From a97b589baa6c1f7f9ec2ae5fd78eb252a84bbbe3 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Thu, 20 Aug 2020 20:08:04 +0200 Subject: [PATCH 1/5] Add version as a env var to the docker image --- .github/workflows/ci.yaml | 4 ++++ operator/Dockerfile | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 572c987c..c4f36b60 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -63,12 +63,16 @@ jobs: cd operator/ go fmt ./... go vet ./... + - name: Parse Tag + id: parse-tag + run: echo ::set-output name=version::${GITHUB_REF#refs/*/} - name: "Build'n Push Operator" uses: docker/build-push-action@v1 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} repository: scbexperimental/operator + build_args: VERSION=`${{ steps.parse-tag.outputs.version }} tag_with_ref: true tag_with_sha: true path: ./operator/ diff --git a/operator/Dockerfile b/operator/Dockerfile index 42586593..34d572b9 100644 --- a/operator/Dockerfile +++ b/operator/Dockerfile @@ -13,6 +13,7 @@ RUN go mod download COPY main.go main.go COPY apis/ apis/ COPY controllers/ controllers/ +COPY internal/ internal/ COPY utils/ utils/ # Build @@ -21,6 +22,11 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details FROM gcr.io/distroless/static:nonroot + +ARG VERSION=unkown +ENV VERSION ENV ${BRANCH} +ENV TELEMETRY_ENABLED "true" + WORKDIR / COPY --from=builder /workspace/manager . USER nonroot:nonroot From 1105ff07a94698ecc2a5b1d8a5224c77e12025fe Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Thu, 20 Aug 2020 20:12:54 +0200 Subject: [PATCH 2/5] Add telemetry client sending the telemetry data to the backend --- operator/internal/telemetry/telemetry.go | 101 +++++++++++++++++++++++ operator/main.go | 5 ++ 2 files changed, 106 insertions(+) create mode 100644 operator/internal/telemetry/telemetry.go diff --git a/operator/internal/telemetry/telemetry.go b/operator/internal/telemetry/telemetry.go new file mode 100644 index 00000000..858f9669 --- /dev/null +++ b/operator/internal/telemetry/telemetry.go @@ -0,0 +1,101 @@ +package telemetry + +import ( + "bytes" + "context" + "encoding/json" + "net/http" + "os" + "time" + + "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/go-logr/logr" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +var telemetryInterval = 24 * time.Hour + +// officialScanTypes contains the list of official secureCodeBox Scan Types. +// Unofficial Scan Types should be reported as "other" to avoid leakage of confidential data via the scan-types name +var officialScanTypes map[string]bool = map[string]bool{ + "amass": true, + "kube-hunter": true, + "kubeaudit": true, + "ncrack": true, + "nikto": true, + "nmap": true, + "ssh-scan": true, + "sslyze": true, + "trivy": true, + "wpscan": true, + "zap-baseline": true, + "zap-api-scan": true, + "zap-full-scan": true, +} + +// telemetryData submitted by operator +type telemetryData struct { + Version string `json:"version"` + InstalledScanTypes []string `json:"installedScanTypes"` +} + +// Loop Submits Telemetry Data in a regular interval +func Loop(apiClient client.Client, log logr.Logger) { + log.Info("The Operator sends anonymous telemetry data, to give the team an overview how much the secureCodeBox is used. Find out more at https://www.securecodebox.io/telemetry") + + // Wait until controller cache is initialized + time.Sleep(10 * time.Second) + + for { + var version string + if envVersion, ok := os.LookupEnv("VERSION"); ok { + version = envVersion + } else { + version = "unkown" + } + + ctx := context.Background() + + installedScanTypes := map[string]bool{} + var scanTypes executionv1.ScanTypeList + err := apiClient.List(ctx, &scanTypes, client.InNamespace(metav1.NamespaceAll)) + + if err != nil { + log.Error(err, "Failed to list ScanTypes") + } + for _, scanType := range scanTypes.Items { + installedScanTypes[scanType.Name] = true + } + + installedScanTypesList := []string{} + for key := range installedScanTypes { + if _, ok := officialScanTypes[key]; ok { + installedScanTypesList = append(installedScanTypesList, key) + } else { + installedScanTypesList = append(installedScanTypesList, "other") + } + } + + log.Info("Submitting Anonymous Telemetry Data", "Version", version, "InstalledScanTypes", installedScanTypesList) + + reqBody, err := json.Marshal(telemetryData{ + Version: version, + InstalledScanTypes: installedScanTypesList, + }) + + if err != nil { + log.Error(err, "Failed to encode telemetry data to json") + } + response, err := http.Post("https://telemetry.chase.securecodebox.io/v1/submit", "application/json", bytes.NewBuffer(reqBody)) + if err != nil { + log.Error(err, "Failed to send telemetry data") + } + if response != nil { + response.Body.Close() + } + + time.Sleep(telemetryInterval) + } +} diff --git a/operator/main.go b/operator/main.go index 4551bac9..18d1e58e 100644 --- a/operator/main.go +++ b/operator/main.go @@ -32,6 +32,7 @@ import ( executioncontroller "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/controllers/execution" scancontroller "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/controllers/execution/scans" targetscontroller "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/controllers/targets" + "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/internal/telemetry" // +kubebuilder:scaffold:imports ) @@ -98,6 +99,10 @@ func main() { } // +kubebuilder:scaffold:builder + if enabled, ok := os.LookupEnv("TELEMETRY_ENABLED"); ok && enabled == "true" { + go telemetry.Loop(mgr.GetClient(), ctrl.Log.WithName("telemetry")) + } + setupLog.Info("starting manager") if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { setupLog.Error(err, "problem running manager") From 123aec9fdd2ba9ef2507f9537d3fa2442604ba1b Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Thu, 27 Aug 2020 15:09:05 +0200 Subject: [PATCH 3/5] Add helm value to disable telemetry data collection --- operator/templates/manager/manager.yaml | 2 ++ operator/values.yaml | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/operator/templates/manager/manager.yaml b/operator/templates/manager/manager.yaml index 2ee84703..721f70d1 100644 --- a/operator/templates/manager/manager.yaml +++ b/operator/templates/manager/manager.yaml @@ -28,6 +28,8 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} name: manager env: + - name: TELEMETRY_ENABLED + value: {{ .Values.telemetryEnabled | quote }} # TODO: integrate with cert manager and auto gen a cert for minio {{- if .Values.minio.enabled }} - name: S3_USE_SSL diff --git a/operator/values.yaml b/operator/values.yaml index 2a6e396d..c2e7a44d 100644 --- a/operator/values.yaml +++ b/operator/values.yaml @@ -2,6 +2,9 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +# telemetryEnabled -- The Operator sends anonymous telemetry data, to give the team an overview how much the secureCodeBox is used. Find out more at https://www.securecodebox.io/telemetry +telemetryEnabled: true + image: registry: docker.io repository: scbexperimental/operator @@ -45,4 +48,4 @@ resources: memory: 30Mi requests: cpu: 100m - memory: 20Mi \ No newline at end of file + memory: 20Mi From 000da5f46f3aff6846e30cc0a0e3ffe0b8cf78c4 Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Tue, 1 Sep 2020 11:17:47 +0200 Subject: [PATCH 4/5] Add notes.txt file for Operator Chart --- operator/templates/NOTES.txt | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 operator/templates/NOTES.txt diff --git a/operator/templates/NOTES.txt b/operator/templates/NOTES.txt new file mode 100644 index 00000000..98256c15 --- /dev/null +++ b/operator/templates/NOTES.txt @@ -0,0 +1,15 @@ +secureCodeBox Operator Deployed 🚀 + +The operator can orchestrate the execution of various security scanning tools inside of your cluster. +You can find a list of all officially supported scanners here: https://www.securecodebox.io/integrations/ +The website also lists other integrations, like persisting scan results to DefectDojo or Elasticsearch. + +{{ if .Values.telemetryEnabled -}} +The operator send out regular telemetry pings to a central service. +This lets us, the secureCodeBox team, get a grasp on how much the secureCodeBox is used. +The submitted data is chosen to be as anonymous as possible. +You can find a complete report of the data submitted and links to the source-code at: https://www.securecodebox.io/telemetry +The first ping is send one hour after the install, you can prevent this by upgrading the chart and setting `telemetryEnabled` to `false`. +{{ else -}} +Telemetry data collection has been disabled. +{{ end -}} \ No newline at end of file From 79500ae7e879acdf846b164f2794e02925faf00a Mon Sep 17 00:00:00 2001 From: Jannik Hollenbach <13718901+J12934@users.noreply.github.com> Date: Fri, 4 Sep 2020 12:53:04 +0200 Subject: [PATCH 5/5] Merge branch 'master' into telemetry --- .github/workflows/ci.yaml | 6 +- README.md | 2 +- auto-discovery/kubernetes/.gitignore | 24 - auto-discovery/kubernetes/Dockerfile | 27 - auto-discovery/kubernetes/Makefile | 80 --- auto-discovery/kubernetes/PROJECT | 3 - .../config/certmanager/certificate.yaml | 26 - .../config/certmanager/kustomization.yaml | 5 - .../config/certmanager/kustomizeconfig.yaml | 16 - .../config/default/kustomization.yaml | 70 --- .../default/manager_auth_proxy_patch.yaml | 25 - .../config/default/manager_webhook_patch.yaml | 23 - .../default/webhookcainjection_patch.yaml | 15 - .../config/manager/kustomization.yaml | 2 - .../kubernetes/config/manager/manager.yaml | 39 -- .../config/prometheus/kustomization.yaml | 2 - .../kubernetes/config/prometheus/monitor.yaml | 16 - .../rbac/auth_proxy_client_clusterrole.yaml | 7 - .../config/rbac/auth_proxy_role.yaml | 13 - .../config/rbac/auth_proxy_role_binding.yaml | 12 - .../config/rbac/auth_proxy_service.yaml | 14 - .../kubernetes/config/rbac/kustomization.yaml | 12 - .../config/rbac/leader_election_role.yaml | 32 -- .../rbac/leader_election_role_binding.yaml | 12 - .../kubernetes/config/rbac/role.yaml | 22 - .../kubernetes/config/rbac/role_binding.yaml | 12 - .../config/webhook/kustomization.yaml | 6 - .../config/webhook/kustomizeconfig.yaml | 25 - .../kubernetes/config/webhook/service.yaml | 12 - .../controllers/ingress_scan_controller.go | 202 -------- .../kubernetes/controllers/suite_test.go | 76 --- auto-discovery/kubernetes/go.mod | 16 - auto-discovery/kubernetes/go.sum | 470 ------------------ .../kubernetes/hack/boilerplate.go.txt | 15 - auto-discovery/kubernetes/main.go | 86 ---- auto-discovery/readme.md | 16 - docs/adr/adr_0002.adoc | 182 +++++++ .../templates/NOTES.txt | 2 +- lurcher/Dockerfile | 3 +- lurcher/go.mod | 4 +- lurcher/job.yaml | 57 --- lurcher/result.xml | 1 - operator/Dockerfile | 2 +- operator/PROJECT | 2 +- .../apis/cascading/v1/cascadingrule_types.go | 2 +- operator/apis/targets/v1/groupversion_info.go | 36 -- operator/apis/targets/v1/host_types.go | 82 --- .../apis/targets/v1/zz_generated.deepcopy.go | 135 ----- ...s.experimental.securecodebox.io_hosts.yaml | 124 ----- .../crd/patches/cainjection_in_hosts.yaml | 8 - operator/config/rbac/role.yaml | 20 - .../execution/scans/hook_reconciler.go | 4 +- operator/controllers/execution/scans/job.go | 2 +- .../execution/scans/parse_reconciler.go | 4 +- .../execution/scans/scan_controller.go | 2 +- .../execution/scans/scan_reconciler.go | 4 +- .../execution/scheduledscan_controller.go | 2 +- operator/controllers/execution/suite_test.go | 2 +- .../controllers/targets/host_controller.go | 236 --------- operator/controllers/targets/suite_test.go | 81 --- ...s.experimental.securecodebox.io_hosts.yaml | 124 ----- operator/go.mod | 4 +- operator/go.sum | 3 +- operator/internal/telemetry/telemetry.go | 2 +- operator/main.go | 21 +- operator/templates/rbac/role.yaml | 20 - package.json | 6 +- scanners/amass/Chart.yaml | 2 +- scanners/amass/README.md | 20 +- scanners/amass/examples/example.com/README.md | 9 + scanners/nmap/README.md | 2 +- scanners/ssh_scan/README.md | 2 +- scanners/zap/README.md | 7 +- 73 files changed, 240 insertions(+), 2420 deletions(-) delete mode 100644 auto-discovery/kubernetes/.gitignore delete mode 100644 auto-discovery/kubernetes/Dockerfile delete mode 100644 auto-discovery/kubernetes/Makefile delete mode 100644 auto-discovery/kubernetes/PROJECT delete mode 100644 auto-discovery/kubernetes/config/certmanager/certificate.yaml delete mode 100644 auto-discovery/kubernetes/config/certmanager/kustomization.yaml delete mode 100644 auto-discovery/kubernetes/config/certmanager/kustomizeconfig.yaml delete mode 100644 auto-discovery/kubernetes/config/default/kustomization.yaml delete mode 100644 auto-discovery/kubernetes/config/default/manager_auth_proxy_patch.yaml delete mode 100644 auto-discovery/kubernetes/config/default/manager_webhook_patch.yaml delete mode 100644 auto-discovery/kubernetes/config/default/webhookcainjection_patch.yaml delete mode 100644 auto-discovery/kubernetes/config/manager/kustomization.yaml delete mode 100644 auto-discovery/kubernetes/config/manager/manager.yaml delete mode 100644 auto-discovery/kubernetes/config/prometheus/kustomization.yaml delete mode 100644 auto-discovery/kubernetes/config/prometheus/monitor.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/auth_proxy_client_clusterrole.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/auth_proxy_role.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/auth_proxy_role_binding.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/auth_proxy_service.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/kustomization.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/leader_election_role.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/leader_election_role_binding.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/role.yaml delete mode 100644 auto-discovery/kubernetes/config/rbac/role_binding.yaml delete mode 100644 auto-discovery/kubernetes/config/webhook/kustomization.yaml delete mode 100644 auto-discovery/kubernetes/config/webhook/kustomizeconfig.yaml delete mode 100644 auto-discovery/kubernetes/config/webhook/service.yaml delete mode 100644 auto-discovery/kubernetes/controllers/ingress_scan_controller.go delete mode 100644 auto-discovery/kubernetes/controllers/suite_test.go delete mode 100644 auto-discovery/kubernetes/go.mod delete mode 100644 auto-discovery/kubernetes/go.sum delete mode 100644 auto-discovery/kubernetes/hack/boilerplate.go.txt delete mode 100644 auto-discovery/kubernetes/main.go delete mode 100644 auto-discovery/readme.md create mode 100644 docs/adr/adr_0002.adoc delete mode 100644 lurcher/job.yaml delete mode 100644 lurcher/result.xml delete mode 100644 operator/apis/targets/v1/groupversion_info.go delete mode 100644 operator/apis/targets/v1/host_types.go delete mode 100644 operator/apis/targets/v1/zz_generated.deepcopy.go delete mode 100644 operator/config/crd/bases/targets.experimental.securecodebox.io_hosts.yaml delete mode 100644 operator/config/crd/patches/cainjection_in_hosts.yaml delete mode 100644 operator/controllers/targets/host_controller.go delete mode 100644 operator/controllers/targets/suite_test.go delete mode 100644 operator/crds/targets.experimental.securecodebox.io_hosts.yaml create mode 100644 scanners/amass/examples/example.com/README.md diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index c4f36b60..df05aaf0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -57,7 +57,7 @@ jobs: - uses: actions/checkout@master - uses: actions/setup-go@v2-beta with: - go-version: "1.13" + go-version: "1.15" - name: "Lint Operator Go Code" run: | cd operator/ @@ -83,7 +83,7 @@ jobs: - uses: actions/checkout@master - uses: actions/setup-go@v2-beta with: - go-version: "1.13" + go-version: "1.15" - name: "Lint Lurcher Go Code" run: | cd lurcher/ @@ -320,7 +320,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - k8sVersion: ["1.18.6", "1.17.5", "1.16.9", "1.15.11"] + k8sVersion: ["1.19.0", "1.18.8", "1.17.5", "1.16.9"] steps: - uses: actions/checkout@master - name: "Start kind cluster" diff --git a/README.md b/README.md index 79645992..36edf449 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,7 @@ There is a German article about [Security DevOps – Angreifern (immer) einen Sc ### Prerequisites -- kubernetes (last 4 major releases supported: `1.15`, `1.16`, `1.17` & `1.18`) +- kubernetes (last 4 major releases supported: `1.16`, `1.17`, `1.18` & `1.19`) ### Deployment (based on Helm) diff --git a/auto-discovery/kubernetes/.gitignore b/auto-discovery/kubernetes/.gitignore deleted file mode 100644 index d97ffc51..00000000 --- a/auto-discovery/kubernetes/.gitignore +++ /dev/null @@ -1,24 +0,0 @@ - -# Binaries for programs and plugins -*.exe -*.exe~ -*.dll -*.so -*.dylib -bin - -# Test binary, build with `go test -c` -*.test - -# Output of the go coverage tool, specifically when used with LiteIDE -*.out - -# Kubernetes Generated files - skip generated files, except for vendored files - -!vendor/**/zz_generated.* - -# editor and IDE paraphernalia -.idea -*.swp -*.swo -*~ diff --git a/auto-discovery/kubernetes/Dockerfile b/auto-discovery/kubernetes/Dockerfile deleted file mode 100644 index 74eb9d74..00000000 --- a/auto-discovery/kubernetes/Dockerfile +++ /dev/null @@ -1,27 +0,0 @@ -# Build the manager binary -FROM golang:1.13 as builder - -WORKDIR /workspace -# Copy the Go Modules manifests -COPY go.mod go.mod -COPY go.sum go.sum -# cache deps before building and copying source so that we don't need to re-download as much -# and so that source changes don't invalidate our downloaded layer -RUN go mod download - -# Copy the go source -COPY main.go main.go -COPY api/ api/ -COPY controllers/ controllers/ - -# Build -RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go - -# Use distroless as minimal base image to package the manager binary -# Refer to https://github.com/GoogleContainerTools/distroless for more details -FROM gcr.io/distroless/static:nonroot -WORKDIR / -COPY --from=builder /workspace/manager . -USER nonroot:nonroot - -ENTRYPOINT ["/manager"] diff --git a/auto-discovery/kubernetes/Makefile b/auto-discovery/kubernetes/Makefile deleted file mode 100644 index 5da22b5b..00000000 --- a/auto-discovery/kubernetes/Makefile +++ /dev/null @@ -1,80 +0,0 @@ - -# Image URL to use all building/pushing image targets -IMG ?= controller:latest -# Produce CRDs that work back to Kubernetes 1.11 (no version conversion) -CRD_OPTIONS ?= "crd:trivialVersions=true" - -# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) -ifeq (,$(shell go env GOBIN)) -GOBIN=$(shell go env GOPATH)/bin -else -GOBIN=$(shell go env GOBIN) -endif - -all: manager - -# Run tests -test: generate fmt vet manifests - go test ./... -coverprofile cover.out - -# Build manager binary -manager: generate fmt vet - go build -o bin/manager main.go - -# Run against the configured Kubernetes cluster in ~/.kube/config -run: generate fmt vet manifests - go run ./main.go - -# Install CRDs into a cluster -install: manifests - kustomize build config/crd | kubectl apply -f - - -# Uninstall CRDs from a cluster -uninstall: manifests - kustomize build config/crd | kubectl delete -f - - -# Deploy controller in the configured Kubernetes cluster in ~/.kube/config -deploy: manifests - cd config/manager && kustomize edit set image controller=${IMG} - kustomize build config/default | kubectl apply -f - - -# Generate manifests e.g. CRD, RBAC etc. -manifests: controller-gen - $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases - -# Run go fmt against code -fmt: - go fmt ./... - -# Run go vet against code -vet: - go vet ./... - -# Generate code -generate: controller-gen - $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." - -# Build the docker image -docker-build: test - docker build . -t ${IMG} - -# Push the docker image -docker-push: - docker push ${IMG} - -# find or download controller-gen -# download controller-gen if necessary -controller-gen: -ifeq (, $(shell which controller-gen)) - @{ \ - set -e ;\ - CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\ - cd $$CONTROLLER_GEN_TMP_DIR ;\ - go mod init tmp ;\ - go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.2.5 ;\ - rm -rf $$CONTROLLER_GEN_TMP_DIR ;\ - } -CONTROLLER_GEN=$(GOBIN)/controller-gen -else -CONTROLLER_GEN=$(shell which controller-gen) -endif diff --git a/auto-discovery/kubernetes/PROJECT b/auto-discovery/kubernetes/PROJECT deleted file mode 100644 index 12d65693..00000000 --- a/auto-discovery/kubernetes/PROJECT +++ /dev/null @@ -1,3 +0,0 @@ -domain: securecodebox.io -repo: github.com/secureCodeBox/secureCodeBox-v2-alpha/cloud-integrations/kubernetes -version: "2" diff --git a/auto-discovery/kubernetes/config/certmanager/certificate.yaml b/auto-discovery/kubernetes/config/certmanager/certificate.yaml deleted file mode 100644 index 58db114f..00000000 --- a/auto-discovery/kubernetes/config/certmanager/certificate.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# The following manifests contain a self-signed issuer CR and a certificate CR. -# More document can be found at https://docs.cert-manager.io -# WARNING: Targets CertManager 0.11 check https://docs.cert-manager.io/en/latest/tasks/upgrading/index.html for -# breaking changes -apiVersion: cert-manager.io/v1alpha2 -kind: Issuer -metadata: - name: selfsigned-issuer - namespace: system -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1alpha2 -kind: Certificate -metadata: - name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml - namespace: system -spec: - # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize - dnsNames: - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local - issuerRef: - kind: Issuer - name: selfsigned-issuer - secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize diff --git a/auto-discovery/kubernetes/config/certmanager/kustomization.yaml b/auto-discovery/kubernetes/config/certmanager/kustomization.yaml deleted file mode 100644 index bebea5a5..00000000 --- a/auto-discovery/kubernetes/config/certmanager/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -resources: -- certificate.yaml - -configurations: -- kustomizeconfig.yaml diff --git a/auto-discovery/kubernetes/config/certmanager/kustomizeconfig.yaml b/auto-discovery/kubernetes/config/certmanager/kustomizeconfig.yaml deleted file mode 100644 index 90d7c313..00000000 --- a/auto-discovery/kubernetes/config/certmanager/kustomizeconfig.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# This configuration is for teaching kustomize how to update name ref and var substitution -nameReference: -- kind: Issuer - group: cert-manager.io - fieldSpecs: - - kind: Certificate - group: cert-manager.io - path: spec/issuerRef/name - -varReference: -- kind: Certificate - group: cert-manager.io - path: spec/commonName -- kind: Certificate - group: cert-manager.io - path: spec/dnsNames diff --git a/auto-discovery/kubernetes/config/default/kustomization.yaml b/auto-discovery/kubernetes/config/default/kustomization.yaml deleted file mode 100644 index 4d371fdb..00000000 --- a/auto-discovery/kubernetes/config/default/kustomization.yaml +++ /dev/null @@ -1,70 +0,0 @@ -# Adds namespace to all resources. -namespace: kubernetes-system - -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. -namePrefix: kubernetes- - -# Labels to add to all resources and selectors. -#commonLabels: -# someName: someValue - -bases: -- ../crd -- ../rbac -- ../manager -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- ../webhook -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. -#- ../certmanager -# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. -#- ../prometheus - -patchesStrategicMerge: - # Protect the /metrics endpoint by putting it behind auth. - # If you want your controller-manager to expose the /metrics - # endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml - -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- manager_webhook_patch.yaml - -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. -# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. -# 'CERTMANAGER' needs to be enabled to use ca injection -#- webhookcainjection_patch.yaml - -# the following config is for teaching kustomize how to do var substitution -vars: -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. -#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1alpha2 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldref: -# fieldpath: metadata.namespace -#- name: CERTIFICATE_NAME -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1alpha2 -# name: serving-cert # this name should match the one in certificate.yaml -#- name: SERVICE_NAMESPACE # namespace of the service -# objref: -# kind: Service -# version: v1 -# name: webhook-service -# fieldref: -# fieldpath: metadata.namespace -#- name: SERVICE_NAME -# objref: -# kind: Service -# version: v1 -# name: webhook-service diff --git a/auto-discovery/kubernetes/config/default/manager_auth_proxy_patch.yaml b/auto-discovery/kubernetes/config/default/manager_auth_proxy_patch.yaml deleted file mode 100644 index 77e743d1..00000000 --- a/auto-discovery/kubernetes/config/default/manager_auth_proxy_patch.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This patch inject a sidecar container which is a HTTP proxy for the -# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: kube-rbac-proxy - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=10" - ports: - - containerPort: 8443 - name: https - - name: manager - args: - - "--metrics-addr=127.0.0.1:8080" - - "--enable-leader-election" diff --git a/auto-discovery/kubernetes/config/default/manager_webhook_patch.yaml b/auto-discovery/kubernetes/config/default/manager_webhook_patch.yaml deleted file mode 100644 index 738de350..00000000 --- a/auto-discovery/kubernetes/config/default/manager_webhook_patch.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: webhook-server-cert diff --git a/auto-discovery/kubernetes/config/default/webhookcainjection_patch.yaml b/auto-discovery/kubernetes/config/default/webhookcainjection_patch.yaml deleted file mode 100644 index 7e79bf99..00000000 --- a/auto-discovery/kubernetes/config/default/webhookcainjection_patch.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# This patch add annotation to admission webhook config and -# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: mutating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: validating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/auto-discovery/kubernetes/config/manager/kustomization.yaml b/auto-discovery/kubernetes/config/manager/kustomization.yaml deleted file mode 100644 index 5c5f0b84..00000000 --- a/auto-discovery/kubernetes/config/manager/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- manager.yaml diff --git a/auto-discovery/kubernetes/config/manager/manager.yaml b/auto-discovery/kubernetes/config/manager/manager.yaml deleted file mode 100644 index b6c85a52..00000000 --- a/auto-discovery/kubernetes/config/manager/manager.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: controller-manager - name: system ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system - labels: - control-plane: controller-manager -spec: - selector: - matchLabels: - control-plane: controller-manager - replicas: 1 - template: - metadata: - labels: - control-plane: controller-manager - spec: - containers: - - command: - - /manager - args: - - --enable-leader-election - image: controller:latest - name: manager - resources: - limits: - cpu: 100m - memory: 30Mi - requests: - cpu: 100m - memory: 20Mi - terminationGracePeriodSeconds: 10 diff --git a/auto-discovery/kubernetes/config/prometheus/kustomization.yaml b/auto-discovery/kubernetes/config/prometheus/kustomization.yaml deleted file mode 100644 index ed137168..00000000 --- a/auto-discovery/kubernetes/config/prometheus/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- monitor.yaml diff --git a/auto-discovery/kubernetes/config/prometheus/monitor.yaml b/auto-discovery/kubernetes/config/prometheus/monitor.yaml deleted file mode 100644 index 9b8047b7..00000000 --- a/auto-discovery/kubernetes/config/prometheus/monitor.yaml +++ /dev/null @@ -1,16 +0,0 @@ - -# Prometheus Monitor Service (Metrics) -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - control-plane: controller-manager - name: controller-manager-metrics-monitor - namespace: system -spec: - endpoints: - - path: /metrics - port: https - selector: - matchLabels: - control-plane: controller-manager diff --git a/auto-discovery/kubernetes/config/rbac/auth_proxy_client_clusterrole.yaml b/auto-discovery/kubernetes/config/rbac/auth_proxy_client_clusterrole.yaml deleted file mode 100644 index 7d62534c..00000000 --- a/auto-discovery/kubernetes/config/rbac/auth_proxy_client_clusterrole.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: metrics-reader -rules: -- nonResourceURLs: ["/metrics"] - verbs: ["get"] diff --git a/auto-discovery/kubernetes/config/rbac/auth_proxy_role.yaml b/auto-discovery/kubernetes/config/rbac/auth_proxy_role.yaml deleted file mode 100644 index 618f5e41..00000000 --- a/auto-discovery/kubernetes/config/rbac/auth_proxy_role.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: proxy-role -rules: -- apiGroups: ["authentication.k8s.io"] - resources: - - tokenreviews - verbs: ["create"] -- apiGroups: ["authorization.k8s.io"] - resources: - - subjectaccessreviews - verbs: ["create"] diff --git a/auto-discovery/kubernetes/config/rbac/auth_proxy_role_binding.yaml b/auto-discovery/kubernetes/config/rbac/auth_proxy_role_binding.yaml deleted file mode 100644 index 48ed1e4b..00000000 --- a/auto-discovery/kubernetes/config/rbac/auth_proxy_role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: proxy-role -subjects: -- kind: ServiceAccount - name: default - namespace: system diff --git a/auto-discovery/kubernetes/config/rbac/auth_proxy_service.yaml b/auto-discovery/kubernetes/config/rbac/auth_proxy_service.yaml deleted file mode 100644 index 6cf656be..00000000 --- a/auto-discovery/kubernetes/config/rbac/auth_proxy_service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: controller-manager-metrics-service - namespace: system -spec: - ports: - - name: https - port: 8443 - targetPort: https - selector: - control-plane: controller-manager diff --git a/auto-discovery/kubernetes/config/rbac/kustomization.yaml b/auto-discovery/kubernetes/config/rbac/kustomization.yaml deleted file mode 100644 index 66c28338..00000000 --- a/auto-discovery/kubernetes/config/rbac/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ -resources: -- role.yaml -- role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml -# Comment the following 4 lines if you want to disable -# the auth proxy (https://github.com/brancz/kube-rbac-proxy) -# which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml -- auth_proxy_client_clusterrole.yaml diff --git a/auto-discovery/kubernetes/config/rbac/leader_election_role.yaml b/auto-discovery/kubernetes/config/rbac/leader_election_role.yaml deleted file mode 100644 index eaa79158..00000000 --- a/auto-discovery/kubernetes/config/rbac/leader_election_role.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# permissions to do leader election. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: leader-election-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps/status - verbs: - - get - - update - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create diff --git a/auto-discovery/kubernetes/config/rbac/leader_election_role_binding.yaml b/auto-discovery/kubernetes/config/rbac/leader_election_role_binding.yaml deleted file mode 100644 index eed16906..00000000 --- a/auto-discovery/kubernetes/config/rbac/leader_election_role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: leader-election-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: leader-election-role -subjects: -- kind: ServiceAccount - name: default - namespace: system diff --git a/auto-discovery/kubernetes/config/rbac/role.yaml b/auto-discovery/kubernetes/config/rbac/role.yaml deleted file mode 100644 index 62af5353..00000000 --- a/auto-discovery/kubernetes/config/rbac/role.yaml +++ /dev/null @@ -1,22 +0,0 @@ - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: manager-role -rules: -- apiGroups: - - networking - resources: - - ingress - verbs: - - get - - list - - watch -- apiGroups: - - networking - resources: - - ingress/status - verbs: - - get diff --git a/auto-discovery/kubernetes/config/rbac/role_binding.yaml b/auto-discovery/kubernetes/config/rbac/role_binding.yaml deleted file mode 100644 index 8f265870..00000000 --- a/auto-discovery/kubernetes/config/rbac/role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: manager-role -subjects: -- kind: ServiceAccount - name: default - namespace: system diff --git a/auto-discovery/kubernetes/config/webhook/kustomization.yaml b/auto-discovery/kubernetes/config/webhook/kustomization.yaml deleted file mode 100644 index 9cf26134..00000000 --- a/auto-discovery/kubernetes/config/webhook/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -resources: -- manifests.yaml -- service.yaml - -configurations: -- kustomizeconfig.yaml diff --git a/auto-discovery/kubernetes/config/webhook/kustomizeconfig.yaml b/auto-discovery/kubernetes/config/webhook/kustomizeconfig.yaml deleted file mode 100644 index 25e21e3c..00000000 --- a/auto-discovery/kubernetes/config/webhook/kustomizeconfig.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# the following config is for teaching kustomize where to look at when substituting vars. -# It requires kustomize v2.1.0 or newer to work properly. -nameReference: -- kind: Service - version: v1 - fieldSpecs: - - kind: MutatingWebhookConfiguration - group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/name - - kind: ValidatingWebhookConfiguration - group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/name - -namespace: -- kind: MutatingWebhookConfiguration - group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/namespace - create: true -- kind: ValidatingWebhookConfiguration - group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/namespace - create: true - -varReference: -- path: metadata/annotations diff --git a/auto-discovery/kubernetes/config/webhook/service.yaml b/auto-discovery/kubernetes/config/webhook/service.yaml deleted file mode 100644 index 31e0f829..00000000 --- a/auto-discovery/kubernetes/config/webhook/service.yaml +++ /dev/null @@ -1,12 +0,0 @@ - -apiVersion: v1 -kind: Service -metadata: - name: webhook-service - namespace: system -spec: - ports: - - port: 443 - targetPort: 9443 - selector: - control-plane: controller-manager diff --git a/auto-discovery/kubernetes/controllers/ingress_scan_controller.go b/auto-discovery/kubernetes/controllers/ingress_scan_controller.go deleted file mode 100644 index 76c3dd4d..00000000 --- a/auto-discovery/kubernetes/controllers/ingress_scan_controller.go +++ /dev/null @@ -1,202 +0,0 @@ -/* - - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controllers - -import ( - "context" - "fmt" - - "github.com/go-logr/logr" - targetsv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/targets/v1" - - networking "k8s.io/api/networking/v1beta1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/event" - "sigs.k8s.io/controller-runtime/pkg/predicate" -) - -// IngressScanReconciler reconciles a DeleteMe object -type IngressScanReconciler struct { - client.Client - Log logr.Logger - Scheme *runtime.Scheme -} - -var ( - ownerKey = ".metadata.controller" - apiGVStr = targetsv1.GroupVersion.String() -) - -// +kubebuilder:rbac:groups=networking,resources=ingress,verbs=get;list;watch -// +kubebuilder:rbac:groups=networking,resources=ingress/status,verbs=get - -// Reconcile compares the Ingress object against the state of the cluster and updates both if needed -func (r *IngressScanReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { - ctx := context.Background() - log := r.Log - - log.Info("Something happened to a ingress", "ingress", req.Name, "namespace", req.Namespace) - - var ingress networking.Ingress - if err := r.Get(ctx, req.NamespacedName, &ingress); err != nil { - // we'll ignore not-found errors, since they can't be fixed by an immediate - // requeue (we'll need to wait for a new notification), and we can get them - // on deleted requests. - log.V(7).Info("Unable to fetch Ingress") - return ctrl.Result{}, client.IgnoreNotFound(err) - } - - err := r.CreateOrUpdateTlsForHosts(ingress) - if err != nil { - return ctrl.Result{}, err - } - - return ctrl.Result{}, nil -} - -func (r *IngressScanReconciler) CreateOrUpdateTlsForHosts(ingress networking.Ingress) error { - if ingress.Spec.TLS == nil { - return nil - } - - for _, tlsConfig := range ingress.Spec.TLS { - for _, hostname := range tlsConfig.Hosts { - - var hostTargets targetsv1.HostList - - // Check if there is a target already, or create one - r.List( - context.Background(), - &hostTargets, - client.InNamespace(ingress.Namespace), - client.MatchingField(ownerKey, ingress.Name), - ) - r.Log.Info("Listed hosts", "Length", len(hostTargets.Items)) - - host := targetsv1.Host{} - - found := false - // Check if the ingress has a child Host with a matching Hostname - for _, hostItem := range hostTargets.Items { - r.Log.Info("Comparing Hostnames", "LoopyHostname", hostItem.Spec.Hostname, "IngressHostname", hostname) - if hostItem.Spec.Hostname == hostname { - r.Log.Info("Found Host") - found = true - host = hostItem - } - } - if found == false { - host.GenerateName = fmt.Sprintf("%s-", ingress.Name) - host.Namespace = ingress.Namespace - host.Spec.Hostname = hostname - host.Spec.Ports = make([]targetsv1.HostPort, 0) - - if err := ctrl.SetControllerReference(&ingress, &host, r.Scheme); err != nil { - return err - } - - err := r.Create(context.Background(), &host) - if err != nil { - r.Log.Error(err, "unable to create host") - return err - } - } - - containsHTTPSPort := false - if host.Spec.Ports == nil { - host.Spec.Ports = make([]targetsv1.HostPort, 0) - } - for _, port := range host.Spec.Ports { - if port.Port == 443 { - containsHTTPSPort = true - break - } - } - - if containsHTTPSPort == false { - httpsPort := targetsv1.HostPort{ - Type: "https", - Port: 443, - } - host.Spec.Ports = append(host.Spec.Ports, httpsPort) - - err := r.Update(context.Background(), &host) - if err != nil { - r.Log.Error(err, "Failed to add https port to target") - return err - } - } - } - } - - return nil -} - -// SetupWithManager sets up the controller and initializes every thing it needs -func (r *IngressScanReconciler) SetupWithManager(mgr ctrl.Manager) error { - if err := mgr.GetFieldIndexer().IndexField(&targetsv1.Host{}, ownerKey, func(rawObj runtime.Object) []string { - // grab the job object, extract the owner... - host := rawObj.(*targetsv1.Host) - owner := metav1.GetControllerOf(host) - if owner == nil { - return nil - } - // ...make sure it's a Host... - if owner.APIVersion != "networking.k8s.io/v1beta1" || owner.Kind != "Ingress" { - return nil - } - - // ...and if so, return it - return []string{owner.Name} - }); err != nil { - return err - } - - isInDemoNamespaceFilter := predicate.Funcs{ - CreateFunc: func(event event.CreateEvent) bool { - if val, ok := event.Meta.GetAnnotations()["auto-discovery.experimental.securecodebox.io/ignore"]; ok && val == "true" { - return false - } - return event.Meta.GetNamespace() == "juice-shop" || event.Meta.GetNamespace() == "bodgeit" - }, - DeleteFunc: func(event event.DeleteEvent) bool { - if val, ok := event.Meta.GetAnnotations()["auto-discovery.experimental.securecodebox.io/ignore"]; ok && val == "true" { - return false - } - return event.Meta.GetNamespace() == "juice-shop" || event.Meta.GetNamespace() == "bodgeit" - }, - UpdateFunc: func(event event.UpdateEvent) bool { - if val, ok := event.MetaNew.GetAnnotations()["auto-discovery.experimental.securecodebox.io/ignore"]; ok && val == "true" { - return false - } - return event.MetaNew.GetNamespace() == "juice-shop" || event.MetaNew.GetNamespace() == "bodgeit" - }, - GenericFunc: func(event event.GenericEvent) bool { - if val, ok := event.Meta.GetAnnotations()["auto-discovery.experimental.securecodebox.io/ignore"]; ok && val == "true" { - return false - } - return event.Meta.GetNamespace() == "juice-shop" || event.Meta.GetNamespace() == "bodgeit" - }, - } - - return ctrl.NewControllerManagedBy(mgr). - For(&networking.Ingress{}).WithEventFilter(isInDemoNamespaceFilter). - Complete(r) -} diff --git a/auto-discovery/kubernetes/controllers/suite_test.go b/auto-discovery/kubernetes/controllers/suite_test.go deleted file mode 100644 index e3184e08..00000000 --- a/auto-discovery/kubernetes/controllers/suite_test.go +++ /dev/null @@ -1,76 +0,0 @@ -/* - - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controllers - -import ( - "path/filepath" - "testing" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - "k8s.io/client-go/kubernetes/scheme" - "k8s.io/client-go/rest" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/envtest" - "sigs.k8s.io/controller-runtime/pkg/envtest/printer" - logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/log/zap" - // +kubebuilder:scaffold:imports -) - -// These tests use Ginkgo (BDD-style Go testing framework). Refer to -// http://onsi.github.io/ginkgo/ to learn more about Ginkgo. - -var cfg *rest.Config -var k8sClient client.Client -var testEnv *envtest.Environment - -func TestAPIs(t *testing.T) { - RegisterFailHandler(Fail) - - RunSpecsWithDefaultAndCustomReporters(t, - "Controller Suite", - []Reporter{printer.NewlineReporter{}}) -} - -var _ = BeforeSuite(func(done Done) { - logf.SetLogger(zap.LoggerTo(GinkgoWriter, true)) - - By("bootstrapping test environment") - testEnv = &envtest.Environment{ - CRDDirectoryPaths: []string{filepath.Join("..", "config", "crd", "bases")}, - } - - var err error - cfg, err = testEnv.Start() - Expect(err).ToNot(HaveOccurred()) - Expect(cfg).ToNot(BeNil()) - - // +kubebuilder:scaffold:scheme - - k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme}) - Expect(err).ToNot(HaveOccurred()) - Expect(k8sClient).ToNot(BeNil()) - - close(done) -}, 60) - -var _ = AfterSuite(func() { - By("tearing down the test environment") - err := testEnv.Stop() - Expect(err).ToNot(HaveOccurred()) -}) diff --git a/auto-discovery/kubernetes/go.mod b/auto-discovery/kubernetes/go.mod deleted file mode 100644 index cd684be0..00000000 --- a/auto-discovery/kubernetes/go.mod +++ /dev/null @@ -1,16 +0,0 @@ -module github.com/secureCodeBox/secureCodeBox-v2-alpha/auto-discovery/kubernetes - -go 1.13 - -require ( - github.com/go-logr/logr v0.1.0 - github.com/onsi/ginkgo v1.11.0 - github.com/onsi/gomega v1.8.1 - github.com/secureCodeBox/secureCodeBox-v2-alpha/operator v0.0.0 - k8s.io/api v0.17.2 - k8s.io/apimachinery v0.17.2 - k8s.io/client-go v0.17.2 - sigs.k8s.io/controller-runtime v0.5.2 -) - -replace github.com/secureCodeBox/secureCodeBox-v2-alpha/operator => ../../operator diff --git a/auto-discovery/kubernetes/go.sum b/auto-discovery/kubernetes/go.sum deleted file mode 100644 index b063e04c..00000000 --- a/auto-discovery/kubernetes/go.sum +++ /dev/null @@ -1,470 +0,0 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0 h1:ROfEUZz+Gh5pa62DJWXSaonyu3StP6EA6lPEXPI6mCo= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= -github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= -github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0= -github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA= -github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= -github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= -github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= -github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= -github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= -github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= -github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= -github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= -github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= -github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= -github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= -github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= -github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= -github.com/beorn7/perks v1.0.0 h1:HWo1m869IqiPhD389kmkxeTalrjNbbJTC8LXupb+sl0= -github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= -github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= -github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= -github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= -github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= -github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= -github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= -github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= -github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= -github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= -github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= -github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= -github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch v4.5.0+incompatible h1:ouOWdg56aJriqS0huScTkVXPC5IcNrDCXZ6OoTAWu7M= -github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= -github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= -github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= -github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= -github.com/go-logr/logr v0.1.0 h1:M1Tv3VzNlEHg6uyACnRdtrploV2P7wZqH8BoQMtz0cg= -github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= -github.com/go-logr/zapr v0.1.0 h1:h+WVe9j6HAA01niTJPA/kKH0i7e0rLZBCwauQFcRE54= -github.com/go-logr/zapr v0.1.0/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk= -github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI= -github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= -github.com/go-openapi/analysis v0.18.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= -github.com/go-openapi/analysis v0.19.2/go.mod h1:3P1osvZa9jKjb8ed2TPng3f0i/UY9snX6gxi44djMjk= -github.com/go-openapi/analysis v0.19.5/go.mod h1:hkEAkxagaIvIP7VTn8ygJNkd4kAYON2rCu0v0ObL0AU= -github.com/go-openapi/errors v0.17.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0= -github.com/go-openapi/errors v0.18.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0= -github.com/go-openapi/errors v0.19.2/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94= -github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= -github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= -github.com/go-openapi/jsonpointer v0.18.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= -github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= -github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= -github.com/go-openapi/jsonreference v0.17.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= -github.com/go-openapi/jsonreference v0.18.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= -github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= -github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= -github.com/go-openapi/loads v0.17.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= -github.com/go-openapi/loads v0.18.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= -github.com/go-openapi/loads v0.19.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= -github.com/go-openapi/loads v0.19.2/go.mod h1:QAskZPMX5V0C2gvfkGZzJlINuP7Hx/4+ix5jWFxsNPs= -github.com/go-openapi/loads v0.19.4/go.mod h1:zZVHonKd8DXyxyw4yfnVjPzBjIQcLt0CCsn0N0ZrQsk= -github.com/go-openapi/runtime v0.0.0-20180920151709-4f900dc2ade9/go.mod h1:6v9a6LTXWQCdL8k1AO3cvqx5OtZY/Y9wKTgaoP6YRfA= -github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt4sK4FXt0O64= -github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4= -github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= -github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= -github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= -github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY= -github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo= -github.com/go-openapi/strfmt v0.17.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU= -github.com/go-openapi/strfmt v0.18.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU= -github.com/go-openapi/strfmt v0.19.0/go.mod h1:+uW+93UVvGGq2qGaZxdDeJqSAqBqBdl+ZPMF/cC8nDY= -github.com/go-openapi/strfmt v0.19.3/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6+bY1AVL9LU= -github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= -github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= -github.com/go-openapi/swag v0.18.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= -github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4= -github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA= -github.com/go-openapi/validate v0.19.5/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4= -github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d h1:3PaI8p3seN09VjbTYC/QWlUZdZ1qS1zGjy7LH2Wt07I= -github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20180513044358-24b0969c4cb7 h1:u4bArs140e9+AfE52mFHOXVFnOSBJBRlzTHrOPLOIhE= -github.com/golang/groupcache v0.0.0-20180513044358-24b0969c4cb7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef h1:veQD95Isof8w9/WXiA+pa3tz3fJXkt5B7QaRBrM62gk= -github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= -github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= -github.com/googleapis/gnostic v0.3.1 h1:WeAefnSUHlBb0iJKwxFDZdbfGwkd7xRNuV+IpXMJhYk= -github.com/googleapis/gnostic v0.3.1/go.mod h1:on+2t9HRStVgn95RSsFWFz+6Q0Snyqv1awfrALZdbtU= -github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= -github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= -github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= -github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= -github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= -github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= -github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok= -github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= -github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= -github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= -github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= -github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= -github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= -github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= -github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= -github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/minio/minio-go/v6 v6.0.50/go.mod h1:qD0lajrGW49lKZLtXKtCB4X/qkMf0a5tBvN2PaZg7Gg= -github.com/minio/sha256-simd v0.1.1/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM= -github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI= -github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= -github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw= -github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= -github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.8.1 h1:C5Dqfs/LeauYDX0jJXIe2SWmwCbGzx9yF8C8xy3Lh34= -github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= -github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= -github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= -github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= -github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= -github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v1.0.0 h1:vrDKnkGzuGvhNAL56c7DBz29ZL+KxnoR0x7enabFceM= -github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= -github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90 h1:S/YWwWx/RA8rT8tKFRuGUZhuA90OyIBpPCXkcbwU8DE= -github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/common v0.4.1 h1:K0MGApIoQvMw27RTdJkPbr3JZ7DNbtxQNyi5STVM6Kw= -github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.2 h1:6LJUbpNm42llc4HRCuvApCSWB/WfhuNo9K98Q9sNGfs= -github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= -github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= -github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/secureCodeBox/secureCodeBox-v2-alpha v0.0.0-20200421122123-57178734d6e9 h1:S/FoesxDuE1/lj2iYpCgPdJXj4Gqe81BfuzTao+kIng= -github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= -github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= -github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= -github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= -github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= -github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= -github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= -github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= -github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= -github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= -github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= -github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= -github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= -github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= -github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw= -github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= -github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= -go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= -go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= -go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= -go.mongodb.org/mongo-driver v1.1.2/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.uber.org/atomic v1.3.2 h1:2Oa65PReHzfn29GpvgsYwloV9AVFHPDk8tYxt2c2tr4= -go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/multierr v1.1.0 h1:HoEmRHQPVSqub6w2z2d2EOVs2fjyFRGyofhKuyDq0QI= -go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= -go.uber.org/zap v1.10.0 h1:ORx85nbTijNz8ljznvCMR1ZBIPKFn3jQrag10X2AsuM= -go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= -golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586 h1:7KByu05hhLed2MO29w7p1XfZvZ13m8mub3shuVftRs0= -golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190320064053-1272bf9dcd53/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191004110552-13f9640d40b9 h1:rjwSpXsdiK0dV8/Naq3kAw9ymfAeJIyd0upUIElB+lI= -golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190321052220-f7bb7a8bee54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456 h1:ng0gs1AKnRRuEMZoTLLlbOd+C17zUDepwGQBb/n+JVg= -golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190922100055-0a153f010e69 h1:rOhMmluY6kLMhdnrivzec6lLgaVbMHMn2ISQXJeJ5EM= -golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190125232054-d66bd3c5d5a6/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 h1:9zdDQZ7Thm29KFXgAX/+yaf3eVbP7djjWp/dXAppNCc= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -gomodules.xyz/jsonpatch/v2 v2.0.1 h1:xyiBuvkD2g5n7cYzx6u2sxQvsAy4QJsZFCzGVdzOXZ0= -gomodules.xyz/jsonpatch/v2 v2.0.1/go.mod h1:IhYNNY4jnS53ZnfE4PAmpKtDpTCj1JFXc+3mwe7XcUU= -gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0= -gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= -gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0 h1:KxkO13IPW4Lslp2bz+KHP2E3gtFlrIGNThxkZQ3g+4c= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= -gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= -gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= -gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= -gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= -gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= -gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= -gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= -gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.7 h1:VUgggvou5XRW9mHwD/yXxIYSMtY0zoKQf/v226p2nyo= -gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.17.2 h1:NF1UFXcKN7/OOv1uxdRz3qfra8AHsPav5M93hlV9+Dc= -k8s.io/api v0.17.2/go.mod h1:BS9fjjLc4CMuqfSO8vgbHPKMt5+SF0ET6u/RVDihTo4= -k8s.io/apiextensions-apiserver v0.17.2 h1:cP579D2hSZNuO/rZj9XFRzwJNYb41DbNANJb6Kolpss= -k8s.io/apiextensions-apiserver v0.17.2/go.mod h1:4KdMpjkEjjDI2pPfBA15OscyNldHWdBCfsWMDWAmSTs= -k8s.io/apimachinery v0.17.2 h1:hwDQQFbdRlpnnsR64Asdi55GyCaIP/3WQpMmbNBeWr4= -k8s.io/apimachinery v0.17.2/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg= -k8s.io/apiserver v0.17.2/go.mod h1:lBmw/TtQdtxvrTk0e2cgtOxHizXI+d0mmGQURIHQZlo= -k8s.io/client-go v0.17.2 h1:ndIfkfXEGrNhLIgkr0+qhRguSD3u6DCmonepn1O6NYc= -k8s.io/client-go v0.17.2/go.mod h1:QAzRgsa0C2xl4/eVpeVAZMvikCn8Nm81yqVx3Kk9XYI= -k8s.io/code-generator v0.17.2/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s= -k8s.io/component-base v0.17.2/go.mod h1:zMPW3g5aH7cHJpKYQ/ZsGMcgbsA/VyhEugF3QT1awLs= -k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= -k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= -k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= -k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= -k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= -k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= -k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a h1:UcxjrRMyNx/i/y8G7kPvLyy7rfbeuf1PYyBf973pgyU= -k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E= -k8s.io/utils v0.0.0-20191114184206-e782cd3c129f h1:GiPwtSzdP43eI1hpPCbROQCCIgCuiMMNF8YUVLF3vJo= -k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= -modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw= -modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= -modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k= -modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs= -modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I= -sigs.k8s.io/controller-runtime v0.5.0 h1:CbqIy5fbUX+4E9bpnBFd204YAzRYlM9SWW77BbrcDQo= -sigs.k8s.io/controller-runtime v0.5.0/go.mod h1:REiJzC7Y00U+2YkMbT8wxgrsX5USpXKGhb2sCtAXiT8= -sigs.k8s.io/controller-runtime v0.5.2 h1:pyXbUfoTo+HA3jeIfr0vgi+1WtmNh0CwlcnQGLXwsSw= -sigs.k8s.io/controller-runtime v0.5.2/go.mod h1:JZUwSMVbxDupo0lTJSSFP5pimEyxGynROImSsqIOx1A= -sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI= -sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06/go.mod h1:/ULNhyfzRopfcjskuui0cTITekDduZ7ycKN3oUT9R18= -sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs= -sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= diff --git a/auto-discovery/kubernetes/hack/boilerplate.go.txt b/auto-discovery/kubernetes/hack/boilerplate.go.txt deleted file mode 100644 index 767efde9..00000000 --- a/auto-discovery/kubernetes/hack/boilerplate.go.txt +++ /dev/null @@ -1,15 +0,0 @@ -/* - - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ \ No newline at end of file diff --git a/auto-discovery/kubernetes/main.go b/auto-discovery/kubernetes/main.go deleted file mode 100644 index c34bd899..00000000 --- a/auto-discovery/kubernetes/main.go +++ /dev/null @@ -1,86 +0,0 @@ -/* - - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package main - -import ( - "flag" - "os" - - "k8s.io/apimachinery/pkg/runtime" - clientgoscheme "k8s.io/client-go/kubernetes/scheme" - _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" - ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/log/zap" - - "github.com/secureCodeBox/secureCodeBox-v2-alpha/auto-discovery/kubernetes/controllers" - - targetsv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/targets/v1" - // +kubebuilder:scaffold:imports -) - -var ( - scheme = runtime.NewScheme() - setupLog = ctrl.Log.WithName("setup") -) - -func init() { - _ = clientgoscheme.AddToScheme(scheme) - - _ = targetsv1.AddToScheme(scheme) - - // +kubebuilder:scaffold:scheme -} - -func main() { - var metricsAddr string - var enableLeaderElection bool - flag.StringVar(&metricsAddr, "metrics-addr", ":8081", "The address the metric endpoint binds to.") - flag.BoolVar(&enableLeaderElection, "enable-leader-election", false, - "Enable leader election for controller manager. "+ - "Enabling this will ensure there is only one active controller manager.") - flag.Parse() - - ctrl.SetLogger(zap.New(zap.UseDevMode(true))) - - mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ - Scheme: scheme, - MetricsBindAddress: metricsAddr, - Port: 9443, - LeaderElection: enableLeaderElection, - LeaderElectionID: "0c9fa8fa.my.domain", - }) - if err != nil { - setupLog.Error(err, "unable to start manager") - os.Exit(1) - } - - if err = (&controllers.IngressScanReconciler{ - Client: mgr.GetClient(), - Log: ctrl.Log.WithName("controllers").WithName("IngressScanController"), - Scheme: mgr.GetScheme(), - }).SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "DeleteMe") - os.Exit(1) - } - // +kubebuilder:scaffold:builder - - setupLog.Info("starting manager") - if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { - setupLog.Error(err, "problem running manager") - os.Exit(1) - } -} diff --git a/auto-discovery/readme.md b/auto-discovery/readme.md deleted file mode 100644 index 9aba2beb..00000000 --- a/auto-discovery/readme.md +++ /dev/null @@ -1,16 +0,0 @@ -# secureCodeBox Auto-Discovery - -> Disclaimer: This concept is currently undergoing first tests, things might still change drastically. - -The Auto Discovery Services monitor security relevant resources inside a cloud environment and automatically create scans to continuously monitor security aspects of the resources. We aim to eventually support most mayor cloud providers, like AWS, GCP and Azure, but also runtime environments on top of these, primarily kubernetes. - -## Example - -A developer deploys an app to a kubernetes cluster where the secureCodeBox and the kubernetes cloud integration for the secureCodeBox is installed. They create an Deployment for their application container and a Ingress to expose the application to the world. - -The kubernetes cloud integration service will automatically detect these new resources and start scans for them. -The scans it would start: - -1. A image scan scanning for vulnerable libraries in the docker / container image of the deployment. (Using trivy) -2. A TLS Scan against the certificate of the ingress for the host. (Using SSLyze) -3. A ZAP Baseline Scan to detect basic web vulnerabilities in the service. (Using OWASP ZAP) diff --git a/docs/adr/adr_0002.adoc b/docs/adr/adr_0002.adoc new file mode 100644 index 00000000..7069f35a --- /dev/null +++ b/docs/adr/adr_0002.adoc @@ -0,0 +1,182 @@ +[[ADR-0002]] += ADR-0002: How can we introduce a mechanism to start specialized scans on the results of previous scans? + +[cols="h,d",grid=rows,frame=none,stripes=none,caption="Status",%autowidth] +|==== + +| Status +| ACCEPTED + +| Date +| 2020-05-20 + +| Author(s) +| Jannik Hollenbach , + Robert Seedorff , + Sven Strittmatter +|==== + +== Context + +=== Status Quo + +Currently scans by the secureCodeBox are single focused on a specific tool. +Combining multiple scans requires manual or scripting by the user to use the results of a scan (e.g. Nmap) as a input for another scanner (e.g. SSLyze) + +=== Problem and Question + +How can the results of a scan be used to automatically configure subsequent specialized scans for identified targets. + +In general we want to describe cascading scans like: + +``` ++--------+ +--------+ +--------+ +| scan 1 |-- result -->| scan 2 |-- result -->| scan 3 | ++--------+ +--------+ | +--------+ + | + | +--------+ + +---->| scan 4 | + +--------+ +```` + +A concrete example: + +``` ++----------------+ +-----------------+ +-----------+ +| <> | | <> | | <> | +| find all hosts |-- IP -->| find open ports |-- port 443 -->| check TLS | ++----------------+ +-----------------+ | +-----------+ + | + | +-------------+ + | | <> | + +------->| check HTTPd | + +-------------+ +``` + +The solution should fulfill the following criteria: + +- The "rules" used to describe which subsequent scans can be executed should be modular, so that they can be packaged together with the scan types. +- It should be possible for a user to select which scan rules should be applied +- Protections should be in place to ensure that the clusters are not completely overwhelmed by these automatically created scans. Especially circular structures which create a infinite number of scans should be prevented. + +== Decision + +It was decided to implement these rules as Custom Resource Definitions (CRDs) in Kubernetes. +This allows the Helm Charts of the scanners to package related rules for the scanner together with their ScanTypes. + +=== Defining CascadingRule + +The so called "CascadingRules" consist of a "matches" section which contains one or multiple rules which are compared against findings. +When a finding matches a rule the "scanSpec" section will then be used to create a new scan. +To customize the scan to match the finding, the [mustache](https://github.com/janl/mustache.js) templating language can be used to reference fields of the finding. + +```yaml +apiVersion: "cascading.experimental.securecodebox.io/v1" +kind: CascadingRule +metadata: + name: "tls-scans" + labels: + # Described how "invasive" the scan is. + # Possible values: "invasive" or "non-invasive" + # CascadingRules are considered "invasive" when the Scan they start actively sends out packages with attack payloads. + securecodebox.io/invasive: non-invasive + # Described the intensiveness level on a scanning and computational resource level. + # Possible values: "ligh", "medium", "intense" + # CascadingRules are considered more "intensive" when the Scan they start consumes lots of computational resources like RAM, CPU, or Network + securecodebox.io/intensive: light +spec: + matches: + # CascadingRule triggers if a finding matches at least one of the anyOf matchers + # With the first version of this implementation only anyOf would be supported. + # If this turns out to be lacking and other operators (like `allOf` can be introduced without breaking changes) + anyOf: + # define an explicit "port" as finding and a given port number + - category: "Open Port" + attributes: + port: 443 + service: "https" + # define an "port service" finding (any port) + - category: "Open Port" + attributes: + service: "https" + scanSpec: + name: "sslyze" + parameters: ["--regular", "{{attributes.hostname}}"] +``` + +=== Using CascadingRules + +By default no cascading Rules will be used. + +```yaml +# Nmap Scan without cascading rules +apiVersion: "execution.experimental.securecodebox.io/v1" +kind: Scan +metadata: + name: "portscan-berlin-wifi" + label: + office: berlin + vlan: wifi +spec: + name: "nmap" + parameters: ["-sV", "10.42.0.0/16"] +``` + +To enable cascading rules you need to specify a label selector to select the cascading rules you'd like + +```yaml +apiVersion: "execution.experimental.securecodebox.io/v1" +kind: Scan +metadata: + name: "portscan-berlin-wifi" + label: + office: berlin + vlan: wifi +spec: + cascades: + matchLabels: + # Uses all CascadingRules in the namespace which are labelled as "non-invasive" and a intensiveness level of "light" + securecodebox.io/invasive: non-invasive + securecodebox.io/intensive: light + name: "nmap" + parameters: ["-sV", "10.42.0.0/16"] +``` + +To implicitly enable all cascading rules (not-recommended) a empty label selector can be used + +```yaml +apiVersion: "execution.experimental.securecodebox.io/v1" +kind: Scan +metadata: + name: "portscan-berlin-wifi" + label: + office: berlin + vlan: wifi +spec: + cascades: + # Uses all `CascadingRules` in the namespace + matchLabels: {} + name: "nmap" + parameters: ["-sV", "10.42.0.0/16"] +``` + +The label selectors also allow the more powerful [matchExpression](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#set-based-requirement) selectors: + +```yaml +apiVersion: "execution.experimental.securecodebox.io/v1" +kind: Scan +metadata: + name: "example.com" +spec: + scanType: nmap + parameters: + - -p22,80,443 + - example.com + cascades: + # Using matchExpression instead of matchLabels + matchExpression: + key: "securecodebox.io/intensive" + operator: In + # This select both light and medium intensity rules + values: [light, medium] +``` diff --git a/hooks/declarative-subsequent-scans/templates/NOTES.txt b/hooks/declarative-subsequent-scans/templates/NOTES.txt index 5b163957..0e06e84a 100644 --- a/hooks/declarative-subsequent-scans/templates/NOTES.txt +++ b/hooks/declarative-subsequent-scans/templates/NOTES.txt @@ -10,4 +10,4 @@ $ kubectl get cascadingrules You need to explicitly turn on scan cascading for every scan you use. You can do that by setting a label selector which matches all rules you want to use. -Find out more, on the docs: TODO(https://github.com/secureCodeBox/secureCodeBox-v2-alpha/issues/46) \ No newline at end of file +Find out more, on the docs: TODO(https://github.com/secureCodeBox/secureCodeBox-v2/issues/46) \ No newline at end of file diff --git a/lurcher/Dockerfile b/lurcher/Dockerfile index 5e55aab5..38d1d11b 100644 --- a/lurcher/Dockerfile +++ b/lurcher/Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM golang:1.13 as builder +FROM golang:1.15 as builder WORKDIR /workspace # Copy the Go Modules manifests @@ -20,7 +20,6 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o lurcher FROM gcr.io/distroless/static:nonroot WORKDIR / COPY --from=builder /workspace/lurcher . -COPY result.xml /home/securecodebox/result.xml USER nonroot:nonroot ENTRYPOINT ["/lurcher"] diff --git a/lurcher/go.mod b/lurcher/go.mod index eea3bcf0..432b7b95 100644 --- a/lurcher/go.mod +++ b/lurcher/go.mod @@ -1,6 +1,6 @@ -module github.com/secureCodeBox/secureCodeBox-v2-alpha/lurcher +module github.com/secureCodeBox/secureCodeBox-v2/lurcher -go 1.13 +go 1.15 require ( k8s.io/apimachinery v0.0.0-20191028221656-72ed19daf4bb diff --git a/lurcher/job.yaml b/lurcher/job.yaml deleted file mode 100644 index 3aa24783..00000000 --- a/lurcher/job.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: lurcher-test -spec: - backoffLimit: 4 - template: - spec: - restartPolicy: Never - containers: - - name: primary - image: alpine - command: ["sleep", "5"] - - name: lurcher - image: scbexperimental - imagePullPolicy: IfNotPresent - args: - - "--container" - - "primary" - - "--file" - - "/home/securecodebox/result.xml" - - "--url" - # This URL has been expired for quite some time ;) To test this you'll need to generate a new one. - - "https://fra1.digitaloceanspaces.com/securecodebox/scan/result.xml?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=NWN2DEMTNFQUTQB5SZ6A%2F20200312%2Ffra1%2Fs3%2Faws4_request&X-Amz-Date=20200312T180859Z&X-Amz-Expires=43200&X-Amz-SignedHeaders=host&X-Amz-Signature=852dc4576ff5b6195b9f6a7dd49851cc701a2fb59fb23db6e7c7913f412f0460" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: lurcher ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: "default" - name: lurcher -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: lurcher - namespace: default -subjects: - - kind: ServiceAccount - name: lurcher -roleRef: - kind: Role - name: lurcher - apiGroup: rbac.authorization.k8s.io diff --git a/lurcher/result.xml b/lurcher/result.xml deleted file mode 100644 index b364cd36..00000000 --- a/lurcher/result.xml +++ /dev/null @@ -1 +0,0 @@ - diff --git a/operator/Dockerfile b/operator/Dockerfile index 34d572b9..202cb7df 100644 --- a/operator/Dockerfile +++ b/operator/Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM golang:1.13 as builder +FROM golang:1.15 as builder WORKDIR /workspace # Copy the Go Modules manifests diff --git a/operator/PROJECT b/operator/PROJECT index a0c68343..20f5bd19 100644 --- a/operator/PROJECT +++ b/operator/PROJECT @@ -1,6 +1,6 @@ domain: experimental.securecodebox.io multigroup: true -repo: github.com/secureCodeBox/secureCodeBox-v2-alpha +repo: github.com/secureCodeBox/secureCodeBox-v2 resources: - group: execution kind: Scan diff --git a/operator/apis/cascading/v1/cascadingrule_types.go b/operator/apis/cascading/v1/cascadingrule_types.go index 2115bf0d..b1de37eb 100644 --- a/operator/apis/cascading/v1/cascadingrule_types.go +++ b/operator/apis/cascading/v1/cascadingrule_types.go @@ -17,7 +17,7 @@ limitations under the License. package v1 import ( - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" ) diff --git a/operator/apis/targets/v1/groupversion_info.go b/operator/apis/targets/v1/groupversion_info.go deleted file mode 100644 index f81c0a2f..00000000 --- a/operator/apis/targets/v1/groupversion_info.go +++ /dev/null @@ -1,36 +0,0 @@ -/* -Copyright 2020 iteratec GmbH. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Package v1 contains API Schema definitions for the targets v1 API group -// +kubebuilder:object:generate=true -// +groupName=targets.experimental.securecodebox.io -package v1 - -import ( - "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/controller-runtime/pkg/scheme" -) - -var ( - // GroupVersion is group version used to register these objects - GroupVersion = schema.GroupVersion{Group: "targets.experimental.securecodebox.io", Version: "v1"} - - // SchemeBuilder is used to add go types to the GroupVersionKind scheme - SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} - - // AddToScheme adds the types in this group-version to the given scheme. - AddToScheme = SchemeBuilder.AddToScheme -) diff --git a/operator/apis/targets/v1/host_types.go b/operator/apis/targets/v1/host_types.go deleted file mode 100644 index 47b0fea6..00000000 --- a/operator/apis/targets/v1/host_types.go +++ /dev/null @@ -1,82 +0,0 @@ -/* -Copyright 2020 iteratec GmbH. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! -// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. - -// HostSpec defines the desired state of Host -type HostSpec struct { - // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - // Important: Run "make" to regenerate code after modifying this file - - // Hostname contains the dns name of the host - // TODO: Add an IPAddress Field - Hostname string `json:"hostname"` - - Ports []HostPort `json:"ports"` -} - -// HostPort describes a Port of a Host -type HostPort struct { - Type string `json:"type"` - // The port number - // +kubebuilder:validation:Minimum=0 - // +kubebuilder:validation:Maximun=65536 - Port int32 `json:"port" protobuf:"varint,2,opt,name=port"` -} - -// HostStatus defines the observed state of Host -type HostStatus struct { - // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - // Important: Run "make" to regenerate code after modifying this file - - Findings executionv1.FindingStats `json:"findings,omitempty"` -} - -// +kubebuilder:object:root=true -// +kubebuilder:subresource:status -// +kubebuilder:printcolumn:name="Hostname",type=string,JSONPath=`.spec.hostname` -// +kubebuilder:printcolumn:name="Ports",type=string,JSONPath=`.spec.ports`,description="Ports of the Host" -// +kubebuilder:printcolumn:name="Findings",type=string,JSONPath=`.status.findings.count`,description="Total Finding Count" - -// Host is the Schema for the hosts API -type Host struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - Spec HostSpec `json:"spec,omitempty"` - Status HostStatus `json:"status,omitempty"` -} - -// +kubebuilder:object:root=true - -// HostList contains a list of Host -type HostList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []Host `json:"items"` -} - -func init() { - SchemeBuilder.Register(&Host{}, &HostList{}) -} diff --git a/operator/apis/targets/v1/zz_generated.deepcopy.go b/operator/apis/targets/v1/zz_generated.deepcopy.go deleted file mode 100644 index 03c8fc67..00000000 --- a/operator/apis/targets/v1/zz_generated.deepcopy.go +++ /dev/null @@ -1,135 +0,0 @@ -// +build !ignore_autogenerated - -/* -Copyright 2020 iteratec GmbH. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by controller-gen. DO NOT EDIT. - -package v1 - -import ( - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Host) DeepCopyInto(out *Host) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Host. -func (in *Host) DeepCopy() *Host { - if in == nil { - return nil - } - out := new(Host) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Host) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HostList) DeepCopyInto(out *HostList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Host, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostList. -func (in *HostList) DeepCopy() *HostList { - if in == nil { - return nil - } - out := new(HostList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *HostList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HostPort) DeepCopyInto(out *HostPort) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostPort. -func (in *HostPort) DeepCopy() *HostPort { - if in == nil { - return nil - } - out := new(HostPort) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HostSpec) DeepCopyInto(out *HostSpec) { - *out = *in - if in.Ports != nil { - in, out := &in.Ports, &out.Ports - *out = make([]HostPort, len(*in)) - copy(*out, *in) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostSpec. -func (in *HostSpec) DeepCopy() *HostSpec { - if in == nil { - return nil - } - out := new(HostSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *HostStatus) DeepCopyInto(out *HostStatus) { - *out = *in - in.Findings.DeepCopyInto(&out.Findings) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostStatus. -func (in *HostStatus) DeepCopy() *HostStatus { - if in == nil { - return nil - } - out := new(HostStatus) - in.DeepCopyInto(out) - return out -} diff --git a/operator/config/crd/bases/targets.experimental.securecodebox.io_hosts.yaml b/operator/config/crd/bases/targets.experimental.securecodebox.io_hosts.yaml deleted file mode 100644 index 4079b62c..00000000 --- a/operator/config/crd/bases/targets.experimental.securecodebox.io_hosts.yaml +++ /dev/null @@ -1,124 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.2.4 - creationTimestamp: null - name: hosts.targets.experimental.securecodebox.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.hostname - name: Hostname - type: string - - JSONPath: .spec.ports - description: Ports of the Host - name: Ports - type: string - - JSONPath: .status.findings.count - description: Total Finding Count - name: Findings - type: string - group: targets.experimental.securecodebox.io - names: - kind: Host - listKind: HostList - plural: hosts - singular: host - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Host is the Schema for the hosts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HostSpec defines the desired state of Host - properties: - hostname: - description: 'Hostname contains the dns name of the host TODO: Add an - IPAddress Field' - type: string - ports: - items: - description: HostPort describes a Port of a Host - properties: - port: - description: The port number - format: int32 - minimum: 0 - type: integer - type: - type: string - required: - - port - - type - type: object - type: array - required: - - hostname - - ports - type: object - status: - description: HostStatus defines the observed state of Host - properties: - findings: - description: FindingStats contains the general stats about the results - of the scan - properties: - categories: - additionalProperties: - format: int64 - type: integer - description: FindingCategories indicates the count of finding broken - down by their categories - type: object - count: - description: Count indicates how many findings were identified in - total - format: int64 - type: integer - severities: - description: FindingSeverities indicates the count of finding with - the respective severity - properties: - high: - format: int64 - type: integer - informational: - format: int64 - type: integer - low: - format: int64 - type: integer - medium: - format: int64 - type: integer - type: object - type: object - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/operator/config/crd/patches/cainjection_in_hosts.yaml b/operator/config/crd/patches/cainjection_in_hosts.yaml deleted file mode 100644 index 356ddfed..00000000 --- a/operator/config/crd/patches/cainjection_in_hosts.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) - name: hosts.targets.experimental.securecodebox.io diff --git a/operator/config/rbac/role.yaml b/operator/config/rbac/role.yaml index b1bd525a..1762d5b9 100644 --- a/operator/config/rbac/role.yaml +++ b/operator/config/rbac/role.yaml @@ -115,23 +115,3 @@ rules: - get - list - watch -- apiGroups: - - targets.experimental.securecodebox.io - resources: - - hosts - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - targets.experimental.securecodebox.io - resources: - - hosts/status - verbs: - - get - - patch - - update diff --git a/operator/controllers/execution/scans/hook_reconciler.go b/operator/controllers/execution/scans/hook_reconciler.go index c7aee9f1..899cf15c 100644 --- a/operator/controllers/execution/scans/hook_reconciler.go +++ b/operator/controllers/execution/scans/hook_reconciler.go @@ -4,8 +4,8 @@ import ( "context" "fmt" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" - util "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/utils" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" + util "github.com/secureCodeBox/secureCodeBox-v2/operator/utils" batch "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" diff --git a/operator/controllers/execution/scans/job.go b/operator/controllers/execution/scans/job.go index c1ccb3aa..2f202ea3 100644 --- a/operator/controllers/execution/scans/job.go +++ b/operator/controllers/execution/scans/job.go @@ -3,7 +3,7 @@ package scancontrollers import ( "context" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" batch "k8s.io/api/batch/v1" "sigs.k8s.io/controller-runtime/pkg/client" ) diff --git a/operator/controllers/execution/scans/parse_reconciler.go b/operator/controllers/execution/scans/parse_reconciler.go index b3022b9d..bed741a8 100644 --- a/operator/controllers/execution/scans/parse_reconciler.go +++ b/operator/controllers/execution/scans/parse_reconciler.go @@ -5,8 +5,8 @@ import ( "fmt" "strings" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" - util "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/utils" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" + util "github.com/secureCodeBox/secureCodeBox-v2/operator/utils" batch "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" diff --git a/operator/controllers/execution/scans/scan_controller.go b/operator/controllers/execution/scans/scan_controller.go index ae543dab..1755147d 100644 --- a/operator/controllers/execution/scans/scan_controller.go +++ b/operator/controllers/execution/scans/scan_controller.go @@ -32,7 +32,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "github.com/minio/minio-go/v6" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" ) // ScanReconciler reconciles a Scan object diff --git a/operator/controllers/execution/scans/scan_reconciler.go b/operator/controllers/execution/scans/scan_reconciler.go index 2e3b6e6d..2f10da56 100644 --- a/operator/controllers/execution/scans/scan_reconciler.go +++ b/operator/controllers/execution/scans/scan_reconciler.go @@ -8,8 +8,8 @@ import ( "path/filepath" "strings" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" - util "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/utils" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" + util "github.com/secureCodeBox/secureCodeBox-v2/operator/utils" batch "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" diff --git a/operator/controllers/execution/scheduledscan_controller.go b/operator/controllers/execution/scheduledscan_controller.go index cb676b97..b1a29446 100644 --- a/operator/controllers/execution/scheduledscan_controller.go +++ b/operator/controllers/execution/scheduledscan_controller.go @@ -29,7 +29,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" ) var ( diff --git a/operator/controllers/execution/suite_test.go b/operator/controllers/execution/suite_test.go index d7a043a9..b71e8cba 100644 --- a/operator/controllers/execution/suite_test.go +++ b/operator/controllers/execution/suite_test.go @@ -30,7 +30,7 @@ import ( logf "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/log/zap" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" // +kubebuilder:scaffold:imports ) diff --git a/operator/controllers/targets/host_controller.go b/operator/controllers/targets/host_controller.go deleted file mode 100644 index 9ac2c2f5..00000000 --- a/operator/controllers/targets/host_controller.go +++ /dev/null @@ -1,236 +0,0 @@ -/* -Copyright 2020 iteratec GmbH. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controllers - -import ( - "context" - "fmt" - "reflect" - "time" - - "github.com/go-logr/logr" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" - ctrl "sigs.k8s.io/controller-runtime" - - "sigs.k8s.io/controller-runtime/pkg/client" - - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" - targetsv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/targets/v1" -) - -var ( - ownerKey = ".metadata.controller" - apiGVStr = targetsv1.GroupVersion.String() -) - -// HostReconciler reconciles a Host object -type HostReconciler struct { - client.Client - Log logr.Logger - Scheme *runtime.Scheme -} - -type ScanTemplates struct { - Port int32 - Type string - ScanSpec executionv1.ScanSpec -} - -// +kubebuilder:rbac:groups=targets.experimental.securecodebox.io,resources=hosts,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=targets.experimental.securecodebox.io,resources=hosts/status,verbs=get;update;patch -// +kubebuilder:rbac:groups=execution.experimental.securecodebox.io,resources=scheduledscans,verbs=get;list;create -// +kubebuilder:rbac:groups=execution.experimental.securecodebox.io,resources=scheduledscans/status,verbs=get - -// Reconcile comapares the Host Resource with the State of the Cluster and updates both accordingly -func (r *HostReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { - ctx := context.Background() - log := r.Log.WithValues("host", req.NamespacedName) - - var host targetsv1.Host - if err := r.Get(ctx, req.NamespacedName, &host); err != nil { - // we'll ignore not-found errors, since they can't be fixed by an immediate - // requeue (we'll need to wait for a new notification), and we can get them - // on deleted requests. - log.V(7).Info("Unable to fetch Host") - return ctrl.Result{}, client.IgnoreNotFound(err) - } - - scanTemplates := CreateScanTemplatesForHost(host) - - for _, scanTemplate := range scanTemplates { - scanName := fmt.Sprintf("%s-%s-%d", host.Name, scanTemplate.ScanSpec.ScanType, scanTemplate.Port) - - var scan executionv1.ScheduledScan - err := r.Get(ctx, types.NamespacedName{Name: scanName, Namespace: req.Namespace}, &scan) - if err != nil && apierrors.IsNotFound(err) { - // Scan doesn't exists yet. Thats allright, as we are going to create it directly after this :) - } else if err != nil { - log.Error(err, "Failed to lookup ScheduledScan for Host") - return ctrl.Result{}, err - } else { - log.V(4).Info("Wont create Scan for Host as the Scan already exists", "ScheduledScanName", scanName) - continue - } - - scan = executionv1.ScheduledScan{ - ObjectMeta: metav1.ObjectMeta{ - Name: scanName, - Namespace: host.Namespace, - }, - Spec: executionv1.ScheduledScanSpec{ - ScanSpec: &scanTemplate.ScanSpec, - Interval: metav1.Duration{Duration: 24 * time.Hour}, - HistoryLimit: 1, - }, - } - if err := ctrl.SetControllerReference(&host, &scan, r.Scheme); err != nil { - log.Error(err, "unable to set owner reference on ScheduledScan") - return ctrl.Result{}, err - } - - if err := r.Create(ctx, &scan); err != nil { - log.Error(err, "unable to create ScheduledScan for Host", "host", host.Name) - return ctrl.Result{}, err - } - log.Info("Created ScheduledScan for Target", "ScheduledScan", scanName) - } - - // Update Targets Findings Status - var childScans executionv1.ScheduledScanList - if err := r.List(ctx, &childScans, client.InNamespace(req.Namespace), client.MatchingFields{ownerKey: req.Name}); err != nil { - log.Error(err, "unable to list child ScheduledScans") - return ctrl.Result{}, err - } - - totalStats := executionv1.FindingStats{ - Count: 0, - FindingSeverities: executionv1.FindingSeverities{ - Informational: 0, - Low: 0, - Medium: 0, - High: 0, - }, - FindingCategories: map[string]uint64{}, - } - for _, scan := range childScans.Items { - stats := scan.Status.Findings - - totalStats.Count += stats.Count - totalStats.FindingSeverities.Informational += stats.FindingSeverities.Informational - totalStats.FindingSeverities.Low += stats.FindingSeverities.Low - totalStats.FindingSeverities.Medium += stats.FindingSeverities.Medium - totalStats.FindingSeverities.High += stats.FindingSeverities.High - - for key, value := range stats.FindingCategories { - if _, ok := totalStats.FindingCategories[key]; ok { - totalStats.FindingCategories[key] += value - } else { - totalStats.FindingCategories[key] = value - } - } - } - - if !reflect.DeepEqual(host.Status.Findings, totalStats) { - log.V(0).Info("Updating ScheduledScans Findings as they appear to have changed") - host.Status.Findings = *totalStats.DeepCopy() - if err := r.Status().Update(ctx, &host); err != nil { - log.Error(err, "unable to update Host status") - return ctrl.Result{}, err - } - } - - return ctrl.Result{}, nil -} - -// CreateScanTemplatesForHost defines which scans should be created for a Host -func CreateScanTemplatesForHost(host targetsv1.Host) []ScanTemplates { - var scanTemplates []ScanTemplates - - for _, port := range host.Spec.Ports { - if port.Type == "ssh" { - scanTemplates = append(scanTemplates, ScanTemplates{ - Port: port.Port, - Type: port.Type, - ScanSpec: executionv1.ScanSpec{ - ScanType: "ssh-scan", - Parameters: []string{"--target", host.Spec.Hostname, "--port", fmt.Sprintf("%d", port.Port)}, - }, - }) - } - if port.Type == "http" || port.Type == "https" { - scanTemplates = append(scanTemplates, ScanTemplates{ - Port: port.Port, - Type: port.Type, - ScanSpec: executionv1.ScanSpec{ - ScanType: "zap-baseline", - Parameters: []string{"-t", fmt.Sprintf("%s://%s:%d", port.Type, host.Spec.Hostname, port.Port)}, - }, - }) - } - if port.Type == "http" || port.Type == "https" { - scanTemplates = append(scanTemplates, ScanTemplates{ - Port: port.Port, - Type: port.Type, - ScanSpec: executionv1.ScanSpec{ - ScanType: "nikto", - Parameters: []string{"-h", fmt.Sprintf("%s://%s:%d", port.Type, host.Spec.Hostname, port.Port), "-Tuning", "1,2,3,5,7,b"}, - }, - }) - } - if port.Type == "https" { - scanTemplates = append(scanTemplates, ScanTemplates{ - Port: port.Port, - Type: port.Type, - ScanSpec: executionv1.ScanSpec{ - ScanType: "sslyze", - Parameters: []string{"--regular", fmt.Sprintf("%s:%d", host.Spec.Hostname, port.Port)}, - }, - }) - } - } - - return scanTemplates -} - -// SetupWithManager sets up the controller and initializes every thing it needs -func (r *HostReconciler) SetupWithManager(mgr ctrl.Manager) error { - if err := mgr.GetFieldIndexer().IndexField(&executionv1.ScheduledScan{}, ownerKey, func(rawObj runtime.Object) []string { - // grab the scan object, extract the owner... - scheduledScan := rawObj.(*executionv1.ScheduledScan) - owner := metav1.GetControllerOf(scheduledScan) - if owner == nil { - return nil - } - // ...make sure it's a Scan belonging to a Host... - if owner.APIVersion != apiGVStr || owner.Kind != "Host" { - return nil - } - - // ...and if so, return it - return []string{owner.Name} - }); err != nil { - return err - } - - return ctrl.NewControllerManagedBy(mgr). - For(&targetsv1.Host{}). - Owns(&executionv1.ScheduledScan{}). - Complete(r) -} diff --git a/operator/controllers/targets/suite_test.go b/operator/controllers/targets/suite_test.go deleted file mode 100644 index 7f9147dd..00000000 --- a/operator/controllers/targets/suite_test.go +++ /dev/null @@ -1,81 +0,0 @@ -/* -Copyright 2020 iteratec GmbH. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controllers - -import ( - "path/filepath" - "testing" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - "k8s.io/client-go/kubernetes/scheme" - "k8s.io/client-go/rest" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/envtest" - "sigs.k8s.io/controller-runtime/pkg/envtest/printer" - logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/log/zap" - - targetsv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/targets/v1" - // +kubebuilder:scaffold:imports -) - -// These tests use Ginkgo (BDD-style Go testing framework). Refer to -// http://onsi.github.io/ginkgo/ to learn more about Ginkgo. - -var cfg *rest.Config -var k8sClient client.Client -var testEnv *envtest.Environment - -func TestAPIs(t *testing.T) { - RegisterFailHandler(Fail) - - RunSpecsWithDefaultAndCustomReporters(t, - "Controller Suite", - []Reporter{printer.NewlineReporter{}}) -} - -var _ = BeforeSuite(func(done Done) { - logf.SetLogger(zap.LoggerTo(GinkgoWriter, true)) - - By("bootstrapping test environment") - testEnv = &envtest.Environment{ - CRDDirectoryPaths: []string{filepath.Join("..", "config", "crd", "bases")}, - } - - var err error - cfg, err = testEnv.Start() - Expect(err).ToNot(HaveOccurred()) - Expect(cfg).ToNot(BeNil()) - - err = targetsv1.AddToScheme(scheme.Scheme) - Expect(err).NotTo(HaveOccurred()) - - // +kubebuilder:scaffold:scheme - - k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme}) - Expect(err).ToNot(HaveOccurred()) - Expect(k8sClient).ToNot(BeNil()) - - close(done) -}, 60) - -var _ = AfterSuite(func() { - By("tearing down the test environment") - err := testEnv.Stop() - Expect(err).ToNot(HaveOccurred()) -}) diff --git a/operator/crds/targets.experimental.securecodebox.io_hosts.yaml b/operator/crds/targets.experimental.securecodebox.io_hosts.yaml deleted file mode 100644 index 4079b62c..00000000 --- a/operator/crds/targets.experimental.securecodebox.io_hosts.yaml +++ /dev/null @@ -1,124 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.2.4 - creationTimestamp: null - name: hosts.targets.experimental.securecodebox.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.hostname - name: Hostname - type: string - - JSONPath: .spec.ports - description: Ports of the Host - name: Ports - type: string - - JSONPath: .status.findings.count - description: Total Finding Count - name: Findings - type: string - group: targets.experimental.securecodebox.io - names: - kind: Host - listKind: HostList - plural: hosts - singular: host - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Host is the Schema for the hosts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HostSpec defines the desired state of Host - properties: - hostname: - description: 'Hostname contains the dns name of the host TODO: Add an - IPAddress Field' - type: string - ports: - items: - description: HostPort describes a Port of a Host - properties: - port: - description: The port number - format: int32 - minimum: 0 - type: integer - type: - type: string - required: - - port - - type - type: object - type: array - required: - - hostname - - ports - type: object - status: - description: HostStatus defines the observed state of Host - properties: - findings: - description: FindingStats contains the general stats about the results - of the scan - properties: - categories: - additionalProperties: - format: int64 - type: integer - description: FindingCategories indicates the count of finding broken - down by their categories - type: object - count: - description: Count indicates how many findings were identified in - total - format: int64 - type: integer - severities: - description: FindingSeverities indicates the count of finding with - the respective severity - properties: - high: - format: int64 - type: integer - informational: - format: int64 - type: integer - low: - format: int64 - type: integer - medium: - format: int64 - type: integer - type: object - type: object - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/operator/go.mod b/operator/go.mod index 97c7be87..1049ceba 100644 --- a/operator/go.mod +++ b/operator/go.mod @@ -1,6 +1,6 @@ -module github.com/secureCodeBox/secureCodeBox-v2-alpha/operator +module github.com/secureCodeBox/secureCodeBox-v2/operator -go 1.13 +go 1.15 require ( github.com/go-logr/logr v0.1.0 diff --git a/operator/go.sum b/operator/go.sum index 5643d29d..5083a63c 100644 --- a/operator/go.sum +++ b/operator/go.sum @@ -254,7 +254,8 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= -github.com/secureCodeBox/secureCodeBox-v2-alpha v0.0.0-20200526134830-4f0a0ddfccc0 h1:cmPDEtYAxHRmOmMuKUKe90RjJUjALqiXnJtPB4VGe44= +github.com/secureCodeBox/secureCodeBox-v2 v0.0.0-20200526134830-4f0a0ddfccc0 h1:cmPDEtYAxHRmOmMuKUKe90RjJUjALqiXnJtPB4VGe44= +github.com/secureCodeBox/secureCodeBox-v2 v2.0.0-rc.1+incompatible h1:beH1o7Y/nuUUkE0OutEPMkJ6ml+jnq27CFGWJq1NFS0= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= diff --git a/operator/internal/telemetry/telemetry.go b/operator/internal/telemetry/telemetry.go index 858f9669..db2c47eb 100644 --- a/operator/internal/telemetry/telemetry.go +++ b/operator/internal/telemetry/telemetry.go @@ -11,7 +11,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "github.com/go-logr/logr" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) diff --git a/operator/main.go b/operator/main.go index 18d1e58e..ef84fa47 100644 --- a/operator/main.go +++ b/operator/main.go @@ -26,13 +26,11 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/log/zap" - cascadingv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/cascading/v1" - executionv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/execution/v1" - targetsv1 "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/apis/targets/v1" - executioncontroller "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/controllers/execution" - scancontroller "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/controllers/execution/scans" - targetscontroller "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/controllers/targets" - "github.com/secureCodeBox/secureCodeBox-v2-alpha/operator/internal/telemetry" + cascadingv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/cascading/v1" + executionv1 "github.com/secureCodeBox/secureCodeBox-v2/operator/apis/execution/v1" + executioncontroller "github.com/secureCodeBox/secureCodeBox-v2/operator/controllers/execution" + scancontroller "github.com/secureCodeBox/secureCodeBox-v2/operator/controllers/execution/scans" + "github.com/secureCodeBox/secureCodeBox-v2/operator/internal/telemetry" // +kubebuilder:scaffold:imports ) @@ -45,7 +43,6 @@ func init() { _ = clientgoscheme.AddToScheme(scheme) _ = executionv1.AddToScheme(scheme) - _ = targetsv1.AddToScheme(scheme) _ = cascadingv1.AddToScheme(scheme) // +kubebuilder:scaffold:scheme } @@ -89,14 +86,6 @@ func main() { setupLog.Error(err, "unable to create controller", "controller", "ScheduledScan") os.Exit(1) } - if err = (&targetscontroller.HostReconciler{ - Client: mgr.GetClient(), - Log: ctrl.Log.WithName("controllers").WithName("Host"), - Scheme: mgr.GetScheme(), - }).SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "Host") - os.Exit(1) - } // +kubebuilder:scaffold:builder if enabled, ok := os.LookupEnv("TELEMETRY_ENABLED"); ok && enabled == "true" { diff --git a/operator/templates/rbac/role.yaml b/operator/templates/rbac/role.yaml index b1bd525a..1762d5b9 100644 --- a/operator/templates/rbac/role.yaml +++ b/operator/templates/rbac/role.yaml @@ -115,23 +115,3 @@ rules: - get - list - watch -- apiGroups: - - targets.experimental.securecodebox.io - resources: - - hosts - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - targets.experimental.securecodebox.io - resources: - - hosts/status - verbs: - - get - - patch - - update diff --git a/package.json b/package.json index 11ccfe50..afa424a5 100644 --- a/package.json +++ b/package.json @@ -9,15 +9,15 @@ }, "repository": { "type": "git", - "url": "git+https://github.com/secureCodeBox/secureCodeBox-v2-alpha.git" + "url": "git+https://github.com/secureCodeBox/secureCodeBox-v2.git" }, "keywords": [], "author": "", "license": "ISC", "bugs": { - "url": "https://github.com/secureCodeBox/secureCodeBox-v2-alpha/issues" + "url": "https://github.com/secureCodeBox/secureCodeBox-v2/issues" }, - "homepage": "https://github.com/secureCodeBox/secureCodeBox-v2-alpha#readme", + "homepage": "https://github.com/secureCodeBox/secureCodeBox-v2#readme", "devDependencies": { "eslint": "^6.8.0", "eslint-config-oclif": "^3.1.0", diff --git a/scanners/amass/Chart.yaml b/scanners/amass/Chart.yaml index 8fbd4ae4..12242fc7 100644 --- a/scanners/amass/Chart.yaml +++ b/scanners/amass/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for the Amass security scanner that integrates with th type: application version: 0.1.0 -appVersion: 3.9.1 +appVersion: 3.10.2 keywords: - security diff --git a/scanners/amass/README.md b/scanners/amass/README.md index 6968c918..9995965d 100644 --- a/scanners/amass/README.md +++ b/scanners/amass/README.md @@ -4,7 +4,7 @@ path: "scanners/amass" category: "scanner" type: "Network" state: "released" -appVersion: "3.9.1" +appVersion: "3.10.2" usecase: "Subdomain Enumeration Scanner" --- @@ -26,16 +26,16 @@ helm upgrade --install amass ./scanners/amass/ The following security scan configuration example are based on the [Amass User Guide], please take a look at the original documentation for more configuration examples. -* The most basic use of the tool for subdomain enumeration: `amass enum -d example.com` -* Typical parameters for DNS enumeration: `amass enum -v -src -ip -brute -min-for-recursive 2 -d example.com` +- The most basic use of the tool for subdomain enumeration: `amass enum -d example.com` +- Typical parameters for DNS enumeration: `amass enum -v -src -ip -brute -min-for-recursive 2 -d example.com` Special command line options: -* Disable generation of altered names `amass enum -noalts -d example.com` -* Turn off recursive brute forcing `amass enum -brute -norecursive -d example.com` -* Disable saving data into a local database `amass enum -nolocaldb -d example.com` -* Domain names separated by commas (can be used multiple times) `amass enum -d example.com` +- Disable generation of altered names `amass enum -noalts -d example.com` +- Turn off recursive brute forcing `amass enum -brute -norecursive -d example.com` +- Disable saving data into a local database `amass enum -nolocaldb -d example.com` +- Domain names separated by commas (can be used multiple times) `amass enum -d example.com` -[OWASP_Amass_Project]: https://owasp.org/www-project-amass/ -[Amass GitHub]: https://github.com/OWASP/Amass -[Amass User Guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md +[owasp_amass_project]: https://owasp.org/www-project-amass/ +[amass github]: https://github.com/OWASP/Amass +[amass user guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md diff --git a/scanners/amass/examples/example.com/README.md b/scanners/amass/examples/example.com/README.md new file mode 100644 index 00000000..978d5f21 --- /dev/null +++ b/scanners/amass/examples/example.com/README.md @@ -0,0 +1,9 @@ +--- +title: "example.com" +--- + + + +> ✍ **Page under construction.** + +the frontmatter requires the name of the scantarget as 'title' \ No newline at end of file diff --git a/scanners/nmap/README.md b/scanners/nmap/README.md index a108c0a2..6520b0c9 100644 --- a/scanners/nmap/README.md +++ b/scanners/nmap/README.md @@ -21,7 +21,7 @@ To learn more about the Nmap scanner itself visit [nmap.org]. The Nikto ScanType can be deployed via helm: ```bash -helm upgrade --install nikto ./scanners/nikto/ +helm upgrade --install nmap ./scanners/nmap/ ``` ## Nmap Configuration diff --git a/scanners/ssh_scan/README.md b/scanners/ssh_scan/README.md index a0cba5be..a07af52a 100644 --- a/scanners/ssh_scan/README.md +++ b/scanners/ssh_scan/README.md @@ -1,6 +1,6 @@ --- title: "SSH" -path: "scanners/ssh" +path: "scanners/ssh_scan" category: "scanner" type: "SSH" state: "released" diff --git a/scanners/zap/README.md b/scanners/zap/README.md index 61e6ef5b..e6f2108a 100644 --- a/scanners/zap/README.md +++ b/scanners/zap/README.md @@ -12,7 +12,7 @@ usecase: "WebApp & OpenAPI Vulnerability Scanner" The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing. -To learn more about the ZAP scanner itself visit [OWASP_Zap_Project] or [zaproxy.org]. +To learn more about the ZAP scanner itself visit [https://www.zaproxy.org/](https://www.zaproxy.org/). @@ -26,7 +26,7 @@ helm upgrade --install zap ./scanners/zap/ ## Configuration -The following security scan configuration example are based on the [ZAP Documentation], please take a look at the original documentation for more configuration examples. +The following security scan configuration example are based on the ZAP Docker Scan Scripts. By default the secureCodeBox ZAP Helm Chart installs all three ZAP scripts: `zap-baseline`, `zap-full-scan` & `zap-api-scan`. Listed below are the arguments supported by the `zap-baseline` script, which are mostly interchangable with the other ZAP scripts. For a more complete reference check out the [ZAP Documentation](https://www.zaproxy.org/docs/docker/) and the secureCodeBox based ZAP examples listed below. The command line interface can be used to easily run server scans: `-t www.example.com` @@ -58,6 +58,3 @@ Options: -z zap_options ZAP command line options e.g. -z "-config aaa=bbb -config ccc=ddd" --hook path to python file that define your custom hooks ``` - -[SSLyze GitHub]: https://github.com/nabla-c0d3/sslyze -[SSLyze Documentation]: https://nabla-c0d3.github.io/sslyze/documentation/