiv2 "github.com/aws/aws-sdk-go-v2/service/apigatewayv2" ) diff --git a/internal/adapters/cloud/aws/api-gateway/apis_v1.go b/internal/adapters/cloud/aws/api-gateway/apis_v1.go index 70aa480..e180978 100644 --- a/internal/adapters/cloud/aws/api-gateway/apis_v1.go +++ b/internal/adapters/cloud/aws/api-gateway/apis_v1.go @@ -3,8 +3,8 @@ package api_gateway import ( "fmt" - v1 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v1" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + v1 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v1" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" api "github.com/aws/aws-sdk-go-v2/service/apigateway" agTypes "github.com/aws/aws-sdk-go-v2/service/apigateway/types" @@ -71,9 +71,9 @@ func (a *adapter) adaptRestAPIV1(restAPI agTypes.RestApi) (*v1.API, error) { resourcesInput.Position = resourcesOutput.Position } - name := defsecTypes.StringDefault("", metadata) + name := trivyTypes.StringDefault("", metadata) if restAPI.Name != nil { - name = defsecTypes.String(*restAPI.Name, metadata) + name = trivyTypes.String(*restAPI.Name, metadata) } return &v1.API{ @@ -96,15 +96,15 @@ func (a *adapter) adaptStageV1(restAPI agTypes.RestApi, stage agTypes.Stage) v1. for method, setting := range stage.MethodSettings { methodSettings = append(methodSettings, v1.RESTMethodSettings{ Metadata: metadata, - Method: defsecTypes.String(method, metadata), - CacheDataEncrypted: defsecTypes.Bool(setting.CacheDataEncrypted, metadata), - CacheEnabled: defsecTypes.Bool(setting.CachingEnabled, metadata), + Method: trivyTypes.String(method, metadata), + CacheDataEncrypted: trivyTypes.Bool(setting.CacheDataEncrypted, metadata), + CacheEnabled: trivyTypes.Bool(setting.CachingEnabled, metadata), }) } - name := defsecTypes.StringDefault("", metadata) + name := trivyTypes.StringDefault("", metadata) if stage.StageName != nil { - name = defsecTypes.String(*stage.StageName, metadata) + name = trivyTypes.String(*stage.StageName, metadata) } return v1.Stage{ @@ -112,10 +112,10 @@ func (a *adapter) adaptStageV1(restAPI agTypes.RestApi, stage agTypes.Stage) v1. Name: name, AccessLogging: v1.AccessLogging{ Metadata: metadata, - CloudwatchLogGroupARN: defsecTypes.String(logARN, metadata), + CloudwatchLogGroupARN: trivyTypes.String(logARN, metadata), }, RESTMethodSettings: methodSettings, - XRayTracingEnabled: defsecTypes.Bool(stage.TracingEnabled, metadata), + XRayTracingEnabled: trivyTypes.Bool(stage.TracingEnabled, metadata), } } @@ -130,17 +130,17 @@ func (a *adapter) adaptResourceV1(restAPI agTypes.RestApi, apiResource agTypes.R for _, method := range apiResource.ResourceMethods { metadata := a.CreateMetadata(fmt.Sprintf("/restapis/%s/resources/%s/methods/%s", *restAPI.Id, *apiResource.Id, *method.HttpMethod)) - httpMethod := defsecTypes.StringDefault("", metadata) + httpMethod := trivyTypes.StringDefault("", metadata) if method.HttpMethod != nil { - httpMethod = defsecTypes.String(*method.HttpMethod, metadata) + httpMethod = trivyTypes.String(*method.HttpMethod, metadata) } - authType := defsecTypes.StringDefault("", metadata) + authType := trivyTypes.StringDefault("", metadata) if method.AuthorizationType != nil { - authType = defsecTypes.String(*method.AuthorizationType, metadata) + authType = trivyTypes.String(*method.AuthorizationType, metadata) } - keyRequired := defsecTypes.BoolDefault(false, metadata) + keyRequired := trivyTypes.BoolDefault(false, metadata) if method.ApiKeyRequired != nil { - keyRequired = defsecTypes.Bool(*method.ApiKeyRequired, metadata) + keyRequired = trivyTypes.Bool(*method.ApiKeyRequired, metadata) } resource.Methods = append(resource.Methods, v1.Method{ Metadata: metadata, diff --git a/internal/adapters/cloud/aws/api-gateway/apis_v2.go b/internal/adapters/cloud/aws/api-gateway/apis_v2.go index ffccbef..b00e46e 100644 --- a/internal/adapters/cloud/aws/api-gateway/apis_v2.go +++ b/internal/adapters/cloud/aws/api-gateway/apis_v2.go @@ -3,8 +3,8 @@ package api_gateway import ( "fmt" - v2 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v2" - "github.com/aquasecurity/defsec/pkg/types" + v2 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v2" + "github.com/aquasecurity/trivy/pkg/iac/types" api "github.com/aws/aws-sdk-go-v2/service/apigatewayv2" agTypes "github.com/aws/aws-sdk-go-v2/service/apigatewayv2/types" diff --git a/internal/adapters/cloud/aws/api-gateway/domains_v1.go b/internal/adapters/cloud/aws/api-gateway/domains_v1.go index 70a7fb7..c23d06d 100644 --- a/internal/adapters/cloud/aws/api-gateway/domains_v1.go +++ b/internal/adapters/cloud/aws/api-gateway/domains_v1.go @@ -3,8 +3,8 @@ package api_gateway import ( "fmt" - v1 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v1" - "github.com/aquasecurity/defsec/pkg/types" + v1 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v1" + "github.com/aquasecurity/trivy/pkg/iac/types" api "github.com/aws/aws-sdk-go-v2/service/apigateway" agTypes "github.com/aws/aws-sdk-go-v2/service/apigateway/types" diff --git a/internal/adapters/cloud/aws/api-gateway/domains_v2.go b/internal/adapters/cloud/aws/api-gateway/domains_v2.go index e029f13..d83efc2 100644 --- a/internal/adapters/cloud/aws/api-gateway/domains_v2.go +++ b/internal/adapters/cloud/aws/api-gateway/domains_v2.go @@ -3,8 +3,8 @@ package api_gateway import ( "fmt" - v2 "github.com/aquasecurity/defsec/pkg/providers/aws/apigateway/v2" - "github.com/aquasecurity/defsec/pkg/types" + v2 "github.com/aquasecurity/trivy/pkg/iac/providers/aws/apigateway/v2" + "github.com/aquasecurity/trivy/pkg/iac/types" api "github.com/aws/aws-sdk-go-v2/service/apigatewayv2" agTypes "github.com/aws/aws-sdk-go-v2/service/apigatewayv2/types" diff --git a/internal/adapters/cloud/aws/athena/adapt.go b/internal/adapters/cloud/aws/athena/adapt.go index b09cade..c32f029 100644 --- a/internal/adapters/cloud/aws/athena/adapt.go +++ b/internal/adapters/cloud/aws/athena/adapt.go @@ -3,10 +3,10 @@ package athena import ( "fmt" - "github.com/aquasecurity/defsec/pkg/providers/aws/athena" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/athena" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" api "github.com/aws/aws-sdk-go-v2/service/athena" "github.com/aws/aws-sdk-go-v2/service/athena/types" @@ -96,9 +96,9 @@ func (a *adapter) adaptWorkgroup(workgroup types.WorkGroupSummary) (*athena.Work } - name := defsecTypes.StringDefault("", metadata) + name := trivyTypes.StringDefault("", metadata) if workgroup.Name != nil { - name = defsecTypes.String(*workgroup.Name, metadata) + name = trivyTypes.String(*workgroup.Name, metadata) } return &athena.Workgroup{ @@ -106,9 +106,9 @@ func (a *adapter) adaptWorkgroup(workgroup types.WorkGroupSummary) (*athena.Work Name: name, Encryption: athena.EncryptionConfiguration{ Metadata: metadata, - Type: defsecTypes.String(encType, metadata), + Type: trivyTypes.String(encType, metadata), }, - EnforceConfiguration: defsecTypes.Bool(enforce, metadata), + EnforceConfiguration: trivyTypes.Bool(enforce, metadata), }, nil } @@ -168,9 +168,9 @@ func (a *adapter) getDatabasesForCatalogue(catalog types.DataCatalogSummary) ([] func (a *adapter) adaptDatabase(database types.Database) (*athena.Database, error) { metadata := a.CreateMetadata("database/" + *database.Name) - name := defsecTypes.StringDefault("", metadata) + name := trivyTypes.StringDefault("", metadata) if database.Name != nil { - name = defsecTypes.String(*database.Name, metadata) + name = trivyTypes.String(*database.Name, metadata) } return &athena.Database{ @@ -179,7 +179,7 @@ func (a *adapter) adaptDatabase(database types.Database) (*athena.Database, erro Encryption: athena.EncryptionConfiguration{ Metadata: metadata, // see https://stackoverflow.com/questions/72456689/what-does-encryption-configuration-in-terraform-aws-athena-database-resource - Type: defsecTypes.String("", defsecTypes.NewUnmanagedMetadata()), + Type: trivyTypes.String("", trivyTypes.NewUnmanagedMetadata()), }, }, nil } diff --git a/internal/adapters/cloud/aws/cloudfront/adapt.go b/internal/adapters/cloud/aws/cloudfront/adapt.go index 8c10fda..2fda2a9 100644 --- a/internal/adapters/cloud/aws/cloudfront/adapt.go +++ b/internal/adapters/cloud/aws/cloudfront/adapt.go @@ -1,10 +1,10 @@ package cloudfront import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/cloudfront" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudfront" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" api "github.com/aws/aws-sdk-go-v2/service/cloudfront" "github.com/aws/aws-sdk-go-v2/service/cloudfront/types" @@ -95,7 +95,7 @@ func (a *adapter) adaptDistribution(distribution types.DistributionSummary) (*cl for _, cacheBehaviour := range config.DistributionConfig.CacheBehaviors.Items { cacheBehaviours = append(cacheBehaviours, cloudfront.CacheBehaviour{ Metadata: metadata, - ViewerProtocolPolicy: defsecTypes.String(string(cacheBehaviour.ViewerProtocolPolicy), metadata), + ViewerProtocolPolicy: trivyTypes.String(string(cacheBehaviour.ViewerProtocolPolicy), metadata), }) } @@ -106,19 +106,19 @@ func (a *adapter) adaptDistribution(distribution types.DistributionSummary) (*cl return &cloudfront.Distribution{ Metadata: metadata, - WAFID: defsecTypes.String(wafID, metadata), + WAFID: trivyTypes.String(wafID, metadata), Logging: cloudfront.Logging{ Metadata: metadata, - Bucket: defsecTypes.String(loggingBucket, metadata), + Bucket: trivyTypes.String(loggingBucket, metadata), }, DefaultCacheBehaviour: cloudfront.CacheBehaviour{ Metadata: metadata, - ViewerProtocolPolicy: defsecTypes.String(defaultCacheBehaviour, metadata), + ViewerProtocolPolicy: trivyTypes.String(defaultCacheBehaviour, metadata), }, OrdererCacheBehaviours: cacheBehaviours, ViewerCertificate: cloudfront.ViewerCertificate{ Metadata: metadata, - MinimumProtocolVersion: defsecTypes.String(minimumProtocolVersion, metadata), + MinimumProtocolVersion: trivyTypes.String(minimumProtocolVersion, metadata), }, }, nil } diff --git a/internal/adapters/cloud/aws/cloudtrail/adapt.go b/internal/adapters/cloud/aws/cloudtrail/adapt.go index 04f5b3b..ff8b30c 100644 --- a/internal/adapters/cloud/aws/cloudtrail/adapt.go +++ b/internal/adapters/cloud/aws/cloudtrail/adapt.go @@ -1,10 +1,10 @@ package cloudtrail import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/cloudtrail" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudtrail" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" api "github.com/aws/aws-sdk-go-v2/service/cloudtrail" "github.com/aws/aws-sdk-go-v2/service/cloudtrail/types" @@ -88,9 +88,9 @@ func (a *adapter) adaptTrail(info types.TrailInfo) (*cloudtrail.Trail, error) { return nil, err } - cloudWatchLogsArn := defsecTypes.StringDefault("", metadata) + cloudWatchLogsArn := trivyTypes.StringDefault("", metadata) if response.Trail.CloudWatchLogsLogGroupArn != nil { - cloudWatchLogsArn = defsecTypes.String(*response.Trail.CloudWatchLogsLogGroupArn, metadata) + cloudWatchLogsArn = trivyTypes.String(*response.Trail.CloudWatchLogsLogGroupArn, metadata) } var bucketName string @@ -98,14 +98,14 @@ func (a *adapter) adaptTrail(info types.TrailInfo) (*cloudtrail.Trail, error) { bucketName = *response.Trail.S3BucketName } - name := defsecTypes.StringDefault("", metadata) + name := trivyTypes.StringDefault("", metadata) if info.Name != nil { - name = defsecTypes.String(*info.Name, metadata) + name = trivyTypes.String(*info.Name, metadata) } - isLogging := defsecTypes.BoolDefault(false, metadata) + isLogging := trivyTypes.BoolDefault(false, metadata) if status.IsLogging != nil { - isLogging = defsecTypes.Bool(*status.IsLogging, metadata) + isLogging = trivyTypes.Bool(*status.IsLogging, metadata) } var eventSelectors []cloudtrail.EventSelector @@ -119,13 +119,13 @@ func (a *adapter) adaptTrail(info types.TrailInfo) (*cloudtrail.Trail, error) { for _, eventSelector := range output.EventSelectors { var resources []cloudtrail.DataResource for _, dataResource := range eventSelector.DataResources { - typ := defsecTypes.StringDefault("", metadata) + typ := trivyTypes.StringDefault("", metadata) if dataResource.Type != nil { - typ = defsecTypes.String(*dataResource.Type, metadata) + typ = trivyTypes.String(*dataResource.Type, metadata) } - var values defsecTypes.StringValueList + var values trivyTypes.StringValueList for _, value := range dataResource.Values { - values = append(values, defsecTypes.String(value, metadata)) + values = append(values, trivyTypes.String(value, metadata)) } resources = append(resources, cloudtrail.DataResource{ Metadata: metadata, @@ -136,7 +136,7 @@ func (a *adapter) adaptTrail(info types.TrailInfo) (*cloudtrail.Trail, error) { eventSelectors = append(eventSelectors, cloudtrail.EventSelector{ Metadata: metadata, DataResources: resources, - ReadWriteType: defsecTypes.String(string(eventSelector.ReadWriteType), metadata), + ReadWriteType: trivyTypes.String(string(eventSelector.ReadWriteType), metadata), }) } } @@ -144,12 +144,12 @@ func (a *adapter) adaptTrail(info types.TrailInfo) (*cloudtrail.Trail, error) { return &cloudtrail.Trail{ Metadata: metadata, Name: name, - EnableLogFileValidation: defsecTypes.Bool(response.Trail.LogFileValidationEnabled != nil && *response.Trail.LogFileValidationEnabled, metadata), - IsMultiRegion: defsecTypes.Bool(response.Trail.IsMultiRegionTrail != nil && *response.Trail.IsMultiRegionTrail, metadata), + EnableLogFileValidation: trivyTypes.Bool(response.Trail.LogFileValidationEnabled != nil && *response.Trail.LogFileValidationEnabled, metadata), + IsMultiRegion: trivyTypes.Bool(response.Trail.IsMultiRegionTrail != nil && *response.Trail.IsMultiRegionTrail, metadata), CloudWatchLogsLogGroupArn: cloudWatchLogsArn, - KMSKeyID: defsecTypes.String(kmsKeyId, metadata), + KMSKeyID: trivyTypes.String(kmsKeyId, metadata), IsLogging: isLogging, - BucketName: defsecTypes.String(bucketName, metadata), + BucketName: trivyTypes.String(bucketName, metadata), EventSelectors: eventSelectors, }, nil } diff --git a/internal/adapters/cloud/aws/cloudwatch/adapt.go b/internal/adapters/cloud/aws/cloudwatch/adapt.go index fa0b078..6ded5a9 100644 --- a/internal/adapters/cloud/aws/cloudwatch/adapt.go +++ b/internal/adapters/cloud/aws/cloudwatch/adapt.go @@ -1,10 +1,10 @@ package cloudwatch import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/cloudwatch" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudwatch" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" cwApi "github.com/aws/aws-sdk-go-v2/service/cloudwatch" cwTypes "github.com/aws/aws-sdk-go-v2/service/cloudwatch/types" api "github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs" @@ -121,22 +121,22 @@ func (a *adapter) adaptLogGroup(group types.LogGroup) (*cloudwatch.LogGroup, err } - arn := defsecTypes.StringDefault("", metadata) + arn := trivyTypes.StringDefault("", metadata) if group.Arn != nil { - arn = defsecTypes.String(*group.Arn, metadata) + arn = trivyTypes.String(*group.Arn, metadata) } - name := defsecTypes.StringDefault("", metadata) + name := trivyTypes.StringDefault("", metadata) if group.LogGroupName != nil { - name = defsecTypes.String(*group.LogGroupName, metadata) + name = trivyTypes.String(*group.LogGroupName, metadata) } return &cloudwatch.LogGroup{ Metadata: metadata, Arn: arn, Name: name, - KMSKeyID: defsecTypes.String(kmsKeyId, metadata), - RetentionInDays: defsecTypes.Int(retentionInDays, metadata), + KMSKeyID: trivyTypes.String(kmsKeyId, metadata), + RetentionInDays: trivyTypes.Int(retentionInDays, metadata), MetricFilters: metricFilters, }, nil } @@ -148,14 +148,14 @@ func (a *adapter) adaptAlarm(alarm cwTypes.MetricAlarm) (*cloudwatch.Alarm, erro var dimensions []cloudwatch.AlarmDimension for _, dimension := range alarm.Dimensions { - name := defsecTypes.StringDefault("", metadata) + name := trivyTypes.StringDefault("", metadata) if dimension.Name != nil { - name = defsecTypes.String(*dimension.Name, metadata) + name = trivyTypes.String(*dimension.Name, metadata) } - value := defsecTypes.StringDefault("", metadata) + value := trivyTypes.StringDefault("", metadata) if dimension.Value != nil { - value = defsecTypes.String(*dimension.Value, metadata) + value = trivyTypes.String(*dimension.Value, metadata) } dimensions = append(dimensions, cloudwatch.AlarmDimension{ @@ -168,14 +168,14 @@ func (a *adapter) adaptAlarm(alarm cwTypes.MetricAlarm) (*cloudwatch.Alarm, erro var metrics []cloudwatch.MetricDataQuery for _, metric := range alarm.Metrics { - id := defsecTypes.StringDefault("", metadata) + id := trivyTypes.StringDefault("", metadata) if metric.Id != nil { - id = defsecTypes.String(*metric.Id, metadata) + id = trivyTypes.String(*metric.Id, metadata) } - expression := defsecTypes.StringDefault("", metadata) + expression := trivyTypes.StringDefault("", metadata) if metric.Expression != nil { - expression = defsecTypes.String(*metric.Expression, metadata) + expression = trivyTypes.String(*metric.Expression, metadata) } metrics = append(metrics, cloudwatch.MetricDataQuery{ @@ -185,14 +185,14 @@ func (a *adapter) adaptAlarm(alarm cwTypes.MetricAlarm) (*cloudwatch.Alarm, erro }) } - name := defsecTypes.StringDefault("", metadata) + name := trivyTypes.StringDefault("", metadata) if alarm.AlarmName != nil { - name = defsecTypes.String(*alarm.AlarmName, metadata) + name = trivyTypes.String(*alarm.AlarmName, metadata) } - metric := defsecTypes.StringDefault("", metadata) + metric := trivyTypes.StringDefault("", metadata) if alarm.MetricName != nil { - metric = defsecTypes.String(*alarm.MetricName, metadata) + metric = trivyTypes.String(*alarm.MetricName, metadata) } return &cloudwatch.Alarm{ @@ -204,7 +204,7 @@ func (a *adapter) adaptAlarm(alarm cwTypes.MetricAlarm) (*cloudwatch.Alarm, erro }, nil } -func (a *adapter) getMetricFilters(name *string, metadata defsecTypes.Metadata) ([]cloudwatch.MetricFilter, error) { +func (a *adapter) getMetricFilters(name *string, metadata trivyTypes.Metadata) ([]cloudwatch.MetricFilter, error) { var apiMetricFilters []types.MetricFilter input := api.DescribeMetricFiltersInput{ @@ -226,14 +226,14 @@ func (a *adapter) getMetricFilters(name *string, metadata defsecTypes.Metadata) var metricFilters []cloudwatch.MetricFilter for _, mf := range apiMetricFilters { - name := defsecTypes.StringDefault("", metadata) + name := trivyTypes.StringDefault("", metadata) if mf.FilterName != nil { - name = defsecTypes.String(*mf.FilterName, metadata) + name = trivyTypes.String(*mf.FilterName, metadata) } - pattern := defsecTypes.StringDefault("", metadata) + pattern := trivyTypes.StringDefault("", metadata) if mf.FilterPattern != nil { - pattern = defsecTypes.String(*mf.FilterPattern, metadata) + pattern = trivyTypes.String(*mf.FilterPattern, metadata) } metricFilters = append(metricFilters, cloudwatch.MetricFilter{ Metadata: metadata, diff --git a/internal/adapters/cloud/aws/codebuild/adapt.go b/internal/adapters/cloud/aws/codebuild/adapt.go index 94de7a9..b525ddc 100644 --- a/internal/adapters/cloud/aws/codebuild/adapt.go +++ b/internal/adapters/cloud/aws/codebuild/adapt.go @@ -1,10 +1,10 @@ package codebuild import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/codebuild" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/codebuild" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" api "github.com/aws/aws-sdk-go-v2/service/codebuild" "github.com/aquasecurity/trivy-aws/pkg/concurrency" @@ -92,7 +92,7 @@ func (a *adapter) adaptProject(name string) (*codebuild.Project, error) { } secondaryArtifactSettings = append(secondaryArtifactSettings, codebuild.ArtifactSettings{ Metadata: metadata, - EncryptionEnabled: defsecTypes.Bool(encryptionEnabled, metadata), + EncryptionEnabled: trivyTypes.Bool(encryptionEnabled, metadata), }) } @@ -100,7 +100,7 @@ func (a *adapter) adaptProject(name string) (*codebuild.Project, error) { Metadata: metadata, ArtifactSettings: codebuild.ArtifactSettings{ Metadata: metadata, - EncryptionEnabled: defsecTypes.Bool(encryptionEnabled, metadata), + EncryptionEnabled: trivyTypes.Bool(encryptionEnabled, metadata), }, SecondaryArtifactSettings: secondaryArtifactSettings, }, nil diff --git a/internal/adapters/cloud/aws/documentdb/adapt.go b/internal/adapters/cloud/aws/documentdb/adapt.go index 64fa72f..b2a9a43 100644 --- a/internal/adapters/cloud/aws/documentdb/adapt.go +++ b/internal/adapters/cloud/aws/documentdb/adapt.go @@ -1,9 +1,9 @@ package documentdb import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/documentdb" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/documentdb" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" api "github.com/aws/aws-sdk-go-v2/service/docdb" docdbTypes "github.com/aws/aws-sdk-go-v2/service/docdb/types" @@ -70,9 +70,9 @@ func (a *adapter) adaptCluster(cluster docdbTypes.DBCluster) (*documentdb.Cluste metadata := a.CreateMetadataFromARN(*cluster.DBClusterArn) - var logExports []defsecTypes.StringValue + var logExports []trivyTypes.StringValue for _, export := range cluster.EnabledCloudwatchLogsExports { - logExports = append(logExports, defsecTypes.String(export, metadata)) + logExports = append(logExports, trivyTypes.String(export, metadata)) } var instances []documentdb.Instance @@ -89,7 +89,7 @@ func (a *adapter) adaptCluster(cluster docdbTypes.DBCluster) (*documentdb.Cluste } instances = append(instances, documentdb.Instance{ Metadata: metadata, - KMSKeyID: defsecTypes.String(kmsKeyId, metadata), + KMSKeyID: trivyTypes.String(kmsKeyId, metadata), }) } diff --git a/internal/adapters/cloud/aws/dynamodb/dynamodb.go b/internal/adapters/cloud/aws/dynamodb/dynamodb.go index a87bc01..12510d0 100644 --- a/internal/adapters/cloud/aws/dynamodb/dynamodb.go +++ b/internal/adapters/cloud/aws/dynamodb/dynamodb.go @@ -1,10 +1,10 @@ package dynamodb import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/dynamodb" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" aws2 "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/dynamodb" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aws/aws-sdk-go-v2/aws" dynamodbApi "github.com/aws/aws-sdk-go-v2/service/dynamodb" dynamodbTypes "github.com/aws/aws-sdk-go-v2/service/dynamodb/types" @@ -78,20 +78,20 @@ func (a *adapter) adaptTable(tableName string) (*dynamodb.Table, error) { } encryption := dynamodb.ServerSideEncryption{ Metadata: tableMetadata, - Enabled: defsecTypes.BoolDefault(false, tableMetadata), - KMSKeyID: defsecTypes.StringDefault("", tableMetadata), + Enabled: trivyTypes.BoolDefault(false, tableMetadata), + KMSKeyID: trivyTypes.StringDefault("", tableMetadata), } if table.Table.SSEDescription != nil { if table.Table.SSEDescription.Status == dynamodbTypes.SSEStatusEnabled { - encryption.Enabled = defsecTypes.BoolDefault(true, tableMetadata) + encryption.Enabled = trivyTypes.BoolDefault(true, tableMetadata) } if table.Table.SSEDescription.KMSMasterKeyArn != nil { - encryption.KMSKeyID = defsecTypes.StringDefault(*table.Table.SSEDescription.KMSMasterKeyArn, tableMetadata) + encryption.KMSKeyID = trivyTypes.StringDefault(*table.Table.SSEDescription.KMSMasterKeyArn, tableMetadata) } } - pitRecovery := defsecTypes.Bool(false, tableMetadata) + pitRecovery := trivyTypes.Bool(false, tableMetadata) continuousBackup, err := a.client.DescribeContinuousBackups(a.Context(), &dynamodbApi.DescribeContinuousBackupsInput{ TableName: aws.String(tableName), }) @@ -99,7 +99,7 @@ func (a *adapter) adaptTable(tableName string) (*dynamodb.Table, error) { if err != nil && continuousBackup != nil && continuousBackup.ContinuousBackupsDescription != nil && continuousBackup.ContinuousBackupsDescription.PointInTimeRecoveryDescription != nil { if continuousBackup.ContinuousBackupsDescription.PointInTimeRecoveryDescription.PointInTimeRecoveryStatus == dynamodbTypes.PointInTimeRecoveryStatusEnabled { - pitRecovery = defsecTypes.BoolDefault(true, tableMetadata) + pitRecovery = trivyTypes.BoolDefault(true, tableMetadata) } } diff --git a/internal/adapters/cloud/aws/ec2/autoscaling.go b/internal/adapters/cloud/aws/ec2/autoscaling.go index 25e49e8..5cb2da8 100644 --- a/internal/adapters/cloud/aws/ec2/autoscaling.go +++ b/internal/adapters/cloud/aws/ec2/autoscaling.go @@ -3,8 +3,8 @@ package ec2 import ( "fmt" - "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ec2api "github.com/aws/aws-sdk-go-v2/service/ec2" "github.com/aws/aws-sdk-go-v2/service/ec2/types" @@ -62,18 +62,18 @@ func (a *adapter) adaptLaunchTemplate(template types.LaunchTemplate) (*ec2.Launc instance := ec2.NewInstance(metadata) if templateData.MetadataOptions != nil { - instance.MetadataOptions.HttpTokens = defsecTypes.StringDefault(string(templateData.MetadataOptions.HttpTokens), metadata) - instance.MetadataOptions.HttpEndpoint = defsecTypes.StringDefault(string(templateData.MetadataOptions.HttpEndpoint), metadata) + instance.MetadataOptions.HttpTokens = trivyTypes.StringDefault(string(templateData.MetadataOptions.HttpTokens), metadata) + instance.MetadataOptions.HttpEndpoint = trivyTypes.StringDefault(string(templateData.MetadataOptions.HttpEndpoint), metadata) } if templateData.BlockDeviceMappings != nil { for _, blockMapping := range templateData.BlockDeviceMappings { ebsDevice := &ec2.BlockDevice{ Metadata: metadata, - Encrypted: defsecTypes.BoolDefault(false, metadata), + Encrypted: trivyTypes.BoolDefault(false, metadata), } if blockMapping.Ebs != nil && blockMapping.Ebs.Encrypted != nil { - ebsDevice.Encrypted = defsecTypes.BoolDefault(*blockMapping.Ebs.Encrypted, metadata) + ebsDevice.Encrypted = trivyTypes.BoolDefault(*blockMapping.Ebs.Encrypted, metadata) } instance.EBSBlockDevices = append(instance.EBSBlockDevices, ebsDevice) } diff --git a/internal/adapters/cloud/aws/ec2/ec2.go b/internal/adapters/cloud/aws/ec2/ec2.go index a508652..a942d71 100644 --- a/internal/adapters/cloud/aws/ec2/ec2.go +++ b/internal/adapters/cloud/aws/ec2/ec2.go @@ -5,9 +5,9 @@ import ( "strings" - "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" awssdk "github.com/aws/aws-sdk-go-v2/aws" ec2api "github.com/aws/aws-sdk-go-v2/service/ec2" @@ -123,8 +123,8 @@ func (a *adapter) adaptInstance(instance ec2Types.Instance) (*ec2.Instance, erro i := ec2.NewInstance(instanceMetadata) if instance.MetadataOptions != nil { - i.MetadataOptions.HttpTokens = defsecTypes.StringDefault(string(instance.MetadataOptions.HttpTokens), instanceMetadata) - i.MetadataOptions.HttpEndpoint = defsecTypes.StringDefault(string(instance.MetadataOptions.HttpEndpoint), instanceMetadata) + i.MetadataOptions.HttpTokens = trivyTypes.StringDefault(string(instance.MetadataOptions.HttpTokens), instanceMetadata) + i.MetadataOptions.HttpEndpoint = trivyTypes.StringDefault(string(instance.MetadataOptions.HttpEndpoint), instanceMetadata) } if instance.BlockDeviceMappings != nil { @@ -132,7 +132,7 @@ func (a *adapter) adaptInstance(instance ec2Types.Instance) (*ec2.Instance, erro volumeMetadata := a.CreateMetadata(fmt.Sprintf("volume/%s", *blockMapping.Ebs.VolumeId)) ebsDevice := &ec2.BlockDevice{ Metadata: volumeMetadata, - Encrypted: defsecTypes.BoolDefault(false, volumeMetadata), + Encrypted: trivyTypes.BoolDefault(false, volumeMetadata), } if strings.EqualFold(*blockMapping.DeviceName, *instance.RootDeviceName) { // is root block device diff --git a/internal/adapters/cloud/aws/ec2/ec2_test.go b/internal/adapters/cloud/aws/ec2/ec2_test.go index 17d036d..ca52167 100644 --- a/internal/adapters/cloud/aws/ec2/ec2_test.go +++ b/internal/adapters/cloud/aws/ec2/ec2_test.go @@ -3,9 +3,9 @@ package ec2 import ( "testing" - "github.com/aquasecurity/defsec/pkg/state" aws2 "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws/test" + "github.com/aquasecurity/trivy/pkg/iac/state" "github.com/aws/aws-sdk-go-v2/aws" ec2api "github.com/aws/aws-sdk-go-v2/service/ec2" ec2Types "github.com/aws/aws-sdk-go-v2/service/ec2/types" diff --git a/internal/adapters/cloud/aws/ec2/volume.go b/internal/adapters/cloud/aws/ec2/volume.go index 2ab2f71..1c75993 100644 --- a/internal/adapters/cloud/aws/ec2/volume.go +++ b/internal/adapters/cloud/aws/ec2/volume.go @@ -3,8 +3,8 @@ package ec2 import ( "fmt" - "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ec2api "github.com/aws/aws-sdk-go-v2/service/ec2" "github.com/aws/aws-sdk-go-v2/service/ec2/types" @@ -49,8 +49,8 @@ func (a *adapter) adaptVolume(volume types.Volume) (*ec2.Volume, error) { Metadata: metadata, Encryption: ec2.Encryption{ Metadata: metadata, - Enabled: defsecTypes.Bool(encrypted, metadata), - KMSKeyID: defsecTypes.String(kmsKeyId, metadata), + Enabled: trivyTypes.Bool(encrypted, metadata), + KMSKeyID: trivyTypes.String(kmsKeyId, metadata), }, }, nil } diff --git a/internal/adapters/cloud/aws/ec2/vpc.go b/internal/adapters/cloud/aws/ec2/vpc.go index 9ae1c29..d7e93dd 100644 --- a/internal/adapters/cloud/aws/ec2/vpc.go +++ b/internal/adapters/cloud/aws/ec2/vpc.go @@ -1,8 +1,8 @@ package ec2 import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" "github.com/aws/aws-sdk-go-v2/aws" ec2api "github.com/aws/aws-sdk-go-v2/service/ec2" "github.com/aws/aws-sdk-go-v2/service/ec2/types" @@ -85,13 +85,13 @@ func (a *adapter) adaptSecurityGroup(apiSecurityGroup types.SecurityGroup) (*ec2 sg := &ec2.SecurityGroup{ Metadata: sgMetadata, - IsDefault: defsecTypes.BoolDefault(apiSecurityGroup.GroupName != nil && *apiSecurityGroup.GroupName == "default", sgMetadata), - Description: defsecTypes.String(aws.ToString(apiSecurityGroup.Description), sgMetadata), - VPCID: defsecTypes.StringDefault("", sgMetadata), + IsDefault: trivyTypes.BoolDefault(apiSecurityGroup.GroupName != nil && *apiSecurityGroup.GroupName == "default", sgMetadata), + Description: trivyTypes.String(aws.ToString(apiSecurityGroup.Description), sgMetadata), + VPCID: trivyTypes.StringDefault("", sgMetadata), } if apiSecurityGroup.VpcId != nil { - sg.VPCID = defsecTypes.String(*apiSecurityGroup.VpcId, sgMetadata) + sg.VPCID = trivyTypes.String(*apiSecurityGroup.VpcId, sgMetadata) } for _, ingress := range apiSecurityGroup.IpPermissions { @@ -99,8 +99,8 @@ func (a *adapter) adaptSecurityGroup(apiSecurityGroup types.SecurityGroup) (*ec2 for _, ipRange := range ingress.IpRanges { sg.IngressRules = append(sg.IngressRules, ec2.SecurityGroupRule{ Metadata: sgMetadata, - Description: defsecTypes.String(aws.ToString(ipRange.Description), sgMetadata), - CIDRs: []defsecTypes.StringValue{defsecTypes.String(aws.ToString(ipRange.CidrIp), sgMetadata)}, + Description: trivyTypes.String(aws.ToString(ipRange.Description), sgMetadata), + CIDRs: []trivyTypes.StringValue{trivyTypes.String(aws.ToString(ipRange.CidrIp), sgMetadata)}, }) } } @@ -110,8 +110,8 @@ func (a *adapter) adaptSecurityGroup(apiSecurityGroup types.SecurityGroup) (*ec2 for _, ipRange := range egress.IpRanges { sg.EgressRules = append(sg.EgressRules, ec2.SecurityGroupRule{ Metadata: sgMetadata, - Description: defsecTypes.String(aws.ToString(ipRange.Description), sgMetadata), - CIDRs: []defsecTypes.StringValue{defsecTypes.String(aws.ToString(ipRange.CidrIp), sgMetadata)}, + Description: trivyTypes.String(aws.ToString(ipRange.Description), sgMetadata), + CIDRs: []trivyTypes.StringValue{trivyTypes.String(aws.ToString(ipRange.CidrIp), sgMetadata)}, }) } } @@ -126,7 +126,7 @@ func (a *adapter) adaptNetworkACL(apiNacl types.NetworkAcl) (*ec2.NetworkACL, er nacl := &ec2.NetworkACL{ Metadata: naclMetadata, - IsDefaultRule: defsecTypes.BoolDefault(false, naclMetadata), + IsDefaultRule: trivyTypes.BoolDefault(false, naclMetadata), } for _, entry := range apiNacl.Entries { @@ -137,10 +137,10 @@ func (a *adapter) adaptNetworkACL(apiNacl types.NetworkAcl) (*ec2.NetworkACL, er nacl.Rules = append(nacl.Rules, ec2.NetworkACLRule{ Metadata: naclMetadata, - Action: defsecTypes.String(string(entry.RuleAction), naclMetadata), - Protocol: defsecTypes.String(aws.ToString(entry.Protocol), naclMetadata), - Type: defsecTypes.String(naclType, naclMetadata), - CIDRs: []defsecTypes.StringValue{defsecTypes.String(aws.ToString(entry.CidrBlock), naclMetadata)}, + Action: trivyTypes.String(string(entry.RuleAction), naclMetadata), + Protocol: trivyTypes.String(aws.ToString(entry.Protocol), naclMetadata), + Type: trivyTypes.String(naclType, naclMetadata), + CIDRs: []trivyTypes.StringValue{trivyTypes.String(aws.ToString(entry.CidrBlock), naclMetadata)}, }) } return nacl, nil @@ -151,14 +151,14 @@ func (a *adapter) adaptVPC(v types.Vpc) (*ec2.VPC, error) { vpcMetadata := a.CreateMetadata("vpc/" + *v.VpcId) vpc := &ec2.VPC{ Metadata: vpcMetadata, - ID: defsecTypes.String(*v.VpcId, vpcMetadata), - IsDefault: defsecTypes.BoolDefault(false, vpcMetadata), - FlowLogsEnabled: defsecTypes.BoolDefault(false, vpcMetadata), + ID: trivyTypes.String(*v.VpcId, vpcMetadata), + IsDefault: trivyTypes.BoolDefault(false, vpcMetadata), + FlowLogsEnabled: trivyTypes.BoolDefault(false, vpcMetadata), SecurityGroups: nil, // we link these up afterwards } if v.IsDefault != nil { - vpc.IsDefault = defsecTypes.BoolDefault(*v.IsDefault, vpcMetadata) + vpc.IsDefault = trivyTypes.BoolDefault(*v.IsDefault, vpcMetadata) } logs, err := a.client.DescribeFlowLogs(a.Context(), &ec2api.DescribeFlowLogsInput{ @@ -174,7 +174,7 @@ func (a *adapter) adaptVPC(v types.Vpc) (*ec2.VPC, error) { } if logs != nil && len(logs.FlowLogs) > 0 { - vpc.FlowLogsEnabled = defsecTypes.BoolDefault(true, vpcMetadata) + vpc.FlowLogsEnabled = trivyTypes.BoolDefault(true, vpcMetadata) } return vpc, nil diff --git a/internal/adapters/cloud/aws/ec2/vpc_test.go b/internal/adapters/cloud/aws/ec2/vpc_test.go index 29d9041..c06ef9e 100644 --- a/internal/adapters/cloud/aws/ec2/vpc_test.go +++ b/internal/adapters/cloud/aws/ec2/vpc_test.go @@ -3,8 +3,8 @@ package ec2 import ( "testing" - "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" - "github.com/aquasecurity/defsec/pkg/state" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ec2" + "github.com/aquasecurity/trivy/pkg/iac/state" awssdk "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs" vpcApi "github.com/aws/aws-sdk-go-v2/service/ec2" diff --git a/internal/adapters/cloud/aws/ecr/adapt.go b/internal/adapters/cloud/aws/ecr/adapt.go index 27d15c9..16bb24c 100644 --- a/internal/adapters/cloud/aws/ecr/adapt.go +++ b/internal/adapters/cloud/aws/ecr/adapt.go @@ -1,11 +1,11 @@ package ecr import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ecr" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ecr" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ecrapi "github.com/aws/aws-sdk-go-v2/service/ecr" "github.com/aws/aws-sdk-go-v2/service/ecr/types" "github.com/liamg/iamgo" @@ -93,9 +93,9 @@ func (a *adapter) adaptRepository(apiRepository types.Repository) (*ecr.Reposito if err != nil { return nil, err } - name := defsecTypes.StringDefault("", metadata) + name := trivyTypes.StringDefault("", metadata) if output.RepositoryName != nil { - name = defsecTypes.String(*output.RepositoryName, metadata) + name = trivyTypes.String(*output.RepositoryName, metadata) } policies = append(policies, iam.Policy{ Metadata: metadata, @@ -104,7 +104,7 @@ func (a *adapter) adaptRepository(apiRepository types.Repository) (*ecr.Reposito Metadata: metadata, Parsed: *parsed, }, - Builtin: defsecTypes.Bool(false, metadata), + Builtin: trivyTypes.Bool(false, metadata), }) } @@ -112,14 +112,14 @@ func (a *adapter) adaptRepository(apiRepository types.Repository) (*ecr.Reposito Metadata: metadata, ImageScanning: ecr.ImageScanning{ Metadata: metadata, - ScanOnPush: defsecTypes.Bool(scanOnPush, metadata), + ScanOnPush: trivyTypes.Bool(scanOnPush, metadata), }, - ImageTagsImmutable: defsecTypes.Bool(immutable, metadata), + ImageTagsImmutable: trivyTypes.Bool(immutable, metadata), Policies: policies, Encryption: ecr.Encryption{ Metadata: metadata, - Type: defsecTypes.String(encType, metadata), - KMSKeyID: defsecTypes.String(encKey, metadata), + Type: trivyTypes.String(encType, metadata), + KMSKeyID: trivyTypes.String(encKey, metadata), }, }, nil } diff --git a/internal/adapters/cloud/aws/ecs/adapt.go b/internal/adapters/cloud/aws/ecs/adapt.go index 5bbfc47..015dbf4 100644 --- a/internal/adapters/cloud/aws/ecs/adapt.go +++ b/internal/adapters/cloud/aws/ecs/adapt.go @@ -1,8 +1,8 @@ package ecs import ( - "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" + "github.com/aquasecurity/trivy/pkg/iac/state" ecsapi "github.com/aws/aws-sdk-go-v2/service/ecs" ) diff --git a/internal/adapters/cloud/aws/ecs/cluster.go b/internal/adapters/cloud/aws/ecs/cluster.go index 851973d..73058ba 100644 --- a/internal/adapters/cloud/aws/ecs/cluster.go +++ b/internal/adapters/cloud/aws/ecs/cluster.go @@ -3,8 +3,8 @@ package ecs import ( "fmt" - "github.com/aquasecurity/defsec/pkg/providers/aws/ecs" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ecs" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ecsapi "github.com/aws/aws-sdk-go-v2/service/ecs" "github.com/aws/aws-sdk-go-v2/service/ecs/types" @@ -65,7 +65,7 @@ func (a *adapter) adaptCluster(arn string) (*ecs.Cluster, error) { Metadata: metadata, Settings: ecs.ClusterSettings{ Metadata: metadata, - ContainerInsightsEnabled: defsecTypes.Bool(enableInsights, metadata), + ContainerInsightsEnabled: trivyTypes.Bool(enableInsights, metadata), }, }, nil } diff --git a/internal/adapters/cloud/aws/ecs/task.go b/internal/adapters/cloud/aws/ecs/task.go index 61d81f3..ce4f9fb 100644 --- a/internal/adapters/cloud/aws/ecs/task.go +++ b/internal/adapters/cloud/aws/ecs/task.go @@ -1,8 +1,8 @@ package ecs import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ecs" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ecs" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ecsapi "github.com/aws/aws-sdk-go-v2/service/ecs" "github.com/aquasecurity/trivy-aws/pkg/concurrency" @@ -54,8 +54,8 @@ func (a *adapter) adaptTaskDefinition(arn string) (*ecs.TaskDefinition, error) { hostPort = int(*apiMapping.HostPort) } portMappings = append(portMappings, ecs.PortMapping{ - ContainerPort: defsecTypes.Int(containerPort, metadata), - HostPort: defsecTypes.Int(hostPort, metadata), + ContainerPort: trivyTypes.Int(containerPort, metadata), + HostPort: trivyTypes.Int(hostPort, metadata), }) } @@ -89,14 +89,14 @@ func (a *adapter) adaptTaskDefinition(arn string) (*ecs.TaskDefinition, error) { containerDefinitions = append(containerDefinitions, ecs.ContainerDefinition{ Metadata: metadata, - Name: defsecTypes.String(name, metadata), - Image: defsecTypes.String(image, metadata), - CPU: defsecTypes.Int(cpu, metadata), - Memory: defsecTypes.Int(memory, metadata), - Essential: defsecTypes.Bool(essential, metadata), + Name: trivyTypes.String(name, metadata), + Image: trivyTypes.String(image, metadata), + CPU: trivyTypes.Int(cpu, metadata), + Memory: trivyTypes.Int(memory, metadata), + Essential: trivyTypes.Bool(essential, metadata), PortMappings: portMappings, Environment: envVars, - Privileged: defsecTypes.Bool(apiContainer.Privileged != nil && *apiContainer.Privileged, metadata), + Privileged: trivyTypes.Bool(apiContainer.Privileged != nil && *apiContainer.Privileged, metadata), }) } @@ -107,7 +107,7 @@ func (a *adapter) adaptTaskDefinition(arn string) (*ecs.TaskDefinition, error) { Metadata: metadata, EFSVolumeConfiguration: ecs.EFSVolumeConfiguration{ Metadata: metadata, - TransitEncryptionEnabled: defsecTypes.Bool(encrypted, metadata), + TransitEncryptionEnabled: trivyTypes.Bool(encrypted, metadata), }, }) } diff --git a/internal/adapters/cloud/aws/efs/adapt.go b/internal/adapters/cloud/aws/efs/adapt.go index d15a988..3e4fdf4 100644 --- a/internal/adapters/cloud/aws/efs/adapt.go +++ b/internal/adapters/cloud/aws/efs/adapt.go @@ -1,10 +1,10 @@ package efs import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/efs" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/efs" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" api "github.com/aws/aws-sdk-go-v2/service/efs" "github.com/aws/aws-sdk-go-v2/service/efs/types" @@ -67,9 +67,9 @@ func (a *adapter) getFilesystems() ([]efs.FileSystem, error) { func (a *adapter) adaptFilesystem(apiFilesystem types.FileSystemDescription) (*efs.FileSystem, error) { metadata := a.CreateMetadataFromARN(*apiFilesystem.FileSystemArn) - encrypted := defsecTypes.BoolDefault(false, metadata) + encrypted := trivyTypes.BoolDefault(false, metadata) if apiFilesystem.Encrypted != nil { - encrypted = defsecTypes.Bool(*apiFilesystem.Encrypted, metadata) + encrypted = trivyTypes.Bool(*apiFilesystem.Encrypted, metadata) } return &efs.FileSystem{ Metadata: metadata, diff --git a/internal/adapters/cloud/aws/eks/adapt.go b/internal/adapters/cloud/aws/eks/adapt.go index 7d284d9..c2bedb6 100644 --- a/internal/adapters/cloud/aws/eks/adapt.go +++ b/internal/adapters/cloud/aws/eks/adapt.go @@ -1,10 +1,10 @@ package eks import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/eks" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/eks" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" eksapi "github.com/aws/aws-sdk-go-v2/service/eks" "github.com/aws/aws-sdk-go-v2/service/eks/types" @@ -78,11 +78,11 @@ func (a *adapter) adaptCluster(name string) (*eks.Cluster, error) { metadata := a.CreateMetadataFromARN(*output.Cluster.Arn) var publicAccess bool - var publicCidrs []defsecTypes.StringValue + var publicCidrs []trivyTypes.StringValue if output.Cluster.ResourcesVpcConfig != nil { publicAccess = output.Cluster.ResourcesVpcConfig.EndpointPublicAccess for _, cidr := range output.Cluster.ResourcesVpcConfig.PublicAccessCidrs { - publicCidrs = append(publicCidrs, defsecTypes.String(cidr, metadata)) + publicCidrs = append(publicCidrs, trivyTypes.String(cidr, metadata)) } } @@ -128,18 +128,18 @@ func (a *adapter) adaptCluster(name string) (*eks.Cluster, error) { Metadata: metadata, Logging: eks.Logging{ Metadata: metadata, - API: defsecTypes.Bool(logAPI, metadata), - Audit: defsecTypes.Bool(logAudit, metadata), - Authenticator: defsecTypes.Bool(logAuth, metadata), - ControllerManager: defsecTypes.Bool(logCM, metadata), - Scheduler: defsecTypes.Bool(logSched, metadata), + API: trivyTypes.Bool(logAPI, metadata), + Audit: trivyTypes.Bool(logAudit, metadata), + Authenticator: trivyTypes.Bool(logAuth, metadata), + ControllerManager: trivyTypes.Bool(logCM, metadata), + Scheduler: trivyTypes.Bool(logSched, metadata), }, Encryption: eks.Encryption{ Metadata: metadata, - Secrets: defsecTypes.Bool(secretsEncrypted, metadata), - KMSKeyID: defsecTypes.String(encryptionKeyARN, metadata), + Secrets: trivyTypes.Bool(secretsEncrypted, metadata), + KMSKeyID: trivyTypes.String(encryptionKeyARN, metadata), }, - PublicAccessEnabled: defsecTypes.Bool(publicAccess, metadata), + PublicAccessEnabled: trivyTypes.Bool(publicAccess, metadata), PublicAccessCIDRs: publicCidrs, }, nil } diff --git a/internal/adapters/cloud/aws/elasticache/adapt.go b/internal/adapters/cloud/aws/elasticache/adapt.go index ff7379a..6130c3d 100644 --- a/internal/adapters/cloud/aws/elasticache/adapt.go +++ b/internal/adapters/cloud/aws/elasticache/adapt.go @@ -1,10 +1,10 @@ package elasticache import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/elasticache" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elasticache" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" api "github.com/aws/aws-sdk-go-v2/service/elasticache" "github.com/aws/aws-sdk-go-v2/service/elasticache/types" @@ -76,19 +76,19 @@ func (a *adapter) getClusters() ([]elasticache.Cluster, error) { func (a *adapter) adaptCluster(apiCluster types.CacheCluster) (*elasticache.Cluster, error) { metadata := a.CreateMetadataFromARN(*apiCluster.ARN) - engine := defsecTypes.StringDefault("", metadata) + engine := trivyTypes.StringDefault("", metadata) if apiCluster.Engine != nil { - engine = defsecTypes.String(*apiCluster.Engine, metadata) + engine = trivyTypes.String(*apiCluster.Engine, metadata) } - nodeType := defsecTypes.StringDefault("", metadata) + nodeType := trivyTypes.StringDefault("", metadata) if apiCluster.CacheNodeType != nil { - nodeType = defsecTypes.String(*apiCluster.CacheNodeType, metadata) + nodeType = trivyTypes.String(*apiCluster.CacheNodeType, metadata) } - limit := defsecTypes.IntDefault(0, metadata) + limit := trivyTypes.IntDefault(0, metadata) if apiCluster.SnapshotRetentionLimit != nil { - limit = defsecTypes.Int(int(*apiCluster.SnapshotRetentionLimit), metadata) + limit = trivyTypes.Int(int(*apiCluster.SnapshotRetentionLimit), metadata) } return &elasticache.Cluster{ @@ -137,13 +137,13 @@ func (a *adapter) getReplicationGroups() ([]elasticache.ReplicationGroup, error) func (a *adapter) adaptReplicationGroup(apiGroup types.ReplicationGroup) (*elasticache.ReplicationGroup, error) { metadata := a.CreateMetadataFromARN(*apiGroup.ARN) - transitEncrypted := defsecTypes.BoolDefault(false, metadata) + transitEncrypted := trivyTypes.BoolDefault(false, metadata) if apiGroup.TransitEncryptionEnabled != nil { - transitEncrypted = defsecTypes.Bool(*apiGroup.TransitEncryptionEnabled, metadata) + transitEncrypted = trivyTypes.Bool(*apiGroup.TransitEncryptionEnabled, metadata) } - atRestEncrypted := defsecTypes.BoolDefault(false, metadata) + atRestEncrypted := trivyTypes.BoolDefault(false, metadata) if apiGroup.AtRestEncryptionEnabled != nil { - atRestEncrypted = defsecTypes.Bool(*apiGroup.AtRestEncryptionEnabled, metadata) + atRestEncrypted = trivyTypes.Bool(*apiGroup.AtRestEncryptionEnabled, metadata) } return &elasticache.ReplicationGroup{ @@ -190,9 +190,9 @@ func (a *adapter) getSecurityGroups() ([]elasticache.SecurityGroup, error) { func (a *adapter) adaptSecurityGroup(apiGroup types.CacheSecurityGroup) (*elasticache.SecurityGroup, error) { metadata := a.CreateMetadataFromARN(*apiGroup.ARN) - description := defsecTypes.StringDefault("", metadata) + description := trivyTypes.StringDefault("", metadata) if apiGroup.Description != nil { - description = defsecTypes.String(*apiGroup.Description, metadata) + description = trivyTypes.String(*apiGroup.Description, metadata) } return &elasticache.SecurityGroup{ Metadata: metadata, diff --git a/internal/adapters/cloud/aws/elasticsearch/adapt.go b/internal/adapters/cloud/aws/elasticsearch/adapt.go index 93fda1d..2b1ba43 100644 --- a/internal/adapters/cloud/aws/elasticsearch/adapt.go +++ b/internal/adapters/cloud/aws/elasticsearch/adapt.go @@ -1,10 +1,10 @@ package elasticsearch import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/elasticsearch" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elasticsearch" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" api "github.com/aws/aws-sdk-go-v2/service/elasticsearchservice" "github.com/aws/aws-sdk-go-v2/service/elasticsearchservice/types" @@ -122,35 +122,35 @@ func (a *adapter) adaptDomain(apiDomain types.DomainInfo) (*elasticsearch.Domain return &elasticsearch.Domain{ Metadata: metadata, - DomainName: defsecTypes.String(*apiDomain.DomainName, metadata), - AccessPolicies: defsecTypes.String(*status.AccessPolicies, metadata), - DedicatedMasterEnabled: defsecTypes.Bool(dedicatedMasterEnabled, metadata), - VpcId: defsecTypes.String(vpcId, metadata), + DomainName: trivyTypes.String(*apiDomain.DomainName, metadata), + AccessPolicies: trivyTypes.String(*status.AccessPolicies, metadata), + DedicatedMasterEnabled: trivyTypes.Bool(dedicatedMasterEnabled, metadata), + VpcId: trivyTypes.String(vpcId, metadata), LogPublishing: elasticsearch.LogPublishing{ Metadata: metadata, - AuditEnabled: defsecTypes.Bool(auditEnabled, metadata), - CloudWatchLogGroupArn: defsecTypes.String(cloudWatchLogGroupArn, metadata), + AuditEnabled: trivyTypes.Bool(auditEnabled, metadata), + CloudWatchLogGroupArn: trivyTypes.String(cloudWatchLogGroupArn, metadata), }, TransitEncryption: elasticsearch.TransitEncryption{ Metadata: metadata, - Enabled: defsecTypes.Bool(transitEncryption, metadata), + Enabled: trivyTypes.Bool(transitEncryption, metadata), }, AtRestEncryption: elasticsearch.AtRestEncryption{ Metadata: metadata, - Enabled: defsecTypes.Bool(atRestEncryption, metadata), - KmsKeyId: defsecTypes.String(kmskeyId, metadata), + Enabled: trivyTypes.Bool(atRestEncryption, metadata), + KmsKeyId: trivyTypes.String(kmskeyId, metadata), }, Endpoint: elasticsearch.Endpoint{ Metadata: metadata, - EnforceHTTPS: defsecTypes.Bool(enforceHTTPS, metadata), - TLSPolicy: defsecTypes.String(tlsPolicy, metadata), + EnforceHTTPS: trivyTypes.Bool(enforceHTTPS, metadata), + TLSPolicy: trivyTypes.String(tlsPolicy, metadata), }, ServiceSoftwareOptions: elasticsearch.ServiceSoftwareOptions{ Metadata: metadata, - CurrentVersion: defsecTypes.String(currentVersion, metadata), - NewVersion: defsecTypes.String(newVersion, metadata), - UpdateAvailable: defsecTypes.Bool(updateAvailable, metadata), - UpdateStatus: defsecTypes.String(updatestatus, metadata), + CurrentVersion: trivyTypes.String(currentVersion, metadata), + NewVersion: trivyTypes.String(newVersion, metadata), + UpdateAvailable: trivyTypes.Bool(updateAvailable, metadata), + UpdateStatus: trivyTypes.String(updatestatus, metadata), }, }, nil } diff --git a/internal/adapters/cloud/aws/elb/adapt.go b/internal/adapters/cloud/aws/elb/adapt.go index 59cfdb1..30d11bb 100644 --- a/internal/adapters/cloud/aws/elb/adapt.go +++ b/internal/adapters/cloud/aws/elb/adapt.go @@ -1,10 +1,10 @@ package elb import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/elb" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/elb" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" api "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2" "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2/types" @@ -102,18 +102,18 @@ func (a *adapter) adaptLoadBalancer(apiLoadBalancer types.LoadBalancer) (*elb.Lo for _, action := range listener.DefaultActions { actions = append(actions, elb.Action{ Metadata: metadata, - Type: defsecTypes.String(string(action.Type), metadata), + Type: trivyTypes.String(string(action.Type), metadata), }) } - sslPolicy := defsecTypes.StringDefault("", metadata) + sslPolicy := trivyTypes.StringDefault("", metadata) if listener.SslPolicy != nil { - sslPolicy = defsecTypes.String(*listener.SslPolicy, metadata) + sslPolicy = trivyTypes.String(*listener.SslPolicy, metadata) } listeners = append(listeners, elb.Listener{ Metadata: metadata, - Protocol: defsecTypes.String(string(listener.Protocol), metadata), + Protocol: trivyTypes.String(string(listener.Protocol), metadata), TLSPolicy: sslPolicy, DefaultActions: actions, }) @@ -127,9 +127,9 @@ func (a *adapter) adaptLoadBalancer(apiLoadBalancer types.LoadBalancer) (*elb.Lo return &elb.LoadBalancer{ Metadata: metadata, - Type: defsecTypes.String(string(apiLoadBalancer.Type), metadata), - DropInvalidHeaderFields: defsecTypes.Bool(dropInvalidHeaders, metadata), - Internal: defsecTypes.Bool(apiLoadBalancer.Scheme == types.LoadBalancerSchemeEnumInternal, metadata), + Type: trivyTypes.String(string(apiLoadBalancer.Type), metadata), + DropInvalidHeaderFields: trivyTypes.Bool(dropInvalidHeaders, metadata), + Internal: trivyTypes.Bool(apiLoadBalancer.Scheme == types.LoadBalancerSchemeEnumInternal, metadata), Listeners: listeners, }, nil } diff --git a/internal/adapters/cloud/aws/emr/adapt.go b/internal/adapters/cloud/aws/emr/adapt.go index b26a91c..c23be12 100644 --- a/internal/adapters/cloud/aws/emr/adapt.go +++ b/internal/adapters/cloud/aws/emr/adapt.go @@ -1,10 +1,10 @@ package emr import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/emr" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/emr" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" api "github.com/aws/aws-sdk-go-v2/service/emr" "github.com/aws/aws-sdk-go-v2/service/emr/types" @@ -81,19 +81,19 @@ func (a *adapter) adaptCluster(apiCluster types.ClusterSummary) (*emr.Cluster, e return nil, err } - name := defsecTypes.StringDefault("", metadata) + name := trivyTypes.StringDefault("", metadata) if apiCluster.Name != nil { - name = defsecTypes.String(*apiCluster.Name, metadata) + name = trivyTypes.String(*apiCluster.Name, metadata) } - releaseLabel := defsecTypes.StringDefault("", metadata) + releaseLabel := trivyTypes.StringDefault("", metadata) if output.Cluster != nil && output.Cluster.ReleaseLabel != nil { - releaseLabel = defsecTypes.String(*output.Cluster.ReleaseLabel, metadata) + releaseLabel = trivyTypes.String(*output.Cluster.ReleaseLabel, metadata) } - serviceRole := defsecTypes.StringDefault("", metadata) + serviceRole := trivyTypes.StringDefault("", metadata) if output.Cluster != nil && output.Cluster.ServiceRole != nil { - serviceRole = defsecTypes.String(*output.Cluster.ServiceRole, metadata) + serviceRole = trivyTypes.String(*output.Cluster.ServiceRole, metadata) } return &emr.Cluster{ @@ -152,14 +152,14 @@ func (a *adapter) adaptConfig(config types.SecurityConfigurationSummary) (*emr.S return nil, err } - name := defsecTypes.StringDefault("", metadata) + name := trivyTypes.StringDefault("", metadata) if config.Name != nil { - name = defsecTypes.String(*config.Name, metadata) + name = trivyTypes.String(*config.Name, metadata) } - secConf := defsecTypes.StringDefault("", metadata) + secConf := trivyTypes.StringDefault("", metadata) if output.SecurityConfiguration != nil { - secConf = defsecTypes.String(*output.SecurityConfiguration, metadata) + secConf = trivyTypes.String(*output.SecurityConfiguration, metadata) } return &emr.SecurityConfiguration{ diff --git a/internal/adapters/cloud/aws/iam/certs.go b/internal/adapters/cloud/aws/iam/certs.go index 48ba848..977c1a3 100644 --- a/internal/adapters/cloud/aws/iam/certs.go +++ b/internal/adapters/cloud/aws/iam/certs.go @@ -3,10 +3,10 @@ package iam import ( "fmt" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/state" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/state" iamapi "github.com/aws/aws-sdk-go-v2/service/iam" iamtypes "github.com/aws/aws-sdk-go-v2/service/iam/types" @@ -52,9 +52,9 @@ func (a *adapter) adaptServerCertificate(certInfo iamtypes.ServerCertificateMeta metadata := a.CreateMetadataFromARN(*cert.ServerCertificate.ServerCertificateMetadata.Arn) - expiration := defsecTypes.TimeUnresolvable(metadata) + expiration := trivyTypes.TimeUnresolvable(metadata) if cert.ServerCertificate.ServerCertificateMetadata.Expiration != nil { - expiration = defsecTypes.Time(*cert.ServerCertificate.ServerCertificateMetadata.Expiration, metadata) + expiration = trivyTypes.Time(*cert.ServerCertificate.ServerCertificateMetadata.Expiration, metadata) } return &iam.ServerCertificate{ diff --git a/internal/adapters/cloud/aws/iam/group.go b/internal/adapters/cloud/aws/iam/group.go index f131c4d..1750f8b 100644 --- a/internal/adapters/cloud/aws/iam/group.go +++ b/internal/adapters/cloud/aws/iam/group.go @@ -3,9 +3,9 @@ package iam import ( "fmt" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/state" + "github.com/aquasecurity/trivy/pkg/iac/types" iamapi "github.com/aws/aws-sdk-go-v2/service/iam" iamtypes "github.com/aws/aws-sdk-go-v2/service/iam/types" diff --git a/internal/adapters/cloud/aws/iam/group_test.go b/internal/adapters/cloud/aws/iam/group_test.go index 7ff98d8..e3e18dc 100644 --- a/internal/adapters/cloud/aws/iam/group_test.go +++ b/internal/adapters/cloud/aws/iam/group_test.go @@ -3,10 +3,10 @@ package iam import ( "testing" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws/test" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/state" iamapi "github.com/aws/aws-sdk-go-v2/service/iam" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/internal/adapters/cloud/aws/iam/iam.go b/internal/adapters/cloud/aws/iam/iam.go index 18ce978..dbdc630 100644 --- a/internal/adapters/cloud/aws/iam/iam.go +++ b/internal/adapters/cloud/aws/iam/iam.go @@ -1,10 +1,10 @@ package iam import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/state" + "github.com/aquasecurity/trivy/pkg/iac/types" iamapi "github.com/aws/aws-sdk-go-v2/service/iam" ) diff --git a/internal/adapters/cloud/aws/iam/policy.go b/internal/adapters/cloud/aws/iam/policy.go index 6b2a7ff..f51e975 100644 --- a/internal/adapters/cloud/aws/iam/policy.go +++ b/internal/adapters/cloud/aws/iam/policy.go @@ -4,9 +4,9 @@ import ( "fmt" "strings" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" iamapi "github.com/aws/aws-sdk-go-v2/service/iam" iamtypes "github.com/aws/aws-sdk-go-v2/service/iam/types" "github.com/liamg/iamgo" @@ -66,9 +66,9 @@ func (a *adapter) adaptPolicy(apiPolicy iamtypes.Policy) (*iam.Policy, error) { return nil, err } - name := defsecTypes.StringDefault("", metadata) + name := trivyTypes.StringDefault("", metadata) if apiPolicy.PolicyName != nil { - name = defsecTypes.String(*apiPolicy.PolicyName, metadata) + name = trivyTypes.String(*apiPolicy.PolicyName, metadata) } return &iam.Policy{ @@ -78,7 +78,7 @@ func (a *adapter) adaptPolicy(apiPolicy iamtypes.Policy) (*iam.Policy, error) { Metadata: metadata, Parsed: *document, }, - Builtin: defsecTypes.Bool(strings.HasPrefix(*apiPolicy.Arn, "arn:aws:iam::aws:"), metadata), + Builtin: trivyTypes.Bool(strings.HasPrefix(*apiPolicy.Arn, "arn:aws:iam::aws:"), metadata), }, nil } diff --git a/internal/adapters/cloud/aws/iam/policy_test.go b/internal/adapters/cloud/aws/iam/policy_test.go index 6d5a1db..3a4f413 100644 --- a/internal/adapters/cloud/aws/iam/policy_test.go +++ b/internal/adapters/cloud/aws/iam/policy_test.go @@ -3,10 +3,10 @@ package iam import ( "testing" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws/test" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/state" iamapi "github.com/aws/aws-sdk-go-v2/service/iam" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/internal/adapters/cloud/aws/iam/role.go b/internal/adapters/cloud/aws/iam/role.go index 66e0cd8..72dbb8b 100644 --- a/internal/adapters/cloud/aws/iam/role.go +++ b/internal/adapters/cloud/aws/iam/role.go @@ -3,9 +3,9 @@ package iam import ( "fmt" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/state" + "github.com/aquasecurity/trivy/pkg/iac/types" iamapi "github.com/aws/aws-sdk-go-v2/service/iam" iamtypes "github.com/aws/aws-sdk-go-v2/service/iam/types" diff --git a/internal/adapters/cloud/aws/iam/role_test.go b/internal/adapters/cloud/aws/iam/role_test.go index 4b81845..01ff3e1 100644 --- a/internal/adapters/cloud/aws/iam/role_test.go +++ b/internal/adapters/cloud/aws/iam/role_test.go @@ -3,10 +3,10 @@ package iam import ( "testing" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws/test" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/state" iamapi "github.com/aws/aws-sdk-go-v2/service/iam" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/internal/adapters/cloud/aws/iam/user.go b/internal/adapters/cloud/aws/iam/user.go index c160d22..6f86e66 100644 --- a/internal/adapters/cloud/aws/iam/user.go +++ b/internal/adapters/cloud/aws/iam/user.go @@ -5,9 +5,9 @@ import ( "strings" "time" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" iamapi "github.com/aws/aws-sdk-go-v2/service/iam" iamtypes "github.com/aws/aws-sdk-go-v2/service/iam/types" @@ -68,7 +68,7 @@ func (a *adapter) getMFADevices(user iamtypes.User) ([]iam.MFADevice, error) { } devices = append(devices, iam.MFADevice{ Metadata: metadata, - IsVirtual: defsecTypes.Bool(isVirtual, metadata), + IsVirtual: trivyTypes.Bool(isVirtual, metadata), }) } @@ -146,29 +146,29 @@ func (a *adapter) getUserKeys(apiUser iamtypes.User) ([]iam.AccessKey, error) { } for _, apiAccessKey := range output.AccessKeyMetadata { - lastUsed := defsecTypes.TimeUnresolvable(metadata) + lastUsed := trivyTypes.TimeUnresolvable(metadata) if output, err := a.api.GetAccessKeyLastUsed(a.Context(), &iamapi.GetAccessKeyLastUsedInput{ AccessKeyId: apiAccessKey.AccessKeyId, }); err == nil { if output.AccessKeyLastUsed != nil && output.AccessKeyLastUsed.LastUsedDate != nil { - lastUsed = defsecTypes.Time(*output.AccessKeyLastUsed.LastUsedDate, metadata) + lastUsed = trivyTypes.Time(*output.AccessKeyLastUsed.LastUsedDate, metadata) } } - accessKeyId := defsecTypes.StringDefault("", metadata) + accessKeyId := trivyTypes.StringDefault("", metadata) if apiAccessKey.AccessKeyId != nil { - accessKeyId = defsecTypes.String(*apiAccessKey.AccessKeyId, metadata) + accessKeyId = trivyTypes.String(*apiAccessKey.AccessKeyId, metadata) } - creationDate := defsecTypes.TimeDefault(time.Now(), metadata) + creationDate := trivyTypes.TimeDefault(time.Now(), metadata) if apiAccessKey.CreateDate != nil { - creationDate = defsecTypes.Time(*apiAccessKey.CreateDate, metadata) + creationDate = trivyTypes.Time(*apiAccessKey.CreateDate, metadata) } keys = append(keys, iam.AccessKey{ Metadata: metadata, AccessKeyId: accessKeyId, - Active: defsecTypes.Bool(apiAccessKey.Status == iamtypes.StatusTypeActive, metadata), + Active: trivyTypes.Bool(apiAccessKey.Status == iamtypes.StatusTypeActive, metadata), CreationDate: creationDate, LastAccess: lastUsed, }) @@ -206,14 +206,14 @@ func (a *adapter) adaptUser(apiUser iamtypes.User) (*iam.User, error) { return nil, err } - lastAccess := defsecTypes.TimeUnresolvable(metadata) + lastAccess := trivyTypes.TimeUnresolvable(metadata) if apiUser.PasswordLastUsed != nil { - lastAccess = defsecTypes.Time(*apiUser.PasswordLastUsed, metadata) + lastAccess = trivyTypes.Time(*apiUser.PasswordLastUsed, metadata) } - username := defsecTypes.StringDefault("", metadata) + username := trivyTypes.StringDefault("", metadata) if apiUser.UserName != nil { - username = defsecTypes.String(*apiUser.UserName, metadata) + username = trivyTypes.String(*apiUser.UserName, metadata) } return &iam.User{ diff --git a/internal/adapters/cloud/aws/iam/user_test.go b/internal/adapters/cloud/aws/iam/user_test.go index d2f63fa..73860cb 100644 --- a/internal/adapters/cloud/aws/iam/user_test.go +++ b/internal/adapters/cloud/aws/iam/user_test.go @@ -3,10 +3,10 @@ package iam import ( "testing" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/state" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws/test" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/state" iamapi "github.com/aws/aws-sdk-go-v2/service/iam" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/internal/adapters/cloud/aws/kinesis/adapt.go b/internal/adapters/cloud/aws/kinesis/adapt.go index 7c1ca73..9c026b4 100644 --- a/internal/adapters/cloud/aws/kinesis/adapt.go +++ b/internal/adapters/cloud/aws/kinesis/adapt.go @@ -1,10 +1,10 @@ package kinesis import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/kinesis" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/kinesis" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" api "github.com/aws/aws-sdk-go-v2/service/kinesis" "github.com/aquasecurity/trivy-aws/pkg/concurrency" @@ -86,8 +86,8 @@ func (a *adapter) adaptStream(streamName string) (*kinesis.Stream, error) { Metadata: metadata, Encryption: kinesis.Encryption{ Metadata: metadata, - Type: defsecTypes.String(string(output.StreamDescription.EncryptionType), metadata), - KMSKeyID: defsecTypes.String(kmsKeyId, metadata), + Type: trivyTypes.String(string(output.StreamDescription.EncryptionType), metadata), + KMSKeyID: trivyTypes.String(kmsKeyId, metadata), }, }, nil diff --git a/internal/adapters/cloud/aws/kms/adapt.go b/internal/adapters/cloud/aws/kms/adapt.go index 3357fd2..3b50486 100644 --- a/internal/adapters/cloud/aws/kms/adapt.go +++ b/internal/adapters/cloud/aws/kms/adapt.go @@ -1,10 +1,10 @@ package kms import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/kms" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/kms" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" api "github.com/aws/aws-sdk-go-v2/service/kms" "github.com/aws/aws-sdk-go-v2/service/kms/types" @@ -78,7 +78,7 @@ func (a *adapter) adaptKey(apiKey types.KeyListEntry) (*kms.Key, error) { return &kms.Key{ Metadata: metadata, - Usage: defsecTypes.String(string(output.KeyMetadata.KeyUsage), metadata), - RotationEnabled: defsecTypes.Bool(output.KeyMetadata.ValidTo != nil, metadata), + Usage: trivyTypes.String(string(output.KeyMetadata.KeyUsage), metadata), + RotationEnabled: trivyTypes.Bool(output.KeyMetadata.ValidTo != nil, metadata), }, nil } diff --git a/internal/adapters/cloud/aws/lambda/adapt.go b/internal/adapters/cloud/aws/lambda/adapt.go index d6136aa..ff59cbd 100644 --- a/internal/adapters/cloud/aws/lambda/adapt.go +++ b/internal/adapters/cloud/aws/lambda/adapt.go @@ -3,9 +3,9 @@ package lambda import ( "strings" - "github.com/aquasecurity/defsec/pkg/providers/aws/lambda" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/lambda" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" awssdk "github.com/aws/aws-sdk-go-v2/aws" lambdaapi "github.com/aws/aws-sdk-go-v2/service/lambda" "github.com/aws/aws-sdk-go-v2/service/lambda/types" @@ -121,8 +121,8 @@ func (a *adapter) adaptFunction(function types.FunctionConfiguration) (*lambda.F permissions = append(permissions, lambda.Permission{ Metadata: metadata, - Principal: defsecTypes.String(principal, metadata), - SourceARN: defsecTypes.String(source, metadata), + Principal: trivyTypes.String(principal, metadata), + SourceARN: trivyTypes.String(source, metadata), }) } } @@ -131,7 +131,7 @@ func (a *adapter) adaptFunction(function types.FunctionConfiguration) (*lambda.F Metadata: metadata, Tracing: lambda.Tracing{ Metadata: metadata, - Mode: defsecTypes.String(tracingMode, metadata), + Mode: trivyTypes.String(tracingMode, metadata), }, Permissions: permissions, }, nil diff --git a/internal/adapters/cloud/aws/lambda/adapt_test.go b/internal/adapters/cloud/aws/lambda/adapt_test.go index af0a0f5..5b13ad1 100644 --- a/internal/adapters/cloud/aws/lambda/adapt_test.go +++ b/internal/adapters/cloud/aws/lambda/adapt_test.go @@ -4,8 +4,8 @@ import ( "fmt" "testing" - "github.com/aquasecurity/defsec/pkg/providers/aws/lambda" - "github.com/aquasecurity/defsec/pkg/state" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/lambda" + "github.com/aquasecurity/trivy/pkg/iac/state" awssdk "github.com/aws/aws-sdk-go-v2/aws" lambdaapi "github.com/aws/aws-sdk-go-v2/service/lambda" "github.com/aws/aws-sdk-go-v2/service/lambda/types" diff --git a/internal/adapters/cloud/aws/mq/adapt.go b/internal/adapters/cloud/aws/mq/adapt.go index 6736ee5..e099d74 100644 --- a/internal/adapters/cloud/aws/mq/adapt.go +++ b/internal/adapters/cloud/aws/mq/adapt.go @@ -1,8 +1,8 @@ package mq import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/mq" - "github.com/aquasecurity/defsec/pkg/state" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/mq" + "github.com/aquasecurity/trivy/pkg/iac/state" api "github.com/aws/aws-sdk-go-v2/service/mq" mqTypes "github.com/aws/aws-sdk-go-v2/service/mq/types" diff --git a/internal/adapters/cloud/aws/msk/adapt.go b/internal/adapters/cloud/aws/msk/adapt.go index b82483a..2d643de 100644 --- a/internal/adapters/cloud/aws/msk/adapt.go +++ b/internal/adapters/cloud/aws/msk/adapt.go @@ -1,16 +1,16 @@ package msk import ( - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" awssdk "github.com/aws/aws-sdk-go-v2/aws" api "github.com/aws/aws-sdk-go-v2/service/kafka" "github.com/aws/aws-sdk-go-v2/service/kafka/types" - "github.com/aquasecurity/defsec/pkg/providers/aws/msk" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" "github.com/aquasecurity/trivy-aws/pkg/concurrency" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/msk" ) type adapter struct { @@ -102,12 +102,12 @@ func (a *adapter) adaptCluster(apiCluster types.ClusterInfo) (*msk.Cluster, erro Metadata: metadata, EncryptionInTransit: msk.EncryptionInTransit{ Metadata: metadata, - ClientBroker: defsecTypes.String(encInTransitClientBroker, metadata), + ClientBroker: trivyTypes.String(encInTransitClientBroker, metadata), }, EncryptionAtRest: msk.EncryptionAtRest{ Metadata: metadata, - KMSKeyARN: defsecTypes.String(encAtRestKMSKeyId, metadata), - Enabled: defsecTypes.Bool(encAtRestEnabled, metadata), + KMSKeyARN: trivyTypes.String(encAtRestKMSKeyId, metadata), + Enabled: trivyTypes.Bool(encAtRestEnabled, metadata), }, Logging: msk.Logging{ Metadata: metadata, @@ -115,15 +115,15 @@ func (a *adapter) adaptCluster(apiCluster types.ClusterInfo) (*msk.Cluster, erro Metadata: metadata, S3: msk.S3Logging{ Metadata: metadata, - Enabled: defsecTypes.Bool(logS3, metadata), + Enabled: trivyTypes.Bool(logS3, metadata), }, Cloudwatch: msk.CloudwatchLogging{ Metadata: metadata, - Enabled: defsecTypes.Bool(logCW, metadata), + Enabled: trivyTypes.Bool(logCW, metadata), }, Firehose: msk.FirehoseLogging{ Metadata: metadata, - Enabled: defsecTypes.Bool(logFH, metadata), + Enabled: trivyTypes.Bool(logFH, metadata), }, }, }, diff --git a/internal/adapters/cloud/aws/neptune/adapt.go b/internal/adapters/cloud/aws/neptune/adapt.go index b5045e7..9745676 100644 --- a/internal/adapters/cloud/aws/neptune/adapt.go +++ b/internal/adapters/cloud/aws/neptune/adapt.go @@ -1,9 +1,9 @@ package neptune import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/neptune" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/neptune" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" api "github.com/aws/aws-sdk-go-v2/service/neptune" neptuneTypes "github.com/aws/aws-sdk-go-v2/service/neptune/types" @@ -82,7 +82,7 @@ func (a *adapter) adaptCluster(apiCluster neptuneTypes.DBCluster) (*neptune.Clus Metadata: metadata, Logging: neptune.Logging{ Metadata: metadata, - Audit: defsecTypes.Bool(auditLogging, metadata), + Audit: trivyTypes.Bool(auditLogging, metadata), }, StorageEncrypted: types.ToBool(apiCluster.StorageEncrypted, metadata), KMSKeyID: types.ToString(apiCluster.KmsKeyId, metadata), diff --git a/internal/adapters/cloud/aws/rds/rds.go b/internal/adapters/cloud/aws/rds/rds.go index 1b8847a..663ffeb 100644 --- a/internal/adapters/cloud/aws/rds/rds.go +++ b/internal/adapters/cloud/aws/rds/rds.go @@ -1,9 +1,9 @@ package rds import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/rds" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/rds" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" awssdk "github.com/aws/aws-sdk-go-v2/aws" rdsApi "github.com/aws/aws-sdk-go-v2/service/rds" rdsTypes "github.com/aws/aws-sdk-go-v2/service/rds/types" @@ -196,14 +196,14 @@ func (a *adapter) adaptDBInstance(dbInstance rdsTypes.DBInstance) (*rds.Instance } } - var EnabledCloudwatchLogsExports []defsecTypes.StringValue + var EnabledCloudwatchLogsExports []trivyTypes.StringValue for _, ecwe := range dbInstance.EnabledCloudwatchLogsExports { - EnabledCloudwatchLogsExports = append(EnabledCloudwatchLogsExports, defsecTypes.String(ecwe, metadata)) + EnabledCloudwatchLogsExports = append(EnabledCloudwatchLogsExports, trivyTypes.String(ecwe, metadata)) } - var ReadReplicaDBInstanceIdentifiers []defsecTypes.StringValue + var ReadReplicaDBInstanceIdentifiers []trivyTypes.StringValue for _, rrdbi := range dbInstance.EnabledCloudwatchLogsExports { - ReadReplicaDBInstanceIdentifiers = append(ReadReplicaDBInstanceIdentifiers, defsecTypes.String(rrdbi, metadata)) + ReadReplicaDBInstanceIdentifiers = append(ReadReplicaDBInstanceIdentifiers, trivyTypes.String(rrdbi, metadata)) } engine := rds.EngineAurora @@ -222,7 +222,7 @@ func (a *adapter) adaptDBInstance(dbInstance rdsTypes.DBInstance) (*rds.Instance ), Encryption: getInstanceEncryption(awssdk.ToBool(dbInstance.StorageEncrypted), dbInstance.KmsKeyId, metadata), PublicAccess: types.ToBool(dbInstance.PubliclyAccessible, metadata), - Engine: defsecTypes.String(engine, metadata), + Engine: trivyTypes.String(engine, metadata), IAMAuthEnabled: types.ToBool(dbInstance.IAMDatabaseAuthenticationEnabled, metadata), DeletionProtection: types.ToBool(dbInstance.DeletionProtection, metadata), DBInstanceArn: types.ToString(dbInstance.DBInstanceArn, metadata), @@ -230,11 +230,11 @@ func (a *adapter) adaptDBInstance(dbInstance rdsTypes.DBInstance) (*rds.Instance DBInstanceIdentifier: types.ToString(dbInstance.DBInstanceIdentifier, metadata), TagList: TagList, EnabledCloudwatchLogsExports: EnabledCloudwatchLogsExports, - EngineVersion: defsecTypes.String(engine, metadata), + EngineVersion: trivyTypes.String(engine, metadata), AutoMinorVersionUpgrade: types.ToBool(dbInstance.AutoMinorVersionUpgrade, metadata), MultiAZ: types.ToBool(dbInstance.MultiAZ, metadata), PubliclyAccessible: types.ToBool(dbInstance.PubliclyAccessible, metadata), - LatestRestorableTime: defsecTypes.TimeUnresolvable(metadata), + LatestRestorableTime: trivyTypes.TimeUnresolvable(metadata), ReadReplicaDBInstanceIdentifiers: ReadReplicaDBInstanceIdentifiers, } @@ -250,9 +250,9 @@ func (a *adapter) adaptCluster(dbCluster rdsTypes.DBCluster) (*rds.Cluster, erro engine = *dbCluster.Engine } - var availabilityZones []defsecTypes.StringValue + var availabilityZones []trivyTypes.StringValue for _, az := range dbCluster.AvailabilityZones { - availabilityZones = append(availabilityZones, defsecTypes.String(az, dbClusterMetadata)) + availabilityZones = append(availabilityZones, trivyTypes.String(az, dbClusterMetadata)) } cluster := &rds.Cluster{ @@ -266,8 +266,8 @@ func (a *adapter) adaptCluster(dbCluster rdsTypes.DBCluster) (*rds.Cluster, erro ), Encryption: getInstanceEncryption(awssdk.ToBool(dbCluster.StorageEncrypted), dbCluster.KmsKeyId, dbClusterMetadata), PublicAccess: types.ToBool(dbCluster.PubliclyAccessible, dbClusterMetadata), - Engine: defsecTypes.String(engine, dbClusterMetadata), - LatestRestorableTime: defsecTypes.TimeUnresolvable(dbClusterMetadata), + Engine: trivyTypes.String(engine, dbClusterMetadata), + LatestRestorableTime: trivyTypes.TimeUnresolvable(dbClusterMetadata), AvailabilityZones: availabilityZones, DeletionProtection: types.ToBool(dbCluster.DeletionProtection, dbClusterMetadata), } @@ -298,8 +298,8 @@ func (a *adapter) adaptParameterGroup(dbParameterGroup rdsTypes.DBParameterGroup return &rds.ParameterGroups{ Metadata: metadata, Parameters: parameter, - DBParameterGroupName: defsecTypes.String(awssdk.ToString(dbParameterGroup.DBParameterGroupName), metadata), - DBParameterGroupFamily: defsecTypes.String(awssdk.ToString(dbParameterGroup.DBParameterGroupFamily), metadata), + DBParameterGroupName: trivyTypes.String(awssdk.ToString(dbParameterGroup.DBParameterGroupName), metadata), + DBParameterGroupFamily: trivyTypes.String(awssdk.ToString(dbParameterGroup.DBParameterGroupFamily), metadata), }, nil } @@ -317,10 +317,10 @@ func (a *adapter) adaptDBSnapshots(dbSnapshots rdsTypes.DBSnapshot) (*rds.Snapsh if output.DBSnapshotAttributesResult != nil { for _, r := range output.DBSnapshotAttributesResult.DBSnapshotAttributes { - var AV []defsecTypes.StringValue + var AV []trivyTypes.StringValue if r.AttributeValues != nil { for _, Values := range r.AttributeValues { - AV = append(AV, defsecTypes.String(Values, metadata)) + AV = append(AV, trivyTypes.String(Values, metadata)) } } SnapshotAttributes = append(SnapshotAttributes, rds.DBSnapshotAttributes{ @@ -336,13 +336,13 @@ func (a *adapter) adaptDBSnapshots(dbSnapshots rdsTypes.DBSnapshot) (*rds.Snapsh DBSnapshotIdentifier: types.ToString(dbSnapshots.DBSnapshotIdentifier, metadata), DBSnapshotArn: types.ToString(dbSnapshots.DBSnapshotArn, metadata), Encrypted: types.ToBool(dbSnapshots.Encrypted, metadata), - KmsKeyId: defsecTypes.String("", metadata), + KmsKeyId: trivyTypes.String("", metadata), SnapshotAttributes: SnapshotAttributes, } // KMSKeyID is only set if Encryption is enabled if snapshots.Encrypted.IsTrue() { - snapshots.KmsKeyId = defsecTypes.StringDefault(awssdk.ToString(dbSnapshots.KmsKeyId), metadata) + snapshots.KmsKeyId = trivyTypes.StringDefault(awssdk.ToString(dbSnapshots.KmsKeyId), metadata) } return snapshots, nil @@ -359,17 +359,17 @@ func (a *adapter) adaptClassic(dbSecurityGroup rdsTypes.DBSecurityGroup) (*rds.D return dbsg, nil } -func getInstanceEncryption(storageEncrypted bool, kmsKeyID *string, metadata defsecTypes.Metadata) rds.Encryption { +func getInstanceEncryption(storageEncrypted bool, kmsKeyID *string, metadata trivyTypes.Metadata) rds.Encryption { encryption := rds.Encryption{ Metadata: metadata, - EncryptStorage: defsecTypes.BoolDefault(storageEncrypted, metadata), + EncryptStorage: trivyTypes.BoolDefault(storageEncrypted, metadata), KMSKeyID: types.ToString(kmsKeyID, metadata), } return encryption } -func getPerformanceInsights(enabled *bool, kmsKeyID *string, metadata defsecTypes.Metadata) rds.PerformanceInsights { +func getPerformanceInsights(enabled *bool, kmsKeyID *string, metadata trivyTypes.Metadata) rds.PerformanceInsights { performanceInsights := rds.PerformanceInsights{ Metadata: metadata, Enabled: types.ToBool(enabled, metadata), diff --git a/internal/adapters/cloud/aws/redshift/adapt.go b/internal/adapters/cloud/aws/redshift/adapt.go index 29e825b..13c67f1 100644 --- a/internal/adapters/cloud/aws/redshift/adapt.go +++ b/internal/adapters/cloud/aws/redshift/adapt.go @@ -3,9 +3,9 @@ package redshift import ( "strings" - "github.com/aquasecurity/defsec/pkg/providers/aws/redshift" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/redshift" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" awssdk "github.com/aws/aws-sdk-go-v2/aws" api "github.com/aws/aws-sdk-go-v2/service/redshift" redshiftTypes "github.com/aws/aws-sdk-go-v2/service/redshift/types" @@ -94,7 +94,7 @@ func (a *adapter) adaptCluster(apiCluster redshiftTypes.Cluster) (*redshift.Clus ClusterIdentifier: apiCluster.ClusterIdentifier, }) - loggingEnabled := defsecTypes.BoolDefault(false, metadata) + loggingEnabled := trivyTypes.BoolDefault(false, metadata) if err == nil { loggingEnabled = types.ToBool(output.LoggingEnabled, metadata) } diff --git a/internal/adapters/cloud/aws/s3/s3.go b/internal/adapters/cloud/aws/s3/s3.go index 55dfa37..cd0e7bb 100644 --- a/internal/adapters/cloud/aws/s3/s3.go +++ b/internal/adapters/cloud/aws/s3/s3.go @@ -3,10 +3,10 @@ package s3 import ( "strings" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/providers/aws/s3" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/s3" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" awssdk "github.com/aws/aws-sdk-go-v2/aws" s3api "github.com/aws/aws-sdk-go-v2/service/s3" s3types "github.com/aws/aws-sdk-go-v2/service/s3/types" @@ -84,9 +84,9 @@ func (a *adapter) adaptBucket(bucket s3types.Bucket) (*s3.Bucket, error) { bucketMetadata := a.CreateMetadata(*bucket.Name) - name := defsecTypes.StringDefault("", bucketMetadata) + name := trivyTypes.StringDefault("", bucketMetadata) if bucket.Name != nil { - name = defsecTypes.String(*bucket.Name, bucketMetadata) + name = trivyTypes.String(*bucket.Name, bucketMetadata) } b := s3.Bucket{ @@ -109,7 +109,7 @@ func (a *adapter) adaptBucket(bucket s3types.Bucket) (*s3.Bucket, error) { } -func (a *adapter) getPublicAccessBlock(bucketName *string, metadata defsecTypes.Metadata) *s3.PublicAccessBlock { +func (a *adapter) getPublicAccessBlock(bucketName *string, metadata trivyTypes.Metadata) *s3.PublicAccessBlock { publicAccessBlocks, err := a.api.GetPublicAccessBlock(a.Context(), &s3api.GetPublicAccessBlockInput{ Bucket: bucketName, @@ -132,15 +132,15 @@ func (a *adapter) getPublicAccessBlock(bucketName *string, metadata defsecTypes. config := publicAccessBlocks.PublicAccessBlockConfiguration pab := s3.NewPublicAccessBlock(metadata) - pab.BlockPublicACLs = defsecTypes.Bool(awssdk.ToBool(config.BlockPublicAcls), metadata) - pab.BlockPublicPolicy = defsecTypes.Bool(awssdk.ToBool(config.BlockPublicPolicy), metadata) - pab.IgnorePublicACLs = defsecTypes.Bool(awssdk.ToBool(config.IgnorePublicAcls), metadata) - pab.RestrictPublicBuckets = defsecTypes.Bool(awssdk.ToBool(config.RestrictPublicBuckets), metadata) + pab.BlockPublicACLs = trivyTypes.Bool(awssdk.ToBool(config.BlockPublicAcls), metadata) + pab.BlockPublicPolicy = trivyTypes.Bool(awssdk.ToBool(config.BlockPublicPolicy), metadata) + pab.IgnorePublicACLs = trivyTypes.Bool(awssdk.ToBool(config.IgnorePublicAcls), metadata) + pab.RestrictPublicBuckets = trivyTypes.Bool(awssdk.ToBool(config.RestrictPublicBuckets), metadata) return &pab } -func (a *adapter) getBucketPolicies(bucketName *string, metadata defsecTypes.Metadata) []iam.Policy { +func (a *adapter) getBucketPolicies(bucketName *string, metadata trivyTypes.Metadata) []iam.Policy { var bucketPolicies []iam.Policy bucketPolicy, err := a.api.GetBucketPolicy(a.Context(), &s3api.GetBucketPolicyInput{Bucket: bucketName}) @@ -165,12 +165,12 @@ func (a *adapter) getBucketPolicies(bucketName *string, metadata defsecTypes.Met bucketPolicies = append(bucketPolicies, iam.Policy{ Metadata: metadata, - Name: defsecTypes.StringDefault("", metadata), + Name: trivyTypes.StringDefault("", metadata), Document: iam.Document{ Metadata: metadata, Parsed: *policyDocument, }, - Builtin: defsecTypes.Bool(false, metadata), + Builtin: trivyTypes.Bool(false, metadata), }) } @@ -178,12 +178,12 @@ func (a *adapter) getBucketPolicies(bucketName *string, metadata defsecTypes.Met } -func (a *adapter) getBucketEncryption(bucketName *string, metadata defsecTypes.Metadata) s3.Encryption { +func (a *adapter) getBucketEncryption(bucketName *string, metadata trivyTypes.Metadata) s3.Encryption { bucketEncryption := s3.Encryption{ Metadata: metadata, - Enabled: defsecTypes.BoolDefault(false, metadata), - Algorithm: defsecTypes.StringDefault("", metadata), - KMSKeyId: defsecTypes.StringDefault("", metadata), + Enabled: trivyTypes.BoolDefault(false, metadata), + Algorithm: trivyTypes.StringDefault("", metadata), + KMSKeyId: trivyTypes.StringDefault("", metadata), } encryption, err := a.api.GetBucketEncryption(a.Context(), &s3api.GetBucketEncryptionInput{Bucket: bucketName}) @@ -201,25 +201,25 @@ func (a *adapter) getBucketEncryption(bucketName *string, metadata defsecTypes.M if encryption.ServerSideEncryptionConfiguration != nil && len(encryption.ServerSideEncryptionConfiguration.Rules) > 0 { defaultEncryption := encryption.ServerSideEncryptionConfiguration.Rules[0] algorithm := defaultEncryption.ApplyServerSideEncryptionByDefault.SSEAlgorithm - bucketEncryption.Algorithm = defsecTypes.StringDefault(string(algorithm), metadata) + bucketEncryption.Algorithm = trivyTypes.StringDefault(string(algorithm), metadata) bucketEncryption.Enabled = types.ToBool(defaultEncryption.BucketKeyEnabled, metadata) if algorithm != "" { - bucketEncryption.Enabled = defsecTypes.Bool(true, metadata) + bucketEncryption.Enabled = trivyTypes.Bool(true, metadata) } kmsKeyId := defaultEncryption.ApplyServerSideEncryptionByDefault.KMSMasterKeyID if kmsKeyId != nil { - bucketEncryption.KMSKeyId = defsecTypes.StringDefault(*kmsKeyId, metadata) + bucketEncryption.KMSKeyId = trivyTypes.StringDefault(*kmsKeyId, metadata) } } return bucketEncryption } -func (a *adapter) getBucketVersioning(bucketName *string, metadata defsecTypes.Metadata) s3.Versioning { +func (a *adapter) getBucketVersioning(bucketName *string, metadata trivyTypes.Metadata) s3.Versioning { bucketVersioning := s3.Versioning{ Metadata: metadata, - Enabled: defsecTypes.BoolDefault(false, metadata), - MFADelete: defsecTypes.BoolDefault(false, metadata), + Enabled: trivyTypes.BoolDefault(false, metadata), + MFADelete: trivyTypes.BoolDefault(false, metadata), } versioning, err := a.api.GetBucketVersioning(a.Context(), &s3api.GetBucketVersioningInput{Bucket: bucketName}) @@ -235,20 +235,20 @@ func (a *adapter) getBucketVersioning(bucketName *string, metadata defsecTypes.M } if versioning.Status == s3types.BucketVersioningStatusEnabled { - bucketVersioning.Enabled = defsecTypes.Bool(true, metadata) + bucketVersioning.Enabled = trivyTypes.Bool(true, metadata) } - bucketVersioning.MFADelete = defsecTypes.Bool(versioning.MFADelete == s3types.MFADeleteStatusEnabled, metadata) + bucketVersioning.MFADelete = trivyTypes.Bool(versioning.MFADelete == s3types.MFADeleteStatusEnabled, metadata) return bucketVersioning } -func (a *adapter) getBucketLogging(bucketName *string, metadata defsecTypes.Metadata) s3.Logging { +func (a *adapter) getBucketLogging(bucketName *string, metadata trivyTypes.Metadata) s3.Logging { bucketLogging := s3.Logging{ Metadata: metadata, - Enabled: defsecTypes.BoolDefault(false, metadata), - TargetBucket: defsecTypes.StringDefault("", metadata), + Enabled: trivyTypes.BoolDefault(false, metadata), + TargetBucket: trivyTypes.StringDefault("", metadata), } logging, err := a.api.GetBucketLogging(a.Context(), &s3api.GetBucketLoggingInput{Bucket: bucketName}) @@ -258,18 +258,18 @@ func (a *adapter) getBucketLogging(bucketName *string, metadata defsecTypes.Meta } if logging.LoggingEnabled != nil { - bucketLogging.Enabled = defsecTypes.Bool(true, metadata) - bucketLogging.TargetBucket = defsecTypes.StringDefault(*logging.LoggingEnabled.TargetBucket, metadata) + bucketLogging.Enabled = trivyTypes.Bool(true, metadata) + bucketLogging.TargetBucket = trivyTypes.StringDefault(*logging.LoggingEnabled.TargetBucket, metadata) } return bucketLogging } -func (a *adapter) getBucketACL(bucketName *string, metadata defsecTypes.Metadata) defsecTypes.StringValue { +func (a *adapter) getBucketACL(bucketName *string, metadata trivyTypes.Metadata) trivyTypes.StringValue { acl, err := a.api.GetBucketAcl(a.Context(), &s3api.GetBucketAclInput{Bucket: bucketName}) if err != nil { a.Debug("Error getting bucket ACL: %s", err) - return defsecTypes.StringDefault("private", metadata) + return trivyTypes.StringDefault("private", metadata) } aclValue := "private" @@ -289,10 +289,10 @@ func (a *adapter) getBucketACL(bucketName *string, metadata defsecTypes.Metadata } } - return defsecTypes.String(aclValue, metadata) + return trivyTypes.String(aclValue, metadata) } -func (a *adapter) getBucketLifecycle(bucketName *string, metadata defsecTypes.Metadata) []s3.Rules { +func (a *adapter) getBucketLifecycle(bucketName *string, metadata trivyTypes.Metadata) []s3.Rules { output, err := a.api.GetBucketLifecycleConfiguration(a.Context(), &s3api.GetBucketLifecycleConfigurationInput{ Bucket: bucketName, }) @@ -303,33 +303,33 @@ func (a *adapter) getBucketLifecycle(bucketName *string, metadata defsecTypes.Me for _, r := range output.Rules { rules = append(rules, s3.Rules{ Metadata: metadata, - Status: defsecTypes.String(string(r.Status), metadata), + Status: trivyTypes.String(string(r.Status), metadata), }) } return rules } -func (a *adapter) getBucketAccelarate(bucketName *string, metadata defsecTypes.Metadata) defsecTypes.StringValue { +func (a *adapter) getBucketAccelarate(bucketName *string, metadata trivyTypes.Metadata) trivyTypes.StringValue { output, err := a.api.GetBucketAccelerateConfiguration(a.Context(), &s3api.GetBucketAccelerateConfigurationInput{ Bucket: bucketName, }) if err != nil { - return defsecTypes.StringDefault("", metadata) + return trivyTypes.StringDefault("", metadata) } - return defsecTypes.String(string(output.Status), metadata) + return trivyTypes.String(string(output.Status), metadata) } -func (a *adapter) getBucketLocation(bucketName *string, metadata defsecTypes.Metadata) defsecTypes.StringValue { +func (a *adapter) getBucketLocation(bucketName *string, metadata trivyTypes.Metadata) trivyTypes.StringValue { output, err := a.api.GetBucketLocation(a.Context(), &s3api.GetBucketLocationInput{ Bucket: bucketName, }) if err != nil { - return defsecTypes.StringDefault("", metadata) + return trivyTypes.StringDefault("", metadata) } - return defsecTypes.String(string(output.LocationConstraint), metadata) + return trivyTypes.String(string(output.LocationConstraint), metadata) } -func (a *adapter) getObjects(bucketName *string, metadata defsecTypes.Metadata) []s3.Contents { +func (a *adapter) getObjects(bucketName *string, metadata trivyTypes.Metadata) []s3.Contents { output, err := a.api.ListObjects(a.Context(), &s3api.ListObjectsInput{ Bucket: bucketName, }) @@ -345,7 +345,7 @@ func (a *adapter) getObjects(bucketName *string, metadata defsecTypes.Metadata) return obj } -func (a *adapter) getWebsite(bucketName *string, metadata defsecTypes.Metadata) *s3.Website { +func (a *adapter) getWebsite(bucketName *string, metadata trivyTypes.Metadata) *s3.Website { website, err := a.api.GetBucketWebsite(a.Context(), &s3api.GetBucketWebsiteInput{ Bucket: bucketName, diff --git a/internal/adapters/cloud/aws/s3/s3_test.go b/internal/adapters/cloud/aws/s3/s3_test.go index 3b5d08a..14d122e 100644 --- a/internal/adapters/cloud/aws/s3/s3_test.go +++ b/internal/adapters/cloud/aws/s3/s3_test.go @@ -4,8 +4,8 @@ import ( "context" "testing" - "github.com/aquasecurity/defsec/pkg/providers/aws/s3" - "github.com/aquasecurity/defsec/pkg/state" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/s3" + "github.com/aquasecurity/trivy/pkg/iac/state" awssdk "github.com/aws/aws-sdk-go-v2/aws" s3api "github.com/aws/aws-sdk-go-v2/service/s3" s3types "github.com/aws/aws-sdk-go-v2/service/s3/types" diff --git a/internal/adapters/cloud/aws/sns/sns.go b/internal/adapters/cloud/aws/sns/sns.go index e213d0e..df94aa0 100644 --- a/internal/adapters/cloud/aws/sns/sns.go +++ b/internal/adapters/cloud/aws/sns/sns.go @@ -1,10 +1,10 @@ package sns import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/sns" - "github.com/aquasecurity/defsec/pkg/state" - "github.com/aquasecurity/defsec/pkg/types" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sns" + "github.com/aquasecurity/trivy/pkg/iac/state" + "github.com/aquasecurity/trivy/pkg/iac/types" snsapi "github.com/aws/aws-sdk-go-v2/service/sns" snsTypes "github.com/aws/aws-sdk-go-v2/service/sns/types" diff --git a/internal/adapters/cloud/aws/sns/sns_test.go b/internal/adapters/cloud/aws/sns/sns_test.go index 040f86a..bd30afc 100644 --- a/internal/adapters/cloud/aws/sns/sns_test.go +++ b/internal/adapters/cloud/aws/sns/sns_test.go @@ -5,10 +5,10 @@ import ( "testing" - "github.com/aquasecurity/defsec/pkg/providers/aws/sns" - "github.com/aquasecurity/defsec/pkg/state" aws2 "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws/test" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sns" + "github.com/aquasecurity/trivy/pkg/iac/state" "github.com/aws/aws-sdk-go-v2/aws" snsapi "github.com/aws/aws-sdk-go-v2/service/sns" "github.com/stretchr/testify/assert" diff --git a/internal/adapters/cloud/aws/sqs/sqs.go b/internal/adapters/cloud/aws/sqs/sqs.go index 3aba22c..7e359be 100644 --- a/internal/adapters/cloud/aws/sqs/sqs.go +++ b/internal/adapters/cloud/aws/sqs/sqs.go @@ -1,10 +1,10 @@ package sqs import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/providers/aws/sqs" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sqs" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" awssdk "github.com/aws/aws-sdk-go-v2/aws" sqsApi "github.com/aws/aws-sdk-go-v2/service/sqs" sqsTypes "github.com/aws/aws-sdk-go-v2/service/sqs/types" @@ -90,12 +90,12 @@ func (a *adapter) adaptQueue(queueUrl string) (*sqs.Queue, error) { queue := &sqs.Queue{ Metadata: queueMetadata, - QueueURL: defsecTypes.String(queueUrl, queueMetadata), + QueueURL: trivyTypes.String(queueUrl, queueMetadata), Policies: []iam.Policy{}, Encryption: sqs.Encryption{ Metadata: queueMetadata, - KMSKeyID: defsecTypes.StringDefault("", queueMetadata), - ManagedEncryption: defsecTypes.BoolDefault(false, queueMetadata), + KMSKeyID: trivyTypes.StringDefault("", queueMetadata), + ManagedEncryption: trivyTypes.BoolDefault(false, queueMetadata), }, } @@ -104,11 +104,11 @@ func (a *adapter) adaptQueue(queueUrl string) (*sqs.Queue, error) { queuePolicy := queueAttributes.Attributes[string(sqsTypes.QueueAttributeNamePolicy)] if sseEncrypted == "SSE-SQS" || sseEncrypted == "SSE-KMS" { - queue.Encryption.ManagedEncryption = defsecTypes.Bool(true, queueMetadata) + queue.Encryption.ManagedEncryption = trivyTypes.Bool(true, queueMetadata) } if kmsEncryption != "" { - queue.Encryption.KMSKeyID = defsecTypes.String(kmsEncryption, queueMetadata) + queue.Encryption.KMSKeyID = trivyTypes.String(kmsEncryption, queueMetadata) } if queuePolicy != "" { @@ -117,12 +117,12 @@ func (a *adapter) adaptQueue(queueUrl string) (*sqs.Queue, error) { queue.Policies = append(queue.Policies, iam.Policy{ Metadata: queueMetadata, - Name: defsecTypes.StringDefault("", queueMetadata), + Name: trivyTypes.StringDefault("", queueMetadata), Document: iam.Document{ Metadata: queueMetadata, Parsed: *policy, }, - Builtin: defsecTypes.Bool(false, queueMetadata), + Builtin: trivyTypes.Bool(false, queueMetadata), }) } diff --git a/internal/adapters/cloud/aws/sqs/sqs_test.go b/internal/adapters/cloud/aws/sqs/sqs_test.go index 9671303..e64e837 100644 --- a/internal/adapters/cloud/aws/sqs/sqs_test.go +++ b/internal/adapters/cloud/aws/sqs/sqs_test.go @@ -4,9 +4,9 @@ import ( "fmt" "testing" - "github.com/aquasecurity/defsec/pkg/providers/aws/sqs" - "github.com/aquasecurity/defsec/pkg/state" localstack "github.com/aquasecurity/go-mock-aws" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/sqs" + "github.com/aquasecurity/trivy/pkg/iac/state" awssdk "github.com/aws/aws-sdk-go-v2/aws" sqsapi "github.com/aws/aws-sdk-go-v2/service/sqs" sqsTypes "github.com/aws/aws-sdk-go-v2/service/sqs/types" diff --git a/internal/adapters/cloud/aws/ssm/adapt.go b/internal/adapters/cloud/aws/ssm/adapt.go index 963b03f..f881f56 100644 --- a/internal/adapters/cloud/aws/ssm/adapt.go +++ b/internal/adapters/cloud/aws/ssm/adapt.go @@ -1,8 +1,8 @@ package ssm import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/ssm" - "github.com/aquasecurity/defsec/pkg/state" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/ssm" + "github.com/aquasecurity/trivy/pkg/iac/state" awssdk "github.com/aws/aws-sdk-go-v2/aws" api "github.com/aws/aws-sdk-go-v2/service/secretsmanager" secretsmanagerTypes "github.com/aws/aws-sdk-go-v2/service/secretsmanager/types" diff --git a/internal/adapters/cloud/aws/workspaces/adapt.go b/internal/adapters/cloud/aws/workspaces/adapt.go index 7221102..dd666c3 100644 --- a/internal/adapters/cloud/aws/workspaces/adapt.go +++ b/internal/adapters/cloud/aws/workspaces/adapt.go @@ -1,8 +1,8 @@ package workspaces import ( - "github.com/aquasecurity/defsec/pkg/providers/aws/workspaces" - "github.com/aquasecurity/defsec/pkg/state" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/workspaces" + "github.com/aquasecurity/trivy/pkg/iac/state" awssdk "github.com/aws/aws-sdk-go-v2/aws" api "github.com/aws/aws-sdk-go-v2/service/workspaces" workspaceTypes "github.com/aws/aws-sdk-go-v2/service/workspaces/types" diff --git a/internal/adapters/cloud/options/options.go b/internal/adapters/cloud/options/options.go index 0d5c037..6f68dac 100644 --- a/internal/adapters/cloud/options/options.go +++ b/internal/adapters/cloud/options/options.go @@ -1,7 +1,7 @@ package options import ( - "github.com/aquasecurity/defsec/pkg/debug" + "github.com/aquasecurity/trivy/pkg/iac/debug" "github.com/aquasecurity/trivy-aws/pkg/concurrency" "github.com/aquasecurity/trivy-aws/pkg/progress" diff --git a/internal/testutil/util.go b/internal/testutil/util.go new file mode 100644 index 0000000..f16b95a --- /dev/null +++ b/internal/testutil/util.go @@ -0,0 +1,114 @@ +package testutil + +import ( + "encoding/json" + "io/fs" + "path/filepath" + "strings" + "testing" + + "github.com/liamg/memoryfs" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/aquasecurity/trivy/pkg/iac/scan" +) + +func AssertRuleFound(t *testing.T, ruleID string, results scan.Results, message string, args ...interface{}) { + found := ruleIDInResults(ruleID, results.GetFailed()) + assert.True(t, found, append([]interface{}{message}, args...)...) + for _, result := range results.GetFailed() { + if result.Rule().LongID() == ruleID { + m := result.Metadata() + meta := &m + for meta != nil { + assert.NotNil(t, meta.Range(), 0) + assert.Greater(t, meta.Range().GetStartLine(), 0) + assert.Greater(t, meta.Range().GetEndLine(), 0) + meta = meta.Parent() + } + } + } +} + +func AssertRuleNotFound(t *testing.T, ruleID string, results scan.Results, message string, args ...interface{}) { + found := ruleIDInResults(ruleID, results.GetFailed()) + assert.False(t, found, append([]interface{}{message}, args...)...) +} + +func ruleIDInResults(ruleID string, results scan.Results) bool { + for _, res := range results { + if res.Rule().LongID() == ruleID { + return true + } + } + return false +} + +func CreateFS(t *testing.T, files map[string]string) fs.FS { + memfs := memoryfs.New() + for name, content := range files { + name := strings.TrimPrefix(name, "/") + err := memfs.MkdirAll(filepath.Dir(name), 0o700) + require.NoError(t, err) + err = memfs.WriteFile(name, []byte(content), 0o644) + require.NoError(t, err) + } + return memfs +} + +func AssertDefsecEqual(t *testing.T, expected, actual interface{}) { + expectedJson, err := json.MarshalIndent(expected, "", "\t") + require.NoError(t, err) + actualJson, err := json.MarshalIndent(actual, "", "\t") + require.NoError(t, err) + + if expectedJson[0] == '[' { + var expectedSlice []map[string]interface{} + require.NoError(t, json.Unmarshal(expectedJson, &expectedSlice)) + var actualSlice []map[string]interface{} + require.NoError(t, json.Unmarshal(actualJson, &actualSlice)) + expectedSlice = purgeMetadataSlice(expectedSlice) + actualSlice = purgeMetadataSlice(actualSlice) + assert.Equal(t, expectedSlice, actualSlice, "defsec adapted and expected values do not match") + } else { + var expectedMap map[string]interface{} + require.NoError(t, json.Unmarshal(expectedJson, &expectedMap)) + var actualMap map[string]interface{} + require.NoError(t, json.Unmarshal(actualJson, &actualMap)) + expectedMap = purgeMetadata(expectedMap) + actualMap = purgeMetadata(actualMap) + assert.Equal(t, expectedMap, actualMap, "defsec adapted and expected values do not match") + } +} + +func purgeMetadata(input map[string]interface{}) map[string]interface{} { + for k, v := range input { + if k == "metadata" || k == "Metadata" { + delete(input, k) + continue + } + if v, ok := v.(map[string]interface{}); ok { + input[k] = purgeMetadata(v) + } + if v, ok := v.([]interface{}); ok { + if len(v) > 0 { + if _, ok := v[0].(map[string]interface{}); ok { + maps := make([]map[string]interface{}, len(v)) + for i := range v { + maps[i] = v[i].(map[string]interface{}) + } + input[k] = purgeMetadataSlice(maps) + } + } + } + } + return input +} + +func purgeMetadataSlice(input []map[string]interface{}) []map[string]interface{} { + for i := range input { + input[i] = purgeMetadata(input[i]) + } + return input +} diff --git a/pkg/concurrency/adapter.go b/pkg/concurrency/adapter.go index ef00304..c313aff 100644 --- a/pkg/concurrency/adapter.go +++ b/pkg/concurrency/adapter.go @@ -3,7 +3,7 @@ package concurrency import ( "sync" - "github.com/aquasecurity/defsec/pkg/state" + "github.com/aquasecurity/trivy/pkg/iac/state" "github.com/aquasecurity/trivy-aws/pkg/progress" ) diff --git a/pkg/scanner/options.go b/pkg/scanner/options.go index 63be2e1..092e354 100644 --- a/pkg/scanner/options.go +++ b/pkg/scanner/options.go @@ -1,7 +1,7 @@ package scanner import ( - "github.com/aquasecurity/defsec/pkg/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" "github.com/aquasecurity/trivy-aws/pkg/concurrency" "github.com/aquasecurity/trivy-aws/pkg/progress" diff --git a/pkg/scanner/scanner.go b/pkg/scanner/scanner.go index 16bfa70..53c52a8 100644 --- a/pkg/scanner/scanner.go +++ b/pkg/scanner/scanner.go @@ -10,15 +10,15 @@ import ( "runtime" "sync" - "github.com/aquasecurity/defsec/pkg/debug" - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/rego" - "github.com/aquasecurity/defsec/pkg/rules" - "github.com/aquasecurity/defsec/pkg/scan" - "github.com/aquasecurity/defsec/pkg/scanners/options" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" - defsecRules "github.com/aquasecurity/defsec/pkg/types/rules" + "github.com/aquasecurity/trivy/pkg/iac/debug" + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/rego" + "github.com/aquasecurity/trivy/pkg/iac/rules" + "github.com/aquasecurity/trivy/pkg/iac/scan" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" + defsecRules "github.com/aquasecurity/trivy/pkg/iac/types/rules" adapter "github.com/aquasecurity/trivy-aws/internal/adapters/cloud" "github.com/aquasecurity/trivy-aws/internal/adapters/cloud/aws" @@ -234,7 +234,7 @@ func (s *Scanner) initRegoScanner() (*rego.Scanner, error) { } } - regoScanner := rego.NewScanner(defsecTypes.SourceCloud, s.options...) + regoScanner := rego.NewScanner(trivyTypes.SourceCloud, s.options...) regoScanner.SetParentDebugLogger(s.debug) if err := regoScanner.LoadPolicies(s.loadEmbeddedLibraries, s.loadEmbeddedPolicies, srcFS, s.policyDirs, s.policyReaders); err != nil { return nil, err diff --git a/pkg/scanner/scanner_test.go b/pkg/scanner/scanner_test.go index ad84e7e..087bb80 100644 --- a/pkg/scanner/scanner_test.go +++ b/pkg/scanner/scanner_test.go @@ -5,18 +5,18 @@ import ( "io/fs" "testing" - "github.com/aquasecurity/defsec/pkg/providers/aws/iam" - "github.com/aquasecurity/defsec/pkg/providers/azure" - "github.com/aquasecurity/defsec/pkg/providers/azure/authorization" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/iam" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure" + "github.com/aquasecurity/trivy/pkg/iac/providers/azure/authorization" - "github.com/aquasecurity/defsec/pkg/framework" - "github.com/aquasecurity/defsec/pkg/providers/aws" - "github.com/aquasecurity/defsec/pkg/providers/aws/rds" - "github.com/aquasecurity/defsec/pkg/scanners/options" - "github.com/aquasecurity/defsec/pkg/state" - defsecTypes "github.com/aquasecurity/defsec/pkg/types" - defsecRules "github.com/aquasecurity/defsec/pkg/types/rules" - "github.com/aquasecurity/defsec/test/testutil" + "github.com/aquasecurity/trivy-aws/internal/testutil" + "github.com/aquasecurity/trivy/pkg/iac/framework" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws" + "github.com/aquasecurity/trivy/pkg/iac/providers/aws/rds" + "github.com/aquasecurity/trivy/pkg/iac/scanners/options" + "github.com/aquasecurity/trivy/pkg/iac/state" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" + defsecRules "github.com/aquasecurity/trivy/pkg/iac/types/rules" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) @@ -113,8 +113,8 @@ deny[res] { state: state.State{AWS: aws.AWS{ RDS: rds.RDS{ Instances: []rds.Instance{ - {Metadata: defsecTypes.Metadata{}, - PublicAccess: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + {Metadata: trivyTypes.Metadata{}, + PublicAccess: trivyTypes.Bool(true, trivyTypes.NewTestMetadata()), }, }, }, @@ -155,8 +155,8 @@ deny[res] { state: state.State{AWS: aws.AWS{ RDS: rds.RDS{ Instances: []rds.Instance{ - {Metadata: defsecTypes.Metadata{}, - PublicAccess: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + {Metadata: trivyTypes.Metadata{}, + PublicAccess: trivyTypes.Bool(true, trivyTypes.NewTestMetadata()), }, }, }, @@ -197,8 +197,8 @@ deny[res] { state: state.State{AWS: aws.AWS{ RDS: rds.RDS{ Instances: []rds.Instance{ - {Metadata: defsecTypes.Metadata{}, - PublicAccess: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + {Metadata: trivyTypes.Metadata{}, + PublicAccess: trivyTypes.Bool(true, trivyTypes.NewTestMetadata()), }, }, }, @@ -234,8 +234,8 @@ deny[res] { state: state.State{AWS: aws.AWS{ RDS: rds.RDS{ Instances: []rds.Instance{ - {Metadata: defsecTypes.Metadata{}, - PublicAccess: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + {Metadata: trivyTypes.Metadata{}, + PublicAccess: trivyTypes.Bool(true, trivyTypes.NewTestMetadata()), }, }, }, @@ -279,8 +279,8 @@ deny[res] { state: state.State{AWS: aws.AWS{ RDS: rds.RDS{ Instances: []rds.Instance{ - {Metadata: defsecTypes.Metadata{}, - PublicAccess: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + {Metadata: trivyTypes.Metadata{}, + PublicAccess: trivyTypes.Bool(true, trivyTypes.NewTestMetadata()), }, }, }, @@ -359,8 +359,8 @@ deny[res] { state: state.State{AWS: aws.AWS{ RDS: rds.RDS{ Instances: []rds.Instance{ - {Metadata: defsecTypes.Metadata{}, - PublicAccess: defsecTypes.Bool(true, defsecTypes.NewTestMetadata()), + {Metadata: trivyTypes.Metadata{}, + PublicAccess: trivyTypes.Bool(true, trivyTypes.NewTestMetadata()), }, }, }, @@ -409,23 +409,23 @@ deny[res] { AWS: aws.AWS{ IAM: iam.IAM{ PasswordPolicy: iam.PasswordPolicy{ - MinimumLength: defsecTypes.Int(1, defsecTypes.NewTestMetadata()), + MinimumLength: trivyTypes.Int(1, trivyTypes.NewTestMetadata()), }}, }, Azure: azure.Azure{ Authorization: authorization.Authorization{ RoleDefinitions: []authorization.RoleDefinition{{ - Metadata: defsecTypes.NewTestMetadata(), + Metadata: trivyTypes.NewTestMetadata(), Permissions: []authorization.Permission{ { - Metadata: defsecTypes.NewTestMetadata(), - Actions: []defsecTypes.StringValue{ - defsecTypes.String("*", defsecTypes.NewTestMetadata()), + Metadata: trivyTypes.NewTestMetadata(), + Actions: []trivyTypes.StringValue{ + trivyTypes.String("*", trivyTypes.NewTestMetadata()), }, }, }, - AssignableScopes: []defsecTypes.StringValue{ - defsecTypes.StringUnresolvable(defsecTypes.NewTestMetadata()), + AssignableScopes: []trivyTypes.StringValue{ + trivyTypes.StringUnresolvable(trivyTypes.NewTestMetadata()), }}, }}, }, @@ -515,8 +515,8 @@ deny[res] { state: state.State{AWS: aws.AWS{ RDS: rds.RDS{ Instances: []rds.Instance{ - {Metadata: defsecTypes.Metadata{}, - PublicAccess: defsecTypes.Bool(false, defsecTypes.NewTestMetadata()), + {Metadata: trivyTypes.Metadata{}, + PublicAccess: trivyTypes.Bool(false, trivyTypes.NewTestMetadata()), }, }, }, diff --git a/pkg/types/types.go b/pkg/types/types.go index 5a98be5..71774e5 100644 --- a/pkg/types/types.go +++ b/pkg/types/types.go @@ -1,26 +1,26 @@ package types import ( - defsecTypes "github.com/aquasecurity/defsec/pkg/types" + trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types" ) -func ToString(p *string, m defsecTypes.Metadata) defsecTypes.StringValue { +func ToString(p *string, m trivyTypes.Metadata) trivyTypes.StringValue { if p == nil { - return defsecTypes.StringDefault("", m) + return trivyTypes.StringDefault("", m) } - return defsecTypes.String(*p, m) + return trivyTypes.String(*p, m) } -func ToBool(p *bool, m defsecTypes.Metadata) defsecTypes.BoolValue { +func ToBool(p *bool, m trivyTypes.Metadata) trivyTypes.BoolValue { if p == nil { - return defsecTypes.BoolDefault(false, m) + return trivyTypes.BoolDefault(false, m) } - return defsecTypes.Bool(*p, m) + return trivyTypes.Bool(*p, m) } -func ToInt(p *int32, m defsecTypes.Metadata) defsecTypes.IntValue { +func ToInt(p *int32, m trivyTypes.Metadata) trivyTypes.IntValue { if p == nil { - return defsecTypes.IntDefault(0, m) + return trivyTypes.IntDefault(0, m) } - return defsecTypes.IntFromInt32(*p, m) + return trivyTypes.IntFromInt32(*p, m) }