github.com/google/osv-scalibr@v0.4.1/detector/list/list.go (about)

     1  // Copyright 2025 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Package list provides a public list of SCALIBR-internal detection plugins.
    16  package list
    17  
    18  import (
    19  	"fmt"
    20  	"maps"
    21  	"slices"
    22  
    23  	"github.com/google/osv-scalibr/detector"
    24  	"github.com/google/osv-scalibr/detector/cis/generic_linux/etcpasswdpermissions"
    25  	"github.com/google/osv-scalibr/detector/cve/untested/cve202011978"
    26  	"github.com/google/osv-scalibr/detector/cve/untested/cve202016846"
    27  	"github.com/google/osv-scalibr/detector/cve/untested/cve202233891"
    28  	"github.com/google/osv-scalibr/detector/cve/untested/cve202338408"
    29  	"github.com/google/osv-scalibr/detector/cve/untested/cve20236019"
    30  	"github.com/google/osv-scalibr/detector/cve/untested/cve20242912"
    31  	"github.com/google/osv-scalibr/detector/endoflife/linuxdistro"
    32  	"github.com/google/osv-scalibr/detector/govulncheck/binary"
    33  	"github.com/google/osv-scalibr/detector/misc/dockersocket"
    34  	"github.com/google/osv-scalibr/detector/weakcredentials/codeserver"
    35  	"github.com/google/osv-scalibr/detector/weakcredentials/etcshadow"
    36  	"github.com/google/osv-scalibr/detector/weakcredentials/filebrowser"
    37  	"github.com/google/osv-scalibr/detector/weakcredentials/winlocal"
    38  
    39  	cpb "github.com/google/osv-scalibr/binary/proto/config_go_proto"
    40  )
    41  
    42  // InitFn is the detector initializer function.
    43  type InitFn func(cfg *cpb.PluginConfig) detector.Detector
    44  
    45  // InitMap is a map of detector names to their initers.
    46  type InitMap map[string][]InitFn
    47  
    48  // CIS scanning related detectors.
    49  var CIS = InitMap{
    50  	etcpasswdpermissions.Name: {noCFG(etcpasswdpermissions.New)},
    51  }
    52  
    53  // Govulncheck detectors.
    54  var Govulncheck = InitMap{binary.Name: {binary.New}}
    55  
    56  // EndOfLife detectors.
    57  var EndOfLife = InitMap{linuxdistro.Name: {noCFG(linuxdistro.New)}}
    58  
    59  // Untested CVE scanning related detectors - since they don't have proper testing they
    60  // might not work as expected in the future.
    61  // TODO(b/405223999): Add tests.
    62  var Untested = InitMap{
    63  	// CVE-2023-38408 OpenSSH detector.
    64  	cve202338408.Name: {noCFG(cve202338408.New)},
    65  	// CVE-2022-33891 Spark UI detector.
    66  	cve202233891.Name: {noCFG(cve202233891.New)},
    67  	// CVE-2020-16846 Salt detector.
    68  	cve202016846.Name: {noCFG(cve202016846.New)},
    69  	// CVE-2023-6019 Ray Dashboard detector.
    70  	cve20236019.Name: {noCFG(cve20236019.New)},
    71  	// CVE-2020-11978 Apache Airflow detector.
    72  	cve202011978.Name: {noCFG(cve202011978.New)},
    73  	// CVE-2024-2912 BentoML detector.
    74  	cve20242912.Name: {noCFG(cve20242912.New)},
    75  }
    76  
    77  // Weakcredentials detectors for weak credentials.
    78  var Weakcredentials = InitMap{
    79  	codeserver.Name:  {noCFG(codeserver.NewDefault)},
    80  	etcshadow.Name:   {noCFG(etcshadow.New)},
    81  	filebrowser.Name: {noCFG(filebrowser.New)},
    82  	winlocal.Name:    {noCFG(winlocal.New)},
    83  }
    84  
    85  // Misc detectors for miscellaneous security issues.
    86  var Misc = InitMap{
    87  	dockersocket.Name: {noCFG(dockersocket.New)},
    88  }
    89  
    90  // Default detectors that are recommended to be enabled.
    91  var Default = InitMap{}
    92  
    93  // All detectors internal to SCALIBR.
    94  var All = concat(
    95  	CIS,
    96  	EndOfLife,
    97  	Govulncheck,
    98  	Misc,
    99  	Weakcredentials,
   100  	Untested,
   101  )
   102  
   103  var detectorNames = concat(All, InitMap{
   104  	"cis":               vals(CIS),
   105  	"endoflife":         vals(EndOfLife),
   106  	"govulncheck":       vals(Govulncheck),
   107  	"misc":              vals(Misc),
   108  	"weakcredentials":   vals(Weakcredentials),
   109  	"untested":          vals(Untested),
   110  	"detectors/default": vals(Default),
   111  	"default":           vals(Default),
   112  	"detectors/all":     vals(All),
   113  	"all":               vals(All),
   114  })
   115  
   116  func concat(initMaps ...InitMap) InitMap {
   117  	result := InitMap{}
   118  	for _, m := range initMaps {
   119  		maps.Copy(result, m)
   120  	}
   121  	return result
   122  }
   123  
   124  func vals(initMap InitMap) []InitFn {
   125  	return slices.Concat(slices.Collect(maps.Values(initMap))...)
   126  }
   127  
   128  // Wraps initer functions that don't take any config value to initer functions that do.
   129  // TODO(b/400910349): Remove once all plugins take config values.
   130  func noCFG(f func() detector.Detector) InitFn {
   131  	return func(_ *cpb.PluginConfig) detector.Detector { return f() }
   132  }
   133  
   134  // DetectorsFromName returns a list of detectors from a name.
   135  func DetectorsFromName(name string, cfg *cpb.PluginConfig) ([]detector.Detector, error) {
   136  	if initers, ok := detectorNames[name]; ok {
   137  		result := []detector.Detector{}
   138  		for _, initer := range initers {
   139  			result = append(result, initer(cfg))
   140  		}
   141  		return result, nil
   142  	}
   143  	return nil, fmt.Errorf("unknown detector %q", name)
   144  }