github.com/google/osv-scalibr@v0.4.1/detector/cis/generic_linux/etcpasswdpermissions/detector_dummy.go

github.com/google/osv-scalibr@v0.4.1/detector/cis/generic_linux/etcpasswdpermissions/detector_dummy.go (about)

     1  // Copyright 2025 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  //go:build !linux && !darwin
    16  
    17  // Package etcpasswdpermissions implements a detector for the "Ensure permissions on /etc/passwd- are configured" CIS check.
    18  package etcpasswdpermissions
    19  
    20  import (
    21  	"context"
    22  	"errors"
    23  	"io/fs"
    24  
    25  	"github.com/google/osv-scalibr/detector"
    26  	scalibrfs "github.com/google/osv-scalibr/fs"
    27  	"github.com/google/osv-scalibr/inventory"
    28  	"github.com/google/osv-scalibr/packageindex"
    29  	"github.com/google/osv-scalibr/plugin"
    30  )
    31  
    32  const (
    33  	// Name of the detector.
    34  	Name = "cis/generic-linux/etcpasswdpermissions"
    35  )
    36  
    37  // Detector is a SCALIBR Detector for the CIS check "Ensure permissions on /etc/passwd- are configured"
    38  // from the CIS Distribution Independent Linux benchmarks.
    39  type Detector struct{}
    40  
    41  // New returns a detector.
    42  func New() detector.Detector {
    43  	return &Detector{}
    44  }
    45  
    46  // Name of the detector.
    47  func (Detector) Name() string { return Name }
    48  
    49  // Version of the detector.
    50  func (Detector) Version() int { return 0 }
    51  
    52  // Requirements of the detector.
    53  func (Detector) Requirements() *plugin.Capabilities { return &plugin.Capabilities{} }
    54  
    55  // RequiredExtractors returns an empty list as there are no dependencies.
    56  func (Detector) RequiredExtractors() []string { return []string{} }
    57  
    58  // DetectedFinding returns generic vulnerability information about what is detected.
    59  func (d Detector) DetectedFinding() inventory.Finding {
    60  	return inventory.Finding{GenericFindings: []*inventory.GenericFinding{{
    61  		Adv: &inventory.GenericFindingAdvisory{
    62  			ID: &inventory.AdvisoryID{
    63  				Publisher: "CIS",
    64  				Reference: "etc-passwd-permissions",
    65  			},
    66  			Title: "Ensure permissions on /etc/passwd are configured",
    67  			Description: "The /etc/passwd file contains user account information that " +
    68  				"is used by many system utilities and therefore must be readable for these " +
    69  				"utilities to operate.",
    70  			Recommendation: "Run the following command to set permissions on /etc/passwd :\n" +
    71  				"# chown root:root /etc/passwd\n" +
    72  				"# chmod 644 /etc/passwd",
    73  			Sev: inventory.SeverityMinimal,
    74  		},
    75  	}}}
    76  }
    77  
    78  // Scan is a no-op for Windows.
    79  func (d Detector) Scan(ctx context.Context, scanRoot *scalibrfs.ScanRoot, px *packageindex.PackageIndex) (inventory.Finding, error) {
    80  	return inventory.Finding{}, errors.New("plugin only supported on Linux")
    81  }
    82  
    83  // ScanFS starts the scan from a pseudo-filesystem.
    84  func (Detector) ScanFS(ctx context.Context, fs fs.FS, px *packageindex.PackageIndex) (inventory.Finding, error) {
    85  	return inventory.Finding{}, errors.New("plugin only supported on Linux")
    86  }