/
scanner.go
128 lines (108 loc) · 3.02 KB
/
scanner.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
package options
import (
"io"
"io/fs"
"github.com/aquasecurity/defsec/pkg/framework"
)
type ConfigurableScanner interface {
SetDebugWriter(io.Writer)
SetTraceWriter(io.Writer)
SetPerResultTracingEnabled(bool)
SetPolicyDirs(...string)
SetDataDirs(...string)
SetPolicyNamespaces(...string)
SetSkipRequiredCheck(bool)
SetPolicyReaders([]io.Reader)
SetPolicyFilesystem(fs.FS)
SetDataFilesystem(fs.FS)
SetUseEmbeddedPolicies(bool)
SetFrameworks(frameworks []framework.Framework)
SetSpec(spec string)
SetRegoOnly(regoOnly bool)
SetRegoErrorLimit(limit int)
SetUseEmbeddedLibraries(bool)
}
type ScannerOption func(s ConfigurableScanner)
func ScannerWithFrameworks(frameworks ...framework.Framework) ScannerOption {
return func(s ConfigurableScanner) {
s.SetFrameworks(frameworks)
}
}
func ScannerWithSpec(spec string) ScannerOption {
return func(s ConfigurableScanner) {
s.SetSpec(spec)
}
}
func ScannerWithPolicyReader(readers ...io.Reader) ScannerOption {
return func(s ConfigurableScanner) {
s.SetPolicyReaders(readers)
}
}
// ScannerWithDebug specifies an io.Writer for debug logs - if not set, they are discarded
func ScannerWithDebug(w io.Writer) ScannerOption {
return func(s ConfigurableScanner) {
s.SetDebugWriter(w)
}
}
func ScannerWithEmbeddedPolicies(embedded bool) ScannerOption {
return func(s ConfigurableScanner) {
s.SetUseEmbeddedPolicies(embedded)
}
}
func ScannerWithEmbeddedLibraries(enabled bool) ScannerOption {
return func(s ConfigurableScanner) {
s.SetUseEmbeddedLibraries(enabled)
}
}
// ScannerWithTrace specifies an io.Writer for trace logs (mainly rego tracing) - if not set, they are discarded
func ScannerWithTrace(w io.Writer) ScannerOption {
return func(s ConfigurableScanner) {
s.SetTraceWriter(w)
}
}
func ScannerWithPerResultTracing(enabled bool) ScannerOption {
return func(s ConfigurableScanner) {
s.SetPerResultTracingEnabled(enabled)
}
}
func ScannerWithPolicyDirs(paths ...string) ScannerOption {
return func(s ConfigurableScanner) {
s.SetPolicyDirs(paths...)
}
}
func ScannerWithDataDirs(paths ...string) ScannerOption {
return func(s ConfigurableScanner) {
s.SetDataDirs(paths...)
}
}
// ScannerWithPolicyNamespaces - namespaces which indicate rego policies containing enforced rules
func ScannerWithPolicyNamespaces(namespaces ...string) ScannerOption {
return func(s ConfigurableScanner) {
s.SetPolicyNamespaces(namespaces...)
}
}
func ScannerWithSkipRequiredCheck(skip bool) ScannerOption {
return func(s ConfigurableScanner) {
s.SetSkipRequiredCheck(skip)
}
}
func ScannerWithPolicyFilesystem(f fs.FS) ScannerOption {
return func(s ConfigurableScanner) {
s.SetPolicyFilesystem(f)
}
}
func ScannerWithDataFilesystem(f fs.FS) ScannerOption {
return func(s ConfigurableScanner) {
s.SetDataFilesystem(f)
}
}
func ScannerWithRegoOnly(regoOnly bool) ScannerOption {
return func(s ConfigurableScanner) {
s.SetRegoOnly(regoOnly)
}
}
func ScannerWithRegoErrorLimits(limit int) ScannerOption {
return func(s ConfigurableScanner) {
s.SetRegoErrorLimit(limit)
}
}