github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/flag/misconf_flags.go (about) 1 package flag 2 3 import ( 4 "fmt" 5 6 "github.com/devseccon/trivy/pkg/policy" 7 ) 8 9 // e.g. config yaml: 10 // 11 // misconfiguration: 12 // trace: true 13 // config-policy: "custom-policy/policy" 14 // policy-namespaces: "user" 15 var ( 16 ResetPolicyBundleFlag = Flag{ 17 Name: "reset-policy-bundle", 18 ConfigName: "misconfiguration.reset-policy-bundle", 19 Default: false, 20 Usage: "remove policy bundle", 21 } 22 IncludeNonFailuresFlag = Flag{ 23 Name: "include-non-failures", 24 ConfigName: "misconfiguration.include-non-failures", 25 Default: false, 26 Usage: "include successes and exceptions, available with '--scanners misconfig'", 27 } 28 HelmValuesFileFlag = Flag{ 29 Name: "helm-values", 30 ConfigName: "misconfiguration.helm.values", 31 Default: []string{}, 32 Usage: "specify paths to override the Helm values.yaml files", 33 } 34 HelmSetFlag = Flag{ 35 Name: "helm-set", 36 ConfigName: "misconfiguration.helm.set", 37 Default: []string{}, 38 Usage: "specify Helm values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)", 39 } 40 HelmSetFileFlag = Flag{ 41 Name: "helm-set-file", 42 ConfigName: "misconfiguration.helm.set-file", 43 Default: []string{}, 44 Usage: "specify Helm values from respective files specified via the command line (can specify multiple or separate values with commas: key1=path1,key2=path2)", 45 } 46 HelmSetStringFlag = Flag{ 47 Name: "helm-set-string", 48 ConfigName: "misconfiguration.helm.set-string", 49 Default: []string{}, 50 Usage: "specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)", 51 } 52 TfVarsFlag = Flag{ 53 Name: "tf-vars", 54 ConfigName: "misconfiguration.terraform.vars", 55 Default: []string{}, 56 Usage: "specify paths to override the Terraform tfvars files", 57 } 58 CfParamsFlag = Flag{ 59 Name: "cf-params", 60 ConfigName: "misconfiguration.cloudformation.params", 61 Default: []string{}, 62 Usage: "specify paths to override the CloudFormation parameters files", 63 } 64 TerraformExcludeDownloaded = Flag{ 65 Name: "tf-exclude-downloaded-modules", 66 ConfigName: "misconfiguration.terraform.exclude-downloaded-modules", 67 Default: false, 68 Usage: "exclude misconfigurations for downloaded terraform modules", 69 } 70 PolicyBundleRepositoryFlag = Flag{ 71 Name: "policy-bundle-repository", 72 ConfigName: "misconfiguration.policy-bundle-repository", 73 Default: fmt.Sprintf("%s:%d", policy.BundleRepository, policy.BundleVersion), 74 Usage: "OCI registry URL to retrieve policy bundle from", 75 } 76 ) 77 78 // MisconfFlagGroup composes common printer flag structs used for commands providing misconfiguration scanning. 79 type MisconfFlagGroup struct { 80 IncludeNonFailures *Flag 81 ResetPolicyBundle *Flag 82 PolicyBundleRepository *Flag 83 84 // Values Files 85 HelmValues *Flag 86 HelmValueFiles *Flag 87 HelmFileValues *Flag 88 HelmStringValues *Flag 89 TerraformTFVars *Flag 90 CloudformationParamVars *Flag 91 TerraformExcludeDownloaded *Flag 92 } 93 94 type MisconfOptions struct { 95 IncludeNonFailures bool 96 ResetPolicyBundle bool 97 PolicyBundleRepository string 98 99 // Values Files 100 HelmValues []string 101 HelmValueFiles []string 102 HelmFileValues []string 103 HelmStringValues []string 104 TerraformTFVars []string 105 CloudFormationParamVars []string 106 TfExcludeDownloaded bool 107 } 108 109 func NewMisconfFlagGroup() *MisconfFlagGroup { 110 return &MisconfFlagGroup{ 111 IncludeNonFailures: &IncludeNonFailuresFlag, 112 ResetPolicyBundle: &ResetPolicyBundleFlag, 113 PolicyBundleRepository: &PolicyBundleRepositoryFlag, 114 115 HelmValues: &HelmSetFlag, 116 HelmFileValues: &HelmSetFileFlag, 117 HelmStringValues: &HelmSetStringFlag, 118 HelmValueFiles: &HelmValuesFileFlag, 119 TerraformTFVars: &TfVarsFlag, 120 CloudformationParamVars: &CfParamsFlag, 121 TerraformExcludeDownloaded: &TerraformExcludeDownloaded, 122 } 123 } 124 125 func (f *MisconfFlagGroup) Name() string { 126 return "Misconfiguration" 127 } 128 129 func (f *MisconfFlagGroup) Flags() []*Flag { 130 return []*Flag{ 131 f.IncludeNonFailures, 132 f.ResetPolicyBundle, 133 f.PolicyBundleRepository, 134 f.HelmValues, 135 f.HelmValueFiles, 136 f.HelmFileValues, 137 f.HelmStringValues, 138 f.TerraformTFVars, 139 f.TerraformExcludeDownloaded, 140 f.CloudformationParamVars, 141 } 142 } 143 144 func (f *MisconfFlagGroup) ToOptions() (MisconfOptions, error) { 145 return MisconfOptions{ 146 IncludeNonFailures: getBool(f.IncludeNonFailures), 147 ResetPolicyBundle: getBool(f.ResetPolicyBundle), 148 PolicyBundleRepository: getString(f.PolicyBundleRepository), 149 HelmValues: getStringSlice(f.HelmValues), 150 HelmValueFiles: getStringSlice(f.HelmValueFiles), 151 HelmFileValues: getStringSlice(f.HelmFileValues), 152 HelmStringValues: getStringSlice(f.HelmStringValues), 153 TerraformTFVars: getStringSlice(f.TerraformTFVars), 154 CloudFormationParamVars: getStringSlice(f.CloudformationParamVars), 155 TfExcludeDownloaded: getBool(f.TerraformExcludeDownloaded), 156 }, nil 157 }